watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.7:4572] Modules linked in: irq event stamp: 4180239 hardirqs last enabled at (4180238): [] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 hardirqs last disabled at (4180239): [] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1094 softirqs last enabled at (4156834): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (4156837): [] asm_call_irq_on_stack+0x12/0x20 CPU: 0 PID: 4572 Comm: syz-executor.7 Not tainted 5.10.226 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x60 kernel/kcov.c:196 Code: ff ff ff b8 08 00 00 00 4d 8b 17 49 8b 16 48 0f bd c8 48 63 c9 e9 5e ff ff ff 4c 01 d2 49 89 17 e9 cd fd ff ff 90 48 8b 34 24 <65> 48 8b 14 25 80 6f 02 00 65 8b 05 ec cf c1 7e a9 00 01 ff 00 74 RSP: 0018:ffff88806ce09d30 EFLAGS: 00000246 RAX: 000000000000000a RBX: ffff8880463d0d00 RCX: 1ffff11008c7a0db RDX: 0000000000000000 RSI: ffffffff82c996de RDI: ffff8880463d4e34 RBP: ffff888048843500 R08: 0000000000000000 R09: ffff8880463d0d5f R10: 0000000000000000 R11: 0000000000000001 R12: ffff888046811d98 R13: ffff8880463d31c0 R14: ffff8880463d4e30 R15: ffff8880463d31e8 FS: 00007f87578ad700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020008000 CR3: 00000000472ce000 CR4: 0000000000350ef0 Call Trace: mac80211_hwsim_beacon_tx+0x2ae/0x940 drivers/net/wireless/mac80211_hwsim.c:1753 __iterate_interfaces+0x1f0/0x550 net/mac80211/util.c:792 ieee80211_iterate_active_interfaces_atomic+0x71/0x1c0 net/mac80211/util.c:828 mac80211_hwsim_beacon+0xd1/0x1d0 drivers/net/wireless/mac80211_hwsim.c:1793 __run_hrtimer kernel/time/hrtimer.c:1586 [inline] __hrtimer_run_queues+0x632/0xb40 kernel/time/hrtimer.c:1650 hrtimer_run_softirq+0x148/0x310 kernel/time/hrtimer.c:1667 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1094 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x60 kernel/kcov.c:196 Code: ff ff ff b8 08 00 00 00 4d 8b 17 49 8b 16 48 0f bd c8 48 63 c9 e9 5e ff ff ff 4c 01 d2 49 89 17 e9 cd fd ff ff 90 48 8b 34 24 <65> 48 8b 14 25 80 6f 02 00 65 8b 05 ec cf c1 7e a9 00 01 ff 00 74 RSP: 0018:ffff8880201d7af0 EFLAGS: 00000206 RAX: 0000000000000f59 RBX: ffff8880182c4500 RCX: ffffffff81ccbe9a RDX: 0000000000000f59 RSI: ffffffff81ccbeab RDI: 0000000000000005 RBP: 0000000000000000 R08: 0000000000000001 R09: ffff8880182c4503 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000f55 R13: ffff888046c7abc8 R14: dffffc0000000000 R15: ffff88800c949eaa __refcount_add include/linux/refcount.h:200 [inline] __refcount_inc include/linux/refcount.h:250 [inline] refcount_inc include/linux/refcount.h:267 [inline] get_pid include/linux/pid.h:86 [inline] ipc_update_pid ipc/util.h:187 [inline] semctl_main+0x195b/0x28f0 ipc/sem.c:1514 ksys_semctl.constprop.0+0x2b4/0x320 ipc/sem.c:1681 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 RIP: 0033:0x7f875a337b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f87578ad188 EFLAGS: 00000246 ORIG_RAX: 0000000000000042 RAX: ffffffffffffffda RBX: 00007f875a44af60 RCX: 00007f875a337b19 RDX: 0000000000000011 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f875a391f6d R08: 0000000000000000 R09: 0000000000000000 R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffd72164bf R14: 00007f87578ad300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 285 Comm: syz-executor.2 Not tainted 5.10.226 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:__bfs+0x342/0x620 kernel/locking/lockdep.c:1753 Code: 1d e3 08 19 05 48 89 34 c5 80 44 3f 86 73 06 89 1d d3 08 19 05 48 89 f0 48 c1 e8 03 42 80 3c 38 00 0f 85 f1 01 00 00 48 8b 1e <48> 39 d9 75 27 e9 9b fd ff ff 48 89 d8 4c 89 73 30 48 c1 e8 03 42 RSP: 0018:ffff88804252f678 EFLAGS: 00000046 RAX: 1ffffffff0d3f837 RBX: ffffffff86a61cc8 RCX: ffffffff868736f0 RDX: 00000000000003dd RSI: ffffffff869fc1b8 RDI: ffffffff863f46b8 RBP: ffff88804252f7c0 R08: 0000000000000030 R09: 0000000000000002 R10: 1ffffffff0c7e8d7 R11: 0000000000000001 R12: ffffffff86a61d48 R13: 0000000000000030 R14: ffffffff86a61d38 R15: dffffc0000000000 FS: 000055555dbed400(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020008000 CR3: 0000000042526000 CR4: 0000000000350ee0 Call Trace: __bfs_backwards kernel/locking/lockdep.c:1796 [inline] check_irq_usage+0x181/0xcd0 kernel/locking/lockdep.c:2740 check_prev_add kernel/locking/lockdep.c:2992 [inline] check_prevs_add kernel/locking/lockdep.c:3113 [inline] validate_chain kernel/locking/lockdep.c:3729 [inline] __lock_acquire+0x29ff/0x5b00 kernel/locking/lockdep.c:4955 lock_acquire kernel/locking/lockdep.c:5566 [inline] lock_acquire+0x197/0x470 kernel/locking/lockdep.c:5531 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x27/0x40 kernel/locking/spinlock.c:151 rq_lock kernel/sched/sched.h:1296 [inline] ttwu_queue kernel/sched/core.c:2717 [inline] try_to_wake_up+0x56f/0x1290 kernel/sched/core.c:2997 signal_wake_up_state+0x2b/0x60 kernel/signal.c:770 signal_wake_up include/linux/sched/signal.h:428 [inline] complete_signal+0x727/0x840 kernel/signal.c:1052 __send_signal+0x72c/0x11e0 kernel/signal.c:1181 do_send_sig_info kernel/signal.c:1291 [inline] group_send_sig_info+0x2ba/0x320 kernel/signal.c:1414 __kill_pgrp_info+0x88/0x120 kernel/signal.c:1432 kill_something_info+0x101/0x330 kernel/signal.c:1570 __do_sys_kill kernel/signal.c:3665 [inline] __se_sys_kill kernel/signal.c:3659 [inline] __x64_sys_kill+0x1b6/0x240 kernel/signal.c:3659 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 RIP: 0033:0x7f822ac5cb87 Code: ff ff 90 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff e9 5d ff ff ff e8 75 79 04 00 0f 1f 44 00 00 b8 3e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff5325c478 EFLAGS: 00000297 ORIG_RAX: 000000000000003e RAX: ffffffffffffffda RBX: 0000000000000049 RCX: 00007f822ac5cb87 RDX: 000000000005121d RSI: 0000000000000009 RDI: 00000000ffffffb7 RBP: 00007fff5325c4dc R08: 000000000000014c R09: 00007fff5332b080 R10: 00007fff5332b090 R11: 0000000000000297 R12: 0000000000000064 R13: 000000000004b6f6 R14: 0000000000000002 R15: 00007fff5325c540 ---------------- Code disassembly (best guess), 3 bytes skipped: 0: b8 08 00 00 00 mov $0x8,%eax 5: 4d 8b 17 mov (%r15),%r10 8: 49 8b 16 mov (%r14),%rdx b: 48 0f bd c8 bsr %rax,%rcx f: 48 63 c9 movslq %ecx,%rcx 12: e9 5e ff ff ff jmpq 0xffffff75 17: 4c 01 d2 add %r10,%rdx 1a: 49 89 17 mov %rdx,(%r15) 1d: e9 cd fd ff ff jmpq 0xfffffdef 22: 90 nop 23: 48 8b 34 24 mov (%rsp),%rsi * 27: 65 48 8b 14 25 80 6f mov %gs:0x26f80,%rdx <-- trapping instruction 2e: 02 00 30: 65 8b 05 ec cf c1 7e mov %gs:0x7ec1cfec(%rip),%eax # 0x7ec1d023 37: a9 00 01 ff 00 test $0xff0100,%eax 3c: 74 .byte 0x74