------------[ cut here ]------------ WARNING: CPU: 0 PID: 6261 at kernel/rcu/tree_plugin.h:442 __rcu_read_unlock+0x94/0x110 kernel/rcu/tree_plugin.h:442 Modules linked in: CPU: 0 UID: 0 PID: 6261 Comm: syz.2.141 Not tainted 6.11.0-rc4-next-20240822-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:__rcu_read_unlock+0x94/0x110 kernel/rcu/tree_plugin.h:442 Code: 41 83 3f 00 75 29 42 0f b6 04 23 84 c0 75 62 41 8b 45 00 3d 00 00 00 40 73 0f 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 <0f> 0b 90 eb eb 4c 89 f7 e8 7f 00 00 00 eb cd 44 89 e9 80 e1 07 80 RSP: 0018:fffffe000000cdb8 EFLAGS: 00010086 RAX: 00000000ffffffff RBX: 1ffff1100e6f4808 RCX: ffffffff817033b0 RDX: 0000000000000000 RSI: ffffffff8c609f00 RDI: ffffffff8c609ec0 RBP: 00000000ffffffff R08: ffffffff901c12ef R09: 1ffffffff203825d R10: dffffc0000000000 R11: fffffbfff203825e R12: dffffc0000000000 R13: ffff8880737a4044 R14: ffff8880737a3c00 R15: fffffe000000ce60 FS: 00007f728b6c76c0(0000) GS:ffff8880b9000000(0000) knlGS:ffff8880b9000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc90004c5fff8 CR3: 000000005fbbc000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <#DF> rcu_read_unlock include/linux/rcupdate.h:882 [inline] atomic_notifier_call_chain+0x16b/0x180 kernel/notifier.c:232 notify_die+0x1be/0x240 kernel/notifier.c:596 exc_double_fault+0x12b/0x1b0 arch/x86/kernel/traps.c:468 asm_exc_double_fault+0x23/0x30 arch/x86/include/asm/idtentry.h:668 RIP: 0010:error_entry+0xd/0x140 arch/x86/entry/entry_64.S:1007 Code: fd ff ff 85 db 0f 85 8e fd ff ff 0f 01 f8 e9 86 fd ff ff 66 2e 0f 1f 84 00 00 00 00 00 56 48 8b 74 24 08 48 89 7c 24 08 52 51 <50> 41 50 41 51 41 52 41 53 53 55 41 54 41 55 41 56 41 57 56 31 f6 RSP: 0018:ffffc90004c60000 EFLAGS: 00010092 RAX: ffffc90004c600b8 RBX: ffffc90004c600b8 RCX: ffffffff8be0176a RDX: 0000000000000000 RSI: ffffffff8be0128d RDI: ffffc90004c600b8 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 irq event stamp: 1666 hardirqs last enabled at (1665): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline] hardirqs last enabled at (1665): [] _raw_spin_unlock_irq+0x23/0x50 kernel/locking/spinlock.c:202 hardirqs last disabled at (1666): [] __schedule+0x335/0x4b30 kernel/sched/core.c:6567 softirqs last enabled at (1568): [] __do_softirq kernel/softirq.c:588 [inline] softirqs last enabled at (1568): [] invoke_softirq kernel/softirq.c:428 [inline] softirqs last enabled at (1568): [] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 softirqs last disabled at (1439): [] __do_softirq kernel/softirq.c:588 [inline] softirqs last disabled at (1439): [] invoke_softirq kernel/softirq.c:428 [inline] softirqs last disabled at (1439): [] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 ---[ end trace 0000000000000000 ]--- BUG: TASK stack guard page was hit at ffffc90004c5fff8 (stack is ffffc90004c60000..ffffc90004c68000) Oops: stack guard page: 0000 [#2] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 6261 Comm: syz.2.141 Tainted: G D W 6.11.0-rc4-next-20240822-syzkaller #0 Tainted: [D]=DIE, [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:error_entry+0xd/0x140 arch/x86/entry/entry_64.S:1007 Code: fd ff ff 85 db 0f 85 8e fd ff ff 0f 01 f8 e9 86 fd ff ff 66 2e 0f 1f 84 00 00 00 00 00 56 48 8b 74 24 08 48 89 7c 24 08 52 51 <50> 41 50 41 51 41 52 41 53 53 55 41 54 41 55 41 56 41 57 56 31 f6 RSP: 0018:ffffc90004c60000 EFLAGS: 00010092 RAX: ffffc90004c600b8 RBX: ffffc90004c600b8 RCX: ffffffff8be0176a RDX: 0000000000000000 RSI: ffffffff8be0128d RDI: ffffc90004c600b8 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f728b6c76c0(0000) GS:ffff8880b9000000(0000) knlGS:ffff8880b9000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc90004c5fff8 CR3: 000000005fbbc000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <#DF> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:error_entry+0xb/0x140 arch/x86/entry/entry_64.S:1007 Code: e9 96 fd ff ff 85 db 0f 85 8e fd ff ff 0f 01 f8 e9 86 fd ff ff 66 2e 0f 1f 84 00 00 00 00 00 56 48 8b 74 24 08 48 89 7c 24 08 <52> 51 50 41 50 41 51 41 52 41 53 53 55 41 54 41 55 41 56 41 57 56 RSP: 0018:ffffc90004c60000 EFLAGS: 00010096 RAX: ffffc90004c600a8 RBX: ffffc90004c600a8 RCX: ffffffff8be0176a RDX: 0000000000000000 RSI: ffffffff8be0128d RDI: ffffc90004c600a8 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f728b6c76c0(0000) GS:ffff8880b9000000(0000) knlGS:ffff8880b9000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc90004c5fff8 CR3: 000000005fbbc000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 3 bytes skipped: 0: 85 db test %ebx,%ebx 2: 0f 85 8e fd ff ff jne 0xfffffd96 8: 0f 01 f8 swapgs b: e9 86 fd ff ff jmp 0xfffffd96 10: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 17: 00 00 00 1a: 56 push %rsi 1b: 48 8b 74 24 08 mov 0x8(%rsp),%rsi 20: 48 89 7c 24 08 mov %rdi,0x8(%rsp) 25: 52 push %rdx 26: 51 push %rcx * 27: 50 push %rax <-- trapping instruction 28: 41 50 push %r8 2a: 41 51 push %r9 2c: 41 52 push %r10 2e: 41 53 push %r11 30: 53 push %rbx 31: 55 push %rbp 32: 41 54 push %r12 34: 41 55 push %r13 36: 41 56 push %r14 38: 41 57 push %r15 3a: 56 push %rsi 3b: 31 f6 xor %esi,%esi