watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.4:14174]
Modules linked in:
irq event stamp: 8339413
hardirqs last  enabled at (8339412): [<ffffffff8460144a>] asm_sysvec_apic_timer_interrupt+0x1a/0x20
hardirqs last disabled at (8339413): [<ffffffff843e931f>] sysvec_apic_timer_interrupt+0xf/0xc0
softirqs last  enabled at (8305046): [<ffffffff837a207e>] ip_finish_output2+0x70e/0x1fb0
softirqs last disabled at (8305047): [<ffffffff81180a31>] do_softirq.part.0+0xd1/0x120
CPU: 1 PID: 14174 Comm: syz-executor.4 Not tainted 6.2.0-rc1-next-20221226 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:get_stack_info_noinstr+0x4/0xf0
Code: c5 7b 00 5d 41 5c e9 7b 40 00 00 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 <41> 54 49 89 fc 55 48 89 d5 53 48 89 f3 e8 ea 00 00 00 84 c0 75 0e
RSP: 0018:ffff88806cf096a0 EFLAGS: 00000282
RAX: dffffc0000000000 RBX: ffff888047723580 RCX: ffff88806cf09738
RDX: ffff88806cf09718 RSI: ffff888047723580 RDI: ffff88806cf096c8
RBP: ffff88806cf09738 R08: 0000000000000001 R09: ffff88806cf09718
R10: ffffed100d9e12f0 R11: 0000000000000001 R12: ffff88806cf09718
R13: ffff88806cf09740 R14: ffff88806cf09760 R15: ffff88806cf09718
FS:  00007f562580e700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020010000 CR3: 00000000068d6000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 get_stack_info+0x2f/0x90
 __unwind_start+0x4a6/0x7c0
 arch_stack_walk+0x63/0xf0
 stack_trace_save+0x90/0xd0
 kasan_save_stack+0x22/0x50
 kasan_set_track+0x25/0x30
 __kasan_slab_alloc+0x5c/0x70
 kmem_cache_alloc+0x1e1/0x410
 __create_object+0x3d/0xc40
 kmem_cache_alloc_node+0x283/0x420
 __alloc_skb+0x21a/0x310
 __netdev_alloc_skb+0x76/0x3e0
 __ieee80211_beacon_get+0x3d9/0x1310
 ieee80211_beacon_get_tim+0x99/0x4f0
 mac80211_hwsim_beacon_tx+0x1d2/0xab0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x74/0x180
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xc70
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x8f9
 do_softirq.part.0+0xd1/0x120
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x10a/0x130
 ip_finish_output2+0x73c/0x1fb0
 ip_do_fragment+0x1e14/0x24e0
 ip_fragment.constprop.0+0x16b/0x240
 __ip_finish_output.part.0+0x883/0xd10
 ip_output+0x2ec/0x8e0
 ip_push_pending_frames+0x30b/0x5c0
 raw_sendmsg+0x11b0/0x2b40
 inet_sendmsg+0x121/0x150
 sock_sendmsg+0x140/0x190
 ____sys_sendmsg+0x744/0x930
 ___sys_sendmsg+0x110/0x1b0
 __sys_sendmsg+0xf7/0x1d0
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f5628298b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f562580e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f56283abf60 RCX: 00007f5628298b19
RDX: 0000000000000000 RSI: 0000000020000780 RDI: 0000000000000004
RBP: 00007f56282f2f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd34571bef R14: 00007f562580e300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.2.0-rc1-next-20221226 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:unwind_next_frame+0x348/0x2130
Code: 8e c7 15 00 00 41 c6 46 40 01 49 c7 c0 00 4b 4c 85 48 b8 00 00 00 00 00 fc ff df 4d 8d 48 04 4c 89 ca 48 c1 ea 03 0f b6 04 02 <4c> 89 ca 83 e2 07 38 d0 7f 08 84 c0 0f 85 e4 14 00 00 41 0f b6 40
RSP: 0018:ffff88806ce097d8 EFLAGS: 00000213
RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff810b8e42
RDX: 1ffffffff0c087f4 RSI: ffffffff86043fa2 RDI: ffffffff85d4d084
RBP: ffff88806ce09900 R08: ffffffff86043fa2 R09: ffffffff86043fa6
R10: ffffed100d9c1322 R11: 0000000000038001 R12: ffff88806ce098e9
R13: ffff88806ce09908 R14: ffff88806ce098a8 R15: ffffffff810b8e42
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1db058f000 CR3: 000000000f74a000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 __unwind_start+0x513/0x7c0
 arch_stack_walk+0x63/0xf0
 stack_trace_save+0x90/0xd0
 set_track_prepare+0x74/0xd0
 __create_object+0x3b4/0xc40
 kmem_cache_alloc_node+0x283/0x420
 __alloc_skb+0x21a/0x310
 __netdev_alloc_skb+0x76/0x3e0
 __ieee80211_beacon_get+0x3d9/0x1310
 ieee80211_beacon_get_tim+0x99/0x4f0
 mac80211_hwsim_beacon_tx+0x1d2/0xab0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x74/0x180
 mac80211_hwsim_beacon+0x105/0x200
 __hrtimer_run_queues+0x54b/0xc70
 hrtimer_run_softirq+0x176/0x350
 __do_softirq+0x1c7/0x8f9
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0x92/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:default_idle+0xf/0x20
Code: 70 01 fe cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 43 e9 41 00 fb f4 <e9> 80 44 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
RSP: 0018:ffffffff85407e20 EFLAGS: 00000206
RAX: ffffffff844094f0 RBX: ffffffff854328c0 RCX: ffffffff843ea842
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88806ce34f03
R10: ffffed100d9c69e0 R11: 0000000000000001 R12: fffffbfff0a86518
R13: ffffffff85d09410 R14: 0000000000000000 R15: dffffc0000000000
 default_idle_call+0x88/0xd0
 do_idle+0x3bd/0x530
 cpu_startup_entry+0x18/0x20
 rest_init+0x166/0x260
 arch_call_rest_init+0x13/0x2c
 start_kernel+0x4a2/0x4c7
 secondary_startup_64_no_verify+0xe0/0xeb
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	7b 00                	jnp    0x2
   2:	5d                   	pop    %rbp
   3:	41 5c                	pop    %r12
   5:	e9 7b 40 00 00       	jmpq   0x4085
   a:	66 2e 0f 1f 84 00 00 	nopw   %cs:0x0(%rax,%rax,1)
  11:	00 00 00
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	90                   	nop
  23:	90                   	nop
  24:	90                   	nop
  25:	66 0f 1f 00          	nopw   (%rax)
* 29:	41 54                	push   %r12 <-- trapping instruction
  2b:	49 89 fc             	mov    %rdi,%r12
  2e:	55                   	push   %rbp
  2f:	48 89 d5             	mov    %rdx,%rbp
  32:	53                   	push   %rbx
  33:	48 89 f3             	mov    %rsi,%rbx
  36:	e8 ea 00 00 00       	callq  0x125
  3b:	84 c0                	test   %al,%al
  3d:	75 0e                	jne    0x4d