watchdog: BUG: soft lockup - CPU#0 stuck for 143s! [syz.7.61:6355] Modules linked in: irq event stamp: 13623363 hardirqs last enabled at (13623362): [] irqentry_exit+0x63/0x90 kernel/entry/common.c:357 hardirqs last disabled at (13623363): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1049 softirqs last enabled at (13508592): [] __do_softirq kernel/softirq.c:613 [inline] softirqs last enabled at (13508592): [] invoke_softirq kernel/softirq.c:453 [inline] softirqs last enabled at (13508592): [] __irq_exit_rcu+0xfb/0x220 kernel/softirq.c:680 softirqs last disabled at (13508595): [] __do_softirq kernel/softirq.c:613 [inline] softirqs last disabled at (13508595): [] invoke_softirq kernel/softirq.c:453 [inline] softirqs last disabled at (13508595): [] __irq_exit_rcu+0xfb/0x220 kernel/softirq.c:680 CPU: 0 UID: 0 PID: 6355 Comm: syz.7.61 Not tainted 6.15.0-rc2-syzkaller-g82303a059aab #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 RIP: 0010:strlen+0x31/0x70 lib/string.c:413 Code: 56 41 54 53 49 89 fe 48 c7 c0 ff ff ff ff 49 bf 00 00 00 00 00 fc ff df 48 89 fb 49 89 c4 48 89 d8 48 c1 e8 03 42 0f b6 04 38 <84> c0 75 12 48 ff c3 49 8d 44 24 01 43 80 7c 26 01 00 75 dd eb 13 RSP: 0018:ffffc90000007118 EFLAGS: 00000a03 RAX: 0000000000000000 RBX: ffffffff8c4bbd45 RCX: 0000000000007103 RDX: ffffffff816d9bc8 RSI: ffffffff8ed3df20 RDI: ffffffff8c4bbd40 RBP: ffffc90000007250 R08: ffffc90000007c50 R09: 0000000000000000 R10: ffffc900000073f0 R11: fffff52000000e80 R12: 0000000000000004 R13: ffffffff8ec0d1a0 R14: ffffffff8c4bbd40 R15: dffffc0000000000 FS: 00007f076de876c0(0000) GS:ffff888124f9a000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000020000000d000 CR3: 000000006c5e6000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: _Z16__fortify_strlenPKcU25pass_dynamic_object_size1 include/linux/fortify-string.h:268 [inline] trace_event_get_offsets_lock include/trace/events/lock.h:50 [inline] do_perf_trace_lock include/trace/events/lock.h:50 [inline] perf_trace_lock+0x10c/0x4a0 include/trace/events/lock.h:50 __do_trace_lock_release include/trace/events/lock.h:69 [inline] trace_lock_release include/trace/events/lock.h:69 [inline] lock_release+0x3b4/0x3e0 kernel/locking/lockdep.c:5877 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:871 [inline] class_rcu_destructor include/linux/rcupdate.h:1155 [inline] unwind_next_frame+0x1a9f/0x23b0 arch/x86/kernel/unwind_orc.c:680 arch_stack_walk+0x11e/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4151 [inline] slab_alloc_node mm/slub.c:4200 [inline] kmem_cache_alloc_node_noprof+0x1f2/0x3b0 mm/slub.c:4252 kmalloc_reserve+0xa8/0x2a0 net/core/skbuff.c:577 __alloc_skb+0x1f2/0x480 net/core/skbuff.c:668 __netdev_alloc_skb+0x105/0xa10 net/core/skbuff.c:732 netdev_alloc_skb include/linux/skbuff.h:3413 [inline] dev_alloc_skb include/linux/skbuff.h:3426 [inline] __ieee80211_beacon_get+0x9a7/0x15e0 net/mac80211/tx.c:5475 ieee80211_beacon_get_tim+0xb7/0x330 net/mac80211/tx.c:5597 ieee80211_beacon_get include/net/mac80211.h:5648 [inline] mac80211_hwsim_beacon_tx+0x3a2/0x860 drivers/net/wireless/virtual/mac80211_hwsim.c:2313 __iterate_interfaces+0x297/0x570 net/mac80211/util.c:761 ieee80211_iterate_active_interfaces_atomic+0xd8/0x170 net/mac80211/util.c:797 mac80211_hwsim_beacon+0xd4/0x1f0 drivers/net/wireless/virtual/mac80211_hwsim.c:2347 __run_hrtimer kernel/time/hrtimer.c:1761 [inline] __hrtimer_run_queues+0x5a6/0xd40 kernel/time/hrtimer.c:1825 hrtimer_run_softirq+0x19a/0x2c0 kernel/time/hrtimer.c:1842 handle_softirqs+0x2d6/0x9b0 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xfb/0x220 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline] sysvec_irq_work+0xa3/0xc0 arch/x86/kernel/irq_work.c:17 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738 RIP: 0010:finish_task_switch+0x1ea/0x870 kernel/sched/core.c:5250 Code: c9 50 e8 a9 2d 0d 00 48 83 c4 08 4c 89 f7 e8 ad 41 00 00 0f 1f 44 00 00 4c 89 f7 e8 b0 08 a1 0a e8 eb 73 39 00 fb 48 8b 5d c0 <48> 8d bb 18 16 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc RSP: 0018:ffffc90002ff75c8 EFLAGS: 00000282 RAX: 2dc066d131c6c300 RBX: ffff88801f3eda00 RCX: 0000000000000006 RDX: 0000000000000006 RSI: ffffffff8e6491c3 RDI: ffffffff8ca1b5a0 RBP: ffffc90002ff7610 R08: ffffffff905fe077 R09: 1ffffffff20bfc0e R10: dffffc0000000000 R11: fffffbfff20bfc0f R12: 1ffff110170c7526 R13: dffffc0000000000 R14: ffff8880b8639b00 R15: ffff8880b863a930 context_switch kernel/sched/core.c:5385 [inline] __schedule+0x1b90/0x5240 kernel/sched/core.c:6767 preempt_schedule_irq+0xfe/0x1c0 kernel/sched/core.c:7090 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:check_kcov_mode kernel/kcov.c:194 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x37/0x70 kernel/kcov.c:217 Code: 08 60 68 93 65 8b 15 58 a5 a5 11 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 3c 16 00 00 00 74 2c 8b 91 18 16 00 00 <83> fa 02 75 21 48 8b 91 20 16 00 00 48 8b 32 48 8d 7e 01 8b 89 1c RSP: 0018:ffffc90002ff79d8 EFLAGS: 00000246 RAX: ffffffff81b6a3f9 RBX: 0000000000000000 RCX: ffff88801f3eda00 RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc90002ff7b70 R08: ffffffff81b6a388 R09: 1ffffffff20bfc0e R10: dffffc0000000000 R11: fffffbfff20bfc0f R12: ffffffff93686020 R13: dffffc0000000000 R14: 1ffff920005fef54 R15: 0000000000000000 smp_call_function_single+0x529/0x1990 kernel/smp.c:681 task_function_call kernel/events/core.c:121 [inline] perf_install_in_context+0x72c/0xb30 kernel/events/core.c:3033 __do_sys_perf_event_open kernel/events/core.c:13410 [inline] __se_sys_perf_event_open+0x2e08/0x34b0 kernel/events/core.c:13061 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f076cf8e169 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f076de87038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 00007f076d1b6080 RCX: 00007f076cf8e169 RDX: affffff7ffffffff RSI: 0000000000000000 RDI: 0000200000000180 RBP: 00007f076d010a68 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f076d1b6080 R15: 00007ffe84f28f28 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 6354 Comm: syz.8.60 Not tainted 6.15.0-rc2-syzkaller-g82303a059aab #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:36 [inline] RIP: 0010:native_write_msr arch/x86/include/asm/msr.h:149 [inline] RIP: 0010:wrmsr arch/x86/include/asm/msr.h:256 [inline] RIP: 0010:native_apic_msr_write+0x39/0x50 arch/x86/include/asm/apic.h:212 Code: 74 2a 83 ff 30 74 25 eb 10 81 ff d0 00 00 00 74 1b 81 ff e0 00 00 00 74 13 c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 c3 cc cc cc cc f3 0f 1e fa 89 f6 31 d2 e9 73 96 d4 03 0f 1f RSP: 0018:ffffc90000a07d78 EFLAGS: 00000046 RAX: 0000000000000092 RBX: 0000000000000020 RCX: 0000000000000838 RDX: 0000000000000000 RSI: 0000000000000092 RDI: 0000000000000838 RBP: 0000000000000092 R08: ffffffff81b34f59 R09: 0000000000000000 R10: ffffc90000a07888 R11: ffffffff816aed40 R12: 000000000000092f R13: dffffc0000000000 R14: 0000000010001274 R15: ffff8880b8723500 FS: 0000000000000000(0000) GS:ffff88812509a000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f53ae48f6c0 CR3: 0000000033374000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: apic_write arch/x86/include/asm/apic.h:405 [inline] lapic_next_event+0x11/0x20 arch/x86/kernel/apic/apic.c:415 clockevents_program_event+0x1c1/0x350 kernel/time/clockevents.c:334 hrtimer_interrupt+0x5b7/0xa40 kernel/time/hrtimer.c:1900 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline] __sysvec_apic_timer_interrupt+0x110/0x420 arch/x86/kernel/apic/apic.c:1055 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:ip_protocol_deliver_rcu+0x388/0x450 net/ipv4/ip_input.c:211 Code: e8 bd 00 b3 01 48 8b 5c 24 08 48 81 c3 e0 03 00 00 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 4b 52 b0 f7 48 8b 03 <65> 48 ff 40 18 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc RSP: 0018:ffffc90000a07fd8 EFLAGS: 00000246 RAX: ffffffff936aaa90 RBX: ffffffff9ac500a0 RCX: ffff88801f3e9e00 RDX: 0000000000000100 RSI: ffffffff8d5a0d00 RDI: ffffffff8ca1b5a0 RBP: ffffffff8ea66c60 R08: ffffffff8a8c09bb R09: 1ffff11004a51340 R10: dffffc0000000000 R11: ffffed1004a51341 R12: dffffc0000000000 R13: ffffffff8ea66c50 R14: ffffffff8a8cdd60 R15: ffff8880329cc140 ip_local_deliver_finish+0x343/0x600 net/ipv4/ip_input.c:233 NF_HOOK+0x3a0/0x450 include/linux/netfilter.h:314 ip_local_deliver net/ipv4/ip_input.c:254 [inline] dst_input include/net/dst.h:469 [inline] ip_sublist_rcv_finish+0x3c1/0x4f0 net/ipv4/ip_input.c:578 ip_list_rcv_finish net/ipv4/ip_input.c:627 [inline] ip_sublist_rcv+0x75f/0xab0 net/ipv4/ip_input.c:635 ip_list_rcv+0x42d/0x480 net/ipv4/ip_input.c:669 __netif_receive_skb_list_ptype net/core/dev.c:5928 [inline] __netif_receive_skb_list_core+0x952/0x980 net/core/dev.c:5975 __netif_receive_skb_list net/core/dev.c:6027 [inline] netif_receive_skb_list_internal+0xa53/0xe30 net/core/dev.c:6118 gro_normal_list include/net/gro.h:532 [inline] napi_complete_done+0x2d3/0x8a0 net/core/dev.c:6488 virtqueue_napi_complete drivers/net/virtio_net.c:737 [inline] virtnet_poll+0x2e13/0x39f0 drivers/net/virtio_net.c:3053 __napi_poll+0xcb/0x480 net/core/dev.c:7322 napi_poll net/core/dev.c:7386 [inline] net_rx_action+0x89d/0x1240 net/core/dev.c:7508 handle_softirqs+0x2d6/0x9b0 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xfb/0x220 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:check_kcov_mode kernel/kcov.c:194 [inline] RIP: 0010:write_comp_data kernel/kcov.c:246 [inline] RIP: 0010:__sanitizer_cov_trace_cmp4+0x35/0x90 kernel/kcov.c:288 Code: 14 25 08 60 68 93 65 8b 05 98 a3 a5 11 25 00 01 ff 00 74 10 3d 00 01 00 00 75 5b 83 ba 3c 16 00 00 00 74 52 8b 82 18 16 00 00 <83> f8 03 75 47 48 8b 8a 20 16 00 00 44 8b 8a 1c 16 00 00 49 c1 e1 RSP: 0018:ffffc900030571b0 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 00000000000001fd RCX: ffff88801f3e9e00 RDX: ffff88801f3e9e00 RSI: 00000000000001fd RDI: 00000000000000be RBP: 00000000000000be R08: ffffffff8216dcb0 R09: 1ffffd40002c3036 R10: dffffc0000000000 R11: fffff940002c3037 R12: dffffc0000000000 R13: dffffc0000000000 R14: ffff8880456ba00c R15: ffffea0001618180 __tlb_remove_folio_pages_size+0x240/0x590 mm/mmu_gather.c:200 zap_present_folio_ptes mm/memory.c:1530 [inline] zap_present_ptes mm/memory.c:1586 [inline] do_zap_pte_range mm/memory.c:1687 [inline] zap_pte_range mm/memory.c:1731 [inline] zap_pmd_range mm/memory.c:1823 [inline] zap_pud_range mm/memory.c:1852 [inline] zap_p4d_range mm/memory.c:1873 [inline] unmap_page_range+0x22cd/0x44d0 mm/memory.c:1894 unmap_vmas+0x3ce/0x5f0 mm/memory.c:1984 exit_mmap+0x2bc/0xde0 mm/mmap.c:1284 __mmput+0x115/0x420 kernel/fork.c:1379 exit_mm+0x221/0x310 kernel/exit.c:589 do_exit+0x994/0x27f0 kernel/exit.c:940 do_group_exit+0x207/0x2c0 kernel/exit.c:1102 get_signal+0x1696/0x1730 kernel/signal.c:3034 arch_do_signal_or_restart+0x98/0x810 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0xce/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x210 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f9922f8e169 Code: Unable to access opcode bytes at 0x7f9922f8e13f. RSP: 002b:00007f9923e01038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: 0000000000000006 RBX: 00007f99231b5fa0 RCX: 00007f9922f8e169 RDX: ffff7fffffffffff RSI: 0000000000000000 RDI: 0000200000000500 RBP: 00007f9923010a68 R08: 0000000000000009 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f99231b5fa0 R15: 00007fff5c404208