=============================
[ BUG: Invalid wait context ]
6.13.0-rc7-syzkaller-00019-gc45323b7560e #0 Not tainted
-----------------------------
syz-executor157/7531 is trying to lock:
ffff88807ffd8298 (&zone->lock){..-.}-{3:3}, at: rmqueue_bulk mm/page_alloc.c:2309 [inline]
ffff88807ffd8298 (&zone->lock){..-.}-{3:3}, at: __rmqueue_pcplist+0x6bb/0x1600 mm/page_alloc.c:3003
other info that might help us debug this:
context-{2:2}
4 locks held by syz-executor157/7531:
 #0: ffffffff8fedd408 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x213/0x10c0 net/core/dev_ioctl.c:782
 #1: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #1: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #1: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: ieee80211_rx_napi+0xa6/0x400 net/mac80211/rx.c:5491
 #2: ffff888029110168 (&rdev->bss_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
 #2: ffff888029110168 (&rdev->bss_lock){+.-.}-{3:3}, at: cfg80211_inform_single_bss_data+0x794/0x1df0 net/wireless/scan.c:2329
 #3: ffff88806a944c58 (&pcp->lock){+.+.}-{3:3}, at: spin_trylock include/linux/spinlock.h:361 [inline]
 #3: ffff88806a944c58 (&pcp->lock){+.+.}-{3:3}, at: rmqueue_pcplist mm/page_alloc.c:3032 [inline]
 #3: ffff88806a944c58 (&pcp->lock){+.+.}-{3:3}, at: rmqueue mm/page_alloc.c:3076 [inline]
 #3: ffff88806a944c58 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x350/0x2f80 mm/page_alloc.c:3473
stack backtrace:
CPU: 3 UID: 0 PID: 7531 Comm: syz-executor157 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4826 [inline]
 check_wait_context kernel/locking/lockdep.c:4898 [inline]
 __lock_acquire+0x878/0x3c40 kernel/locking/lockdep.c:5176
 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
 rmqueue_bulk mm/page_alloc.c:2309 [inline]
 __rmqueue_pcplist+0x6bb/0x1600 mm/page_alloc.c:3003
 rmqueue_pcplist mm/page_alloc.c:3045 [inline]
 rmqueue mm/page_alloc.c:3076 [inline]
 get_page_from_freelist+0x3d2/0x2f80 mm/page_alloc.c:3473
 __alloc_pages_noprof+0x223/0x25b0 mm/page_alloc.c:4753
 alloc_pages_mpol_noprof+0x2c8/0x620 mm/mempolicy.c:2269
 stack_depot_save_flags+0x8aa/0x9c0 lib/stackdepot.c:627
 kasan_save_stack+0x42/0x60 mm/kasan/common.c:48
 __kasan_record_aux_stack+0xba/0xd0 mm/kasan/generic.c:544
 task_work_add+0xc0/0x3b0 kernel/task_work.c:77
 __run_posix_cpu_timers kernel/time/posix-cpu-timers.c:1223 [inline]
 run_posix_cpu_timers+0x69f/0x7d0 kernel/time/posix-cpu-timers.c:1422
 update_process_times+0x1a1/0x2d0 kernel/time/timer.c:2526
 tick_sched_handle kernel/time/tick-sched.c:276 [inline]
 tick_nohz_handler+0x376/0x530 kernel/time/tick-sched.c:297
 __run_hrtimer kernel/time/hrtimer.c:1739 [inline]
 __hrtimer_run_queues+0x5fb/0xae0 kernel/time/hrtimer.c:1803
 hrtimer_interrupt+0x392/0x8e0 kernel/time/hrtimer.c:1865
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
 __sysvec_apic_timer_interrupt+0x10f/0x400 arch/x86/kernel/apic/apic.c:1055
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:___slab_alloc+0x1da/0x17a0 mm/slub.c:3760
Code: 00 00 48 89 df 48 8d 35 00 00 00 00 e8 2f e5 84 ff 48 83 bd 50 ff ff ff 00 0f 85 84 06 00 00 9c 58 f6 c4 02 0f 85 54 08 00 00 <49> 83 7c 24 18 00 0f 84 0a 04 00 00 65 4c 8b 35 32 f3 11 7e 9c 5b
RSP: 0018:ffffc90000708080 EFLAGS: 00000246
RAX: 0000000000000002 RBX: ffff88806a942ea0 RCX: 1ffffffff2dd56c4
RDX: 0000000000000000 RSI: ffffffff8b6cd9e0 RDI: ffffffff8bd1ef20
RBP: ffffc90000708160 R08: 0000000000000001 R09: fffffbfff2dca7b3
R10: ffffffff96e53d9f R11: 0000000000000003 R12: ffff88806a942e80
R13: ffff88801b042dc0 R14: 0000000000000003 R15: ffff88806a942ea0
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3920
 __slab_alloc_node mm/slub.c:3995 [inline]
 slab_alloc_node mm/slub.c:4156 [inline]
 __do_kmalloc_node mm/slub.c:4297 [inline]
 __kmalloc_noprof+0x2ec/0x510 mm/slub.c:4310
 kmalloc_noprof include/linux/slab.h:905 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 ieee802_11_parse_elems_full+0xea/0x1680 net/mac80211/parse.c:958
 ieee802_11_parse_elems_crc net/mac80211/ieee80211_i.h:2384 [inline]
 ieee802_11_parse_elems net/mac80211/ieee80211_i.h:2391 [inline]
 ieee80211_inform_bss+0xfd/0x1100 net/mac80211/scan.c:79
 rdev_inform_bss net/wireless/rdev-ops.h:418 [inline]
 cfg80211_inform_single_bss_data+0x8f9/0x1df0 net/wireless/scan.c:2334
 cfg80211_inform_bss_data+0x205/0x3ba0 net/wireless/scan.c:3189
 cfg80211_inform_bss_frame_data+0x272/0x7a0 net/wireless/scan.c:3284
 ieee80211_bss_info_update+0x311/0xab0 net/mac80211/scan.c:226
 ieee80211_scan_rx+0x474/0xac0 net/mac80211/scan.c:340
 __ieee80211_rx_handle_packet net/mac80211/rx.c:5232 [inline]
 ieee80211_rx_list+0x1bd7/0x2970 net/mac80211/rx.c:5469
 ieee80211_rx_napi+0xdd/0x400 net/mac80211/rx.c:5492
 ieee80211_rx include/net/mac80211.h:5166 [inline]
 ieee80211_handle_queued_frames+0xd5/0x130 net/mac80211/main.c:441
 tasklet_action_common+0x251/0x3f0 kernel/softirq.c:811
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:e1000_clear_vfta drivers/net/ethernet/intel/e1000/e1000_hw.c:4404 [inline]
RIP: 0010:e1000_init_hw+0x1b3/0x1200 drivers/net/ethernet/intel/e1000/e1000_hw.c:547
Code: 2d 38 fb 83 fd 03 48 19 ed e8 79 32 38 fb 48 81 e5 00 b0 ff ff 48 81 c5 00 56 00 00 48 8d 44 9d 00 49 01 c4 31 c0 41 89 04 24 <41> 80 7d 00 00 0f 85 ec 0d 00 00 49 8b 07 48 83 c0 08 8b 00 8d 73
RSP: 0018:ffffc9000c13f900 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000057 RCX: ffffffff8661f21c
RDX: ffff88802d4ca440 RSI: ffffffff8661f227 RDI: 0000000000000005
RBP: 0000000000005600 R08: 0000000000000005 R09: 0000000000000002
R10: 0000000000000005 R11: 0000000000000000 R12: ffffc9000672575c
R13: ffffed1004fb524d R14: ffffed1004fb5250 R15: ffff888027da9268
 e1000_reset+0x610/0x9f0 drivers/net/ethernet/intel/e1000/e1000_main.c:679
 e1000_down+0x427/0x700 drivers/net/ethernet/intel/e1000/e1000_main.c:531
 e1000_reinit_locked+0xcb/0xe0 drivers/net/ethernet/intel/e1000/e1000_main.c:543
 e1000_mii_ioctl drivers/net/ethernet/intel/e1000/e1000_main.c:4834 [inline]
 e1000_ioctl+0x58e/0x740 drivers/net/ethernet/intel/e1000/e1000_main.c:4744
 dev_eth_ioctl+0xdf/0x140 net/core/dev_ioctl.c:253
 dev_ifsioc+0x9e3/0x10b0 net/core/dev_ioctl.c:605
 dev_ioctl+0x224/0x10c0 net/core/dev_ioctl.c:783
 sock_do_ioctl+0x19e/0x280 net/socket.c:1223
 sock_ioctl+0x228/0x6c0 net/socket.c:1328
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl fs/ioctl.c:892 [inline]
 __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0700335969
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f06ffada138 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f07003c01e8 RCX: 00007f0700335969
RDX: 0000000020000000 RSI: 0000000000008949 RDI: 0000000000000006
RBP: 00007f07003c01e0 R08: 00007f06ffada6c0 R09: 0000000000000000
R10: 00007f06ffada6c0 R11: 0000000000000246 R12: 00007f07003c01ec
R13: 000000000000000b R14: 00007fff1c22e750 R15: 00007fff1c22e838
 </TASK>
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	48 89 df             	mov    %rbx,%rdi
   5:	48 8d 35 00 00 00 00 	lea    0x0(%rip),%rsi        # 0xc
   c:	e8 2f e5 84 ff       	call   0xff84e540
  11:	48 83 bd 50 ff ff ff 	cmpq   $0x0,-0xb0(%rbp)
  18:	00
  19:	0f 85 84 06 00 00    	jne    0x6a3
  1f:	9c                   	pushf
  20:	58                   	pop    %rax
  21:	f6 c4 02             	test   $0x2,%ah
  24:	0f 85 54 08 00 00    	jne    0x87e
* 2a:	49 83 7c 24 18 00    	cmpq   $0x0,0x18(%r12) <-- trapping instruction
  30:	0f 84 0a 04 00 00    	je     0x440
  36:	65 4c 8b 35 32 f3 11 	mov    %gs:0x7e11f332(%rip),%r14        # 0x7e11f370
  3d:	7e
  3e:	9c                   	pushf
  3f:	5b                   	pop    %rbx