watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.0:4373]
Modules linked in:
irq event stamp: 3561301
hardirqs last  enabled at (3561300): [<ffffffff84400d06>] asm_sysvec_apic_timer_interrupt+0x16/0x20
hardirqs last disabled at (3561301): [<ffffffff841e0a8b>] sysvec_apic_timer_interrupt+0xb/0xc0
softirqs last  enabled at (3490670): [<ffffffff8116c65b>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (3490673): [<ffffffff8116c65b>] __irq_exit_rcu+0x11b/0x180
CPU: 0 PID: 4373 Comm: syz-executor.0 Not tainted 5.19.0-next-20220815 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:__read_once_word_nocheck+0x3/0x10
Code: 00 e9 be fd ff ff e8 5c e7 66 00 e9 8b fd ff ff e8 52 e7 66 00 e9 43 fd ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 07 <e9> 88 ae 4e 03 0f 1f 84 00 00 00 00 00 41 57 89 d0 41 56 41 55 41
RSP: 0018:ffff88806ce09820 EFLAGS: 00000202
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001
RDX: ffff888044fef601 RSI: ffff888044fef6d8 RDI: ffff888044fef6d8
RBP: ffff888044fef6d8 R08: ffffffff85f0560c R09: ffffffff85f05610
R10: ffff88806ce09ff8 R11: ffff88806ce098e8 R12: ffff88806ce098e9
R13: ffff88806ce09908 R14: ffff88806ce098a8 R15: 0000000000000001
FS:  00007f159b3cb700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2da33000 CR3: 0000000018702000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 unwind_next_frame+0x153a/0x20b0
 arch_stack_walk+0x83/0xf0
 stack_trace_save+0x8c/0xc0
 kasan_save_stack+0x1e/0x40
 kasan_set_track+0x21/0x30
 kasan_set_free_info+0x20/0x40
 __kasan_slab_free+0x108/0x190
 kmem_cache_free+0xfb/0x610
 kfree_skbmem+0xef/0x1b0
 consume_skb+0xcf/0x160
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x562/0xaa0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x70/0x180
 mac80211_hwsim_beacon+0x101/0x200
 __hrtimer_run_queues+0x5de/0xbd0
 hrtimer_run_softirq+0x172/0x340
 __do_softirq+0x1c8/0x8d0
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 sysvec_apic_timer_interrupt+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:lock_acquire+0x1db/0x530
Code: 02 b8 ff ff ff ff 65 0f c1 05 29 81 d8 7e 83 f8 01 0f 85 c8 02 00 00 48 83 7c 24 08 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24
RSP: 0018:ffff888044fef410 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: 1ffff110089fde84 RCX: 0000000000000fa3
RDX: 1ffff11008b74493 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff86ca380f
R10: fffffbfff0d94701 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8880080e89d0 R15: 0000000000000000
 _raw_spin_lock+0x2a/0x40
 __find_get_block+0x468/0xc00
 __getblk_gfp+0x28/0x80
 ext4_getblk+0x210/0x770
 ext4_bread+0x2a/0x170
 __ext4_read_dirblock.part.0+0x32/0xc50
 ext4_add_entry+0x512/0xd00
 ext4_add_nondir+0x90/0x2a0
 ext4_create+0x386/0x4e0
 lookup_open.isra.0+0xeee/0x1270
 path_openat+0x964/0x2800
 do_filp_open+0x1b6/0x410
 do_sys_openat2+0x171/0x4c0
 __x64_sys_openat+0x13f/0x1f0
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f159de55b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f159b3cb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f159df68f60 RCX: 00007f159de55b19
RDX: 0000000000004042 RSI: 0000000020000100 RDI: ffffffffffffff9c
RBP: 00007f159deaff6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd8d0eccdf R14: 00007f159b3cb300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 730 Comm: kworker/u4:10 Not tainted 5.19.0-next-20220815 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue: phy4 ieee80211_iface_work
RIP: 0010:skb_release_head_state+0x161/0x270
Code: 03 0f b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 db 00 00 00 0f b6 6b 7f 31 ff 89 ee e8 e5 25 0c fe 40 84 ed 75 0b 5b <5d> 41 5c 41 5d e9 65 29 0c fe e8 60 29 0c fe 48 8d bb e8 00 00 00
RSP: 0018:ffff88804505fc48 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff833987eb
RDX: ffff888045033600 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888019ade2d8
R13: ffffffff83398c25 R14: 0000000000000080 R15: ffff88801d3ed4b8
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2dc33000 CR3: 000000001029e000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 kfree_skb_reason.part.0+0x6b/0x2a0
 kfree_skb_reason+0x85/0x110
 ieee80211_iface_work+0x34f/0xc80
 process_one_work+0xa0f/0x1690
 worker_thread+0x637/0x1260
 kthread+0x2ed/0x3a0
 ret_from_fork+0x22/0x30
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	e9 be fd ff ff       	jmpq   0xfffffdc3
   5:	e8 5c e7 66 00       	callq  0x66e766
   a:	e9 8b fd ff ff       	jmpq   0xfffffd9a
   f:	e8 52 e7 66 00       	callq  0x66e766
  14:	e9 43 fd ff ff       	jmpq   0xfffffd5c
  19:	cc                   	int3
  1a:	cc                   	int3
  1b:	cc                   	int3
  1c:	cc                   	int3
  1d:	cc                   	int3
  1e:	cc                   	int3
  1f:	cc                   	int3
  20:	cc                   	int3
  21:	cc                   	int3
  22:	cc                   	int3
  23:	cc                   	int3
  24:	cc                   	int3
  25:	cc                   	int3
  26:	48 8b 07             	mov    (%rdi),%rax
* 29:	e9 88 ae 4e 03       	jmpq   0x34eaeb6 <-- trapping instruction
  2e:	0f 1f 84 00 00 00 00 	nopl   0x0(%rax,%rax,1)
  35:	00
  36:	41 57                	push   %r15
  38:	89 d0                	mov    %edx,%eax
  3a:	41 56                	push   %r14
  3c:	41 55                	push   %r13
  3e:	41                   	rex.B