warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz-executor.1:6244]
Modules linked in:
irq event stamp: 4643007
hardirqs last  enabled at (4643006): [<ffffffff84200ccb>] asm_sysvec_apic_timer_interrupt+0x1b/0x20
hardirqs last disabled at (4643007): [<ffffffff84191d3b>] sysvec_apic_timer_interrupt+0xb/0xc0
softirqs last  enabled at (4614302): [<ffffffff811662b3>] __irq_exit_rcu+0x113/0x170
softirqs last disabled at (4614305): [<ffffffff811662b3>] __irq_exit_rcu+0x113/0x170
CPU: 0 PID: 6244 Comm: syz-executor.1 Not tainted 5.19.0-rc5-next-20220708 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:debug_check_no_locks_freed+0x57/0x1c0
Code: 8b 2c 25 c0 6e 02 00 48 83 ec 10 0f b6 14 11 38 d0 7c 08 84 d2 0f 85 12 01 00 00 8b 15 6e 6b 66 04 85 d2 0f 84 9a 00 00 00 9c <41> 5e fa 49 8d bd 70 09 00 00 48 b8 00 00 00 00 00 fc ff df 48 89
RSP: 0018:ffff88806ce09bf0 EFLAGS: 00000202
RAX: 0000000000000007 RBX: ffff88804832fa00 RCX: 1ffffffff0b1d6fd
RDX: 0000000000000001 RSI: 00000000000000f0 RDI: ffff88804832fa00
RBP: ffff88806ce09c78 R08: 0000000000000001 R09: ffffffff86a5e7d7
R10: fffffbfff0d4bcfa R11: 0000000000000001 R12: ffff88804832fa00
R13: ffff88800d461ac0 R14: 0000000000094634 R15: ffff88800803adc0
FS:  00007f3d417e2700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6f9ea15650 CR3: 000000001d39a000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 kmem_cache_free+0xea/0x600
 kfree_skbmem+0xef/0x1b0
 consume_skb+0xcf/0x160
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x53b/0xa10
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x70/0x180
 mac80211_hwsim_beacon+0xfd/0x200
 __hrtimer_run_queues+0x5de/0xbc0
 hrtimer_run_softirq+0x172/0x340
 __do_softirq+0x1c8/0x8cc
 __irq_exit_rcu+0x113/0x170
 irq_exit_rcu+0x5/0x20
 sysvec_apic_timer_interrupt+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1b/0x20
RIP: 0010:qlist_free_all+0x36/0x190
Code: 41 57 41 56 41 55 49 89 fd 41 54 49 bc 00 00 00 00 00 fc ff df 55 48 89 f5 53 48 83 ec 08 eb 4d 49 63 86 c0 00 00 00 49 8b 18 <4c> 89 f7 49 29 c0 4c 89 c6 4d 89 c7 e8 a9 d7 ff ff 48 89 c1 0f 1f
RSP: 0018:ffff8880451af688 EFLAGS: 00000202
RAX: 0000000000000000 RBX: ffff88800eb06640 RCX: 0000000000000000
RDX: ffffea0000ece400 RSI: ffffea000069fe00 RDI: 0000000040000000
RBP: 0000000000000000 R08: ffff88803b390000 R09: 0000000080100001
R10: ffffea000069fe00 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff8880451af6c8 R14: ffff888007841c80 R15: ffff88801a7fc000
 kasan_quarantine_reduce+0x180/0x200
 __kasan_slab_alloc+0x78/0x80
 kmem_cache_alloc+0x1b1/0x490
 vm_area_dup+0x7f/0x220
 dup_mmap+0x5a1/0xf40
 dup_mm+0x91/0x370
 copy_process+0x6941/0x6d60
 kernel_clone+0xe7/0xa60
 __do_sys_fork+0x7c/0xb0
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f3d4426cb19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3d417e2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039
RAX: ffffffffffffffda RBX: 00007f3d4437ff60 RCX: 00007f3d4426cb19
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f3d442c6f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffde4fb628f R14: 00007f3d417e2300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at default_idle+0xb/0x10
----------------
Code disassembly (best guess):
   0:	8b 2c 25 c0 6e 02 00 	mov    0x26ec0,%ebp
   7:	48 83 ec 10          	sub    $0x10,%rsp
   b:	0f b6 14 11          	movzbl (%rcx,%rdx,1),%edx
   f:	38 d0                	cmp    %dl,%al
  11:	7c 08                	jl     0x1b
  13:	84 d2                	test   %dl,%dl
  15:	0f 85 12 01 00 00    	jne    0x12d
  1b:	8b 15 6e 6b 66 04    	mov    0x4666b6e(%rip),%edx        # 0x4666b8f
  21:	85 d2                	test   %edx,%edx
  23:	0f 84 9a 00 00 00    	je     0xc3
  29:	9c                   	pushfq
* 2a:	41 5e                	pop    %r14 <-- trapping instruction
  2c:	fa                   	cli
  2d:	49 8d bd 70 09 00 00 	lea    0x970(%r13),%rdi
  34:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  3b:	fc ff df
  3e:	48                   	rex.W
  3f:	89                   	.byte 0x89