wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.4:3895]
Modules linked in:
irq event stamp: 7148443
hardirqs last  enabled at (7148442): [<ffffffff8484c78b>] irqentry_exit+0x3b/0x90
hardirqs last disabled at (7148443): [<ffffffff8484b14f>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (7083080): [<ffffffff811a97cc>] handle_softirqs+0x50c/0x770
softirqs last disabled at (7083083): [<ffffffff811a9b64>] __irq_exit_rcu+0xc4/0x100
CPU: 0 UID: 0 PID: 3895 Comm: syz-executor.4 Not tainted 6.12.0-next-20241122 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:arch_stack_walk+0xa0/0xf0
Code: 03 84 c0 74 2a 48 8d bd 68 ff ff ff e8 b9 85 07 00 8b 85 68 ff ff ff 85 c0 74 14 48 8d bd 68 ff ff ff e8 13 83 07 00 48 89 c6 <48> 85 c0 75 ca 48 8b 45 d8 65 48 2b 04 25 28 00 00 00 75 32 48 83
RSP: 0018:ffff88806ce09538 EFLAGS: 00000246
RAX: ffffffff8484b1b0 RBX: ffffffff813f2420 RCX: ffffffff86795f01
RDX: 1ffff1100d9c12b2 RSI: ffffffff8484b1b0 RDI: ffffffff8484b1b0
RBP: ffff88806ce095d0 R08: ffffffff86795f9e R09: ffff88806ce09578
R10: 000000000003c001 R11: 000000000000804d R12: ffff88806ce09600
R13: 0000000000000000 R14: ffff88800e145280 R15: 0000000000092820
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f11049036f4 CR3: 000000003b8d2000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 stack_trace_save+0x8f/0xc0
 kasan_save_stack+0x24/0x50
 kasan_save_track+0x14/0x30
 __kasan_slab_alloc+0x59/0x70
 kmem_cache_alloc_noprof+0x13d/0x3d0
 __alloc_object+0x2f/0x270
 __create_object+0x1d/0x80
 kmem_cache_alloc_node_noprof+0x311/0x3e0
 kmalloc_reserve+0x189/0x2b0
 __alloc_skb+0x162/0x370
 skb_copy+0x1d5/0x3b0
 mac80211_hwsim_tx_frame_no_nl.isra.0+0xafb/0x1320
 mac80211_hwsim_tx_frame+0x1ee/0x2a0
 mac80211_hwsim_beacon_tx+0x546/0x950
 __iterate_interfaces+0x2e0/0x650
 ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x1ab/0xa70
 hrtimer_run_softirq+0x14c/0x310
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:rcu_preempt_deferred_qs_irqrestore+0xf7/0xb90
Code: 45 84 ed 75 3b f7 c5 00 02 00 00 75 13 48 83 c4 40 5b 5d 41 5c 41 5d 41 5e 41 5f e9 93 25 4c 03 e8 be 21 1f 00 fb 48 83 c4 40 <5b> 5d 41 5c 41 5d 41 5e 41 5f e9 7a 25 4c 03 e8 05 50 ff ff eb 8f
RSP: 0018:ffff8880402e7620 EFLAGS: 00000282
RAX: 000000000061c17d RBX: ffff88806ce3c780 RCX: 1ffffffff0fe0447
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff813ae392
RBP: 0000000000000246 R08: 0000000000000001 R09: fffffbfff0fdddf2
R10: ffffffff87eeef97 R11: 00000000efe4b99a R12: ffff88806ce3c791
R13: 0000000000010100 R14: ffff88800e145280 R15: ffff8880402e7ad0
 __rcu_read_unlock+0x25f/0x4f0
 unmap_page_range+0x101b/0x3590
 unmap_single_vma+0x19a/0x2b0
 unmap_vmas+0x1f1/0x450
 exit_mmap+0x187/0xac0
 mmput+0xd5/0x350
 do_exit+0x9ae/0x2a30
 do_group_exit+0xd3/0x2a0
 get_signal+0x2240/0x2320
 arch_do_signal_or_restart+0x81/0x780
 syscall_exit_to_user_mode+0x123/0x1e0
 do_syscall_64+0xcc/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5bc202db19
Code: Unable to access opcode bytes at 0x7f5bc202daef.
RSP: 002b:00007f5bbf5a3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000132
RAX: 0000000000000000 RBX: 00007f5bc2140f60 RCX: 00007f5bc202db19
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f5bc2087f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffc7fd5a6f R14: 00007f5bbf5a3300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 3967 Comm: syz-executor.3 Not tainted 6.12.0-next-20241122 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:queued_spin_lock_slowpath+0x242/0xb60
Code: 02 48 89 e8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 85 08 00 00 b8 01 00 00 00 66 89 45 00 e9 bf fe ff ff 89 44 24 38 f3 90 <e9> 5b fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03
RSP: 0018:ffff88806cf099e0 EFLAGS: 00000202
RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff8486f2bf
RDX: fffffbfff0c1b639 RSI: 0000000000000004 RDI: ffffffff860db1c0
RBP: ffffffff860db1c0 R08: 0000000000000000 R09: fffffbfff0c1b638
R10: ffffffff860db1c3 R11: 5050505001000011 R12: 1ffff1100d9e133d
R13: 0000000000000003 R14: fffffbfff0c1b638 R15: ffff88806cf09a18
FS:  000055556d81f400(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd6a204e228 CR3: 000000003b8d6000 CR4: 0000000000350ef0
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 do_raw_spin_lock+0x1de/0x270
 mac80211_hwsim_tx_frame_no_nl.isra.0+0x6d1/0x1320
 mac80211_hwsim_tx_frame+0x1ee/0x2a0
 mac80211_hwsim_beacon_tx+0x546/0x950
 __iterate_interfaces+0x2e0/0x650
 ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x1ab/0xa70
 hrtimer_run_softirq+0x14c/0x310
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__call_rcu_common.constprop.0+0x609/0xaa0
Code: 3c 02 00 0f 85 d7 03 00 00 48 8b 05 31 23 87 04 49 03 85 18 01 00 00 49 39 c4 0f 8f be 01 00 00 e8 4c 0a 1f 00 fb 48 83 c4 20 <5b> 5d 41 5c 41 5d 41 5e 41 5f e9 08 0e 4c 03 e8 d3 a0 fe ff e9 1d
RSP: 0018:ffff888034f7f618 EFLAGS: 00000286
RAX: 000000000001bd47 RBX: ffff8880414be9c0 RCX: 1ffffffff0c7eb39
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff813afb04
RBP: ffff88806cf3c898 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff863f9417 R11: 00000000000c398f R12: 00000000000188dd
R13: ffff88806cf3c780 R14: ffff88806cf3c820 R15: 0000000000000002
 kfree+0x28e/0x480
 kvfree+0x46/0x50
 translate_table+0xb4a/0x16d0
 ip6t_register_table+0x109/0x440
 ip6table_filter_table_init+0x97/0xd0
 xt_find_table_lock+0x2a2/0x470
 xt_request_find_table_lock+0x2b/0xe0
 get_info+0x10b/0x460
 do_ip6t_get_ctl+0x16d/0xf20
 nf_getsockopt+0x7c/0xd0
 ipv6_getsockopt+0x1ed/0x270
 tcp_getsockopt+0xa3/0x110
 do_sock_getsockopt+0x24e/0x430
 __sys_getsockopt+0x125/0x1b0
 __x64_sys_getsockopt+0xbe/0x160
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f35e1ed713a
Code: 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd6a9e5cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 0000000000000029 RCX: 00007f35e1ed713a
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 0000000000000003 R08: 00007ffd6a9e5cfc R09: ffffffffffff0000
R10: 00007f35e1fb6b68 R11: 0000000000000246 R12: 00007ffd6a9e5cfc
R13: 00007f35e1f3065b R14: 00007f35e1fb6b68 R15: 00007f35e1fb6b60
 </TASK>
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
Bluetooth: hci0: command 0x0406 tx timeout
Bluetooth: hci6: command 0x0406 tx timeout
Bluetooth: hci2: command 0x0406 tx timeout
Bluetooth: hci4: command 0x0406 tx timeout
Bluetooth: hci5: command 0x0406 tx timeout
----------------
Code disassembly (best guess):
   0:	03 84 c0 74 2a 48 8d 	add    -0x72b7d58c(%rax,%rax,8),%eax
   7:	bd 68 ff ff ff       	mov    $0xffffff68,%ebp
   c:	e8 b9 85 07 00       	callq  0x785ca
  11:	8b 85 68 ff ff ff    	mov    -0x98(%rbp),%eax
  17:	85 c0                	test   %eax,%eax
  19:	74 14                	je     0x2f
  1b:	48 8d bd 68 ff ff ff 	lea    -0x98(%rbp),%rdi
  22:	e8 13 83 07 00       	callq  0x7833a
  27:	48 89 c6             	mov    %rax,%rsi
* 2a:	48 85 c0             	test   %rax,%rax <-- trapping instruction
  2d:	75 ca                	jne    0xfffffff9
  2f:	48 8b 45 d8          	mov    -0x28(%rbp),%rax
  33:	65 48 2b 04 25 28 00 	sub    %gs:0x28,%rax
  3a:	00 00
  3c:	75 32                	jne    0x70
  3e:	48                   	rex.W
  3f:	83                   	.byte 0x83