watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.5:15372]
Modules linked in:
irq event stamp: 19888185
hardirqs last  enabled at (19888184): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (19888185): [<ffffffff84490d7f>] sysvec_apic_timer_interrupt+0xf/0x90
softirqs last  enabled at (19878894): [<ffffffff8118efbc>] __irq_exit_rcu+0xcc/0x110
softirqs last disabled at (19878897): [<ffffffff8118efbc>] __irq_exit_rcu+0xcc/0x110
CPU: 0 PID: 15372 Comm: syz-executor.5 Not tainted 6.2.0-next-20230303 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__read_once_word_nocheck+0x0/0x10
Code: 7f fd ff ff e8 71 69 6d 00 e9 37 fd ff ff 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 07 e9 5c 28 38 03 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
RSP: 0018:ffff88806ce097e0 EFLAGS: 00000202
RAX: ffff88806ce0a001 RBX: 0000000000000001 RCX: 0000000000000002
RDX: ffff88806ce09d01 RSI: ffff88806ce09de0 RDI: ffff88806ce09de0
RBP: ffff88806ce098b0 R08: 0000000000000001 R09: ffff88806ce09898
R10: 0000000000038001 R11: 0000000000000001 R12: ffff88806ce098b8
R13: ffff88806ce09858 R14: ffff88806ce09de0 R15: 0000000000000002
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555555f8bc58 CR3: 00000000193f0000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 unwind_next_frame+0x1584/0x22d0
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 __kasan_record_aux_stack+0x95/0xb0
 __call_rcu_common.constprop.0+0x6a/0xa70
 kmem_cache_free+0xb9/0x510
 skb_release_data+0x708/0x840
 consume_skb+0xd0/0x170
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x567/0xb10
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xcb0
 hrtimer_run_softirq+0x14c/0x310
 __do_softirq+0x258/0x8a2
 __irq_exit_rcu+0xcc/0x110
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x6e/0x90
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__slab_free+0x77/0x380
Code: e8 1f 4d 85 e4 66 89 5c 24 48 89 04 24 41 0f 94 c3 66 85 db 74 05 45 84 db 74 06 80 3c 24 00 74 3c 41 8b 7d 08 4c 8b 4c 24 48 <4d> 89 f0 4c 89 e2 48 89 ee e8 0b af ff ff 84 c0 74 a5 44 0f b6 24
RSP: 0018:ffff8880469475c8 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 0000000080100006 RCX: 0000000080100007
RDX: ffff8880479bc000 RSI: ffffea00011e6e00 RDI: 0000000048001000
RBP: ffffea00011e6e00 R08: 0000000000000001 R09: 0000000080100006
R10: ffffea00011e6e00 R11: 0000000000000000 R12: ffff8880479bc800
R13: ffff888008441dc0 R14: ffff8880479bc000 R15: ffff8880479bc000
 qlist_free_all+0x6d/0x1a0
 kasan_quarantine_reduce+0x196/0x230
 __kasan_slab_alloc+0x49/0x70
 __kmem_cache_alloc_node+0x17e/0x310
 kmalloc_trace+0x26/0x120
 kobject_uevent_env+0x21e/0xf80
 device_del+0x91a/0xed0
 hci_conn_del_sysfs+0xdc/0x110
 hci_conn_cleanup+0x34e/0x780
 hci_conn_del+0x28f/0x940
 hci_conn_hash_flush+0x195/0x230
 hci_dev_close_sync+0x57f/0xff0
 hci_unregister_dev+0x15e/0x410
 vhci_release+0x80/0x100
 __fput+0x263/0xa40
 task_work_run+0x174/0x280
 do_exit+0xad8/0x2800
 do_group_exit+0xd4/0x2a0
 get_signal+0x23c8/0x2450
 arch_do_signal_or_restart+0x79/0x590
 exit_to_user_mode_prepare+0x122/0x190
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f73a3337b19
Code: Unable to access opcode bytes at 0x7f73a3337aef.
RSP: 002b:00007f73a08ad108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
RAX: 0000000000000007 RBX: 00007f73a344af60 RCX: 00007f73a3337b19
RDX: 0000000020ff9000 RSI: 0000000020000180 RDI: 000000000000293f
RBP: 0000000020000180 R08: 0000000020000300 R09: 0000000020000300
R10: 0000000020000200 R11: 0000000000000202 R12: 0000000020000300
R13: 0000000020ff9000 R14: 0000000020000200 R15: 0000000020ffb000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at default_idle+0xf/0x20
----------------
Code disassembly (best guess), 4 bytes skipped:
   0:	e8 71 69 6d 00       	callq  0x6d6976
   5:	e9 37 fd ff ff       	jmpq   0xfffffd41
   a:	66 2e 0f 1f 84 00 00 	nopw   %cs:0x0(%rax,%rax,1)
  11:	00 00 00
  14:	66 90                	xchg   %ax,%ax
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	90                   	nop
  23:	90                   	nop
  24:	90                   	nop
  25:	90                   	nop
* 26:	48 8b 07             	mov    (%rdi),%rax <-- trapping instruction
  29:	e9 5c 28 38 03       	jmpq   0x338288a
  2e:	0f 1f 84 00 00 00 00 	nopl   0x0(%rax,%rax,1)
  35:	00
  36:	90                   	nop
  37:	90                   	nop
  38:	90                   	nop
  39:	90                   	nop
  3a:	90                   	nop
  3b:	90                   	nop