loop5: detected capacity change from 0 to 40 watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor.5:4224] Modules linked in: irq event stamp: 4591229 hardirqs last enabled at (4591228): [] asm_sysvec_apic_timer_interrupt+0x1a/0x20 hardirqs last disabled at (4591229): [] sysvec_apic_timer_interrupt+0xf/0xc0 softirqs last enabled at (4581846): [] __irq_exit_rcu+0x11b/0x180 softirqs last disabled at (4581849): [] __irq_exit_rcu+0x11b/0x180 CPU: 0 PID: 4224 Comm: syz-executor.5 Not tainted 6.2.0-rc2-next-20230105 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:__unwind_start+0x36e/0x7c0 Code: 00 00 49 8b 77 28 4c 89 e1 4c 89 fa 48 89 ef e8 48 db f5 ff 85 c0 0f 85 62 ff ff ff e9 f7 fe ff ff 65 48 8b 04 25 80 89 03 00 <48> 39 c5 0f 84 10 02 00 00 48 8d bd 58 15 00 00 48 b8 00 00 00 00 RSP: 0018:ffff88806ce09810 EFLAGS: 00000246 RAX: ffff88800e7b9ac0 RBX: ffff88806ce098f8 RCX: 0000000000000000 RDX: 1ffff1100d9c1311 RSI: 0000000000000000 RDI: ffff88806ce098d0 RBP: ffff88800e7b9ac0 R08: 0000000000000001 R09: ffff88806ce09860 R10: ffffed100d9c1319 R11: 0000000000000001 R12: 0000000000000000 R13: ffff88806ce09888 R14: ffff88800e7b9ac0 R15: ffff88806ce09860 FS: 00007f4f4f251700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f67e6f1b718 CR3: 000000003c0ba000 CR4: 0000000000350ef0 Call Trace: arch_stack_walk+0x63/0xf0 stack_trace_save+0x90/0xd0 kasan_save_stack+0x22/0x50 __kasan_record_aux_stack+0x95/0xb0 __call_rcu_common.constprop.0+0x6a/0xa00 __kmem_cache_free+0x8b/0x2f0 skb_release_data+0x6d8/0x810 consume_skb+0xcb/0x170 mac80211_hwsim_tx_frame+0x1f6/0x2a0 mac80211_hwsim_beacon_tx+0x566/0xb10 __iterate_interfaces+0x2d3/0x580 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0 mac80211_hwsim_beacon+0x105/0x200 __hrtimer_run_queues+0x54b/0xcb0 hrtimer_run_softirq+0x176/0x350 __do_softirq+0x1c7/0x913 __irq_exit_rcu+0x11b/0x180 irq_exit_rcu+0x9/0x30 sysvec_apic_timer_interrupt+0x92/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:qlist_free_all+0x70/0x1a0 Code: ff 48 89 c1 0f 1f 44 00 00 4c 89 f8 48 c7 c2 0f 97 7d 81 4c 89 fe 4c 89 f7 48 c1 e8 03 42 c6 04 20 fb e8 a3 b7 ff ff 48 85 db <0f> 84 aa 00 00 00 49 89 d8 49 89 ee 48 85 ed 75 ab ba 00 00 00 80 RSP: 0018:ffff88804583fa48 EFLAGS: 00000286 RAX: 00000000003b7df3 RBX: ffff8880437ce390 RCX: ffffffff812b7aef RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff8764d9b7 R10: fffffbfff0ec9b36 R11: 0000000000000001 R12: dffffc0000000000 R13: ffff88804583fa88 R14: ffff88800844f780 R15: ffff8880437ce260 kasan_quarantine_reduce+0x196/0x230 __kasan_slab_alloc+0x4c/0x70 __kmem_cache_alloc_node+0x17e/0x2f0 kmalloc_trace+0x26/0x120 alloc_pipe_info+0x10e/0x590 splice_direct_to_actor+0x6e6/0x8c0 do_splice_direct+0x1bc/0x290 do_sendfile+0xb1d/0x12c0 __x64_sys_sendfile64+0x1d5/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f4f51cdbb19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4f4f251188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f4f51deef60 RCX: 00007f4f51cdbb19 RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000006 RBP: 00007f4f51d35f6d R08: 0000000000000000 R09: 0000000000000000 R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc59447bdf R14: 00007f4f4f251300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 4221 Comm: syz-executor.1 Not tainted 6.2.0-rc2-next-20230105 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:perf_swevent_hrtimer+0x264/0x3d0 Code: 48 b8 00 00 00 00 00 fc ff df 48 01 d8 c7 00 00 00 00 00 48 c7 40 24 00 00 00 00 c7 40 2c 00 00 00 00 48 8b 84 24 b8 01 00 00 <65> 48 2b 04 25 28 00 00 00 0f 85 2e 01 00 00 48 8d 65 d8 44 89 f0 RSP: 0018:ffff88806cf09a80 EFLAGS: 00000082 RAX: 3e4a3e4423a62000 RBX: 1ffff1100d9e1354 RCX: 0000000000000100 RDX: ffff88801f6e1ac0 RSI: ffffffff8159c06a RDI: 0000000000000006 RBP: ffff88806cf09c98 R08: 0000000000000006 R09: 0000000000002710 R10: 000000432ba2eda2 R11: 0000000000000001 R12: ffff88801a145f60 R13: 0000000000002710 R14: 0000000000000001 R15: ffff88806cf2b940 FS: 00007f2864d73700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2bf21000 CR3: 000000001f756000 CR4: 0000000000350ee0 Call Trace: __hrtimer_run_queues+0x17f/0xcb0 hrtimer_interrupt+0x319/0x770 __sysvec_apic_timer_interrupt+0x148/0x510 sysvec_apic_timer_interrupt+0x3f/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:lock_is_held_type+0xfc/0x130 Code: 00 03 87 84 e8 b5 0e 00 00 b8 ff ff ff ff 65 0f c1 05 70 53 c0 7b 83 f8 01 75 26 48 f7 04 24 00 02 00 00 74 01 fb 48 83 c4 08 <44> 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f e9 e6 3e 02 00 45 31 ed eb RSP: 0018:ffff88806cf09f28 EFLAGS: 00000286 RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000000101 RDI: 0000000000000000 RBP: ffffffff856085a0 R08: 0000000000000000 R09: ffffffff85d0c217 R10: fffffbfff0ba1842 R11: 0000000000000001 R12: ffff88801f6e1ac0 R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88801f6e2470 rcu_read_lock_sched_held+0x42/0x80 __do_softirq+0x65e/0x913 __irq_exit_rcu+0x11b/0x180 irq_exit_rcu+0x9/0x30 sysvec_apic_timer_interrupt+0x92/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:task_sid_obj+0xdd/0x2e0 Code: 0f 85 0f 02 00 00 48 63 1d 30 89 8f 03 48 03 5d 78 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 cc 01 00 00 44 RSP: 0018:ffff8880448378e0 EFLAGS: 00000213 RAX: dffffc0000000000 RBX: ffff88800c7892c0 RCX: ffffc900007d5000 RDX: 0000000000000000 RSI: ffffffff81ee6a6a RDI: ffff88800c7892c4 RBP: ffff88800ca65300 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffff888016c99ac0 R13: ffff888044360820 R14: ffff888044837c68 R15: 0000000000000002 selinux_task_to_inode+0x5f/0x1f0 security_task_to_inode+0x50/0x90 pid_revalidate+0x131/0x2d0 lookup_fast+0x341/0x530 walk_component+0x5e/0x5b0 link_path_walk.part.0+0x5fb/0xe30 path_openat+0x24a/0x2a50 do_filp_open+0x1ba/0x410 do_sys_openat2+0x171/0x4c0 __x64_sys_openat+0x143/0x200 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f28677b0a04 Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 RSP: 002b:00007f2864d730b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007f2867910f60 RCX: 00007f28677b0a04 RDX: 0000000000000000 RSI: 00007f2867856f82 RDI: 00000000ffffff9c RBP: 00007f2867856f82 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007fff887f5c5f R14: 00007f2864d73300 R15: 0000000000022000 loop4: detected capacity change from 0 to 40 audit: type=1400 audit(1672997040.796:9): avc: denied { relabelto } for pid=4247 comm="syz-executor.4" name="file1" dev="sda" ino=16008 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:mouse_device_t:s0 tclass=file permissive=1 audit: type=1400 audit(1672997040.798:10): avc: denied { setattr } for pid=4247 comm="syz-executor.4" name="file1" dev="sda" ino=16008 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:mouse_device_t:s0 tclass=file permissive=1 audit: type=1400 audit(1672997040.799:11): avc: denied { getattr } for pid=4247 comm="syz-executor.4" path="/syzkaller-testdir339756712/syzkaller.Iw4P2f/8/file0/file1" dev="sda" ino=16008 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:mouse_device_t:s0 tclass=file permissive=1 audit: type=1400 audit(1672997040.800:12): avc: denied { read write } for pid=4247 comm="syz-executor.4" name="file1" dev="sda" ino=16008 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:mouse_device_t:s0 tclass=file permissive=1 audit: type=1400 audit(1672997040.800:13): avc: denied { open } for pid=4247 comm="syz-executor.4" path="/syzkaller-testdir339756712/syzkaller.Iw4P2f/8/file0/file1" dev="sda" ino=16008 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:mouse_device_t:s0 tclass=file permissive=1 loop4: detected capacity change from 0 to 40 audit: type=1400 audit(1672997042.755:14): avc: denied { unlink } for pid=561 comm="syz-executor.4" name="file1" dev="sda" ino=15983 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:mouse_device_t:s0 tclass=file permissive=1 ---------------- Code disassembly (best guess): 0: 00 00 add %al,(%rax) 2: 49 8b 77 28 mov 0x28(%r15),%rsi 6: 4c 89 e1 mov %r12,%rcx 9: 4c 89 fa mov %r15,%rdx c: 48 89 ef mov %rbp,%rdi f: e8 48 db f5 ff callq 0xfff5db5c 14: 85 c0 test %eax,%eax 16: 0f 85 62 ff ff ff jne 0xffffff7e 1c: e9 f7 fe ff ff jmpq 0xffffff18 21: 65 48 8b 04 25 80 89 mov %gs:0x38980,%rax 28: 03 00 * 2a: 48 39 c5 cmp %rax,%rbp <-- trapping instruction 2d: 0f 84 10 02 00 00 je 0x243 33: 48 8d bd 58 15 00 00 lea 0x1558(%rbp),%rdi 3a: 48 rex.W 3b: b8 00 00 00 00 mov $0x0,%eax