rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-.... } 2672 jiffies s: 50493 root: 0x2/. rcu: blocking rcu_node structures (internal RCU debug): Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 13057 Comm: syz-executor.2 Not tainted 6.10.0-rc2-syzkaller-00007-gf06ce441457d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:deref_stack_regs arch/x86/kernel/unwind_orc.c:418 [inline] RIP: 0010:unwind_next_frame+0x134e/0x23a0 arch/x86/kernel/unwind_orc.c:596 Code: 40 84 ed 48 8b 0c 24 0f 85 ba f0 ff ff e8 1a fb 50 00 48 89 df c6 05 c0 97 ac 11 01 e8 db e6 ff ff 48 8b 0c 24 e9 9d f0 ff ff fd fa 50 00 ba a8 00 00 00 4c 89 ee 48 89 df e8 1d ea ff ff 31 RSP: 0018:ffffc90000a17ab8 EFLAGS: 00000046 RAX: 0000000000000000 RBX: ffffc90000a17b38 RCX: ffffffff813cde29 RDX: ffff88802e901e00 RSI: 0000000000000004 RDI: 0000000000000001 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000004 R10: 0000000000000003 R11: 0000000000000002 R12: ffffffff91209e40 R13: ffffc9000325f648 R14: ffffffff91209e44 R15: 0000000000000003 FS: 0000555559ef9480(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2ec2a000 CR3: 0000000031752000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: arch_stack_walk+0x100/0x170 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:370 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:387 kmalloc_noprof include/linux/slab.h:660 [inline] dummy_urb_enqueue+0x8d/0x8a0 drivers/usb/gadget/udc/dummy_hcd.c:1271 usb_hcd_submit_urb+0x2d1/0x2090 drivers/usb/core/hcd.c:1533 usb_submit_urb+0x87c/0x1730 drivers/usb/core/urb.c:581 ath9k_hif_usb_reg_in_cb+0x494/0x690 drivers/net/wireless/ath/ath9k/hif_usb.c:792 __usb_hcd_giveback_urb+0x364/0x5c0 drivers/usb/core/hcd.c:1648 usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1732 dummy_timer+0x17f6/0x3900 drivers/usb/gadget/udc/dummy_hcd.c:1987 __run_hrtimer kernel/time/hrtimer.c:1687 [inline] __hrtimer_run_queues+0x20c/0xcc0 kernel/time/hrtimer.c:1751 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1813 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x10f/0x450 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x43/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:unwind_next_frame+0x110d/0x23a0 arch/x86/kernel/unwind_orc.c:664 Code: ea 03 80 3c 02 00 0f 85 93 10 00 00 4c 89 63 40 e8 58 fd 50 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 0f b6 04 02 <84> c0 74 08 3c 03 0f 8e 25 10 00 00 44 8b 23 89 ee 44 89 e7 e8 6a RSP: 0018:ffffc90000a18660 EFLAGS: 00000a02 RAX: 0000000000000000 RBX: ffffc90000a186e0 RCX: ffffffff813ce55e RDX: 1ffff920001430dc RSI: ffffffff813ce798 RDI: 0000000000000001 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000004 R10: 0000000000000000 R11: 0000000000000002 R12: ffffffff911fa408 R13: ffffc9000325fc00 R14: 0000000000000000 R15: 0000000000000001 arch_stack_walk+0x100/0x170 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579 poison_slab_object+0xf7/0x160 mm/kasan/common.c:240 __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2195 [inline] slab_free mm/slub.c:4436 [inline] kmem_cache_free+0x12f/0x3a0 mm/slub.c:4511 kfree_skbmem+0x10e/0x200 net/core/skbuff.c:1131 __kfree_skb net/core/skbuff.c:1188 [inline] kfree_skb_reason+0x138/0x210 net/core/skbuff.c:1223 kfree_skb include/linux/skbuff.h:1257 [inline] ip6_mc_input+0x7ad/0xfd0 net/ipv6/ip6_input.c:589 dst_input include/net/dst.h:460 [inline] dst_input include/net/dst.h:458 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] NF_HOOK include/linux/netfilter.h:308 [inline] ipv6_rcv+0x45a/0x680 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5624 __netif_receive_skb+0x1d/0x160 net/core/dev.c:5738 process_backlog+0x133/0x760 net/core/dev.c:6067 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6721 napi_poll net/core/dev.c:6790 [inline] net_rx_action+0x9b6/0xf10 net/core/dev.c:6906 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:__free_object+0x512/0xcb0 lib/debugobjects.c:336 Code: 3f 10 0f 85 10 ff ff ff 48 c7 c7 a0 93 65 8e e8 b4 ad 61 06 48 83 3c 24 00 0f 85 08 01 00 00 9c 58 f6 c4 02 0f 85 85 02 00 00 <48> b8 00 00 00 00 00 fc ff df 48 8b 4c 24 08 48 01 c1 c7 01 00 00 RSP: 0018:ffffc9000325f6f0 EFLAGS: 00000246 RAX: 0000000000000002 RBX: ffff88806554c070 RCX: 1ffffffff2850276 RDX: 0000000000000000 RSI: ffffffff8b2cade0 RDI: ffffffff8b900000 RBP: ffff888064c711f8 R08: 0000000000000001 R09: fffffbfff284d65e R10: ffffffff9426b2f7 R11: 0000000000000001 R12: ffff8880b933a650 R13: ffff888060159540 R14: ffffc9000325f748 R15: ffff88806554c070 free_object lib/debugobjects.c:423 [inline] debug_object_free+0x299/0x500 lib/debugobjects.c:866 debug_percpu_counter_deactivate lib/percpu_counter.c:50 [inline] percpu_counter_destroy_many lib/percpu_counter.c:205 [inline] percpu_counter_destroy_many+0xac/0x390 lib/percpu_counter.c:193 __mmdrop+0x2cf/0x470 kernel/fork.c:927 mmdrop include/linux/sched/mm.h:55 [inline] mmdrop_sched include/linux/sched/mm.h:83 [inline] mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline] finish_task_switch.isra.0+0x7af/0xcc0 kernel/sched/core.c:5307 context_switch kernel/sched/core.c:5411 [inline] __schedule+0xf1d/0x5d00 kernel/sched/core.c:6745 __schedule_loop kernel/sched/core.c:6822 [inline] schedule+0xe7/0x350 kernel/sched/core.c:6837 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894 rwsem_down_write_slowpath kernel/locking/rwsem.c:1178 [inline] __down_write_common+0x950/0x13f0 kernel/locking/rwsem.c:1306 __down_write_killable kernel/locking/rwsem.c:1320 [inline] down_write_killable+0x4b/0x70 kernel/locking/rwsem.c:1592 mmap_write_lock_killable include/linux/mmap_lock.h:122 [inline] vm_mmap_pgoff+0x160/0x360 mm/util.c:571 ksys_mmap_pgoff+0x7d/0x5d0 mm/mmap.c:1443 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:86 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:79 [inline] __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:79 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f181ba7cfa3 Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 b0 ff ff ff 64 c7 RSP: 002b:00007ffe858c0a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 RAX: ffffffffffffffda RBX: 00007f181a4006c0 RCX: 00007f181ba7cfa3 RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffe858c0cc0 R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 sched: RT throttling activated