watchdog: BUG: soft lockup - CPU#0 stuck for 24s! [syz-executor.2:9795]
Modules linked in:
irq event stamp: 4505773
hardirqs last  enabled at (4505772): [<ffffffff84a8272b>] irqentry_exit+0x3b/0x90
hardirqs last disabled at (4505773): [<ffffffff84a810ef>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (4468598): [<ffffffff813a9e4c>] handle_softirqs+0x50c/0x770
softirqs last disabled at (4468601): [<ffffffff813aa1e4>] __irq_exit_rcu+0xc4/0x100
CPU: 0 UID: 0 PID: 9795 Comm: syz-executor.2 Not tainted 6.13.0-rc3-next-20241220 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:stack_trace_save+0x50/0xc0
Code: 24 08 dc 0b 77 85 48 c1 eb 03 48 c7 44 24 10 70 e7 5e 81 48 01 c3 c7 03 f1 f1 f1 f1 c7 43 04 00 00 00 f3 c7 43 08 f3 f3 f3 f3 <65> 48 8b 04 25 28 00 00 00 48 89 44 24 78 31 c0 48 89 7c 24 20 48
RSP: 0018:ffff88806ce09888 EFLAGS: 00000286
RAX: dffffc0000000000 RBX: ffffed100d9c1311 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000040 RDI: ffff88806ce09918
RBP: ffff888008c4f780 R08: 0000000000000128 R09: ffff888039e541c0
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffff88801b2eb600
FS:  00007f8a951cf700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000164c2000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 kasan_save_stack+0x24/0x50
 kasan_record_aux_stack+0x89/0xa0
 __call_rcu_common.constprop.0+0x6a/0xb70
 kmem_cache_free+0x2ae/0x470
 skb_release_data+0x814/0x990
 consume_skb+0xd0/0x160
 mac80211_hwsim_tx_frame+0x1f6/0x2a0
 mac80211_hwsim_beacon_tx+0x546/0x950
 __iterate_interfaces+0x2e0/0x650
 ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x1ab/0xa80
 hrtimer_run_softirq+0x14c/0x310
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:qlist_free_all+0x28/0x160
Code: 90 90 48 8b 07 48 85 c0 0f 84 41 01 00 00 41 57 41 56 41 55 49 89 fd 41 54 49 89 f4 55 53 eb 3e 48 63 95 c0 00 00 00 48 8b 18 <48> 89 ef 48 29 d0 48 89 c6 49 89 c6 e8 77 f0 ff ff 49 89 c7 66 90
RSP: 0018:ffff88803dc17de0 EFLAGS: 00000246
RAX: ffff88800cea3080 RBX: ffff88803d9ed500 RCX: ffffea000033a8c0
RDX: 0000000000000000 RSI: ffff888008fff3c0 RDI: 0000000000080000
RBP: ffff888008fff3c0 R08: ffff88800cea3c60 R09: 0000000000800008
R10: ffffea000033a800 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88803dc17e18 R14: ffff88800cea3c60 R15: ffff88800cea3c60
 kasan_quarantine_reduce+0x19f/0x240
 __kasan_slab_alloc+0x49/0x70
 __kmalloc_cache_noprof+0x149/0x3e0
 fscontext_alloc_log+0x4a/0x1b0
 __x64_sys_fsopen+0x157/0x240
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8a97c7ab19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8a951cf188 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae
RAX: ffffffffffffffda RBX: 00007f8a97d8e020 RCX: 00007f8a97c7ab19
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007f8a97cd4f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcbf8cc24f R14: 00007f8a951cf300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at default_idle+0x1e/0x30
Bluetooth: hci3: command 0x0406 tx timeout
Bluetooth: hci0: command 0x0406 tx timeout
Bluetooth: hci6: command 0x0406 tx timeout
Bluetooth: hci7: command 0x0406 tx timeout
Bluetooth: hci4: command 0x0406 tx timeout
----------------
Code disassembly (best guess):
   0:	24 08                	and    $0x8,%al
   2:	dc 0b                	fmull  (%rbx)
   4:	77 85                	ja     0xffffff8b
   6:	48 c1 eb 03          	shr    $0x3,%rbx
   a:	48 c7 44 24 10 70 e7 	movq   $0xffffffff815ee770,0x10(%rsp)
  11:	5e 81
  13:	48 01 c3             	add    %rax,%rbx
  16:	c7 03 f1 f1 f1 f1    	movl   $0xf1f1f1f1,(%rbx)
  1c:	c7 43 04 00 00 00 f3 	movl   $0xf3000000,0x4(%rbx)
  23:	c7 43 08 f3 f3 f3 f3 	movl   $0xf3f3f3f3,0x8(%rbx)
* 2a:	65 48 8b 04 25 28 00 	mov    %gs:0x28,%rax <-- trapping instruction
  31:	00 00
  33:	48 89 44 24 78       	mov    %rax,0x78(%rsp)
  38:	31 c0                	xor    %eax,%eax
  3a:	48 89 7c 24 20       	mov    %rdi,0x20(%rsp)
  3f:	48                   	rex.W