watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.7:13060] Modules linked in: irq event stamp: 5077093 hardirqs last enabled at (5077092): [] asm_sysvec_apic_timer_interrupt+0x1a/0x20 hardirqs last disabled at (5077093): [] sysvec_apic_timer_interrupt+0xf/0xc0 softirqs last enabled at (5057338): [] irq_exit_rcu+0x11f/0x190 softirqs last disabled at (5057341): [] irq_exit_rcu+0x11f/0x190 CPU: 0 PID: 13060 Comm: syz-executor.7 Not tainted 6.2.0-rc4-next-20230118 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:mac80211_hwsim_tx_frame_no_nl.isra.0+0x7e9/0x1360 Code: bb e8 2b 36 4a fe 48 8d bb 08 3d 00 00 48 89 f8 48 c1 e8 03 0f b6 04 28 84 c0 74 06 0f 8e ea 08 00 00 44 0f b6 bb 08 3d 00 00 <31> ff 44 89 fe e8 cd 31 4a fe 45 84 ff 74 83 e8 f3 35 4a fe 48 8d RSP: 0018:ffff88806ce09b88 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff888044b4b3a0 RCX: 0000000000000100 RDX: ffff888016c61ac0 RSI: ffffffff82ff4c45 RDI: ffff888044b4f0a8 RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88803d6308c0 R13: ffff88804230b3a0 R14: ffff88804230b638 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe3c07c2040 CR3: 0000000018cca000 CR4: 0000000000350ef0 Call Trace: mac80211_hwsim_tx_frame+0x1ee/0x2a0 mac80211_hwsim_beacon_tx+0x566/0xb10 __iterate_interfaces+0x2d3/0x580 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0 mac80211_hwsim_beacon+0x105/0x200 __hrtimer_run_queues+0x54b/0xcb0 hrtimer_run_softirq+0x176/0x350 __do_softirq+0x274/0x8ff irq_exit_rcu+0x11f/0x190 sysvec_apic_timer_interrupt+0x92/0xc0 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:kasan_check_range+0x179/0x1d0 Code: ff ff 41 bb 01 00 00 00 5b 5d 44 89 d8 41 5c e9 c1 4b c7 02 48 85 d2 74 e9 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 db 80 38 00 <74> f2 e9 64 ff ff ff 41 bb 01 00 00 00 44 89 d8 e9 96 4b c7 02 48 RSP: 0018:ffff888044a3f640 EFLAGS: 00000246 RAX: fffff940001b9088 RBX: fffff940001b9089 RCX: ffffffff817721da RDX: fffff940001b9089 RSI: 0000000000000008 RDI: ffffea0000dc8440 RBP: fffff940001b9088 R08: 0000000000000000 R09: ffffea0000dc8447 R10: fffff940001b9088 R11: 0000000000000001 R12: 0000000000000000 R13: dffffc0000000000 R14: ffff88803d6b9010 R15: 00000000000001fe free_swap_cache+0x6a/0x3a0 free_pages_and_swap_cache+0x60/0xa0 tlb_batch_pages_flush+0xa8/0x1b0 unmap_page_range+0x1a59/0x2d90 unmap_single_vma+0x190/0x2a0 unmap_vmas+0x225/0x370 exit_mmap+0x158/0x6a0 mmput+0xd5/0x390 do_exit+0x99b/0x2780 do_group_exit+0xd4/0x2a0 get_signal+0x2255/0x2390 arch_do_signal_or_restart+0x79/0x5a0 exit_to_user_mode_prepare+0xf5/0x190 syscall_exit_to_user_mode+0x1d/0x50 do_syscall_64+0x4c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f9503e89b19 Code: Unable to access opcode bytes at 0x7f9503e89aef. RSP: 002b:00007f95013de188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: 0000000000000014 RBX: 00007f9503f9d020 RCX: 00007f9503e89b19 RDX: 0000000000000000 RSI: 0000000020007ec0 RDI: 0000000000000003 RBP: 00007f9503ee3f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe79a640ef R14: 00007f95013de300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 skipped: idling at default_idle+0xf/0x20 ---------------- Code disassembly (best guess): 0: bb e8 2b 36 4a mov $0x4a362be8,%ebx 5: fe 48 8d decb -0x73(%rax) 8: bb 08 3d 00 00 mov $0x3d08,%ebx d: 48 89 f8 mov %rdi,%rax 10: 48 c1 e8 03 shr $0x3,%rax 14: 0f b6 04 28 movzbl (%rax,%rbp,1),%eax 18: 84 c0 test %al,%al 1a: 74 06 je 0x22 1c: 0f 8e ea 08 00 00 jle 0x90c 22: 44 0f b6 bb 08 3d 00 movzbl 0x3d08(%rbx),%r15d 29: 00 * 2a: 31 ff xor %edi,%edi <-- trapping instruction 2c: 44 89 fe mov %r15d,%esi 2f: e8 cd 31 4a fe callq 0xfe4a3201 34: 45 84 ff test %r15b,%r15b 37: 74 83 je 0xffffffbc 39: e8 f3 35 4a fe callq 0xfe4a3631 3e: 48 rex.W 3f: 8d .byte 0x8d