watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.3:7704] Modules linked in: irq event stamp: 13385205 hardirqs last enabled at (13385204): [] asm_sysvec_apic_timer_interrupt+0x1a/0x20 hardirqs last disabled at (13385205): [] sysvec_apic_timer_interrupt+0xf/0xc0 softirqs last enabled at (13353416): [] __irq_exit_rcu+0x11b/0x180 softirqs last disabled at (13353419): [] __irq_exit_rcu+0x11b/0x180 CPU: 1 PID: 7704 Comm: syz-executor.3 Not tainted 6.1.0-rc4-next-20221110 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:__x86_indirect_thunk_rbx+0xa/0x20 Code: e8 01 00 00 00 cc 48 89 14 24 e9 f5 05 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 0f 1f 44 00 00 e8 01 00 00 00 cc 48 89 1c 24 d5 05 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 0f 1f 44 00 00 RSP: 0018:ffff88806d109720 EFLAGS: 00000282 RAX: ffffffff8171fea7 RBX: ffffffff8137b3f0 RCX: 0000000000000000 RDX: 1ffff1100da212f1 RSI: ffffffff8171fea7 RDI: ffff88806d1097f8 RBP: ffff88806d1097c8 R08: ffffffff85ef17dc R09: ffffffff85ef17e0 R10: ffff88806d109ff8 R11: ffff88806d109770 R12: ffff88806d1097f8 R13: 0000000000000000 R14: ffff888015e9d040 R15: ffffffff8348a14d FS: 0000000000000000(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f04fbffc008 CR3: 000000000ee18000 CR4: 0000000000350ee0 Call Trace: __pfx_stack_trace_consume_entry+0x10/0x10 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 7710 Comm: syz-executor.6 Not tainted 6.1.0-rc4-next-20221110 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:__lock_acquire+0xc2e/0x5e70 Code: 66 0b 44 24 08 98 2b 44 24 58 33 44 24 50 89 c2 29 c1 01 f0 c1 c2 06 31 ca 89 d1 29 d6 01 c2 c1 c1 08 31 f1 89 ce 29 c8 01 d1 c6 10 89 cf 31 f0 89 c6 29 c2 01 c8 c1 ce 0d 31 f2 89 d6 29 d7 RSP: 0018:ffff88806d0090c8 EFLAGS: 00000007 RAX: 0000000071c542cf RBX: ffffffff87424ea0 RCX: 00000000069da4ee RDX: 00000000af09ff87 RSI: 000000005793a567 RDI: ffffffff87424ee0 RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff87424847 R10: fffffbfff0e84908 R11: 0000000000000001 R12: ffff888019510000 R13: ffff888019510a50 R14: ffff888019510960 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0506d8d000 CR3: 000000000ee18000 CR4: 0000000000350ef0 Call Trace: lock_acquire+0x1a6/0x530 perf_output_begin_forward+0xb4/0xb00 perf_event_output_forward+0xf6/0x280 __perf_event_overflow+0x2d6/0x5b0 perf_swevent_hrtimer+0x361/0x3d0 __hrtimer_run_queues+0x184/0xb50 hrtimer_interrupt+0x319/0x770 __sysvec_apic_timer_interrupt+0x148/0x500 sysvec_apic_timer_interrupt+0x3f/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:queued_spin_lock_slowpath+0x128/0xc80 Code: 00 00 00 65 48 2b 04 25 28 00 00 00 0f 85 cd 0a 00 00 48 81 c4 88 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f e9 be 1f 00 00 f3 90 71 ff ff ff 44 8b 74 24 48 41 81 fe 00 01 00 00 0f 84 e5 00 00 RSP: 0018:ffff88806d009a28 EFLAGS: 00000202 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff843e24cb RDX: fffffbfff0b088f5 RSI: 0000000000000004 RDI: ffffffff858447a0 RBP: ffffffff858447a0 R08: 0000000000000000 R09: ffffffff858447a3 R10: fffffbfff0b088f4 R11: 0000000000000001 R12: 0000000000000003 R13: fffffbfff0b088f4 R14: 0000000000000001 R15: 1ffff1100da01346 do_raw_spin_lock+0x1e0/0x270 mac80211_hwsim_tx_frame_no_nl.isra.0+0x6f1/0x1360 mac80211_hwsim_tx_frame+0x1ee/0x2a0 mac80211_hwsim_beacon_tx+0x566/0xab0 __iterate_interfaces+0x2d3/0x560 ieee80211_iterate_active_interfaces_atomic+0x74/0x180 mac80211_hwsim_beacon+0x105/0x200 __hrtimer_run_queues+0x541/0xb50 hrtimer_run_softirq+0x176/0x350 __do_softirq+0x1c7/0x8f9 __irq_exit_rcu+0x11b/0x180 irq_exit_rcu+0x9/0x30 sysvec_apic_timer_interrupt+0x92/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:__mod_lruvec_page_state+0x4/0x330 Code: e0 bf 02 48 89 14 24 e8 9a 02 fe ff 48 8b 14 24 eb bb 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <41> 56 41 55 41 89 f5 41 54 41 89 d4 55 53 48 89 fb e8 16 04 ff ff RSP: 0018:ffff88801ee2f650 EFLAGS: 00000293 RAX: 0000000000000000 RBX: 1ffff11003dc5ecd RCX: 0000000000000000 RDX: 00000000ffffffff RSI: 0000000000000012 RDI: ffffea0000f99d00 RBP: ffffea0000f99d00 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff888015c15d00 R13: 0000000000000012 R14: 0000000000000000 R15: 0000000000000000 page_remove_rmap+0x3ea/0x780 unmap_page_range+0x2002/0x2c30 unmap_single_vma+0x190/0x2a0 unmap_vmas+0x226/0x380 exit_mmap+0x158/0x680 mmput+0xd5/0x390 do_exit+0x99b/0x2720 do_group_exit+0xd4/0x2a0 get_signal+0x21a5/0x22e0 arch_do_signal_or_restart+0x79/0x5a0 exit_to_user_mode_prepare+0x131/0x1a0 syscall_exit_to_user_mode+0x1d/0x50 do_syscall_64+0x4c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f668c1ddb19 Code: Unable to access opcode bytes at 0x7f668c1ddaef. RSP: 002b:00007f6689753188 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed RAX: 0000000000000000 RBX: 00007f668c2f0f60 RCX: 00007f668c1ddb19 RDX: 0000000000000001 RSI: 0000000000004000 RDI: 0000000020ff6000 RBP: 00007f668c237f6d R08: 000000000000077c R09: 0000000000000002 R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe65f2a57f R14: 00007f6689753300 R15: 0000000000022000 ---------------- Code disassembly (best guess): 0: e8 01 00 00 00 callq 0x6 5: cc int3 6: 48 89 14 24 mov %rdx,(%rsp) a: e9 f5 05 00 00 jmpq 0x604 f: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1) 16: 00 00 00 00 1a: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1) 20: e8 01 00 00 00 callq 0x26 25: cc int3 26: 48 89 1c 24 mov %rbx,(%rsp) * 2a: e9 d5 05 00 00 jmpq 0x604 <-- trapping instruction 2f: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1) 36: 00 00 00 00 3a: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)