watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.2:4902]
Modules linked in:
irq event stamp: 4385709
hardirqs last  enabled at (4385708): [<ffffffff84200ccb>] asm_sysvec_apic_timer_interrupt+0x1b/0x20
hardirqs last disabled at (4385709): [<ffffffff84191d3b>] sysvec_apic_timer_interrupt+0xb/0xc0
softirqs last  enabled at (4269766): [<ffffffff811662b3>] __irq_exit_rcu+0x113/0x170
softirqs last disabled at (4269769): [<ffffffff811662b3>] __irq_exit_rcu+0x113/0x170
CPU: 0 PID: 4902 Comm: syz-executor.2 Not tainted 5.19.0-rc5-next-20220708 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:call_rcu+0x58a/0xa20
Code: 3c 02 00 0f 85 c4 03 00 00 48 8b 05 60 02 f0 03 48 03 85 18 01 00 00 49 39 c5 0f 8f ce 01 00 00 e8 cb 43 1a 00 fb 48 83 c4 18 <5b> 5d 41 5c 41 5d 41 5e 41 5f c3 e8 b6 42 1a 00 e9 dc fa ff ff e8
RSP: 0018:ffff88806ce09bb8 EFLAGS: 00000286
RAX: 000000000042eafe RBX: ffff88800fa04c50 RCX: ffffffff81286f3f
RDX: 0000000000000000 RSI: 0000000000000101 RDI: 0000000000000000
RBP: ffff88806ce38a80 R08: 0000000000000001 R09: ffffffff86a5e7df
R10: fffffbfff0d4bcfb R11: 0000000000000001 R12: ffff88806ce38b98
R13: 0000000000000304 R14: ffff88806ce38b68 R15: ffff88806ce38b20
FS:  00007ff2c0622700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558f5f301228 CR3: 000000000ebe6000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 kfree+0xbb/0x5d0
 skb_release_data+0x686/0x7b0
 consume_skb+0xc2/0x160
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x53b/0xa10
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x70/0x180
 mac80211_hwsim_beacon+0xfd/0x200
 __hrtimer_run_queues+0x5de/0xbc0
 hrtimer_run_softirq+0x172/0x340
 __do_softirq+0x1c8/0x8cc
 __irq_exit_rcu+0x113/0x170
 irq_exit_rcu+0x5/0x20
 sysvec_apic_timer_interrupt+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1b/0x20
RIP: 0010:_raw_spin_unlock_irqrestore+0x2e/0x50
Code: 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 8a e4 0d fd 48 89 ef e8 f2 65 0e fd 80 e7 02 74 06 e8 98 0c 30 fd fb bf 01 00 00 00 <e8> 5d 3f 04 fd 65 8b 05 46 46 e7 7b 85 c0 74 03 5b 5d c3 0f 1f 44
RSP: 0018:ffff888017ec7c58 EFLAGS: 00000202
RAX: 0000000000372289 RBX: 0000000000000246 RCX: ffffffff81286f3f
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffffffff852ca8a0 R08: 0000000000000001 R09: ffffffff86a5e7df
R10: fffffbfff0d4bcfb R11: 0000000000000001 R12: ffff88800803adc0
R13: 0000000000000cc0 R14: 00000000ffffffff R15: 0000000000000000
 kmem_cache_alloc_node+0x255/0x4a0
 __alloc_skb+0x20c/0x340
 alloc_uevent_skb+0x7b/0x210
 kobject_uevent_env+0xaa4/0xfa0
 driver_register+0x2db/0x3a0
 usb_gadget_register_driver_owner+0xfb/0x1e0
 raw_ioctl+0x1374/0x1e90
 __x64_sys_ioctl+0x196/0x210
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7ff2c30ac8d7
Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff2c06200b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ff2c0621130 RCX: 00007ff2c30ac8d7
RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
RBP: 0000000000000004 R08: 000000000000ffff R09: 000000000000000b
R10: 00007ff2c0620180 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000020000300 R14: 0000000020000040 R15: 0000000000000000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at default_idle+0xb/0x10
----------------
Code disassembly (best guess):
   0:	3c 02                	cmp    $0x2,%al
   2:	00 0f                	add    %cl,(%rdi)
   4:	85 c4                	test   %eax,%esp
   6:	03 00                	add    (%rax),%eax
   8:	00 48 8b             	add    %cl,-0x75(%rax)
   b:	05 60 02 f0 03       	add    $0x3f00260,%eax
  10:	48 03 85 18 01 00 00 	add    0x118(%rbp),%rax
  17:	49 39 c5             	cmp    %rax,%r13
  1a:	0f 8f ce 01 00 00    	jg     0x1ee
  20:	e8 cb 43 1a 00       	callq  0x1a43f0
  25:	fb                   	sti
  26:	48 83 c4 18          	add    $0x18,%rsp
* 2a:	5b                   	pop    %rbx <-- trapping instruction
  2b:	5d                   	pop    %rbp
  2c:	41 5c                	pop    %r12
  2e:	41 5d                	pop    %r13
  30:	41 5e                	pop    %r14
  32:	41 5f                	pop    %r15
  34:	c3                   	retq
  35:	e8 b6 42 1a 00       	callq  0x1a42f0
  3a:	e9 dc fa ff ff       	jmpq   0xfffffb1b
  3f:	e8                   	.byte 0xe8