watchdog: BUG: soft lockup - CPU#1 stuck for 24s! [syz-executor.4:6718]
Modules linked in:
irq event stamp: 4020871
hardirqs last  enabled at (4020870): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (4020871): [<ffffffff844232ff>] sysvec_apic_timer_interrupt+0xf/0xc0
softirqs last  enabled at (4011208): [<ffffffff81181dbb>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (4011211): [<ffffffff81181dbb>] __irq_exit_rcu+0x11b/0x180
CPU: 1 PID: 6718 Comm: syz-executor.4 Not tainted 6.2.0-rc3-next-20230109 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:arch_stack_walk+0x4/0xf0
Code: b7 e6 83 eb 8c e6 89 eb af e6 82 eb 84 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 <55> 48 89 e5 41 56 49 89 d6 41 55 49 89 cd 41 54 49 89 f4 53 48 89
RSP: 0018:ffff88806cf09710 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffed100d9e12e3 RCX: 0000000000000000
RDX: ffff888045533580 RSI: ffff88806cf09738 RDI: ffffffff81385a60
RBP: ffff88800844f780 R08: ffff88804466cab0 R09: ffffed10088cd956
R10: ffff88806c4f5800 R11: 0000000000000001 R12: 0000000000092a20
R13: 0000000000092a20 R14: 0000000000092a20 R15: 00000000000000f0
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007feb4a922330 CR3: 00000000161bc000 CR4: 0000000000350ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 __kasan_slab_alloc+0x59/0x70
 kmem_cache_alloc+0x172/0x300
 __create_object+0x3d/0xc40
 kmem_cache_alloc_node+0x215/0x310
 __alloc_skb+0x21a/0x310
 skb_copy+0x13d/0x3d0
 mac80211_hwsim_tx_frame_no_nl.isra.0+0xb6d/0x1360
 mac80211_hwsim_tx_frame+0x1ee/0x2a0
 mac80211_hwsim_beacon_tx+0x566/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x913
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:unmap_page_range+0x1592/0x2c90
Code: 85 98 0f 00 00 4d 8b 27 49 8d bc 24 b0 07 00 00 48 89 f8 48 c1 e8 03 80 3c 28 00 0f 85 72 0f 00 00 49 83 bc 24 b0 07 00 00 00 <0f> 85 b0 01 00 00 e8 d3 e2 db ff 48 8b 44 24 08 48 c1 e8 03 0f b6
RSP: 0018:ffff888006867700 EFLAGS: 00000246
RAX: 1ffff1100108b66e RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000002 RSI: 0000000000000002 RDI: ffff88800845b370
RBP: dffffc0000000000 R08: 0000000000000006 R09: 0000000000000040
R10: 0000000000000002 R11: 0000000000000001 R12: ffff88800845abc0
R13: ffff888006867af0 R14: ffff888006867ae8 R15: ffff888006867ad8
 unmap_single_vma+0x190/0x2a0
 unmap_vmas+0x226/0x380
 exit_mmap+0x158/0x6a0
 mmput+0xd5/0x390
 do_exit+0x99b/0x2780
 do_group_exit+0xd4/0x2a0
 get_signal+0x2255/0x2390
 arch_do_signal_or_restart+0x79/0x5a0
 exit_to_user_mode_prepare+0xf5/0x190
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f4db2395b19
Code: Unable to access opcode bytes at 0x7f4db2395aef.
RSP: 002b:00007f4daf90ae98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
RAX: 0000000000000005 RBX: 0000000020001f00 RCX: 00007f4db2395b19
RDX: 00000000007ffff8 RSI: 0000000000000000 RDI: 00007f4db23ef0fb
RBP: 0000000000000001 R08: fffffffffffffffc R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
R13: 00007ffcbe545a1f R14: 00000000007ffff8 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 6700 Comm: syz-executor.7 Not tainted 6.2.0-rc3-next-20230109 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:trace_hardirqs_on+0x104/0x130
Code: d2 4c 89 e6 e8 cd f3 ff ff e8 18 59 0e 00 31 f6 48 c7 c7 00 47 65 85 e8 1a b5 e2 ff 89 ee 48 c7 c7 00 47 65 85 e8 8c b2 e2 ff <65> ff 0d 3d ff b2 7e 0f 85 10 ff ff ff 0f 1f 44 00 00 e9 06 ff ff
RSP: 0018:ffff88806ce09958 EFLAGS: 00000086
RAX: 000000000002c680 RBX: ffff88800f12e890 RCX: 0000000000000000
RDX: 1ffffffff0aca91a RSI: 0000000000000001 RDI: ffffffff856548d0
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8460144a
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b0fbf1e648 CR3: 000000000d4d8000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:queued_spin_lock_slowpath+0x128/0xc90
Code: 00 00 00 65 48 2b 04 25 28 00 00 00 0f 85 e6 0a 00 00 48 81 c4 88 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f e9 ee 1f 00 00 f3 90 <e9> 71 ff ff ff 44 8b 74 24 48 41 81 fe 00 01 00 00 0f 84 e4 00 00
RSP: 0018:ffff88806ce09a28 EFLAGS: 00000202
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff84445edb
RDX: fffffbfff0b48ac9 RSI: 0000000000000004 RDI: ffffffff85a45640
RBP: ffffffff85a45640 R08: 0000000000000000 R09: ffffffff85a45643
R10: fffffbfff0b48ac8 R11: 0000000000000001 R12: 0000000000000003
R13: fffffbfff0b48ac8 R14: 0000000000000001 R15: 1ffff1100d9c1346
 do_raw_spin_lock+0x1e0/0x270
 mac80211_hwsim_tx_frame_no_nl.isra.0+0x6f1/0x1360
 mac80211_hwsim_tx_frame+0x1ee/0x2a0
 mac80211_hwsim_beacon_tx+0x566/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x913
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:kasan_check_range+0x179/0x1d0
Code: ff ff 41 bb 01 00 00 00 5b 5d 44 89 d8 41 5c e9 41 fb c6 02 48 85 d2 74 e9 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 db 80 38 00 <74> f2 e9 64 ff ff ff 41 bb 01 00 00 00 44 89 d8 e9 16 fb c6 02 48
RSP: 0018:ffff8880463576e0 EFLAGS: 00000246
RAX: fffff940001dc726 RBX: fffff940001dc727 RCX: ffffffff816d9a57
RDX: fffff940001dc727 RSI: 0000000000000004 RDI: ffffea0000ee3930
RBP: fffff940001dc726 R08: 0000000000000000 R09: ffffea0000ee3933
R10: fffff940001dc726 R11: 0000000000000001 R12: ffff8880449b6ce0
R13: ffffea0000ee3900 R14: ffffea0000ee3930 R15: ffff888046357ad8
 unmap_page_range+0x2057/0x2c90
 unmap_single_vma+0x190/0x2a0
 unmap_vmas+0x226/0x380
 exit_mmap+0x158/0x6a0
 mmput+0xd5/0x390
 do_exit+0x99b/0x2780
 do_group_exit+0xd4/0x2a0
 get_signal+0x2255/0x2390
 arch_do_signal_or_restart+0x79/0x5a0
 exit_to_user_mode_prepare+0xf5/0x190
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7fef672a7b19
Code: Unable to access opcode bytes at 0x7fef672a7aef.
RSP: 002b:00007fef6481ce98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
RAX: 0000000000000005 RBX: 0000000020001f00 RCX: 00007fef672a7b19
RDX: 00000000007ffff8 RSI: 0000000000000000 RDI: 00007fef673010fb
RBP: 0000000000000001 R08: fffffffffffffffc R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
R13: 00007fff0b266e3f R14: 00000000007ffff8 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	b7 e6                	mov    $0xe6,%bh
   2:	83 eb 8c             	sub    $0xffffff8c,%ebx
   5:	e6 89                	out    %al,$0x89
   7:	eb af                	jmp    0xffffffb8
   9:	e6 82                	out    %al,$0x82
   b:	eb 84                	jmp    0xffffff91
   d:	66 0f 1f 84 00 00 00 	nopw   0x0(%rax,%rax,1)
  14:	00 00
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	90                   	nop
  23:	90                   	nop
  24:	90                   	nop
  25:	90                   	nop
  26:	66 0f 1f 00          	nopw   (%rax)
* 2a:	55                   	push   %rbp <-- trapping instruction
  2b:	48 89 e5             	mov    %rsp,%rbp
  2e:	41 56                	push   %r14
  30:	49 89 d6             	mov    %rdx,%r14
  33:	41 55                	push   %r13
  35:	49 89 cd             	mov    %rcx,%r13
  38:	41 54                	push   %r12
  3a:	49 89 f4             	mov    %rsi,%r12
  3d:	53                   	push   %rbx
  3e:	48                   	rex.W
  3f:	89                   	.byte 0x89