watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.0:4463] Modules linked in: irq event stamp: 7027031 hardirqs last enabled at (7027030): [] asm_sysvec_apic_timer_interrupt+0x1a/0x20 hardirqs last disabled at (7027031): [] sysvec_apic_timer_interrupt+0xf/0xc0 softirqs last enabled at (7017236): [] __irq_exit_rcu+0x11b/0x180 softirqs last disabled at (7017239): [] __irq_exit_rcu+0x11b/0x180 CPU: 1 PID: 4463 Comm: syz-executor.0 Not tainted 6.2.0-rc2-next-20230105 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:unwind_next_frame+0x296/0x2130 Code: 3f 28 1d 03 86 83 c2 01 49 81 f8 2c ab 49 86 0f 83 75 06 00 00 89 d7 48 8d 3c 7f 48 8d bc 3f 28 1d 03 86 48 81 ff 2c ab 49 86 <0f> 87 5a 06 00 00 29 ca 4c 89 c6 48 8d 3c 85 d0 13 d4 85 4c 89 f9 RSP: 0018:ffff88806cf09838 EFLAGS: 00000297 RAX: 000000000008916e RBX: 0000000000000001 RCX: 000000000008916e RDX: 000000000008916f RSI: 00000000000250dc RDI: ffffffff863685c2 RBP: ffff88806cf09910 R08: ffffffff863685bc R09: ffffffff8636858a R10: ffff88806cf09ff8 R11: 0000000000038001 R12: ffff88806cf098f9 R13: ffff88806cf09918 R14: ffff88806cf098b8 R15: ffffffff8350dcdb FS: 00007f8c98f73700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2c326000 CR3: 000000001e838000 CR4: 0000000000350ee0 Call Trace: arch_stack_walk+0x87/0xf0 stack_trace_save+0x90/0xd0 kasan_save_stack+0x22/0x50 __kasan_record_aux_stack+0x95/0xb0 __call_rcu_common.constprop.0+0x6a/0xa00 kmem_cache_free+0xb9/0x510 kfree_skbmem+0xef/0x1b0 consume_skb+0xd8/0x170 mac80211_hwsim_tx_frame+0x1f6/0x2a0 mac80211_hwsim_beacon_tx+0x566/0xb10 __iterate_interfaces+0x2d3/0x580 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0 mac80211_hwsim_beacon+0x105/0x200 __hrtimer_run_queues+0x54b/0xcb0 hrtimer_run_softirq+0x176/0x350 __do_softirq+0x1c7/0x913 __irq_exit_rcu+0x11b/0x180 irq_exit_rcu+0x9/0x30 sysvec_apic_timer_interrupt+0x92/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:___slab_alloc+0x877/0x1080 Code: 00 00 48 c7 c6 77 17 7d 81 48 89 df e8 62 01 af ff 48 f7 44 24 10 00 02 00 00 74 06 e8 02 74 d3 ff fb 48 8b 84 24 80 00 00 00 <65> 48 2b 04 25 28 00 00 00 0f 85 ef 07 00 00 48 81 c4 88 00 00 00 RSP: 0018:ffff88801f7bf6c8 EFLAGS: 00000202 RAX: 38d4246e5187da00 RBX: ffff88806cf3d960 RCX: ffffffff812b7aef RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffff88800844f780 R08: 0000000000000001 R09: ffffffff8764d90f R10: fffffbfff0ec9b21 R11: 0000000000000001 R12: 000000000003d960 R13: ffffea000036b200 R14: ffff888046a95040 R15: ffff88800dac8720 __slab_alloc.constprop.0+0x4d/0x90 kmem_cache_alloc+0x2e7/0x300 __create_object+0x3d/0xc40 __kmem_cache_alloc_node+0x1ed/0x2f0 __kmalloc+0x46/0xc0 ops_init+0x23b/0x6c0 setup_net+0x40c/0x9d0 copy_net_ns+0x321/0x770 create_new_namespaces+0x3f6/0xb30 copy_namespaces+0x414/0x500 copy_process+0x2a5e/0x7390 kernel_clone+0xeb/0x8c0 __do_sys_clone3+0x1d5/0x2e0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f8c9b9fdb19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f8c98f73188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 RAX: ffffffffffffffda RBX: 00007f8c9bb10f60 RCX: 00007f8c9b9fdb19 RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020004c00 RBP: 00007f8c9ba57f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe868bfebf R14: 00007f8c98f73300 R15: 0000000000022000 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 4467 Comm: syz-executor.1 Not tainted 6.2.0-rc2-next-20230105 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:lapic_next_deadline+0xc/0x50 Code: e8 99 82 6d 00 eb d9 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f ae f0 0f ae e8 0f 31 <48> c1 e2 20 b9 e0 06 00 00 48 09 c2 48 8d 04 fa 48 89 c2 48 c1 ea RSP: 0018:ffff88806ce09a70 EFLAGS: 00000046 RAX: 0000000044ee5b68 RBX: 0000000000000000 RCX: 0000000000000019 RDX: 00000000000000fb RSI: ffff88806ce28140 RDI: 0000000000000455 RBP: ffff88806ce28140 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000c67 R11: 0000000000000001 R12: 0000000000000455 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88806ce2b8c0 FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055c6c2b9a648 CR3: 000000000f4ae000 CR4: 0000000000350ef0 Call Trace: clockevents_program_event+0x248/0x360 tick_program_event+0xb0/0x150 hrtimer_interrupt+0x36a/0x770 __sysvec_apic_timer_interrupt+0x148/0x510 sysvec_apic_timer_interrupt+0x3f/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:kcov_remote_start+0x16b/0x6d0 Code: 48 c7 43 28 00 00 00 00 48 c7 c6 21 7d 49 81 48 89 df e8 b8 9b e2 ff 4d 85 ed 0f 84 dd fe ff ff e8 5a 0e 07 00 fb 48 83 c4 18 <5b> 5d 41 5c 41 5d 41 5e 41 5f e9 ea f5 fa 02 65 8b 05 27 0c ba 7e RSP: 0018:ffff88806ce09c58 EFLAGS: 00000282 RAX: 0000000000390390 RBX: ffff88806ce2c408 RCX: ffffffff812b7aef RDX: 0000000000000000 RSI: 0000000000000101 RDI: 0000000000000000 RBP: ffff888046cd5040 R08: 0000000000000001 R09: ffffffff8764d92f R10: fffffbfff0ec9b25 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000200 R14: ffff88806ce2c408 R15: ffff888046cd5040 ieee80211_rx_list+0x4a3/0x2f10 ieee80211_rx_napi+0xde/0x3c0 ieee80211_tasklet_handler+0xd8/0x140 tasklet_action_common.constprop.0+0x208/0x2f0 __do_softirq+0x1c7/0x913 __irq_exit_rcu+0x11b/0x180 irq_exit_rcu+0x9/0x30 sysvec_apic_timer_interrupt+0x92/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:debug_lockdep_rcu_enabled+0x4/0x40 Code: 86 84 e8 6f 0e 00 00 65 c7 05 2c 53 c0 7b 00 00 00 00 eb bf 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <8b> 05 76 8e 8e 01 85 c0 74 21 8b 05 a8 9e 8e 01 85 c0 74 17 65 48 RSP: 0018:ffff88801f7675a8 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000039300 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffff88801f7676c0 R08: 0000000000000006 R09: 00007f35c5846000 R10: 00007f35c5987000 R11: 0000000000000001 R12: ffff88806ce39300 R13: ffff888046cd5040 R14: 00007f35c5987000 R15: 0000000000000001 __schedule+0x154/0x2b20 preempt_schedule_common+0x45/0xc0 __cond_resched+0x1b/0x30 unmap_page_range+0xd7d/0x2c10 unmap_single_vma+0x190/0x2a0 unmap_vmas+0x226/0x380 exit_mmap+0x158/0x6a0 mmput+0xd5/0x390 do_exit+0x99b/0x2780 do_group_exit+0xd4/0x2a0 get_signal+0x2255/0x2390 arch_do_signal_or_restart+0x79/0x5a0 exit_to_user_mode_prepare+0x131/0x1a0 syscall_exit_to_user_mode+0x1d/0x50 do_syscall_64+0x4c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f35c780fb19 Code: Unable to access opcode bytes at 0x7f35c780faef. RSP: 002b:00007f35c4d85188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: 0000000000000005 RBX: 00007f35c7922f60 RCX: 00007f35c780fb19 RDX: 0000000000000088 RSI: 0000000000000002 RDI: 000000000000000a RBP: 00007f35c7869f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff85e18fbf R14: 00007f35c4d85300 R15: 0000000000022000 perf: interrupt took too long (2580 > 2500), lowering kernel.perf_event_max_sample_rate to 77000 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 28 1d 03 86 83 c2 sub %bl,-0x3d7c79fd(%rip) # 0xc2838609 6: 01 49 81 add %ecx,-0x7f(%rcx) 9: f8 clc a: 2c ab sub $0xab,%al c: 49 86 0f rex.WB xchg %cl,(%r15) f: 83 75 06 00 xorl $0x0,0x6(%rbp) 13: 00 89 d7 48 8d 3c add %cl,0x3c8d48d7(%rcx) 19: 7f 48 jg 0x63 1b: 8d bc 3f 28 1d 03 86 lea -0x79fce2d8(%rdi,%rdi,1),%edi 22: 48 81 ff 2c ab 49 86 cmp $0xffffffff8649ab2c,%rdi * 29: 0f 87 5a 06 00 00 ja 0x689 <-- trapping instruction 2f: 29 ca sub %ecx,%edx 31: 4c 89 c6 mov %r8,%rsi 34: 48 8d 3c 85 d0 13 d4 lea -0x7a2bec30(,%rax,4),%rdi 3b: 85 3c: 4c 89 f9 mov %r15,%rcx