watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.2:10022] Modules linked in: irq event stamp: 6889577 hardirqs last enabled at (6889576): [] asm_sysvec_apic_timer_interrupt+0x1a/0x20 hardirqs last disabled at (6889577): [] sysvec_apic_timer_interrupt+0xf/0xc0 softirqs last enabled at (6871112): [] irq_exit_rcu+0x11f/0x190 softirqs last disabled at (6871115): [] irq_exit_rcu+0x11f/0x190 CPU: 0 PID: 10022 Comm: syz-executor.2 Not tainted 6.2.0-rc4-next-20230116 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:__create_object+0x40/0xc40 Code: 48 83 ec 20 48 8b 3d 7f 51 1f 06 48 85 ff 0f 84 a4 06 00 00 81 e1 e0 0c 00 08 89 ce 81 ce 00 20 09 00 e8 93 1c fc ff 49 89 c7 <48> 85 c0 0f 84 85 06 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8d 67 RSP: 0018:ffff88806ce09a98 EFLAGS: 00000296 RAX: ffff8880182f7390 RBX: 0000000000000200 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000000102 RDI: 0000000000000000 RBP: ffff888044560400 R08: 00000000ffffffff R09: ffff888043018340 R10: ffff88806c5c4150 R11: 0000000000000001 R12: 0000000000082820 R13: 0000000000000000 R14: 0000000000000001 R15: ffff8880182f7390 FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000560b69d41648 CR3: 000000000ca1e000 CR4: 0000000000350ef0 Call Trace: __kmem_cache_alloc_node+0x1ed/0x2f0 __kmalloc_node_track_caller+0x43/0xb0 __alloc_skb+0xe9/0x310 __netdev_alloc_skb+0x76/0x3e0 __ieee80211_beacon_get+0x3d9/0x13c0 ieee80211_beacon_get_tim+0x99/0x540 mac80211_hwsim_beacon_tx+0x1d2/0xb10 __iterate_interfaces+0x2d3/0x580 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0 mac80211_hwsim_beacon+0x105/0x200 __hrtimer_run_queues+0x54b/0xcb0 hrtimer_run_softirq+0x176/0x350 __do_softirq+0x274/0x8ff irq_exit_rcu+0x11f/0x190 sysvec_apic_timer_interrupt+0x92/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:percpu_counter_add_batch+0x144/0x1a0 Code: 01 30 e8 ff 2f 24 02 e8 5a 48 29 ff 31 ff 48 89 de e8 b0 44 29 ff 48 85 db 74 0b e8 46 48 29 ff e8 11 5c 30 ff fb 48 83 c4 18 <5b> 5d 41 5c 41 5d 41 5e 41 5f e9 2d 48 29 ff e8 28 48 29 ff 65 45 RSP: 0018:ffff888044d3f6c8 EFLAGS: 00000282 RAX: 00000000004153bf RBX: 0000000000000200 RCX: ffffffff812b827f RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: 0000000000000020 R08: 0000000000000001 R09: ffffffff87658947 R10: fffffbfff0ecb128 R11: 0000000000000001 R12: ffff88800fbf1680 R13: ffffffffffffff41 R14: 0000000000000000 R15: 0000607f92e015a8 unmap_page_range+0x11ee/0x2d90 unmap_single_vma+0x190/0x2a0 unmap_vmas+0x225/0x370 exit_mmap+0x158/0x6a0 mmput+0xd5/0x390 do_exit+0x99b/0x2780 do_group_exit+0xd4/0x2a0 get_signal+0x2255/0x2390 arch_do_signal_or_restart+0x79/0x5a0 exit_to_user_mode_prepare+0xf5/0x190 syscall_exit_to_user_mode+0x1d/0x50 do_syscall_64+0x4c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f0e7f97eb19 Code: Unable to access opcode bytes at 0x7f0e7f97eaef. RSP: 002b:00007f0e7cef4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: 0000000000000005 RBX: 00007f0e7fa91f60 RCX: 00007f0e7f97eb19 RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000000a RBP: 00007f0e7f9d8f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffff2d523df R14: 00007f0e7cef4300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 10019 Comm: syz-executor.7 Not tainted 6.2.0-rc4-next-20230116 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:check_preemption_disabled+0x3e/0x180 Code: 44 8b 25 91 26 c1 7b 65 8b 1d 86 26 c1 7b 81 e3 ff ff ff 7f 31 ff 89 de 0f 1f 44 00 00 85 db 74 15 0f 1f 44 00 00 44 89 e0 5b <5d> 41 5c 41 5d 41 5e e9 9a 31 02 00 0f 1f 44 00 00 9c 5b 81 e3 00 RSP: 0018:ffff88806cf09728 EFLAGS: 00000006 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000010106 RDI: 0000000000000000 RBP: ffffffff849f1360 R08: 0000000000000000 R09: ffffffff85d10c57 R10: fffffbfff0ba218a R11: 0000000000000001 R12: 0000000000000001 R13: ffffffff84870880 R14: 00000000ffffffff R15: ffff88806cf2b8c0 FS: 0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000560b69d41648 CR3: 0000000016b02000 CR4: 0000000000350ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: lock_is_held_type+0x6f/0x130 rcu_read_lock_sched_held+0x42/0x80 lock_release+0x56b/0x760 _raw_spin_unlock_irqrestore+0x1a/0x60 hrtimer_interrupt+0x360/0x770 __sysvec_apic_timer_interrupt+0x148/0x510 sysvec_apic_timer_interrupt+0x3f/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:rcu_is_watching+0x5a/0xb0 Code: 48 89 f9 48 c1 e9 03 80 3c 11 00 75 62 48 03 1c c5 c0 18 2b 85 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 0f b6 14 02 <48> 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 2a 8b 03 c1 e8 02 RSP: 0018:ffff88806cf09a08 EFLAGS: 00000216 RAX: dffffc0000000000 RBX: ffff88806cf34f80 RCX: 1ffffffff0a56319 RDX: 0000000000000000 RSI: 0000000000000104 RDI: ffffffff852b18c8 RBP: 1ffff1100d9e1348 R08: 0000000000000000 R09: ffffffff85d10c57 R10: fffffbfff0ba218a R11: 0000000000000001 R12: 0000000000000001 R13: ffff888006868454 R14: ffff888043a13638 R15: ffff888016a827f0 rcu_read_lock_sched_held+0x24/0x80 lock_release+0x56b/0x760 mac80211_hwsim_addr_match+0x128/0x180 mac80211_hwsim_tx_frame_no_nl.isra.0+0xb93/0x1360 mac80211_hwsim_tx_frame+0x1ee/0x2a0 mac80211_hwsim_beacon_tx+0x566/0xb10 __iterate_interfaces+0x2d3/0x580 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0 mac80211_hwsim_beacon+0x105/0x200 __hrtimer_run_queues+0x54b/0xcb0 hrtimer_run_softirq+0x176/0x350 __do_softirq+0x274/0x8ff irq_exit_rcu+0x11f/0x190 sysvec_apic_timer_interrupt+0x92/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:percpu_counter_add_batch+0x144/0x1a0 Code: 01 30 e8 ff 2f 24 02 e8 5a 48 29 ff 31 ff 48 89 de e8 b0 44 29 ff 48 85 db 74 0b e8 46 48 29 ff e8 11 5c 30 ff fb 48 83 c4 18 <5b> 5d 41 5c 41 5d 41 5e 41 5f e9 2d 48 29 ff e8 28 48 29 ff 65 45 RSP: 0018:ffff88803ca676c8 EFLAGS: 00000282 RAX: 000000000040facb RBX: 0000000000000200 RCX: ffffffff812b827f RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: 0000000000000020 R08: 0000000000000001 R09: ffffffff87658947 R10: fffffbfff0ecb128 R11: 0000000000000001 R12: ffff888016c27980 R13: ffffffffffffffe6 R14: ffffffffffffffe6 R15: 0000607f92e01580 unmap_page_range+0x11ee/0x2d90 unmap_single_vma+0x190/0x2a0 unmap_vmas+0x225/0x370 exit_mmap+0x158/0x6a0 mmput+0xd5/0x390 do_exit+0x99b/0x2780 do_group_exit+0xd4/0x2a0 get_signal+0x2255/0x2390 arch_do_signal_or_restart+0x79/0x5a0 exit_to_user_mode_prepare+0xf5/0x190 syscall_exit_to_user_mode+0x1d/0x50 do_syscall_64+0x4c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f1fbd7b9b19 Code: Unable to access opcode bytes at 0x7f1fbd7b9aef. RSP: 002b:00007f1fbad2f188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: 0000000000000003 RBX: 00007f1fbd8ccf60 RCX: 00007f1fbd7b9b19 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000280 RBP: 00007f1fbd813f6d R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffce781afdf R14: 00007f1fbad2f300 R15: 0000000000022000 ---------------- Code disassembly (best guess): 0: 48 83 ec 20 sub $0x20,%rsp 4: 48 8b 3d 7f 51 1f 06 mov 0x61f517f(%rip),%rdi # 0x61f518a b: 48 85 ff test %rdi,%rdi e: 0f 84 a4 06 00 00 je 0x6b8 14: 81 e1 e0 0c 00 08 and $0x8000ce0,%ecx 1a: 89 ce mov %ecx,%esi 1c: 81 ce 00 20 09 00 or $0x92000,%esi 22: e8 93 1c fc ff callq 0xfffc1cba 27: 49 89 c7 mov %rax,%r15 * 2a: 48 85 c0 test %rax,%rax <-- trapping instruction 2d: 0f 84 85 06 00 00 je 0x6b8 33: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 3a: fc ff df 3d: 4d rex.WRB 3e: 8d .byte 0x8d 3f: 67 addr32