watchdog: BUG: soft lockup - CPU#0 stuck for 21s! [syz-executor.6:18814]
Modules linked in:
irq event stamp: 4469737
hardirqs last  enabled at (4469736): [<ffffffff8460148a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (4469737): [<ffffffff845a391f>] sysvec_apic_timer_interrupt+0xf/0x90
softirqs last  enabled at (4142580): [<ffffffff8119ab83>] irq_exit_rcu+0x93/0xc0
softirqs last disabled at (4142583): [<ffffffff8119ab83>] irq_exit_rcu+0x93/0xc0
CPU: 0 PID: 18814 Comm: syz-executor.6 Not tainted 6.5.0-rc6-next-20230818 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__sanitizer_cov_trace_pc+0x31/0x70
Code: 4d fc b5 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b 14 25 80 8d 03 00 a9 00 01 ff 00 74 0e 85 c9 74 35 8b 82 9c 14 00 00 <85> c0 74 2b 8b 82 78 14 00 00 83 f8 02 75 20 48 8b 8a 80 14 00 00
RSP: 0018:ffff88806ce09820 EFLAGS: 00000206
RAX: 0000000000000000 RBX: ffff88803b817a48 RCX: 0000000000000100
RDX: ffff8880137d1b40 RSI: ffffffff8113aab9 RDI: ffff88803b817a48
RBP: 0000000000000001 R08: ffff88806ce098f8 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001
R13: ffff88803b817a48 R14: ffff88803b817a50 R15: 0000000000000001
FS:  00007fb7d4f8e700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4283bf9fe8 CR3: 0000000038534000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 __read_once_word_nocheck+0x9/0x20
 unwind_next_frame+0x1bb9/0x25d0
 arch_stack_walk+0xe6/0x160
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 __kasan_record_aux_stack+0x8e/0xa0
 __call_rcu_common.constprop.0+0x6a/0xbd0
 kmem_cache_free+0xc1/0x4d0
 kfree_skbmem+0xef/0x1b0
 consume_skb+0x126/0x2e0
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x427/0x730
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x59d/0xb60
 hrtimer_run_softirq+0x14c/0x310
 __do_softirq+0x1b7/0x7d4
 irq_exit_rcu+0x93/0xc0
 sysvec_apic_timer_interrupt+0x6e/0x90
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x70
Code: 00 e8 a0 ff ff ff 31 c0 e9 e9 4b 0f 03 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <65> 8b 05 4d fc b5 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b
RSP: 0018:ffff88803b817750 EFLAGS: 00000297
RAX: 0000000000000002 RBX: ffff888025e83000 RCX: ffffc900023f9000
RDX: 0000000000000000 RSI: ffffffff816d7d98 RDI: ffff8880137d1f34
RBP: 0000000000000001 R08: 0000000000000001 R09: ffff8880137d2528
R10: ffffffff85d51ad7 R11: 0000000000000001 R12: ffff888013565000
R13: ffff88802beec054 R14: ffff88802beec000 R15: 0000000000000001
 wb_get_lookup.part.0+0x2f2/0x600
 wb_get_create+0xac/0x1150
 __inode_attach_wb+0x2ea/0x920
 __mark_inode_dirty+0x996/0xc10
 generic_update_time+0xcb/0xf0
 touch_atime+0x4bb/0x590
 step_into+0x1291/0x2000
 walk_component+0xf5/0x5b0
 link_path_walk.part.0+0x76e/0xd90
 path_parentat+0xa8/0x1b0
 __filename_parentat+0x1dd/0x620
 filename_create+0xa3/0x4a0
 do_mkdirat+0x98/0x2d0
 __x64_sys_mkdirat+0x119/0x180
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x7fb7d7a18b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb7d4f8e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007fb7d7b2bf60 RCX: 00007fb7d7a18b19
RDX: 00000000000001ff RSI: 0000000020000040 RDI: ffffffffffffff9c
RBP: 00007fb7d7a72f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff0121f7ef R14: 00007fb7d4f8e300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 18796 Comm: syz-executor.1 Not tainted 6.5.0-rc6-next-20230818 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:debug_lockdep_rcu_enabled+0xa/0x40
Code: eb c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 8b 05 72 d3 7a 01 <85> c0 74 21 8b 05 bc e3 7a 01 85 c0 74 17 65 48 8b 04 25 80 8d 03
RSP: 0018:ffff88806cf09068 EFLAGS: 00000082
RAX: 0000000000000002 RBX: 1ffff1100d9e120f RCX: 0000000000000001
RDX: 1ffff110064e080d RSI: c0927cb26ae65a2c RDI: 00000000653e8aca
RBP: ffff88806cf09598 R08: 0000000000000000 R09: fffffbfff0ee9f68
R10: ffffffff8774fb47 R11: 0000000000000001 R12: ffff888030e397c0
R13: ffff88806cf09200 R14: ffff888030e39bf4 R15: 0000000000000000
FS:  00007f8fd5446700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f20e4617545 CR3: 0000000035e7a000 CR4: 0000000000350ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 perf_event_output_forward+0xae/0x3c0
 __perf_event_overflow+0x4c2/0x9e0
 perf_swevent_hrtimer+0x35e/0x3d0
 __hrtimer_run_queues+0x17f/0xb60
 hrtimer_interrupt+0x2ef/0x750
 __sysvec_apic_timer_interrupt+0xb3/0x330
 sysvec_apic_timer_interrupt+0x33/0x90
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:stack_trace_consume_entry+0x7e/0x170
Code: 0f 8e ad 00 00 00 31 c0 3b 6b 08 0f 83 81 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 0c 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 98 00 00 00 8b
RSP: 0018:ffff88806cf09640 EFLAGS: 00000217
RAX: dffffc0000000000 RBX: ffff88806cf09730 RCX: 0000000000000100
RDX: 0000000000000000 RSI: ffffffff8459e9ff RDI: ffff88806cf0973c
RBP: 000000000000002e R08: 0000000000000007 R09: 0000000000000000
R10: ffffffff8459e9ff R11: 0000000000000000 R12: ffffffff8459e9ff
R13: ffff88806cf09730 R14: ffff888032703680 R15: ffff88806cf09700
 arch_stack_walk+0xc4/0x160
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 __kasan_slab_alloc+0x59/0x70
 kmem_cache_alloc_node+0x199/0x3b0
 kmalloc_reserve+0x169/0x270
 __alloc_skb+0x129/0x330
 skb_copy+0x13d/0x3f0
 mac80211_hwsim_tx_frame_no_nl.isra.0+0xb11/0x1330
 mac80211_hwsim_tx_frame+0x1ee/0x2a0
 mac80211_hwsim_beacon_tx+0x427/0x730
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x59d/0xb60
 hrtimer_run_softirq+0x14c/0x310
 __do_softirq+0x1b7/0x7d4
 irq_exit_rcu+0x93/0xc0
 sysvec_apic_timer_interrupt+0x6e/0x90
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__sanitizer_cov_trace_pc+0x4d/0x70
Code: ff 00 74 0e 85 c9 74 35 8b 82 9c 14 00 00 85 c0 74 2b 8b 82 78 14 00 00 83 f8 02 75 20 48 8b 8a 80 14 00 00 8b 92 7c 14 00 00 <48> 8b 01 48 83 c0 01 48 39 c2 76 07 48 89 01 48 89 34 c1 e9 6b 4b
RSP: 0018:ffff8880398b7320 EFLAGS: 00000246
RAX: 0000000000000002 RBX: 0000000000000000 RCX: ffffc90007e26000
RDX: 0000000000040000 RSI: ffffffff815d40eb RDI: 0000000000000005
RBP: ffff88806cf34afc R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000030 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff85511d80
 perf_swevent_get_recursion_context+0xcb/0xf0
 perf_trace_buf_alloc+0x3a/0x1a0
 perf_trace_lock_acquire+0x14c/0x500
 lock_acquire+0x416/0x4c0
 __is_insn_slot_addr+0x41/0x290
 kernel_text_address+0x48/0xc0
 __kernel_text_address+0xd/0x40
 unwind_get_return_address+0x7d/0xe0
 arch_stack_walk+0xa2/0x160
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 __kasan_kmalloc+0x7f/0x90
 __kmalloc_node_track_caller+0x5e/0x160
 kstrdup+0x3f/0x80
 kstrdup_const+0x57/0x80
 __kernfs_new_node+0x9d/0x890
 kernfs_new_node+0x97/0x120
 __kernfs_create_file+0x55/0x350
 cgroup_addrm_files+0x3c8/0x9f0
 css_populate_dir+0x3a9/0x4b0
 cgroup_mkdir+0x38f/0x10b0
 kernfs_iop_mkdir+0x151/0x1e0
 vfs_mkdir+0x24b/0x470
 do_mkdirat+0x163/0x2d0
 __x64_sys_mkdirat+0x119/0x180
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x7f8fd7ed0b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8fd5446188 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007f8fd7fe3f60 RCX: 00007f8fd7ed0b19
RDX: 00000000000001ff RSI: 0000000020000040 RDI: ffffffffffffff9c
RBP: 00007f8fd7f2af6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffc5de980f R14: 00007f8fd5446300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	4d fc                	rex.WRB cld
   2:	b5 7e                	mov    $0x7e,%ch
   4:	89 c1                	mov    %eax,%ecx
   6:	48 8b 34 24          	mov    (%rsp),%rsi
   a:	81 e1 00 01 00 00    	and    $0x100,%ecx
  10:	65 48 8b 14 25 80 8d 	mov    %gs:0x38d80,%rdx
  17:	03 00
  19:	a9 00 01 ff 00       	test   $0xff0100,%eax
  1e:	74 0e                	je     0x2e
  20:	85 c9                	test   %ecx,%ecx
  22:	74 35                	je     0x59
  24:	8b 82 9c 14 00 00    	mov    0x149c(%rdx),%eax
* 2a:	85 c0                	test   %eax,%eax <-- trapping instruction
  2c:	74 2b                	je     0x59
  2e:	8b 82 78 14 00 00    	mov    0x1478(%rdx),%eax
  34:	83 f8 02             	cmp    $0x2,%eax
  37:	75 20                	jne    0x59
  39:	48 8b 8a 80 14 00 00 	mov    0x1480(%rdx),%rcx