bisecting cause commit starting from 7b6ae471e5415bc2bf4384a83ccb4c21de7824c0 building syzkaller on 29c3f20f99b6befe0395fe8e474b1e24240cac95 testing commit 7b6ae471e5415bc2bf4384a83ccb4c21de7824c0 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: fee7c686ec8ca778ee736c50e14e5674227bf77a3808fab0b41ee84fcdda16f5 run #0: crashed: INFO: rcu detected stall in ipv6_rcv run #1: crashed: INFO: rcu detected stall in smp_call_function run #2: crashed: INFO: rcu detected stall in __hrtimer_run_queues run #3: crashed: INFO: rcu detected stall in smp_call_function run #4: crashed: INFO: rcu detected stall in smp_call_function run #5: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #6: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #7: crashed: INFO: rcu detected stall in smp_call_function run #8: crashed: INFO: rcu detected stall in neigh_periodic_work run #9: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #10: crashed: INFO: rcu detected stall in addrconf_rs_timer run #11: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #12: crashed: INFO: rcu detected stall in addrconf_rs_timer run #13: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #14: crashed: INFO: rcu detected stall in ieee80211_iface_work run #15: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #16: crashed: INFO: rcu detected stall in __hrtimer_run_queues run #17: crashed: INFO: rcu detected stall in smp_call_function run #18: crashed: INFO: rcu detected stall in ieee80211_iface_work run #19: crashed: INFO: rcu detected stall in addrconf_rs_timer testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 160dd584d3041427002e5e881f98280ae9aebc819a2fa29b4bade4d15820e761 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #2: crashed: INFO: rcu detected stall in ieee80211_iface_work run #3: crashed: INFO: rcu detected stall in smp_call_function run #4: crashed: INFO: rcu detected stall in smp_call_function run #5: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #6: crashed: INFO: rcu detected stall in smp_call_function run #7: crashed: INFO: rcu detected stall in smp_call_function run #8: crashed: BUG: soft lockup in smp_call_function run #9: crashed: BUG: soft lockup in smp_call_function testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b8cac70814a5fdbac7dbdd38e4214f03832ce2c4fc4b950864fc4c971afa2790 run #0: crashed: INFO: rcu detected stall in addrconf_rs_timer run #1: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #2: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #3: crashed: BUG: workqueue lockup run #4: crashed: INFO: rcu detected stall in addrconf_rs_timer run #5: crashed: INFO: rcu detected stall in smp_call_function run #6: crashed: BUG: soft lockup in mac80211_hwsim_beacon run #7: crashed: INFO: rcu detected stall in khugepaged run #8: crashed: BUG: workqueue lockup run #9: crashed: no output from test machine testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: f1d0cb916adcced6b6c9b2da961ed8830a0d6725dbc70234a7a33626cd76aafe run #0: crashed: INFO: rcu detected stall in do_idle run #1: crashed: INFO: rcu detected stall in do_idle run #2: crashed: INFO: rcu detected stall in batadv_iv_send_outstanding_bat_ogm_packet run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in ieee80211_iface_work run #5: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: BUG: soft lockup in addrconf_rs_timer run #8: crashed: INFO: rcu detected stall in ieee80211_iface_work run #9: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 2a15a524b9eccf3c507e1d167d1c435a69c6d207f31bdd5162bf857cc86a1af3 run #0: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #1: crashed: INFO: rcu detected stall in do_idle run #2: crashed: INFO: rcu detected stall in addrconf_rs_timer run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in do_idle run #5: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #6: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #7: crashed: BUG: soft lockup in mac80211_hwsim_beacon run #8: crashed: BUG: soft lockup in mac80211_hwsim_beacon run #9: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: fd0a4e27ddcd396e6415d61f52a4ec85945b9492ec87a9a09a1dc277dacafb15 run #0: crashed: general protection fault in taprio_dequeue_soft run #1: crashed: general protection fault in taprio_dequeue_soft run #2: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #3: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #4: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #5: crashed: INFO: rcu detected stall in __hrtimer_run_queues run #6: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in addrconf_rs_timer run #9: crashed: INFO: task hung in corrupted testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: ecc34ef178adc7c0ca647a2fd494eeee0344ca866c6a5ab62d83419013222c3a all runs: OK # git bisect start bbf5c979011a099af5dc76498918ed7df445635b bcf876870b95592b52519ed4aafcf9d95999bc9c Bisecting: 7841 revisions left to test after this (roughly 13 steps) [47ec5303d73ea344e84f46660fff693c57641386] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 47ec5303d73ea344e84f46660fff693c57641386 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 12d990615ceeafa03fe2d2b1505afa233ba23b8ad2af246d55fc355172232856 all runs: OK # git bisect good 47ec5303d73ea344e84f46660fff693c57641386 Bisecting: 3921 revisions left to test after this (roughly 12 steps) [97d052ea3fa853b9aabcc4baca1a605cb1188611] Merge tag 'locking-urgent-2020-08-10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 97d052ea3fa853b9aabcc4baca1a605cb1188611 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: d7b921c4adbcc80afe0a49a6a9514661ba8326d250067ffd4c152a243630b711 all runs: OK # git bisect good 97d052ea3fa853b9aabcc4baca1a605cb1188611 Bisecting: 1960 revisions left to test after this (roughly 11 steps) [df561f6688fef775baa341a0f5d960becd248b11] treewide: Use fallthrough pseudo-keyword testing commit df561f6688fef775baa341a0f5d960becd248b11 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: f144a83a688cc3f1f01e7eebb87c86ffa88f44d38bbc8d922e52e7f55a65c0d6 all runs: OK # git bisect good df561f6688fef775baa341a0f5d960becd248b11 Bisecting: 982 revisions left to test after this (roughly 10 steps) [e4c26faa426c17274884f759f708bc9ee22fd59a] Merge tag 'usb-5.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit e4c26faa426c17274884f759f708bc9ee22fd59a compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b5b78a4d0cabf3d69e78638ffd22e35d74e53bca2a95755cd0ac6b4d085de036 all runs: OK # git bisect good e4c26faa426c17274884f759f708bc9ee22fd59a Bisecting: 491 revisions left to test after this (roughly 9 steps) [135f4b9e9340dadb78e9737bb4eb9817b9c89dac] ice: fix memory leak if register_netdev_fails testing commit 135f4b9e9340dadb78e9737bb4eb9817b9c89dac compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 83abce47a2ea04a67ce4f36fc3758699525c6b34c2fb919a49db6d678ba1062f run #0: crashed: general protection fault in taprio_dequeue_soft run #1: crashed: general protection fault in taprio_dequeue_soft run #2: crashed: general protection fault in taprio_dequeue_soft run #3: crashed: general protection fault in taprio_dequeue_soft run #4: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #5: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #6: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #9: crashed: BUG: soft lockup in mac80211_hwsim_beacon # git bisect bad 135f4b9e9340dadb78e9737bb4eb9817b9c89dac Bisecting: 248 revisions left to test after this (roughly 8 steps) [a31128384dfd9ca11f15ef4ea73df25e394846d1] Merge tag 'libnvdimm-fixes-5.9-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm testing commit a31128384dfd9ca11f15ef4ea73df25e394846d1 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: d5a779c111ec6dc0305105216735dc775ac4de7f472311ba3254d8668e2d730d all runs: OK # git bisect good a31128384dfd9ca11f15ef4ea73df25e394846d1 Bisecting: 124 revisions left to test after this (roughly 7 steps) [5f6857e808a8bd078296575b417c4b9d160b9779] nfp: use correct define to return NONE fec testing commit 5f6857e808a8bd078296575b417c4b9d160b9779 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 75cc13672e275fc726a0cdbb9b207b7c250c81b60ebe222e701404501ea0ee45 run #0: crashed: general protection fault in taprio_dequeue_soft run #1: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #2: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in addrconf_rs_timer run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #7: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #8: crashed: INFO: task hung in corrupted run #9: crashed: INFO: rcu detected stall in addrconf_rs_timer # git bisect bad 5f6857e808a8bd078296575b417c4b9d160b9779 Bisecting: 61 revisions left to test after this (roughly 6 steps) [1be107de2ee4b3f0808e2071529364cf4d9a67b9] net: Correct the comment of dst_dev_put() testing commit 1be107de2ee4b3f0808e2071529364cf4d9a67b9 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 13a01d8b344571d44b61f84bfffccc50694063f8310786d22a761559ef28670b all runs: OK # git bisect good 1be107de2ee4b3f0808e2071529364cf4d9a67b9 Bisecting: 30 revisions left to test after this (roughly 5 steps) [ad7b27c9e64afce4ad69020329a3e89f6df4f382] Merge branch 'net-improve-vxlan-option-process-in-net_sched-and-lwtunnel' testing commit ad7b27c9e64afce4ad69020329a3e89f6df4f382 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b6a622ee62f073edc9c25ebeab772ad89d1f78045653609fa2b0198a98273964 run #0: crashed: INFO: rcu detected stall in smp_call_function run #1: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #2: crashed: INFO: rcu detected stall in ipv6_rcv run #3: crashed: INFO: task hung in rtnetlink_rcv_msg run #4: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #5: crashed: INFO: rcu detected stall in addrconf_rs_timer run #6: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #7: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #8: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #9: crashed: INFO: rcu detected stall in ieee80211_iface_work # git bisect bad ad7b27c9e64afce4ad69020329a3e89f6df4f382 Bisecting: 15 revisions left to test after this (roughly 4 steps) [53467ecb6f38d7cbd86359ff1c8958b8b568dc57] Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue testing commit 53467ecb6f38d7cbd86359ff1c8958b8b568dc57 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: fec9b211b56d436107ff4839b87e2cdb397f9f1d85b18f3d6a6c6a89f6657417 all runs: OK # git bisect good 53467ecb6f38d7cbd86359ff1c8958b8b568dc57 Bisecting: 7 revisions left to test after this (roughly 3 steps) [c582a7fea9dad4d309437d1a7e22e6d2cb380e2e] net: lantiq: Use napi_complete_done() testing commit c582a7fea9dad4d309437d1a7e22e6d2cb380e2e compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b2bf85b4ef027a236bd53a8d677e64d866872317753ef4813f13359469b341f8 run #0: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #3: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #4: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #5: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in addrconf_rs_timer run #8: crashed: INFO: rcu detected stall in ieee80211_tasklet_handler run #9: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon # git bisect bad c582a7fea9dad4d309437d1a7e22e6d2cb380e2e Bisecting: 3 revisions left to test after this (roughly 2 steps) [5760d9acbe9514eec68eb70821d6fa5764f57042] net: ethernet: ti: cpsw_new: fix suspend/resume testing commit 5760d9acbe9514eec68eb70821d6fa5764f57042 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: dfd9df5d9af10d00dc3450cdbaa85c59e312295a459f3dc539c509a314d2fb41 run #0: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #1: crashed: INFO: rcu detected stall in smp_call_function run #2: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #3: crashed: INFO: rcu detected stall in addrconf_rs_timer run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #6: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #7: crashed: INFO: rcu detected stall in neigh_periodic_work run #8: crashed: INFO: task hung in corrupted run #9: crashed: INFO: rcu detected stall in ieee80211_iface_work # git bisect bad 5760d9acbe9514eec68eb70821d6fa5764f57042 Bisecting: 1 revision left to test after this (roughly 1 step) [a1b80e0143a1b878f8e21d82fd55f3f46f0014be] hinic: fix rewaking txq after netif_tx_disable testing commit a1b80e0143a1b878f8e21d82fd55f3f46f0014be compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: dfd9df5d9af10d00dc3450cdbaa85c59e312295a459f3dc539c509a314d2fb41 run #0: crashed: INFO: rcu detected stall in ipv6_rcv run #1: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #2: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #3: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #4: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: BUG: soft lockup in mac80211_hwsim_beacon run #7: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #8: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #9: crashed: INFO: rcu detected stall in corrupted # git bisect bad a1b80e0143a1b878f8e21d82fd55f3f46f0014be Bisecting: 0 revisions left to test after this (roughly 0 steps) [b5b73b26b3ca34574124ed7ae9c5ba8391a7f176] taprio: Fix allowing too small intervals testing commit b5b73b26b3ca34574124ed7ae9c5ba8391a7f176 compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: dfd9df5d9af10d00dc3450cdbaa85c59e312295a459f3dc539c509a314d2fb41 run #0: crashed: INFO: rcu detected stall in ieee80211_iface_work run #1: crashed: INFO: rcu detected stall in ieee80211_iface_work run #2: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #3: crashed: INFO: rcu detected stall in addrconf_rs_timer run #4: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #5: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #6: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon run #9: crashed: INFO: rcu detected stall in addrconf_rs_timer # git bisect bad b5b73b26b3ca34574124ed7ae9c5ba8391a7f176 b5b73b26b3ca34574124ed7ae9c5ba8391a7f176 is the first bad commit commit b5b73b26b3ca34574124ed7ae9c5ba8391a7f176 Author: Vinicius Costa Gomes Date: Wed Sep 9 17:03:11 2020 -0700 taprio: Fix allowing too small intervals It's possible that the user specifies an interval that couldn't allow any packet to be transmitted. This also avoids the issue of the hrtimer handler starving the other threads because it's running too often. The solution is to reject interval sizes that according to the current link speed wouldn't allow any packet to be transmitted. Reported-by: syzbot+8267241609ae8c23b248@syzkaller.appspotmail.com Fixes: 5a781ccbd19e ("tc: Add support for configuring the taprio scheduler") Signed-off-by: Vinicius Costa Gomes Signed-off-by: David S. Miller net/sched/sch_taprio.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) culprit signature: dfd9df5d9af10d00dc3450cdbaa85c59e312295a459f3dc539c509a314d2fb41 parent signature: fec9b211b56d436107ff4839b87e2cdb397f9f1d85b18f3d6a6c6a89f6657417 revisions tested: 21, total time: 5h26m36.040020221s (build: 2h17m43.039787238s, test: 3h6m9.228632575s) first bad commit: b5b73b26b3ca34574124ed7ae9c5ba8391a7f176 taprio: Fix allowing too small intervals recipients (to): ["davem@davemloft.net" "davem@davemloft.net" "jhs@mojatatu.com" "jiri@resnulli.us" "kuba@kernel.org" "netdev@vger.kernel.org" "vinicius.gomes@intel.com" "xiyou.wangcong@gmail.com"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: INFO: rcu detected stall in addrconf_rs_timer rcu: INFO: rcu_preempt self-detected stall on CPU rcu: 1-...!: (3 ticks this GP) idle=b36/1/0x4000000000000000 softirq=12899/12899 fqs=0 (t=11509 jiffies g=12093 q=1213) rcu: rcu_preempt kthread starved for 11509 jiffies! g12093 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_preempt state:I stack:28872 pid: 11 ppid: 2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0xaf7/0x2030 kernel/sched/core.c:4527 schedule+0xc4/0x2b0 kernel/sched/core.c:4602 schedule_timeout+0x399/0x850 kernel/time/timer.c:1879 rcu_gp_fqs_loop kernel/rcu/tree.c:1888 [inline] rcu_gp_kthread+0xd5e/0x1e50 kernel/rcu/tree.c:2058 kthread+0x36b/0x440 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 10 Comm: ksoftirqd/0 Not tainted 5.9.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:kasan_mem_to_shadow include/linux/kasan.h:29 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:135 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:165 [inline] RIP: 0010:check_memory_region_inline mm/kasan/generic.c:183 [inline] RIP: 0010:check_memory_region+0x36/0x1e0 mm/kasan/generic.c:192 Code: 41 54 0f b6 d2 49 01 f2 55 53 0f 82 a0 01 00 00 48 b8 ff ff ff ff ff 7f ff ff 48 39 c7 0f 86 8d 01 00 00 49 83 ea 01 49 89 f8 <49> b9 00 00 00 00 00 fc ff df 4d 89 d3 49 c1 e8 03 49 c1 eb 03 4d RSP: 0018:ffffc90000007c78 EFLAGS: 00000092 RAX: ffff7fffffffffff RBX: 1ffff92000000f96 RCX: ffffffff815227b6 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8cb9cc48 RBP: 0000000000000000 R08: ffffffff8cb9cc48 R09: ffffed10159cb032 R10: ffffffff8cb9cc4f R11: ffffed10159cb031 R12: ffffffff8a717380 R13: ffffffff86cec2db R14: ffff8880ace582e8 R15: ffff88807fe39c00 FS: 0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005629531a0a78 CR3: 00000000b0607000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: instrument_atomic_read include/linux/instrumented.h:56 [inline] test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline] cpumask_test_cpu include/linux/cpumask.h:367 [inline] trace_lock_release include/trace/events/lock.h:58 [inline] lock_release+0xa6/0x740 kernel/locking/lockdep.c:5017 rcu_lock_release include/linux/rcupdate.h:246 [inline] rcu_read_unlock include/linux/rcupdate.h:688 [inline] advance_sched+0x3e3/0x810 net/sched/sch_taprio.c:754 __run_hrtimer kernel/time/hrtimer.c:1524 [inline] __hrtimer_run_queues+0x1da/0xaf0 kernel/time/hrtimer.c:1588 hrtimer_interrupt+0x314/0x800 kernel/time/hrtimer.c:1650 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline] __sysvec_apic_timer_interrupt+0x174/0x650 arch/x86/kernel/apic/apic.c:1097 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] sysvec_apic_timer_interrupt+0xb2/0xd0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 RIP: 0010:kvm_wait arch/x86/kernel/kvm.c:833 [inline] RIP: 0010:kvm_wait+0xa7/0xc0 arch/x86/kernel/kvm.c:810 Code: 02 48 89 da 83 e2 07 38 d0 7f 04 84 c0 75 22 0f b6 03 40 38 c5 75 13 e8 e7 b8 43 00 e9 07 00 00 00 0f 00 2d fb f7 7b 07 fb f4 d4 b8 43 00 eb ae 48 89 df e8 6a 1a 78 00 eb d4 e8 63 1a 78 00 RSP: 0018:ffffc90000d0ec40 EFLAGS: 00000206 RAX: 0000000000090dcc RBX: ffffffff8f5f1fa0 RCX: 1ffffffff1cfb20e RDX: 0000000000000000 RSI: ffffffff88aab480 RDI: ffffffff88fc82c0 RBP: 0000000000000003 R08: 0000000000000001 R09: fffffbfff1cf6ce8 R10: ffffffff8e7b673f R11: fffffbfff1cf6ce7 R12: 0000000000000246 R13: fffffbfff1ebe3f4 R14: 0000000000000001 R15: ffff8880b9e518c0 pv_wait arch/x86/include/asm/paravirt.h:666 [inline] pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:470 [inline] __pv_queued_spin_lock_slowpath+0x979/0xc60 kernel/locking/qspinlock.c:508 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:656 [inline] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline] queued_spin_lock include/asm-generic/qspinlock.h:85 [inline] do_raw_spin_lock+0x208/0x2e0 kernel/locking/spinlock_debug.c:113 spin_lock include/linux/spinlock.h:354 [inline] mac80211_hwsim_tx_frame_no_nl+0x5b9/0x1010 drivers/net/wireless/mac80211_hwsim.c:1397 mac80211_hwsim_tx+0x447/0x10b0 drivers/net/wireless/mac80211_hwsim.c:1546 drv_tx net/mac80211/driver-ops.h:35 [inline] ieee80211_tx_frags+0x4e0/0x9f0 net/mac80211/tx.c:1694 __ieee80211_tx+0x162/0x6a0 net/mac80211/tx.c:1750 ieee80211_tx+0x265/0x370 net/mac80211/tx.c:1933 __ieee80211_subif_start_xmit+0x6f9/0xc30 net/mac80211/tx.c:4008 ieee80211_subif_start_xmit+0xda/0xd00 net/mac80211/tx.c:4144 __netdev_start_xmit include/linux/netdevice.h:4636 [inline] netdev_start_xmit include/linux/netdevice.h:4650 [inline] xmit_one net/core/dev.c:3561 [inline] dev_hard_start_xmit+0x156/0x750 net/core/dev.c:3577 sch_direct_xmit+0x234/0x1150 net/sched/sch_generic.c:313 qdisc_restart net/sched/sch_generic.c:376 [inline] __qdisc_run+0x3db/0x16e0 net/sched/sch_generic.c:384 qdisc_run include/net/pkt_sched.h:134 [inline] qdisc_run include/net/pkt_sched.h:126 [inline] __dev_xmit_skb net/core/dev.c:3752 [inline] __dev_queue_xmit+0x19a5/0x2a10 net/core/dev.c:4105 neigh_hh_output include/net/neighbour.h:498 [inline] neigh_output include/net/neighbour.h:507 [inline] ip6_finish_output2+0xd96/0x2050 net/ipv6/ip6_output.c:117 NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip6_output+0x200/0x720 net/ipv6/ip6_output.c:176 dst_output include/net/dst.h:443 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ndisc_send_skb+0xcad/0x12f0 net/ipv6/ndisc.c:506 addrconf_rs_timer+0x253/0x650 net/ipv6/addrconf.c:3873 call_timer_fn+0x16f/0x5b0 kernel/time/timer.c:1413 expire_timers kernel/time/timer.c:1458 [inline] __run_timers kernel/time/timer.c:1755 [inline] run_timer_softirq+0x589/0x1170 kernel/time/timer.c:1768 __do_softirq+0x1d5/0xa45 kernel/softirq.c:298 run_ksoftirqd kernel/softirq.c:652 [inline] run_ksoftirqd+0x2d/0x50 kernel/softirq.c:644 smpboot_thread_fn+0x51e/0x880 kernel/smpboot.c:165 kthread+0x36b/0x440 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 NMI backtrace for cpu 1 CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.9.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x99/0xd0 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.7+0x2e/0x33 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x136/0x14d lib/nmi_backtrace.c:62 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline] rcu_dump_cpu_stacks+0x232/0x280 kernel/rcu/tree_stall.h:318 print_cpu_stall kernel/rcu/tree_stall.h:551 [inline] check_cpu_stall kernel/rcu/tree_stall.h:625 [inline] rcu_pending kernel/rcu/tree.c:3637 [inline] rcu_sched_clock_irq.cold.105+0x56d/0xfeb kernel/rcu/tree.c:2519 update_process_times+0x1f/0x80 kernel/time/timer.c:1710 tick_sched_handle+0x6f/0x130 kernel/time/tick-sched.c:176 tick_sched_timer+0xd0/0x100 kernel/time/tick-sched.c:1328 __run_hrtimer kernel/time/hrtimer.c:1524 [inline] __hrtimer_run_queues+0x45a/0xaf0 kernel/time/hrtimer.c:1588 hrtimer_interrupt+0x314/0x800 kernel/time/hrtimer.c:1650 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline] __sysvec_apic_timer_interrupt+0x174/0x650 arch/x86/kernel/apic/apic.c:1097 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] sysvec_apic_timer_interrupt+0xb2/0xd0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 RIP: 0010:unwind_next_frame+0x1346/0x1ca0 arch/x86/kernel/unwind_orc.c:614 Code: 49 8b 47 10 77 24 48 39 e8 76 1f 48 8d 55 08 49 39 d4 0f 92 c1 48 39 d0 0f 93 c0 84 c1 74 0b 48 3b 6c 24 10 0f 86 d7 01 00 00 01 00 00 00 e8 b0 e6 19 00 b8 01 00 00 00 65 8b 15 d4 85 d5 7e RSP: 0018:ffffc90000d7f3b0 EFLAGS: 00000202 RAX: ffffc90000d80001 RBX: 1ffff920001afe80 RCX: 1ffff920001afe01 RDX: ffffc90000d7f910 RSI: ffffc90000d7f8d8 RDI: ffffc90000d7f4e8 RBP: ffffc90000d7f908 R08: ffffffff8d9e85f0 R09: 0000000000000001 R10: 0000000000078022 R11: 000000000013c47a R12: ffffc90000d78000 R13: ffffc90000d7f50d R14: ffffc90000d7f510 R15: ffffc90000d7f4d8 arch_stack_walk+0x84/0xf0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x85/0xb0 kernel/stacktrace.c:123 kasan_save_stack+0x19/0x40 mm/kasan/common.c:48 kasan_set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc mm/kasan/common.c:461 [inline] __kasan_kmalloc.constprop.15+0xbe/0xd0 mm/kasan/common.c:434 slab_post_alloc_hook mm/slab.h:518 [inline] slab_alloc_node mm/slab.c:3254 [inline] kmem_cache_alloc_node_trace+0x128/0xab0 mm/slab.c:3592 __do_kmalloc_node mm/slab.c:3614 [inline] __kmalloc_node_track_caller+0x35/0x60 mm/slab.c:3629 __kmalloc_reserve.isra.15+0x29/0xa0 net/core/skbuff.c:142 __alloc_skb+0xbd/0x520 net/core/skbuff.c:210 skb_copy+0x109/0x2d0 net/core/skbuff.c:1514 mac80211_hwsim_tx_frame_no_nl+0x966/0x1010 drivers/net/wireless/mac80211_hwsim.c:1446 mac80211_hwsim_tx_frame drivers/net/wireless/mac80211_hwsim.c:1654 [inline] mac80211_hwsim_tx_frame+0xfc/0x180 drivers/net/wireless/mac80211_hwsim.c:1635 mac80211_hwsim_beacon_tx+0x3d1/0x720 drivers/net/wireless/mac80211_hwsim.c:1694 __iterate_interfaces+0xe4/0x390 net/mac80211/util.c:737 ieee80211_iterate_active_interfaces_atomic+0x72/0x110 net/mac80211/util.c:773 mac80211_hwsim_beacon+0xc5/0x190 drivers/net/wireless/mac80211_hwsim.c:1717 __run_hrtimer kernel/time/hrtimer.c:1524 [inline] __hrtimer_run_queues+0x1da/0xaf0 kernel/time/hrtimer.c:1588 hrtimer_run_softirq+0x196/0x2b0 kernel/time/hrtimer.c:1605 __do_softirq+0x1d5/0xa45 kernel/softirq.c:298 run_ksoftirqd kernel/softirq.c:652 [inline] run_ksoftirqd+0x2d/0x50 kernel/softirq.c:644 smpboot_thread_fn+0x51e/0x880 kernel/smpboot.c:165 kthread+0x36b/0x440 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294