watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.1:7881] Modules linked in: irq event stamp: 5071521 hardirqs last enabled at (5071520): [] asm_sysvec_apic_timer_interrupt+0x1a/0x20 hardirqs last disabled at (5071521): [] sysvec_apic_timer_interrupt+0xf/0xc0 softirqs last enabled at (5046852): [] __irq_exit_rcu+0x11b/0x180 softirqs last disabled at (5046855): [] __irq_exit_rcu+0x11b/0x180 CPU: 0 PID: 7881 Comm: syz-executor.1 Not tainted 6.1.0-rc7-next-20221129 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:unwind_next_frame+0x348/0x2130 Code: 8e c7 15 00 00 41 c6 46 40 01 49 c7 c0 00 4e 4c 85 48 b8 00 00 00 00 00 fc ff df 4d 8d 48 04 4c 89 ca 48 c1 ea 03 0f b6 04 02 <4c> 89 ca 83 e2 07 38 d0 7f 08 84 c0 0f 85 e4 14 00 00 41 0f b6 40 RSP: 0018:ffff88806ce097c8 EFLAGS: 00000213 RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff840e8b53 RDX: 1ffffffff0c84898 RSI: ffffffff864244b6 RDI: ffffffff85fe2dd4 RBP: ffff88806ce098a0 R08: ffffffff864244c2 R09: ffffffff864244c6 R10: ffffed100d9c1316 R11: 0000000000038001 R12: ffff88806ce09889 R13: ffff88806ce098a8 R14: ffff88806ce09848 R15: ffffffff840e8b53 FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32620000 CR3: 0000000035d02000 CR4: 0000000000350ef0 Call Trace: arch_stack_walk+0x87/0xf0 stack_trace_save+0x90/0xd0 kasan_save_stack+0x22/0x50 __kasan_record_aux_stack+0x95/0xb0 __call_rcu_common.constprop.0+0x6a/0xa40 __kmem_cache_free+0x95/0x410 skb_release_data+0x6d8/0x810 consume_skb+0xcb/0x170 mac80211_hwsim_tx_frame+0x1f6/0x2a0 mac80211_hwsim_beacon_tx+0x566/0xab0 __iterate_interfaces+0x2d3/0x560 ieee80211_iterate_active_interfaces_atomic+0x74/0x180 mac80211_hwsim_beacon+0x105/0x200 __hrtimer_run_queues+0x54b/0xba0 hrtimer_run_softirq+0x176/0x350 __do_softirq+0x1c7/0x8f9 __irq_exit_rcu+0x11b/0x180 irq_exit_rcu+0x9/0x30 sysvec_apic_timer_interrupt+0x92/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:do_raw_spin_unlock+0x24/0x220 Code: 90 90 90 90 90 90 66 0f 1f 00 48 b8 00 00 00 00 00 fc ff df 41 54 55 53 48 89 fb 48 83 c7 04 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 b9 01 00 00 81 RSP: 0018:ffff888046f576d0 EFLAGS: 00000217 RAX: dffffc0000000000 RBX: ffff88800db516c0 RCX: ffff888046f57678 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88800db516c4 RBP: ffff88800db516c0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff85d07750 R13: 0000000000000004 R14: ffff888009d385a0 R15: ffff888046f57ad8 _raw_spin_unlock+0x1e/0x50 unmap_page_range+0xd42/0x2c10 unmap_single_vma+0x190/0x2a0 unmap_vmas+0x226/0x380 exit_mmap+0x158/0x680 mmput+0xd5/0x390 do_exit+0x99b/0x2720 do_group_exit+0xd4/0x2a0 get_signal+0x21a5/0x22e0 arch_do_signal_or_restart+0x79/0x5a0 exit_to_user_mode_prepare+0x131/0x1a0 syscall_exit_to_user_mode+0x1d/0x50 do_syscall_64+0x4c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f2174d83b19 Code: Unable to access opcode bytes at 0x7f2174d83aef. RSP: 002b:00007f21722f9218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000001 RBX: 00007f2174e96f68 RCX: 00007f2174d83b19 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2174e96f6c RBP: 00007f2174e96f60 R08: 000000000000000e R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000246 R12: 00007f2174e96f6c R13: 00007ffe850c0adf R14: 00007f21722f9300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 7872 Comm: syz-executor.7 Not tainted 6.1.0-rc7-next-20221129 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:__hrtimer_run_queues+0x2e1/0xba0 Code: ad 0f 00 48 8b ac 24 80 00 00 00 e8 19 ad 0f 00 48 8d 7b 20 48 89 f8 48 c1 e8 03 42 80 3c 38 00 0f 85 e5 07 00 00 4c 8b 63 20 <48> 89 ee 4c 89 e7 e8 94 a8 0f 00 49 39 ec 0f 8f a2 05 00 00 e8 e6 RSP: 0018:ffff88806cf095d8 EFLAGS: 00000046 RAX: 1ffff1100139d684 RBX: ffff888009ceb400 RCX: 0000000000000100 RDX: ffff888046600000 RSI: ffffffff81396bd7 RDI: ffff888009ceb420 RBP: 172c527433f65c45 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000002 R11: 0000000000000001 R12: 172c7fb251c15798 R13: ffff88806cf2b840 R14: ffff88806cf2b940 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555556d96c58 CR3: 0000000043eac000 CR4: 0000000000350ee0 Call Trace: hrtimer_interrupt+0x319/0x770 __sysvec_apic_timer_interrupt+0x148/0x500 sysvec_apic_timer_interrupt+0x3f/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:unwind_next_frame+0x348/0x2130 Code: 8e c7 15 00 00 41 c6 46 40 01 49 c7 c0 00 4e 4c 85 48 b8 00 00 00 00 00 fc ff df 4d 8d 48 04 4c 89 ca 48 c1 ea 03 0f b6 04 02 <4c> 89 ca 83 e2 07 38 d0 7f 08 84 c0 0f 85 e4 14 00 00 41 0f b6 40 RSP: 0018:ffff88806cf09850 EFLAGS: 00000217 RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff840e77a2 RDX: 1ffffffff0c8485f RSI: ffffffff864242fa RDI: ffffffff85fe2cac RBP: ffff88806cf09928 R08: ffffffff864242fa R09: ffffffff864242fe R10: ffffed100d9e1327 R11: 0000000000038001 R12: ffff88806cf09911 R13: ffff88806cf09930 R14: ffff88806cf098d0 R15: ffffffff840e77a2 arch_stack_walk+0x87/0xf0 stack_trace_save+0x90/0xd0 __create_object+0x389/0xc10 __kmem_cache_alloc_node+0x25b/0x400 __kmalloc_node_track_caller+0x43/0xb0 __alloc_skb+0xe9/0x310 skb_copy+0x13d/0x3d0 mac80211_hwsim_tx_frame_no_nl.isra.0+0xb6d/0x1360 mac80211_hwsim_tx_frame+0x1ee/0x2a0 mac80211_hwsim_beacon_tx+0x566/0xab0 __iterate_interfaces+0x2d3/0x560 ieee80211_iterate_active_interfaces_atomic+0x74/0x180 mac80211_hwsim_beacon+0x105/0x200 __hrtimer_run_queues+0x54b/0xba0 hrtimer_run_softirq+0x176/0x350 __do_softirq+0x1c7/0x8f9 __irq_exit_rcu+0x11b/0x180 irq_exit_rcu+0x9/0x30 sysvec_apic_timer_interrupt+0x92/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:__might_resched+0x4/0x2d0 Code: ff ff 48 c7 c7 08 79 4b 85 e8 18 13 5b 00 eb a3 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <41> 56 41 55 41 54 41 89 f4 be ff ff ff ff 55 48 89 fd 48 c7 c7 e0 RSP: 0018:ffff8880476d76f8 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 00007f6dcebbc000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00000000000005cc RDI: ffffffff848e7ce0 RBP: dffffc0000000000 R08: 0000000000000006 R09: 00007f6dcebbc000 R10: 00007f6dcec00000 R11: 0000000000000001 R12: ffffffff85d07750 R13: 0000000000000004 R14: 00007f6dcec00000 R15: ffff8880476d7ad8 unmap_page_range+0xd78/0x2c10 unmap_single_vma+0x190/0x2a0 unmap_vmas+0x226/0x380 exit_mmap+0x158/0x680 mmput+0xd5/0x390 do_exit+0x99b/0x2720 do_group_exit+0xd4/0x2a0 get_signal+0x21a5/0x22e0 arch_do_signal_or_restart+0x79/0x5a0 exit_to_user_mode_prepare+0x131/0x1a0 syscall_exit_to_user_mode+0x1d/0x50 do_syscall_64+0x4c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f6dd0c06b19 Code: Unable to access opcode bytes at 0x7f6dd0c06aef. RSP: 002b:00007f6dce17c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: 0000000000000005 RBX: 00007f6dd0d19f60 RCX: 00007f6dd0c06b19 RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 RBP: 00007f6dd0c60f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc9413ef3f R14: 00007f6dce17c300 R15: 0000000000022000 ---------------- Code disassembly (best guess), 3 bytes skipped: 0: 00 00 add %al,(%rax) 2: 41 c6 46 40 01 movb $0x1,0x40(%r14) 7: 49 c7 c0 00 4e 4c 85 mov $0xffffffff854c4e00,%r8 e: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 15: fc ff df 18: 4d 8d 48 04 lea 0x4(%r8),%r9 1c: 4c 89 ca mov %r9,%rdx 1f: 48 c1 ea 03 shr $0x3,%rdx 23: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax * 27: 4c 89 ca mov %r9,%rdx <-- trapping instruction 2a: 83 e2 07 and $0x7,%edx 2d: 38 d0 cmp %dl,%al 2f: 7f 08 jg 0x39 31: 84 c0 test %al,%al 33: 0f 85 e4 14 00 00 jne 0x151d 39: 41 rex.B 3a: 0f .byte 0xf 3b: b6 40 mov $0x40,%dh