netlink: 168 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 168 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 168 bytes leftover after parsing attributes in process `syz-executor.2'.
watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [syz-executor.6:4692]
Modules linked in:
irq event stamp: 6830739
hardirqs last  enabled at (6830738): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (6830739): [<ffffffff845a31af>] sysvec_apic_timer_interrupt+0xf/0x90
softirqs last  enabled at (6820424): [<ffffffff81190963>] irq_exit_rcu+0x93/0xc0
softirqs last disabled at (6820427): [<ffffffff81190963>] irq_exit_rcu+0x93/0xc0
CPU: 1 PID: 4692 Comm: syz-executor.6 Not tainted 6.5.0-rc4-next-20230804 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:perf_trace_buf_update+0x18/0x190
Code: 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 41 54 41 89 f4 55 53 48 89 fb 48 83 ec 08 e8 79 03 f7 ff 9c <5d> 81 e5 00 02 00 00 31 ff 48 89 ee e8 37 ff f6 ff 31 ff 48 85 ed
RSP: 0018:ffff88806cf09310 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffe8ffffd47000 RCX: 0000000000000100
RDX: ffff8880154a51c0 RSI: ffffffff8155bb87 RDI: ffffe8ffffd47000
RBP: ffff88806cf095b0 R08: ffff88806cf34dc8 R09: ffffe8ffffd27fe0
R10: ffff88806cf095f8 R11: 0000000000000030 R12: 0000000000000081
R13: ffffe8ffffd27fe0 R14: dffffc0000000000 R15: ffffe8ffffd47000
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9f92fab718 CR3: 000000000ec48000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 perf_tp_event+0x142/0x1280
 perf_trace_run_bpf_submit+0xf3/0x190
 perf_trace_lock_acquire+0x339/0x500
 lock_acquire+0x416/0x4c0
 __is_insn_slot_addr+0x41/0x290
 kernel_text_address+0x48/0xc0
 __kernel_text_address+0xd/0x40
 unwind_get_return_address+0x59/0xa0
 arch_stack_walk+0x9d/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 __kasan_record_aux_stack+0x8e/0xa0
 __call_rcu_common.constprop.0+0x6a/0xbd0
 kmem_cache_free+0xc1/0x4d0
 kfree_skbmem+0xef/0x1b0
 consume_skb+0x126/0x2e0
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x427/0x730
 __iterate_interfaces+0x2d3/0x580
 ieee80211_iterate_active_interfaces_atomic+0x73/0x1c0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x59d/0xb60
 hrtimer_run_softirq+0x14c/0x310
 __do_softirq+0x1b7/0x7d4
 irq_exit_rcu+0x93/0xc0
 sysvec_apic_timer_interrupt+0x6e/0x90
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:lock_acquire+0x1c7/0x4c0
Code: ff ff 48 83 c4 28 65 0f c1 05 a5 8f d4 7e 83 f8 01 0f 85 8f 02 00 00 48 83 7c 24 08 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24
RSP: 0018:ffff88804330f350 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: 1ffff11008661e6c RCX: 0000000000000001
RDX: 1ffff11002a94b75 RSI: 910c561320d3b838 RDI: 00000000810d2e58
RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff0ee7d60
R10: ffffffff8773eb07 R11: 0000000000000001 R12: 0000000000000002
R13: 0000000000000000 R14: ffffffff8560c2e0 R15: 0000000000000000
 __is_insn_slot_addr+0x41/0x290
 kernel_text_address+0x5b/0xc0
 __kernel_text_address+0xd/0x40
 unwind_get_return_address+0x59/0xa0
 arch_stack_walk+0x9d/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 __kasan_record_aux_stack+0x8e/0xa0
 __call_rcu_common.constprop.0+0x6a/0xbd0
 kmem_cache_free+0xc1/0x4d0
 ___pte_free_tlb+0x1d/0x1a0
 free_pgd_range+0x7be/0x1330
 free_pgtables+0x5c8/0x830
 exit_mmap+0x333/0x9b0
 mmput+0xd5/0x390
 do_exit+0x99f/0x2740
 do_group_exit+0xd4/0x2a0
 get_signal+0x2693/0x2720
 arch_do_signal_or_restart+0x79/0x590
 exit_to_user_mode_prepare+0xeb/0x180
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x7f185738fb19
Code: Unable to access opcode bytes at 0x7f185738faef.
RSP: 002b:00007f1854905188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: 0000000000000006 RBX: 00007f18574a2f60 RCX: 00007f185738fb19
RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000080
RBP: 00007f18573e9f6d R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeae2e46df R14: 00007f1854905300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at default_idle+0xf/0x20
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	90                   	nop
   3:	90                   	nop
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	90                   	nop
   9:	90                   	nop
   a:	90                   	nop
   b:	90                   	nop
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	66 0f 1f 00          	nopw   (%rax)
  16:	41 54                	push   %r12
  18:	41 89 f4             	mov    %esi,%r12d
  1b:	55                   	push   %rbp
  1c:	53                   	push   %rbx
  1d:	48 89 fb             	mov    %rdi,%rbx
  20:	48 83 ec 08          	sub    $0x8,%rsp
  24:	e8 79 03 f7 ff       	callq  0xfff703a2
  29:	9c                   	pushfq
* 2a:	5d                   	pop    %rbp <-- trapping instruction
  2b:	81 e5 00 02 00 00    	and    $0x200,%ebp
  31:	31 ff                	xor    %edi,%edi
  33:	48 89 ee             	mov    %rbp,%rsi
  36:	e8 37 ff f6 ff       	callq  0xfff6ff72
  3b:	31 ff                	xor    %edi,%edi
  3d:	48 85 ed             	test   %rbp,%rbp