device syz_tun entered promiscuous mode
random: crng reseeded on system resumption
device syz_tun entered promiscuous mode
device syz_tun left promiscuous mode
device syz_tun left promiscuous mode
watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor.4:4913]
Modules linked in:
irq event stamp: 4780881
hardirqs last  enabled at (4780880): [<ffffffff84200ccb>] asm_sysvec_apic_timer_interrupt+0x1b/0x20
hardirqs last disabled at (4780881): [<ffffffff84191d3b>] sysvec_apic_timer_interrupt+0xb/0xc0
softirqs last  enabled at (4766320): [<ffffffff811662b3>] __irq_exit_rcu+0x113/0x170
softirqs last disabled at (4766323): [<ffffffff811662b3>] __irq_exit_rcu+0x113/0x170
CPU: 0 PID: 4913 Comm: syz-executor.4 Not tainted 5.19.0-rc5-next-20220708 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:strlen+0x49/0x90
Code: 89 fa 83 e2 07 38 d0 7f 04 84 c0 75 48 80 7d 00 00 74 39 48 bb 00 00 00 00 00 fc ff df 48 89 e8 48 83 c0 01 48 89 c2 48 89 c1 <48> c1 ea 03 83 e1 07 0f b6 14 1a 38 ca 7f 04 84 d2 75 1f 80 38 00
RSP: 0018:ffff88806ce09938 EFLAGS: 00000286
RAX: ffffffff84a31daa RBX: dffffc0000000000 RCX: ffffffff84a31daa
RDX: ffffffff84a31daa RSI: ffffffff85639bd8 RDI: ffffffff84a31da0
RBP: ffffffff84a31da0 R08: 0000000000000000 R09: 0000000000000001
R10: fffffbfff0b1d4fa R11: 0000000000000001 R12: 1ffff1100d9c1333
R13: ffffffff85108a40 R14: ffffffff85639bd8 R15: ffff88806ce09a18
FS:  00007fa4ba2fd700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2f22d000 CR3: 0000000046734000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 perf_trace_lock_acquire+0xbf/0x530
 lock_acquire+0x40f/0x530
 _raw_spin_lock+0x2a/0x40
 mac80211_hwsim_tx_frame_no_nl.isra.0+0x6f1/0x1440
 mac80211_hwsim_tx_frame+0x1ee/0x2a0
 mac80211_hwsim_beacon_tx+0x53b/0xa10
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x70/0x180
 mac80211_hwsim_beacon+0xfd/0x200
 __hrtimer_run_queues+0x5de/0xbc0
 hrtimer_run_softirq+0x172/0x340
 __do_softirq+0x1c8/0x8cc
 __irq_exit_rcu+0x113/0x170
 irq_exit_rcu+0x5/0x20
 sysvec_apic_timer_interrupt+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1b/0x20
RIP: 0010:___cache_free+0x65/0xe0
Code: c2 f6 c2 01 0f 85 83 00 00 00 66 90 49 8b 02 f6 c4 02 b8 00 00 00 00 4c 0f 44 d0 48 8b 07 65 48 03 05 4f 62 8b 7e 48 8b 50 08 <4c> 39 50 10 75 48 48 8b 00 8b 4f 28 48 89 04 0b 4c 8b 07 41 f6 c0
RSP: 0018:ffff8880477bf820 EFLAGS: 00000286
RAX: ffff88806ce42d50 RBX: ffff88801e096dc0 RCX: ffff88801e096dc0
RDX: 0000000000075ec0 RSI: ffff88801e096dc0 RDI: ffff88800c897000
RBP: 0000000000000000 R08: ffff88801e096dc0 R09: ffffffff8176f26f
R10: ffffea0000782580 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff8880477bf870 R14: ffff88800c897000 R15: ffff88801e096dc0
 qlist_free_all+0x6d/0x190
 kasan_quarantine_reduce+0x180/0x200
 __kasan_kmalloc+0x93/0xa0
 ipv4_inetpeer_init+0x3d/0xb0
 ops_init+0xb2/0x480
 setup_net+0x40c/0x9d0
 copy_net_ns+0x318/0x760
 create_new_namespaces+0x3f6/0xb30
 copy_namespaces+0x391/0x480
 copy_process+0x2c61/0x6d60
 kernel_clone+0xe7/0xa60
 __do_sys_clone3+0x1cd/0x2d0
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7fa4bcdc9b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa4ba2fd188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
RAX: ffffffffffffffda RBX: 00007fa4bcedd0e0 RCX: 00007fa4bcdc9b19
RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020004c00
RBP: 00007fa4bce23f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd4c3f3c9f R14: 00007fa4ba2fd300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at default_idle+0xb/0x10
----------------
Code disassembly (best guess):
   0:	89 fa                	mov    %edi,%edx
   2:	83 e2 07             	and    $0x7,%edx
   5:	38 d0                	cmp    %dl,%al
   7:	7f 04                	jg     0xd
   9:	84 c0                	test   %al,%al
   b:	75 48                	jne    0x55
   d:	80 7d 00 00          	cmpb   $0x0,0x0(%rbp)
  11:	74 39                	je     0x4c
  13:	48 bb 00 00 00 00 00 	movabs $0xdffffc0000000000,%rbx
  1a:	fc ff df
  1d:	48 89 e8             	mov    %rbp,%rax
  20:	48 83 c0 01          	add    $0x1,%rax
  24:	48 89 c2             	mov    %rax,%rdx
  27:	48 89 c1             	mov    %rax,%rcx
* 2a:	48 c1 ea 03          	shr    $0x3,%rdx <-- trapping instruction
  2e:	83 e1 07             	and    $0x7,%ecx
  31:	0f b6 14 1a          	movzbl (%rdx,%rbx,1),%edx
  35:	38 ca                	cmp    %cl,%dl
  37:	7f 04                	jg     0x3d
  39:	84 d2                	test   %dl,%dl
  3b:	75 1f                	jne    0x5c
  3d:	80 38 00             	cmpb   $0x0,(%rax)