watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.1:38406]
Modules linked in:
irq event stamp: 4294679
hardirqs last  enabled at (4294678): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (4294679): [<ffffffff8442487f>] sysvec_apic_timer_interrupt+0xf/0xc0
softirqs last  enabled at (4278678): [<ffffffff8118247f>] irq_exit_rcu+0x11f/0x190
softirqs last disabled at (4278681): [<ffffffff8118247f>] irq_exit_rcu+0x11f/0x190
CPU: 0 PID: 38406 Comm: syz-executor.1 Not tainted 6.2.0-rc4-next-20230117 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:lock_acquire.part.0+0x14f/0x340
Code: 87 84 48 83 c4 28 e8 f0 39 16 03 b8 ff ff ff ff 65 0f c1 05 c3 5c d6 7e 83 f8 01 0f 85 9f 01 00 00 48 85 ed 0f 85 90 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
RSP: 0018:ffff88806ce09648 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff1100d9c12cb RCX: 0000000057d3ceea
RDX: 1ffff110093d512b RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000200 R08: 0000000000000000 R09: ffffffff87656947
R10: fffffbfff0ecad28 R11: 0000000000000001 R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff8560aee0
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff6d546e38 CR3: 000000000974e000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 __is_insn_slot_addr+0x41/0x290
 kernel_text_address+0x5b/0xc0
 __kernel_text_address+0xd/0x40
 unwind_get_return_address+0x59/0xa0
 arch_stack_walk+0x9d/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 __kasan_slab_alloc+0x59/0x70
 kmem_cache_alloc_node+0x187/0x310
 __alloc_skb+0x21a/0x310
 __netdev_alloc_skb+0x76/0x3e0
 __ieee80211_beacon_get+0x3d9/0x13c0
 ieee80211_beacon_get_tim+0x99/0x540
 mac80211_hwsim_beacon_tx+0x1d2/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x274/0x8ff
 irq_exit_rcu+0x11f/0x190
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:page_remove_rmap+0xd/0x540
Code: 39 b5 0a 00 eb 90 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 41 56 41 55 49 89 f5 41 54 <55> 48 89 fd 53 89 d3 e8 e7 d8 d6 ff 48 8d 7d 08 48 b8 00 00 00 00
RSP: 0018:ffff888043cf7700 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffea0000bce100 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff8880168ed1a0 RDI: ffffea0000bce100
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffffea0000bce130
R13: ffff8880168ed1a0 R14: dffffc0000000000 R15: ffffea0000bce100
 unmap_page_range+0x1632/0x2d90
 unmap_single_vma+0x190/0x2a0
 unmap_vmas+0x225/0x370
 exit_mmap+0x158/0x6a0
 mmput+0xd5/0x390
 do_exit+0x99b/0x2780
 do_group_exit+0xd4/0x2a0
 get_signal+0x2255/0x2390
 arch_do_signal_or_restart+0x79/0x5a0
 exit_to_user_mode_prepare+0xf5/0x190
 irqentry_exit_to_user_mode+0x9/0x30
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0033:0x7f7f349aaab7
Code: Unable to access opcode bytes at 0x7f7f349aaa8d.
RSP: 002b:00007f7f31f6cf20 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 00007f7f34a41970 RCX: 00007f7f349aaab7
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000008010000 R11: 0000000000000293 R12: 0000000000000007
R13: 0000000000000007 R14: 0000000020000058 R15: 0000000000000001
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at default_idle+0xf/0x20
----------------
Code disassembly (best guess):
   0:	87 84 48 83 c4 28 e8 	xchg   %eax,-0x17d73b7d(%rax,%rcx,2)
   7:	f0 39 16             	lock cmp %edx,(%rsi)
   a:	03 b8 ff ff ff ff    	add    -0x1(%rax),%edi
  10:	65 0f c1 05 c3 5c d6 	xadd   %eax,%gs:0x7ed65cc3(%rip)        # 0x7ed65cdb
  17:	7e
  18:	83 f8 01             	cmp    $0x1,%eax
  1b:	0f 85 9f 01 00 00    	jne    0x1c0
  21:	48 85 ed             	test   %rbp,%rbp
  24:	0f 85 90 01 00 00    	jne    0x1ba
* 2a:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax <-- trapping instruction
  31:	fc ff df
  34:	48 01 c3             	add    %rax,%rbx
  37:	48 c7 03 00 00 00 00 	movq   $0x0,(%rbx)
  3e:	48                   	rex.W
  3f:	c7                   	.byte 0xc7