------------[ cut here ]------------
NETDEV WATCHDOG: sl0 (): transmit queue 0 timed out 25600 ms
WARNING: CPU: 1 PID: 11940 at net/sched/sch_generic.c:526 dev_watchdog+0x74b/0x760 net/sched/sch_generic.c:525
Modules linked in:
CPU: 1 PID: 11940 Comm: syz-executor263 Not tainted 6.6.0-rc5-syzkaller-00227-gad7f1baed071 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
RIP: 0010:dev_watchdog+0x74b/0x760 net/sched/sch_generic.c:525
Code: 05 47 94 b1 05 01 48 8b 1c 24 48 89 df e8 8d 34 e4 ff 48 c7 c7 a0 39 fa 8b 48 89 de 48 89 c2 44 89 f1 45 89 e0 e8 75 5d 80 f8 <0f> 0b e9 19 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 66
RSP: 0000:ffffc900001f0b40 EFLAGS: 00010246
RAX: f417e484ec03bd00 RBX: ffff88801f904000 RCX: ffff88801dd50000
RDX: 0000000000000101 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00000000ffffc5d0 R08: ffffffff81543302 R09: 1ffff9200003e0bc
R10: dffffc0000000000 R11: fffff5200003e0bd R12: 0000000000006400
R13: ffff88801f904548 R14: 0000000000000000 R15: 0000000000000110
FS:  00005555555a1380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdae91240d0 CR3: 000000007bf6b000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 call_timer_fn+0x17a/0x580 kernel/time/timer.c:1700
 expire_timers kernel/time/timer.c:1751 [inline]
 __run_timers+0x64f/0x860 kernel/time/timer.c:2022
 run_timer_softirq+0x67/0xf0 kernel/time/timer.c:2035
 __do_softirq+0x2ab/0x908 kernel/softirq.c:553
 invoke_softirq kernel/softirq.c:427 [inline]
 __irq_exit_rcu+0xf1/0x1b0 kernel/softirq.c:632
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:644
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1074
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:cpumask_test_cpu include/linux/cpumask.h:504 [inline]
RIP: 0010:cpu_online include/linux/cpumask.h:1082 [inline]
RIP: 0010:trace_lock_acquire include/trace/events/lock.h:24 [inline]
RIP: 0010:lock_acquire+0xb9/0x520 kernel/locking/lockdep.c:5724
Code: 44 2c 11 f3 f3 f3 f3 66 43 c7 44 2c 15 f3 f3 43 c6 44 2c 17 f3 0f 1f 44 00 00 65 8b 05 5c c5 96 7e 83 f8 08 0f 83 e6 02 00 00 <89> c3 48 89 d8 48 c1 e8 06 48 8d 3c c5 68 31 9a 8e be 08 00 00 00
RSP: 0000:ffffc9000ef6fc80 EFLAGS: 00000297
RAX: 0000000000000001 RBX: ffff8880203a9cc0 RCX: 0000000000000002
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8d32c420
RBP: ffffc9000ef6fdc8 R08: 0000000000000000 R09: 0000000000000000
R10: ffffc9000ef6fe70 R11: fffff52001dedfd0 R12: 1ffff92001dedf98
R13: dffffc0000000000 R14: 0000000000000000 R15: dffffc0000000000
 rcu_lock_acquire include/linux/rcupdate.h:303 [inline]
 rcu_read_lock include/linux/rcupdate.h:749 [inline]
 lock_vma_under_rcu+0x1a8/0x6f0 mm/memory.c:5434
 do_user_addr_fault arch/x86/mm/fault.c:1356 [inline]
 handle_page_fault arch/x86/mm/fault.c:1505 [inline]
 exc_page_fault+0x184/0x860 arch/x86/mm/fault.c:1561
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7fdae907b74f
Code: e8 e6 27 03 00 e8 b1 fd 02 00 48 8d 35 fa a8 07 00 48 8d 3d f8 a8 07 00 31 c0 e8 0c 03 00 00 e8 b7 02 00 00 48 83 f8 ff 74 07 <48> 89 05 7a 89 0a 00 48 8b 35 73 89 0a 00 31 c9 ba 1d 54 00 00 31
RSP: 002b:00007ffdc6e36ec0 EFLAGS: 00010213
RAX: 0000000000000003 RBX: 0000000000000000 RCX: 00007fdae90abd61
RDX: 0000000000000000 RSI: 00007ffdc6e36e30 RDI: 00000000ffffff9c
RBP: 0000000000026a72 R08: 000000000000000e R09: 00007ffdc6e36bc6
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffdc6e36ecc
R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
 </TASK>
----------------
Code disassembly (best guess):
   0:	44 2c 11             	rex.R sub $0x11,%al
   3:	f3 f3 f3 f3 66 43 c7 	repz repz repz xrelease movw $0xf3f3,0x15(%r12,%r13,1)
   a:	44 2c 15 f3 f3
   f:	43 c6 44 2c 17 f3    	movb   $0xf3,0x17(%r12,%r13,1)
  15:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  1a:	65 8b 05 5c c5 96 7e 	mov    %gs:0x7e96c55c(%rip),%eax        # 0x7e96c57d
  21:	83 f8 08             	cmp    $0x8,%eax
  24:	0f 83 e6 02 00 00    	jae    0x310
* 2a:	89 c3                	mov    %eax,%ebx <-- trapping instruction
  2c:	48 89 d8             	mov    %rbx,%rax
  2f:	48 c1 e8 06          	shr    $0x6,%rax
  33:	48 8d 3c c5 68 31 9a 	lea    -0x7165ce98(,%rax,8),%rdi
  3a:	8e
  3b:	be 08 00 00 00       	mov    $0x8,%esi