watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.1:6657] Modules linked in: irq event stamp: 4353209 hardirqs last enabled at (4353208): [] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 hardirqs last disabled at (4353209): [] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1095 softirqs last enabled at (4244728): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (4244731): [] asm_call_irq_on_stack+0x12/0x20 CPU: 0 PID: 6657 Comm: syz-executor.1 Not tainted 5.10.148 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:unwind_get_return_address arch/x86/kernel/unwind_orc.c:323 [inline] RIP: 0010:unwind_get_return_address+0x3b/0xa0 arch/x86/kernel/unwind_orc.c:318 Code: 03 53 48 89 fb 0f b6 04 02 84 c0 74 04 3c 03 7e 59 8b 03 85 c0 75 09 31 c0 5b 5d e9 df c0 0f 03 48 b8 00 00 00 00 00 fc ff df <48> 8d 6b 48 48 89 ea 48 c1 ea 03 80 3c 02 00 75 36 48 8b 7b 48 e8 RSP: 0018:ffff88806ce098b8 EFLAGS: 00000202 RAX: dffffc0000000000 RBX: ffff88806ce098d0 RCX: ffff88806ce09960 RDX: 1ffff1100d9c131a RSI: ffff88806ce09958 RDI: ffff88806ce098d0 RBP: ffff88806ce09958 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000032042 R11: 1ffff1100d9c12fd R12: ffff88806ce09988 R13: 0000000000000000 R14: ffff8880447d6600 R15: ffff888034555d00 FS: 00007f7eb8ddd700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055e32dffd030 CR3: 000000003acd8000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000600 Call Trace: arch_stack_walk+0x99/0xf0 arch/x86/kernel/stacktrace.c:26 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121 __save_stack_trace mm/kmemleak.c:563 [inline] create_object.isra.0+0x372/0xa20 mm/kmemleak.c:618 kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] slab_post_alloc_hook mm/slab.h:534 [inline] slab_alloc_node mm/slub.c:2896 [inline] slab_alloc mm/slub.c:2904 [inline] kmem_cache_alloc+0x159/0x360 mm/slub.c:2909 __skb_ext_alloc+0x19/0x90 net/core/skbuff.c:6223 skb_ext_add+0x508/0x670 net/core/skbuff.c:6318 skb_set_kcov_handle include/linux/skbuff.h:4630 [inline] skb_set_kcov_handle include/linux/skbuff.h:4620 [inline] __alloc_skb+0x3c1/0x620 net/core/skbuff.c:253 __netdev_alloc_skb+0x6e/0x360 net/core/skbuff.c:446 netdev_alloc_skb include/linux/skbuff.h:2834 [inline] dev_alloc_skb include/linux/skbuff.h:2847 [inline] __ieee80211_beacon_get+0x3af/0x13a0 net/mac80211/tx.c:4874 ieee80211_beacon_get_tim+0x88/0x910 net/mac80211/tx.c:4988 ieee80211_beacon_get include/net/mac80211.h:4912 [inline] mac80211_hwsim_beacon_tx+0x111/0x8f0 drivers/net/wireless/mac80211_hwsim.c:1735 __iterate_interfaces+0x1f0/0x530 net/mac80211/util.c:792 ieee80211_iterate_active_interfaces_atomic+0x72/0x180 net/mac80211/util.c:828 mac80211_hwsim_beacon+0xd1/0x1d0 drivers/net/wireless/mac80211_hwsim.c:1788 __run_hrtimer kernel/time/hrtimer.c:1583 [inline] __hrtimer_run_queues+0x5e8/0xb50 kernel/time/hrtimer.c:1647 hrtimer_run_softirq+0x148/0x310 kernel/time/hrtimer.c:1664 __do_softirq+0x1b8/0x86b kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1095 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:__preempt_count_sub arch/x86/include/asm/preempt.h:84 [inline] RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0x25/0x40 kernel/locking/spinlock.c:191 Code: 3e 00 0f 1f 00 55 48 89 fd 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 ba 37 45 fd 48 89 ef e8 92 f1 45 fd f6 c7 02 75 10 53 9d <65> ff 0d a4 b2 20 7c 5b 5d e9 5d 83 3e 00 e8 98 b6 64 fd eb e9 66 RSP: 0018:ffff88801db3f8d8 EFLAGS: 00000283 RAX: 000000000032b833 RBX: 0000000000000283 RCX: 1ffffffff0cf4412 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff83e1bca8 RBP: ffff88800fb4a150 R08: 0000000000000001 R09: ffffffff8679767f R10: fffffbfff0cf2ecf R11: 0000000000000001 R12: 0000000000000283 R13: ffff88800fb4a150 R14: ffff88800fb499c0 R15: ffff88806cf00000 try_to_wake_up+0x5c4/0x1360 kernel/sched/core.c:2999 wake_up_process kernel/sched/core.c:3066 [inline] wake_up_q+0x9e/0x110 kernel/sched/core.c:596 __mutex_unlock_slowpath+0x2a9/0x600 kernel/locking/mutex.c:1286 kobject_uevent_env+0x97c/0xf90 lib/kobject_uevent.c:595 __kobject_del+0x27c/0x320 lib/kobject.c:617 kobject_cleanup lib/kobject.c:696 [inline] kobject_release lib/kobject.c:736 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x215/0x270 lib/kobject.c:753 net_rx_queue_update_kobjects+0x370/0x470 net/core/net-sysfs.c:1083 remove_queue_kobjects net/core/net-sysfs.c:1805 [inline] netdev_unregister_kobject+0x152/0x280 net/core/net-sysfs.c:1959 unregister_netdevice_many+0xbb7/0x1490 net/core/dev.c:10753 unregister_netdevice_queue+0x201/0x2c0 net/core/dev.c:10660 unregister_netdevice include/linux/netdevice.h:2883 [inline] __tun_detach+0xffc/0x12f0 drivers/net/tun.c:696 tun_detach drivers/net/tun.c:713 [inline] tun_chr_close+0xc4/0x190 drivers/net/tun.c:3466 __fput+0x285/0x980 fs/file_table.c:281 task_work_run+0xe2/0x1a0 kernel/task_work.c:151 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:164 [inline] exit_to_user_mode_prepare+0x155/0x160 kernel/entry/common.c:191 syscall_exit_to_user_mode+0x38/0x230 kernel/entry/common.c:266 entry_SYSCALL_64_after_hwframe+0x61/0xc6 RIP: 0033:0x7f7ebb867b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f7eb8ddd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000124 RAX: 0000000000000003 RBX: 00007f7ebb97af60 RCX: 00007f7ebb867b19 RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000005 RBP: 00007f7ebb8c1f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffee81c099f R14: 00007f7eb8ddd300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline] NMI backtrace for cpu 1 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline] NMI backtrace for cpu 1 skipped: idling at default_idle+0xe/0x20 arch/x86/kernel/process.c:689 ---------------- Code disassembly (best guess): 0: 03 53 48 add 0x48(%rbx),%edx 3: 89 fb mov %edi,%ebx 5: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax 9: 84 c0 test %al,%al b: 74 04 je 0x11 d: 3c 03 cmp $0x3,%al f: 7e 59 jle 0x6a 11: 8b 03 mov (%rbx),%eax 13: 85 c0 test %eax,%eax 15: 75 09 jne 0x20 17: 31 c0 xor %eax,%eax 19: 5b pop %rbx 1a: 5d pop %rbp 1b: e9 df c0 0f 03 jmpq 0x30fc0ff 20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 27: fc ff df * 2a: 48 8d 6b 48 lea 0x48(%rbx),%rbp <-- trapping instruction 2e: 48 89 ea mov %rbp,%rdx 31: 48 c1 ea 03 shr $0x3,%rdx 35: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 39: 75 36 jne 0x71 3b: 48 8b 7b 48 mov 0x48(%rbx),%rdi 3f: e8 .byte 0xe8