FAT-fs (loop4): bogus number of reserved sectors
FAT-fs (loop4): Can't find a valid FAT filesystem
Bluetooth: hci0: command 0x0406 tx timeout
Bluetooth: hci2: command 0x0406 tx timeout
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.7:9332]
Modules linked in:
irq event stamp: 8423765
hardirqs last  enabled at (8423764): [<ffffffff84400d06>] asm_sysvec_apic_timer_interrupt+0x16/0x20
hardirqs last disabled at (8423765): [<ffffffff8436fc2b>] sysvec_apic_timer_interrupt+0xb/0xc0
softirqs last  enabled at (8381454): [<ffffffff8117d44b>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (8381457): [<ffffffff8117d44b>] __irq_exit_rcu+0x11b/0x180
CPU: 0 PID: 9332 Comm: syz-executor.7 Not tainted 6.1.0-rc3-next-20221103 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:stack_trace_consume_entry+0x0/0x160
Code: e9 22 fe ff ff e8 40 4e 44 00 e9 52 fd ff ff e8 b6 a4 ff 02 cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> b8 00 00 00 00 00 fc ff df 55 53 48 89 fb 48 83 c7 10 48 89 fa
RSP: 0018:ffff88806d009868 EFLAGS: 00000286
RAX: ffffffff84070e93 RBX: ffffffff81375fb0 RCX: 0000000000000000
RDX: 1ffff1100da01319 RSI: ffffffff84070e93 RDI: ffff88806d009938
RBP: ffff88806d009908 R08: ffffffff860ec606 R09: ffffffff860ec60a
R10: ffffed100da0131b R11: ffff88806d0098b0 R12: ffff88806d009938
R13: 0000000000000000 R14: ffff88801a0f1ac0 R15: ffff888008041c80
FS:  0000000000000000(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055bee9783f90 CR3: 00000000154b2000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 arch_stack_walk+0x73/0xf0
 stack_trace_save+0x8c/0xc0
 kasan_save_stack+0x1e/0x40
 kasan_set_track+0x21/0x30
 kasan_save_free_info+0x2a/0x50
 __kasan_slab_free+0x106/0x190
 __kmem_cache_free+0xcb/0x400
 skb_release_data+0x6d8/0x810
 consume_skb+0xc7/0x160
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x562/0xab0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x70/0x180
 mac80211_hwsim_beacon+0x101/0x200
 __hrtimer_run_queues+0x541/0xb50
 hrtimer_run_softirq+0x172/0x340
 __do_softirq+0x1c3/0x8f5
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 sysvec_apic_timer_interrupt+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:__sanitizer_cov_trace_pc+0x13/0x70
Code: 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 8b 05 b1 4d bb 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 <65> 48 8b 14 25 c0 76 03 00 a9 00 01 ff 00 74 0e 85 c9 74 35 8b 82
RSP: 0018:ffff888042eff6d0 EFLAGS: 00000246
RAX: 0000000080000001 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88801a0f1ac0 RSI: ffffffff817120fa RDI: 0000000000000007
RBP: ffffea0000c308c0 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: ffff888016a134e0 R14: 0000000000000000 R15: dffffc0000000000
 page_remove_rmap+0x6a/0x490
 unmap_page_range+0x1c46/0x2a50
 unmap_single_vma+0x190/0x2a0
 unmap_vmas+0x21e/0x370
 exit_mmap+0x154/0x680
 mmput+0xd1/0x390
 do_exit+0x993/0x2720
 do_group_exit+0xd0/0x2a0
 get_signal+0x2195/0x22d0
 arch_do_signal_or_restart+0x75/0x5a0
 exit_to_user_mode_prepare+0x131/0x1a0
 syscall_exit_to_user_mode+0x19/0x40
 do_syscall_64+0x48/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7fed46e2eb19
Code: Unable to access opcode bytes at 0x7fed46e2eaef.
RSP: 002b:00007fed443a4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: 0000000000000008 RBX: 00007fed46f41f60 RCX: 00007fed46e2eb19
RDX: 0000000000105802 RSI: 00000000200001c0 RDI: ffffffffffffff9c
RBP: 00007fed46e88f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffda1910f2f R14: 00007fed443a4300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 9333 Comm: syz-executor.0 Not tainted 6.1.0-rc3-next-20221103 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:lock_is_held_type+0xa7/0x130
Code: 12 e9 87 00 00 00 83 c3 01 41 3b 9c 24 58 09 00 00 7d 7a 48 63 c3 48 89 ee 48 8d 04 80 4d 8d 7c c5 00 4c 89 ff e8 79 fe ff ff <85> c0 74 d8 41 bd 01 00 00 00 41 83 fe ff 74 14 31 c0 41 f6 47 22
RSP: 0018:ffff88806d108ff0 EFLAGS: 00000092
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff85407860 RDI: ffff88801e2fda18
RBP: ffffffff85407860 R08: 0000000000000000 R09: ffffffff85b0bd57
R10: fffffbfff0b617aa R11: 0000000000000001 R12: ffff88801e2fd040
R13: ffff88801e2fd9a0 R14: 00000000ffffffff R15: ffff88801e2fda18
FS:  0000000000000000(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c000691000 CR3: 00000000154b2000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 rcu_read_lock_sched_held+0x3e/0x80
 lock_release+0x547/0x750
 perf_event_output_forward+0x161/0x280
 __perf_event_overflow+0x191/0x540
 perf_swevent_hrtimer+0x35d/0x3d0
 __hrtimer_run_queues+0x184/0xb50
 hrtimer_interrupt+0x315/0x770
 __sysvec_apic_timer_interrupt+0x144/0x500
 sysvec_apic_timer_interrupt+0x3b/0xc0
 asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:stack_trace_consume_entry+0x35/0x160
Code: 53 48 89 fb 48 83 c7 10 48 89 fa 48 c1 ea 03 48 83 ec 08 0f b6 04 02 84 c0 74 08 3c 03 0f 8e e7 00 00 00 48 8d 7b 08 8b 6b 10 <48> b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 84
RSP: 0018:ffff88806d1096d8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff88806d1097c0 RCX: 0000000000000000
RDX: 1ffff1100da212fa RSI: ffffffff8436ba28 RDI: ffff88806d1097c8
RBP: 0000000000000022 R08: ffffffff8625f59e R09: ffffffff8625f5a2
R10: ffff88806d109ff8 R11: ffff88806d109738 R12: ffff88806d1097c0
R13: 0000000000000000 R14: ffff88801e2fd040 R15: 0000000000000000
 arch_stack_walk+0x73/0xf0
 stack_trace_save+0x8c/0xc0
 kasan_save_stack+0x1e/0x40
 kasan_set_track+0x21/0x30
 __kasan_slab_alloc+0x58/0x70
 kmem_cache_alloc+0x1a9/0x3e0
 __create_object+0x3d/0xc00
 kmem_cache_alloc_node+0x252/0x400
 __alloc_skb+0x216/0x310
 __netdev_alloc_skb+0x72/0x3e0
 __ieee80211_beacon_get+0x3de/0x1380
 ieee80211_beacon_get_tim+0x95/0x4e0
 mac80211_hwsim_beacon_tx+0x1ce/0xab0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x70/0x180
 mac80211_hwsim_beacon+0x101/0x200
 __hrtimer_run_queues+0x541/0xb50
 hrtimer_run_softirq+0x172/0x340
 __do_softirq+0x1c3/0x8f5
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 sysvec_apic_timer_interrupt+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:lock_release+0x3dd/0x750
Code: ff ff ff ff 65 0f c1 05 71 e4 d6 7e 83 f8 01 0f 85 b1 01 00 00 48 f7 04 24 00 02 00 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c5 48 c7 45 00 00 00 00 00 c7 45 08 00 00 00 00 48 8b 84 24
RSP: 0018:ffff888041b37610 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: 6fcad38d21491a93 RCX: ffff888041b37660
RDX: 1ffff11003c5fb32 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 1ffff11008366ec4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000002
R13: 0000000000000003 R14: ffff88801e2fd998 R15: ffff88801e2fd040
 page_remove_rmap+0xfa/0x490
 unmap_page_range+0x1c46/0x2a50
 unmap_single_vma+0x190/0x2a0
 unmap_vmas+0x21e/0x370
 exit_mmap+0x154/0x680
 mmput+0xd1/0x390
 do_exit+0x993/0x2720
 do_group_exit+0xd0/0x2a0
 get_signal+0x2195/0x22d0
 arch_do_signal_or_restart+0x75/0x5a0
 exit_to_user_mode_prepare+0x131/0x1a0
 syscall_exit_to_user_mode+0x19/0x40
 do_syscall_64+0x48/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f3c79c56b19
Code: Unable to access opcode bytes at 0x7f3c79c56aef.
RSP: 002b:00007f3c771cc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: 0000000000000006 RBX: 00007f3c79d69f60 RCX: 00007f3c79c56b19
RDX: 0000000000000041 RSI: 0000000020000040 RDI: ffffffffffffff9c
RBP: 00007f3c79cb0f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffda502cdef R14: 00007f3c771cc300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	e9 22 fe ff ff       	jmpq   0xfffffe27
   5:	e8 40 4e 44 00       	callq  0x444e4a
   a:	e9 52 fd ff ff       	jmpq   0xfffffd61
   f:	e8 b6 a4 ff 02       	callq  0x2ffa4ca
  14:	cc                   	int3
  15:	cc                   	int3
  16:	cc                   	int3
  17:	cc                   	int3
  18:	cc                   	int3
  19:	cc                   	int3
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	90                   	nop
  23:	90                   	nop
  24:	90                   	nop
  25:	90                   	nop
  26:	90                   	nop
  27:	90                   	nop
  28:	90                   	nop
  29:	90                   	nop
* 2a:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax <-- trapping instruction
  31:	fc ff df
  34:	55                   	push   %rbp
  35:	53                   	push   %rbx
  36:	48 89 fb             	mov    %rdi,%rbx
  39:	48 83 c7 10          	add    $0x10,%rdi
  3d:	48 89 fa             	mov    %rdi,%rdx