From: kernel test robot <oliver.sang@intel.com>
To: Johannes Berg <johannes.berg@intel.com>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>,
<linux-wireless@vger.kernel.org>, <oliver.sang@intel.com>
Subject: [linux-next:master] [wifi] a1dc648aa7: kernel_BUG_at_lib/list_debug.c
Date: Mon, 17 Nov 2025 15:57:01 +0800 [thread overview]
Message-ID: <202511171510.c273ee80-lkp@intel.com> (raw)
Hello,
kernel test robot noticed "kernel_BUG_at_lib/list_debug.c" on:
commit: a1dc648aa76d61d8e75692cecea043b1bfdfeda6 ("wifi: mac80211: remove chanctx to link back-references")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
[test failed on linux-next/master 6d7e7251d03f98f26f2ee0dfd21bb0a0480a2178]
in testcase: hwsim
version: hwsim-x86_64-9c969af8d-1_20251102
with following parameters:
test: group-21
config: x86_64-rhel-9.4-func
compiler: gcc-14
test machine: 8 threads 1 sockets Intel(R) Core(TM) i7-4790 v3 @ 3.60GHz (Haswell) with 6G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202511171510.c273ee80-lkp@intel.com
[ 491.138911][ T5995] ------------[ cut here ]------------
[ 491.144253][ T5995] kernel BUG at lib/list_debug.c:59!
[ 491.149445][ T5995] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[ 491.155553][ T5995] CPU: 4 UID: 0 PID: 5995 Comm: hostapd Tainted: G S 6.18.0-rc4-00716-ga1dc648aa76d #1 PREEMPT(voluntary)
[ 491.168255][ T5995] Tainted: [S]=CPU_OUT_OF_SPEC
[ 491.172875][ T5995] Hardware name: Dell Inc. OptiPlex 9020/03CPWF, BIOS A11 04/01/2015
[ 491.180796][ T5995] RIP: 0010:__list_del_entry_valid_or_report (lib/list_debug.c:59 (discriminator 1))
[ 491.187681][ T5995] Code: 89 de 48 c7 c7 20 5a 55 84 e8 54 c7 92 fe 0f 0b 48 89 ef e8 da 53 3c ff 48 89 ea 48 89 de 48 c7 c7 80 5a 55 84 e8 38 c7 92 fe <0f> 0b 48 89 ef e8 be 53 3c ff 48 89 ea 48 b8 00 00 00 00 00 fc ff
All code
========
0: 89 de mov %ebx,%esi
2: 48 c7 c7 20 5a 55 84 mov $0xffffffff84555a20,%rdi
9: e8 54 c7 92 fe call 0xfffffffffe92c762
e: 0f 0b ud2
10: 48 89 ef mov %rbp,%rdi
13: e8 da 53 3c ff call 0xffffffffff3c53f2
18: 48 89 ea mov %rbp,%rdx
1b: 48 89 de mov %rbx,%rsi
1e: 48 c7 c7 80 5a 55 84 mov $0xffffffff84555a80,%rdi
25: e8 38 c7 92 fe call 0xfffffffffe92c762
2a:* 0f 0b ud2 <-- trapping instruction
2c: 48 89 ef mov %rbp,%rdi
2f: e8 be 53 3c ff call 0xffffffffff3c53f2
34: 48 89 ea mov %rbp,%rdx
37: 48 rex.W
38: b8 00 00 00 00 mov $0x0,%eax
3d: 00 fc add %bh,%ah
3f: ff .byte 0xff
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 48 89 ef mov %rbp,%rdi
5: e8 be 53 3c ff call 0xffffffffff3c53c8
a: 48 89 ea mov %rbp,%rdx
d: 48 rex.W
e: b8 00 00 00 00 mov $0x0,%eax
13: 00 fc add %bh,%ah
15: ff .byte 0xff
[ 491.207158][ T5995] RSP: 0018:ffffc90000d2f280 EFLAGS: 00010282
[ 491.213086][ T5995] RAX: 000000000000004e RBX: ffff88812b278800 RCX: 0000000000000000
[ 491.220923][ T5995] RDX: 000000000000004e RSI: 0000000000000008 RDI: fffff520001a5e43
[ 491.228758][ T5995] RBP: dead000000000122 R08: 0000000000000001 R09: fffff520001a5e0d
[ 491.236597][ T5995] R10: ffffc90000d2f06f R11: 0000000000000001 R12: ffff8881958a1c80
[ 491.244453][ T5995] R13: ffff88812b278808 R14: ffffffffc1de74c0 R15: ffff888193de9f80
[ 491.252291][ T5995] FS: 00007f20bfd80b80(0000) GS:ffff8881b20bd000(0000) knlGS:0000000000000000
[ 491.261080][ T5995] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 491.267524][ T5995] CR2: 000055fb9968c370 CR3: 000000018797c005 CR4: 00000000001726f0
[ 491.275361][ T5995] Call Trace:
[ 491.278505][ T5995] <TASK>
[ 491.281304][ T5995] ieee80211_free_chanctx (include/linux/list.h:223 (discriminator 1) include/linux/rculist.h:178 (discriminator 1) net/mac80211/chan.c:814 (discriminator 1)) mac80211
[ 491.287546][ T5995] __ieee80211_link_release_channel (net/mac80211/chan.c:1901) mac80211
[ 491.294684][ T5995] ieee80211_stop_ap (net/mac80211/cfg.c:1919) mac80211
[ 491.300599][ T5995] ? __pfx_validate_nla (lib/nlattr.c:396)
[ 491.305482][ T5995] ? __pfx_ieee80211_stop_ap (net/mac80211/cfg.c:1810) mac80211
[ 491.311828][ T5995] ? __rtnl_unlock (net/core/rtnetlink.c:145)
[ 491.316275][ T5995] ? netdev_run_todo (include/linux/list.h:381 (discriminator 2) net/core/dev.c:11652 (discriminator 2))
[ 491.320985][ T5995] ? __pfx_netdev_run_todo (net/core/dev.c:11629)
[ 491.326130][ T5995] ? mutex_lock (arch/x86/include/asm/atomic64_64.h:101 (discriminator 5) include/linux/atomic/atomic-arch-fallback.h:4296 (discriminator 5) include/linux/atomic/atomic-long.h:1482 (discriminator 5) include/linux/atomic/atomic-instrumented.h:4458 (discriminator 5) kernel/locking/mutex.c:157 (discriminator 5) kernel/locking/mutex.c:273 (discriminator 5))
[ 491.330317][ T5995] ? __pfx_mutex_lock (kernel/locking/mutex.c:270)
[ 491.335029][ T5995] ? __pfx_ieee80211_stop_ap (net/mac80211/cfg.c:1810) mac80211
[ 491.341411][ T5995] ___cfg80211_stop_ap (net/wireless/rdev-ops.h:190 net/wireless/ap.c:33) cfg80211
[ 491.347451][ T5995] genl_family_rcv_msg_doit (net/netlink/genetlink.c:1117)
[ 491.352856][ T5995] ? __pfx_genl_family_rcv_msg_doit (net/netlink/genetlink.c:1088)
[ 491.358784][ T5995] ? security_capable (security/security.c:1181 (discriminator 1))
[ 491.363495][ T5995] genl_family_rcv_msg (net/netlink/genetlink.c:1195)
[ 491.368467][ T5995] ? __pfx_genl_family_rcv_msg (net/netlink/genetlink.c:1160)
[ 491.373961][ T5995] ? __sys_sendmsg (include/linux/file.h:62 (discriminator 1) include/linux/file.h:83 (discriminator 1) net/socket.c:2708 (discriminator 1))
[ 491.378498][ T5995] ? do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))
[ 491.383121][ T5995] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 491.389049][ T5995] ? __pfx_nl80211_pre_doit (net/wireless/nl80211.c:17917) cfg80211
[ 491.395320][ T5995] ? __pfx_nl80211_stop_ap (net/wireless/nl80211.c:6972) cfg80211
[ 491.401502][ T5995] ? __pfx_nl80211_post_doit (net/wireless/nl80211.c:18019) cfg80211
[ 491.407846][ T5995] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:369 (discriminator 1))
[ 491.413340][ T5995] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26)
[ 491.417960][ T5995] genl_rcv_msg (net/netlink/genetlink.c:65 net/netlink/genetlink.c:1211)
[ 491.422236][ T5995] netlink_rcv_skb (net/netlink/af_netlink.c:2550)
[ 491.426861][ T5995] ? __pfx_genl_rcv_msg (net/netlink/genetlink.c:1201)
[ 491.431744][ T5995] ? __pfx_netlink_rcv_skb (net/netlink/af_netlink.c:2527)
[ 491.436887][ T5995] ? __pfx___netlink_lookup (net/netlink/af_netlink.c:494)
[ 491.442119][ T5995] genl_rcv (net/netlink/genetlink.c:1220)
[ 491.445961][ T5995] netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)
[ 491.450586][ T5995] ? __pfx_netlink_unicast (net/netlink/af_netlink.c:1329)
[ 491.455730][ T5995] ? check_heap_object (mm/usercopy.c:189 (discriminator 1))
[ 491.460612][ T5995] ? 0xffffffff81000000
[ 491.464626][ T5995] ? __check_object_size (mm/memremap.c:392)
[ 491.470292][ T5995] netlink_sendmsg (net/netlink/af_netlink.c:1894)
[ 491.474917][ T5995] ? __pfx_netlink_sendmsg (net/netlink/af_netlink.c:1813)
[ 491.480062][ T5995] ? __import_iovec (lib/iov_iter.c:1347 (discriminator 1) lib/iov_iter.c:1361 (discriminator 1))
[ 491.484774][ T5995] ____sys_sendmsg (net/socket.c:727 (discriminator 1) net/socket.c:742 (discriminator 1) net/socket.c:2630 (discriminator 1))
[ 491.489408][ T5995] ? import_iovec (lib/iov_iter.c:1428 (discriminator 1))
[ 491.493686][ T5995] ? copy_msghdr_from_user (net/socket.c:2570)
[ 491.499003][ T5995] ? __pfx_____sys_sendmsg (net/socket.c:2576)
[ 491.504146][ T5995] ? __pfx_copy_msghdr_from_user (net/socket.c:2556)
[ 491.509812][ T5995] ? do_syscall_64 (arch/x86/include/asm/jump_label.h:36 include/linux/context_tracking_state.h:108 include/linux/context_tracking.h:41 include/linux/irq-entry-common.h:261 include/linux/entry-common.h:212 arch/x86/entry/syscall_64.c:100)
[ 491.514444][ T5995] ___sys_sendmsg (net/socket.c:2686)
[ 491.518901][ T5995] ? __pfx____sys_sendmsg (net/socket.c:2673)
[ 491.523957][ T5995] ? _inline_copy_from_user (arch/x86/include/asm/uaccess_64.h:134 arch/x86/include/asm/uaccess_64.h:134 arch/x86/include/asm/uaccess_64.h:141 include/linux/uaccess.h:178)
[ 491.529189][ T5995] ? copy_from_sockptr_offset (include/linux/sockptr.h:51)
[ 491.535725][ T5995] ? __pfx_copy_from_sockptr_offset (include/linux/sockptr.h:46)
[ 491.542693][ T5995] ? kmem_cache_free (mm/slub.c:2504 mm/slub.c:6630 mm/slub.c:6740)
[ 491.547493][ T5995] ? __pfx_netlink_setsockopt (net/netlink/af_netlink.c:1644)
[ 491.552899][ T5995] ? file_close_fd_locked (arch/x86/include/asm/bitops.h:222 arch/x86/include/asm/bitops.h:233 include/asm-generic/bitops/instrumented-non-atomic.h:142 fs/file.c:346 fs/file.c:629 fs/file.c:706)
[ 491.558131][ T5995] ? fdget (include/linux/atomic/atomic-arch-fallback.h:479 (discriminator 2) include/linux/atomic/atomic-instrumented.h:50 (discriminator 2) fs/file.c:1167 (discriminator 2) fs/file.c:1181 (discriminator 2))
[ 491.561974][ T5995] ? do_sock_setsockopt (net/socket.c:2329)
[ 491.567036][ T5995] __sys_sendmsg (include/linux/file.h:62 (discriminator 1) include/linux/file.h:83 (discriminator 1) net/socket.c:2708 (discriminator 1))
[ 491.571413][ T5995] ? __pfx___sys_sendmsg (net/socket.c:2701)
[ 491.576410][ T5995] ? __sys_setsockopt (net/socket.c:2385)
[ 491.581208][ T5995] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))
[ 491.585662][ T5995] ? do_syscall_64 (arch/x86/include/asm/jump_label.h:36 include/linux/context_tracking_state.h:108 include/linux/context_tracking.h:41 include/linux/irq-entry-common.h:261 include/linux/entry-common.h:212 arch/x86/entry/syscall_64.c:100)
[ 491.590285][ T5995] ? do_syscall_64 (arch/x86/include/asm/jump_label.h:36 include/linux/context_tracking_state.h:108 include/linux/context_tracking.h:41 include/linux/irq-entry-common.h:261 include/linux/entry-common.h:212 arch/x86/entry/syscall_64.c:100)
[ 491.594910][ T5995] ? do_syscall_64 (arch/x86/include/asm/jump_label.h:36 include/linux/context_tracking_state.h:108 include/linux/context_tracking.h:41 include/linux/irq-entry-common.h:261 include/linux/entry-common.h:212 arch/x86/entry/syscall_64.c:100)
[ 491.599530][ T5995] ? __irq_exit_rcu (kernel/softirq.c:688 (discriminator 1) kernel/softirq.c:729 (discriminator 1))
[ 491.604153][ T5995] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 491.609906][ T5995] RIP: 0033:0x7f20bff06687
[ 491.614184][ T5995] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
All code
========
0: 48 89 fa mov %rdi,%rdx
3: 4c 89 df mov %r11,%rdi
6: e8 58 b3 00 00 call 0xb363
b: 8b 93 08 03 00 00 mov 0x308(%rbx),%edx
11: 59 pop %rcx
12: 5e pop %rsi
13: 48 83 f8 fc cmp $0xfffffffffffffffc,%rax
17: 74 1a je 0x33
19: 5b pop %rbx
1a: c3 ret
1b: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
22: 00
23: 48 8b 44 24 10 mov 0x10(%rsp),%rax
28: 0f 05 syscall
2a:* 5b pop %rbx <-- trapping instruction
2b: c3 ret
2c: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
33: 83 e2 39 and $0x39,%edx
36: 83 fa 08 cmp $0x8,%edx
39: 75 de jne 0x19
3b: e8 23 ff ff ff call 0xffffffffffffff63
Code starting with the faulting instruction
===========================================
0: 5b pop %rbx
1: c3 ret
2: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
9: 83 e2 39 and $0x39,%edx
c: 83 fa 08 cmp $0x8,%edx
f: 75 de jne 0xffffffffffffffef
11: e8 23 ff ff ff call 0xffffffffffffff39
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20251117/202511171510.c273ee80-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2025-11-17 7:57 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202511171510.c273ee80-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=johannes.berg@intel.com \
--cc=linux-wireless@vger.kernel.org \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).