watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor.2:11248] Modules linked in: irq event stamp: 4808199 hardirqs last enabled at (4808198): [] asm_sysvec_apic_timer_interrupt+0x1a/0x20 hardirqs last disabled at (4808199): [] sysvec_apic_timer_interrupt+0xf/0x90 softirqs last enabled at (4805654): [] irq_exit_rcu+0x93/0xc0 softirqs last disabled at (4805657): [] irq_exit_rcu+0x93/0xc0 CPU: 0 PID: 11248 Comm: syz-executor.2 Not tainted 6.5.0-rc6-next-20230815 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:_raw_spin_unlock_irqrestore+0x34/0x50 Code: c7 18 53 48 89 f3 48 8b 74 24 10 e8 06 f5 d1 fc 48 89 ef e8 be 78 d2 fc 80 e7 02 74 06 e8 14 22 f8 fc fb 65 ff 0d 04 db a6 7b <74> 07 5b 5d e9 e3 2a 00 00 0f 1f 44 00 00 5b 5d e9 d7 2a 00 00 0f RSP: 0018:ffff88806ce09cd0 EFLAGS: 00000202 RAX: 0000000000495c94 RBX: 0000000000000246 RCX: ffffffff812e04ef RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff845cb27c RBP: ffff888030d106b8 R08: 0000000000000001 R09: fffffbfff0ee9f7e R10: ffffffff8774fbf7 R11: 0000000000000001 R12: 0000000000000246 R13: ffff888030d106b8 R14: ffff888030d106a8 R15: ffff888030d106a8 FS: 00007fb144d52700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055a92418b618 CR3: 0000000032fac000 CR4: 0000000000350ef0 Call Trace: wiphy_work_queue+0x6e/0x170 call_timer_fn+0x17d/0x4e0 expire_timers+0x272/0x460 run_timer_softirq+0x2f5/0x880 __do_softirq+0x1b7/0x7d4 irq_exit_rcu+0x93/0xc0 sysvec_apic_timer_interrupt+0x6e/0x90 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:__sanitizer_cov_trace_pc+0xb/0x70 Code: c0 e9 09 46 0f 03 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 8b 05 fd f5 b5 7e <89> c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b 14 25 80 8d 03 00 a9 RSP: 0018:ffff888039e770a8 EFLAGS: 00000286 RAX: 0000000000000001 RBX: ffff888039e77130 RCX: ffffffff8113b7ff RDX: ffff888040821b40 RSI: 0000000000000000 RDI: 0000000000000007 RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 R10: ffffffff81832378 R11: 0000000000000000 R12: 0000000000000001 R13: ffffffff81832378 R14: ffff888039e77171 R15: ffff888039e771d0 unwind_next_frame+0x1ad/0x25d0 arch_stack_walk+0xe6/0x160 stack_trace_save+0x90/0xd0 kasan_save_stack+0x22/0x50 kasan_set_track+0x25/0x30 __kasan_slab_alloc+0x59/0x70 kmem_cache_alloc+0x17b/0x390 __create_object+0x3c/0xc90 kmem_cache_alloc+0x21f/0x390 security_inode_alloc+0x38/0x160 inode_init_always+0xbb2/0xea0 alloc_inode+0x84/0x240 new_inode+0x1c/0x1e0 __ext4_new_inode+0x323/0x53d0 ext4_create+0x2e4/0x4e0 lookup_open.isra.0+0x1028/0x1400 path_openat+0x96c/0x2710 do_filp_open+0x1ba/0x410 do_sys_openat2+0x164/0x1d0 __x64_sys_openat+0x143/0x200 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x73/0xdd RIP: 0033:0x7fb1477dcb19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb144d52188 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007fb1478eff60 RCX: 00007fb1477dcb19 RDX: 00000000000026e1 RSI: 0000000020000200 RDI: ffffffffffffff9c RBP: 00007fb147836f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff8c2eac8f R14: 00007fb144d52300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 11250 Comm: syz-executor.3 Not tainted 6.5.0-rc6-next-20230815 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:strlen+0x63/0xa0 Code: 00 00 00 00 fc ff df 48 89 e8 48 83 c0 01 48 89 c2 48 89 c1 48 c1 ea 03 83 e1 07 0f b6 14 1a 38 ca 7f 04 84 d2 75 27 80 38 00 <75> de 48 83 c4 08 48 29 e8 5b 5d e9 ed 2e 06 00 48 83 c4 08 31 c0 RSP: 0018:ffff88806cf09158 EFLAGS: 00000006 RAX: ffffffff8489704f RBX: dffffc0000000000 RCX: 0000000000000007 RDX: 0000000000000000 RSI: ffffffff8562f508 RDI: ffffffff84897040 RBP: ffffffff84897040 R08: 0000000000000002 R09: 0000000000000001 R10: ffffffff85d51dd7 R11: 1ffff1100d9e69e9 R12: 0000000000000002 R13: 1ffff1100d9e1236 R14: ffff88806cf09230 R15: ffffffff85511d80 FS: 0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2bf20000 CR3: 000000002cb16000 CR4: 0000000000350ee0 Call Trace: perf_trace_lock_acquire+0xcf/0x500 lock_acquire+0x416/0x4c0 ktime_get+0x80/0x1f0 clockevents_program_event+0x14f/0x360 tick_program_event+0xa4/0x140 hrtimer_interrupt+0x340/0x750 __sysvec_apic_timer_interrupt+0xb3/0x330 sysvec_apic_timer_interrupt+0x33/0x90 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:__sanitizer_cov_trace_cmp8+0x8/0x20 Code: 00 00 00 e9 ea fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <48> 89 f2 48 89 fe bf 06 00 00 00 e9 b8 fe ff ff 0f 1f 84 00 00 00 RSP: 0018:ffff88806cf09588 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffffffff8607015c RCX: ffffffff8113aba4 RDX: fffffffffe533823 RSI: ffffffff845a397f RDI: ffffffff845a397d RBP: ffffffff86070160 R08: 0000000000000006 R09: ffffffff845a397d R10: ffffffff845a396c R11: 0000000000000000 R12: ffffffff845a397d R13: ffffffff845a397f R14: dffffc0000000000 R15: ffffffff8607015c __orc_find+0xc4/0x130 unwind_next_frame+0x31d/0x25d0 arch_stack_walk+0xe6/0x160 stack_trace_save+0x90/0xd0 kasan_save_stack+0x22/0x50 kasan_set_track+0x25/0x30 __kasan_slab_alloc+0x59/0x70 kmem_cache_alloc_node+0x199/0x3b0 kmalloc_reserve+0x169/0x270 __alloc_skb+0x129/0x330 skb_copy+0x13d/0x3f0 mac80211_hwsim_tx_frame_no_nl.isra.0+0xb11/0x1330 mac80211_hwsim_tx_frame+0x1ee/0x2a0 mac80211_hwsim_beacon_tx+0x427/0x730 __iterate_interfaces+0x2d3/0x580 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0 mac80211_hwsim_beacon+0x105/0x200 __hrtimer_run_queues+0x59d/0xb60 hrtimer_run_softirq+0x14c/0x310 __do_softirq+0x1b7/0x7d4 irq_exit_rcu+0x93/0xc0 sysvec_apic_timer_interrupt+0x6e/0x90 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:exit_shm+0x67b/0x920 Code: 48 c7 c7 20 43 9b 84 c6 05 7e 0a e4 03 01 e8 cc 1b 3f ff e9 ea fc ff ff e8 b2 0a 5f ff 4c 89 ff e8 9a 24 6e 02 48 8b 4c 24 28 <48> b8 00 00 00 00 00 fc ff df 48 c7 04 01 00 00 00 00 48 8b 84 24 RSP: 0018:ffff88803e617b28 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff88801aac0000 RCX: 1ffff11007cc2f6b RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88801aac08d0 RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed100355811a R10: ffff88801aac08d3 R11: 1ffff1100d9e69bf R12: ffff88802e3bef00 R13: ffff88802e3bf030 R14: ffff88801aac002c R15: ffff88801aac08d0 do_exit+0xa53/0x2740 do_group_exit+0xd4/0x2a0 get_signal+0x2693/0x2720 arch_do_signal_or_restart+0x81/0x790 exit_to_user_mode_prepare+0xeb/0x180 syscall_exit_to_user_mode+0x1d/0x50 do_syscall_64+0x4c/0x90 entry_SYSCALL_64_after_hwframe+0x73/0xdd RIP: 0033:0x7f721878ab19 Code: Unable to access opcode bytes at 0x7f721878aaef. RSP: 002b:00007f7215d00188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: 0000000000000005 RBX: 00007f721889df60 RCX: 00007f721878ab19 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000080 RBP: 00007f72187e4f6d R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff5c30e40f R14: 00007f7215d00300 R15: 0000000000022000 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 18 53 48 sbb %dl,0x48(%rbx) 3: 89 f3 mov %esi,%ebx 5: 48 8b 74 24 10 mov 0x10(%rsp),%rsi a: e8 06 f5 d1 fc callq 0xfcd1f515 f: 48 89 ef mov %rbp,%rdi 12: e8 be 78 d2 fc callq 0xfcd278d5 17: 80 e7 02 and $0x2,%bh 1a: 74 06 je 0x22 1c: e8 14 22 f8 fc callq 0xfcf82235 21: fb sti 22: 65 ff 0d 04 db a6 7b decl %gs:0x7ba6db04(%rip) # 0x7ba6db2d * 29: 74 07 je 0x32 <-- trapping instruction 2b: 5b pop %rbx 2c: 5d pop %rbp 2d: e9 e3 2a 00 00 jmpq 0x2b15 32: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 37: 5b pop %rbx 38: 5d pop %rbp 39: e9 d7 2a 00 00 jmpq 0x2b15 3e: 0f .byte 0xf