watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.6:8147]
Modules linked in:
irq event stamp: 5460525
hardirqs last  enabled at (5460524): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (5460525): [<ffffffff8440522f>] sysvec_apic_timer_interrupt+0xf/0xc0
softirqs last  enabled at (5414110): [<ffffffff81182e7b>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (5414113): [<ffffffff81182e7b>] __irq_exit_rcu+0x11b/0x180
CPU: 0 PID: 8147 Comm: syz-executor.6 Not tainted 6.1.0-next-20221219 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:get_stack_info_noinstr+0x4/0xf0
Code: c3 7b 00 5d 41 5c e9 7b 40 00 00 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 <41> 54 49 89 fc 55 48 89 d5 53 48 89 f3 e8 ea 00 00 00 84 c0 75 0e
RSP: 0018:ffff88806ce097c8 EFLAGS: 00000282
RAX: dffffc0000000000 RBX: ffff888047a41ac0 RCX: ffff88806ce098c8
RDX: ffff88806ce098a8 RSI: ffff888047a41ac0 RDI: ffff88803f3677e0
RBP: ffff88806ce098c8 R08: ffffffff864632d4 R09: ffffffff864632d8
R10: ffff88806ce09ff8 R11: ffff88806ce098e8 R12: ffff88806ce098a8
R13: ffff88806ce02000 R14: ffff88806ce098a8 R15: ffffffff864632d9
FS:  00007f22260e6700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fca09556084 CR3: 0000000016d1c000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 get_stack_info+0x2f/0x90
 stack_access_ok+0xd3/0x1d0
 unwind_next_frame+0x94e/0x2130
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x90/0xd0
 set_track_prepare+0x74/0xd0
 __create_object+0x3b4/0xc40
 kmem_cache_alloc_node+0x283/0x420
 __alloc_skb+0x21a/0x310
 __netdev_alloc_skb+0x76/0x3e0
 __ieee80211_beacon_get+0x3d9/0x1310
 ieee80211_beacon_get_tim+0x99/0x4f0
 mac80211_hwsim_beacon_tx+0x1d2/0xab0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x74/0x180
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xc70
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x8f9
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:ip6addrlbl_net_init+0xd1/0x360
Code: c5 01 bf 0a 00 00 00 44 89 ee e8 ba 92 9d fd 41 83 fd 0a 0f 84 18 02 00 00 e8 7b 96 9d fd 48 89 d8 48 c1 e8 03 42 0f b6 14 30 <48> 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 10 02 00 00 48
RSP: 0018:ffff88803f367898 EFLAGS: 00000213
RAX: 1ffffffff09b1401 RBX: ffffffff84d8a00c RCX: ffffc9000861a000
RDX: 0000000000000000 RSI: ffffffff83ab9735 RDI: 0000000000000005
RBP: ffff888018f17b80 R08: 0000000000000005 R09: 000000000000000a
R10: 0000000000000004 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000004 R14: dffffc0000000000 R15: ffff88800ea9b8b8
 ops_init+0xbb/0x680
 setup_net+0x40c/0x9d0
 copy_net_ns+0x31c/0x760
 create_new_namespaces+0x3f6/0xb30
 copy_namespaces+0x3b7/0x4a0
 copy_process+0x29e3/0x7220
 kernel_clone+0xeb/0x950
 __do_sys_clone3+0x1d9/0x370
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f2228b70b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f22260e6188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
RAX: ffffffffffffffda RBX: 00007f2228c83f60 RCX: 00007f2228b70b19
RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020004c00
RBP: 00007f2228bcaf6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd9705566f R14: 00007f22260e6300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 8187 Comm: syz-executor.1 Not tainted 6.1.0-next-20221219 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__sanitizer_cov_trace_pc+0x31/0x70
Code: 4d 5b ba 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b 14 25 00 89 03 00 a9 00 01 ff 00 74 0e 85 c9 74 35 8b 82 0c 14 00 00 <85> c0 74 2b 8b 82 e8 13 00 00 83 f8 02 75 20 48 8b 8a f0 13 00 00
RSP: 0018:ffff88806cf090e8 EFLAGS: 00000006
RAX: 0000000000000000 RBX: ffff888018ff0740 RCX: 0000000000000100
RDX: ffff88801f14d040 RSI: ffffffff8139503a RDI: 0000000000000001
RBP: 0000000000002710 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000eff
R13: 000000b2068b1713 R14: 0000000000000000 R15: ffff88806cf2b8c0
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000562479254d38 CR3: 00000000095b2000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 hrtimer_forward+0xaa/0x270
 perf_swevent_hrtimer+0x235/0x3d0
 __hrtimer_run_queues+0x17f/0xc70
 hrtimer_interrupt+0x319/0x770
 __sysvec_apic_timer_interrupt+0x148/0x500
 sysvec_apic_timer_interrupt+0x3f/0xc0
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:unwind_next_frame+0x14d0/0x2130
Code: 9e c6 84 d2 0f 95 c2 40 84 d6 0f 85 58 0a 00 00 83 e0 07 38 c1 0f 9e c2 84 c9 0f 95 c0 84 c2 0f 85 43 0a 00 00 49 0f bf 68 02 <48> 03 6c 24 18 ba 08 00 00 00 4c 89 f7 48 89 ee e8 3b e9 ff ff 4d
RSP: 0018:ffff88806cf095b0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffffff8603c69a
RBP: ffffffffffffffd0 R08: ffffffff8603c698 R09: ffffffff8603c69c
R10: ffff88806cf09ff8 R11: ffff88806cf09670 R12: ffff88806cf09671
R13: ffff88806cf09690 R14: ffff88806cf09630 R15: 0000000000000005
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 __kasan_slab_alloc+0x5c/0x70
 kmem_cache_alloc+0x1e1/0x410
 __create_object+0x3d/0xc40
 __kmem_cache_alloc_node+0x25b/0x400
 __kmalloc_node_track_caller+0x43/0xb0
 __alloc_skb+0xe9/0x310
 skb_copy+0x13d/0x3d0
 mac80211_hwsim_tx_frame_no_nl.isra.0+0xb6d/0x1360
 mac80211_hwsim_tx_frame+0x1ee/0x2a0
 mac80211_hwsim_beacon_tx+0x566/0xab0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x74/0x180
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xc70
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x8f9
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:page_remove_rmap+0x62/0x610
Code: ff 89 c3 89 c6 e8 ce 95 d6 ff 85 db 0f 85 1f 04 00 00 e8 91 99 d6 ff 48 8d 7d 30 be 04 00 00 00 e8 13 c2 0a 00 f0 83 45 30 ff <0f> 98 c3 31 ff 89 de e8 42 95 d6 ff 84 db 0f 84 2a 02 00 00 e8 65
RSP: 0018:ffff88800e1b76d0 EFLAGS: 00000213
RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff8172942d
RDX: fffff940001b68df RSI: 0000000000000004 RDI: ffffea0000db46f0
RBP: ffffea0000db46c0 R08: 0000000000000001 R09: ffffea0000db46f3
R10: fffff940001b68de R11: 0000000000000001 R12: ffff88800c8b3750
R13: ffffea0000db46c0 R14: ffffea0000db46f0 R15: ffff88800e1b7ad8
 unmap_page_range+0x1fdf/0x2c10
 unmap_single_vma+0x190/0x2a0
 unmap_vmas+0x226/0x380
 exit_mmap+0x158/0x680
 mmput+0xd5/0x390
 do_exit+0x99b/0x2760
 do_group_exit+0xd4/0x2a0
 get_signal+0x21b7/0x22f0
 arch_do_signal_or_restart+0x79/0x5a0
 exit_to_user_mode_prepare+0x131/0x1a0
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f258f10eb19
Code: Unable to access opcode bytes at 0x7f258f10eaef.
RSP: 002b:00007f258c684188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: 0000000000000007 RBX: 00007f258f221f60 RCX: 00007f258f10eb19
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010
RBP: 00007f258f168f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd833f103f R14: 00007f258c684300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	c3                   	retq
   1:	7b 00                	jnp    0x3
   3:	5d                   	pop    %rbp
   4:	41 5c                	pop    %r12
   6:	e9 7b 40 00 00       	jmpq   0x4086
   b:	66 2e 0f 1f 84 00 00 	nopw   %cs:0x0(%rax,%rax,1)
  12:	00 00 00
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	90                   	nop
  23:	90                   	nop
  24:	90                   	nop
  25:	90                   	nop
  26:	66 0f 1f 00          	nopw   (%rax)
* 2a:	41 54                	push   %r12 <-- trapping instruction
  2c:	49 89 fc             	mov    %rdi,%r12
  2f:	55                   	push   %rbp
  30:	48 89 d5             	mov    %rdx,%rbp
  33:	53                   	push   %rbx
  34:	48 89 f3             	mov    %rsi,%rbx
  37:	e8 ea 00 00 00       	callq  0x126
  3c:	84 c0                	test   %al,%al
  3e:	75 0e                	jne    0x4e