device lo entered promiscuous mode
device lo entered promiscuous mode
watchdog: BUG: soft lockup - CPU#0 stuck for 21s! [syz-executor.3:4649]
Modules linked in:
irq event stamp: 4786273
hardirqs last  enabled at (4786272): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (4786273): [<ffffffff844258ff>] sysvec_apic_timer_interrupt+0xf/0xc0
softirqs last  enabled at (4752068): [<ffffffff8118247f>] irq_exit_rcu+0x11f/0x190
softirqs last disabled at (4752071): [<ffffffff8118247f>] irq_exit_rcu+0x11f/0x190
CPU: 0 PID: 4649 Comm: syz-executor.3 Not tainted 6.2.0-rc4-next-20230118 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:unwind_get_return_address+0x1e/0xa0
Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 48 c1 ea 03 53 48 89 fb 0f b6 04 02 <84> c0 74 04 3c 03 7e 59 8b 03 85 c0 75 09 31 c0 5b 5d e9 9f ee 31
RSP: 0018:ffff88806ce09620 EFLAGS: 00000212
RAX: 0000000000000000 RBX: ffff88806ce09638 RCX: 0000000000000000
RDX: 1ffff1100d9c12c7 RSI: ffff88801a75f6f8 RDI: ffff88806ce09638
RBP: ffff88806ce096d0 R08: ffffffff864723e4 R09: ffffffff864723e8
R10: ffff88806ce09ff8 R11: ffff88806ce09678 R12: ffff88806ce09700
R13: 0000000000000000 R14: ffff888043df1ac0 R15: 00000000000000f0
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056247e1ba648 CR3: 000000001a4d6000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 arch_stack_walk+0x9d/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 __kasan_slab_alloc+0x59/0x70
 kmem_cache_alloc+0x172/0x300
 __create_object+0x3d/0xc40
 __kmem_cache_alloc_node+0x1ed/0x2f0
 __kmalloc_node_track_caller+0x43/0xb0
 __alloc_skb+0xe9/0x310
 skb_copy+0x13d/0x3d0
 mac80211_hwsim_tx_frame_no_nl.isra.0+0xb6d/0x1360
 mac80211_hwsim_tx_frame+0x1ee/0x2a0
 mac80211_hwsim_beacon_tx+0x566/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x274/0x8ff
 irq_exit_rcu+0x11f/0x190
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__schedule+0x142/0x2b20
Code: 08 3c 03 0f 8e d4 1f 00 00 41 8b 45 18 85 c0 0f 85 f7 0f 00 00 65 8b 05 54 83 c0 7b 25 ff ff ff 7f 83 f8 01 0f 85 b3 1d 00 00 <e8> 69 60 ff ff 85 c0 0f 85 cc 13 00 00 e8 5c 60 ff ff 85 c0 0f 85
RSP: 0018:ffff88801a75f5b0 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 0000000000039380 RCX: ffffffff812b827f
RDX: 1ffff1100d9c73ab RSI: 0000000000000001 RDI: ffffffff852b28c0
RBP: ffff88801a75f6c0 R08: 0000000000000001 R09: ffffffff8765996f
R10: fffffbfff0ecb32d R11: 0000000000000001 R12: ffff88806ce39380
R13: ffff888043df1ac0 R14: dffffc0000000000 R15: 0000000000000001
 preempt_schedule_common+0x45/0xb0
 __cond_resched+0x1b/0x30
 unmap_page_range+0x11b3/0x2d90
 unmap_single_vma+0x190/0x2a0
 unmap_vmas+0x225/0x370
 exit_mmap+0x158/0x6a0
 mmput+0xd5/0x390
 do_exit+0x99b/0x2780
 do_group_exit+0xd4/0x2a0
 get_signal+0x2255/0x2390
 arch_do_signal_or_restart+0x79/0x5a0
 exit_to_user_mode_prepare+0xf5/0x190
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f9f8ed1fb19
Code: Unable to access opcode bytes at 0x7f9f8ed1faef.
RSP: 002b:00007f9f8c295188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: 00000000000000b8 RBX: 00007f9f8ee32f60 RCX: 00007f9f8ed1fb19
RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000005
RBP: 00007f9f8ed79f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd66d808af R14: 00007f9f8c295300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 4655 Comm: syz-executor.2 Not tainted 6.2.0-rc4-next-20230118 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:debug_lockdep_rcu_enabled+0x2c/0x40
Code: 1e fa 8b 05 56 a8 8e 01 85 c0 74 21 8b 05 88 b8 8e 01 85 c0 74 17 65 48 8b 04 25 80 89 03 00 8b 80 5c 09 00 00 85 c0 0f 94 c0 <0f> b6 c0 e9 60 3e 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90
RSP: 0018:ffff88806cf09780 EFLAGS: 00000046
RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000100
RDX: ffff8880443a0000 RSI: ffffffff81397a4f RDI: 0000000000000005
RBP: ffff88801f2f1300 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001
R13: ffff88806cf2b8c0 R14: ffff88806cf2b940 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcc96f62010 CR3: 0000000016d3e000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 rcu_read_lock_sched_held+0x11/0x80
 trace_hrtimer_start+0x1b4/0x250
 __hrtimer_run_queues+0x937/0xcb0
 hrtimer_interrupt+0x319/0x770
 __sysvec_apic_timer_interrupt+0x148/0x510
 sysvec_apic_timer_interrupt+0x3f/0xc0
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:queued_spin_lock_slowpath+0x128/0xc90
Code: 00 00 00 65 48 2b 04 25 28 00 00 00 0f 85 e6 0a 00 00 48 81 c4 88 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f e9 ce 1f 00 00 f3 90 <e9> 71 ff ff ff 44 8b 74 24 48 41 81 fe 00 01 00 00 0f 84 e4 00 00
RSP: 0018:ffff88806cf09a30 EFLAGS: 00000202
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff844484fb
RDX: fffffbfff0b49135 RSI: 0000000000000004 RDI: ffffffff85a489a0
RBP: ffffffff85a489a0 R08: 0000000000000000 R09: ffffffff85a489a3
R10: fffffbfff0b49134 R11: 0000000000000001 R12: 0000000000000003
R13: fffffbfff0b49134 R14: 0000000000000001 R15: 1ffff1100d9e1347
 do_raw_spin_lock+0x1e0/0x270
 mac80211_hwsim_tx_frame_no_nl.isra.0+0x6f1/0x1360
 mac80211_hwsim_tx_frame+0x1ee/0x2a0
 mac80211_hwsim_beacon_tx+0x566/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x274/0x8ff
 irq_exit_rcu+0x11f/0x190
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:unmap_page_range+0x112e/0x2d90
Code: 83 c0 03 38 d0 7c 08 84 d2 0f 85 37 12 00 00 44 8b 3b 31 ff 44 89 fe e8 80 fd db ff 45 85 ff 0f 85 8f 00 00 00 e8 42 01 dc ff <83> c5 01 48 83 c3 04 49 83 c4 60 89 ee bf 04 00 00 00 e8 5b fd db
RSP: 0018:ffff888044547700 EFLAGS: 00000293
RAX: 0000000000000000 RBX: ffff888044547810 RCX: 0000000000000000
RDX: ffff8880443a0000 RSI: ffffffff816d812e RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88801ea6cc80
R13: ffff888044547ad8 R14: dffffc0000000000 R15: 00000000fffffff1
 unmap_single_vma+0x190/0x2a0
 unmap_vmas+0x225/0x370
 exit_mmap+0x158/0x6a0
 mmput+0xd5/0x390
 do_exit+0x99b/0x2780
 do_group_exit+0xd4/0x2a0
 get_signal+0x2255/0x2390
 arch_do_signal_or_restart+0x79/0x5a0
 exit_to_user_mode_prepare+0xf5/0x190
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f542195ab19
Code: Unable to access opcode bytes at 0x7f542195aaef.
RSP: 002b:00007f541eeaf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: 0000000000000000 RBX: 00007f5421a6e020 RCX: 00007f542195ab19
RDX: 0000000020000000 RSI: 0000000000008914 RDI: 0000000000000003
RBP: 00007f54219b4f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc2dd872ef R14: 00007f541eeaf300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	90                   	nop
   2:	90                   	nop
   3:	90                   	nop
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	90                   	nop
   9:	90                   	nop
   a:	90                   	nop
   b:	90                   	nop
   c:	f3 0f 1e fa          	endbr64
  10:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  17:	fc ff df
  1a:	48 89 fa             	mov    %rdi,%rdx
  1d:	55                   	push   %rbp
  1e:	48 c1 ea 03          	shr    $0x3,%rdx
  22:	53                   	push   %rbx
  23:	48 89 fb             	mov    %rdi,%rbx
  26:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax
* 2a:	84 c0                	test   %al,%al <-- trapping instruction
  2c:	74 04                	je     0x32
  2e:	3c 03                	cmp    $0x3,%al
  30:	7e 59                	jle    0x8b
  32:	8b 03                	mov    (%rbx),%eax
  34:	85 c0                	test   %eax,%eax
  36:	75 09                	jne    0x41
  38:	31 c0                	xor    %eax,%eax
  3a:	5b                   	pop    %rbx
  3b:	5d                   	pop    %rbp
  3c:	e9                   	.byte 0xe9
  3d:	9f                   	lahf
  3e:	ee                   	out    %al,(%dx)
  3f:	31                   	.byte 0x31