hrtimer: interrupt took 33864 ns
watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor.1:15407]
Modules linked in:
irq event stamp: 2651741
hardirqs last  enabled at (2651740): [<ffffffff84a57a6b>] irqentry_exit+0x3b/0x90
hardirqs last disabled at (2651741): [<ffffffff84a5642f>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (2499882): [<ffffffff813a99fc>] handle_softirqs+0x50c/0x770
softirqs last disabled at (2499885): [<ffffffff813a9d94>] __irq_exit_rcu+0xc4/0x100
CPU: 0 UID: 0 PID: 15407 Comm: syz-executor.1 Not tainted 6.13.0-rc2-next-20241213 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:srso_return_thunk+0x0/0x5f
Code: cc cc cc cc cc cc cc cc 48 b8 48 8d 64 24 08 c3 cc cc 0f ae e8 e8 f0 ff ff ff 0f 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <e8> db ff ff ff 0f 0b 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 2e 0f
RSP: 0018:ffff88806ce09a78 EFLAGS: 00000206
RAX: 0000000000000000 RBX: ffff88800f1633c0 RCX: ffffffff83aee948
RDX: 0000000000000100 RSI: 0000000000000004 RDI: ffff88803453b760
RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10068a76ec
R10: ffff88803453b763 R11: 0000000000000000 R12: ffff88803453b760
R13: ffff88803453b740 R14: 0000000000000820 R15: ffff8880096dc140
FS:  00007f3ec3dab700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7bb52bad18 CR3: 0000000032336000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 __build_skb_around+0x27f/0x3b0
 __alloc_skb+0x19e/0x370
 __netdev_alloc_skb+0x7a/0x7c0
 __ieee80211_beacon_get+0x3f4/0xfc0
 ieee80211_beacon_get_tim+0xa6/0x280
 mac80211_hwsim_beacon_tx+0x49b/0x950
 __iterate_interfaces+0x2e0/0x650
 ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x1ab/0xa80
 hrtimer_run_softirq+0x14c/0x310
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:lock_acquire.part.0+0x10e/0x320
Code: b6 c9 e8 35 a7 ff ff b8 ff ff ff ff 48 83 c4 28 65 0f c1 05 cc 4b b2 7e 83 f8 01 0f 85 aa 01 00 00 48 85 ed 0f 85 9b 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
RSP: 0018:ffff88803f9c7968 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff11007f38f30 RCX: 1ffff11007f38f15
RDX: 1ffff11006d68838 RSI: 0000000000000008 RDI: 0000000000000000
RBP: 0000000000000200 R08: 0000000000000001 R09: fffffbfff1010f5e
R10: ffffffff88087af7 R11: 1ffffffff0f761e3 R12: ffffffff85cf82d0
R13: 0000000000000cc0 R14: 00000000ffffffff R15: ffff888008c41500
 kasan_quarantine_reduce+0x8e/0x240
 __kasan_kmalloc+0x6f/0x90
 __kmalloc_node_track_caller_noprof+0x1ef/0x490
 kstrdup+0x3e/0xc0
 trace_probe_init+0x28f/0x4c0
 alloc_trace_kprobe+0x2c7/0x550
 create_local_trace_kprobe+0x73/0x410
 perf_kprobe_init+0x119/0x210
 perf_kprobe_event_init+0xfc/0x1d0
 perf_try_init_event+0x13a/0xc40
 perf_event_alloc.part.0+0x10a6/0x3d80
 __do_sys_perf_event_open+0x628/0x2b00
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3ec6835b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3ec3dab188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007f3ec6948f60 RCX: 00007f3ec6835b19
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000280
RBP: 00007f3ec688ff6d R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc87e207af R14: 00007f3ec3dab300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at default_idle+0x1e/0x30
SELinux:  Context system_u:object_r:systemd_logger_exec_t:s0 is not valid (left unmapped).
audit: type=1400 audit(1734104878.963:10): avc:  denied  { associate } for  pid=15551 comm="syz-executor.2" name="/" dev="tmpfs" ino=1 scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1 srawcon="system_u:object_r:systemd_logger_exec_t:s0"
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
----------------
Code disassembly (best guess):
   0:	cc                   	int3
   1:	cc                   	int3
   2:	cc                   	int3
   3:	cc                   	int3
   4:	cc                   	int3
   5:	cc                   	int3
   6:	cc                   	int3
   7:	cc                   	int3
   8:	48 b8 48 8d 64 24 08 	movabs $0xccccc30824648d48,%rax
   f:	c3 cc cc
  12:	0f ae e8             	lfence
  15:	e8 f0 ff ff ff       	callq  0xa
  1a:	0f 0b                	ud2
  1c:	66 66 2e 0f 1f 84 00 	data16 nopw %cs:0x0(%rax,%rax,1)
  23:	00 00 00 00
  27:	0f 1f 00             	nopl   (%rax)
* 2a:	e8 db ff ff ff       	callq  0xa <-- trapping instruction
  2f:	0f 0b                	ud2
  31:	66 66 2e 0f 1f 84 00 	data16 nopw %cs:0x0(%rax,%rax,1)
  38:	00 00 00 00
  3c:	66                   	data16
  3d:	66                   	data16
  3e:	2e                   	cs
  3f:	0f                   	.byte 0xf