rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P20553/1:b..l P21821/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=154409, q=190 ncpus=2)
task:syz.0.4660      state:R  running task     stack:24488 pid:21821 ppid:13804  flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x14e2/0x4580 kernel/sched/core.c:6700
 preempt_schedule_irq+0xb5/0x140 kernel/sched/core.c:7010
 irqentry_exit+0x67/0x70 kernel/entry/common.c:438
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:check_region_inline mm/kasan/generic.c:169 [inline]
RIP: 0010:kasan_check_range+0x18/0x290 mm/kasan/generic.c:187
Code: ff c3 0f 0b b8 ea ff ff ff c3 cc cc cc cc cc cc cc cc 66 0f 1f 00 b0 01 48 85 f6 0f 84 b8 01 00 00 55 41 57 41 56 41 55 41 54 <53> 4c 8d 04 37 49 39 f8 0f 82 5a 02 00 00 49 89 f9 49 c1 e9 2f 41
RSP: 0018:ffffc900050f7330 EFLAGS: 00000202
RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff81677b2b
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8e49a768
RBP: ffffc900050f7470 R08: dffffc0000000000 R09: 1ffffffff21b08a4
R10: dffffc0000000000 R11: fffffbfff21b08a5 R12: ffffffff81e61455
R13: dffffc0000000000 R14: ffff888076036010 R15: 1ffff92000a1ee78
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
 cpumask_test_cpu include/linux/cpumask.h:504 [inline]
 cpu_online include/linux/cpumask.h:1082 [inline]
 trace_lock_release include/trace/events/lock.h:69 [inline]
 lock_release+0xab/0x8b0 kernel/locking/lockdep.c:5765
 rcu_lock_release include/linux/rcupdate.h:344 [inline]
 rcu_read_unlock include/linux/rcupdate.h:819 [inline]
 percpu_ref_tryget_many include/linux/percpu-refcount.h:250 [inline]
 percpu_ref_tryget+0xfd/0x180 include/linux/percpu-refcount.h:266
 css_tryget include/linux/cgroup_refcnt.h:45 [inline]
 get_mem_cgroup_from_mm+0x102/0x290 mm/memcontrol.c:1065
 __mem_cgroup_charge+0x15/0x80 mm/memcontrol.c:7068
 mem_cgroup_charge include/linux/memcontrol.h:686 [inline]
 shmem_add_to_page_cache+0x8e7/0x1b40 mm/shmem.c:785
 shmem_get_folio_gfp+0xf05/0x2ac0 mm/shmem.c:2072
 shmem_fault+0x1b6/0x7f0 mm/shmem.c:2249
 __do_fault+0x13b/0x4e0 mm/memory.c:4243
 do_read_fault mm/memory.c:4616 [inline]
 do_fault mm/memory.c:4753 [inline]
 do_pte_missing mm/memory.c:3688 [inline]
 handle_pte_fault mm/memory.c:5025 [inline]
 __handle_mm_fault mm/memory.c:5166 [inline]
 handle_mm_fault+0x3886/0x4920 mm/memory.c:5331
 faultin_page mm/gup.c:868 [inline]
 __get_user_pages+0x5ea/0x1470 mm/gup.c:1167
 populate_vma_page_range+0x2b6/0x370 mm/gup.c:1593
 __mm_populate+0x24c/0x380 mm/gup.c:1696
 mm_populate include/linux/mm.h:3312 [inline]
 vm_mmap_pgoff+0x2e7/0x400 mm/util.c:561
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fb5b3b8e929
RSP: 002b:00007fb5b4969038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007fb5b3db5fa0 RCX: 00007fb5b3b8e929
RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000
RBP: 00007fb5b3c10b39 R08: ffffffffffffffff R09: 0000000000000000
R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fb5b3db5fa0 R15: 00007ffea2b2eb68
 </TASK>
task:syz-executor    state:R  running task     stack:21096 pid:20553 ppid:20528  flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x14e2/0x4580 kernel/sched/core.c:6700
 preempt_schedule_common+0x82/0xc0 kernel/sched/core.c:6867
 preempt_schedule+0xab/0xc0 kernel/sched/core.c:6891
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk_64.S:45
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3a/0x40 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 copy_pte_range mm/memory.c:1106 [inline]
 copy_pmd_range mm/memory.c:1167 [inline]
 copy_pud_range mm/memory.c:1204 [inline]
 copy_p4d_range mm/memory.c:1228 [inline]
 copy_page_range+0x2b7c/0x3600 mm/memory.c:1322
 dup_mmap kernel/fork.c:764 [inline]
 dup_mm kernel/fork.c:1692 [inline]
 copy_mm+0x1124/0x1c20 kernel/fork.c:1741
 copy_process+0x16d3/0x3d70 kernel/fork.c:2506
 kernel_clone+0x21b/0x840 kernel/fork.c:2914
 __do_sys_clone kernel/fork.c:3057 [inline]
 __se_sys_clone kernel/fork.c:3041 [inline]
 __x64_sys_clone+0x18c/0x1e0 kernel/fork.c:3041
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fa92eb85193
RSP: 002b:00007ffc6b78b7a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa92eb85193
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
R10: 00005555935637d0 R11: 0000000000000246 R12: 0000000000000000
R13: 00000000000927c0 R14: 00000000001a44b1 R15: 00007ffc6b78b940
 </TASK>
rcu: rcu_preempt kthread starved for 10569 jiffies! g154409 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27080 pid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x14e2/0x4580 kernel/sched/core.c:6700
 schedule+0xbd/0x170 kernel/sched/core.c:6774
 schedule_timeout+0x160/0x280 kernel/time/timer.c:2167
 rcu_gp_fqs_loop+0x302/0x1560 kernel/rcu/tree.c:1663
 rcu_gp_kthread+0x99/0x380 kernel/rcu/tree.c:1862
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.6.93-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:148
Code: cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 63 10 42 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 66 0f 1f 00 55 41 57 41 56
RSP: 0018:ffffffff8ca07d80 EFLAGS: 000002c2
RAX: a57509673b432200 RBX: ffffffff81618a7b RCX: a57509673b432200
RDX: 0000000000000001 RSI: ffffffff8aaab2c0 RDI: ffffffff8afc6780
RBP: ffffffff8ca07eb8 R08: ffff8880b8e36d4b R09: 1ffff110171c6da9
R10: dffffc0000000000 R11: ffffed10171c6daa R12: ffffffff8e49a768
R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1952670
FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2cb1dff8 CR3: 000000005b6f5000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 arch_safe_halt arch/x86/include/asm/paravirt.h:108 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:747
 default_idle_call+0x6c/0xa0 kernel/sched/idle.c:97
 cpuidle_idle_call kernel/sched/idle.c:170 [inline]
 do_idle+0x1eb/0x510 kernel/sched/idle.c:282
 cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:380
 rest_init+0x2e2/0x300 init/main.c:732
 arch_call_rest_init+0xe/0x10 init/main.c:829
 start_kernel+0x459/0x4e0 init/main.c:1074
 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:555
 x86_64_start_kernel+0x60/0x60 arch/x86/kernel/head64.c:536
 secondary_startup_64_no_verify+0x179/0x17b
 </TASK>