INFO: rcu detected stall in ieee80211_tasklet

INFO: rcu detected stall in ieee80211_tasklet_handler
Status: upstream: reported C repro on 2020/12/19 15:14
Reported-by: syzbot+7bb955045fc0840decd3@syzkaller.appspotmail.com
First crash: 134d, last: 14d

Cause bisection: failed (bisect log)

similar bugs (2):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	BUG: soft lockup in ieee80211_tasklet_handler	C	inconclusive	error	7	50d	56d	0/22	upstream: reported C repro on 2021/02/23 17:55
linux-4.19	BUG: soft lockup in ieee80211_tasklet_handler				3	6d23h	33d	0/1	upstream: reported on 2021/03/19 03:24

Sample crash report:

rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 	1-....: (8387 ticks this GP) idle=6c6/1/0x4000000000000000 softirq=9854/9855 fqs=5094 
	(t=10501 jiffies g=9217 q=198)
NMI backtrace for cpu 1
CPU: 1 PID: 8914 Comm: syz-executor318 Not tainted 5.11.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105
 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
 rcu_dump_cpu_stacks+0x1e3/0x21e kernel/rcu/tree_stall.h:337
 print_cpu_stall kernel/rcu/tree_stall.h:569 [inline]
 check_cpu_stall kernel/rcu/tree_stall.h:643 [inline]
 rcu_pending kernel/rcu/tree.c:3751 [inline]
 rcu_sched_clock_irq.cold+0x472/0xec3 kernel/rcu/tree.c:2580
 update_process_times+0x16d/0x200 kernel/time/timer.c:1782
 tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:226
 tick_sched_timer+0x1b0/0x2d0 kernel/time/tick-sched.c:1369
 __run_hrtimer kernel/time/hrtimer.c:1519 [inline]
 __hrtimer_run_queues+0x1ce/0xea0 kernel/time/hrtimer.c:1583
 hrtimer_interrupt+0x334/0x940 kernel/time/hrtimer.c:1645
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1085 [inline]
 __sysvec_apic_timer_interrupt+0x146/0x540 arch/x86/kernel/apic/apic.c:1102
 run_sysvec_on_irqstack_cond arch/x86/include/asm/irq_stack.h:91 [inline]
 sysvec_apic_timer_interrupt+0x48/0x100 arch/x86/kernel/apic/apic.c:1096
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628
RIP: 0010:queue_work_on+0x83/0xd0 kernel/workqueue.c:1530
Code: 31 ff 89 ee e8 ae dd 28 00 40 84 ed 74 46 e8 24 d7 28 00 31 ff 48 89 de e8 0a df 28 00 48 85 db 75 26 e8 10 d7 28 00 41 56 9d <48> 83 c4 08 44 89 f8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 f6 d6 28
RSP: 0018:ffffc90000d908a0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000200 RCX: 0000000000000100
RDX: ffff888023705340 RSI: ffffffff81499e80 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff8ebda887
R10: fffffbfff1d7b510 R11: 0000000000000000 R12: ffff88801bc955b0
R13: ffff88801ca14000 R14: 0000000000000246 R15: 0000000000000001
 queue_work include/linux/workqueue.h:507 [inline]
 ieee80211_queue_work net/mac80211/util.c:932 [inline]
 ieee80211_queue_work+0x129/0x160 net/mac80211/util.c:925
 ieee80211_rx_h_mgmt net/mac80211/rx.c:3627 [inline]
 ieee80211_rx_handlers+0x3b86/0xae50 net/mac80211/rx.c:3793
 ieee80211_invoke_rx_handlers net/mac80211/rx.c:3823 [inline]
 ieee80211_prepare_and_rx_handle+0x2414/0x61c0 net/mac80211/rx.c:4503
 __ieee80211_rx_handle_packet net/mac80211/rx.c:4564 [inline]
 ieee80211_rx_list+0x1077/0x2430 net/mac80211/rx.c:4744
 ieee80211_rx_napi+0xf7/0x3d0 net/mac80211/rx.c:4767
 ieee80211_rx include/net/mac80211.h:4507 [inline]
 ieee80211_tasklet_handler+0xd4/0x130 net/mac80211/main.c:235
 tasklet_action_common.constprop.0+0x1d7/0x2d0 kernel/softirq.c:555
 __do_softirq+0x2a5/0x9f7 kernel/softirq.c:343
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:226 [inline]
 __irq_exit_rcu kernel/softirq.c:420 [inline]
 irq_exit_rcu+0x134/0x200 kernel/softirq.c:432
 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1096
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628
RIP: 0010:check_kcov_mode kernel/kcov.c:163 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x7/0x60 kernel/kcov.c:197
Code: 0f bd c8 49 8b 14 24 48 63 c9 e9 66 ff ff ff 4c 01 ca 49 89 13 e9 00 fd ff ff 66 0f 1f 84 00 00 00 00 00 65 8b 05 29 7a 8f 7e <89> c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b 14 25 00 f0 01 00 a9
RSP: 0018:ffffc90001e97768 EFLAGS: 00000202
RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffff888023705340
RDX: 0000000000000000 RSI: ffff888023705340 RDI: 0000000000000003
RBP: ffff88802f464000 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff81a441c3 R11: 0000000000000000 R12: 000000000000008d
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000424000
 __preempt_count_add arch/x86/include/asm/preempt.h:79 [inline]
 rcu_read_lock_sched_notrace include/linux/rcupdate.h:758 [inline]
 trace_rss_stat+0x180/0x290 include/trace/events/kmem.h:338
 mm_trace_rss_stat mm/memory.c:161 [inline]
 add_mm_counter include/linux/mm.h:1895 [inline]
 add_mm_rss_vec mm/memory.c:491 [inline]
 zap_pte_range mm/memory.c:1314 [inline]
 zap_pmd_range mm/memory.c:1368 [inline]
 zap_pud_range mm/memory.c:1397 [inline]
 zap_p4d_range mm/memory.c:1418 [inline]
 unmap_page_range+0x100e/0x2640 mm/memory.c:1439
 unmap_single_vma+0x198/0x300 mm/memory.c:1484
 unmap_vmas+0x168/0x2e0 mm/memory.c:1516
 exit_mmap+0x2b1/0x5a0 mm/mmap.c:3220
 __mmput+0x122/0x470 kernel/fork.c:1083
 mmput+0x53/0x60 kernel/fork.c:1104
 exit_mm kernel/exit.c:501 [inline]
 do_exit+0xb6a/0x2ae0 kernel/exit.c:812
 do_group_exit+0x125/0x310 kernel/exit.c:922
 get_signal+0x3ec/0x2010 kernel/signal.c:2770
 arch_do_signal_or_restart+0x2a8/0x1eb0 arch/x86/kernel/signal.c:811
 handle_signal_work kernel/entry/common.c:147 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x148/0x250 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:302
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x44c2b9
Code: Unable to access opcode bytes at RIP 0x44c28f.
RSP: 002b:00007f9025121ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
RAX: 0000000000000000 RBX: 00000000006e8a08 RCX: 000000000044c2b9
RDX: 0000000000042000 RSI: 0000000000000004 RDI: 0000000000000003
RBP: 00000000006e8a00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e8a0c
R13: 00007ffc7d12f4ff R14: 00007f90251229c0 R15: 20c49ba5e353f7cf

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-root	2021/04/03 13:52	upstream	d93a0d43	79264ae3	.config	log	report	syz	C

Crashes (61):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-root	2021/01/03 08:56	upstream	3516bd72	79264ae3	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2021/01/04 07:48	upstream	e71ba945	79264ae3	.config	log	report	syz
ci-upstream-kasan-gce-root	2020/12/15 15:01	upstream	148842c9	97183ed7	.config	log	report	syz
ci-upstream-kasan-gce-root	2021/04/06 21:42	upstream	0a50438c	6a81331a	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/03/04 10:36	upstream	f69d02e3	d7e4e604	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/03/04 09:03	upstream	f69d02e3	d7e4e604	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/27 21:40	upstream	5695e516	4c37c133	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/27 19:47	upstream	5695e516	4c37c133	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/27 12:26	upstream	3fb6d0e0	4c37c133	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/27 06:50	upstream	3fb6d0e0	4c37c133	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/26 15:28	upstream	2c87f7a3	4c37c133	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/25 18:41	upstream	29c395c7	76f7fc95	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/25 17:08	upstream	29c395c7	76f7fc95	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/25 04:28	upstream	062c84fc	fcc6d71b	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/23 10:36	upstream	a99163e9	c26fb06b	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/22 22:50	upstream	a99163e9	c26fb06b	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/22 19:24	upstream	a99163e9	c26fb06b	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/22 11:47	upstream	31caf8b2	a659b3f1	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/21 23:25	upstream	55f62bc8	a659b3f1	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/21 19:01	upstream	55f62bc8	a659b3f1	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/02/04 12:24	upstream	61556703	42b90a7c	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/01/29 08:52	upstream	bec4c296	6593fd32	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/01/27 07:59	upstream	2ab38c17	55a7d4df	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/01/24 22:43	upstream	e6806137	52e37319	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/01/21 01:07	upstream	75439bc4	d4f4eca5	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/01/17 21:57	upstream	a1339d63	813be542	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-bpf-next-kasan-gce	2021/01/19 06:45	bpf-next	a2c2998d	63631df1	.config	log	report			info	INFO: rcu detected stall in ieee80211_tasklet_handler
ci-upstream-kasan-gce-root	2021/01/17 11:55	upstream	0da0a8a0	813be542	.config	log	report			info
ci-upstream-kasan-gce-root	2021/01/16 15:43	upstream	1d94330a	65a7a854	.config	log	report			info
ci-upstream-kasan-gce-root	2021/01/15 17:10	upstream	5ee88057	65a7a854	.config	log	report			info
ci-upstream-kasan-gce-root	2021/01/15 08:24	upstream	14662050	65a7a854	.config	log	report			info
ci-upstream-kasan-gce-root	2021/01/09 11:44	upstream	996e435f	a6c52263	.config	log	report			info
ci-upstream-kasan-gce-root	2021/01/07 19:00	upstream	71c061d2	c104d4a3	.config	log	report			info
ci-upstream-kasan-gce-root	2021/01/01 22:26	upstream	eda809ae	79264ae3	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/31 01:50	upstream	f6e1ea19	5cc121d6	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/28 05:06	upstream	5c8fe583	2242f77f	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/15 20:35	upstream	148842c9	97183ed7	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/15 14:55	upstream	148842c9	97183ed7	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/15 07:47	upstream	148842c9	97183ed7	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/15 07:17	upstream	148842c9	97183ed7	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/14 22:03	upstream	2c85ebc5	97183ed7	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/14 18:21	upstream	2c85ebc5	97183ed7	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/13 23:22	upstream	6bff9bb8	b22a7ec3	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/13 15:22	upstream	6bff9bb8	bca53db9	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/13 15:20	upstream	6bff9bb8	bca53db9	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/13 10:46	upstream	7b1b868e	bca53db9	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/13 03:32	upstream	7b1b868e	bca53db9	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/12 22:50	upstream	7b1b868e	bca53db9	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/12 07:07	upstream	7f376f19	bca53db9	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/12 06:16	upstream	33dc9614	ba24ffcd	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/11 09:54	upstream	33dc9614	f900b48c	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/11 08:03	upstream	33dc9614	f900b48c	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/10 15:33	upstream	a2f5ea9e	f900b48c	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/10 04:13	upstream	a68a0262	c090b4da	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/08 19:58	upstream	cd796ed3	a7f7f4a4	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/08 18:55	upstream	cd796ed3	a7f7f4a4	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/07 14:00	upstream	0477e928	1190297f	.config	log	report			info
ci-upstream-kasan-gce-root	2020/12/07 12:52	upstream	0477e928	1190297f	.config	log	report			info