watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor.2:4514] Modules linked in: irq event stamp: 6235603 hardirqs last enabled at (6235602): [] asm_sysvec_irq_work+0x12/0x20 hardirqs last disabled at (6235603): [] sysvec_apic_timer_interrupt+0xb/0xc0 softirqs last enabled at (6211788): [] __irq_exit_rcu+0x113/0x170 softirqs last disabled at (6211791): [] __irq_exit_rcu+0x113/0x170 CPU: 0 PID: 4514 Comm: syz-executor.2 Not tainted 5.18.0-rc2-next-20220413 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:_raw_spin_unlock_irqrestore+0x2e/0x50 Code: 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 7a a7 13 fd 48 89 ef e8 82 28 14 fd 80 e7 02 74 06 e8 a8 8f 35 fd fb bf 01 00 00 00 5d 1a 0a fd 65 8b 05 36 1a ed 7b 85 c0 74 03 5b 5d c3 0f 1f 44 RSP: 0018:ffff88806ce09af8 EFLAGS: 00000206 RAX: 00000000005f258e RBX: 0000000000000246 RCX: 1ffffffff0b1b771 RDX: 0000000000000000 RSI: 0000000000000101 RDI: 0000000000000001 RBP: ffffffff852c4a60 R08: 0000000000000001 R09: 0000000000000001 R10: ffffffff814ae498 R11: 0000000000000001 R12: 0000000000082820 R13: 0000000000000200 R14: 0000000000000000 R15: 0000000000082820 FS: 00007f05e2f79700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2dc29000 CR3: 0000000015d46000 CR4: 0000000000350ef0 Call Trace: __kmalloc_node_track_caller+0x269/0x440 __alloc_skb+0xe3/0x340 __netdev_alloc_skb+0x73/0x3d0 __ieee80211_beacon_get+0x350/0x11e0 ieee80211_beacon_get_tim+0x8f/0x8f0 mac80211_hwsim_beacon_tx+0x111/0x8f0 __iterate_interfaces+0x1f0/0x570 ieee80211_iterate_active_interfaces_atomic+0x70/0x180 mac80211_hwsim_beacon+0xcd/0x1c0 __hrtimer_run_queues+0x5e8/0xbd0 hrtimer_run_softirq+0x172/0x340 __do_softirq+0x270/0x8c7 __irq_exit_rcu+0x113/0x170 irq_exit_rcu+0x5/0x20 sysvec_apic_timer_interrupt+0x8e/0xc0 asm_sysvec_apic_timer_interrupt+0x12/0x20 RIP: 0010:security_netlbl_sid_to_secattr+0xe8/0x460 Code: ff 48 8d bb b0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 30 03 00 00 4c 8b ab b0 00 00 00 93 5d 40 ff 31 ff 89 c3 89 c6 e8 88 11 55 ff 85 db 0f 84 1b 02 RSP: 0018:ffff88801d377c98 EFLAGS: 00000246 RAX: dffffc0000000000 RBX: ffffffff873a6660 RCX: ffffc90001a00000 RDX: 1ffffffff0e74ce2 RSI: ffffffff81ef163f RDI: ffffffff873a6710 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 R10: ffffffff81ef1630 R11: 0000000000000000 R12: ffff88800da6a980 R13: ffff88800f6d6000 R14: 0000000000000001 R15: 0000000000000001 selinux_netlbl_sock_genattr+0xf0/0x4b0 selinux_netlbl_socket_post_create+0x73/0x160 selinux_socket_post_create+0x2dd/0x7f0 security_socket_post_create+0x6a/0xd0 __sock_create+0x63a/0x750 __sys_socket+0xef/0x200 __x64_sys_socket+0x6f/0xb0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f05e5a03b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f05e2f79188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007f05e5b16f60 RCX: 00007f05e5a03b19 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000000a RBP: 00007f05e5a5df6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd0c5e344f R14: 00007f05e2f79300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 4489 Comm: syz-executor.6 Not tainted 5.18.0-rc2-next-20220413 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:get_stack_info_noinstr+0x30/0xf0 Code: 48 89 d5 53 48 89 f3 e8 de 00 00 00 84 c0 75 0e 65 48 8b 14 25 40 6f 02 00 48 39 d3 74 05 5b 5d 41 5c c3 48 c7 c7 37 e3 e8 84 4b 41 00 00 65 48 8b 05 c3 42 ef 7b 48 85 c0 74 59 48 8d 90 00 RSP: 0018:ffff88806cf097e0 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff8880177ad040 RCX: ffff88801e9e0000 RDX: ffff8880177ad040 RSI: ffff8880177ad040 RDI: ffffffff84e8e337 RBP: ffff88806cf09870 R08: 0000000000000001 R09: ffff88806cf09870 R10: ffffed100d9e131b R11: 0000000000000001 R12: ffff88806cf09820 R13: ffff88806cf09898 R14: ffff88806cf098b8 R15: ffff88806cf09870 FS: 0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1e5da41000 CR3: 000000000e03c000 CR4: 0000000000350ee0 Call Trace: get_stack_info+0x2b/0x80 __unwind_start+0x49e/0x7c0 arch_stack_walk+0x5f/0xf0 stack_trace_save+0x8c/0xc0 kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_set_free_info+0x20/0x30 __kasan_slab_free+0x108/0x170 kfree+0xcf/0x410 skb_release_data+0x686/0x7b0 consume_skb+0xc2/0x160 mac80211_hwsim_tx_frame+0x1f6/0x2a0 mac80211_hwsim_beacon_tx+0x494/0x8f0 __iterate_interfaces+0x1f0/0x570 ieee80211_iterate_active_interfaces_atomic+0x70/0x180 mac80211_hwsim_beacon+0xcd/0x1c0 __hrtimer_run_queues+0x5e8/0xbd0 hrtimer_run_softirq+0x172/0x340 __do_softirq+0x270/0x8c7 __irq_exit_rcu+0x113/0x170 irq_exit_rcu+0x5/0x20 sysvec_apic_timer_interrupt+0x8e/0xc0 asm_sysvec_apic_timer_interrupt+0x12/0x20 RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 Code: 48 89 ef 5d e9 01 96 32 00 be 03 00 00 00 5d e9 36 4d c3 00 66 0f 1f 44 00 00 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 8b 05 99 48 be 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b RSP: 0018:ffff88801e9df6d8 EFLAGS: 00000202 RAX: 0000000000000000 RBX: ffffea0000e93040 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffff8880177ad040 RDI: 0000000000000003 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff8173305a R11: 0000000000000000 R12: ffffea0000e93048 R13: 0000000000000000 R14: 0000000000000001 R15: dffffc0000000000 PageHuge+0x98/0x230 page_remove_rmap+0x1e2/0x490 unmap_page_range+0xe60/0x2770 unmap_single_vma+0x196/0x360 unmap_vmas+0x18f/0x320 exit_mmap+0x192/0x460 mmput+0xc8/0x380 do_exit+0xa0a/0x27e0 do_group_exit+0xd2/0x2f0 get_signal+0x2303/0x2350 arch_do_signal_or_restart+0x88/0x1a40 exit_to_user_mode_prepare+0x131/0x1a0 syscall_exit_to_user_mode+0x19/0x40 do_syscall_64+0x48/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f56ad1e4b19 Code: Unable to access opcode bytes at RIP 0x7f56ad1e4aef. RSP: 002b:00007f56aa75a188 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: fffffffffffffe00 RBX: 00007f56ad2f7f60 RCX: 00007f56ad1e4b19 RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000004 RBP: 00007f56ad23ef6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff89bd89ff R14: 00007f56aa75a300 R15: 0000000000022000 I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 loop3: detected capacity change from 0 to 256 FAT-fs (loop3): Unrecognized mount option "./file1" or missing value ---------------- Code disassembly (best guess): 0: 48 83 c7 18 add $0x18,%rdi 4: 53 push %rbx 5: 48 89 f3 mov %rsi,%rbx 8: 48 8b 74 24 10 mov 0x10(%rsp),%rsi d: e8 7a a7 13 fd callq 0xfd13a78c 12: 48 89 ef mov %rbp,%rdi 15: e8 82 28 14 fd callq 0xfd14289c 1a: 80 e7 02 and $0x2,%bh 1d: 74 06 je 0x25 1f: e8 a8 8f 35 fd callq 0xfd358fcc 24: fb sti 25: bf 01 00 00 00 mov $0x1,%edi * 2a: e8 5d 1a 0a fd callq 0xfd0a1a8c <-- trapping instruction 2f: 65 8b 05 36 1a ed 7b mov %gs:0x7bed1a36(%rip),%eax # 0x7bed1a6c 36: 85 c0 test %eax,%eax 38: 74 03 je 0x3d 3a: 5b pop %rbx 3b: 5d pop %rbp 3c: c3 retq 3d: 0f .byte 0xf 3e: 1f (bad) 3f: 44 rex.R