watchdog: BUG: soft lockup - CPU#1 stuck for 369s! [syz-executor.1:19854] Modules linked in: CPU: 1 PID: 19854 Comm: syz-executor.1 Not tainted 6.4.0-rc4-syzkaller #0 Hardware name: ARM-Versatile Express PC is at __list_del_entry include/linux/list.h:134 [inline] PC is at list_move_tail include/linux/list.h:229 [inline] PC is at fq_pie_qdisc_dequeue+0x1e4/0x1f0 net/sched/sch_fq_pie.c:248 LR is at __list_del_entry include/linux/list.h:134 [inline] LR is at list_move_tail include/linux/list.h:229 [inline] LR is at fq_pie_qdisc_dequeue+0x1e4/0x1f0 net/sched/sch_fq_pie.c:248 pc : [<813fcb44>] lr : [<813fcb44>] psr: 60000113 sp : df805b28 ip : df805b28 fp : df805b4c r10: 85c5ea94 r9 : 00000010 r8 : 85c5eb10 r7 : 85c5eb18 r6 : 85c5eb10 r5 : 85c5ea00 r4 : 86068dac r3 : 85c5eb10 r2 : 86068dac r1 : 86068dac r0 : 00000001 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 30c5387d Table: 8db33ac0 DAC: 00000000 Backtrace: frame pointer underflow [<813fc960>] (fq_pie_qdisc_dequeue) from [<813aacd8>] (dequeue_skb net/sched/sch_generic.c:292 [inline]) [<813fc960>] (fq_pie_qdisc_dequeue) from [<813aacd8>] (qdisc_restart net/sched/sch_generic.c:397 [inline]) [<813fc960>] (fq_pie_qdisc_dequeue) from [<813aacd8>] (__qdisc_run+0xb4/0x7f8 net/sched/sch_generic.c:415) r9:00000010 r8:85c5eaa0 r7:84cef200 r6:00000000 r5:85c5ea00 r4:85c5ea00 [<813aac24>] (__qdisc_run) from [<8133bf2c>] (__dev_xmit_skb net/core/dev.c:3868 [inline]) [<813aac24>] (__qdisc_run) from [<8133bf2c>] (__dev_queue_xmit+0x814/0xdc8 net/core/dev.c:4210) r10:85c5ea94 r9:85c5ea5c r8:00000000 r7:84cef200 r6:00000000 r5:85c5ea00 r4:87ba6480 [<8133b718>] (__dev_queue_xmit) from [<81347234>] (dev_queue_xmit include/linux/netdevice.h:3085 [inline]) [<8133b718>] (__dev_queue_xmit) from [<81347234>] (neigh_connected_output+0xd8/0x118 net/core/neighbour.c:1581) r10:85c93360 r9:00000000 r8:84d49000 r7:00000000 r6:87ba6480 r5:85c93300 r4:00000000 [<8134715c>] (neigh_connected_output) from [<815ac000>] (neigh_output include/net/neighbour.h:544 [inline]) [<8134715c>] (neigh_connected_output) from [<815ac000>] (ip6_finish_output2+0x1bc/0x830 net/ipv6/ip6_output.c:134) r10:85cf6800 r9:ff7c9f58 r8:84b30968 r7:00000009 r6:85c93300 r5:87ba6480 r4:84d49000 [<815abe44>] (ip6_finish_output2) from [<815b0028>] (__ip6_finish_output net/ipv6/ip6_output.c:195 [inline]) [<815abe44>] (ip6_finish_output2) from [<815b0028>] (ip6_finish_output+0x224/0x35c net/ipv6/ip6_output.c:206) r10:00002000 r9:000005ac r8:00000000 r7:00000000 r6:85800000 r5:848d43c0 r4:87ba6480 [<815afe04>] (ip6_finish_output) from [<815b01d8>] (NF_HOOK_COND include/linux/netfilter.h:292 [inline]) [<815afe04>] (ip6_finish_output) from [<815b01d8>] (ip6_output+0x78/0x1e4 net/ipv6/ip6_output.c:227) r10:00002000 r9:84d49000 r8:84d49000 r7:00000001 r6:848d43c0 r5:85800000 r4:87ba6480 [<815b0160>] (ip6_output) from [<815d51b4>] (dst_output include/net/dst.h:458 [inline]) [<815b0160>] (ip6_output) from [<815d51b4>] (NF_HOOK include/linux/netfilter.h:303 [inline]) [<815b0160>] (ip6_output) from [<815d51b4>] (ndisc_send_skb+0x2c0/0x444 net/ipv6/ndisc.c:508) r9:85800000 r8:00000113 r7:ff7c9ec0 r6:85cf6800 r5:00000001 r4:87ba6480 [<815d4ef4>] (ndisc_send_skb) from [<815d6734>] (ndisc_send_rs+0x68/0x1c8 net/ipv6/ndisc.c:718) r10:81a04b60 r9:0007b000 r8:00000000 r7:81c4681c r6:df805e2c r5:87ba6480 r4:84d49000 [<815d66cc>] (ndisc_send_rs) from [<815bbd00>] (addrconf_rs_timer+0xbc/0x2fc net/ipv6/addrconf.c:3936) r8:00000100 r7:84d49000 r6:85cf6948 r5:85cf694c r4:85cf6a80 [<815bbc44>] (addrconf_rs_timer) from [<802ef178>] (call_timer_fn+0x30/0x220 kernel/time/timer.c:1700) r10:81a04b60 r9:0007b000 r8:00000100 r7:815bbc44 r6:84e14680 r5:ddddbac0 r4:85cf6a80 [<802ef148>] (call_timer_fn) from [<802ef464>] (expire_timers+0xfc/0x21c kernel/time/timer.c:1751) r9:0007b000 r8:84e14680 r7:df805ef0 r6:815bbc44 r5:ddddbac0 r4:85cf6a80 [<802ef368>] (expire_timers) from [<802ef6a0>] (__run_timers kernel/time/timer.c:2022 [inline]) [<802ef368>] (expire_timers) from [<802ef6a0>] (__run_timers kernel/time/timer.c:1995 [inline]) [<802ef368>] (expire_timers) from [<802ef6a0>] (run_timer_softirq+0x11c/0x2c8 kernel/time/timer.c:2035) r10:81f9a034 r9:827e17cc r8:8260c960 r7:82604d40 r6:ddddbac0 r5:00000002 r4:df805ef0 [<802ef584>] (run_timer_softirq) from [<80201338>] (__do_softirq+0x16c/0x480 kernel/softirq.c:571) r10:84e14680 r9:00000100 r8:00000082 r7:eb6adfb0 r6:00000001 r5:00000002 r4:82604084 [<802011cc>] (__do_softirq) from [<8024ac2c>] (invoke_softirq kernel/softirq.c:445 [inline]) [<802011cc>] (__do_softirq) from [<8024ac2c>] (__irq_exit_rcu+0xd0/0x190 kernel/softirq.c:650) r10:7eaa3534 r9:76b4e6d0 r8:00000000 r7:eb6adfb0 r6:8211b4c8 r5:824b0280 r4:84e14680 [<8024ab5c>] (__irq_exit_rcu) from [<8024ae54>] (irq_exit+0x10/0x18 kernel/softirq.c:674) r5:82155ba0 r4:824b0264 [<8024ae44>] (irq_exit) from [<817f7218>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:240) [<817f719c>] (generic_handle_arch_irq) from [<817ac180>] (call_with_stack+0x1c/0x20 arch/arm/lib/call_with_stack.S:40) r9:76b4e6d0 r8:824a6044 r7:84e14680 r6:ffffffff r5:20000010 r4:0001711c [<817ac164>] (call_with_stack) from [<80200e74>] (__irq_usr+0x74/0x80 arch/arm/kernel/entry-armv.S:436) Exception stack(0xeb6adfb0 to 0xeb6adff8) dfa0: ffffffff 00000004 000001b8 00000000 dfc0: 00000000 00000000 00000000 00000000 7eaa33c2 76b4e6d0 7eaa3534 76b4e20c dfe0: 20000250 20000250 0001711c 0001711c 20000010 ffffffff Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 9093 Comm: syz-executor.0 Not tainted 6.4.0-rc4-syzkaller #0 Hardware name: ARM-Versatile Express PC is at 0x1711c LR is at 0x1711c pc : [<0001711c>] lr : [<0001711c>] psr: 20000010 sp : 20000320 ip : 20000320 fp : 76b9d20c r10: 7e8e5534 r9 : 76b9d6d0 r8 : 7e8e53c2 r7 : 00000000 r6 : 00000000 r5 : 00000000 r4 : 00000000 r3 : 00000000 r2 : 000001b8 r1 : 00000004 r0 : ffffffff Flags: nzCv IRQs on FIQs on Mode USER_32 ISA ARM Segment user Control: 30c5387d Table: 85d7a940 DAC: fffffffd Backtrace: invalid frame pointer 0x76b9d20c