watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.7:8162]
Modules linked in:
irq event stamp: 5292003
hardirqs last  enabled at (5292002): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (5292003): [<ffffffff843efa0f>] sysvec_apic_timer_interrupt+0xf/0xc0
softirqs last  enabled at (5208478): [<ffffffff8118330b>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (5208481): [<ffffffff8118330b>] __irq_exit_rcu+0x11b/0x180
CPU: 0 PID: 8162 Comm: syz-executor.7 Not tainted 6.1.0-rc7-next-20221201 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__orc_find+0x83/0xf0
Code: 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 50 48 63 03 <48> 01 d8 48 39 c1 73 b0 4c 8d 63 fc 49 39 ec 73 b3 4d 29 ee 49 c1
RSP: 0018:ffff88806ce09780 EFLAGS: 00000246
RAX: fffffffffb429aed RBX: ffffffff85d59da8 RCX: ffffffff811838e8
RDX: 0000000000000000 RSI: ffffffff860568ee RDI: ffffffff85d59d98
RBP: ffffffff85d59d98 R08: ffffffff860568ee R09: ffffffff8605680e
R10: ffffed100d9c1316 R11: 0000000000038001 R12: ffffffff85d59db8
R13: ffffffff85d59d98 R14: ffffffff85d59d98 R15: dffffc0000000000
FS:  00007f3cf0a54700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f09d2f20590 CR3: 000000001fd6a000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 unwind_next_frame+0x2b1/0x2130
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 __kasan_record_aux_stack+0x95/0xb0
 __call_rcu_common.constprop.0+0x6a/0xa40
 __kmem_cache_free+0x95/0x410
 skb_release_data+0x6d8/0x810
 consume_skb+0xcb/0x170
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x566/0xab0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x74/0x180
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xba0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x8f9
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:unwind_next_frame+0x35f/0x2130
Code: 00 fc ff df 4d 8d 48 04 4c 89 ca 48 c1 ea 03 0f b6 04 02 4c 89 ca 83 e2 07 38 d0 7f 08 84 c0 0f 85 e4 14 00 00 41 0f b6 40 04 <a8> 0f 0f 85 a2 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 78 05
RSP: 0018:ffff888045537750 EFLAGS: 00000246
RAX: 0000000000000014 RBX: 0000000000000001 RCX: ffffffff843eb67e
RDX: 0000000000000006 RSI: ffffffff8645b246 RDI: ffffffff86007928
RBP: ffff888045537828 R08: ffffffff8645b26a R09: ffffffff8645b26e
R10: ffffed1008aa6f07 R11: 0000000000038001 R12: ffff888045537811
R13: ffff888045537830 R14: ffff8880455377d0 R15: ffffffff843eb67e
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 __kasan_record_aux_stack+0x95/0xb0
 __call_rcu_common.constprop.0+0x6a/0xa40
 security_inode_free+0xa4/0xd0
 __destroy_inode+0x200/0x710
 destroy_inode+0x91/0x1b0
 iput.part.0+0x528/0x7d0
 iput+0x5c/0x80
 dentry_unlink_inode+0x2b4/0x460
 __dentry_kill+0x36f/0x5c0
 dput+0x668/0xe10
 simple_recursive_removal+0x143/0x850
 debugfs_remove+0x5d/0x80
 blk_unregister_queue+0x1c8/0x2d0
 del_gendisk+0x36a/0xa70
 loop_control_ioctl+0x455/0x620
 __x64_sys_ioctl+0x19e/0x210
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f3cf34deb19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3cf0a54188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f3cf35f1f60 RCX: 00007f3cf34deb19
RDX: 0000000000000004 RSI: 0000000000004c81 RDI: 0000000000000005
RBP: 00007f3cf3538f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffcaf49fff R14: 00007f3cf0a54300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 8152 Comm: syz-executor.3 Not tainted 6.1.0-rc7-next-20221201 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:lapic_next_deadline+0x25/0x50
Code: 90 90 90 90 90 f3 0f 1e fa 0f ae f0 0f ae e8 0f 31 48 c1 e2 20 b9 e0 06 00 00 48 09 c2 48 8d 04 fa 48 89 c2 48 c1 ea 20 0f 30 <66> 90 31 c0 e9 56 23 31 03 48 89 c6 31 d2 bf e0 06 00 00 e8 13 4c
RSP: 0018:ffff88806cf09640 EFLAGS: 00000012
RAX: 0000012a25074674 RBX: 0000000000000000 RCX: 00000000000006e0
RDX: 000000000000012a RSI: ffff88806cf28100 RDI: 0000000000000270
RBP: ffff88806cf28100 R08: 0000000000000007 R09: 0000000000000000
R10: 00000000000006fc R11: 0000000000000001 R12: 0000000000000270
R13: 0000000000000000 R14: 0000000000000000 R15: ffff88806cf2b840
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561794ba8628 CR3: 00000000193e2000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 clockevents_program_event+0x248/0x360
 tick_program_event+0xb0/0x150
 hrtimer_interrupt+0x36a/0x770
 __sysvec_apic_timer_interrupt+0x148/0x500
 sysvec_apic_timer_interrupt+0x3f/0xc0
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:unwind_next_frame+0x114/0x2130
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 64 17 00 00 41 f6 84 24 88 00 00 00 03 0f 85 b7 02 00 00 48 b8 00 00 00 00 00 fc ff df <4d> 8d 66 41 4c 89 e2 48 c1 ea 03 0f b6 04 02 4c 89 e2 83 e2 07 38
RSP: 0018:ffff88806cf09820 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: 0000000000000002 RCX: 1ffffffff0f36ee8
RDX: 1ffff1100d9e1320 RSI: ffffffff817cdd31 RDI: 0000000000000001
RBP: ffff88806cf098f8 R08: ffffffff86085dd8 R09: ffffffff86085ddc
R10: ffffed100d9e1321 R11: ffff88806cf098e0 R12: 0000000000000000
R13: ffff88806cf09900 R14: ffff88806cf098a0 R15: ffff888008c9adc0
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 __kasan_record_aux_stack+0x95/0xb0
 __call_rcu_common.constprop.0+0x6a/0xa40
 kmem_cache_free+0xc1/0x610
 kfree_skbmem+0xef/0x1b0
 consume_skb+0xd8/0x170
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x566/0xab0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x74/0x180
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xba0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x8f9
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:page_remove_rmap+0x259/0x620
Code: c7 0c 00 e8 49 9f d6 ff 48 89 ef e8 61 07 0d 00 49 8d 7c 24 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <0f> 85 1b 03 00 00 49 8b 5c 24 20 31 ff 81 e3 00 20 00 00 48 89 de
RSP: 0018:ffff88804434f6d0 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff88804434f658
RDX: 1ffff11001d7e486 RSI: 0000000000000001 RDI: ffff88800ebf2430
RBP: ffffea00004168c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800ebf2410
R13: ffffea00004168c0 R14: ffffea00004168f0 R15: ffff88804434fad8
 unmap_page_range+0x1fdf/0x2c10
 unmap_single_vma+0x190/0x2a0
 unmap_vmas+0x226/0x380
 exit_mmap+0x158/0x680
 mmput+0xd5/0x390
 do_exit+0x99b/0x2720
 do_group_exit+0xd4/0x2a0
 get_signal+0x21a5/0x22e0
 arch_do_signal_or_restart+0x79/0x5a0
 exit_to_user_mode_prepare+0x131/0x1a0
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f8014518b19
Code: Unable to access opcode bytes at 0x7f8014518aef.
RSP: 002b:00007f8011a8e188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffea RBX: 00007f801462bf60 RCX: 00007f8014518b19
RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000080
RBP: 00007f8014572f6d R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe8c5d4e2f R14: 00007f8011a8e300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	01 d0                	add    %edx,%eax
   2:	48 d1 f8             	sar    %rax
   5:	48 8d 5c 85 00       	lea    0x0(%rbp,%rax,4),%rbx
   a:	48 89 d8             	mov    %rbx,%rax
   d:	48 c1 e8 03          	shr    $0x3,%rax
  11:	42 0f b6 14 38       	movzbl (%rax,%r15,1),%edx
  16:	48 89 d8             	mov    %rbx,%rax
  19:	83 e0 07             	and    $0x7,%eax
  1c:	83 c0 03             	add    $0x3,%eax
  1f:	38 d0                	cmp    %dl,%al
  21:	7c 04                	jl     0x27
  23:	84 d2                	test   %dl,%dl
  25:	75 50                	jne    0x77
  27:	48 63 03             	movslq (%rbx),%rax
* 2a:	48 01 d8             	add    %rbx,%rax <-- trapping instruction
  2d:	48 39 c1             	cmp    %rax,%rcx
  30:	73 b0                	jae    0xffffffe2
  32:	4c 8d 63 fc          	lea    -0x4(%rbx),%r12
  36:	49 39 ec             	cmp    %rbp,%r12
  39:	73 b3                	jae    0xffffffee
  3b:	4d 29 ee             	sub    %r13,%r14
  3e:	49                   	rex.WB
  3f:	c1                   	.byte 0xc1