watchdog: BUG: soft lockup - CPU#1 stuck for 134s! [syz-executor.3:9047] Modules linked in: irq event stamp: 27490209 hardirqs last enabled at (27490208): [] asm_sysvec_irq_work+0x12/0x20 arch/x86/include/asm/idtentry.h:654 hardirqs last disabled at (27490209): [] sysvec_apic_timer_interrupt+0xc/0x100 arch/x86/kernel/apic/apic.c:1096 softirqs last enabled at (13593946): [] asm_call_irq_on_stack+0xf/0x20 softirqs last disabled at (13593953): [] asm_call_irq_on_stack+0xf/0x20 CPU: 1 PID: 9047 Comm: syz-executor.3 Not tainted 5.11.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0x25/0x50 kernel/locking/spinlock.c:191 Code: f8 5d c3 66 90 55 48 89 fd 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 2a 03 5d f8 48 89 ef e8 f2 b7 5d f8 f6 c7 02 75 1a 53 9d 01 00 00 00 e8 a1 be 51 f8 65 8b 05 aa 2d 06 77 85 c0 74 0a 5b RSP: 0018:ffffc90000db0e30 EFLAGS: 00000286 RAX: 0000000001a3723c RBX: 0000000000000286 RCX: ffffffff81584977 RDX: 0000000000000000 RSI: 0000000000000102 RDI: 0000000000000000 RBP: ffff8880b9f26a00 R08: 0000000000000001 R09: ffffffff8ed307b7 R10: fffffbfff1da60f6 R11: 0000000000000000 R12: 000000e2eb8bd6ae R13: ffff8880b9f26c80 R14: ffff8880b9f26a00 R15: ffffffff8514cfc0 FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000562c8e7c4b08 CR3: 0000000011ad4000 CR4: 0000000000350ee0 Call Trace: __run_hrtimer kernel/time/hrtimer.c:1515 [inline] __hrtimer_run_queues+0x51a/0xe40 kernel/time/hrtimer.c:1583 hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1600 __do_softirq+0x2bc/0xa29 kernel/softirq.c:343 asm_call_irq_on_stack+0xf/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:226 [inline] __irq_exit_rcu kernel/softirq.c:420 [inline] irq_exit_rcu+0x134/0x200 kernel/softirq.c:432 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1096 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628 RIP: 0010:zap_pte_range mm/memory.c:1228 [inline] RIP: 0010:zap_pmd_range mm/memory.c:1368 [inline] RIP: 0010:zap_pud_range mm/memory.c:1397 [inline] RIP: 0010:zap_p4d_range mm/memory.c:1418 [inline] RIP: 0010:unmap_page_range+0x9e5/0x2640 mm/memory.c:1439 Code: 00 49 89 c7 49 8d 87 00 f0 ff ff 48 89 04 24 e8 a1 c7 cd ff 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 d1 17 00 00 4d 8b 65 00 <31> ff 4c 89 e3 48 83 e3 9f 48 89 de e8 6a cf cd ff 48 85 db 0f 85 RSP: 0018:ffffc90002bbf798 EFLAGS: 00000246 RAX: 1ffff11002319c4f RBX: 00000000011a0000 RCX: 0000000000000000 RDX: ffff88801dad8000 RSI: ffffffff81a5021f RDI: 0000000000000003 RBP: ffffea0001999380 R08: 00000000011a0000 R09: 0000000000000000 R10: ffffffff81a501fc R11: 0000000000000000 R12: 800000006664f805 R13: ffff8880118ce278 R14: dffffc0000000000 R15: 0000000001050000 unmap_single_vma+0x198/0x300 mm/memory.c:1484 unmap_vmas+0x168/0x2e0 mm/memory.c:1516 exit_mmap+0x2b1/0x5a0 mm/mmap.c:3220 __mmput+0x122/0x470 kernel/fork.c:1083 mmput+0x53/0x60 kernel/fork.c:1104 exit_mm kernel/exit.c:501 [inline] do_exit+0xb6a/0x2ae0 kernel/exit.c:812 do_group_exit+0x125/0x310 kernel/exit.c:922 get_signal+0x3e9/0x20a0 kernel/signal.c:2770 arch_do_signal_or_restart+0x2a8/0x1eb0 arch/x86/kernel/signal.c:811 handle_signal_work kernel/entry/common.c:147 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x148/0x250 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:302 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x46107a Code: Unable to access opcode bytes at RIP 0x461050. RSP: 002b:00007f31e047ac48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000046107a RDX: 0000000000014d4b RSI: 00007f31e047ac50 RDI: 0000000000000001 RBP: 00000000004c4fef R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000e R13: 00007fff7ae3d3df R14: 000000000119bf80 R15: 000000000119bf8c Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 9055 Comm: syz-executor.4 Not tainted 5.11.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:native_apic_mem_write+0x8/0x10 arch/x86/include/asm/apic.h:110 Code: c7 a0 3a 60 8e e8 58 88 84 00 eb b0 66 0f 1f 44 00 00 be 01 00 00 00 e9 56 79 2c 00 cc cc cc cc cc cc 89 ff 89 b7 00 c0 5f ff 0f 1f 80 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 53 89 fb 48 RSP: 0018:ffffc90000007980 EFLAGS: 00000046 RAX: dffffc0000000000 RBX: ffffffff8ae6c8a0 RCX: 0000000000000020 RDX: 1ffffffff15cd916 RSI: 0000000000000179 RDI: 0000000000000380 RBP: ffff8880b9e1fa00 R08: 000000000000003f R09: 0000000000000000 R10: ffffffff8165bd07 R11: 0000000000000000 R12: 0000000000000179 R13: 0000000000000020 R14: 0000000000000000 R15: ffff8880b9e26a00 FS: 0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000562c8e7c7cf8 CR3: 0000000011ad4000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: apic_write arch/x86/include/asm/apic.h:403 [inline] lapic_next_event+0x4d/0x80 arch/x86/kernel/apic/apic.c:471 clockevents_program_event+0x254/0x370 kernel/time/clockevents.c:334 tick_program_event+0xac/0x140 kernel/time/tick-oneshot.c:44 hrtimer_interrupt+0x4a5/0x940 kernel/time/hrtimer.c:1658 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1085 [inline] __sysvec_apic_timer_interrupt+0x146/0x540 arch/x86/kernel/apic/apic.c:1102 run_sysvec_on_irqstack_cond arch/x86/include/asm/irq_stack.h:91 [inline] sysvec_apic_timer_interrupt+0x48/0x100 arch/x86/kernel/apic/apic.c:1096 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628 RIP: 0010:mac80211_hwsim_tx_frame_no_nl.isra.0+0x72e/0x1330 drivers/net/wireless/mac80211_hwsim.c:1445 Code: 44 24 08 e8 84 c6 5d fc 0f b6 44 24 08 84 c0 0f 85 a8 06 00 00 e8 f2 bf 5d fc e8 ed bf 5d fc 48 89 d8 48 c1 e8 03 80 3c 28 00 <0f> 85 93 09 00 00 48 8b 1b 48 81 fb e0 98 10 8c 0f 84 f7 04 00 00 RSP: 0018:ffffc90000007ba8 EFLAGS: 00000246 RAX: 1ffff1100268e624 RBX: ffff888013473120 RCX: 0000000000000100 RDX: ffff88801f2e1bc0 RSI: ffffffff851509d3 RDI: 0000000000000003 RBP: dffffc0000000000 R08: 0000000000000001 R09: ffffffff85150af5 R10: ffffffff85150bb3 R11: 0000000000000000 R12: ffff888024cc5c80 R13: ffff8880786fb350 R14: ffff8880786fb120 R15: 0000000000000003 mac80211_hwsim_tx_frame+0x14f/0x1e0 drivers/net/wireless/mac80211_hwsim.c:1705 mac80211_hwsim_beacon_tx+0x4ba/0x910 drivers/net/wireless/mac80211_hwsim.c:1759 __iterate_interfaces+0x1e5/0x520 net/mac80211/util.c:793 ieee80211_iterate_active_interfaces_atomic+0x8d/0x170 net/mac80211/util.c:829 mac80211_hwsim_beacon+0xd5/0x1a0 drivers/net/wireless/mac80211_hwsim.c:1782 __run_hrtimer kernel/time/hrtimer.c:1519 [inline] __hrtimer_run_queues+0x609/0xe40 kernel/time/hrtimer.c:1583 hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1600 __do_softirq+0x2bc/0xa29 kernel/softirq.c:343 asm_call_irq_on_stack+0xf/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:226 [inline] __irq_exit_rcu kernel/softirq.c:420 [inline] irq_exit_rcu+0x134/0x200 kernel/softirq.c:432 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1096 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628 RIP: 0010:lock_page_memcg+0x1b5/0x4f0 mm/memcontrol.c:2185 Code: 41 b8 01 00 00 00 4c 89 f7 e8 d7 d7 9d ff 58 48 c7 c6 36 f4 ba 81 4c 89 f7 e8 b7 d0 9d ff 4d 85 ff 0f 85 2e 01 00 00 41 55 9d <4c> 8d ab c0 0b 00 00 be 04 00 00 00 4c 89 ef e8 97 94 fa ff 4c 89 RSP: 0018:ffffc90002c2f6d8 EFLAGS: 00000286 RAX: 0000000001a08925 RBX: ffff888010d02000 RCX: ffffffff81584977 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc90002c2f738 R08: 0000000000000001 R09: ffffffff8ed307b7 R10: fffffbfff1da60f6 R11: 0000000000000000 R12: dffffc0000000000 R13: 0000000000000286 R14: ffff888010d02688 R15: 0000000000000200 page_remove_rmap+0x25/0x1360 mm/rmap.c:1334 zap_pte_range mm/memory.c:1264 [inline] zap_pmd_range mm/memory.c:1368 [inline] zap_pud_range mm/memory.c:1397 [inline] zap_p4d_range mm/memory.c:1418 [inline] unmap_page_range+0xe30/0x2640 mm/memory.c:1439 unmap_single_vma+0x198/0x300 mm/memory.c:1484 unmap_vmas+0x168/0x2e0 mm/memory.c:1516 exit_mmap+0x2b1/0x5a0 mm/mmap.c:3220 __mmput+0x122/0x470 kernel/fork.c:1083 mmput+0x53/0x60 kernel/fork.c:1104 exit_mm kernel/exit.c:501 [inline] do_exit+0xb6a/0x2ae0 kernel/exit.c:812 do_group_exit+0x125/0x310 kernel/exit.c:922 get_signal+0x3e9/0x20a0 kernel/signal.c:2770 arch_do_signal_or_restart+0x2a8/0x1eb0 arch/x86/kernel/signal.c:811 handle_signal_work kernel/entry/common.c:147 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x148/0x250 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:302 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e219 Code: Unable to access opcode bytes at RIP 0x45e1ef. RSP: 002b:00007ff00b494cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 000000000119bf88 RCX: 000000000045e219 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000119bf8c RBP: 000000000119bf80 R08: 000000000000000e R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c R13: 00007fffc45e30ef R14: 00007ff00b4959c0 R15: 000000000119bf8c