watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [syz-executor.4:11224]
Modules linked in:
irq event stamp: 4589679
hardirqs last  enabled at (4589678): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (4589679): [<ffffffff844846df>] sysvec_apic_timer_interrupt+0xf/0x90
softirqs last  enabled at (4515564): [<ffffffff8118dd0c>] __irq_exit_rcu+0xcc/0x110
softirqs last disabled at (4515567): [<ffffffff8118dd0c>] __irq_exit_rcu+0xcc/0x110
CPU: 1 PID: 11224 Comm: syz-executor.4 Not tainted 6.2.0-next-20230227 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:unwind_next_frame+0x1515/0x22d0
Code: c0 0f 85 fe 06 00 00 41 c6 45 42 01 e9 94 fa ff ff 48 be 00 00 00 00 00 fc ff df 48 8d 79 02 48 89 f8 48 c1 e8 03 0f b6 14 30 <48> 8d 41 03 49 89 c0 49 c1 e8 03 41 0f b6 34 30 49 89 f8 41 83 e0
RSP: 0018:ffff88806cf097d0 EFLAGS: 00000212
RAX: 1ffffffff0c103c2 RBX: 0000000000000003 RCX: ffffffff86081e0e
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: ffffffff86081e10
RBP: ffff88806cf09898 R08: ffffffff86081e12 R09: ffff88806cf09880
R10: 0000000000038001 R11: 0000000000000001 R12: ffff88806cf098a0
R13: ffff88806cf09840 R14: ffff88806cf09ff0 R15: 0000000000000002
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9011b57344 CR3: 0000000005482000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x90/0xd0
 set_track_prepare+0x74/0xd0
 __create_object+0x3b2/0xc90
 kmem_cache_alloc_node+0x215/0x330
 __alloc_skb+0x28c/0x330
 __netdev_alloc_skb+0x72/0x370
 __ieee80211_beacon_get+0x3d9/0x13c0
 ieee80211_beacon_get_tim+0x99/0x540
 mac80211_hwsim_beacon_tx+0x1d3/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x14c/0x310
 __do_softirq+0x258/0x8a2
 __irq_exit_rcu+0xcc/0x110
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x6e/0x90
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:percpu_counter_add_batch+0xcd/0x180
Code: 0a 27 ff 65 45 01 2e e8 81 0a 27 ff 31 ff 48 89 de e8 77 06 27 ff 48 85 db 74 0b e8 6d 0a 27 ff e8 e8 2b 2e ff fb 48 83 c4 18 <5b> 5d 41 5c 41 5d 41 5e 41 5f e9 54 0a 27 ff e8 4f 0a 27 ff e8 aa
RSP: 0018:ffff8880460b76b8 EFLAGS: 00000286
RAX: 00000000001eb933 RBX: 0000000000000200 RCX: ffffffff812cb1bf
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff82246b48
RBP: 0000000000000020 R08: 0000000000000001 R09: ffffffff8777f947
R10: fffffbfff0eeff28 R11: 0000000000000001 R12: ffff88800f84a880
R13: fffffffffffffff1 R14: 0000607f92e26318 R15: fffffffffffffff1
 unmap_page_range+0x1281/0x2da0
 unmap_single_vma+0x194/0x2a0
 unmap_vmas+0x233/0x390
 exit_mmap+0x15b/0x6a0
 mmput+0xd5/0x390
 do_exit+0x9c6/0x2800
 do_group_exit+0xd4/0x2a0
 get_signal+0x23c8/0x2450
 arch_do_signal_or_restart+0x79/0x590
 exit_to_user_mode_prepare+0x122/0x190
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f5200693b19
Code: Unable to access opcode bytes at 0x7f5200693aef.
RSP: 002b:00007f51fdc09218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f52007a6f68 RCX: 00007f5200693b19
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f52007a6f68
RBP: 00007f52007a6f60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f52007a6f6c
R13: 00007ffcc57d628f R14: 00007f51fdc09300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at default_idle+0xf/0x20
----------------
Code disassembly (best guess):
   0:	c0 0f 85             	rorb   $0x85,(%rdi)
   3:	fe 06                	incb   (%rsi)
   5:	00 00                	add    %al,(%rax)
   7:	41 c6 45 42 01       	movb   $0x1,0x42(%r13)
   c:	e9 94 fa ff ff       	jmpq   0xfffffaa5
  11:	48 be 00 00 00 00 00 	movabs $0xdffffc0000000000,%rsi
  18:	fc ff df
  1b:	48 8d 79 02          	lea    0x2(%rcx),%rdi
  1f:	48 89 f8             	mov    %rdi,%rax
  22:	48 c1 e8 03          	shr    $0x3,%rax
  26:	0f b6 14 30          	movzbl (%rax,%rsi,1),%edx
* 2a:	48 8d 41 03          	lea    0x3(%rcx),%rax <-- trapping instruction
  2e:	49 89 c0             	mov    %rax,%r8
  31:	49 c1 e8 03          	shr    $0x3,%r8
  35:	41 0f b6 34 30       	movzbl (%r8,%rsi,1),%esi
  3a:	49 89 f8             	mov    %rdi,%r8
  3d:	41                   	rex.B
  3e:	83                   	.byte 0x83
  3f:	e0                   	.byte 0xe0