watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor.3:8589] Modules linked in: irq event stamp: 2787387 hardirqs last enabled at (2787386): [] irqentry_exit+0x3b/0x90 hardirqs last disabled at (2787387): [] sysvec_apic_timer_interrupt+0xf/0x80 softirqs last enabled at (2777764): [] handle_softirqs+0x50c/0x770 softirqs last disabled at (2777781): [] irq_exit_rcu+0x94/0xc0 CPU: 0 UID: 0 PID: 8589 Comm: syz-executor.3 Not tainted 6.12.0-rc5-next-20241104 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:lock_release+0xa6/0x6f0 Code: a6 03 00 65 41 8b 2e 89 ed be 08 00 00 00 48 89 e8 48 c1 e8 06 48 8d 3c c5 90 77 3f 86 e8 d2 b2 5b 00 48 0f a3 2d 4a 6c 0f 05 <0f> 82 47 04 00 00 48 c7 c5 34 85 3f 86 48 b8 00 00 00 00 00 fc ff RSP: 0018:ffff88806ce093c0 EFLAGS: 00000247 RAX: 0000000000000001 RBX: 1ffff1100d9c127a RCX: ffffffff81300b3e RDX: fffffbfff0c7eef3 RSI: 0000000000000008 RDI: ffffffff863f7790 RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff0c7eef2 R10: ffffffff863f7797 R11: 00000000000c33ea R12: ffffffff85c15dc0 R13: ffffffff81525916 R14: 000000000003a6cc R15: 0000000000092820 FS: 00007f96918a8700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000558376edf000 CR3: 000000000e27e000 CR4: 0000000000350ef0 Call Trace: __is_insn_slot_addr+0x13b/0x290 kernel_text_address+0x48/0xc0 __kernel_text_address+0xd/0x40 unwind_get_return_address+0x59/0xa0 arch_stack_walk+0x9d/0xf0 stack_trace_save+0x8f/0xc0 kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x59/0x70 kmem_cache_alloc_noprof+0x13d/0x3d0 __alloc_object+0x2f/0x270 __create_object+0x1d/0x80 __kmalloc_node_track_caller_noprof+0x36a/0x490 kmalloc_reserve+0xed/0x2b0 __alloc_skb+0x162/0x370 __netdev_alloc_skb+0x7a/0x7a0 ieee80211_beacon_get_ap+0x388/0x10e0 __ieee80211_beacon_get+0x9a4/0xfc0 ieee80211_beacon_get_tim+0xa6/0x280 mac80211_hwsim_beacon_tx+0x49b/0x950 __iterate_interfaces+0x2e0/0x650 ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 mac80211_hwsim_beacon+0x105/0x200 __hrtimer_run_queues+0x1ab/0xa70 hrtimer_run_softirq+0x14c/0x310 handle_softirqs+0x1b1/0x770 irq_exit_rcu+0x94/0xc0 sysvec_apic_timer_interrupt+0x70/0x80 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:qlist_free_all+0x28/0x160 Code: 90 90 48 8b 07 48 85 c0 0f 84 41 01 00 00 41 57 41 56 41 55 49 89 fd 41 54 49 89 f4 55 53 eb 3e 48 63 95 c0 00 00 00 48 8b 18 <48> 89 ef 48 29 d0 48 89 c6 49 89 c6 e8 e7 f0 ff ff 49 89 c7 66 90 RSP: 0018:ffff888040b6f8f0 EFLAGS: 00000246 RAX: ffff88800dd0dd78 RBX: ffff88800b5f6a68 RCX: ffffea0000374300 RDX: 0000000000000178 RSI: ffffea0000374301 RDI: 0000000000080000 RBP: ffff888009406640 R08: ffff88800e44af00 R09: 0000000000400026 R10: ffffea0000391200 R11: 00000000000007e0 R12: 0000000000000000 R13: ffff888040b6f928 R14: ffff88800e44af00 R15: ffff88800e44af00 kasan_quarantine_reduce+0x19f/0x240 __kasan_slab_alloc+0x49/0x70 kmem_cache_alloc_noprof+0x13d/0x3d0 __alloc_object+0x2f/0x270 __create_object+0x1d/0x80 kmem_cache_alloc_noprof+0x300/0x3d0 alloc_empty_file+0x76/0x1e0 path_openat+0xe1/0x2980 do_filp_open+0x1b8/0x410 do_sys_openat2+0x164/0x1d0 __x64_sys_openat+0x143/0x200 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f96942e5a04 Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 RSP: 002b:00007f96918a7ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007f969437c970 RCX: 00007f96942e5a04 RDX: 0000000000000002 RSI: 00007f96918a8000 RDI: 00000000ffffff9c RBP: 00007f96918a8000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 R13: 0000000000000006 R14: 0000000020000230 R15: 0000000000000002 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 16 Comm: rcu_preempt Not tainted 6.12.0-rc5-next-20241104 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:hrtimer_start_range_ns+0x6be/0xab0 Code: 4c 8b 64 24 08 e8 72 8d 11 00 48 8b 44 24 28 4c 01 e0 48 89 44 24 38 49 39 c6 0f 85 79 fe ff ff e8 57 8d 11 00 4c 39 64 24 08 <0f> 84 9e 00 00 00 e8 47 8d 11 00 48 8b 44 24 30 80 38 00 0f 85 61 RSP: 0018:ffff888009617948 EFLAGS: 00000046 RAX: 0000000000000000 RBX: ffff88806cf3c380 RCX: 0000000000000000 RDX: ffff8880095ed280 RSI: ffffffff81404bf9 RDI: ffffffff857e0ba8 RBP: dffffc0000000000 R08: 0000000000000001 R09: ffff8880095edcb8 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88806cf2ce40 R13: 0000000000000000 R14: ffff88806cf2cec0 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f755d14fe98 CR3: 000000000e50a000 CR4: 0000000000350ef0 Call Trace: dl_server_stop+0x40/0x90 dequeue_entities+0x12b3/0x1b90 dequeue_task_fair+0x16d/0x450 __schedule+0x4db/0x2fa0 schedule+0xdb/0x340 schedule_timeout+0x11b/0x270 rcu_gp_fqs_loop+0x1c4/0xf10 rcu_gp_kthread+0x4b7/0x6b0 kthread+0x2c2/0x3a0 ret_from_fork+0x48/0x80 ret_from_fork_asm+0x1a/0x30 loop7: detected capacity change from 0 to 40 loop5: detected capacity change from 0 to 40 loop2: detected capacity change from 0 to 40 loop5: detected capacity change from 0 to 40 No source specified No source specified No source specified No source specified No source specified ---------------- Code disassembly (best guess): 0: a6 cmpsb %es:(%rdi),%ds:(%rsi) 1: 03 00 add (%rax),%eax 3: 65 41 8b 2e mov %gs:(%r14),%ebp 7: 89 ed mov %ebp,%ebp 9: be 08 00 00 00 mov $0x8,%esi e: 48 89 e8 mov %rbp,%rax 11: 48 c1 e8 06 shr $0x6,%rax 15: 48 8d 3c c5 90 77 3f lea -0x79c08870(,%rax,8),%rdi 1c: 86 1d: e8 d2 b2 5b 00 callq 0x5bb2f4 22: 48 0f a3 2d 4a 6c 0f bt %rbp,0x50f6c4a(%rip) # 0x50f6c74 29: 05 * 2a: 0f 82 47 04 00 00 jb 0x477 <-- trapping instruction 30: 48 c7 c5 34 85 3f 86 mov $0xffffffff863f8534,%rbp 37: 48 rex.W 38: b8 00 00 00 00 mov $0x0,%eax 3d: 00 fc add %bh,%ah 3f: ff .byte 0xff