syzbot

rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-.... } 2690 jiffies s: 1773 root: 0x2/.
rcu: blocking rcu_node structures (internal RCU debug):
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 4405 Comm: syz.4.5 Not tainted 6.1.141-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:hlock_class kernel/locking/lockdep.c:228 [inline]
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4724 [inline]
RIP: 0010:__lock_acquire+0x5eb/0x7c50 kernel/locking/lockdep.c:4999
Code: 07 89 c3 81 e3 ff 1f 00 00 c1 e8 03 25 f8 03 00 00 48 8d b8 40 82 8b 90 be 08 00 00 00 e8 3d 5b 6f 00 48 0f a3 1d b5 8c 28 0f <73> 1a 48 8d 04 5b c1 e0 06 48 8d 98 00 01 24 90 49 b8 00 00 00 00
RSP: 0018:ffffc900001dfec0 EFLAGS: 00000057
RAX: 0000000000000001 RBX: 0000000000000015 RCX: ffffffff8162f583
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff908b8240
RBP: ffffc900001e0110 R08: dffffc0000000000 R09: fffffbfff2117049
R10: fffffbfff2117049 R11: 1ffffffff2117048 R12: ffff88807a15bb80
R13: 0000000000000000 R14: 0000000000000002 R15: ffff88807a15c770
FS:  00007fe9528486c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30801ff8 CR3: 00000000300ab000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662
 rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 rcu_read_lock_sched include/linux/rcupdate.h:883 [inline]
 pfn_valid include/linux/mmzone.h:1857 [inline]
 __virt_addr_valid+0x1a5/0x540 arch/x86/mm/physaddr.c:65
 kasan_addr_to_slab+0x9/0xc0 mm/kasan/common.c:35
 __kasan_record_aux_stack+0xf/0xc0 mm/kasan/generic.c:471
 irq_work_queue_on+0x10f/0x260 kernel/irq_work.c:140
 rcu_read_unlock_special+0x3c7/0x500 kernel/rcu/tree_plugin.h:675
 __rcu_read_unlock+0x78/0xd0 kernel/rcu/tree_plugin.h:426
 rcu_read_unlock include/linux/rcupdate.h:823 [inline]
 trace_call_bpf+0x58c/0x680 kernel/trace/bpf_trace.c:137
 perf_trace_run_bpf_submit+0x79/0x1c0 kernel/events/core.c:9973
 perf_trace_preemptirq_template+0x287/0x330 include/trace/events/preemptirq.h:14
 trace_irq_enable_rcuidle+0xd3/0x140 include/trace/events/preemptirq.h:40
 trace_hardirqs_on+0x24/0x40 kernel/trace/trace_preemptirq.c:44
 asm_sysvec_irq_work+0x16/0x20 arch/x86/include/asm/idtentry.h:728
RIP: 0010:rcu_read_unlock_special+0x84/0x500 kernel/rcu/tree_plugin.h:682
Code: f1 f1 f1 00 f2 f2 f2 4a 89 04 2b 66 42 c7 44 2b 09 f3 f3 42 c6 44 2b 0b f3 65 44 8b 35 ed 9e 96 7e 41 f7 c6 00 00 f0 00 74 45 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 66 42 c7 44 2b
RSP: 0018:ffffc900001e0760 EFLAGS: 00000206
RAX: 2d330e4ababd8800 RBX: 1ffff9200003c0f4 RCX: 2d330e4ababd8800
RDX: dffffc0000000000 RSI: ffffffff8a6bffe0 RDI: ffffffff8abf1360
RBP: ffffc900001e0860 R08: dffffc0000000000 R09: fffffbfff2117067
R10: fffffbfff2117067 R11: 1ffffffff2117066 R12: 0000000000000246
R13: dffffc0000000000 R14: ffff8880b8f3b900 R15: 0000000000000002
 __rcu_read_unlock+0x78/0xd0 kernel/rcu/tree_plugin.h:426
 rcu_read_unlock include/linux/rcupdate.h:823 [inline]
 ndisc_send_skb+0xda7/0x1510 net/ipv6/ndisc.c:521
 addrconf_rs_timer+0x2b8/0x600 net/ipv6/addrconf.c:3985
 call_timer_fn+0x1a0/0x670 kernel/time/timer.c:1504
 expire_timers kernel/time/timer.c:1549 [inline]
 __run_timers+0x525/0x7c0 kernel/time/timer.c:1820
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1833
 handle_softirqs+0x2a1/0x920 kernel/softirq.c:596
 __do_softirq kernel/softirq.c:630 [inline]
 invoke_softirq kernel/softirq.c:470 [inline]
 __irq_exit_rcu+0x12f/0x220 kernel/softirq.c:679
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:691
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
 sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1118
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:179 [inline]
RIP: 0010:unwind_next_frame+0x247/0x20b0 arch/x86/kernel/unwind_orc.c:448
Code: dc 77 8e 48 3d 6a 0d 1c 8f 0f 87 a3 17 00 00 45 39 e0 49 bd 00 00 00 00 00 fc ff df 0f 84 7b 01 00 00 4a 8d 34 a5 3c 67 0a 8e <45> 29 e0 4e 8d 64 86 fc 49 89 f7 4c 39 e6 0f 86 c7 10 00 00 49 29
RSP: 0018:ffffc90004bee330 EFLAGS: 00000212
RAX: ffffffff8e80d6ee RBX: ffffc90004bee408 RCX: ffffffff969bf100
RDX: ffffffff8e80d6a0 RSI: ffffffff8e10630c RDI: ffffffff8138551f
RBP: ffffffff816fadd7 R08: 0000000000017f01 R09: 0000000000000000
R10: fffff5200097dc8d R11: 1ffff9200097dc8b R12: 0000000000017ef4
R13: dffffc0000000000 R14: 0000000000006fad R15: dffffc0000000000
 arch_stack_walk+0x10c/0x140 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x98/0xe0 kernel/stacktrace.c:122
 save_stack+0xf3/0x1e0 mm/page_owner.c:127
 __set_page_owner+0x19/0x60 mm/page_owner.c:190
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x173/0x1a0 mm/page_alloc.c:2532
 prep_new_page mm/page_alloc.c:2539 [inline]
 get_page_from_freelist+0x1a26/0x1ac0 mm/page_alloc.c:4328
 __alloc_pages+0x1df/0x4e0 mm/page_alloc.c:5614
 __stack_depot_save+0x35a/0x460 lib/stackdepot.c:474
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x60/0x70 mm/kasan/common.c:52
 __kasan_slab_alloc+0x6b/0x80 mm/kasan/common.c:328
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook+0x4b/0x480 mm/slab.h:737
 slab_alloc_node mm/slub.c:3398 [inline]
 slab_alloc mm/slub.c:3406 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3413 [inline]
 kmem_cache_alloc_lru+0x11a/0x2e0 mm/slub.c:3429
 __d_alloc+0x31/0x700 fs/dcache.c:1774
 d_alloc fs/dcache.c:1854 [inline]
 d_alloc_parallel+0xd9/0x1480 fs/dcache.c:2645
 __lookup_slow+0x113/0x3a0 fs/namei.c:1675
 lookup_one_len+0x18e/0x2c0 fs/namei.c:2740
 start_creating+0x184/0x310 fs/debugfs/inode.c:377
 __debugfs_create_file+0x6f/0x510 fs/debugfs/inode.c:422
 debugfs_hw_add+0xed/0x3a0 net/mac80211/debugfs.c:653
 ieee80211_register_hw+0x2c45/0x38c0 net/mac80211/main.c:1391
 mac80211_hwsim_new_radio+0x28c2/0x4c40 drivers/net/wireless/mac80211_hwsim.c:4582
 hwsim_new_radio_nl+0xafa/0xce0 drivers/net/wireless/mac80211_hwsim.c:5176
 genl_family_rcv_msg_doit+0x22e/0x320 net/netlink/genetlink.c:756
 genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]
 genl_rcv_msg+0x5f2/0x780 net/netlink/genetlink.c:850
 netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2493
 genl_rcv+0x24/0x40 net/netlink/genetlink.c:861
 netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline]
 netlink_unicast+0x74c/0x8c0 net/netlink/af_netlink.c:1337
 netlink_sendmsg+0x89e/0xbc0 net/netlink/af_netlink.c:1859
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg net/socket.c:730 [inline]
 ____sys_sendmsg+0x59b/0x970 net/socket.c:2519
 ___sys_sendmsg+0x21c/0x290 net/socket.c:2573
 __sys_sendmsg net/socket.c:2602 [inline]
 __do_sys_sendmsg net/socket.c:2611 [inline]
 __se_sys_sendmsg+0x19e/0x270 net/socket.c:2609
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fe95198e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fe952848038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fe951bb5fa0 RCX: 00007fe95198e929
RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000e
RBP: 00007fe951a10b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fe951bb5fa0 R15: 00007ffdfe49b398
 </TASK>