loop1: detected capacity change from 0 to 40
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.6:7282]
Modules linked in:
irq event stamp: 3733815
hardirqs last  enabled at (3733814): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (3733815): [<ffffffff843f9adf>] sysvec_apic_timer_interrupt+0xf/0xc0
softirqs last  enabled at (3703104): [<ffffffff8118443b>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (3703107): [<ffffffff8118443b>] __irq_exit_rcu+0x11b/0x180
CPU: 0 PID: 7282 Comm: syz-executor.6 Not tainted 6.1.0-rc8-next-20221206 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:debug_check_no_locks_freed+0xf8/0x1c0
Code: 28 49 39 d4 73 33 49 8d 14 34 48 39 d0 48 89 14 24 73 26 e8 8a 6e e5 00 85 c0 75 31 41 f7 c6 00 02 00 00 74 01 fb 48 83 c4 10 <5b> 5d 41 5c 41 5d 41 5e 41 5f e9 0d 7e 16 03 48 83 c3 28 48 39 cb
RSP: 0018:ffff88806ce09a30 EFLAGS: 00000286
RAX: ffffffff856085e0 RBX: ffff88803fae8a10 RCX: ffff88803fae8a10
RDX: ffff88801ba71480 RSI: 0000000000000040 RDI: ffff88803fae8958
RBP: ffff88803fae89d8 R08: 00000000ffffffff R09: ffff888016b66e30
R10: ffff88806c72bc18 R11: 0000000000000001 R12: ffff88801ba71440
R13: ffff88803fae8000 R14: 0000000000000202 R15: dffffc0000000000
FS:  00007f20658a7700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1dec385ae0 CR3: 000000001b974000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 __raw_spin_lock_init+0x20/0x110
 __create_object+0x121/0xc10
 __kmem_cache_alloc_node+0x25b/0x400
 __kmalloc_node_track_caller+0x43/0xb0
 __alloc_skb+0xe9/0x310
 __netdev_alloc_skb+0x76/0x3e0
 __ieee80211_beacon_get+0x3d9/0x1310
 ieee80211_beacon_get_tim+0x99/0x4f0
 mac80211_hwsim_beacon_tx+0x1d2/0xab0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x74/0x180
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xba0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x8f9
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:put_cpu_partial+0x115/0x1c0
Code: 39 43 28 75 61 48 c7 43 28 00 00 00 00 48 c7 c6 40 f6 7c 81 48 89 df e8 89 36 af ff 48 85 ed 74 06 e8 0f 74 d3 ff fb 4d 85 ed <74> 21 5b 4c 89 ee 5d 4c 89 e7 41 5c 41 5d 41 5e 41 5f e9 54 fa ff
RSP: 0018:ffff88802318f638 EFLAGS: 00000246
RAX: 0000000000359f45 RBX: ffff88806ce3d8a0 RCX: ffffffff812b8edf
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000200 R08: 0000000000000001 R09: ffffffff8762e8cf
R10: fffffbfff0ec5d19 R11: 0000000000000001 R12: ffff88800844f780
R13: 0000000000000000 R14: ffffea0000586000 R15: 0000000000000003
 qlist_free_all+0x6d/0x1a0
 kasan_quarantine_reduce+0x196/0x230
 __kasan_slab_alloc+0x4c/0x70
 kmem_cache_alloc+0x1e1/0x410
 __create_object+0x3d/0xc10
 kmem_cache_alloc+0x273/0x410
 __kernfs_new_node+0xd4/0x8c0
 kernfs_new_node+0x97/0x120
 __kernfs_create_file+0x55/0x350
 sysfs_add_file_mode_ns+0x21c/0x440
 internal_create_group+0x322/0xb20
 internal_create_groups.part.0+0x90/0x140
 sysfs_create_groups+0x29/0x50
 device_add+0x1437/0x1ec0
 netdev_register_kobject+0x17e/0x3b0
 register_netdevice+0xd60/0x1530
 __tun_chr_ioctl+0x21f0/0x40d0
 __x64_sys_ioctl+0x19e/0x210
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f2068331b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f20658a7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f2068444f60 RCX: 00007f2068331b19
RDX: 0000000020000000 RSI: 00000000400454ca RDI: 0000000000000004
RBP: 00007f206838bf6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc2b9f106f R14: 00007f20658a7300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 7284 Comm: syz-executor.0 Not tainted 6.1.0-rc8-next-20221206 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:enqueue_hrtimer+0x23d/0x350
Code: e9 01 fe ff ff e8 33 bc 0f 00 65 ff 05 b4 f0 c9 7e 48 c7 c0 20 58 ce 85 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 <0f> 85 f5 00 00 00 48 8b 05 a6 bf 94 04 e8 b1 ad f9 ff 31 ff 41 89
RSP: 0018:ffff88806cf09940 EFLAGS: 00000046
RAX: 1ffffffff0b9cb04 RBX: ffff88806cf2b8c0 RCX: 0000000000000100
RDX: dffffc0000000000 RSI: ffffffff8139984d RDI: 0000000000000001
RBP: ffff888008eaf100 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001
R13: 0000000000000000 R14: ffff88806cf2b8c0 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c000749000 CR3: 0000000018a1e000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 __hrtimer_run_queues+0x93a/0xba0
 hrtimer_interrupt+0x319/0x770
 __sysvec_apic_timer_interrupt+0x148/0x500
 sysvec_apic_timer_interrupt+0x3f/0xc0
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:kasan_addr_to_slab+0x4b/0xa0
Code: 80 48 01 fb 72 6d 48 c7 c7 00 00 00 80 48 2b 3d 9b 93 ac 03 48 01 fb 48 c1 eb 0c 48 c1 e3 06 48 03 1d 79 93 ac 03 48 8b 53 08 <48> 89 d8 f6 c2 01 75 3b 66 90 48 8b 10 5b 80 e6 02 ba 00 00 00 00
RSP: 0018:ffff88806cf09be0 EFLAGS: 00000286
RAX: 0000000000000000 RBX: ffffea00003592c0 RCX: 0000000000000100
RDX: ffffea0000359281 RSI: ffffffff8113e462 RDI: 0000777f80000000
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000001 R12: ffffffff8180daf0
R13: ffffffff834bb60f R14: 0000000000011e70 R15: ffff888008c9adc0
 __kasan_record_aux_stack+0xe/0xb0
 __call_rcu_common.constprop.0+0x6a/0xa40
 kmem_cache_free+0xc1/0x610
 kfree_skbmem+0xef/0x1b0
 consume_skb+0xd8/0x170
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x566/0xab0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x74/0x180
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xba0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x8f9
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:unmap_page_range+0xa30/0x2c10
Code: 0f 84 68 02 00 00 48 89 44 24 10 48 8b 44 24 10 48 2d 00 10 00 00 48 89 04 24 e8 2b 1d dc ff 4c 89 e0 48 c1 e8 03 80 3c 28 00 <0f> 85 d2 17 00 00 4d 8b 2c 24 31 ff 4c 89 eb 48 83 e3 9f 48 89 de
RSP: 0018:ffff888046a07700 EFLAGS: 00000246
RAX: 1ffff11007073cd7 RBX: 00007feb75cd7000 RCX: 0000000000000000
RDX: ffff88803faeb580 RSI: ffffffff816d3755 RDI: 0000000000000006
RBP: dffffc0000000000 R08: 0000000000000006 R09: 00007feb75cd7000
R10: 00007feb75d09000 R11: 0000000000000001 R12: ffff88803839e6b8
R13: ffffea0000e96c80 R14: 00007feb75d09000 R15: ffff888046a07ad8
 unmap_single_vma+0x190/0x2a0
 unmap_vmas+0x226/0x380
 exit_mmap+0x158/0x680
 mmput+0xd5/0x390
 do_exit+0x99b/0x2720
 do_group_exit+0xd4/0x2a0
 get_signal+0x21b7/0x22f0
 arch_do_signal_or_restart+0x79/0x5a0
 exit_to_user_mode_prepare+0x131/0x1a0
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7feb77591b19
Code: Unable to access opcode bytes at 0x7feb77591aef.
RSP: 002b:00007feb74b07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: 0000000000000001 RBX: 00007feb776a4f60 RCX: 00007feb77591b19
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
RBP: 00007feb775ebf6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc56488caf R14: 00007feb74b07300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	49 39 d4             	cmp    %rdx,%r12
   3:	73 33                	jae    0x38
   5:	49 8d 14 34          	lea    (%r12,%rsi,1),%rdx
   9:	48 39 d0             	cmp    %rdx,%rax
   c:	48 89 14 24          	mov    %rdx,(%rsp)
  10:	73 26                	jae    0x38
  12:	e8 8a 6e e5 00       	callq  0xe56ea1
  17:	85 c0                	test   %eax,%eax
  19:	75 31                	jne    0x4c
  1b:	41 f7 c6 00 02 00 00 	test   $0x200,%r14d
  22:	74 01                	je     0x25
  24:	fb                   	sti
  25:	48 83 c4 10          	add    $0x10,%rsp
* 29:	5b                   	pop    %rbx <-- trapping instruction
  2a:	5d                   	pop    %rbp
  2b:	41 5c                	pop    %r12
  2d:	41 5d                	pop    %r13
  2f:	41 5e                	pop    %r14
  31:	41 5f                	pop    %r15
  33:	e9 0d 7e 16 03       	jmpq   0x3167e45
  38:	48 83 c3 28          	add    $0x28,%rbx
  3c:	48 39 cb             	cmp    %rcx,%rbx