SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=4022 comm=syz-executor.2 SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=4025 comm=syz-executor.2 watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.0:3993] Modules linked in: irq event stamp: 5255383 hardirqs last enabled at (5255382): [] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 hardirqs last disabled at (5255383): [] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1094 softirqs last enabled at (5219480): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (5219485): [] asm_call_irq_on_stack+0x12/0x20 CPU: 1 PID: 3993 Comm: syz-executor.0 Not tainted 5.10.226 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:cpu_relax arch/x86/include/asm/vdso/processor.h:19 [inline] RIP: 0010:virt_spin_lock arch/x86/include/asm/qspinlock.h:100 [inline] RIP: 0010:queued_spin_lock_slowpath+0x122/0x8c0 kernel/locking/qspinlock.c:326 Code: 00 00 00 65 48 2b 04 25 28 00 00 00 0f 85 09 07 00 00 48 81 c4 88 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f e9 00 a4 f8 02 f3 90 73 ff ff ff 44 8b 74 24 48 41 81 fe 00 01 00 00 0f 84 e1 00 00 RSP: 0018:ffff88806cf09a38 EFLAGS: 00000202 RAX: 0000000000000000 RBX: ffffffff87a04080 RCX: ffffffff81279b47 RDX: fffffbfff0f40811 RSI: 0000000000000004 RDI: ffffffff87a04080 RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff87a04083 R10: fffffbfff0f40810 R11: 0000000000000001 R12: 0000000000000003 R13: fffffbfff0f40810 R14: 0000000000000001 R15: 1ffff1100d9e1348 FS: 00007f49249d7700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055e8838b5260 CR3: 0000000048562000 CR4: 0000000000350ee0 Call Trace: queued_spin_lock include/asm-generic/qspinlock.h:85 [inline] do_raw_spin_lock+0x1dc/0x260 kernel/locking/spinlock_debug.c:113 spin_lock include/linux/spinlock.h:354 [inline] mac80211_hwsim_tx_frame_no_nl.isra.0+0x695/0x13d0 drivers/net/wireless/mac80211_hwsim.c:1450 mac80211_hwsim_tx_frame+0x152/0x1e0 drivers/net/wireless/mac80211_hwsim.c:1716 mac80211_hwsim_beacon_tx+0x494/0x940 drivers/net/wireless/mac80211_hwsim.c:1770 __iterate_interfaces+0x1f0/0x550 net/mac80211/util.c:792 ieee80211_iterate_active_interfaces_atomic+0x71/0x1c0 net/mac80211/util.c:828 mac80211_hwsim_beacon+0xd1/0x1d0 drivers/net/wireless/mac80211_hwsim.c:1793 __run_hrtimer kernel/time/hrtimer.c:1586 [inline] __hrtimer_run_queues+0x632/0xb40 kernel/time/hrtimer.c:1650 hrtimer_run_softirq+0x148/0x310 kernel/time/hrtimer.c:1667 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1094 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:refill_obj_stock+0x18c/0x320 mm/memcontrol.c:3228 Code: f4 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 45 01 00 00 44 89 65 18 41 81 fc 00 10 00 00 77 56 4d 85 f6 75 4a 41 55 9d <48> 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f e9 b1 f1 b1 02 48 b8 00 RSP: 0018:ffff88801e3ef070 EFLAGS: 00000282 RAX: 00000000004fa49b RBX: ffff88806cf38cf8 RCX: 1ffffffff0d0d1b2 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff816e4e48 RBP: ffff88806cf38ce0 R08: 0000000000000001 R09: ffffffff868686e7 R10: fffffbfff0d0d0dc R11: 0000000000000001 R12: 0000000000000858 R13: 0000000000000282 R14: 0000000000000200 R15: ffff88806cf38cf0 memcg_slab_free_hook mm/slab.h:382 [inline] memcg_slab_free_hook mm/slab.h:351 [inline] do_slab_free mm/slub.c:3105 [inline] ___cache_free+0x101/0x360 mm/slub.c:3156 qlink_free mm/kasan/quarantine.c:151 [inline] qlist_free_all+0x59/0xe0 mm/kasan/quarantine.c:170 quarantine_reduce+0x184/0x210 mm/kasan/quarantine.c:267 __kasan_kmalloc.constprop.0+0xa2/0xd0 mm/kasan/common.c:442 slab_post_alloc_hook mm/slab.h:532 [inline] slab_alloc_node mm/slub.c:2896 [inline] slab_alloc mm/slub.c:2904 [inline] kmem_cache_alloc+0x13b/0x310 mm/slub.c:2909 kmem_cache_zalloc include/linux/slab.h:654 [inline] __kernfs_new_node+0xd4/0x860 fs/kernfs/dir.c:635 kernfs_new_node+0x18d/0x250 fs/kernfs/dir.c:711 __kernfs_create_file+0x51/0x350 fs/kernfs/file.c:985 sysfs_add_file_mode_ns+0x221/0x560 fs/sysfs/file.c:306 sysfs_create_file_ns+0x131/0x1d0 fs/sysfs/file.c:332 sysfs_create_file include/linux/sysfs.h:599 [inline] device_create_file+0xea/0x1d0 drivers/base/core.c:2387 device_add+0x547/0x1c50 drivers/base/core.c:2958 device_create_groups_vargs+0x207/0x280 drivers/base/core.c:3669 device_create+0xdc/0x120 drivers/base/core.c:3711 vc_allocate+0x5c0/0x840 drivers/tty/vt/vt.c:1158 con_install+0x93/0x5d0 drivers/tty/vt/vt.c:3390 tty_driver_install_tty drivers/tty/tty_io.c:1311 [inline] tty_init_dev.part.0+0xa0/0x610 drivers/tty/tty_io.c:1425 tty_init_dev include/linux/err.h:36 [inline] tty_open_by_driver drivers/tty/tty_io.c:2068 [inline] tty_open+0xc0e/0x13e0 drivers/tty/tty_io.c:2116 chrdev_open+0x268/0x6e0 fs/char_dev.c:414 do_dentry_open+0x4b7/0x1090 fs/open.c:817 do_open fs/namei.c:3307 [inline] path_openat+0x19ba/0x2770 fs/namei.c:3425 do_filp_open+0x190/0x3e0 fs/namei.c:3452 do_sys_openat2+0x171/0x4d0 fs/open.c:1227 do_sys_open fs/open.c:1243 [inline] __do_sys_openat fs/open.c:1259 [inline] __se_sys_openat fs/open.c:1254 [inline] __x64_sys_openat+0x13f/0x1f0 fs/open.c:1254 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 RIP: 0033:0x7f4927414a04 Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 RSP: 002b:00007f49249d6cc0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007f4927574f60 RCX: 00007f4927414a04 RDX: 0000000000000002 RSI: 00007f49249d6d60 RDI: 00000000ffffff9c RBP: 00007f49249d6d60 R08: 0000000000000000 R09: 000000000000000e R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 R13: 00007ffc4daf562f R14: 00007f49249d7300 R15: 0000000000022000 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 4018 Comm: syz-executor.5 Not tainted 5.10.226 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:91 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:108 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:134 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:165 [inline] RIP: 0010:check_memory_region_inline mm/kasan/generic.c:183 [inline] RIP: 0010:check_memory_region+0x198/0x1f0 mm/kasan/generic.c:192 Code: 7d 85 41 bb 01 00 00 00 5b 5d 44 89 d8 41 5c e9 0e b0 b3 02 48 85 d2 74 e9 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 db 80 38 00 <74> f2 e9 28 ff ff ff 48 29 c3 48 89 da 49 89 d3 49 c1 fb 3f 49 c1 RSP: 0018:ffff88806ce09b28 EFLAGS: 00000046 RAX: fffffbfff0acebd9 RBX: fffffbfff0acebda RCX: ffffffff812739bf RDX: fffffbfff0acebda RSI: 0000000000000008 RDI: ffffffff85675ec8 RBP: fffffbfff0acebd9 R08: 0000000000000000 R09: ffffffff85675ecf R10: fffffbfff0acebd9 R11: 0000000000000001 R12: 0000000000000002 R13: 0000000000000000 R14: ffffffff8500fb08 R15: 0000000000000000 FS: 00007f65ae5ae700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000561265f576cc CR3: 000000001e2e8000 CR4: 0000000000350ef0 Call Trace: instrument_atomic_read include/linux/instrumented.h:71 [inline] test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline] cpumask_test_cpu include/linux/cpumask.h:367 [inline] trace_lock_acquire include/trace/events/lock.h:13 [inline] lock_acquire+0xaf/0x470 kernel/locking/lockdep.c:5537 seqcount_lockdep_reader_access include/linux/seqlock.h:103 [inline] ktime_get_update_offsets_now+0x9b/0x360 kernel/time/timekeeping.c:2298 hrtimer_update_base kernel/time/hrtimer.c:631 [inline] hrtimer_interrupt+0x10e/0x9b0 kernel/time/hrtimer.c:1694 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1083 [inline] __sysvec_apic_timer_interrupt+0xfb/0x310 arch/x86/kernel/apic/apic.c:1100 run_sysvec_on_irqstack_cond arch/x86/include/asm/irq_stack.h:91 [inline] sysvec_apic_timer_interrupt+0x3e/0xa0 arch/x86/kernel/apic/apic.c:1094 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:__sanitizer_cov_trace_const_cmp1+0x0/0x20 kernel/kcov.c:270 Code: 1f 84 00 00 00 00 00 0f 1f 00 48 8b 0c 24 48 89 f2 48 89 fe bf 06 00 00 00 e9 0c ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 <48> 8b 0c 24 40 0f b6 d6 40 0f b6 f7 bf 01 00 00 00 e9 ea fe ff ff RSP: 0018:ffff88806ce09e30 EFLAGS: 00000246 RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff8131264a RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffff8880477258e0 R08: 0000000000000000 R09: ffffffff85675ecf R10: 0000000000000000 R11: 0000000000000001 R12: ffff88806ce2ea40 R13: ffff88806ce2ecc0 R14: 0000000000000001 R15: dffffc0000000000 trace_hrtimer_expire_exit include/trace/events/timer.h:283 [inline] __run_hrtimer kernel/time/hrtimer.c:1589 [inline] __hrtimer_run_queues+0x911/0xb40 kernel/time/hrtimer.c:1650 hrtimer_run_softirq+0x148/0x310 kernel/time/hrtimer.c:1667 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1094 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:unwind_next_frame+0x131d/0x1a90 arch/x86/kernel/unwind_orc.c:606 Code: ff 80 3d a8 97 54 04 00 0f 85 ba ef ff ff e9 8c 12 c8 02 48 b8 00 00 00 00 00 fc ff df 48 8b 54 24 08 48 c1 ea 03 80 3c 02 00 <0f> 85 b9 04 00 00 49 8d 7d 08 49 8b 5d 38 48 b8 00 00 00 00 00 fc RSP: 0018:ffff8880202f7160 EFLAGS: 00000246 RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 1ffff1100405ee4f RDX: 1ffff1100405ee4e RSI: ffff8880202f7f48 RDI: ffff8880202f7f48 RBP: ffff8880202f726d R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000032042 R11: 1ffff1100405ee34 R12: ffff8880202f7f58 R13: ffff8880202f7238 R14: 1ffff1100405ee34 R15: ffffffff85d3cf3c arch_stack_walk+0x83/0xf0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_set_track+0x1c/0x30 mm/kasan/common.c:56 kasan_set_free_info+0x1b/0x30 mm/kasan/generic.c:355 __kasan_slab_free+0x110/0x160 mm/kasan/common.c:422 slab_free_hook mm/slub.c:1542 [inline] slab_free_freelist_hook+0xa9/0x180 mm/slub.c:1576 slab_free mm/slub.c:3149 [inline] kfree+0xd7/0x340 mm/slub.c:4125 iomap_dio_complete+0x3f6/0x780 fs/iomap/direct-io.c:129 iomap_dio_rw+0x63/0x90 fs/iomap/direct-io.c:608 ext4_dio_read_iter fs/ext4/file.c:77 [inline] ext4_file_read_iter fs/ext4/file.c:129 [inline] ext4_file_read_iter+0x2c7/0x4c0 fs/ext4/file.c:114 call_read_iter include/linux/fs.h:1996 [inline] io_iter_do_read io_uring/io_uring.c:3567 [inline] io_read+0x2dc/0x11e0 io_uring/io_uring.c:3630 io_issue_sqe+0x2e8a/0x77b0 io_uring/io_uring.c:6746 __io_queue_sqe+0x90/0x9d0 io_uring/io_uring.c:7059 io_queue_sqe io_uring/io_uring.c:7110 [inline] io_submit_sqe io_uring/io_uring.c:7287 [inline] io_submit_sqes+0x44aa/0x8610 io_uring/io_uring.c:7393 __do_sys_io_uring_enter+0x6b5/0x18c0 io_uring/io_uring.c:9920 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 RIP: 0033:0x7f65b1038b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f65ae5ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 00007f65b114bf60 RCX: 00007f65b1038b19 RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000003 RBP: 00007f65b1092f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffce3dc8caf R14: 00007f65ae5ae300 R15: 0000000000022000 ---------------- Code disassembly (best guess): 0: 00 00 add %al,(%rax) 2: 00 65 48 add %ah,0x48(%rbp) 5: 2b 04 25 28 00 00 00 sub 0x28,%eax c: 0f 85 09 07 00 00 jne 0x71b 12: 48 81 c4 88 00 00 00 add $0x88,%rsp 19: 5b pop %rbx 1a: 5d pop %rbp 1b: 41 5c pop %r12 1d: 41 5d pop %r13 1f: 41 5e pop %r14 21: 41 5f pop %r15 23: e9 00 a4 f8 02 jmpq 0x2f8a428 28: f3 90 pause * 2a: e9 73 ff ff ff jmpq 0xffffffa2 <-- trapping instruction 2f: 44 8b 74 24 48 mov 0x48(%rsp),%r14d 34: 41 81 fe 00 01 00 00 cmp $0x100,%r14d 3b: 0f .byte 0xf 3c: 84 e1 test %ah,%cl