watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.7:4174] Modules linked in: irq event stamp: 4329791 hardirqs last enabled at (4329790): [] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 hardirqs last disabled at (4329791): [] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1094 softirqs last enabled at (4302568): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (4302571): [] asm_call_irq_on_stack+0x12/0x20 CPU: 0 PID: 4174 Comm: syz-executor.7 Not tainted 5.10.223 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x4/0x20 kernel/kcov.c:284 Code: 84 00 00 00 00 00 48 8b 0c 24 0f b7 d6 0f b7 f7 bf 03 00 00 00 e9 cc fe ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 48 8b 0c 24 <89> f2 89 fe bf 05 00 00 00 e9 ae fe ff ff 66 66 2e 0f 1f 84 00 00 RSP: 0018:ffff88806ce096d0 EFLAGS: 00000246 RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff814122db RDX: ffff88800cc63480 RSI: 0000000000000001 RDI: 0000000000000000 RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff868686e7 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: ffffffff85035bc8 R15: 00000000000000e8 FS: 00007fd0f3c8b700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2d529000 CR3: 000000001e0cc000 CR4: 0000000000350ef0 Call Trace: rcu_read_unlock include/linux/rcupdate.h:767 [inline] __is_insn_slot_addr+0x11b/0x290 kernel/kprobes.c:307 is_kprobe_optinsn_slot include/linux/kprobes.h:336 [inline] kernel_text_address kernel/extable.c:149 [inline] kernel_text_address+0xdf/0x120 kernel/extable.c:120 __kernel_text_address+0x9/0x40 kernel/extable.c:105 unwind_get_return_address arch/x86/kernel/unwind_orc.c:323 [inline] unwind_get_return_address+0x55/0xa0 arch/x86/kernel/unwind_orc.c:318 arch_stack_walk+0x99/0xf0 arch/x86/kernel/stacktrace.c:26 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc.constprop.0+0xc9/0xd0 mm/kasan/common.c:461 slab_post_alloc_hook mm/slab.h:532 [inline] slab_alloc_node mm/slub.c:2896 [inline] kmem_cache_alloc_node+0x14b/0x330 mm/slub.c:2932 __alloc_skb+0x6d/0x5b0 net/core/skbuff.c:199 skb_copy+0x183/0x350 net/core/skbuff.c:1529 mac80211_hwsim_tx_frame_no_nl.isra.0+0xb1d/0x13d0 drivers/net/wireless/mac80211_hwsim.c:1499 mac80211_hwsim_tx_frame+0x152/0x1e0 drivers/net/wireless/mac80211_hwsim.c:1716 mac80211_hwsim_beacon_tx+0x494/0x940 drivers/net/wireless/mac80211_hwsim.c:1770 __iterate_interfaces+0x1f0/0x550 net/mac80211/util.c:792 ieee80211_iterate_active_interfaces_atomic+0x71/0x1c0 net/mac80211/util.c:828 mac80211_hwsim_beacon+0xd1/0x1d0 drivers/net/wireless/mac80211_hwsim.c:1793 __run_hrtimer kernel/time/hrtimer.c:1584 [inline] __hrtimer_run_queues+0x632/0xb40 kernel/time/hrtimer.c:1648 hrtimer_run_softirq+0x148/0x310 kernel/time/hrtimer.c:1665 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1094 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:search_nested_keyrings+0x357/0xd20 security/keys/keyring.c:732 Code: 8e d6 08 00 00 41 8b 5f 50 31 ff 83 e3 40 89 de e8 3e 55 71 ff 85 db 74 7a e8 e5 5b 71 ff 48 89 e8 48 c1 e8 03 42 80 3c 30 00 <0f> 85 00 09 00 00 49 8b 9d 30 01 00 00 48 85 db 74 57 e8 c2 5b 71 RSP: 0018:ffff888045ea7718 EFLAGS: 00000246 RAX: 1ffff11002a4168e RBX: 0000000000000040 RCX: ffffc90005606000 RDX: 0000000000040000 RSI: ffffffff81cf456b RDI: 0000000000000005 RBP: ffff88801520b470 R08: 0000000000000001 R09: 0000000000000002 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: ffff88801520b340 R14: dffffc0000000000 R15: ffff888045ea7990 keyring_search_rcu+0x1b1/0x310 security/keys/keyring.c:922 search_cred_keyrings_rcu+0x19d/0x2e0 security/keys/process_keys.c:480 proc_keys_show+0x8f9/0xdc0 security/keys/proc.c:182 seq_read_iter+0xbf0/0x12b0 fs/seq_file.c:272 proc_reg_read_iter+0x20a/0x2e0 fs/proc/inode.c:310 call_read_iter include/linux/fs.h:1996 [inline] do_iter_readv_writev+0x57c/0x750 fs/read_write.c:738 do_iter_read+0x301/0x760 fs/read_write.c:801 vfs_readv+0xe5/0x160 fs/read_write.c:921 do_preadv fs/read_write.c:1013 [inline] __do_sys_preadv fs/read_write.c:1063 [inline] __se_sys_preadv fs/read_write.c:1058 [inline] __x64_sys_preadv+0x235/0x310 fs/read_write.c:1058 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 RIP: 0033:0x7fd0f6715b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd0f3c8b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 RAX: ffffffffffffffda RBX: 00007fd0f6828f60 RCX: 00007fd0f6715b19 RDX: 0000000000000001 RSI: 0000000020001580 RDI: 0000000000000004 RBP: 00007fd0f676ff6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc39a188ff R14: 00007fd0f3c8b300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 4180 Comm: syz-executor.2 Not tainted 5.10.223 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:25 [inline] RIP: 0010:static_key_false include/linux/jump_label.h:200 [inline] RIP: 0010:native_write_msr arch/x86/include/asm/msr.h:162 [inline] RIP: 0010:wrmsrl arch/x86/include/asm/msr.h:281 [inline] RIP: 0010:lapic_next_deadline+0x21/0x50 arch/x86/kernel/apic/apic.c:479 Code: 35 5e ca 02 0f 1f 44 00 00 0f ae f0 0f ae e8 0f 31 48 c1 e2 20 b9 e0 06 00 00 48 09 c2 48 8d 04 fa 48 89 c2 48 c1 ea 20 0f 30 <0f> 1f 44 00 00 31 c0 e9 63 3c 12 03 48 89 c6 31 d2 bf e0 06 00 00 RSP: 0018:ffff88806cf09840 EFLAGS: 00000017 RAX: 00000095af919498 RBX: 0000000000000000 RCX: 00000000000006e0 RDX: 0000000000000095 RSI: ffff88806cf27980 RDI: 0000000000000562 RBP: ffff88806cf27980 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000562 R13: 0000000000000000 R14: 7fffffffffffffff R15: 0000000000000000 FS: 00007fed3df7d700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2cf23000 CR3: 000000001ce34000 CR4: 0000000000350ee0 Call Trace: clockevents_program_event+0x244/0x360 kernel/time/clockevents.c:334 tick_program_event+0xa0/0x140 kernel/time/tick-oneshot.c:44 hrtimer_interrupt+0x3e1/0x9b0 kernel/time/hrtimer.c:1723 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1083 [inline] __sysvec_apic_timer_interrupt+0xfb/0x310 arch/x86/kernel/apic/apic.c:1100 run_sysvec_on_irqstack_cond arch/x86/include/asm/irq_stack.h:91 [inline] sysvec_apic_timer_interrupt+0x3e/0xa0 arch/x86/kernel/apic/apic.c:1094 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:instrument_atomic_read include/linux/instrumented.h:71 [inline] RIP: 0010:atomic_read include/asm-generic/atomic-instrumented.h:27 [inline] RIP: 0010:virt_spin_lock arch/x86/include/asm/qspinlock.h:99 [inline] RIP: 0010:queued_spin_lock_slowpath+0x9a/0x8c0 kernel/locking/qspinlock.c:326 Code: 0f 1f 44 00 00 49 89 fd 49 89 fc 41 be 01 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 c1 ed 03 41 83 e4 07 49 01 c5 41 83 c4 03 04 00 00 00 48 89 df e8 69 d3 44 00 41 0f b6 45 00 41 38 c4 7c RSP: 0018:ffff88806cf09a38 EFLAGS: 00000202 RAX: 0000000000000000 RBX: ffffffff87a04180 RCX: ffffffff81279957 RDX: fffffbfff0f40831 RSI: 0000000000000004 RDI: ffffffff87a04180 RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff87a04183 R10: fffffbfff0f40830 R11: 0000000000000001 R12: 0000000000000003 R13: fffffbfff0f40830 R14: 0000000000000001 R15: 1ffff1100d9e1348 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline] do_raw_spin_lock+0x1dc/0x260 kernel/locking/spinlock_debug.c:113 spin_lock include/linux/spinlock.h:354 [inline] mac80211_hwsim_tx_frame_no_nl.isra.0+0x695/0x13d0 drivers/net/wireless/mac80211_hwsim.c:1450 mac80211_hwsim_tx_frame+0x152/0x1e0 drivers/net/wireless/mac80211_hwsim.c:1716 mac80211_hwsim_beacon_tx+0x494/0x940 drivers/net/wireless/mac80211_hwsim.c:1770 __iterate_interfaces+0x1f0/0x550 net/mac80211/util.c:792 ieee80211_iterate_active_interfaces_atomic+0x71/0x1c0 net/mac80211/util.c:828 mac80211_hwsim_beacon+0xd1/0x1d0 drivers/net/wireless/mac80211_hwsim.c:1793 __run_hrtimer kernel/time/hrtimer.c:1584 [inline] __hrtimer_run_queues+0x632/0xb40 kernel/time/hrtimer.c:1648 hrtimer_run_softirq+0x148/0x310 kernel/time/hrtimer.c:1665 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1094 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:cpu_relax arch/x86/include/asm/vdso/processor.h:19 [inline] RIP: 0010:virt_spin_lock arch/x86/include/asm/qspinlock.h:100 [inline] RIP: 0010:queued_spin_lock_slowpath+0x122/0x8c0 kernel/locking/qspinlock.c:326 Code: 00 00 00 65 48 2b 04 25 28 00 00 00 0f 85 09 07 00 00 48 81 c4 88 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f e9 f0 a5 f8 02 f3 90 73 ff ff ff 44 8b 74 24 48 41 81 fe 00 01 00 00 0f 84 e1 00 00 RSP: 0018:ffff888045fff880 EFLAGS: 00000202 RAX: 0000000000000000 RBX: ffffffff85196d20 RCX: ffffffff81279957 RDX: fffffbfff0a32da5 RSI: 0000000000000004 RDI: ffffffff85196d20 RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff85196d23 R10: fffffbfff0a32da4 R11: 0000000000000001 R12: 0000000000000003 R13: fffffbfff0a32da4 R14: 0000000000000001 R15: 1ffff11008bfff11 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline] do_raw_spin_lock+0x1dc/0x260 kernel/locking/spinlock_debug.c:113 spin_lock include/linux/spinlock.h:354 [inline] proc_keys_start+0x4d/0x450 security/keys/proc.c:118 traverse.part.0+0x83/0x620 fs/seq_file.c:106 traverse fs/seq_file.c:101 [inline] seq_read_iter+0x934/0x12b0 fs/seq_file.c:195 proc_reg_read_iter+0x20a/0x2e0 fs/proc/inode.c:310 call_read_iter include/linux/fs.h:1996 [inline] do_iter_readv_writev+0x57c/0x750 fs/read_write.c:738 do_iter_read+0x301/0x760 fs/read_write.c:801 vfs_readv+0xe5/0x160 fs/read_write.c:921 do_preadv fs/read_write.c:1013 [inline] __do_sys_preadv fs/read_write.c:1063 [inline] __se_sys_preadv fs/read_write.c:1058 [inline] __x64_sys_preadv+0x235/0x310 fs/read_write.c:1058 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 RIP: 0033:0x7fed40a07b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fed3df7d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 RAX: ffffffffffffffda RBX: 00007fed40b1af60 RCX: 00007fed40a07b19 RDX: 0000000000000001 RSI: 0000000020001580 RDI: 0000000000000004 RBP: 00007fed40a61f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffef8bbf58f R14: 00007fed3df7d300 R15: 0000000000022000 ---------------- Code disassembly (best guess): 0: 84 00 test %al,(%rax) 2: 00 00 add %al,(%rax) 4: 00 00 add %al,(%rax) 6: 48 8b 0c 24 mov (%rsp),%rcx a: 0f b7 d6 movzwl %si,%edx d: 0f b7 f7 movzwl %di,%esi 10: bf 03 00 00 00 mov $0x3,%edi 15: e9 cc fe ff ff jmpq 0xfffffee6 1a: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1) 21: 00 00 00 00 25: 90 nop 26: 48 8b 0c 24 mov (%rsp),%rcx * 2a: 89 f2 mov %esi,%edx <-- trapping instruction 2c: 89 fe mov %edi,%esi 2e: bf 05 00 00 00 mov $0x5,%edi 33: e9 ae fe ff ff jmpq 0xfffffee6 38: 66 data16 39: 66 data16 3a: 2e cs 3b: 0f .byte 0xf 3c: 1f (bad) 3d: 84 00 test %al,(%rax)