watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.3:6815]
Modules linked in:
irq event stamp: 5826081
hardirqs last  enabled at (5826080): [<ffffffff84400d06>] asm_sysvec_apic_timer_interrupt+0x16/0x20
hardirqs last disabled at (5826081): [<ffffffff841de94b>] sysvec_apic_timer_interrupt+0xb/0xc0
softirqs last  enabled at (5735910): [<ffffffff8116c6ab>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (5735913): [<ffffffff8116c6ab>] __irq_exit_rcu+0x11b/0x180
CPU: 0 PID: 6815 Comm: syz-executor.3 Not tainted 5.19.0-rc8-next-20220728 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:__memset+0x24/0x40
Code: cc cc cc cc cc cc 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 e9 6d f8 42 02 66 66 2e 0f 1f 84 00
RSP: 0018:ffff88806ce09740 EFLAGS: 00000212
RAX: 0000000000000000 RBX: ffff88806ce09830 RCX: 000000000000000d
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88806ce097a0
RBP: ffff888045e13600 R08: 0000000000000001 R09: ffff88806ce09798
R10: ffffed100d9c1300 R11: 0000000000000001 R12: 0000000000000000
R13: ffff88806ce097c0 R14: ffff888045e13600 R15: ffff88806ce09798
FS:  00007f31c6d97700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2d820000 CR3: 0000000044f46000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 __unwind_start+0x2a/0x7c0
 arch_stack_walk+0x5f/0xf0
 stack_trace_save+0x8c/0xc0
 kasan_save_stack+0x1e/0x40
 __kasan_slab_alloc+0x66/0x80
 kmem_cache_alloc_node+0x1bf/0x4b0
 __alloc_skb+0x210/0x300
 __netdev_alloc_skb+0x72/0x3e0
 __ieee80211_beacon_get+0x3e7/0x1380
 ieee80211_beacon_get_tim+0x95/0x4e0
 mac80211_hwsim_beacon_tx+0x1ce/0xaa0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x70/0x180
 mac80211_hwsim_beacon+0x101/0x200
 __hrtimer_run_queues+0x5de/0xbd0
 hrtimer_run_softirq+0x172/0x340
 __do_softirq+0x1c8/0x8d0
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 sysvec_apic_timer_interrupt+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:__sanitizer_cov_trace_pc+0x5c/0x70
Code: 82 38 14 00 00 83 f8 02 75 20 48 8b 8a 40 14 00 00 8b 92 3c 14 00 00 48 8b 01 48 83 c0 01 48 39 c2 76 07 48 89 01 48 89 34 c1 <e9> 1f 90 1a 03 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 55
RSP: 0018:ffff88804576f0c0 EFLAGS: 00000212
RAX: 000000000003b31d RBX: ffffe8ffffc00cc0 RCX: ffffc900035a4000
RDX: 0000000000040000 RSI: ffffffff814e1f28 RDI: 000000000000002c
RBP: 000000000000002c R08: 0000000000000000 R09: ffffffff85aed797
R10: 000000000000002c R11: 0000000000000001 R12: ffff88804576f158
R13: ffff88804576f168 R14: ffff88804576f1a8 R15: ffffffff853091a0
 perf_trace_buf_alloc+0x18/0x200
 perf_trace_lock+0x175/0x560
 lock_release+0x4ae/0x750
 __is_insn_slot_addr+0x144/0x250
 kernel_text_address+0x57/0xb0
 __kernel_text_address+0x9/0x40
 unwind_get_return_address+0x55/0xa0
 arch_stack_walk+0x99/0xf0
 stack_trace_save+0x8c/0xc0
 kasan_save_stack+0x1e/0x40
 __kasan_slab_alloc+0x66/0x80
 kmem_cache_alloc+0x1b1/0x4a0
 sk_prot_alloc+0x5f/0x290
 sk_alloc+0x34/0x760
 inet6_create+0x33e/0xf90
 __sock_create+0x34b/0x760
 inet_ctl_sock_create+0x89/0x1e0
 igmp6_net_init+0x183/0x3f0
 ops_init+0xb2/0x480
 setup_net+0x40c/0x9d0
 copy_net_ns+0x318/0x760
 create_new_namespaces+0x3f6/0xb30
 copy_namespaces+0x395/0x480
 copy_process+0x2ca7/0x6de0
 kernel_clone+0xe7/0xa60
 __do_sys_clone3+0x1d5/0x2e0
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f31c9821b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f31c6d97188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
RAX: ffffffffffffffda RBX: 00007f31c9934f60 RCX: 00007f31c9821b19
RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020004c00
RBP: 00007f31c987bf6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc162e9fdf R14: 00007f31c6d97300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at default_idle+0xb/0x10
----------------
Code disassembly (best guess):
   0:	cc                   	int3
   1:	cc                   	int3
   2:	cc                   	int3
   3:	cc                   	int3
   4:	cc                   	int3
   5:	cc                   	int3
   6:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
   b:	49 89 f9             	mov    %rdi,%r9
   e:	48 89 d1             	mov    %rdx,%rcx
  11:	83 e2 07             	and    $0x7,%edx
  14:	48 c1 e9 03          	shr    $0x3,%rcx
  18:	40 0f b6 f6          	movzbl %sil,%esi
  1c:	48 b8 01 01 01 01 01 	movabs $0x101010101010101,%rax
  23:	01 01 01
  26:	48 0f af c6          	imul   %rsi,%rax
* 2a:	f3 48 ab             	rep stos %rax,%es:(%rdi) <-- trapping instruction
  2d:	89 d1                	mov    %edx,%ecx
  2f:	f3 aa                	rep stos %al,%es:(%rdi)
  31:	4c 89 c8             	mov    %r9,%rax
  34:	e9 6d f8 42 02       	jmpq   0x242f8a6
  39:	66                   	data16
  3a:	66                   	data16
  3b:	2e                   	cs
  3c:	0f                   	.byte 0xf
  3d:	1f                   	(bad)
  3e:	84 00                	test   %al,(%rax)