ci starts bisection 2022-12-26 12:20:05.180446243 +0000 UTC m=+312413.503628411
bisecting fixing commit since 7ebfc85e2cd7b08f518b526173e9a33b56b3913b
building syzkaller on 8dfcaa3d2828a113ae780da01f5f73ad64710e31
ensuring issue is reproducible on original commit 7ebfc85e2cd7b08f518b526173e9a33b56b3913b

testing commit 7ebfc85e2cd7b08f518b526173e9a33b56b3913b gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2b100b4b8874bf9dcd7ec70fe8f8b9b55498d6979b3396781f481751be0c2e9e
all runs: crashed: WARNING in __ieee80211_beacon_get
testing current HEAD 1b929c02afd37871d5afb9d498426f83432e71c2
testing commit 1b929c02afd37871d5afb9d498426f83432e71c2 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 52f0a2d12ed4a56aad707f7076772b7a7c5bfa6fc9de21baa823a2779c218ea3
all runs: crashed: WARNING in __ieee80211_beacon_get
revisions tested: 2, total time: 23m57.544102566s (build: 15m43.957422507s, test: 7m7.281366203s)
the crash still happens on HEAD
commit msg: Linux 6.2-rc1
crash: WARNING in __ieee80211_beacon_get
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5986 at net/mac80211/tx.c:4992 ieee80211_beacon_get_ap net/mac80211/tx.c:5247 [inline]
WARNING: CPU: 0 PID: 5986 at net/mac80211/tx.c:4992 __ieee80211_beacon_get+0x14ce/0x1990 net/mac80211/tx.c:5299
Modules linked in:
CPU: 0 PID: 5986 Comm: syz-executor.5 Not tainted 6.2.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:__ieee80211_beacon_update_cntdwn net/mac80211/tx.c:4992 [inline]
RIP: 0010:__ieee80211_beacon_get+0x14ce/0x1990 net/mac80211/tx.c:5311
Code: 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 44 29 cb 83 c0 01 38 d0 7c 08 84 d2 0f 85 2b 03 00 00 66 41 89 5e 08 e9 28 fc ff ff <0f> 0b e9 a6 f3 ff ff 4c 89 e6 48 c7 c7 80 f1 c5 8c e8 bc 4f b6 fb
RSP: 0018:ffffc90000007bf8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000004 RSI: ffffffff890beba0 RDI: ffff888028729824
RBP: ffff888029b666d0 R08: 0000000000000001 R09: ffffc90000007cb8
R10: fffff52000000f98 R11: 0000000000000001 R12: ffff888029b655a0
R13: ffff888029b66248 R14: ffffc90000007cb8 R15: ffff888028729800
FS:  00007f57de3fe700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f57de3fd0e8 CR3: 00000000274db000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 ieee80211_beacon_get_tim+0x87/0x3d0 net/mac80211/tx.c:5398
 ieee80211_beacon_get include/net/mac80211.h:5275 [inline]
 mac80211_hwsim_beacon_tx+0x165/0x940 drivers/net/wireless/mac80211_hwsim.c:2086
 __iterate_interfaces+0x101/0x370 net/mac80211/util.c:799
 ieee80211_iterate_active_interfaces_atomic+0x53/0xf0 net/mac80211/util.c:835
 mac80211_hwsim_beacon+0xdd/0x1f0 drivers/net/wireless/mac80211_hwsim.c:2142
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x56e/0xcc0 kernel/time/hrtimer.c:1749
 hrtimer_run_softirq+0x176/0x340 kernel/time/hrtimer.c:1766
 __do_softirq+0x1f7/0xad8 kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1107
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:lock_is_held_type+0xff/0x140 kernel/locking/lockdep.c:5716
Code: 00 00 b8 ff ff ff ff 65 0f c1 05 b4 b0 2d 77 83 f8 01 75 29 9c 58 f6 c4 02 75 3d 48 f7 04 24 00 02 00 00 74 01 fb 48 83 c4 08 <44> 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 45 31 ed eb b9 0f 0b 48
RSP: 0018:ffffc9000a3bfc50 EFLAGS: 00000296
RAX: 0000000000000046 RBX: 0000000000000001 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff890beba0 RDI: ffffffff89661920
RBP: ffffffff8b180120 R08: 0000000000000000 R09: ffffffff8cf262d7
R10: fffffbfff19e4c5a R11: 0000000000000000 R12: ffff888024623a00
R13: 0000000000000000 R14: 00000000ffffffff R15: ffff888024624438
 lock_is_held include/linux/lockdep.h:283 [inline]
 rcu_read_lock_sched_held+0x3a/0x70 kernel/rcu/update.c:125
 trace_lock_release include/trace/events/lock.h:69 [inline]
 lock_release+0x5cb/0x810 kernel/locking/lockdep.c:5679
 rcu_lock_release include/linux/rcupdate.h:330 [inline]
 rcu_read_unlock include/linux/rcupdate.h:797 [inline]
 get_mem_cgroup_from_objcg include/linux/memcontrol.h:520 [inline]
 memcg_slab_pre_alloc_hook mm/slab.h:503 [inline]
 slab_pre_alloc_hook mm/slab.h:725 [inline]
 slab_alloc_node mm/slub.c:3434 [inline]
 slab_alloc mm/slub.c:3460 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3467 [inline]
 kmem_cache_alloc_lru+0x10a/0x760 mm/slub.c:3483
 alloc_inode_sb include/linux/fs.h:3116 [inline]
 sock_alloc_inode+0x1a/0x1b0 net/socket.c:304
 alloc_inode+0x56/0x1e0 fs/inode.c:259
 new_inode_pseudo+0x8/0x60 fs/inode.c:1018
 sock_alloc+0x37/0x250 net/socket.c:627
 __sock_create+0x77/0x590 net/socket.c:1479
 sock_create net/socket.c:1566 [inline]
 __sys_socket_create net/socket.c:1603 [inline]
 __sys_socket_create net/socket.c:1588 [inline]
 __sys_socket+0x10f/0x1c0 net/socket.c:1636
 __do_sys_socket net/socket.c:1649 [inline]
 __se_sys_socket net/socket.c:1647 [inline]
 __x64_sys_socket+0x6a/0xb0 net/socket.c:1647
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f57dec8a8f7
Code: f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f57de3fd0d8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 00007f57ded9c050 RCX: 00007f57dec8a8f7
RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
RBP: 00007f57dece3189 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000200014c0 R11: 0000000000000286 R12: 00000000ffffffff
R13: 00007ffffa38751f R14: 00007f57de3fe300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
   7:	65 0f c1 05 b4 b0 2d 	xadd   %eax,%gs:0x772db0b4(%rip)        # 0x772db0c3
   e:	77
   f:	83 f8 01             	cmp    $0x1,%eax
  12:	75 29                	jne    0x3d
  14:	9c                   	pushfq
  15:	58                   	pop    %rax
  16:	f6 c4 02             	test   $0x2,%ah
  19:	75 3d                	jne    0x58
  1b:	48 f7 04 24 00 02 00 	testq  $0x200,(%rsp)
  22:	00
  23:	74 01                	je     0x26
  25:	fb                   	sti
  26:	48 83 c4 08          	add    $0x8,%rsp
* 2a:	44 89 e8             	mov    %r13d,%eax <-- trapping instruction
  2d:	5b                   	pop    %rbx
  2e:	5d                   	pop    %rbp
  2f:	41 5c                	pop    %r12
  31:	41 5d                	pop    %r13
  33:	41 5e                	pop    %r14
  35:	41 5f                	pop    %r15
  37:	c3                   	retq
  38:	45 31 ed             	xor    %r13d,%r13d
  3b:	eb b9                	jmp    0xfffffff6
  3d:	0f 0b                	ud2
  3f:	48                   	rex.W