watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.5:5307]
Modules linked in:
irq event stamp: 5286955
hardirqs last  enabled at (5286954): [<ffffffff84000c82>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
hardirqs last disabled at (5286955): [<ffffffff83e047eb>] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1095
softirqs last  enabled at (5283006): [<ffffffff84001002>] asm_call_irq_on_stack+0x12/0x20
softirqs last disabled at (5283009): [<ffffffff84001002>] asm_call_irq_on_stack+0x12/0x20
CPU: 0 PID: 5307 Comm: syz-executor.5 Not tainted 5.10.153 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x60 kernel/kcov.c:196
Code: ff ff ff b8 08 00 00 00 4d 8b 17 49 8b 16 48 0f bd c8 48 63 c9 e9 5e ff ff ff 4c 01 d2 49 89 17 e9 cd fd ff ff 90 48 8b 34 24 <65> 48 8b 14 25 80 6f 02 00 65 8b 05 4c 45 c2 7e a9 00 01 ff 00 74
RSP: 0018:ffff88806ce09c00 EFLAGS: 00000202
RAX: ffffffff83b058e1 RBX: 0000000000000001 RCX: ffffffff83b05924
RDX: 0000000000000001 RSI: ffffffff83b05932 RDI: 0000000000000001
RBP: ffff888020878bc0 R08: 0000000000000000 R09: ffffffff86799667
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88804974885a
R13: ffff888044380d00 R14: 1ffff1100d9c1382 R15: ffff88806ce09d98
FS:  00007f4fcddf2700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2d023000 CR3: 000000001cf86000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 sta_info_hash_lookup net/mac80211/sta_info.c:162 [inline]
 sta_info_get_bss+0xd2/0x420 net/mac80211/sta_info.c:199
 __ieee80211_rx_handle_packet net/mac80211/rx.c:4724 [inline]
 ieee80211_rx_list+0xdb0/0x2350 net/mac80211/rx.c:4845
 ieee80211_rx_napi+0xdd/0x380 net/mac80211/rx.c:4866
 ieee80211_rx include/net/mac80211.h:4502 [inline]
 ieee80211_tasklet_handler+0xd3/0x130 net/mac80211/main.c:235
 tasklet_action_common.constprop.0+0x244/0x2f0 kernel/softirq.c:560
 __do_softirq+0x1b8/0x86b kernel/softirq.c:298
 asm_call_irq_on_stack+0x12/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:393 [inline]
 __irq_exit_rcu kernel/softirq.c:423 [inline]
 irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435
 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1095
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:copy_user_generic_string+0x2c/0x40 arch/x86/lib/copy_user_64.S:169
Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 73 b4 1f 02 0f 1f 00 0f 01
RSP: 0018:ffff888044957bf8 EFLAGS: 00040246
RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000001f8
RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffff88802098c040
RBP: ffff88802098c000 R08: 0000000000000001 R09: ffff88802098cfff
R10: ffffed10041319ff R11: 0000000000000001 R12: 0000000020000040
R13: 0000000020001040 R14: 00007ffffffff000 R15: 0000000000000000
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:52 [inline]
 copyin.part.0+0x10b/0x140 lib/iov_iter.c:159
 copyin lib/iov_iter.c:776 [inline]
 _copy_from_iter+0x231/0xd40 lib/iov_iter.c:776
 copy_from_iter include/linux/uio.h:146 [inline]
 kernfs_fop_write_iter+0x194/0x510 fs/kernfs/file.c:277
 call_write_iter include/linux/fs.h:1904 [inline]
 new_sync_write+0x42c/0x660 fs/read_write.c:518
 vfs_write+0x747/0xa30 fs/read_write.c:605
 ksys_write+0x12d/0x260 fs/read_write.c:658
 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xc6
RIP: 0033:0x7f4fd087cb19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4fcddf2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f4fd098ff60 RCX: 00007f4fd087cb19
RDX: 000000000000fdef RSI: 0000000020000040 RDI: 0000000000000003
RBP: 00007f4fd08d6f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe9ab02a2f R14: 00007f4fcddf2300 R15: 0000000000022000
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 5286 Comm: syz-executor.1 Not tainted 5.10.153 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x4/0x20 kernel/kcov.c:290
Code: 00 00 00 00 00 90 48 8b 0c 24 89 f2 89 fe bf 05 00 00 00 e9 ae fe ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 0c 24 <48> 89 f2 48 89 fe bf 07 00 00 00 e9 8c fe ff ff 66 66 2e 0f 1f 84
RSP: 0018:ffff88806cf09268 EFLAGS: 00000002
RAX: 000000809c069b6d RBX: ffff888045788158 RCX: ffffffff8130c05d
RDX: ffff8880461e9980 RSI: 000000809c069b6d RDI: 0000000000000000
RBP: 0000000000002710 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000002710 R11: 0000000000000001 R12: 000000809c069b6d
R13: 7fffffffffffffff R14: 0000000000000001 R15: 000000809c06745d
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555556d1c58 CR3: 000000000c702000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 ktime_add_safe kernel/time/hrtimer.c:335 [inline]
 hrtimer_add_expires include/linux/hrtimer.h:267 [inline]
 hrtimer_forward+0x18d/0x270 kernel/time/hrtimer.c:964
 hrtimer_forward_now include/linux/hrtimer.h:501 [inline]
 perf_swevent_hrtimer+0x252/0x3f0 kernel/events/core.c:10397
 __run_hrtimer kernel/time/hrtimer.c:1583 [inline]
 __hrtimer_run_queues+0x1ca/0xb50 kernel/time/hrtimer.c:1647
 hrtimer_interrupt+0x2fd/0x9b0 kernel/time/hrtimer.c:1709
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1084 [inline]
 __sysvec_apic_timer_interrupt+0xfb/0x400 arch/x86/kernel/apic/apic.c:1101
 run_sysvec_on_irqstack_cond arch/x86/include/asm/irq_stack.h:91 [inline]
 sysvec_apic_timer_interrupt+0x3e/0xa0 arch/x86/kernel/apic/apic.c:1095
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:unwind_get_return_address+0x12/0xa0 arch/x86/kernel/unwind_orc.c:319
Code: eb ac e8 d1 4d 5b 00 e9 75 ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 48 c1 ea 03 <53> 48 89 fb 0f b6 04 02 84 c0 74 04 3c 03 7e 59 8b 03 85 c0 75 09
RSP: 0018:ffff88806cf09738 EFLAGS: 00000212
RAX: dffffc0000000000 RBX: ffffffff812fc330 RCX: ffffffff859c4401
RDX: 1ffff1100d9e12e9 RSI: 0000000000000001 RDI: ffff88806cf09748
RBP: ffff88806cf097d0 R08: 0000000000000001 R09: ffff8880492bf778
R10: 0000000000032042 R11: 1ffff1100d9e12d6 R12: ffff88806cf09800
R13: 0000000000000000 R14: ffff8880461e9980 R15: 00000000000000e0
 arch_stack_walk+0x99/0xf0 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121
 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48
 kasan_set_track mm/kasan/common.c:56 [inline]
 __kasan_kmalloc.constprop.0+0xc9/0xd0 mm/kasan/common.c:461
 slab_post_alloc_hook mm/slab.h:532 [inline]
 slab_alloc_node mm/slub.c:2896 [inline]
 kmem_cache_alloc_node+0x14b/0x370 mm/slub.c:2932
 __alloc_skb+0x6d/0x620 net/core/skbuff.c:198
 skb_copy+0x137/0x2f0 net/core/skbuff.c:1522
 mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0 drivers/net/wireless/mac80211_hwsim.c:1494
 mac80211_hwsim_tx_frame+0x152/0x1e0 drivers/net/wireless/mac80211_hwsim.c:1711
 mac80211_hwsim_beacon_tx+0x494/0x8f0 drivers/net/wireless/mac80211_hwsim.c:1765
 __iterate_interfaces+0x1f0/0x530 net/mac80211/util.c:792
 ieee80211_iterate_active_interfaces_atomic+0x72/0x180 net/mac80211/util.c:828
 mac80211_hwsim_beacon+0xd1/0x1d0 drivers/net/wireless/mac80211_hwsim.c:1788
 __run_hrtimer kernel/time/hrtimer.c:1583 [inline]
 __hrtimer_run_queues+0x5e8/0xb50 kernel/time/hrtimer.c:1647
 hrtimer_run_softirq+0x148/0x310 kernel/time/hrtimer.c:1664
 __do_softirq+0x1b8/0x86b kernel/softirq.c:298
 asm_call_irq_on_stack+0x12/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:393 [inline]
 __irq_exit_rcu kernel/softirq.c:423 [inline]
 irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435
 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1095
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:193
Code: ff ff b9 ff ff ff ff b8 08 00 00 00 4d 8b 17 49 8b 16 48 0f bd c8 48 63 c9 e9 5e ff ff ff 4c 01 d2 49 89 17 e9 cd fd ff ff 90 <48> 8b 34 24 65 48 8b 14 25 80 6f 02 00 65 8b 05 4c 45 c2 7e a9 00
RSP: 0018:ffff8880492bf770 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff815f2a4b
RDX: 0000000000000000 RSI: ffff8880461e9980 RDI: 0000000000000001
RBP: ffffea0001046d80 R08: 0000000000000000 R09: ffffea0001046db3
R10: 0000000000000000 R11: 0000000000000001 R12: ffffea0001046db0
R13: ffff8880476208b0 R14: dffffc0000000000 R15: 00007f33aa317000
 zap_pte_range mm/memory.c:1337 [inline]
 zap_pmd_range mm/memory.c:1404 [inline]
 zap_pud_range mm/memory.c:1433 [inline]
 zap_p4d_range mm/memory.c:1454 [inline]
 unmap_page_range+0x990/0x1ea0 mm/memory.c:1475
 unmap_single_vma+0x198/0x300 mm/memory.c:1520
 unmap_vmas+0x16d/0x300 mm/memory.c:1552
 exit_mmap+0x27f/0x4f0 mm/mmap.c:3235
 __mmput kernel/fork.c:1089 [inline]
 mmput+0xca/0x340 kernel/fork.c:1110
 exit_mm kernel/exit.c:487 [inline]
 do_exit+0xb21/0x2740 kernel/exit.c:798
 do_group_exit+0x125/0x310 kernel/exit.c:908
 get_signal+0x469/0x2210 kernel/signal.c:2748
 arch_do_signal+0x8c/0x1c60 arch/x86/kernel/signal.c:805
 exit_to_user_mode_loop kernel/entry/common.c:161 [inline]
 exit_to_user_mode_prepare+0xf7/0x160 kernel/entry/common.c:191
 irqentry_exit_to_user_mode+0x5/0x30 kernel/entry/common.c:279
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0033:0x7f33ab689b03
Code: Unable to access opcode bytes at RIP 0x7f33ab689ad9.
RSP: 002b:00007f33a8bff218 EFLAGS: 00000246
RAX: 00000000000000ca RBX: 00007f33ab79cf68 RCX: 00000000000f4240
RDX: 0000000000000081 RSI: 00007f33ab79cf6c RDI: 00000000000000ca
RBP: 00007f33ab79cf60 R08: 0000000000000003 R09: 000000000000000e
R10: 00007ffef13f7090 R11: 00000000000efc00 R12: 00007f33ab79cf6c
R13: 00007ffef120b68f R14: 00007f33a8bff300 R15: 0000000000022000
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	b8 08 00 00 00       	mov    $0x8,%eax
   5:	4d 8b 17             	mov    (%r15),%r10
   8:	49 8b 16             	mov    (%r14),%rdx
   b:	48 0f bd c8          	bsr    %rax,%rcx
   f:	48 63 c9             	movslq %ecx,%rcx
  12:	e9 5e ff ff ff       	jmpq   0xffffff75
  17:	4c 01 d2             	add    %r10,%rdx
  1a:	49 89 17             	mov    %rdx,(%r15)
  1d:	e9 cd fd ff ff       	jmpq   0xfffffdef
  22:	90                   	nop
  23:	48 8b 34 24          	mov    (%rsp),%rsi
* 27:	65 48 8b 14 25 80 6f 	mov    %gs:0x26f80,%rdx <-- trapping instruction
  2e:	02 00
  30:	65 8b 05 4c 45 c2 7e 	mov    %gs:0x7ec2454c(%rip),%eax        # 0x7ec24583
  37:	a9 00 01 ff 00       	test   $0xff0100,%eax
  3c:	74                   	.byte 0x74