rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: (detected by 1, t=10502 jiffies, g=14617, q=365) rcu: All QSes seen, last rcu_preempt kthread activity 10502 (4295109899-4295099397), jiffies_till_next_fqs=1, root ->qsmask 0x0 rcu: rcu_preempt kthread starved for 10502 jiffies! g14617 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_preempt state:R running task stack:28696 pid: 13 ppid: 2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:4327 [inline] __schedule+0x999/0xe70 kernel/sched/core.c:5078 schedule+0x14b/0x200 kernel/sched/core.c:5157 schedule_timeout+0x15c/0x250 kernel/time/timer.c:1878 rcu_gp_fqs_loop kernel/rcu/tree.c:1940 [inline] rcu_gp_kthread+0xead/0x1bc0 kernel/rcu/tree.c:2113 kthread+0x39a/0x3c0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 ================================ WARNING: inconsistent lock state 5.11.0-rc7-syzkaller #0 Not tainted -------------------------------- inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. syz-executor.5/13521 [HC0[0]:SC1[1]:HE0:SE0] takes: ffffffff8c715418 (rcu_node_0){?.-.}-{2:2}, at: print_other_cpu_stall kernel/rcu/tree_stall.h:493 [inline] ffffffff8c715418 (rcu_node_0){?.-.}-{2:2}, at: check_cpu_stall kernel/rcu/tree_stall.h:652 [inline] ffffffff8c715418 (rcu_node_0){?.-.}-{2:2}, at: rcu_pending kernel/rcu/tree.c:3751 [inline] ffffffff8c715418 (rcu_node_0){?.-.}-{2:2}, at: rcu_sched_clock_irq+0xd2a/0x22d0 kernel/rcu/tree.c:2580 {IN-HARDIRQ-W} state was registered at: lock_acquire+0x114/0x5e0 kernel/locking/lockdep.c:5442 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x73/0xa0 kernel/locking/spinlock.c:159 rcu_report_exp_cpu_mult+0x59/0x270 kernel/rcu/tree_exp.h:237 flush_smp_call_function_queue+0x525/0x7a0 kernel/smp.c:425 __sysvec_call_function_single+0x62/0x70 arch/x86/kernel/smp.c:248 asm_call_irq_on_stack+0xf/0x20 __run_sysvec_on_irqstack arch/x86/include/asm/irq_stack.h:37 [inline] run_sysvec_on_irqstack_cond arch/x86/include/asm/irq_stack.h:89 [inline] sysvec_call_function_single+0x9f/0xf0 arch/x86/kernel/smp.c:243 asm_sysvec_call_function_single+0x12/0x20 arch/x86/include/asm/idtentry.h:637 native_restore_fl arch/x86/include/asm/irqflags.h:41 [inline] arch_local_irq_restore arch/x86/include/asm/irqflags.h:84 [inline] lock_acquire+0x144/0x5e0 kernel/locking/lockdep.c:5445 __fs_reclaim_acquire+0x20/0x30 mm/page_alloc.c:4326 fs_reclaim_acquire+0x55/0xd0 mm/page_alloc.c:4340 might_alloc include/linux/sched/mm.h:193 [inline] slab_pre_alloc_hook mm/slab.h:493 [inline] slab_alloc_node mm/slub.c:2817 [inline] slab_alloc mm/slub.c:2900 [inline] kmem_cache_alloc+0x36/0x2e0 mm/slub.c:2905 ptlock_alloc+0x1c/0x60 mm/memory.c:5214 ptlock_init include/linux/mm.h:2179 [inline] pgtable_pte_page_ctor include/linux/mm.h:2206 [inline] __pte_alloc_one include/asm-generic/pgalloc.h:66 [inline] pte_alloc_one+0x7c/0x230 arch/x86/mm/pgtable.c:33 __pte_alloc+0x2f/0x1b0 mm/memory.c:428 do_anonymous_page+0xde9/0x12e0 mm/memory.c:3503 handle_pte_fault mm/memory.c:4385 [inline] __handle_mm_fault mm/memory.c:4522 [inline] handle_mm_fault+0x1835/0x2460 mm/memory.c:4620 faultin_page mm/gup.c:851 [inline] __get_user_pages+0xe01/0x1510 mm/gup.c:1070 __get_user_pages_locked mm/gup.c:1256 [inline] __get_user_pages_remote+0x180/0x730 mm/gup.c:1723 get_arg_page fs/exec.c:223 [inline] copy_string_kernel+0x1e2/0x490 fs/exec.c:634 kernel_execve+0x50a/0x970 fs/exec.c:1956 call_usermodehelper_exec_async+0x25d/0x3a0 kernel/umh.c:110 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 irq event stamp: 18447639 hardirqs last enabled at (18447638): [] asm_sysvec_irq_work+0x12/0x20 arch/x86/include/asm/idtentry.h:655 hardirqs last disabled at (18447639): [] sysvec_apic_timer_interrupt+0xc/0xf0 arch/x86/kernel/apic/apic.c:1100 softirqs last enabled at (12656876): [] asm_call_irq_on_stack+0xf/0x20 softirqs last disabled at (12656879): [] asm_call_irq_on_stack+0xf/0x20 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(rcu_node_0); lock(rcu_node_0); *** DEADLOCK *** 3 locks held by syz-executor.5/13521: #0: ffffffff8c40a058 (tasklist_lock){.+.+}-{2:2}, at: mm_update_next_owner+0x101/0x6d0 kernel/exit.c:367 #1: ffffffff8c711680 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:258 #2: ffffffff8c715418 (rcu_node_0){?.-.}-{2:2}, at: print_other_cpu_stall kernel/rcu/tree_stall.h:493 [inline] #2: ffffffff8c715418 (rcu_node_0){?.-.}-{2:2}, at: check_cpu_stall kernel/rcu/tree_stall.h:652 [inline] #2: ffffffff8c715418 (rcu_node_0){?.-.}-{2:2}, at: rcu_pending kernel/rcu/tree.c:3751 [inline] #2: ffffffff8c715418 (rcu_node_0){?.-.}-{2:2}, at: rcu_sched_clock_irq+0xd2a/0x22d0 kernel/rcu/tree.c:2580 stack backtrace: CPU: 1 PID: 13521 Comm: syz-executor.5 Not tainted 5.11.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x137/0x1be lib/dump_stack.c:120 print_usage_bug+0xbfe/0x1080 kernel/locking/lockdep.c:3740 mark_lock_irq kernel/locking/lockdep.c:3751 [inline] mark_lock+0x1897/0x2030 kernel/locking/lockdep.c:4411 mark_held_locks kernel/locking/lockdep.c:4012 [inline] __trace_hardirqs_on_caller kernel/locking/lockdep.c:4030 [inline] lockdep_hardirqs_on_prepare+0x1ef/0x5e0 kernel/locking/lockdep.c:4098 trace_hardirqs_on+0x6f/0x80 kernel/trace/trace_preemptirq.c:49 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:629 RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:30 [inline] RIP: 0010:__orc_find arch/x86/kernel/unwind_orc.c:52 [inline] RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:173 [inline] RIP: 0010:unwind_next_frame+0x521/0x1e20 arch/x86/kernel/unwind_orc.c:443 Code: 89 c1 48 c1 f9 02 48 c1 e8 3f 48 01 c8 48 83 e0 fe 49 8d 1c 47 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 <84> c0 75 27 48 63 03 48 01 d8 48 8d 4b 04 4c 39 e0 4c 0f 46 f9 48 RSP: 0000:ffffc90000db07f0 EFLAGS: 00000a02 RAX: 0000000000000000 RBX: ffffffff8e2ecf00 RCX: dffffc0000000000 RDX: ffffffff8edbc4f8 RSI: ffffffff8948b501 RDI: 0000000000000001 RBP: ffffffff8e2ecef4 R08: 0000000000000010 R09: ffffc90000db0968 R10: fffff520001b6123 R11: 0000000000000000 R12: ffffffff8948b575 R13: ffffffff8e2ecf0c R14: ffffffff8e2ecef4 R15: ffffffff8e2ecef4 arch_stack_walk+0xb2/0xe0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0xad/0x150 kernel/stacktrace.c:121 kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x3d/0x70 mm/kasan/common.c:46 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:356 ____kasan_slab_free+0xe2/0x110 mm/kasan/common.c:362 kasan_slab_free include/linux/kasan.h:192 [inline] slab_free_hook mm/slub.c:1547 [inline] slab_free_freelist_hook+0xd6/0x1a0 mm/slub.c:1580 slab_free mm/slub.c:3143 [inline] kfree+0xd1/0x2a0 mm/slub.c:4125 skb_release_all net/core/skbuff.c:678 [inline] __kfree_skb+0x56/0x1d0 net/core/skbuff.c:692 mac80211_hwsim_beacon_tx+0x4b9/0x870 drivers/net/wireless/mac80211_hwsim.c:1759 __iterate_interfaces+0x23e/0x4b0 net/mac80211/util.c:793 ieee80211_iterate_active_interfaces_atomic+0x9b/0x120 net/mac80211/util.c:829 mac80211_hwsim_beacon+0xa4/0x180 drivers/net/wireless/mac80211_hwsim.c:1782 __run_hrtimer kernel/time/hrtimer.c:1519 [inline] __hrtimer_run_queues+0x4c9/0xa00 kernel/time/hrtimer.c:1583 hrtimer_run_softirq+0x176/0x1e0 kernel/time/hrtimer.c:1600 __do_softirq+0x318/0x714 kernel/softirq.c:343 asm_call_irq_on_stack+0xf/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x9a/0xe0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:226 [inline] __irq_exit_rcu+0x1d8/0x200 kernel/softirq.c:420 irq_exit_rcu+0x5/0x20 kernel/softirq.c:432 sysvec_apic_timer_interrupt+0xe0/0xf0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:629 RIP: 0010:mm_update_next_owner+0x315/0x6d0 kernel/exit.c:390 Code: 48 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 ef e8 9f 40 73 00 48 8b 6d 00 48 8d 5d 10 48 89 d8 48 c1 e8 03 42 80 3c 20 00 <74> 08 48 89 df e8 81 40 73 00 48 8b 6d 10 48 39 dd 74 6f 0f 1f 84 RSP: 0000:ffffc9000ae17a88 EFLAGS: 00000246 RAX: 1ffff11003e02752 RBX: ffff88801f013a90 RCX: ffff88802ae49bc0 RDX: ffff88802ae49bc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff88801f013a80 R08: ffffffff81480de7 R09: fffffbfff1881409 R10: fffffbfff1881409 R11: 0000000000000000 R12: dffffc0000000000 R13: ffff88801813d340 R14: ffff88801db7d7e0 R15: ffff88806494c700 exit_mm+0x5df/0x710 kernel/exit.c:500 do_exit+0x667/0x2380 kernel/exit.c:812 do_group_exit+0x168/0x2d0 kernel/exit.c:922 get_signal+0x1734/0x1ef0 kernel/signal.c:2773 arch_do_signal_or_restart+0x3c/0x610 arch/x86/kernel/signal.c:811 handle_signal_work kernel/entry/common.c:147 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0xac/0x1e0 kernel/entry/common.c:201 irqentry_exit_to_user_mode+0x6/0x30 kernel/entry/common.c:307 exc_page_fault+0xe0/0x1e0 arch/x86/mm/fault.c:1509 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:580 RIP: 0033:0x40d10f Code: Unable to access opcode bytes at RIP 0x40d0e5. RSP: 002b:00007f37cc9ef220 EFLAGS: 00010202 RAX: 0000000000000001 RBX: 000000000056c0b8 RCX: 0000000000465b09 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000056c0b0 RBP: 000000000056c0b0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0bc R13: 00007ffecd70a7df R14: 00007f37cc9ef300 R15: 0000000000022000 softirq: huh, entered softirq 8 HRTIMER 00000000a7b9535b with preempt_count 00000101, exited with 00000102?