------------[ cut here ]------------ WARNING: CPU: 2 PID: 6133 at arch/x86/mm/tlb.c:515 switch_mm_irqs_off+0x890/0xbc0 arch/x86/mm/tlb.c:515 Modules linked in: CPU: 2 PID: 6133 Comm: syz-executor.3 Not tainted 6.9.0-rc2-syzkaller-00002-g026e680b0a08 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:switch_mm_irqs_off+0x890/0xbc0 arch/x86/mm/tlb.c:515 Code: ff 44 8d 6b 02 48 63 d3 49 8d 8e 18 06 00 00 4d 63 ed 49 c1 e5 04 4d 8d 8d 80 d8 03 00 49 81 c5 88 d8 03 00 e9 75 fd ff ff 90 <0f> 0b 90 e9 e3 f7 ff ff 90 0f 0b 90 e8 df f5 ff ff e9 20 f8 ff ff RSP: 0018:ffffc90005ff6920 EFLAGS: 00010202 RAX: 0000000000000296 RBX: ffff88801e260000 RCX: ffff888023ea1c80 RDX: 1ffff110047d446a RSI: ffffffff8b8f4ae0 RDI: ffffffff8b8f4b20 RBP: ffff888023ea2f80 R08: 0000000000000000 R09: ffffed10047d43a9 R10: ffff888023ea1d4b R11: 0000000000000000 R12: ffff88806b23f500 R13: ffff888023f8a440 R14: ffff888023ea1c80 R15: ffff88806b23ea40 FS: 0000555573643480(0000) GS:ffff88806b200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31025000 CR3: 0000000023140000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: context_switch kernel/sched/core.c:5393 [inline] __schedule+0xd2b/0x5d00 kernel/sched/core.c:6746 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7068 irqentry_exit+0x36/0x90 kernel/entry/common.c:354 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:pcpu_alloc+0x2/0x1510 mm/percpu.c:1719 Code: 1c 00 e9 30 fe ff ff 4c 89 ef e8 f9 ae 1c 00 e9 d5 fd ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 57 <41> 56 41 55 41 54 49 89 fc 55 48 89 f5 53 89 d3 48 83 ec 78 89 54 RSP: 0018:ffffc90005ff6c00 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff88802b509a80 RCX: 0000000000000cc0 RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000008 RBP: 0000000000000000 R08: ffffc90005ff7080 R09: 0000000000000cc0 R10: 0000000000000001 R11: 0000000000000000 R12: 1ffff92000bfed87 R13: dffffc0000000000 R14: 0000000000000cc0 R15: 0000000000000000 fib_nh_common_init+0xa1/0x2d0 net/ipv4/fib_semantics.c:591 fib_nh_init+0xbd/0x460 net/ipv4/fib_semantics.c:630 fib_create_info+0x24ff/0x4d50 net/ipv4/fib_semantics.c:1497 fib_table_insert+0x1d7/0x1d70 net/ipv4/fib_trie.c:1237 fib_magic+0x4d6/0x5c0 net/ipv4/fib_frontend.c:1104 fib_add_ifaddr+0x4c0/0x560 net/ipv4/fib_frontend.c:1148 fib_netdev_event+0x38d/0x710 net/ipv4/fib_frontend.c:1486 notifier_call_chain+0xb9/0x410 kernel/notifier.c:93 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1950 call_netdevice_notifiers_extack net/core/dev.c:1988 [inline] call_netdevice_notifiers net/core/dev.c:2002 [inline] __dev_notify_flags+0x12d/0x2e0 net/core/dev.c:8725 dev_change_flags+0x10c/0x160 net/core/dev.c:8763 do_setlink+0x1a3b/0x3fe0 net/core/rtnetlink.c:2884 __rtnl_newlink+0xc35/0x1960 net/core/rtnetlink.c:3680 rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3727 rtnetlink_rcv_msg+0x3c7/0xe60 net/core/rtnetlink.c:6595 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2559 ---------------- Code disassembly (best guess): 0: 1c 00 sbb $0x0,%al 2: e9 30 fe ff ff jmp 0xfffffe37 7: 4c 89 ef mov %r13,%rdi a: e8 f9 ae 1c 00 call 0x1caf08 f: e9 d5 fd ff ff jmp 0xfffffde9 14: 0f 1f 40 00 nopl 0x0(%rax) 18: 90 nop 19: 90 nop 1a: 90 nop 1b: 90 nop 1c: 90 nop 1d: 90 nop 1e: 90 nop 1f: 90 nop 20: 90 nop 21: 90 nop 22: 90 nop 23: 90 nop 24: 90 nop 25: 90 nop 26: 90 nop 27: 90 nop 28: 41 57 push %r15 * 2a: 41 56 push %r14 <-- trapping instruction 2c: 41 55 push %r13 2e: 41 54 push %r12 30: 49 89 fc mov %rdi,%r12 33: 55 push %rbp 34: 48 89 f5 mov %rsi,%rbp 37: 53 push %rbx 38: 89 d3 mov %edx,%ebx 3a: 48 83 ec 78 sub $0x78,%rsp 3e: 89 .byte 0x89 3f: 54 push %rsp