watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.1:6908] Modules linked in: irq event stamp: 3640045 hardirqs last enabled at (3640044): [] asm_sysvec_apic_timer_interrupt+0x1a/0x20 hardirqs last disabled at (3640045): [] sysvec_apic_timer_interrupt+0xf/0xc0 softirqs last enabled at (3605296): [] irq_exit_rcu+0x11f/0x190 softirqs last disabled at (3605299): [] irq_exit_rcu+0x11f/0x190 CPU: 0 PID: 6908 Comm: syz-executor.1 Not tainted 6.2.0-rc5-next-20230125 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:queued_spin_lock_slowpath+0x128/0xc90 Code: 00 00 00 65 48 2b 04 25 28 00 00 00 0f 85 e6 0a 00 00 48 81 c4 88 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f e9 0e 20 00 00 f3 90 71 ff ff ff 44 8b 74 24 48 41 81 fe 00 01 00 00 0f 84 e4 00 00 RSP: 0018:ffff88806ce09a30 EFLAGS: 00000202 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff844943fb RDX: fffffbfff0b49351 RSI: 0000000000000004 RDI: ffffffff85a49a80 RBP: ffffffff85a49a80 R08: 0000000000000000 R09: ffffffff85a49a83 R10: fffffbfff0b49350 R11: 0000000000000001 R12: 0000000000000003 R13: fffffbfff0b49350 R14: 0000000000000001 R15: 1ffff1100d9c1347 FS: 00007f3167b27700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f653c178b40 CR3: 000000003599e000 CR4: 0000000000350ef0 Call Trace: do_raw_spin_lock+0x1e0/0x270 mac80211_hwsim_tx_frame_no_nl.isra.0+0x6de/0x1330 mac80211_hwsim_tx_frame+0x1ee/0x2a0 mac80211_hwsim_beacon_tx+0x567/0xb10 __iterate_interfaces+0x2d3/0x580 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0 mac80211_hwsim_beacon+0x105/0x200 __hrtimer_run_queues+0x54b/0xcb0 hrtimer_run_softirq+0x176/0x350 __do_softirq+0x274/0x90f irq_exit_rcu+0x11f/0x190 sysvec_apic_timer_interrupt+0x92/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:put_cpu_partial+0x115/0x1c0 Code: 39 43 28 75 61 48 c7 43 28 00 00 00 00 48 c7 c6 30 b3 7f 81 48 89 df e8 a9 d4 ad ff 48 85 ed 74 06 e8 1f 43 d3 ff fb 4d 85 ed <74> 21 5b 4c 89 ee 5d 4c 89 e7 41 5c 41 5d 41 5e 41 5f e9 54 fa ff RSP: 0018:ffff88800eb3f470 EFLAGS: 00000286 RAX: 000000000036033f RBX: ffff88806ce3df60 RCX: ffffffff812ce42f RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000200 R08: 0000000000000001 R09: ffffffff876a196f R10: fffffbfff0ed432d R11: 0000000000000001 R12: ffff8880084c6140 R13: ffffea0000623800 R14: ffffea0000565d80 R15: 0000000000000001 qlist_free_all+0x6d/0x1a0 kasan_quarantine_reduce+0x199/0x230 __kasan_slab_alloc+0x49/0x70 kmem_cache_alloc_node+0x187/0x310 __alloc_skb+0x21a/0x310 __ip_append_data+0x2d2d/0x3aa0 ip_append_data+0x115/0x1a0 raw_sendmsg+0xa99/0x2c80 inet_sendmsg+0x121/0x150 sock_sendmsg+0x19b/0x200 ____sys_sendmsg+0x74e/0x980 ___sys_sendmsg+0x110/0x1b0 __sys_sendmsg+0xf7/0x1d0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f316a5b1b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3167b27188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f316a6c4f60 RCX: 00007f316a5b1b19 RDX: 0000000000000000 RSI: 0000000020000780 RDI: 0000000000000006 RBP: 00007f316a60bf6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffee5c453df R14: 00007f3167b27300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 6911 Comm: syz-executor.6 Not tainted 6.2.0-rc5-next-20230125 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:__lock_acquire+0x1f3/0x6410 Code: 74 51 f6 84 24 70 01 00 00 01 75 47 48 b9 00 00 00 00 00 fc ff df 4a 8d 44 23 d8 48 8d 78 20 48 89 fe 48 c1 ee 03 0f b6 0c 0e <84> c9 74 09 80 f9 03 0f 8e 9f 42 00 00 0f b7 48 20 81 e1 ff 1f 00 RSP: 0018:ffff88806cf09590 EFLAGS: 00000012 RAX: ffff8880158aa470 RBX: ffff8880158aa420 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 1ffff11002b15492 RDI: ffff8880158aa490 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 R10: 000000000000000f R11: 0000000000000001 R12: 0000000000000078 R13: ffff8880158a9ac0 R14: ffff88806cf2b8d8 R15: 0000000000000000 FS: 00007fea85024700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020010000 CR3: 000000003cbe8000 CR4: 0000000000350ee0 Call Trace: lock_acquire.part.0+0x120/0x360 _raw_spin_lock_irq+0x36/0x50 __hrtimer_run_queues+0x1ee/0xcb0 hrtimer_interrupt+0x319/0x790 __sysvec_apic_timer_interrupt+0x148/0x510 sysvec_apic_timer_interrupt+0x3f/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:kmem_cache_alloc+0x22/0x300 Code: 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 41 56 41 89 f6 41 55 41 54 49 89 fc 55 53 48 83 ec 18 8b 1d 96 5b 51 04 44 8b 7f 1c <65> 48 8b 04 25 28 00 00 00 48 89 44 24 10 31 c0 4c 8b 6c 24 48 21 RSP: 0018:ffff88806cf09a88 EFLAGS: 00000296 RAX: 0000000000000001 RBX: 000000000fffffff RCX: 0000000000000820 RDX: 0000000000000001 RSI: 0000000000092820 RDI: ffff88800844f780 RBP: 00000000000000f0 R08: 0000000000000000 R09: ffff88803214b390 R10: ffff88806c5e16e0 R11: 0000000000000001 R12: ffff88800844f780 R13: 0000000000000000 R14: 0000000000092820 R15: 00000000000000f0 __create_object+0x3c/0xc90 kmem_cache_alloc_node+0x215/0x310 __alloc_skb+0x21a/0x310 __netdev_alloc_skb+0x76/0x3e0 __ieee80211_beacon_get+0x3d9/0x13c0 ieee80211_beacon_get_tim+0x99/0x540 mac80211_hwsim_beacon_tx+0x1d3/0xb10 __iterate_interfaces+0x2d3/0x580 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0 mac80211_hwsim_beacon+0x105/0x200 __hrtimer_run_queues+0x54b/0xcb0 hrtimer_run_softirq+0x176/0x350 __do_softirq+0x274/0x90f irq_exit_rcu+0x11f/0x190 sysvec_apic_timer_interrupt+0x92/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:__local_bh_enable_ip+0xac/0x130 Code: 1d b1 81 ea 7e 65 8b 05 aa 81 ea 7e a9 00 ff ff 00 74 49 bf 01 00 00 00 e8 a1 f6 09 00 e8 7c ee 39 00 fb 65 8b 05 8c 81 ea 7e <85> c0 74 5c 5b 5d e9 7d 5c 30 03 65 8b 05 ae 7d e9 7e 85 c0 75 9e RSP: 0018:ffff888016abf3d0 EFLAGS: 00000206 RAX: 0000000000000000 RBX: 00000000fffffe01 RCX: ffffffff812ce42f RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffffff839067dd R08: 0000000000000001 R09: ffffffff876a19cf R10: fffffbfff0ed4339 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: ffff88803cfb0000 R15: 00000000aa1414ac ip_finish_output2+0x73b/0x2120 ip_do_fragment+0x1e14/0x24e0 ip_fragment.constprop.0+0x16b/0x240 __ip_finish_output.part.0+0x883/0xd10 ip_output+0x2ec/0x8e0 ip_push_pending_frames+0x30b/0x5c0 raw_sendmsg+0x120d/0x2c80 inet_sendmsg+0x121/0x150 sock_sendmsg+0x19b/0x200 ____sys_sendmsg+0x74e/0x980 ___sys_sendmsg+0x110/0x1b0 __sys_sendmsg+0xf7/0x1d0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7fea87aaeb19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fea85024188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fea87bc1f60 RCX: 00007fea87aaeb19 RDX: 0000000000000000 RSI: 0000000020000780 RDI: 0000000000000004 RBP: 00007fea87b08f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe1623c2cf R14: 00007fea85024300 R15: 0000000000022000 Bluetooth: hci4: command 0x0406 tx timeout nfs: Unknown parameter '†' ---------------- Code disassembly (best guess): 0: 00 00 add %al,(%rax) 2: 00 65 48 add %ah,0x48(%rbp) 5: 2b 04 25 28 00 00 00 sub 0x28,%eax c: 0f 85 e6 0a 00 00 jne 0xaf8 12: 48 81 c4 88 00 00 00 add $0x88,%rsp 19: 5b pop %rbx 1a: 5d pop %rbp 1b: 41 5c pop %r12 1d: 41 5d pop %r13 1f: 41 5e pop %r14 21: 41 5f pop %r15 23: e9 0e 20 00 00 jmpq 0x2036 28: f3 90 pause * 2a: e9 71 ff ff ff jmpq 0xffffffa0 <-- trapping instruction 2f: 44 8b 74 24 48 mov 0x48(%rsp),%r14d 34: 41 81 fe 00 01 00 00 cmp $0x100,%r14d 3b: 0f .byte 0xf 3c: 84 e4 test %ah,%ah