watchdog: BUG: soft lockup - CPU#0 stuck for 21s! [syz-executor.4:13446]
Modules linked in:
irq event stamp: 3240111
hardirqs last  enabled at (3240110): [<ffffffff84a554bb>] irqentry_exit+0x3b/0x90
hardirqs last disabled at (3240111): [<ffffffff84a53e7f>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (3226960): [<ffffffff813a98bc>] handle_softirqs+0x50c/0x770
softirqs last disabled at (3226987): [<ffffffff813a9c54>] __irq_exit_rcu+0xc4/0x100
CPU: 0 UID: 0 PID: 13446 Comm: syz-executor.4 Not tainted 6.13.0-rc2-next-20241211 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:_ieee802_11_parse_elems_full+0x570/0x3ec0
Code: 00 00 e8 f3 a3 f0 fc 48 89 d8 48 8b 4c 24 50 be 08 00 00 00 48 c1 e8 06 48 8d 3c c1 e8 49 96 2a fd 48 0f ab 9c 24 c8 00 00 00 <e8> cb a3 f0 fc 48 89 e8 48 89 ea 48 c1 e8 03 83 e2 07 42 0f b6 04
RSP: 0018:ffff88806ce09138 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 0000000000000006 RCX: ffffffff84813fa7
RDX: ffffed100d9c1241 RSI: 0000000000000008 RDI: ffff88806ce09200
RBP: ffff888039231433 R08: 0000000000000001 R09: ffffed100d9c1240
R10: ffff88806ce09207 R11: 0000000000000003 R12: 0000000000000004
R13: ffff888039231432 R14: 0000000000000006 R15: dffffc0000000000
FS:  00007fe0cda67700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020002000 CR3: 0000000016780000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 ieee802_11_parse_elems_full+0x979/0x15a0
 ieee80211_inform_bss+0xf7/0x10b0
 cfg80211_inform_single_bss_data+0x7fe/0x1c70
 cfg80211_inform_bss_data+0x20f/0x3510
 cfg80211_inform_bss_frame_data+0x250/0x6a0
 ieee80211_bss_info_update+0x2f6/0xa90
 ieee80211_scan_rx+0x474/0xac0
 ieee80211_rx_list+0x1e38/0x2840
 ieee80211_rx_napi+0xdc/0x3b0
 ieee80211_handle_queued_frames+0xd9/0x130
 tasklet_action_common+0x235/0x3b0
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:_raw_spin_unlock_irqrestore+0x34/0x50
Code: c7 18 53 48 89 f3 48 8b 74 24 10 e8 e6 ad a8 fc 48 89 ef e8 4e 1c a9 fc 80 e7 02 74 06 e8 44 76 d2 fc fb 65 ff 0d d4 2e 5c 7b <74> 07 5b 5d e9 a3 1e 00 00 0f 1f 44 00 00 5b 5d e9 97 1e 00 00 0f
RSP: 0018:ffff88804019fbf8 EFLAGS: 00000246
RAX: 0000000000313d69 RBX: 0000000000000256 RCX: 1ffffffff0fdfea6
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff84a7782c
RBP: ffff8880094029c0 R08: 0000000000000001 R09: fffffbfff0fddde1
R10: ffffffff87eeef0f R11: 0000000000000000 R12: 0000000000000000
R13: ffff88804019fc48 R14: ffff88803ef9e600 R15: ffff88803ef9e600
 qlist_free_all+0x50/0x160
 kasan_quarantine_reduce+0x19f/0x240
 __kasan_slab_alloc+0x49/0x70
 kmem_cache_alloc_noprof+0x13d/0x3d0
 security_file_alloc+0x35/0x130
 init_file+0x95/0x480
 alloc_empty_file+0x94/0x1e0
 alloc_file_pseudo+0x139/0x200
 sock_alloc_file+0x53/0x1d0
 __sys_socket+0x1bc/0x260
 __x64_sys_socket+0x73/0xb0
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe0d04f1b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fe0cda67188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 00007fe0d0604f60 RCX: 00007fe0d04f1b19
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000000a
RBP: 00007fe0d054bf6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcb6967caf R14: 00007fe0cda67300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at default_idle+0x1e/0x30
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
nfs: Bad value for 'defcontext'
SELinux:  Context /!/@^\#/@- is not valid (left unmapped).
nfs: Bad value for 'defcontext'
audit: type=1400 audit(1733933583.961:20): avc:  denied  { associate } for  pid=13622 comm="syz-executor.5" name=6D656D66643A42DB2F89036CDE62CBB534EDBE4C59B55AE11253F547CCF3E902680BCA2896E143DF1CEA8543FB1013FA0316CD17A280A17AB47295C3409DA6F192237D67D360F7CE7ACBB31ABBC438658EB126D18AE6217F8DEA2C7178A238BF22C765064CB036EB3C24D7BAE501039472ABD44A0373AFF641BF56FA1E778DBF994997D8D2E811C404 dev="tmpfs" ino=36 scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1 srawcon="/!/@^\#/@-"
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	e8 f3 a3 f0 fc       	callq  0xfcf0a3fa
   7:	48 89 d8             	mov    %rbx,%rax
   a:	48 8b 4c 24 50       	mov    0x50(%rsp),%rcx
   f:	be 08 00 00 00       	mov    $0x8,%esi
  14:	48 c1 e8 06          	shr    $0x6,%rax
  18:	48 8d 3c c1          	lea    (%rcx,%rax,8),%rdi
  1c:	e8 49 96 2a fd       	callq  0xfd2a966a
  21:	48 0f ab 9c 24 c8 00 	bts    %rbx,0xc8(%rsp)
  28:	00 00
* 2a:	e8 cb a3 f0 fc       	callq  0xfcf0a3fa <-- trapping instruction
  2f:	48 89 e8             	mov    %rbp,%rax
  32:	48 89 ea             	mov    %rbp,%rdx
  35:	48 c1 e8 03          	shr    $0x3,%rax
  39:	83 e2 07             	and    $0x7,%edx
  3c:	42                   	rex.X
  3d:	0f                   	.byte 0xf
  3e:	b6 04                	mov    $0x4,%dh