bisecting fixing commit since 3516bd729358a2a9b090c1905bd2a3fa926e24c6
building syzkaller on 79264ae39c1ef4b4875ab67d6f0c8c3e75aa6a34
testing commit 3516bd729358a2a9b090c1905bd2a3fa926e24c6
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 9612fce04f016b6330bcae2ee4361e66fb26179c0fcada93b1f4412f074c1e05
run #0: crashed: WARNING in __cfg80211_ibss_joined
run #1: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon
run #2: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon
run #3: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon
run #4: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon
run #5: crashed: INFO: rcu detected stall in addrconf_rs_timer
run #6: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon
run #7: crashed: INFO: rcu detected stall in addrconf_rs_timer
run #8: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon
run #9: crashed: INFO: rcu detected stall in ieee80211_tasklet_handler
run #10: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon
run #11: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon
run #12: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon
run #13: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon
run #14: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon
run #15: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon
run #16: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon
run #17: crashed: INFO: rcu detected stall in mac80211_hwsim_beacon
run #18: crashed: BUG: soft lockup in ieee80211_tasklet_handler
run #19: crashed: INFO: rcu detected stall in addrconf_rs_timer
testing current HEAD 7d549995d4e0d99b68e8a7793a0d23da6fc40fe8
testing commit 7d549995d4e0d99b68e8a7793a0d23da6fc40fe8
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: cddf3208f2ae3e0210121be416df352183b0cd4824a08f7ec30b42d0b278b82b
run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #1: crashed: BUG: soft lockup in ieee80211_tasklet_handler
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
Reproducer flagged being flaky
revisions tested: 2, total time: 31m12.599217586s (build: 12m31.858120535s, test: 17m53.896269498s)
the crash still happens on HEAD
commit msg: Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
crash: BUG: soft lockup in ieee80211_tasklet_handler
watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [syz-executor.0:19398]
Modules linked in:
irq event stamp: 18038317
hardirqs last  enabled at (18038316): [<ffffffff88600d42>] asm_sysvec_irq_work+0x12/0x20 arch/x86/include/asm/idtentry.h:664
hardirqs last disabled at (18038317): [<ffffffff884a165b>] sysvec_apic_timer_interrupt+0xb/0xc0 arch/x86/kernel/apic/apic.c:1100
softirqs last  enabled at (17574340): [<ffffffff813ef62e>] invoke_softirq kernel/softirq.c:432 [inline]
softirqs last  enabled at (17574340): [<ffffffff813ef62e>] __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636
softirqs last disabled at (17574343): [<ffffffff813ef62e>] invoke_softirq kernel/softirq.c:432 [inline]
softirqs last disabled at (17574343): [<ffffffff813ef62e>] __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636
CPU: 0 PID: 19398 Comm: syz-executor.0 Not tainted 5.14.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x2e/0x50 kernel/locking/spinlock.c:191
Code: 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 9a d0 05 f9 48 89 ef e8 42 45 06 f9 80 e7 02 74 06 e8 38 24 22 f9 fb bf 01 00 00 00 <e8> 8d 60 fa f8 65 8b 05 46 6b b5 77 85 c0 74 03 5b 5d c3 e8 01 b7
RSP: 0018:ffffc900000078d0 EFLAGS: 00000202
RAX: 0000000001133e1c RBX: 0000000000000296 RCX: 1ffffffff1c3f3e2
RDX: 0000000000000000 RSI: ffffffff88ab17a0 RDI: 0000000000000001
RBP: ffff8880356b5798 R08: 0000000000000001 R09: ffffffff8e1a5947
R10: fffffbfff1c34b28 R11: 0000000000005050 R12: ffffc90000007d80
R13: ffff8880356b5738 R14: ffff88802b3a4000 R15: ffff888023a83050
FS:  00007f4955d56700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f12ec9e6718 CR3: 00000000114c8000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 __ieee80211_queue_skb_to_iface net/mac80211/rx.c:221 [inline]
 ieee80211_queue_skb_to_iface net/mac80211/rx.c:232 [inline]
 ieee80211_rx_h_mgmt net/mac80211/rx.c:3709 [inline]
 ieee80211_rx_handlers+0x3c19/0x99e0 net/mac80211/rx.c:3873
 ieee80211_invoke_rx_handlers net/mac80211/rx.c:3903 [inline]
 ieee80211_prepare_and_rx_handle+0x1a4c/0x4d10 net/mac80211/rx.c:4617
 __ieee80211_rx_handle_packet net/mac80211/rx.c:4715 [inline]
 ieee80211_rx_list+0x723/0x2290 net/mac80211/rx.c:4899
 ieee80211_rx_napi+0xbb/0x330 net/mac80211/rx.c:4922
 ieee80211_rx include/net/mac80211.h:4552 [inline]
 ieee80211_tasklet_handler+0xe9/0x100 net/mac80211/main.c:235
 tasklet_action_common.constprop.0+0x201/0x2e0 kernel/softirq.c:783
 __do_softirq+0x291/0x99e kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100
 </IRQ>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:preempt_schedule_irq+0x49/0x90 kernel/sched/core.c:6328
Code: 55 53 65 48 8b 1c 25 00 f0 01 00 48 89 dd 48 c1 ed 03 48 01 c5 bf 01 00 00 00 e8 02 94 fb f8 e8 3d 40 23 f9 fb bf 01 00 00 00 <e8> 32 ce ff ff 9c 58 fa f6 c4 02 75 27 bf 01 00 00 00 e8 80 7c fb
RSP: 0018:ffffc90009a17e38 EFLAGS: 00000206
RAX: 0000000000004fe1 RBX: ffff888022741bc0 RCX: 1ffffffff188d699
RDX: 0000000000000000 RSI: ffffffff88ab17a0 RDI: 0000000000000001
RBP: ffffed10044e8378 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff8da84017 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 irqentry_exit+0x31/0x80 kernel/entry/common.c:427
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:security_locked_down+0x2c/0x70 security/security.c:2597
Code: 41 89 fc 55 48 bd 00 00 00 00 00 fc ff df 53 48 8b 1d 78 be f2 06 48 85 db 74 30 48 8d 7b 18 48 89 f8 48 c1 e8 03 80 3c 28 00 <75> 26 44 89 e7 ff 53 18 85 c0 75 17 48 89 d8 48 c1 e8 03 80 3c 28
RSP: 0018:ffffc90009a17f08 EFLAGS: 00000246
RAX: 1ffffffff1474e6f RBX: ffffffff8a3a7360 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8a827380 RDI: ffffffff8a3a7378
RBP: dffffc0000000000 R08: 0000000000000000 R09: ffff88800edb4ab3
R10: ffffed1001db6956 R11: 0000000000000000 R12: 0000000000000007
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 __do_sys_iopl arch/x86/kernel/ioport.c:190 [inline]
 __se_sys_iopl arch/x86/kernel/ioport.c:173 [inline]
 __x64_sys_iopl+0x10e/0x160 arch/x86/kernel/ioport.c:173
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x465b09
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4955d56188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ac
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007ffcbc672aef R14: 00007f4955d56300 R15: 0000000000022000
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 19401 Comm: syz-executor.4 Not tainted 5.14.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:native_apic_mem_write+0x8/0x10 arch/x86/include/asm/apic.h:110
Code: c7 40 95 a7 8d e8 38 b1 79 00 eb b0 66 0f 1f 44 00 00 be 01 00 00 00 e9 b6 d1 29 00 cc cc cc cc cc cc 89 ff 89 b7 00 c0 5f ff <c3> 0f 1f 80 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 53 89 fb 48
RSP: 0018:ffffc90000db0940 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: ffffffff8a3a2a60 RCX: 0000000000000020
RDX: 1ffffffff147454e RSI: 0000000000000101 RDI: 0000000000000380
RBP: ffff8880ba11f2c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000101
R13: 00000033a66428a7 R14: ffff8880ba1263c0 R15: 00000033a66448c2
FS:  0000000000000000(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b75a7da8b8 CR3: 0000000011173000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 apic_write arch/x86/include/asm/apic.h:394 [inline]
 lapic_next_event+0x4d/0x80 arch/x86/kernel/apic/apic.c:472
 clockevents_program_event+0x1be/0x270 kernel/time/clockevents.c:334
 hrtimer_interrupt+0x3c0/0x920 kernel/time/hrtimer.c:1676
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1089 [inline]
 __sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1106
 sysvec_apic_timer_interrupt+0x40/0xc0 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:rate_control_get_rate+0x69/0x5c0 net/mac80211/rate.c:900
Code: 00 48 b8 00 00 00 00 00 fc ff df 48 8d bb 58 12 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 83 04 00 00 48 8b 83 58 12 00 00 <48> 89 04 24 48 8d 45 18 48 89 c2 48 89 44 24 08 48 b8 00 00 00 00
RSP: 0018:ffffc90000db0b18 EFLAGS: 00000246
RAX: ffff88801324d760 RBX: ffff888018450d20 RCX: 1ffff1100308a0e5
RDX: 1ffff1100308a3ef RSI: 0000000000000000 RDI: ffff888018451f78
RBP: ffffc90000db0bd0 R08: 0000000000000001 R09: ffffc90000db0bd0
R10: fffff520001b6181 R11: ffff88801b39aac8 R12: 0000000000000000
R13: ffff88803f474c00 R14: ffff88803f475248 R15: ffff88801b39aa00
 __ieee80211_beacon_get+0x915/0x1840 net/mac80211/tx.c:5141
 ieee80211_beacon_get_tim+0x7e/0x6e0 net/mac80211/tx.c:5168
 ieee80211_beacon_get include/net/mac80211.h:4962 [inline]
 mac80211_hwsim_beacon_tx+0xc2/0x7b0 drivers/net/wireless/mac80211_hwsim.c:1808
 __iterate_interfaces+0x103/0x360 net/mac80211/util.c:793
 ieee80211_iterate_active_interfaces_atomic+0x53/0xf0 net/mac80211/util.c:829
 mac80211_hwsim_beacon+0xb7/0x160 drivers/net/wireless/mac80211_hwsim.c:1861
 __run_hrtimer kernel/time/hrtimer.c:1537 [inline]
 __hrtimer_run_queues+0x545/0xba0 kernel/time/hrtimer.c:1601
 hrtimer_run_softirq+0x176/0x340 kernel/time/hrtimer.c:1618
 __do_softirq+0x291/0x99e kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100
 </IRQ>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:instrument_atomic_read include/linux/instrumented.h:71 [inline]
RIP: 0010:atomic_read include/asm-generic/atomic-instrumented.h:27 [inline]
RIP: 0010:lock_page_memcg+0x1af/0x7b0 mm/memcontrol.c:2026
Code: 7d c8 e8 b4 1d a8 ff 48 8b 7d c8 48 c7 c6 28 3e aa 81 58 e8 93 16 a8 ff 4d 85 f6 74 06 e8 39 6a c4 ff fb 4c 8d b3 80 10 00 00 <be> 04 00 00 00 4c 89 f7 e8 d4 bb fb ff 4c 89 f0 48 be 00 00 00 00
RSP: 0018:ffffc900096df7a0 EFLAGS: 00000206
RAX: 000000000093b0ed RBX: ffff888140144000 RCX: 1ffffffff1c35902
RDX: 0000000000000000 RSI: ffffffff88ab17a0 RDI: ffffffff88fcaa20
RBP: ffffc900096df7e8 R08: 0000000000000001 R09: ffffffff8e1a5877
R10: fffffbfff1c34b0e R11: ffffffff819df1f2 R12: ffffea0000c2b1c8
R13: fffff94000185639 R14: ffff888140145080 R15: ffffea0000c2b1c0
 page_remove_rmap+0x1d/0xd70 mm/rmap.c:1345
 zap_pte_range mm/memory.c:1362 [inline]
 zap_pmd_range mm/memory.c:1481 [inline]
 zap_pud_range mm/memory.c:1510 [inline]
 zap_p4d_range mm/memory.c:1531 [inline]
 unmap_page_range+0xb9d/0x2180 mm/memory.c:1552
 unmap_vmas+0x151/0x280 mm/memory.c:1629
 exit_mmap+0x19d/0x540 mm/mmap.c:3201
 __mmput+0xeb/0x3e0 kernel/fork.c:1101
 exit_mm kernel/exit.c:501 [inline]
 do_exit+0x966/0x24e0 kernel/exit.c:812
 do_group_exit+0xe7/0x290 kernel/exit.c:922
 get_signal+0x3c1/0x1c10 kernel/signal.c:2808
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:865
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:302
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x465b09
Code: Unable to access opcode bytes at RIP 0x465adf.
RSP: 002b:00007f6579997188 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
RAX: 0000000000000000 RBX: 000000000056bf60 RCX: 0000000000465b09
RDX: 0000000000042000 RSI: 0000000000000004 RDI: 0000000000000003
RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007fffa4e704bf R14: 00007f6579997300 R15: 0000000000022000