watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.2:10203]
Modules linked in:
irq event stamp: 4710455
hardirqs last  enabled at (4710454): [<ffffffff84400d06>] asm_sysvec_x86_platform_ipi-0xa/0x20
hardirqs last disabled at (4710455): [<ffffffff8436ec1b>] sysvec_apic_timer_interrupt+0xb/0xd0
softirqs last  enabled at (4635654): [<ffffffff8117d25b>] __irq_exit_rcu+0x11b/0x190
softirqs last disabled at (4635657): [<ffffffff8117d25b>] __irq_exit_rcu+0x11b/0x190
CPU: 0 PID: 10203 Comm: syz-executor.2 Not tainted 6.1.0-rc3-next-20221102 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:mac80211_hwsim_tx_frame_no_nl.isra.0+0x7d7/0x1370
Code: b4 24 a0 00 00 00 c6 84 24 a8 00 00 00 00 49 39 dd 74 bb e8 6b 3e 51 fe 48 8d bb 08 3d 00 00 48 89 f8 48 c1 e8 03 0f b6 04 28 <84> c0 74 06 0f 8e ea 08 00 00 44 0f b6 bb 08 3d 00 00 31 ff 44 89
RSP: 0018:ffff88806d009b80 EFLAGS: 00000212
RAX: 0000000000000000 RBX: ffff8880302ab3a0 RCX: 0000000000000100
RDX: ffff88801f2f5040 RSI: ffffffff82f6eb45 RDI: ffff8880302af0a8
RBP: dffffc0000000000 R08: 0000000000000004 R09: 0000000000000005
R10: 0000000000000003 R11: 0000000000000001 R12: ffff88803e3dd280
R13: ffff88801eaa33a0 R14: ffff88801eaa3638 R15: 0000000000000003
FS:  0000000000000000(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4be9b4b3a4 CR3: 0000000016b54000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 mac80211_hwsim_tx_frame+0x1ee/0x2b0
 mac80211_hwsim_beacon_tx+0x562/0xac0
 __iterate_interfaces+0x2d3/0x570
 ieee80211_iterate_active_interfaces_atomic+0x70/0x190
 mac80211_hwsim_beacon+0x101/0x210
 __hrtimer_run_queues+0x541/0xb60
 hrtimer_run_softirq+0x172/0x350
 __do_softirq+0x1c3/0x8f5
 __irq_exit_rcu+0x11b/0x190
 irq_exit_rcu+0x5/0x30
 sysvec_apic_timer_interrupt+0x8e/0xd0
 </IRQ>
 <TASK>
 asm_sysvec_x86_platform_ipi-0xa/0x20
RIP: 0010:__rcu_read_unlock+0xc4/0x530
Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 9f 01 00 00 8b 85 f8 03 00 00 85 c0 75 58 <65> 48 8b 1c 25 c0 76 03 00 48 8d bb f4 03 00 00 48 b8 00 00 00 00
RSP: 0018:ffff888042a97688 EFLAGS: 00000206
RAX: 00000000003e8b2b RBX: ffffffff85212640 RCX: ffffffff812aef4f
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000001 R09: ffffffff87210817
R10: fffffbfff0e42102 R11: 0000000000000001 R12: ffff88806d038e00
R13: ffff88800ce0b000 R14: 0000000000000200 R15: ffffea0000c817c0
 unlock_page_memcg+0xc3/0x240
 page_remove_rmap+0xfa/0x4a0
 unmap_page_range+0x1c2d/0x2a50
 unmap_single_vma+0x190/0x2b0
 unmap_vmas+0x21e/0x380
 exit_mmap+0x154/0x690
 mmput+0xd1/0x3a0
 do_exit+0x993/0x2730
 do_group_exit+0xd0/0x2b0
 get_signal+0x2195/0x22e0
 arch_do_signal_or_restart+0x75/0x5b0
 exit_to_user_mode_prepare+0x131/0x1b0
 syscall_exit_to_user_mode+0x19/0x50
 do_syscall_64+0x48/0xa0
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f021077bb19
Code: Unable to access opcode bytes at 0x7f021077baef.
RSP: 002b:00007f020dcf1218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f021088ef68 RCX: 00007f021077bb19
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f021088ef68
RBP: 00007f021088ef60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f021088ef6c
R13: 00007ffee16bcddf R14: 00007f020dcf1300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 10209 Comm: syz-executor.3 Not tainted 6.1.0-rc3-next-20221102 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:check_preemption_disabled+0x2/0x190
Code: db 74 07 0f 1f 44 00 00 0f 0b 0f 1f 44 00 00 5b e9 93 fb ff ff cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 56 <41> 55 49 89 f5 41 54 55 48 89 fd 53 0f 1f 44 00 00 65 44 8b 25 f1
RSP: 0018:ffff88806d109758 EFLAGS: 00000006
RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000100
RDX: dffffc0000000000 RSI: ffffffff847edd00 RDI: ffffffff847edd40
RBP: ffff888022187100 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001
R13: ffff88806d12a600 R14: ffff88806d12a680 R15: dffffc0000000000
FS:  00007f5c472e1700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffeb028afd8 CR3: 0000000019dba000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 rcu_is_watching+0x11/0xc0
 rcu_read_lock_sched_held+0x20/0x90
 trace_hrtimer_cancel+0x162/0x240
 __hrtimer_run_queues+0x348/0xb60
 hrtimer_interrupt+0x315/0x780
 __sysvec_apic_timer_interrupt+0x144/0x510
 sysvec_apic_timer_interrupt+0x3b/0xd0
 asm_sysvec_x86_platform_ipi-0xa/0x20
RIP: 0010:queued_spin_lock_slowpath+0x124/0xc90
Code: 00 00 00 65 48 2b 04 25 28 00 00 00 0f 85 cd 0a 00 00 48 81 c4 88 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f e9 be 1f 00 00 f3 90 <e9> 71 ff ff ff 44 8b 74 24 48 41 81 fe 00 01 00 00 0f 84 e5 00 00
RSP: 0018:ffff88806d109a28 EFLAGS: 00000202
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff843918c7
RDX: fffffbfff0ac82ad RSI: 0000000000000004 RDI: ffffffff85641560
RBP: ffffffff85641560 R08: 0000000000000000 R09: ffffffff85641563
R10: fffffbfff0ac82ac R11: 0000000000000001 R12: 0000000000000003
R13: fffffbfff0ac82ac R14: 0000000000000001 R15: 1ffff1100da21346
 do_raw_spin_lock+0x1dc/0x270
 mac80211_hwsim_tx_frame_no_nl.isra.0+0x6f1/0x1370
 mac80211_hwsim_tx_frame+0x1ee/0x2b0
 mac80211_hwsim_beacon_tx+0x562/0xac0
 __iterate_interfaces+0x2d3/0x570
 ieee80211_iterate_active_interfaces_atomic+0x70/0x190
 mac80211_hwsim_beacon+0x101/0x210
 __hrtimer_run_queues+0x541/0xb60
 hrtimer_run_softirq+0x172/0x350
 __do_softirq+0x1c3/0x8f5
 __irq_exit_rcu+0x11b/0x190
 irq_exit_rcu+0x5/0x30
 sysvec_apic_timer_interrupt+0x8e/0xd0
 </IRQ>
 <TASK>
 asm_sysvec_x86_platform_ipi-0xa/0x20
RIP: 0010:finish_task_switch.isra.0+0x237/0x8b0
Code: 89 ff 48 c7 03 00 00 00 00 e8 45 77 17 03 4d 85 e4 75 ba 4c 89 ff e8 08 53 17 03 e8 d3 76 2d 00 fb 65 48 8b 1c 25 c0 76 03 00 <48> 8d bb e8 13 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
RSP: 0018:ffff888042c27118 EFLAGS: 00000206
RAX: 000000000030b471 RBX: ffff888022003580 RCX: ffffffff812aef4f
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff888042c27158 R08: 0000000000000001 R09: ffffffff8721087f
R10: fffffbfff0e4210f R11: 0000000000000001 R12: ffff88806d138058
R13: ffff8880086a8000 R14: ffff888031d5dd80 R15: ffff88806d138040
 __schedule+0x92e/0x25e0
 preempt_schedule_common+0x45/0xd0
 __cond_resched+0x17/0x40
 down_write+0x71/0x230
 ext4_xattr_set_handle+0x15e/0x14e0
 ext4_initxattrs+0xb5/0x130
 security_inode_init_security+0x1a7/0x370
 __ext4_new_inode+0x39a1/0x55f0
 ext4_create+0x2e0/0x4f0
 lookup_open.isra.0+0xed0/0x1260
 path_openat+0x946/0x29c0
 do_filp_open+0x1b6/0x420
 do_sys_openat2+0x171/0x4d0
 __x64_sys_openat+0x13f/0x200
 do_syscall_64+0x3b/0xa0
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f5c49d6bb19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5c472e1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f5c49e7ef60 RCX: 00007f5c49d6bb19
RDX: 0000000000004042 RSI: 0000000020000100 RDI: ffffffffffffff9c
RBP: 00007f5c49dc5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffda094509f R14: 00007f5c472e1300 R15: 0000000000022000
 </TASK>
loop7: detected capacity change from 0 to 264192
nfs: Unknown parameter '.#]:$($'
loop7: detected capacity change from 0 to 264192
nfs: Unknown parameter '.#]:$($'
loop7: detected capacity change from 0 to 128
Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
Bluetooth: hci6: HCI_REQ-0x0c1a
Bluetooth: hci2: Opcode 0x c03 failed: -110
Bluetooth: hci6: command 0x0409 tx timeout
----------------
Code disassembly (best guess):
   0:	b4 24                	mov    $0x24,%ah
   2:	a0 00 00 00 c6 84 24 	movabs 0xa82484c6000000,%al
   9:	a8 00
   b:	00 00                	add    %al,(%rax)
   d:	00 49 39             	add    %cl,0x39(%rcx)
  10:	dd 74 bb e8          	fnsave -0x18(%rbx,%rdi,4)
  14:	6b 3e 51             	imul   $0x51,(%rsi),%edi
  17:	fe 48 8d             	decb   -0x73(%rax)
  1a:	bb 08 3d 00 00       	mov    $0x3d08,%ebx
  1f:	48 89 f8             	mov    %rdi,%rax
  22:	48 c1 e8 03          	shr    $0x3,%rax
  26:	0f b6 04 28          	movzbl (%rax,%rbp,1),%eax
* 2a:	84 c0                	test   %al,%al <-- trapping instruction
  2c:	74 06                	je     0x34
  2e:	0f 8e ea 08 00 00    	jle    0x91e
  34:	44 0f b6 bb 08 3d 00 	movzbl 0x3d08(%rbx),%r15d
  3b:	00
  3c:	31 ff                	xor    %edi,%edi
  3e:	44                   	rex.R
  3f:	89                   	.byte 0x89