watchdog: BUG: soft lockup - CPU#0 stuck for 21s! [syz-executor.0:5614]
Modules linked in:
irq event stamp: 4977425
hardirqs last  enabled at (4977424): [<ffffffff8440144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (4977425): [<ffffffff843bf4df>] sysvec_apic_timer_interrupt+0xf/0xc0
softirqs last  enabled at (4965950): [<ffffffff8117fc0b>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (4965953): [<ffffffff8117fc0b>] __irq_exit_rcu+0x11b/0x180
CPU: 0 PID: 5614 Comm: syz-executor.0 Not tainted 6.1.0-rc4-next-20221111 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__x86_return_thunk+0x0/0x3c
Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc f3 0f 1e fa f6 <c3> cc 0f ae e8 eb f9 cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 2e
RSP: 0018:ffff88806d009330 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000010 RCX: 0000000000000100
RDX: ffff88801b579ac0 RSI: ffffffff814d94b4 RDI: 0000000000000007
RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: ffffe8ffffc49000 R12: 0000000000000103
R13: 0000000000000001 R14: ffffe8ffffc011e8 R15: ffffe8ffffc49000
FS:  0000000000000000(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff15739f28 CR3: 0000000005226000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 tracing_gen_ctx_irq_test+0xb4/0x1b0
 perf_trace_buf_update+0x37/0x190
 perf_tp_event+0x130/0xc90
 perf_trace_run_bpf_submit+0xf9/0x1d0
 perf_trace_lock+0x30c/0x560
 lock_release+0x4b2/0x750
 __is_insn_slot_addr+0x148/0x250
 kernel_text_address+0x5b/0xc0
 __kernel_text_address+0xd/0x40
 unwind_get_return_address+0x59/0xa0
 arch_stack_walk+0x9d/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 kasan_save_free_info+0x2e/0x50
 __kasan_slab_free+0x10a/0x190
 kmem_cache_free+0xfb/0x610
 kfree_skbmem+0xef/0x1b0
 consume_skb+0xd8/0x170
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x566/0xab0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x74/0x180
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x541/0xb50
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x8f9
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:strlen+0x5e/0xa0
Code: 74 3d 48 bb 00 00 00 00 00 fc ff df 48 89 e8 48 83 c0 01 48 89 c2 48 89 c1 48 c1 ea 03 83 e1 07 0f b6 14 1a 38 ca 7f 04 84 d2 <75> 27 80 38 00 75 de 48 83 c4 08 48 29 e8 5b 5d e9 61 1b 16 00 48
RSP: 0018:ffff888019aa7520 EFLAGS: 00000246
RAX: ffffffff846544c8 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff88800e18d4f8 RDI: ffffffff846544c0
RBP: ffffffff846544c0 R08: 0000000000000000 R09: ffffffff85b0ee97
R10: fffffbfff0b61dd2 R11: 0000000000000001 R12: 1ffff11003354eae
R13: ffff88800e18d4f8 R14: ffff888019aa75f0 R15: ffffffff8530bc00
 perf_trace_lock+0xaf/0x560
 lock_release+0x4b2/0x750
 _raw_spin_unlock+0x16/0x50
 unmap_page_range+0x1652/0x2c30
 unmap_single_vma+0x190/0x2a0
 unmap_vmas+0x226/0x380
 exit_mmap+0x158/0x680
 mmput+0xd5/0x390
 do_exit+0x99b/0x2720
 do_group_exit+0xd4/0x2a0
 get_signal+0x21a5/0x22e0
 arch_do_signal_or_restart+0x79/0x5a0
 exit_to_user_mode_prepare+0x131/0x1a0
 syscall_exit_to_user_mode+0x1d/0x50
 do_syscall_64+0x4c/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7fececa33b19
Code: Unable to access opcode bytes at 0x7fececa33aef.
RSP: 002b:00007fece9fa9188 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: 0000000000000008 RBX: 00007fececb46f60 RCX: 00007fececa33b19
RDX: 0000000000000000 RSI: 0000000000000119 RDI: 0000000020000240
RBP: 00007fececa8df6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc41603f4f R14: 00007fece9fa9300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at default_idle+0xf/0x20
----------------
Code disassembly (best guess):
   0:	74 3d                	je     0x3f
   2:	48 bb 00 00 00 00 00 	movabs $0xdffffc0000000000,%rbx
   9:	fc ff df
   c:	48 89 e8             	mov    %rbp,%rax
   f:	48 83 c0 01          	add    $0x1,%rax
  13:	48 89 c2             	mov    %rax,%rdx
  16:	48 89 c1             	mov    %rax,%rcx
  19:	48 c1 ea 03          	shr    $0x3,%rdx
  1d:	83 e1 07             	and    $0x7,%ecx
  20:	0f b6 14 1a          	movzbl (%rdx,%rbx,1),%edx
  24:	38 ca                	cmp    %cl,%dl
  26:	7f 04                	jg     0x2c
  28:	84 d2                	test   %dl,%dl
* 2a:	75 27                	jne    0x53 <-- trapping instruction
  2c:	80 38 00             	cmpb   $0x0,(%rax)
  2f:	75 de                	jne    0xf
  31:	48 83 c4 08          	add    $0x8,%rsp
  35:	48 29 e8             	sub    %rbp,%rax
  38:	5b                   	pop    %rbx
  39:	5d                   	pop    %rbp
  3a:	e9 61 1b 16 00       	jmpq   0x161ba0
  3f:	48                   	rex.W