watchdog: BUG: soft lockup - CPU#0 stuck for 21s! [syz-executor.3:4232]
Modules linked in:
irq event stamp: 9258635
hardirqs last  enabled at (9258634): [<ffffffff84400d06>] asm_sysvec_apic_timer_interrupt+0x16/0x20
hardirqs last disabled at (9258635): [<ffffffff841e26eb>] sysvec_apic_timer_interrupt+0xb/0xc0
softirqs last  enabled at (9233178): [<ffffffff8116c65b>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (9233181): [<ffffffff8116c65b>] __irq_exit_rcu+0x11b/0x180
CPU: 0 PID: 4232 Comm: syz-executor.3 Not tainted 5.19.0-next-20220803 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:stack_trace_consume_entry+0xa/0x160
Code: 8c 00 43 00 e9 38 fe ff ff e8 62 c3 e8 02 e8 7d 00 43 00 e9 10 fd ff ff cc cc cc cc cc cc cc cc 48 b8 00 00 00 00 00 fc ff df <55> 53 48 89 fb 48 83 c7 10 48 89 fa 48 c1 ea 03 48 83 ec 08 0f b6
RSP: 0018:ffff88806ce098a0 EFLAGS: 00000282
RAX: dffffc0000000000 RBX: ffffffff81356b00 RCX: 0000000000000000
RDX: 1ffff1100d9c1320 RSI: ffffffff81151097 RDI: ffff88806ce09970
RBP: ffff88806ce09940 R08: ffffffff85e25d7a R09: ffffffff85e25d7e
R10: ffff88806ce09ff8 R11: ffff88806ce098e8 R12: ffff88806ce09970
R13: 0000000000000000 R14: ffff888018643600 R15: ffff888008478c80
FS:  00007f8b32554700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558365f53008 CR3: 000000001dad8000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 arch_stack_walk+0x73/0xf0
 stack_trace_save+0x8c/0xc0
 kasan_save_stack+0x1e/0x40
 kasan_set_track+0x21/0x30
 kasan_set_free_info+0x20/0x40
 __kasan_slab_free+0x108/0x190
 kmem_cache_free+0xfb/0x610
 kfree_skbmem+0xef/0x1b0
 consume_skb+0xcf/0x160
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x562/0xaa0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x70/0x180
 mac80211_hwsim_beacon+0x101/0x200
 __hrtimer_run_queues+0x5de/0xbd0
 hrtimer_run_softirq+0x172/0x340
 __do_softirq+0x1c8/0x8d0
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 sysvec_apic_timer_interrupt+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:put_cpu_partial+0x115/0x1c0
Code: 39 43 28 75 61 48 c7 43 28 00 00 00 00 48 c7 c6 10 d8 77 81 48 89 df e8 99 10 b2 ff 48 85 ed 74 06 e8 8f ac d4 ff fb 4d 85 ed <74> 21 5b 4c 89 ee 5d 4c 89 e7 41 5c 41 5d 41 5e 41 5f e9 84 fd ff
RSP: 0018:ffff888043c97580 EFLAGS: 00000246
RAX: 0000000000854fad RBX: ffff88806ce3c2e0 RCX: ffffffff81294b2f
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000200 R08: 0000000000000001 R09: ffffffff86ca37cf
R10: fffffbfff0d946f9 R11: 0000000000000001 R12: ffff888007c4f780
R13: 0000000000000000 R14: ffffea000076c780 R15: 0000000000000001
 qlist_free_all+0x6d/0x1a0
 kasan_quarantine_reduce+0x184/0x210
 __kasan_kmalloc+0x97/0xa0
 selinux_sk_alloc_security+0x90/0x200
 security_sk_alloc+0x56/0xb0
 sk_prot_alloc+0x186/0x290
 sk_alloc+0x34/0x760
 __netlink_create+0x63/0x340
 __netlink_kernel_create+0x110/0x860
 xfrm_user_net_init+0x9f/0x160
 ops_init+0xb2/0x480
 setup_net+0x40c/0x9d0
 copy_net_ns+0x318/0x760
 create_new_namespaces+0x3f6/0xb30
 copy_namespaces+0x395/0x480
 copy_process+0x2ca7/0x6de0
 kernel_clone+0xe7/0xa60
 __do_sys_clone3+0x1d5/0x2e0
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f8b34fdeb19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8b32554188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
RAX: ffffffffffffffda RBX: 00007f8b350f1f60 RCX: 00007f8b34fdeb19
RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020004c00
RBP: 00007f8b35038f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe77a9647f R14: 00007f8b32554300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 4238 Comm: syz-executor.1 Not tainted 5.19.0-next-20220803 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:__sanitizer_cov_trace_pc+0x7/0x70
Code: 00 66 90 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 e9 bd 8d 1a 03 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 65 8b 05 a9 c1 bc 7e <89> c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b 14 25 c0 6e 02 00 a9
RSP: 0018:ffff88806cf091f8 EFLAGS: 00000046
RAX: 0000000000010103 RBX: 1ffff1100d9e1244 RCX: ffffffff81550ff0
RDX: ffff888043ec9b00 RSI: 0000000000000100 RDI: 0000000000000001
RBP: ffff88806cf093f0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800867e970
R13: ffff88806cf095e8 R14: ffff88800867e810 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007efddb029010 CR3: 000000000de0a000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 perf_swevent_hrtimer+0x372/0x400
 __hrtimer_run_queues+0x1ca/0xbd0
 hrtimer_interrupt+0x315/0x770
 __sysvec_apic_timer_interrupt+0x144/0x500
 sysvec_apic_timer_interrupt+0x3b/0xc0
 asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:unwind_next_frame+0x362/0x20b0
Code: 00 fc ff df 4d 8d 48 04 4c 89 ca 48 c1 ea 03 0f b6 04 02 4c 89 ca 83 e2 07 38 d0 7f 08 84 c0 0f 85 0f 06 00 00 41 0f b6 40 04 <a8> 0f 0f 85 b0 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 78 05
RSP: 0018:ffff88806cf09698 EFLAGS: 00000246
RAX: 0000000000000015 RBX: 0000000000000002 RCX: ffffffff82ecdafc
RDX: 0000000000000000 RSI: ffffffff860b6894 RDI: ffffffff85cf1f04
RBP: ffff88806cf09770 R08: ffffffff860b6894 R09: ffffffff860b6898
R10: ffffed100d9e12f0 R11: 000000000003603c R12: ffff88806cf09759
R13: ffff88806cf09778 R14: ffff88806cf09718 R15: ffffffff82ecdafc
 arch_stack_walk+0x83/0xf0
 stack_trace_save+0x8c/0xc0
 kasan_save_stack+0x1e/0x40
 __kasan_slab_alloc+0x66/0x80
 kmem_cache_alloc_node+0x1bf/0x4b0
 __alloc_skb+0x210/0x300
 skb_copy+0x139/0x3c0
 mac80211_hwsim_tx_frame_no_nl.isra.0+0xb6d/0x1440
 mac80211_hwsim_tx_frame+0x1ee/0x2a0
 mac80211_hwsim_beacon_tx+0x562/0xaa0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x70/0x180
 mac80211_hwsim_beacon+0x101/0x200
 __hrtimer_run_queues+0x5de/0xbd0
 hrtimer_run_softirq+0x172/0x340
 __do_softirq+0x1c8/0x8d0
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 sysvec_apic_timer_interrupt+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x4/0x20
Code: 00 00 00 00 00 90 48 8b 0c 24 89 f2 89 fe bf 05 00 00 00 e9 9e fe ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 0c 24 <48> 89 f2 48 89 fe bf 07 00 00 00 e9 7c fe ff ff 66 66 2e 0f 1f 84
RSP: 0018:ffff8880456df728 EFLAGS: 00000282
RAX: 1ffff11008d4b575 RBX: 80000000390ae007 RCX: ffffffff8168d664
RDX: ffff888043ec9b00 RSI: 80000000390ae007 RDI: 0000000000000000
RBP: ffffea0000e42b40 R08: 0000000000000006 R09: 00007f181ef75000
R10: 00007f181f000000 R11: 0000000000000001 R12: 80000000390ae007
R13: 00007f181ef76000 R14: ffff888046a5aba8 R15: dffffc0000000000
 unmap_page_range+0x984/0x2e20
 unmap_single_vma+0x196/0x360
 unmap_vmas+0x18f/0x330
 exit_mmap+0x186/0x440
 mmput+0xc8/0x380
 do_exit+0xb3e/0x2940
 do_group_exit+0xd0/0x2a0
 get_signal+0x2205/0x24b0
 arch_do_signal_or_restart+0x89/0x1be0
 exit_to_user_mode_prepare+0x131/0x1a0
 syscall_exit_to_user_mode+0x19/0x40
 do_syscall_64+0x48/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f18203dab19
Code: Unable to access opcode bytes at RIP 0x7f18203daaef.
RSP: 002b:00007f181d950188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: 0000000000000000 RBX: 00007f18204edf60 RCX: 00007f18203dab19
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 00007f1820434f6d R08: 0000000000000000 R09: 0000000000000000
R10: 00000000087ffffc R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff15f5775f R14: 00007f181d950300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	00 43 00             	add    %al,0x0(%rbx)
   3:	e9 38 fe ff ff       	jmpq   0xfffffe40
   8:	e8 62 c3 e8 02       	callq  0x2e8c36f
   d:	e8 7d 00 43 00       	callq  0x43008f
  12:	e9 10 fd ff ff       	jmpq   0xfffffd27
  17:	cc                   	int3
  18:	cc                   	int3
  19:	cc                   	int3
  1a:	cc                   	int3
  1b:	cc                   	int3
  1c:	cc                   	int3
  1d:	cc                   	int3
  1e:	cc                   	int3
  1f:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  26:	fc ff df
* 29:	55                   	push   %rbp <-- trapping instruction
  2a:	53                   	push   %rbx
  2b:	48 89 fb             	mov    %rdi,%rbx
  2e:	48 83 c7 10          	add    $0x10,%rdi
  32:	48 89 fa             	mov    %rdi,%rdx
  35:	48 c1 ea 03          	shr    $0x3,%rdx
  39:	48 83 ec 08          	sub    $0x8,%rsp
  3d:	0f                   	.byte 0xf
  3e:	b6                   	.byte 0xb6