watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [syz-executor.4:15041]
Modules linked in:
irq event stamp: 4469287
hardirqs last  enabled at (4469286): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (4469287): [<ffffffff844024af>] sysvec_apic_timer_interrupt+0xf/0xc0
softirqs last  enabled at (4468748): [<ffffffff81182e7b>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (4468751): [<ffffffff81182e7b>] __irq_exit_rcu+0x11b/0x180
CPU: 1 PID: 15041 Comm: syz-executor.4 Not tainted 6.1.0-next-20221213 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:lock_acquire.part.0+0x14d/0x340
Code: 87 84 48 83 c4 20 e8 f2 25 14 03 b8 ff ff ff ff 65 0f c1 05 bd 6c d6 7e 83 f8 01 0f 85 9f 01 00 00 48 85 ed 0f 85 90 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
RSP: 0018:ffff88806cf09738 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff1100d9e12e9 RCX: 0000000000001637
RDX: 1ffff110072ebb33 RSI: 0000000000000301 RDI: 0000000000000000
RBP: 0000000000000200 R08: 0000000000000000 R09: ffffffff8763496f
R10: fffffbfff0ec692d R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000000 R15: ffff88803c489680
FS:  00007fc56fdde700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020005000 CR3: 000000003b0fc000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 _raw_spin_lock_bh+0x33/0x40
 ieee80211_rx_handlers+0xd9/0xaa60
 ieee80211_prepare_and_rx_handle+0x1cda/0x5d50
 ieee80211_rx_for_interface+0x141/0x3b0
 ieee80211_rx_list+0x18b1/0x2eb0
 ieee80211_rx_napi+0xdf/0x380
 ieee80211_tasklet_handler+0xd8/0x140
 tasklet_action_common.constprop.0+0x208/0x2f0
 __do_softirq+0x1c7/0x8f9
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__is_insn_slot_addr+0x89/0x250
Code: ff 4c 8d b3 a8 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 80 3c 02 00 0f 85 bf 01 00 00 48 8b 9b a8 00 00 00 <4c> 39 f3 74 78 49 bd 00 00 00 00 00 fc ff df e8 13 83 ff ff 48 8d
RSP: 0018:ffff888034ebf308 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffffffff8564e928 RCX: ffffc90006e20000
RDX: 1ffffffff0ac9d25 RSI: ffffffff8149a680 RDI: 0000000000000001
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 00007fc572868b19
R13: 0000000000000000 R14: ffffffff8564e928 R15: 0000000000000170
 kernel_text_address+0x5b/0xc0
 __kernel_text_address+0xd/0x40
 unwind_get_return_address+0x59/0xa0
 arch_stack_walk+0x9d/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 __kasan_slab_alloc+0x5c/0x70
 kmem_cache_alloc+0x1e1/0x410
 __create_object+0x3d/0xc10
 kmem_cache_alloc+0x273/0x410
 alloc_buffer_head+0x24/0x150
 alloc_page_buffers+0x2a2/0x690
 create_empty_buffers+0x3a/0xa60
 create_page_buffers+0x286/0x300
 __block_write_begin_int+0x178/0x13d0
 ext4_da_write_begin+0x357/0x9a0
 generic_perform_write+0x25a/0x580
 ext4_buffered_write_iter+0x164/0x460
 ext4_file_write_iter+0x3ff/0x1930
 vfs_write+0xa4f/0xe40
 ksys_write+0x12b/0x260
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7fc572868b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc56fdde188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fc57297bf60 RCX: 00007fc572868b19
RDX: 000000000002933c RSI: 0000000020000080 RDI: 0000000000000006
RBP: 00007fc5728c2f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcf77c4f0f R14: 00007fc56fdde300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 15051 Comm: syz-executor.2 Not tainted 6.1.0-next-20221213 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:check_preemption_disabled+0x3e/0x180
Code: 44 8b 25 21 4a c3 7b 65 8b 1d 16 4a c3 7b 81 e3 ff ff ff 7f 31 ff 89 de 0f 1f 44 00 00 85 db 74 15 0f 1f 44 00 00 44 89 e0 5b <5d> 41 5c 41 5d 41 5e e9 aa 28 02 00 0f 1f 44 00 00 9c 5b 81 e3 00
RSP: 0018:ffff88806ce09be8 EFLAGS: 00000006
RAX: 0000000000000000 RBX: 0000000000034f00 RCX: 0000000000000100
RDX: ffff88801665d040 RSI: 0000000000000103 RDI: 0000000000000000
RBP: ffffffff849ef9e0 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: ffffffff848ce4c0 R14: 0000000000000000 R15: 0000000000000000
FS:  00007fb98c95e700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd673f8dd04 CR3: 00000000354da000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 ct_nmi_enter+0x38/0x1c0
 ct_irq_enter_irqson+0x2c/0x50
 trace_hardirqs_on+0xae/0x130
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:mac80211_hwsim_beacon_tx+0x56b/0xab0
Code: 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 0c 04 00 00 49 8b 55 00 48 89 ee 48 89 df e8 4a ee ff ff 48 8b 44 24 10 <48> b9 00 00 00 00 00 fc ff df 48 c1 e8 03 48 01 c8 48 89 04 24 eb
RSP: 0018:ffff88806ce09d28 EFLAGS: 00000246
RAX: ffff8880357a6638 RBX: ffff888046400de0 RCX: 0000000000000100
RDX: ffff88801665d040 RSI: ffffffff82fdc4c6 RDI: 0000000000000000
RBP: ffff88802117f8c0 R08: 0000000000000001 R09: ffffffff8763491f
R10: fffffbfff0ec6923 R11: 0000000000000001 R12: ffff8880357a62e8
R13: ffff88800d8a3658 R14: ffff8880357a6340 R15: 0000000000000001
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x74/0x180
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xc70
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x8f9
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__orc_find+0x6f/0xf0
Code: 72 4d 4c 89 e0 48 29 e8 48 89 c2 48 c1 e8 3f 48 c1 fa 02 48 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 <48> 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 50 48 63 03 48 01
RSP: 0018:ffff888041b26f98 EFLAGS: 00000216
RAX: 1ffffffff0c01712 RBX: ffffffff8600b890 RCX: ffffffff843fe08e
RDX: 0000000000000000 RSI: ffffffff86461f46 RDI: ffffffff8600b87c
RBP: ffffffff8600b87c R08: ffffffff86461f46 R09: ffffffff860f99ac
R10: ffff888041b279d8 R11: 0000000000038001 R12: ffffffff8600b8a8
R13: ffffffff8600b87c R14: ffffffff8600b87c R15: dffffc0000000000
 unwind_next_frame+0x2b1/0x2130
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 __kasan_record_aux_stack+0x95/0xb0
 __call_rcu_common.constprop.0+0x6a/0x9f0
 kmem_cache_free+0xc1/0x610
 __es_remove_extent+0xd33/0x15a0
 ext4_es_remove_extent+0x1f9/0x430
 ext4_ind_truncate+0x1d9/0x910
 ext4_truncate+0xfd9/0x13d0
 ext4_setattr+0x1c73/0x2700
 notify_change+0xca5/0x1400
 do_truncate+0x143/0x200
 path_openat+0x20cc/0x29b0
 do_filp_open+0x1ba/0x410
 do_sys_openat2+0x171/0x4c0
 __x64_sys_creat+0xcd/0x120
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7fb98f3e8b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb98c95e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007fb98f4fbf60 RCX: 00007fb98f3e8b19
RDX: 0000000000000000 RSI: 0000000000000119 RDI: 0000000020000240
RBP: 00007fb98f442f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd584efe1f R14: 00007fb98c95e300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	48 83 c4 20          	add    $0x20,%rsp
   4:	e8 f2 25 14 03       	callq  0x31425fb
   9:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
   e:	65 0f c1 05 bd 6c d6 	xadd   %eax,%gs:0x7ed66cbd(%rip)        # 0x7ed66cd3
  15:	7e
  16:	83 f8 01             	cmp    $0x1,%eax
  19:	0f 85 9f 01 00 00    	jne    0x1be
  1f:	48 85 ed             	test   %rbp,%rbp
  22:	0f 85 90 01 00 00    	jne    0x1b8
* 28:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax <-- trapping instruction
  2f:	fc ff df
  32:	48 01 c3             	add    %rax,%rbx
  35:	48 c7 03 00 00 00 00 	movq   $0x0,(%rbx)
  3c:	48                   	rex.W
  3d:	c7                   	.byte 0xc7