watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.4:7100]
Modules linked in:
irq event stamp: 2439625
hardirqs last  enabled at (2439624): [<ffffffff8484c78b>] irqentry_exit+0x3b/0x90
hardirqs last disabled at (2439625): [<ffffffff8484b14f>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (2432668): [<ffffffff811a97cc>] handle_softirqs+0x50c/0x770
softirqs last disabled at (2432675): [<ffffffff811a9b64>] __irq_exit_rcu+0xc4/0x100
CPU: 1 UID: 0 PID: 7100 Comm: syz-executor.4 Not tainted 6.12.0-next-20241122 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__orc_find+0x58/0xf0
Code: 00 00 fc ff df 49 89 fe 48 89 fd eb 0c 48 8d 6b 04 49 89 de 4c 39 e5 77 4d 4c 89 e0 48 29 e8 48 89 c2 48 c1 e8 3f 48 c1 fa 02 <48> 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14
RSP: 0018:ffff88806cf08f00 EFLAGS: 00000212
RAX: 0000000000000000 RBX: ffffffff86446da4 RCX: ffffffff810d1ab2
RDX: 0000000000000002 RSI: ffffffff8677d802 RDI: ffffffff86446d9c
RBP: ffffffff86446da8 R08: ffffffff8677d802 R09: ffff88806cf09048
R10: 000000000003c001 R11: 0000000000003f0f R12: ffffffff86446db0
R13: ffffffff86446d9c R14: ffffffff86446da4 R15: dffffc0000000000
FS:  00007f7d5ac59700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555594259c58 CR3: 0000000036d26000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 unwind_next_frame+0x2b7/0x2490
 __unwind_start+0x517/0x7c0
 arch_stack_walk+0x63/0xf0
 stack_trace_save+0x8f/0xc0
 set_track_prepare+0x36/0x70
 __alloc_object+0xf4/0x270
 __create_object+0x1d/0x80
 __kmalloc_noprof+0x37e/0x4b0
 ieee802_11_parse_elems_full+0xec/0x15a0
 ieee80211_inform_bss+0xf7/0x10b0
 cfg80211_inform_single_bss_data+0x7fe/0x1c50
 cfg80211_inform_bss_data+0x20f/0x3510
 cfg80211_inform_bss_frame_data+0x250/0x690
 ieee80211_bss_info_update+0x2f6/0xa90
 ieee80211_scan_rx+0x474/0xac0
 ieee80211_rx_list+0x1e38/0x2840
 ieee80211_rx_napi+0xdc/0x3b0
 ieee80211_handle_queued_frames+0xd9/0x130
 tasklet_action_common+0x235/0x3b0
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:qlist_free_all+0x28/0x160
Code: 90 90 48 8b 07 48 85 c0 0f 84 41 01 00 00 41 57 41 56 41 55 49 89 fd 41 54 49 89 f4 55 53 eb 3e 48 63 95 c0 00 00 00 48 8b 18 <48> 89 ef 48 29 d0 48 89 c6 49 89 c6 e8 e7 f0 ff ff 49 89 c7 66 90
RSP: 0018:ffff88803ecff8e0 EFLAGS: 00000246
RAX: ffff88800d6b7250 RBX: ffff88800d6b7cb8 RCX: ffffea000035adc0
RDX: 0000000000000000 RSI: ffff888008c4f780 RDI: 0000000000080000
RBP: ffff888008c4f780 R08: ffff8880099ff250 R09: 00000000000d0007
R10: ffffea0000267f00 R11: 00000000000007e0 R12: 0000000000000000
R13: ffff88803ecff918 R14: ffff8880099ff250 R15: ffff8880099ff250
 kasan_quarantine_reduce+0x19f/0x240
 __kasan_slab_alloc+0x49/0x70
 kmem_cache_alloc_noprof+0x13d/0x3d0
 proc_reg_open+0x20f/0x5a0
 do_dentry_open+0x71c/0x1420
 vfs_open+0x82/0x3f0
 path_openat+0x1cf3/0x2980
 do_filp_open+0x1e9/0x450
 do_sys_openat2+0x164/0x1d0
 __x64_sys_openat+0x143/0x200
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7d5d696a04
Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
RSP: 002b:00007f7d5ac59060 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f7d5d7f6f60 RCX: 00007f7d5d696a04
RDX: 0000000000000000 RSI: 00007f7d5ac590f0 RDI: 00000000ffffff9c
RBP: 00007f7d5ac590f0 R08: 0000000000000000 R09: 00007f7d5ac58f70
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 00007ffd6fded0df R14: 00007f7d5ac59300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at default_idle+0x1e/0x30
----------------
Code disassembly (best guess), 4 bytes skipped:
   0:	df 49 89             	fisttps -0x77(%rcx)
   3:	fe 48 89             	decb   -0x77(%rax)
   6:	fd                   	std
   7:	eb 0c                	jmp    0x15
   9:	48 8d 6b 04          	lea    0x4(%rbx),%rbp
   d:	49 89 de             	mov    %rbx,%r14
  10:	4c 39 e5             	cmp    %r12,%rbp
  13:	77 4d                	ja     0x62
  15:	4c 89 e0             	mov    %r12,%rax
  18:	48 29 e8             	sub    %rbp,%rax
  1b:	48 89 c2             	mov    %rax,%rdx
  1e:	48 c1 e8 3f          	shr    $0x3f,%rax
  22:	48 c1 fa 02          	sar    $0x2,%rdx
* 26:	48 01 d0             	add    %rdx,%rax <-- trapping instruction
  29:	48 d1 f8             	sar    %rax
  2c:	48 8d 5c 85 00       	lea    0x0(%rbp,%rax,4),%rbx
  31:	48 89 d8             	mov    %rbx,%rax
  34:	48 c1 e8 03          	shr    $0x3,%rax
  38:	42                   	rex.X
  39:	0f                   	.byte 0xf
  3a:	b6 14                	mov    $0x14,%dh