rcu: INFO: rcu_preempt self-detected stall on CPU rcu: 0-...!: (6534 ticks this GP) idle=18e/1/0x4000000000000000 softirq=10351/10351 fqs=2 (t=10500 jiffies g=9925 q=865) rcu: rcu_preempt kthread starved for 10494 jiffies! g9925 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_preempt state:R running task stack:29168 pid: 14 ppid: 2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0x911/0x21b0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_timeout+0x14a/0x250 kernel/time/timer.c:1892 rcu_gp_fqs_loop kernel/rcu/tree.c:2005 [inline] rcu_gp_kthread+0xd07/0x2250 kernel/rcu/tree.c:2178 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 rcu: Stack dump where RCU GP kthread last ran: Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 9854 Comm: syz-executor.0 Not tainted 5.12.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:hlock_id kernel/locking/lockdep.c:400 [inline] RIP: 0010:__lock_acquire+0xb97/0x54c0 kernel/locking/lockdep.c:4888 Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 c7 45 00 00 48 83 7b 40 00 0f 84 e0 0d 00 00 0f b7 44 24 18 8b 4c 24 50 8b 74 24 60 e0 0d 66 0b 44 24 08 98 2b 44 24 40 33 44 24 58 89 c2 29 c1 01 RSP: 0018:ffffc90000dc0840 EFLAGS: 00000086 RAX: 0000000000000002 RBX: ffffffff8fa9bcc0 RCX: 00000000e99f6d22 RDX: 1ffffffff1f537a0 RSI: 0000000039d91007 RDI: ffffffff8fa9bd00 RBP: ffff88807d048ab8 R08: 0000000000000000 R09: ffffffff8fa988af R10: fffffbfff1f53115 R11: 0000000000000000 R12: ffff88807d048000 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 FS: 00007f9adcb36700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c02973b000 CR3: 000000002ba5c000 CR4: 0000000000350ee0 Call Trace: lock_acquire kernel/locking/lockdep.c:5510 [inline] lock_acquire+0x1ab/0x740 kernel/locking/lockdep.c:5475 seqcount_lockdep_reader_access include/linux/seqlock.h:103 [inline] ktime_get_update_offsets_now+0x82/0x5c0 kernel/time/timekeeping.c:2284 hrtimer_update_base kernel/time/hrtimer.c:631 [inline] hrtimer_interrupt+0x142/0xa00 kernel/time/hrtimer.c:1645 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1089 [inline] __sysvec_apic_timer_interrupt+0x146/0x540 arch/x86/kernel/apic/apic.c:1106 sysvec_apic_timer_interrupt+0x40/0xc0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632 RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0x38/0x70 kernel/locking/spinlock.c:191 Code: 74 24 10 e8 ba 6d 54 f8 48 89 ef e8 e2 23 55 f8 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 d3 f1 48 f8 65 8b 05 dc bc fc 76 85 c0 74 0a 5b 5d c3 e8 30 ad RSP: 0018:ffffc90000dc0c88 EFLAGS: 00000206 RAX: 0000000000000002 RBX: 0000000000000200 RCX: 1ffffffff1f5e542 RDX: 0000000000000000 RSI: 0000000000000102 RDI: 0000000000000001 RBP: ffffffff8bfcf3c0 R08: 0000000000000001 R09: ffffffff8fa9898f R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880271d08c0 R13: 0000000000000000 R14: 000000000000000c R15: ffff88807c650d00 kcov_remote_start_common include/linux/kcov.h:47 [inline] ieee80211_rx_list+0x423/0x2680 net/mac80211/rx.c:4801 ieee80211_rx_napi+0xf7/0x3d0 net/mac80211/rx.c:4842 ieee80211_rx include/net/mac80211.h:4524 [inline] ieee80211_tasklet_handler+0xd4/0x130 net/mac80211/main.c:235 tasklet_action_common.constprop.0+0x1d7/0x2d0 kernel/softirq.c:557 __do_softirq+0x29b/0x9f6 kernel/softirq.c:345 invoke_softirq kernel/softirq.c:221 [inline] __irq_exit_rcu kernel/softirq.c:422 [inline] irq_exit_rcu+0x134/0x200 kernel/softirq.c:434 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632 RIP: 0010:debug_spin_unlock kernel/locking/spinlock_debug.c:97 [inline] RIP: 0010:do_raw_spin_unlock+0x3d/0x230 kernel/locking/spinlock_debug.c:138 Code: 83 c7 04 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 bc 01 00 00 81 7d 04 ad 4e ad de <0f> 85 74 01 00 00 be 04 00 00 00 48 89 ef e8 c0 47 5d 00 48 89 ea RSP: 0018:ffffc9000115f9e8 EFLAGS: 00000246 RAX: 0000000000000007 RBX: ffff88802f11bd98 RCX: ffffc9000115f990 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888142654f54 RBP: ffff888142654f50 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 00000000000000fe R13: 0000000000000000 R14: dffffc0000000000 R15: 00000000000000fe __raw_spin_unlock include/linux/spinlock_api_smp.h:151 [inline] _raw_spin_unlock+0x1a/0x40 kernel/locking/spinlock.c:183 spin_unlock include/linux/spinlock.h:394 [inline] __find_get_block_slow fs/buffer.c:238 [inline] __find_get_block fs/buffer.c:1328 [inline] __find_get_block+0x708/0xd30 fs/buffer.c:1322 __getblk_gfp fs/buffer.c:1350 [inline] __bread_gfp+0x29/0x3c0 fs/buffer.c:1399 sb_bread include/linux/buffer_head.h:301 [inline] fat__get_entry+0x529/0x930 fs/fat/dir.c:100 fat_get_entry fs/fat/dir.c:128 [inline] __fat_readdir+0x33f/0x14c0 fs/fat/dir.c:590 iterate_dir+0x4eb/0x660 fs/readdir.c:65 __do_sys_getdents fs/readdir.c:283 [inline] __se_sys_getdents fs/readdir.c:268 [inline] __x64_sys_getdents+0x13a/0x2b0 fs/readdir.c:268 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x466459 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f9adcb36188 EFLAGS: 00000246 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 RDX: 000000000000005e RSI: 0000000020000000 RDI: 0000000000000004 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffdcfa52fdf R14: 00007f9adcb36300 R15: 0000000000022000 NMI backtrace for cpu 0 CPU: 0 PID: 9873 Comm: syz-executor.2 Not tainted 5.12.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline] rcu_dump_cpu_stacks+0x222/0x2a7 kernel/rcu/tree_stall.h:341 print_cpu_stall kernel/rcu/tree_stall.h:622 [inline] check_cpu_stall kernel/rcu/tree_stall.h:697 [inline] rcu_pending kernel/rcu/tree.c:3830 [inline] rcu_sched_clock_irq.cold+0x4f7/0x11dd kernel/rcu/tree.c:2650 update_process_times+0x16d/0x200 kernel/time/timer.c:1796 tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:226 tick_sched_timer+0x1b0/0x2d0 kernel/time/tick-sched.c:1369 __run_hrtimer kernel/time/hrtimer.c:1537 [inline] __hrtimer_run_queues+0x1c0/0xe40 kernel/time/hrtimer.c:1601 hrtimer_interrupt+0x330/0xa00 kernel/time/hrtimer.c:1663 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1089 [inline] __sysvec_apic_timer_interrupt+0x146/0x540 arch/x86/kernel/apic/apic.c:1106 sysvec_apic_timer_interrupt+0x40/0xc0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632 RIP: 0010:deref_stack_reg+0x20/0x150 arch/x86/kernel/unwind_orc.c:351 Code: 85 00 48 8b 0c 24 eb 9d 66 90 48 b8 00 00 00 00 00 fc ff df 41 55 41 54 49 89 fc 55 48 89 f5 53 48 89 d3 48 89 fa 48 c1 ea 03 <48> 83 ec 08 0f b6 04 02 84 c0 74 08 3c 03 0f 8e d7 00 00 00 41 8b RSP: 0018:ffffc90000007660 EFLAGS: 00000212 RAX: dffffc0000000000 RBX: ffffc900000077a0 RCX: 0000000000000000 RDX: 1ffff92000000eec RSI: ffffc9000114fc98 RDI: ffffc90000007760 RBP: ffffc9000114fc98 R08: ffffffff8e3d0342 R09: 0000000000000001 R10: fffff52000000ef7 R11: 0000000000084087 R12: ffffc90000007760 R13: ffffc90000007795 R14: ffffc90000007760 R15: ffffc90000007794 unwind_next_frame+0x13e0/0x1ce0 arch/x86/kernel/unwind_orc.c:587 arch_stack_walk+0x7d/0xe0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:427 [inline] __kasan_slab_alloc+0x75/0x90 mm/kasan/common.c:460 kasan_slab_alloc include/linux/kasan.h:223 [inline] slab_post_alloc_hook mm/slab.h:516 [inline] slab_alloc_node mm/slub.c:2907 [inline] kmem_cache_alloc_node+0x164/0x3b0 mm/slub.c:2943 __alloc_skb+0x20b/0x340 net/core/skbuff.c:412 __netdev_alloc_skb+0x70/0x400 net/core/skbuff.c:491 netdev_alloc_skb include/linux/skbuff.h:2864 [inline] dev_alloc_skb include/linux/skbuff.h:2877 [inline] __ieee80211_beacon_get+0xebe/0x1aa0 net/mac80211/tx.c:4814 ieee80211_beacon_get_tim+0x88/0x910 net/mac80211/tx.c:4928 ieee80211_beacon_get include/net/mac80211.h:4934 [inline] mac80211_hwsim_beacon_tx+0x111/0x910 drivers/net/wireless/mac80211_hwsim.c:1799 __iterate_interfaces+0x1e5/0x520 net/mac80211/util.c:793 ieee80211_iterate_active_interfaces_atomic+0x8d/0x170 net/mac80211/util.c:829 mac80211_hwsim_beacon+0xd5/0x1a0 drivers/net/wireless/mac80211_hwsim.c:1852 __run_hrtimer kernel/time/hrtimer.c:1537 [inline] __hrtimer_run_queues+0x609/0xe40 kernel/time/hrtimer.c:1601 hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1618 __do_softirq+0x29b/0x9f6 kernel/softirq.c:345 invoke_softirq kernel/softirq.c:221 [inline] __irq_exit_rcu kernel/softirq.c:422 [inline] irq_exit_rcu+0x134/0x200 kernel/softirq.c:434 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632 RIP: 0010:preempt_schedule_irq+0x49/0x90 kernel/sched/core.c:5530 Code: 55 53 65 48 8b 1c 25 00 f0 01 00 48 89 dd 48 c1 ed 03 48 01 c5 bf 01 00 00 00 e8 72 e2 49 f8 e8 3d 8c 75 f8 fb bf 01 00 00 00 c2 d0 ff ff 9c 58 fa f6 c4 02 75 27 bf 01 00 00 00 e8 b0 d0 49 RSP: 0018:ffffc9000114f9f8 EFLAGS: 00000206 RAX: 0000000000d58e7b RBX: ffff88807d233880 RCX: 1ffffffff1b89bc9 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 RBP: ffffed100fa46710 R08: 0000000000000001 R09: 0000000000000001 R10: ffffffff8179e058 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 irqentry_exit_cond_resched kernel/entry/common.c:392 [inline] irqentry_exit_cond_resched kernel/entry/common.c:384 [inline] irqentry_exit+0x7a/0xa0 kernel/entry/common.c:428 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632 RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:85 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:102 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:177 [inline] RIP: 0010:kasan_check_range+0xde/0x180 mm/kasan/generic.c:186 Code: 74 f2 48 89 c2 b8 01 00 00 00 48 85 d2 75 56 5b 5d 41 5c c3 48 85 d2 74 5e 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 50 80 38 00 <74> f2 eb d4 41 bc 08 00 00 00 48 89 ea 45 29 dc 4d 8d 1c 2c eb 0c RSP: 0018:ffffc9000114fac0 EFLAGS: 00000246 RAX: ffffed1002283421 RBX: ffffed1002283422 RCX: ffffffff81c363a3 RDX: ffffed1002283422 RSI: 0000000000000004 RDI: ffff88801141a10c RBP: ffffed1002283421 R08: 0000000000000001 R09: ffff88801141a10f R10: ffffed1002283421 R11: 1ffffffff17ef931 R12: ffff88801141a000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002 instrument_atomic_read_write include/linux/instrumented.h:101 [inline] atomic_add_unless include/asm-generic/atomic-instrumented.h:788 [inline] deactivate_super+0x23/0xd0 fs/super.c:364 cleanup_mnt+0x3a3/0x530 fs/namespace.c:1136 task_work_run+0xdd/0x1a0 kernel/task_work.c:140 exit_task_work include/linux/task_work.h:30 [inline] do_exit+0xbfc/0x2a60 kernel/exit.c:825 do_group_exit+0x125/0x310 kernel/exit.c:922 get_signal+0x47f/0x2150 kernel/signal.c:2781 arch_do_signal_or_restart+0x2a8/0x1eb0 arch/x86/kernel/signal.c:789 handle_signal_work kernel/entry/common.c:147 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x148/0x250 kernel/entry/common.c:208 irqentry_exit_to_user_mode+0x5/0x40 kernel/entry/common.c:314 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632 RIP: 0033:0x40db6c Code: Unable to access opcode bytes at RIP 0x40db42. RSP: 002b:00007fa0d188c220 EFLAGS: 00000207 RAX: 0000000000000001 RBX: 000000000056bf68 RCX: 0000000000466459 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000056bf6c RBP: 000000000056bf60 R08: 000000000000000e R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf6c R13: 00007ffc265ab59f R14: 00007fa0d188c300 R15: 0000000000022000