rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: (detected by 0, t=10502 jiffies, g=8989, q=43) rcu: All QSes seen, last rcu_preempt kthread activity 10502 (4295033498-4295022996), jiffies_till_next_fqs=1, root ->qsmask 0x0 rcu: rcu_preempt kthread starved for 10502 jiffies! g8989 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_preempt state:R running task stack:28864 pid: 14 ppid: 2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:4683 [inline] __schedule+0x93a/0x26f0 kernel/sched/core.c:5940 schedule+0xd3/0x270 kernel/sched/core.c:6019 schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1879 rcu_gp_fqs_loop kernel/rcu/tree.c:1996 [inline] rcu_gp_kthread+0xd34/0x1980 kernel/rcu/tree.c:2169 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 rcu: Stack dump where RCU GP kthread last ran: Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 8607 Comm: kworker/1:4 Not tainted 5.14.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events bpf_prog_free_deferred RIP: 0010:arch_safe_halt arch/x86/include/asm/irqflags.h:90 [inline] RIP: 0010:kvm_wait arch/x86/kernel/kvm.c:888 [inline] RIP: 0010:kvm_wait+0xaf/0xf0 arch/x86/kernel/kvm.c:871 Code: 10 c3 c3 89 74 24 0c 48 89 3c 24 e8 4b a3 48 00 8b 74 24 0c 48 8b 3c 24 eb 82 e8 5c a8 48 00 eb 07 0f 00 2d d3 d3 55 08 fb f4 9b eb 07 0f 00 2d c6 d3 55 08 f4 eb c5 89 74 24 0c 48 89 3c 24 RSP: 0018:ffffc90001d3f9b8 EFLAGS: 00000202 RAX: 000000000000ddf1 RBX: 0000000000000000 RCX: 1ffffffff1f9af8a RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffffff8ba97b80 R08: 0000000000000001 R09: ffffffff8fcd48a7 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: fffffbfff1752f70 R14: 0000000000000001 R15: ffff8880b9d52880 FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000508 CR3: 00000000340d5000 CR4: 0000000000350ee0 Call Trace: pv_wait arch/x86/include/asm/paravirt.h:597 [inline] pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:470 [inline] __pv_queued_spin_lock_slowpath+0x8b8/0xb40 kernel/locking/qspinlock.c:508 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:585 [inline] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline] queued_spin_lock include/asm-generic/qspinlock.h:85 [inline] do_raw_spin_lock+0x200/0x2b0 kernel/locking/spinlock_debug.c:113 spin_lock include/linux/spinlock.h:354 [inline] free_vmap_area_noflush+0x25b/0xd10 mm/vmalloc.c:1724 free_unmap_vmap_area mm/vmalloc.c:1744 [inline] remove_vm_area+0x1cc/0x230 mm/vmalloc.c:2483 vm_remove_mappings mm/vmalloc.c:2512 [inline] __vunmap+0x392/0xb70 mm/vmalloc.c:2577 __vfree+0x3c/0xd0 mm/vmalloc.c:2635 vfree+0x5a/0x90 mm/vmalloc.c:2666 bpf_jit_free+0xbb/0x1c0 bpf_prog_free_deferred+0x593/0x760 kernel/bpf/core.c:2268 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 ================================ WARNING: inconsistent lock state 5.14.0-rc4-syzkaller #0 Not tainted -------------------------------- inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. syz-executor140/8789 [HC0[0]:SC1[1]:HE0:SE0] takes: ffffffff8b984898 (rcu_node_0){?.-.}-{2:2}, at: print_other_cpu_stall kernel/rcu/tree_stall.h:543 [inline] ffffffff8b984898 (rcu_node_0){?.-.}-{2:2}, at: check_cpu_stall kernel/rcu/tree_stall.h:709 [inline] ffffffff8b984898 (rcu_node_0){?.-.}-{2:2}, at: rcu_pending kernel/rcu/tree.c:3922 [inline] ffffffff8b984898 (rcu_node_0){?.-.}-{2:2}, at: rcu_sched_clock_irq+0xc9a/0x20c0 kernel/rcu/tree.c:2641 {IN-HARDIRQ-W} state was registered at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:159 rcu_report_exp_cpu_mult+0x1c/0x280 kernel/rcu/tree_exp.h:237 flush_smp_call_function_queue+0x34b/0x640 kernel/smp.c:663 __sysvec_call_function_single+0x95/0x3d0 arch/x86/kernel/smp.c:248 sysvec_call_function_single+0x8e/0xc0 arch/x86/kernel/smp.c:243 asm_sysvec_call_function_single+0x12/0x20 arch/x86/include/asm/idtentry.h:646 lock_is_held_type+0xfd/0x140 kernel/locking/lockdep.c:5673 lock_is_held include/linux/lockdep.h:283 [inline] ___might_sleep+0x3a/0x2c0 kernel/sched/core.c:9120 set_zone_contiguous+0xac/0x1b0 mm/page_alloc.c:1814 page_alloc_init_late+0x91/0xa1 mm/page_alloc.c:2250 kernel_init_freeable+0x486/0x741 init/main.c:1589 kernel_init+0x1a/0x1d0 init/main.c:1485 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 irq event stamp: 17779091 hardirqs last enabled at (17779090): [] asm_sysvec_irq_work+0x12/0x20 arch/x86/include/asm/idtentry.h:664 hardirqs last disabled at (17779091): [] sysvec_apic_timer_interrupt+0xb/0xc0 arch/x86/kernel/apic/apic.c:1100 softirqs last enabled at (16147782): [] invoke_softirq kernel/softirq.c:432 [inline] softirqs last enabled at (16147782): [] __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636 softirqs last disabled at (16147785): [] invoke_softirq kernel/softirq.c:432 [inline] softirqs last disabled at (16147785): [] __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(rcu_node_0); lock(rcu_node_0); *** DEADLOCK *** 3 locks held by syz-executor140/8789: #0: ffffffff8ba97b98 (purge_vmap_area_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline] #0: ffffffff8ba97b98 (purge_vmap_area_lock){+.+.}-{2:2}, at: free_vmap_area_noflush+0x25b/0xd10 mm/vmalloc.c:1724 #1: ffffffff8b97ba40 (rcu_read_lock){....}-{1:2}, at: ieee80211_iterate_active_interfaces_atomic+0x0/0x180 net/mac80211/util.c:1237 #2: ffffffff8b984898 (rcu_node_0){?.-.}-{2:2}, at: print_other_cpu_stall kernel/rcu/tree_stall.h:543 [inline] #2: ffffffff8b984898 (rcu_node_0){?.-.}-{2:2}, at: check_cpu_stall kernel/rcu/tree_stall.h:709 [inline] #2: ffffffff8b984898 (rcu_node_0){?.-.}-{2:2}, at: rcu_pending kernel/rcu/tree.c:3922 [inline] #2: ffffffff8b984898 (rcu_node_0){?.-.}-{2:2}, at: rcu_sched_clock_irq+0xc9a/0x20c0 kernel/rcu/tree.c:2641 stack backtrace: CPU: 0 PID: 8789 Comm: syz-executor140 Not tainted 5.14.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:105 print_usage_bug kernel/locking/lockdep.c:203 [inline] valid_state kernel/locking/lockdep.c:3933 [inline] mark_lock_irq kernel/locking/lockdep.c:4136 [inline] mark_lock.cold+0x61/0x8e kernel/locking/lockdep.c:4593 mark_held_locks+0x9f/0xe0 kernel/locking/lockdep.c:4194 __trace_hardirqs_on_caller kernel/locking/lockdep.c:4212 [inline] lockdep_hardirqs_on_prepare kernel/locking/lockdep.c:4280 [inline] lockdep_hardirqs_on_prepare+0x135/0x400 kernel/locking/lockdep.c:4232 trace_hardirqs_on+0x5b/0x1c0 kernel/trace/trace_preemptirq.c:49 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 RIP: 0010:find_stack lib/stackdepot.c:209 [inline] RIP: 0010:stack_depot_save+0x12f/0x4e0 lib/stackdepot.c:281 Code: 0c 89 da 81 e2 ff ff 0f 00 4c 8d 3c d0 4d 8b 37 4d 85 f6 75 11 e9 94 00 00 00 4d 8b 36 4d 85 f6 0f 84 88 00 00 00 41 39 5e 08 <75> ee 45 3b 66 0c 75 e8 31 c0 49 8b 4c c6 18 48 39 4c c5 00 75 da RSP: 0018:ffffc900000078d0 EFLAGS: 00000246 RAX: ffff88823b000000 RBX: 00000000eb6591e0 RCX: 0000000000000002 RDX: 00000000000591e0 RSI: 0000000000000800 RDI: 0000000068cc982c RBP: ffffc90000007940 R08: 0000000071e099c4 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000010 R13: 0000000000000010 R14: ffff888020fa9dd0 R15: ffff88823b2c8f00 kasan_save_stack+0x32/0x40 mm/kasan/common.c:40 kasan_set_track+0x1c/0x30 mm/kasan/common.c:46 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:360 ____kasan_slab_free mm/kasan/common.c:366 [inline] ____kasan_slab_free mm/kasan/common.c:328 [inline] __kasan_slab_free+0xfb/0x130 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1625 [inline] slab_free_freelist_hook+0xdf/0x240 mm/slub.c:1650 slab_free mm/slub.c:3210 [inline] kfree+0xe4/0x530 mm/slub.c:4264 skb_free_head net/core/skbuff.c:654 [inline] skb_release_data+0x65a/0x790 net/core/skbuff.c:676 skb_release_all net/core/skbuff.c:741 [inline] __kfree_skb net/core/skbuff.c:755 [inline] consume_skb net/core/skbuff.c:911 [inline] consume_skb+0xc2/0x160 net/core/skbuff.c:905 mac80211_hwsim_tx_frame+0x1f6/0x2a0 drivers/net/wireless/mac80211_hwsim.c:1785 mac80211_hwsim_beacon_tx+0x49b/0x930 drivers/net/wireless/mac80211_hwsim.c:1838 __iterate_interfaces+0x1e5/0x520 net/mac80211/util.c:793 ieee80211_iterate_active_interfaces_atomic+0x70/0x180 net/mac80211/util.c:829 mac80211_hwsim_beacon+0xd5/0x1a0 drivers/net/wireless/mac80211_hwsim.c:1861 __run_hrtimer kernel/time/hrtimer.c:1537 [inline] __hrtimer_run_queues+0x609/0xe50 kernel/time/hrtimer.c:1601 hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1618 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 RIP: 0010:check_kcov_mode kernel/kcov.c:163 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x7/0x60 kernel/kcov.c:197 Code: fd ff ff b9 ff ff ff ff ba 08 00 00 00 4d 8b 03 48 0f bd ca 49 8b 45 00 48 63 c9 e9 64 ff ff ff 0f 1f 00 65 8b 05 59 54 8c 7e <89> c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b 14 25 00 f0 01 00 a9 RSP: 0018:ffffc900016ff668 EFLAGS: 00000293 RAX: 0000000000000001 RBX: ffff888026bb6300 RCX: ffff8880277fb880 RDX: 0000000000000000 RSI: ffff8880277fb880 RDI: 0000000000000003 RBP: ffff8880a6bb6300 R08: ffff8880a6bb6300 R09: 0000000000000030 R10: ffffffff81346ea8 R11: 000000000000003f R12: 0000000026bb6300 R13: 0000000000000030 R14: 0000000000000000 R15: 0000000000000000 phys_addr_valid arch/x86/mm/physaddr.h:7 [inline] __phys_addr+0xa7/0x140 arch/x86/mm/physaddr.c:28 virt_to_head_page include/linux/mm.h:899 [inline] ____kasan_slab_free mm/kasan/common.c:344 [inline] __kasan_slab_free+0x34/0x130 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1625 [inline] slab_free_freelist_hook+0xdf/0x240 mm/slub.c:1650 slab_free mm/slub.c:3210 [inline] kmem_cache_free+0x8a/0x5b0 mm/slub.c:3226 merge_or_add_vmap_area mm/vmalloc.c:1077 [inline] free_vmap_area_noflush+0x764/0xd10 mm/vmalloc.c:1725 free_unmap_vmap_area mm/vmalloc.c:1744 [inline] remove_vm_area+0x1cc/0x230 mm/vmalloc.c:2483 vm_remove_mappings mm/vmalloc.c:2512 [inline] __vunmap+0x392/0xb70 mm/vmalloc.c:2577 __vfree+0x3c/0xd0 mm/vmalloc.c:2635 vfree+0x5a/0x90 mm/vmalloc.c:2666 bpf_check+0x618/0xbce0 kernel/bpf/verifier.c:13545 bpf_prog_load+0xe57/0x21f0 kernel/bpf/syscall.c:2274 __sys_bpf+0x65a/0x53b0 kernel/bpf/syscall.c:4469 __do_sys_bpf kernel/bpf/syscall.c:4573 [inline] __se_sys_bpf kernel/bpf/syscall.c:4571 [inline] __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:4571 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x442279 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffff6a20b68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442279 RDX: 0000000000000048 RSI: 00000000200054c0 RDI: 0000000000000005 RBP: 0000000000000000 R08: 00007ffff6a20b90 R09: 00007ffff6a20b90 R10: 00007ffff6a20b90 R11: 0000000000000246 R12: 00007ffff6a20b88 R13: 00007ffff6a20bc0 R14: 00007ffff6a20ba0 R15: 000000000000000d softirq: huh, entered softirq 8 HRTIMER ffffffff81656880 with preempt_count 00000101, exited with 00000102?