bisecting fixing commit since d936eb23874433caa3e3d841cfa16f5434b85dcf building syzkaller on f115ae985a399ddce060f448097b8068450a8f48 testing commit d936eb23874433caa3e3d841cfa16f5434b85dcf compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 25fd494ce9cc505d6b12e9c447d21e3b1a47d3e4bdab6271c0935214bf80eefa all runs: crashed: INFO: task hung in fuse_simple_request testing current HEAD 9e1ff307c779ce1f0f810c7ecce3d95bbae40896 testing commit 9e1ff307c779ce1f0f810c7ecce3d95bbae40896 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d3d8d3f904d4d20f8b9c707f5002cae330c8be261a2d2ad9b58a6eb673f8d83d all runs: crashed: INFO: task hung in fuse_simple_request revisions tested: 2, total time: 32m55.511376951s (build: 14m54.656826897s, test: 17m25.128294795s) the crash still happens on HEAD commit msg: Linux 5.15-rc4 crash: INFO: task hung in fuse_simple_request INFO: task syz-executor.3:5716 blocked for more than 143 seconds. Not tainted 5.15.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:29248 pid: 5716 ppid: 7032 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 request_wait_answer+0x39b/0x6c0 fs/fuse/dev.c:411 __fuse_request_send fs/fuse/dev.c:430 [inline] fuse_simple_request+0x405/0xad0 fs/fuse/dev.c:515 fuse_do_getattr+0x238/0xc70 fs/fuse/dir.c:1009 vfs_getattr fs/stat.c:160 [inline] vfs_statx+0x100/0x2e0 fs/stat.c:225 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat+0x7d/0xd0 fs/stat.c:412 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f0c0f895188 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffeb301209f R14: 00007f0c0f895300 R15: 0000000000022000 INFO: task syz-executor.3:5778 blocked for more than 143 seconds. Not tainted 5.15.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:29248 pid: 5778 ppid: 7032 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 request_wait_answer+0x39b/0x6c0 fs/fuse/dev.c:411 __fuse_request_send fs/fuse/dev.c:430 [inline] fuse_simple_request+0x405/0xad0 fs/fuse/dev.c:515 fuse_do_getattr+0x238/0xc70 fs/fuse/dir.c:1009 vfs_getattr fs/stat.c:160 [inline] vfs_statx+0x100/0x2e0 fs/stat.c:225 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat+0x7d/0xd0 fs/stat.c:412 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f0c0f895188 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffeb301209f R14: 00007f0c0f895300 R15: 0000000000022000 INFO: task syz-executor.3:5823 blocked for more than 143 seconds. Not tainted 5.15.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:29064 pid: 5823 ppid: 7032 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 request_wait_answer+0x39b/0x6c0 fs/fuse/dev.c:411 __fuse_request_send fs/fuse/dev.c:430 [inline] fuse_simple_request+0x405/0xad0 fs/fuse/dev.c:515 fuse_do_getattr+0x238/0xc70 fs/fuse/dir.c:1009 vfs_getattr fs/stat.c:160 [inline] vfs_statx+0x100/0x2e0 fs/stat.c:225 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat+0x7d/0xd0 fs/stat.c:412 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f0c0f895188 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffeb301209f R14: 00007f0c0f895300 R15: 0000000000022000 INFO: task syz-executor.3:5877 blocked for more than 144 seconds. Not tainted 5.15.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:29184 pid: 5877 ppid: 7032 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 request_wait_answer+0x39b/0x6c0 fs/fuse/dev.c:411 __fuse_request_send fs/fuse/dev.c:430 [inline] fuse_simple_request+0x405/0xad0 fs/fuse/dev.c:515 fuse_do_getattr+0x238/0xc70 fs/fuse/dir.c:1009 vfs_getattr fs/stat.c:160 [inline] vfs_statx+0x100/0x2e0 fs/stat.c:225 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat+0x7d/0xd0 fs/stat.c:412 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f0c0f895188 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffeb301209f R14: 00007f0c0f895300 R15: 0000000000022000 INFO: task syz-executor.3:5929 blocked for more than 144 seconds. Not tainted 5.15.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:29248 pid: 5929 ppid: 7032 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 request_wait_answer+0x39b/0x6c0 fs/fuse/dev.c:411 __fuse_request_send fs/fuse/dev.c:430 [inline] fuse_simple_request+0x405/0xad0 fs/fuse/dev.c:515 fuse_do_getattr+0x238/0xc70 fs/fuse/dir.c:1009 vfs_getattr fs/stat.c:160 [inline] vfs_statx+0x100/0x2e0 fs/stat.c:225 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat+0x7d/0xd0 fs/stat.c:412 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f0c0f895188 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffeb301209f R14: 00007f0c0f895300 R15: 0000000000022000 INFO: task syz-executor.3:6014 blocked for more than 144 seconds. Not tainted 5.15.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:29064 pid: 6014 ppid: 7032 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 request_wait_answer+0x39b/0x6c0 fs/fuse/dev.c:411 __fuse_request_send fs/fuse/dev.c:430 [inline] fuse_simple_request+0x405/0xad0 fs/fuse/dev.c:515 fuse_do_getattr+0x238/0xc70 fs/fuse/dir.c:1009 vfs_getattr fs/stat.c:160 [inline] vfs_statx+0x100/0x2e0 fs/stat.c:225 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat+0x7d/0xd0 fs/stat.c:412 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f0c0f895188 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffeb301209f R14: 00007f0c0f895300 R15: 0000000000022000 INFO: task syz-executor.3:6065 blocked for more than 144 seconds. Not tainted 5.15.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:29064 pid: 6065 ppid: 7032 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 request_wait_answer+0x39b/0x6c0 fs/fuse/dev.c:411 __fuse_request_send fs/fuse/dev.c:430 [inline] fuse_simple_request+0x405/0xad0 fs/fuse/dev.c:515 fuse_do_getattr+0x238/0xc70 fs/fuse/dir.c:1009 vfs_getattr fs/stat.c:160 [inline] vfs_statx+0x100/0x2e0 fs/stat.c:225 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat+0x7d/0xd0 fs/stat.c:412 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f0c0f895188 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffeb301209f R14: 00007f0c0f895300 R15: 0000000000022000 INFO: task syz-executor.3:6113 blocked for more than 145 seconds. Not tainted 5.15.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:29064 pid: 6113 ppid: 7032 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 request_wait_answer+0x39b/0x6c0 fs/fuse/dev.c:411 __fuse_request_send fs/fuse/dev.c:430 [inline] fuse_simple_request+0x405/0xad0 fs/fuse/dev.c:515 fuse_do_getattr+0x238/0xc70 fs/fuse/dir.c:1009 vfs_getattr fs/stat.c:160 [inline] vfs_statx+0x100/0x2e0 fs/stat.c:225 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat+0x7d/0xd0 fs/stat.c:412 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f0c0f895188 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffeb301209f R14: 00007f0c0f895300 R15: 0000000000022000 INFO: task syz-executor.3:6157 blocked for more than 145 seconds. Not tainted 5.15.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:29064 pid: 6157 ppid: 7032 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 request_wait_answer+0x39b/0x6c0 fs/fuse/dev.c:411 __fuse_request_send fs/fuse/dev.c:430 [inline] fuse_simple_request+0x405/0xad0 fs/fuse/dev.c:515 fuse_do_getattr+0x238/0xc70 fs/fuse/dir.c:1009 vfs_getattr fs/stat.c:160 [inline] vfs_statx+0x100/0x2e0 fs/stat.c:225 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat+0x7d/0xd0 fs/stat.c:412 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f0c0f895188 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffeb301209f R14: 00007f0c0f895300 R15: 0000000000022000 INFO: task syz-executor.3:6200 blocked for more than 145 seconds. Not tainted 5.15.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:28152 pid: 6200 ppid: 7032 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 request_wait_answer+0x39b/0x6c0 fs/fuse/dev.c:411 __fuse_request_send fs/fuse/dev.c:430 [inline] fuse_simple_request+0x405/0xad0 fs/fuse/dev.c:515 fuse_do_getattr+0x238/0xc70 fs/fuse/dir.c:1009 vfs_getattr fs/stat.c:160 [inline] vfs_statx+0x100/0x2e0 fs/stat.c:225 vfs_fstatat fs/stat.c:243 [inline] __do_sys_newfstatat+0x7d/0xd0 fs/stat.c:412 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f0c0f895188 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: ffffffffffffff9c RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffeb301209f R14: 00007f0c0f895300 R15: 0000000000022000 Showing all locks held in the system: 1 lock held by khungtaskd/26: #0: ffffffff8ab767c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446 2 locks held by in:imklog/6220: #0: ffff888023e63270 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x9c/0xb0 fs/file.c:990 #1: ffffffff8acb4db8 (remove_cache_srcu){....}-{0:0}, at: kasan_quarantine_reduce+0x41/0x200 mm/kasan/quarantine.c:274 3 locks held by rs:main Q:Reg/6224: #0: ffff8880b9e319d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:474 [inline] #0: ffff8880b9e319d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1317 [inline] #0: ffff8880b9e319d8 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1620 [inline] #0: ffff8880b9e319d8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x236/0x26c0 kernel/sched/core.c:6201 #1: ffff8880b9e1f9c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39d/0x480 kernel/sched/psi.c:880 #2: ffff888070b73fc0 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #2: ffff888070b73fc0 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: ext4_buffered_write_iter+0x9b/0x480 fs/ext4/file.c:263 2 locks held by kworker/u4:5/8707: #0: ffff8880b9e319d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:474 [inline] #0: ffff8880b9e319d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1317 [inline] #0: ffff8880b9e319d8 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1620 [inline] #0: ffff8880b9e319d8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x236/0x26c0 kernel/sched/core.c:6201 #1: ffff8880b9e1f9c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39d/0x480 kernel/sched/psi.c:880 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 26 Comm: khungtaskd Not tainted 5.15.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 nmi_cpu_backtrace.cold+0x30/0xc0 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x11a/0x160 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0x88c/0xbf0 kernel/hung_task.c:295 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 8707 Comm: kworker/u4:5 Not tainted 5.15.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy9 ieee80211_iface_work RIP: 0010:check_preemption_disabled+0x3/0xe0 lib/smp_processor_id.c:13 Code: 9d 77 c3 0f 0b eb 96 e8 4b 04 25 f9 65 48 8b 3c 25 40 f0 01 00 e8 3d 94 e4 f8 eb bf cc cc cc cc cc cc cc cc cc cc cc 41 54 55 <53> 48 83 ec 08 65 44 8b 25 08 3f 9c 77 65 8b 05 99 99 9c 77 a9 ff RSP: 0018:ffffc9000c4b72d0 EFLAGS: 00000046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffffff88cb49c0 RDI: ffffffff891f6620 RBP: ffffffff8ab76700 R08: 0000000000000000 R09: ffff8880b9f3298b R10: ffffed10173e6531 R11: dffffc0000000000 R12: ffff888060ff0000 R13: 00000000ffffffff R14: 00000000ffffffff R15: ffffc9000c4b7698 FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5c90ea0000 CR3: 000000000a88e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lockdep_recursion_inc kernel/locking/lockdep.c:433 [inline] lock_is_held_type+0x63/0x140 kernel/locking/lockdep.c:5667 lock_is_held include/linux/lockdep.h:283 [inline] rcu_read_lock_sched_held+0x3a/0x70 kernel/rcu/update.c:125 trace_kfree include/trace/events/kmem.h:118 [inline] kfree+0x390/0x530 mm/slub.c:4533 ieee802_11_parse_elems_crc+0x7d2/0xf10 net/mac80211/util.c:1517 ieee802_11_parse_elems net/mac80211/ieee80211_i.h:2207 [inline] ieee80211_rx_mgmt_probe_beacon+0x15c/0x1640 net/mac80211/ibss.c:1605 ieee80211_ibss_rx_queued_mgmt+0xaec/0x12e0 net/mac80211/ibss.c:1635 ieee80211_iface_process_skb net/mac80211/iface.c:1439 [inline] ieee80211_iface_work+0x729/0x970 net/mac80211/iface.c:1493 process_one_work+0x87f/0x1450 kernel/workqueue.c:2297 worker_thread+0x598/0x1040 kernel/workqueue.c:2444 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 ---------------- Code disassembly (best guess): 0: 9d popfq 1: 77 c3 ja 0xffffffc6 3: 0f 0b ud2 5: eb 96 jmp 0xffffff9d 7: e8 4b 04 25 f9 callq 0xf9250457 c: 65 48 8b 3c 25 40 f0 mov %gs:0x1f040,%rdi 13: 01 00 15: e8 3d 94 e4 f8 callq 0xf8e49457 1a: eb bf jmp 0xffffffdb 1c: cc int3 1d: cc int3 1e: cc int3 1f: cc int3 20: cc int3 21: cc int3 22: cc int3 23: cc int3 24: cc int3 25: cc int3 26: cc int3 27: 41 54 push %r12 29: 55 push %rbp * 2a: 53 push %rbx <-- trapping instruction 2b: 48 83 ec 08 sub $0x8,%rsp 2f: 65 44 8b 25 08 3f 9c mov %gs:0x779c3f08(%rip),%r12d # 0x779c3f3f 36: 77 37: 65 8b 05 99 99 9c 77 mov %gs:0x779c9999(%rip),%eax # 0x779c99d7 3e: a9 .byte 0xa9 3f: ff .byte 0xff