watchdog: BUG: soft lockup - CPU#0 stuck for 24s! [syz-executor.0:5096]
Modules linked in:
irq event stamp: 10595103
hardirqs last  enabled at (10595102): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (10595103): [<ffffffff8459715f>] sysvec_apic_timer_interrupt+0xf/0x90
softirqs last  enabled at (10568854): [<ffffffff811907b3>] irq_exit_rcu+0x93/0xc0
softirqs last disabled at (10568857): [<ffffffff811907b3>] irq_exit_rcu+0x93/0xc0
CPU: 0 PID: 5096 Comm: syz-executor.0 Not tainted 6.5.0-rc3-next-20230728 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:ktime_get_with_offset+0x222/0x260
Code: 02 00 00 00 31 f6 48 c7 c7 48 d0 62 85 e8 76 db f0 ff 48 8b 74 24 60 48 c7 c7 48 d0 62 85 e8 55 d3 f0 ff e8 d0 e6 16 00 fb 5a <e9> a2 fe ff ff e8 54 a6 0f 00 0f 0b e9 28 fe ff ff 4c 89 f7 e8 05
RSP: 0018:ffff88806ce09c90 EFLAGS: 00000206
RAX: 0000000000a1aa22 RBX: 0000000000000200 RCX: ffffffff812d50af
RDX: ffffffff831ca166 RSI: 0000000000000000 RDI: ffffffff813d1fe0
RBP: ffff888033b268c0 R08: 0000000000000001 R09: fffffbfff0ee6765
R10: ffffffff87733b2f R11: 0000000000000001 R12: ffff888016748e20
R13: fffffbfff0ac5a21 R14: ffffffff8562d108 R15: dffffc0000000000
FS:  00007f0b80433700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcbf2b0c590 CR3: 00000000413ae000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 __mac80211_hwsim_beacon_tx+0x1e6/0x5c0
 mac80211_hwsim_beacon_tx+0x427/0x730
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x59d/0xb60
 hrtimer_run_softirq+0x14c/0x310
 __do_softirq+0x1b7/0x7d4
 irq_exit_rcu+0x93/0xc0
 sysvec_apic_timer_interrupt+0x6e/0x90
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:put_cpu_partial+0x107/0x1b0
Code: 39 45 28 75 5e 48 c7 45 28 00 00 00 00 48 c7 c6 22 80 81 81 48 89 ef e8 f7 72 ac ff 48 85 db 74 06 e8 6d 86 d2 ff fb 4d 85 f6 <74> 1e 5b 4c 89 f6 5d 4c 89 e7 41 5c 41 5d 41 5e 41 5f e9 12 fa ff
RSP: 0018:ffff888037a37490 EFLAGS: 00000246
RAX: 0000000000927e9d RBX: 0000000000000200 RCX: ffffffff812d50af
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff81818043
RBP: ffff88806ce3de60 R08: 0000000000000001 R09: fffffbfff0ee6765
R10: ffffffff87733b2f R11: 0000000000000001 R12: ffff88800844f780
R13: ffffea000031eb40 R14: 0000000000000000 R15: 0000000000000004
 qlist_free_all+0x6d/0x1a0
 kasan_quarantine_reduce+0x199/0x230
 __kasan_slab_alloc+0x49/0x70
 kmem_cache_alloc+0x17b/0x390
 __create_object+0x3c/0xc90
 __kmem_cache_alloc_node+0x20b/0x310
 __kmalloc+0x4d/0x160
 sk_prot_alloc+0x157/0x280
 sk_alloc+0x38/0x7b0
 __netlink_create+0x63/0x340
 __netlink_kernel_create+0x114/0x860
 audit_net_init+0x1b8/0x450
 ops_init+0xbb/0x6b0
 setup_net+0x3d9/0x990
 copy_net_ns+0x321/0x770
 create_new_namespaces+0x3f6/0xb30
 copy_namespaces+0x414/0x500
 copy_process+0x2b78/0x7320
 kernel_clone+0xeb/0x810
 __do_sys_clone3+0x1d5/0x250
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x7f0b82ebdb19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0b80433188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
RAX: ffffffffffffffda RBX: 00007f0b82fd0f60 RCX: 00007f0b82ebdb19
RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020004c00
RBP: 00007f0b82f17f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffed4a5c4f R14: 00007f0b80433300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 104 Comm: systemd-timesyn Not tainted 6.5.0-rc3-next-20230728 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__orc_find+0x7e/0xf0
Code: 48 c1 fa 02 48 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 <75> 50 48 63 03 48 01 d8 48 39 c1 73 b0 4c 8d 63 fc 49 39 ec 73 b3
RSP: 0018:ffff88800ff2f928 EFLAGS: 00000246
RAX: 0000000000000007 RBX: ffffffff85e14884 RCX: ffffffff8187e6a3
RDX: 0000000000000000 RSI: ffffffff8615d7a0 RDI: ffffffff85e14874
RBP: ffffffff85e14880 R08: ffffffff8615d7a0 R09: ffff88800ff2fa20
R10: 0000000000038001 R11: 0000000000022fd8 R12: ffffffff85e14888
R13: ffffffff85e14874 R14: ffffffff85e1487c R15: dffffc0000000000
FS:  00007f3b4f64a900(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055ed0656ebd0 CR3: 00000000103dc000 CR4: 0000000000350ee0
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 unwind_next_frame+0x2b1/0x2490
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x90/0xd0
 set_track_prepare+0x74/0xd0
 __create_object+0x3b2/0xc90
 kmem_cache_alloc+0x21f/0x390
 security_file_alloc+0x38/0x170
 init_file+0x99/0x250
 alloc_empty_file+0x94/0x1e0
 alloc_file+0x5e/0x800
 alloc_file_pseudo+0x16e/0x260
 sock_alloc_file+0x53/0x1e0
 __sys_socket+0x1ac/0x250
 __x64_sys_socket+0x73/0xb0
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x7f3b4ff40477
Code: 73 01 c3 48 8b 0d 19 ea 0b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 e9 0b 00 f7 d8 64 89 01 48
RSP: 002b:00007fff1094a068 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 000055ad3a542650 RCX: 00007f3b4ff40477
RDX: 0000000000000000 RSI: 0000000000080002 RDI: 0000000000000001
RBP: 00007fff1094a190 R08: 0000000000000000 R09: 000000000000000c
R10: 00007fff1094a0d0 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000016
 </TASK>
hpet: Lost 4 RTC interrupts
hpet: Lost 1 RTC interrupts
Bluetooth: hci6: command 0x0406 tx timeout
----------------
Code disassembly (best guess):
   0:	02 00                	add    (%rax),%al
   2:	00 00                	add    %al,(%rax)
   4:	31 f6                	xor    %esi,%esi
   6:	48 c7 c7 48 d0 62 85 	mov    $0xffffffff8562d048,%rdi
   d:	e8 76 db f0 ff       	callq  0xfff0db88
  12:	48 8b 74 24 60       	mov    0x60(%rsp),%rsi
  17:	48 c7 c7 48 d0 62 85 	mov    $0xffffffff8562d048,%rdi
  1e:	e8 55 d3 f0 ff       	callq  0xfff0d378
  23:	e8 d0 e6 16 00       	callq  0x16e6f8
  28:	fb                   	sti
  29:	5a                   	pop    %rdx
* 2a:	e9 a2 fe ff ff       	jmpq   0xfffffed1 <-- trapping instruction
  2f:	e8 54 a6 0f 00       	callq  0xfa688
  34:	0f 0b                	ud2
  36:	e9 28 fe ff ff       	jmpq   0xfffffe63
  3b:	4c 89 f7             	mov    %r14,%rdi
  3e:	e8                   	.byte 0xe8
  3f:	05                   	.byte 0x5