watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.5:4417]
Modules linked in:
irq event stamp: 11380125
hardirqs last  enabled at (11380124): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (11380125): [<ffffffff844249df>] sysvec_apic_timer_interrupt+0xf/0xc0
softirqs last  enabled at (11363506): [<ffffffff81181deb>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (11363509): [<ffffffff81181deb>] __irq_exit_rcu+0x11b/0x180
CPU: 1 PID: 4417 Comm: syz-executor.5 Not tainted 6.2.0-rc3-next-20230112 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:stack_trace_consume_entry+0xe/0x170
Code: e9 52 fd ff ff e8 02 fa 09 03 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 b8 00 00 00 00 00 fc ff df <55> 53 48 89 fb 48 83 c7 10 48 89 fa 48 c1 ea 03 48 83 ec 08 0f b6
RSP: 0018:ffff88806cf098d8 EFLAGS: 00000282
RAX: dffffc0000000000 RBX: ffffffff81385810 RCX: 0000000000000000
RDX: 1ffff1100d9e1327 RSI: ffffffff817d4ca2 RDI: ffff88806cf099a8
RBP: ffff88806cf09978 R08: ffffffff86099994 R09: ffffffff86099998
R10: ffffed100d9e1329 R11: ffff88806cf09920 R12: ffff88806cf099a8
R13: 0000000000000000 R14: ffff888036651ac0 R15: ffff8880446a8e30
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d5d3025d88 CR3: 000000000f8e2000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 arch_stack_walk+0x77/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 kasan_save_free_info+0x2e/0x50
 __kasan_slab_free+0x10a/0x190
 kmem_cache_free+0xff/0x510
 kfree_skbmem+0xef/0x1b0
 consume_skb+0xd8/0x170
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x566/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x913
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:kfree+0x65/0x190
Code: 0f 82 42 01 00 00 48 c7 c2 00 00 00 80 48 2b 15 b9 39 c1 03 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 97 39 c1 03 48 8b 50 08 <48> 89 c7 f6 c2 01 0f 85 00 01 00 00 66 90 48 8b 07 f6 c4 02 0f 84
RSP: 0018:ffff88801c2979d0 EFLAGS: 00000286
RAX: ffffea000037e0c0 RBX: 0000000000000200 RCX: 0000000000000001
RDX: ffff888008441640 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff88800df83480 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88800df834ac
R13: dffffc0000000000 R14: ffffed1001bf0694 R15: ffff88800df83480
 __vunmap+0x804/0xab0
 __vfree+0x3c/0xd0
 vfree+0x66/0xa0
 kcov_put+0x2a/0x40
 kcov_close+0x10/0x20
 __fput+0x263/0xa40
 task_work_run+0x174/0x280
 do_exit+0xaad/0x2780
 do_group_exit+0xd4/0x2a0
 get_signal+0x2255/0x2390
 arch_do_signal_or_restart+0x79/0x5a0
 exit_to_user_mode_prepare+0xf5/0x190
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f05ba3a4b19
Code: Unable to access opcode bytes at 0x7f05ba3a4aef.
RSP: 002b:00007f05b791a188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: 000000000000ffeb RBX: 00007f05ba4b7f60 RCX: 00007f05ba3a4b19
RDX: 0000000000000000 RSI: 0000000020000780 RDI: 0000000000000004
RBP: 00007f05ba3fef6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd9d2f7d4f R14: 00007f05b791a300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 4382 Comm: syz-executor.6 Not tainted 6.2.0-rc3-next-20230112 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:lapic_next_deadline+0x25/0x50
Code: 90 90 90 90 90 f3 0f 1e fa 0f ae f0 0f ae e8 0f 31 48 c1 e2 20 b9 e0 06 00 00 48 09 c2 48 8d 04 fa 48 89 c2 48 c1 ea 20 0f 30 <66> 90 31 c0 e9 76 81 34 03 48 89 c6 31 d2 bf e0 06 00 00 e8 e3 8b
RSP: 0018:ffff88806ce09540 EFLAGS: 00000016
RAX: 000001563b85e678 RBX: 0000000000000000 RCX: 00000000000006e0
RDX: 0000000000000156 RSI: ffff88806ce28140 RDI: 0000000000000360
RBP: ffff88806ce28140 R08: 0000000000000007 R09: 0000000000000000
R10: 00000000000009aa R11: 0000000000000001 R12: 0000000000000360
R13: 0000000000000000 R14: 0000000000000001 R15: ffff88806ce2b8c0
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005572f8561748 CR3: 000000000d5d2000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 clockevents_program_event+0x248/0x360
 tick_program_event+0xb0/0x150
 hrtimer_interrupt+0x36a/0x770
 __sysvec_apic_timer_interrupt+0x148/0x510
 sysvec_apic_timer_interrupt+0x3f/0xc0
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:unwind_next_frame+0x1fd/0x2130
Code: 48 89 54 24 28 48 89 74 24 20 44 89 5c 24 18 e8 c9 ba 6a 00 48 8b 54 24 28 48 8b 74 24 20 44 8b 5c 24 18 8b 0c 95 64 0c 4a 86 <8d> 56 01 48 b8 00 00 00 00 00 fc ff df 48 8d 3c 95 64 0c 4a 86 49
RSP: 0018:ffff88806ce09720 EFLAGS: 00000246
RAX: 0000000000000003 RBX: 0000000000000001 RCX: 00000000000100e1
RDX: 0000000000003693 RSI: 0000000000003693 RDI: ffffffff864ae6b0
RBP: ffff88806ce097f8 R08: ffffffff86045742 R09: ffffffff86045746
R10: ffff88806ce09ff8 R11: 0000000000038001 R12: ffff88806ce097e1
R13: ffff88806ce09800 R14: ffff88806ce097a0 R15: ffffffff813693c4
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 __kasan_slab_alloc+0x59/0x70
 kmem_cache_alloc_node+0x187/0x310
 __alloc_skb+0x21a/0x310
 __netdev_alloc_skb+0x76/0x3e0
 __ieee80211_beacon_get+0x3d9/0x13c0
 ieee80211_beacon_get_tim+0x99/0x540
 mac80211_hwsim_beacon_tx+0x1d2/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x913
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:kobject_put+0x44/0x270
Code: 53 e8 e0 c7 1f fd 48 85 ed 0f 84 9c 00 00 00 e8 d2 c7 1f fd 4c 8d 6d 3c 4c 89 e8 4c 89 ea 48 c1 e8 03 83 e2 07 42 0f b6 04 20 <38> d0 7f 08 84 c0 0f 85 ce 01 00 00 0f b6 5d 3c 31 ff 83 e3 01 89
RSP: 0018:ffff88801c3878a0 EFLAGS: 00000202
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000004 RSI: ffffffff8429ab6e RDI: ffff888019e19300
RBP: ffff888019e19300 R08: 0000000000000000 R09: ffffffff8541473b
R10: fffffbfff0a828e7 R11: 0000000000000001 R12: dffffc0000000000
R13: ffff888019e1933c R14: dffffc0000000000 R15: ffff888019e18000
 put_device+0x1f/0x30
 hci_conn_cleanup+0x388/0x780
 hci_conn_del+0x28f/0x8e0
 hci_conn_hash_flush+0x195/0x230
 hci_dev_close_sync+0x57f/0xff0
 hci_unregister_dev+0x15e/0x410
 vhci_release+0x80/0x100
 __fput+0x263/0xa40
 task_work_run+0x174/0x280
 do_exit+0xaad/0x2780
 do_group_exit+0xd4/0x2a0
 get_signal+0x2255/0x2390
 arch_do_signal_or_restart+0x79/0x5a0
 exit_to_user_mode_prepare+0xf5/0x190
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7fbc97f22b19
Code: Unable to access opcode bytes at 0x7fbc97f22aef.
RSP: 002b:00007fbc95498188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000000f5 RBX: 00007fbc98035f60 RCX: 00007fbc97f22b19
RDX: 00000000000000f5 RSI: 0000000020000540 RDI: 0000000000000003
RBP: 00007fbc97f7cf6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffee54a645f R14: 00007fbc95498300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	e9 52 fd ff ff       	jmpq   0xfffffd57
   5:	e8 02 fa 09 03       	callq  0x309fa0c
   a:	66 90                	xchg   %ax,%ax
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	f3 0f 1e fa          	endbr64
  20:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  27:	fc ff df
* 2a:	55                   	push   %rbp <-- trapping instruction
  2b:	53                   	push   %rbx
  2c:	48 89 fb             	mov    %rdi,%rbx
  2f:	48 83 c7 10          	add    $0x10,%rdi
  33:	48 89 fa             	mov    %rdi,%rdx
  36:	48 c1 ea 03          	shr    $0x3,%rdx
  3a:	48 83 ec 08          	sub    $0x8,%rsp
  3e:	0f                   	.byte 0xf
  3f:	b6                   	.byte 0xb6