loop7: detected capacity change from 0 to 240
watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor.2:5493]
Modules linked in:
irq event stamp: 5427795
hardirqs last  enabled at (5427794): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (5427795): [<ffffffff844826df>] sysvec_apic_timer_interrupt+0xf/0x90
softirqs last  enabled at (5374226): [<ffffffff8118dd1c>] __irq_exit_rcu+0xcc/0x110
softirqs last disabled at (5374229): [<ffffffff8118dd1c>] __irq_exit_rcu+0xcc/0x110
CPU: 0 PID: 5493 Comm: syz-executor.2 Not tainted 6.2.0-next-20230224 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:lock_release+0x3da/0x710
Code: ff ff ff ff 65 0f c1 05 74 2f d5 7e 83 f8 01 0f 85 97 01 00 00 48 f7 04 24 00 02 00 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c5 48 c7 45 00 00 00 00 00 c7 45 08 00 00 00 00 48 8b 84 24
RSP: 0018:ffff88806ce09488 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: f437e7df10715930 RCX: ffff88806ce094d8
RDX: 1ffff110087ac12a RSI: 0000000000000000 RDI: ffff888043d60950
RBP: 1ffff1100d9c1293 R08: 0000000000000001 R09: ffff888043d60958
R10: fffffbfff0ba4f52 R11: 0000000000000001 R12: 0000000000000004
R13: ffffffff814bf265 R14: 0000000000000005 R15: ffff888043d60000
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0408490ae0 CR3: 000000000d4d2000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 __is_insn_slot_addr+0x147/0x290
 kernel_text_address+0x5b/0xc0
 __kernel_text_address+0xd/0x40
 unwind_get_return_address+0x59/0xa0
 arch_stack_walk+0x9d/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 __kasan_slab_alloc+0x59/0x70
 kmem_cache_alloc+0x172/0x320
 __create_object+0x3c/0xc90
 kmem_cache_alloc_node+0x215/0x330
 kmalloc_reserve+0x16d/0x230
 __alloc_skb+0x129/0x330
 skb_copy+0x13d/0x3f0
 mac80211_hwsim_tx_frame_no_nl.isra.0+0xb08/0x1330
 mac80211_hwsim_tx_frame+0x1ee/0x2a0
 mac80211_hwsim_beacon_tx+0x567/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x14c/0x310
 __do_softirq+0x258/0x8a2
 __irq_exit_rcu+0xcc/0x110
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x6e/0x90
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__sanitizer_cov_trace_pc+0x3b/0x70
Code: 81 e1 00 01 00 00 65 48 8b 14 25 80 89 03 00 a9 00 01 ff 00 74 0e 85 c9 74 35 8b 82 0c 14 00 00 85 c0 74 2b 8b 82 e8 13 00 00 <83> f8 02 75 20 48 8b 8a f0 13 00 00 8b 92 ec 13 00 00 48 8b 01 48
RSP: 0018:ffff88804503f6c8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff888043d60000 RSI: ffffffff816f54ca RDI: 0000000000000001
RBP: ffff88801e527500 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: ffff88804503fad8 R14: dffffc0000000000 R15: 00000000ffffffb5
 trace_rss_stat+0x13a/0x250
 unmap_page_range+0x128d/0x2da0
 unmap_single_vma+0x194/0x2a0
 unmap_vmas+0x233/0x390
 exit_mmap+0x15b/0x6a0
 mmput+0xd5/0x390
 do_exit+0x9c6/0x2800
 do_group_exit+0xd4/0x2a0
 get_signal+0x23c8/0x2450
 arch_do_signal_or_restart+0x79/0x590
 exit_to_user_mode_prepare+0x122/0x190
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f6cb2fe5b19
Code: Unable to access opcode bytes at 0x7f6cb2fe5aef.
RSP: 002b:00007f6cb055b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f6cb30f8f68 RCX: 00007f6cb2fe5b19
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6cb30f8f68
RBP: 00007f6cb30f8f60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6cb30f8f6c
R13: 00007ffc5351ddef R14: 00007f6cb055b300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-next-20230224 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:match_held_lock+0x7b/0xd0
Code: ff 1f 00 00 48 39 d0 0f 94 c0 48 83 c4 08 0f b6 c0 5b e9 7c 2c 02 00 31 f6 e8 51 fe ff ff 48 85 c0 75 ae 31 c0 48 83 c4 08 5b <e9> 64 2c 02 00 48 83 c4 08 b8 01 00 00 00 5b e9 55 2c 02 00 e8 bc
RSP: 0018:ffff88806cf095c8 EFLAGS: 00000096
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8560a700 RDI: ffff888008da59a0
RBP: ffffffff8560a700 R08: 00000000ffffffff R09: ffffffff85d27a97
R10: fffffbfff0ba4f52 R11: 0000000000000001 R12: ffff888008da5040
R13: ffff888008da59a0 R14: 00000000ffffffff R15: ffff888008da59a0
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd1170ed000 CR3: 0000000009656000 CR4: 0000000000350ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 lock_is_held_type+0x9f/0x120
 rcu_read_lock_sched_held+0x42/0x80
 lock_release+0x525/0x710
 _raw_spin_unlock+0x16/0x40
 scheduler_tick+0x17f/0x370
 update_process_times+0x10e/0x150
 tick_sched_handle+0x9b/0x180
 tick_sched_timer+0xea/0x120
 __hrtimer_run_queues+0x17f/0xcb0
 hrtimer_interrupt+0x2ef/0x750
 __sysvec_apic_timer_interrupt+0xff/0x4a0
 sysvec_apic_timer_interrupt+0x33/0x90
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:queued_spin_lock_slowpath+0x128/0xc50
Code: 00 00 00 65 48 2b 04 25 28 00 00 00 0f 85 d5 09 00 00 48 81 c4 88 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f e9 3e 1f 00 00 f3 90 <e9> 71 ff ff ff 44 8b 74 24 48 41 81 fe 00 01 00 00 0f 84 e4 00 00
RSP: 0018:ffff88806cf09a28 EFLAGS: 00000202
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff844a400b
RDX: fffffbfff0b4ad49 RSI: 0000000000000004 RDI: ffffffff85a56a40
RBP: ffffffff85a56a40 R08: 0000000000000000 R09: ffffffff85a56a43
R10: fffffbfff0b4ad48 R11: 0000000000000001 R12: 0000000000000003
R13: fffffbfff0b4ad48 R14: 0000000000000001 R15: 1ffff1100d9e1346
 do_raw_spin_lock+0x1e0/0x270
 mac80211_hwsim_tx_frame_no_nl.isra.0+0x6de/0x1330
 mac80211_hwsim_tx_frame+0x1ee/0x2a0
 mac80211_hwsim_beacon_tx+0x567/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x14c/0x310
 __do_softirq+0x258/0x8a2
 __irq_exit_rcu+0xcc/0x110
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x6e/0x90
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:default_idle+0xf/0x20
Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d e3 35 3a 00 fb f4 <fa> e9 5f 13 02 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
RSP: 0018:ffff888008e1fe70 EFLAGS: 00000206
RAX: 000000000029ac95 RBX: ffff888008da5040 RCX: ffffffff84483c3e
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff812847b0
RBP: 0000000000000001 R08: 0000000000000001 R09: ffff88806cf34f83
R10: ffffed100d9e69f0 R11: 0000000000000001 R12: ffffed10011b4a08
R13: ffffffff85d27a90 R14: 0000000000000000 R15: 0000000000000000
 default_idle_call+0x67/0xa0
 do_idle+0x300/0x3d0
 cpu_startup_entry+0x18/0x20
 start_secondary+0x1ca/0x220
 secondary_startup_64_no_verify+0xe0/0xeb
 </TASK>
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	ff 65 0f             	jmpq   *0xf(%rbp)
   3:	c1 05 74 2f d5 7e 83 	roll   $0x83,0x7ed52f74(%rip)        # 0x7ed52f7e
   a:	f8                   	clc
   b:	01 0f                	add    %ecx,(%rdi)
   d:	85 97 01 00 00 48    	test   %edx,0x48000001(%rdi)
  13:	f7 04 24 00 02 00 00 	testl  $0x200,(%rsp)
  1a:	74 01                	je     0x1d
  1c:	fb                   	sti
  1d:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  24:	fc ff df
* 27:	48 01 c5             	add    %rax,%rbp <-- trapping instruction
  2a:	48 c7 45 00 00 00 00 	movq   $0x0,0x0(%rbp)
  31:	00
  32:	c7 45 08 00 00 00 00 	movl   $0x0,0x8(%rbp)
  39:	48                   	rex.W
  3a:	8b                   	.byte 0x8b
  3b:	84                   	.byte 0x84
  3c:	24                   	.byte 0x24