watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [syz-executor.1:5014]
Modules linked in:
irq event stamp: 4794497
hardirqs last  enabled at (4794496): [<ffffffff84400d06>] asm_sysvec_apic_timer_interrupt+0x16/0x20
hardirqs last disabled at (4794497): [<ffffffff84372eeb>] sysvec_apic_timer_interrupt+0xb/0xc0
softirqs last  enabled at (4612760): [<ffffffff8117d44b>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (4612763): [<ffffffff8117d44b>] __irq_exit_rcu+0x11b/0x180
CPU: 1 PID: 5014 Comm: syz-executor.1 Not tainted 6.1.0-rc3-next-20221104 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:unwind_next_frame+0x1be/0x2130
Code: 8d 43 ff 39 c6 0f 83 8c 15 00 00 48 b8 00 00 00 00 00 fc ff df 89 f2 48 8d 3c 95 50 0e 29 86 48 89 f9 48 c1 e9 03 0f b6 0c 01 <48> 89 f8 83 e0 07 83 c0 03 38 c8 7c 27 84 c9 74 23 48 89 54 24 28
RSP: 0018:ffff88806d109738 EFLAGS: 00000212
RAX: dffffc0000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: 00000000000303fc RSI: 00000000000303fc RDI: ffffffff86351e40
RBP: ffff88806d109810 R08: ffffffff8615b59e R09: ffffffff8615b5a2
R10: ffffed100da21304 R11: 0000000000036001 R12: ffff88806d1097f9
R13: ffff88806d109818 R14: ffff88806d1097b8 R15: ffffffff8403fc3d
FS:  00007f04e2b85700(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe64559b718 CR3: 0000000043cfc000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 arch_stack_walk+0x83/0xf0
 stack_trace_save+0x8c/0xc0
 kasan_save_stack+0x1e/0x40
 kasan_set_track+0x21/0x30
 __kasan_kmalloc+0x7e/0x90
 __kmalloc_node_track_caller+0x4d/0xb0
 __alloc_skb+0xe5/0x310
 __netdev_alloc_skb+0x72/0x3e0
 __ieee80211_beacon_get+0x3de/0x1380
 ieee80211_beacon_get_tim+0x95/0x4e0
 mac80211_hwsim_beacon_tx+0x1ce/0xab0
 __iterate_interfaces+0x2d3/0x560
 ieee80211_iterate_active_interfaces_atomic+0x70/0x180
 mac80211_hwsim_beacon+0x101/0x200
 __hrtimer_run_queues+0x541/0xb50
 hrtimer_run_softirq+0x172/0x340
 __do_softirq+0x1c3/0x8f5
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 sysvec_apic_timer_interrupt+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:unwind_next_frame+0x1f9/0x2130
Code: 48 89 54 24 28 48 89 74 24 20 44 89 5c 24 18 e8 4d 27 69 00 48 8b 54 24 28 48 8b 74 24 20 44 8b 5c 24 18 8b 0c 95 50 0e 29 86 <8d> 56 01 48 b8 00 00 00 00 00 fc ff df 48 8d 3c 95 50 0e 29 86 49
RSP: 0018:ffff888043c8f790 EFLAGS: 00000246
RAX: 0000000000000003 RBX: 0000000000000001 RCX: 00000000000b471d
RDX: 0000000000034000 RSI: 0000000000034000 RDI: ffffffff86360e50
RBP: ffff888043c8f868 R08: ffffffff8625e2dc R09: ffffffff8625e2e0
R10: ffffed1008791f0f R11: 0000000000036001 R12: ffff888043c8f851
R13: ffff888043c8f870 R14: ffff888043c8f810 R15: ffffffff844000a9
 arch_stack_walk+0x83/0xf0
 stack_trace_save+0x8c/0xc0
 kasan_save_stack+0x1e/0x40
 kasan_set_track+0x21/0x30
 __kasan_slab_alloc+0x58/0x70
 kmem_cache_alloc+0x1a9/0x3e0
 __create_object+0x3d/0xc00
 __kmem_cache_alloc_node+0x22f/0x3d0
 kmalloc_trace+0x22/0x60
 selinux_sk_alloc_security+0x90/0x200
 security_sk_alloc+0x56/0xb0
 sk_prot_alloc+0x186/0x290
 sk_alloc+0x34/0x760
 __netlink_create+0x63/0x340
 netlink_create+0x3b2/0x5f0
 __sock_create+0x34b/0x760
 __sys_socket+0x133/0x250
 __x64_sys_socket+0x6f/0xb0
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f04e5630b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f04e2b85188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 00007f04e5744020 RCX: 00007f04e5630b19
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010
RBP: 00007f04e568af6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd1c7eb87f R14: 00007f04e2b85300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at default_idle+0xb/0x10
----------------
Code disassembly (best guess):
   0:	8d 43 ff             	lea    -0x1(%rbx),%eax
   3:	39 c6                	cmp    %eax,%esi
   5:	0f 83 8c 15 00 00    	jae    0x1597
   b:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  12:	fc ff df
  15:	89 f2                	mov    %esi,%edx
  17:	48 8d 3c 95 50 0e 29 	lea    -0x79d6f1b0(,%rdx,4),%rdi
  1e:	86
  1f:	48 89 f9             	mov    %rdi,%rcx
  22:	48 c1 e9 03          	shr    $0x3,%rcx
  26:	0f b6 0c 01          	movzbl (%rcx,%rax,1),%ecx
* 2a:	48 89 f8             	mov    %rdi,%rax <-- trapping instruction
  2d:	83 e0 07             	and    $0x7,%eax
  30:	83 c0 03             	add    $0x3,%eax
  33:	38 c8                	cmp    %cl,%al
  35:	7c 27                	jl     0x5e
  37:	84 c9                	test   %cl,%cl
  39:	74 23                	je     0x5e
  3b:	48 89 54 24 28       	mov    %rdx,0x28(%rsp)