=============================
WARNING: suspicious RCU usage
6.9.0-rc4-next-20240418-syzkaller #0 Not tainted
-----------------------------
kernel/rcu/tree.c:276 Illegal rcu_softirq_qs() in RCU read-side critical section!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
2 locks held by ksoftirqd/0/16:
 #0: ffffffff8ea36d80 (fill_pool_map-wait-type-override){+.+.}-{3:3}, at: debug_objects_fill_pool+0x80/0x9b0 lib/debugobjects.c:614
 #1: ffffffff8e333b60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #1: ffffffff8e333b60 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #1: ffffffff8e333b60 (rcu_read_lock){....}-{1:2}, at: page_ext_get+0x20/0x2a0 mm/page_ext.c:521

stack backtrace:
CPU: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.9.0-rc4-next-20240418-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712
 rcu_softirq_qs+0xd9/0x370 kernel/rcu/tree.c:273
 __do_softirq+0x5fd/0x980 kernel/softirq.c:568
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x0/0x90 kernel/kcov.c:310
Code: 10 48 89 74 0a 18 4c 89 44 0a 20 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 4c 8b 04 24 65 48 8b 0c 25 00 d5 03 00 65 8b 05 80 72
RSP: 0018:ffffc90000156f28 EFLAGS: 00000206
RAX: 0000160000000000 RBX: 0000000001697500 RCX: ffff8880176c5a00
RDX: 0000000000000000 RSI: 0000000001697500 RDI: 000000ffffffffc0
RBP: 000000ffffffffc0 R08: ffffffff82076f01 R09: 1ffffffff25ef6b4
R10: dffffc0000000000 R11: fffffbfff25ef6b5 R12: 000000000005a5d4
R13: 0000000000000004 R14: ffffffff82076ed0 R15: dffffc0000000000
 __nr_to_section include/linux/mmzone.h:1857 [inline]
 __pfn_to_section include/linux/mmzone.h:1969 [inline]
 lookup_page_ext mm/page_ext.c:250 [inline]
 page_ext_get+0xee/0x2a0 mm/page_ext.c:522
 __set_page_owner+0x99/0x810 mm/page_owner.c:327
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1476
 prep_new_page mm/page_alloc.c:1484 [inline]
 get_page_from_freelist+0x2ce2/0x2d90 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4704
 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
 stack_depot_save_flags+0x666/0x830 lib/stackdepot.c:635
 kasan_save_stack mm/kasan/common.c:48 [inline]
 kasan_save_track+0x51/0x80 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:312 [inline]
 __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3897 [inline]
 slab_alloc_node mm/slub.c:3957 [inline]
 kmem_cache_alloc_noprof+0x135/0x290 mm/slub.c:3964
 fill_pool lib/debugobjects.c:168 [inline]
 debug_objects_fill_pool+0x3ea/0x9b0 lib/debugobjects.c:615
 debug_object_activate+0x135/0x510 lib/debugobjects.c:704
 debug_rcu_head_queue kernel/rcu/rcu.h:227 [inline]
 __call_rcu_common kernel/rcu/tree.c:3087 [inline]
 call_rcu+0x97/0xa70 kernel/rcu/tree.c:3206
 context_switch kernel/sched/core.c:5411 [inline]
 __schedule+0x17f0/0x4a50 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 smpboot_thread_fn+0x61e/0xa30 kernel/smpboot.c:160
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
vkms_vblank_simulate: vblank timer overrun
----------------
Code disassembly (best guess):
   0:	10 48 89             	adc    %cl,-0x77(%rax)
   3:	74 0a                	je     0xf
   5:	18 4c 89 44          	sbb    %cl,0x44(%rcx,%rcx,4)
   9:	0a 20                	or     (%rax),%ah
   b:	c3                   	ret
   c:	cc                   	int3
   d:	cc                   	int3
   e:	cc                   	int3
   f:	cc                   	int3
  10:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
  17:	00 00 00
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	90                   	nop
  23:	90                   	nop
  24:	90                   	nop
  25:	90                   	nop
  26:	90                   	nop
  27:	90                   	nop
  28:	90                   	nop
  29:	90                   	nop
* 2a:	f3 0f 1e fa          	endbr64 <-- trapping instruction
  2e:	4c 8b 04 24          	mov    (%rsp),%r8
  32:	65 48 8b 0c 25 00 d5 	mov    %gs:0x3d500,%rcx
  39:	03 00
  3b:	65                   	gs
  3c:	8b                   	.byte 0x8b
  3d:	05                   	.byte 0x5
  3e:	80                   	.byte 0x80
  3f:	72                   	.byte 0x72