rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 0-....: (1 GPs behind) idle=1d5/1/0x4000000000000002 softirq=8355/8356 fqs=5190
(detected by 1, t=10502 jiffies, g=9565, q=1450)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 4682 Comm: syz-executor.0 Not tainted 5.16.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:mark_held_locks+0x7e/0xe0 kernel/locking/lockdep.c:4198
Code: 00 85 c0 7e 57 48 63 c3 48 8d 04 80 49 8d 34 c6 48 8d 7e 22 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 42 0f b6 04 28 38 d0 7f 04 <84> c0 75 4a 0f b6 46 22 89 c2 83 e2 03 80 fa 01 89 ea 83 da ff a8
RSP: 0018:ffffc90000007ca8 EFLAGS: 00000093
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 1ffffffff1fefb4e
RDX: 0000000000000002 RSI: ffff8880664aa788 RDI: ffff8880664aa7aa
RBP: 0000000000000002 R08: 0000000000000000 R09: ffffffff8ff76a17
R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880664a9d00
R13: dffffc0000000000 R14: ffff8880664aa760 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000000b88e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__trace_hardirqs_on_caller kernel/locking/lockdep.c:4224 [inline]
lockdep_hardirqs_on_prepare kernel/locking/lockdep.c:4292 [inline]
lockdep_hardirqs_on_prepare+0x135/0x400 kernel/locking/lockdep.c:4244
trace_hardirqs_on+0x5b/0x1c0 kernel/trace/trace_preemptirq.c:49
asm_sysvec_irq_work+0x12/0x20 arch/x86/include/asm/idtentry.h:664
RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline]
RIP: 0010:__rcu_read_unlock+0xc4/0x570 kernel/rcu/tree_plugin.h:425
Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e b6 01 00 00 8b 85 40 04 00 00 85 c0 75 54 <65> 48 8b 1c 25 40 70 02 00 48 8d bb 3c 04 00 00 48 b8 00 00 00 00
RSP: 0018:ffffc90000007dc0 EFLAGS: 00000206
RAX: 0000000000000006 RBX: ffff8880b9c3a900 RCX: 1ffffffff1fefb4e
RDX: 0000000000000000 RSI: 0000000000000101 RDI: 0000000000000000
RBP: ffffffff8bb8cb00 R08: 0000000000000001 R09: ffffffff8ff76a17
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
R13: ffffffff85430e00 R14: 0000000000000200 R15: ffffffff8542bcc0
rcu_read_unlock include/linux/rcupdate.h:720 [inline]
ieee80211_iterate_active_interfaces_atomic+0x92/0x180 net/mac80211/util.c:831
mac80211_hwsim_beacon+0xcd/0x1c0 drivers/net/wireless/mac80211_hwsim.c:1861
__run_hrtimer kernel/time/hrtimer.c:1685 [inline]
__hrtimer_run_queues+0x609/0xe50 kernel/time/hrtimer.c:1749
hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1766
__do_softirq+0x29b/0x9c2 kernel/softirq.c:558
invoke_softirq kernel/softirq.c:432 [inline]
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:637
irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:zap_pte_range mm/memory.c:1357 [inline]
RIP: 0010:zap_pmd_range mm/memory.c:1467 [inline]
RIP: 0010:zap_pud_range mm/memory.c:1496 [inline]
RIP: 0010:zap_p4d_range mm/memory.c:1517 [inline]
RIP: 0010:unmap_page_range+0xf04/0x29f0 mm/memory.c:1538
Code: 98 48 89 f8 48 c1 e8 03 42 0f b6 14 30 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 64 17 00 00 83 ac 9c e8 00 00 00 01 <31> f6 48 89 ef e8 82 1b 05 00 be 08 00 00 00 48 89 ef e8 45 e2 11
RSP: 0018:ffffc9000413f7a8 EFLAGS: 00000282
RAX: 0000000000000003 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81ac6e45 RDI: ffffc9000413f890
RBP: ffffea000157dec0 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff81ac6e3a R11: 0000000000000000 R12: ffffea000157dec8
R13: ffff88807961b900 R14: dffffc0000000000 R15: 00007fe389d21000
unmap_single_vma+0x198/0x310 mm/memory.c:1583
unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
exit_mmap+0x1d0/0x630 mm/mmap.c:3170
__mmput+0x122/0x4b0 kernel/fork.c:1113
mmput+0x56/0x60 kernel/fork.c:1134
exit_mm kernel/exit.c:507 [inline]
do_exit+0xb27/0x2b40 kernel/exit.c:819
do_group_exit+0x125/0x310 kernel/exit.c:929
get_signal+0x47d/0x2220 kernel/signal.c:2852
arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
handle_signal_work kernel/entry/common.c:148 [inline]
exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
__syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fe38ab18e99
Code: Unable to access opcode bytes at RIP 0x7fe38ab18e6f.
RSP: 002b:00007fe38946d168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: 00000000003158d0 RBX: 00007fe38ac2c030 RCX: 00007fe38ab18e99
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000004
RBP: 00007fe38ab72ff1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdf7c56b5f R14: 00007fe38946d300 R15: 0000000000022000
----------------
Code disassembly (best guess):
0: 00 85 c0 7e 57 48 add %al,0x48577ec0(%rbp)
6: 63 c3 movsxd %ebx,%eax
8: 48 8d 04 80 lea (%rax,%rax,4),%rax
c: 49 8d 34 c6 lea (%r14,%rax,8),%rsi
10: 48 8d 7e 22 lea 0x22(%rsi),%rdi
14: 48 89 f8 mov %rdi,%rax
17: 48 89 fa mov %rdi,%rdx
1a: 48 c1 e8 03 shr $0x3,%rax
1e: 83 e2 07 and $0x7,%edx
21: 42 0f b6 04 28 movzbl (%rax,%r13,1),%eax
26: 38 d0 cmp %dl,%al
28: 7f 04 jg 0x2e
* 2a: 84 c0 test %al,%al <-- trapping instruction
2c: 75 4a jne 0x78
2e: 0f b6 46 22 movzbl 0x22(%rsi),%eax
32: 89 c2 mov %eax,%edx
34: 83 e2 03 and $0x3,%edx
37: 80 fa 01 cmp $0x1,%dl
3a: 89 ea mov %ebp,%edx
3c: 83 da ff sbb $0xffffffff,%edx
3f: a8 .byte 0xa8