FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) kworker/u4:7: attempt to access beyond end of device loop6: rw=1, sector=124, nr_sectors = 4 limit=40 Buffer I/O error on dev loop6, logical block 31, lost async page write watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor.5:4192] Modules linked in: irq event stamp: 5460599 hardirqs last enabled at (5460598): [] asm_sysvec_apic_timer_interrupt+0x16/0x20 hardirqs last disabled at (5460599): [] sysvec_apic_timer_interrupt+0xb/0xc0 softirqs last enabled at (5442440): [] __irq_exit_rcu+0x11b/0x180 softirqs last disabled at (5442443): [] __irq_exit_rcu+0x11b/0x180 CPU: 0 PID: 4192 Comm: syz-executor.5 Not tainted 5.19.0-next-20220810 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:__sanitizer_cov_trace_pc+0x5c/0x70 Code: 82 38 14 00 00 83 f8 02 75 20 48 8b 8a 40 14 00 00 8b 92 3c 14 00 00 48 8b 01 48 83 c0 01 48 39 c2 76 07 48 89 01 48 89 34 c1 ef 89 1a 03 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 55 RSP: 0018:ffff88806ce09670 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000100 RDX: ffff888045310000 RSI: ffffffff81462887 RDI: 0000000000000001 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: ffffffff8544b488 R15: 0000000000092820 FS: 00007f0a4e3e5700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffccb4ddff8 CR3: 000000001766c000 CR4: 0000000000350ef0 Call Trace: __is_insn_slot_addr+0x127/0x250 kernel_text_address+0x44/0xb0 __kernel_text_address+0x9/0x40 unwind_get_return_address+0x55/0xa0 arch_stack_walk+0x99/0xf0 stack_trace_save+0x8c/0xc0 kasan_save_stack+0x1e/0x40 __kasan_slab_alloc+0x66/0x80 kmem_cache_alloc+0x1b1/0x4a0 __create_object.isra.0+0x3d/0xc10 __kmalloc_node_track_caller+0x284/0x480 __alloc_skb+0xdd/0x300 __netdev_alloc_skb+0x72/0x3e0 __ieee80211_beacon_get+0x3e7/0x1380 ieee80211_beacon_get_tim+0x95/0x4e0 mac80211_hwsim_beacon_tx+0x1ce/0xaa0 __iterate_interfaces+0x2d3/0x560 ieee80211_iterate_active_interfaces_atomic+0x70/0x180 mac80211_hwsim_beacon+0x101/0x200 __hrtimer_run_queues+0x5de/0xbd0 hrtimer_run_softirq+0x172/0x340 __do_softirq+0x1c8/0x8d0 __irq_exit_rcu+0x11b/0x180 irq_exit_rcu+0x5/0x20 sysvec_apic_timer_interrupt+0x8e/0xc0 asm_sysvec_apic_timer_interrupt+0x16/0x20 RIP: 0010:put_cpu_partial+0x115/0x1c0 Code: 39 43 28 75 61 48 c7 43 28 00 00 00 00 48 c7 c6 b0 e0 77 81 48 89 df e8 59 0b b2 ff 48 85 ed 74 06 e8 4f a7 d4 ff fb 4d 85 ed <74> 21 5b 4c 89 ee 5d 4c 89 e7 41 5c 41 5d 41 5e 41 5f e9 84 fd ff RSP: 0018:ffff8880459bf698 EFLAGS: 00000246 RAX: 00000000004e791f RBX: ffff88806ce3c2e0 RCX: ffffffff81294e8f RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000200 R08: 0000000000000001 R09: ffffffff86ca37cf R10: fffffbfff0d946f9 R11: 0000000000000001 R12: ffff888007c4f780 R13: 0000000000000000 R14: ffffea000074e300 R15: 0000000000000005 qlist_free_all+0x6d/0x1a0 kasan_quarantine_reduce+0x184/0x210 __kasan_kmalloc+0x97/0xa0 __netlink_kernel_create+0x1a9/0x860 xfrm_user_net_init+0x9f/0x160 ops_init+0xb2/0x480 setup_net+0x40c/0x9d0 copy_net_ns+0x318/0x760 create_new_namespaces+0x3f6/0xb30 copy_namespaces+0x395/0x480 copy_process+0x2ca7/0x6de0 kernel_clone+0xe7/0xa60 __do_sys_clone3+0x1d5/0x2e0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f0a50e90b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0a4e3e5188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 RAX: ffffffffffffffda RBX: 00007f0a50fa4020 RCX: 00007f0a50e90b19 RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020004c00 RBP: 00007f0a50eeaf6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff8160334f R14: 00007f0a4e3e5300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 skipped: idling at default_idle+0xb/0x10 Bluetooth: hci6: HCI_REQ-0x0406 Bluetooth: hci5: HCI_REQ-0x0406 Bluetooth: hci1: HCI_REQ-0x0406 Bluetooth: hci3: HCI_REQ-0x0406 Bluetooth: hci2: HCI_REQ-0x0406 Bluetooth: hci4: HCI_REQ-0x0406 Bluetooth: hci0: HCI_REQ-0x0406 Bluetooth: hci2: command 0x0406 tx timeout Bluetooth: hci4: command 0x0406 tx timeout Bluetooth: hci3: command 0x0406 tx timeout Bluetooth: hci1: command 0x0406 tx timeout Bluetooth: hci5: command 0x0406 tx timeout Bluetooth: hci6: command 0x0406 tx timeout Bluetooth: hci0: command 0x0406 tx timeout ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 38 14 00 cmp %dl,(%rax,%rax,1) 3: 00 83 f8 02 75 20 add %al,0x207502f8(%rbx) 9: 48 8b 8a 40 14 00 00 mov 0x1440(%rdx),%rcx 10: 8b 92 3c 14 00 00 mov 0x143c(%rdx),%edx 16: 48 8b 01 mov (%rcx),%rax 19: 48 83 c0 01 add $0x1,%rax 1d: 48 39 c2 cmp %rax,%rdx 20: 76 07 jbe 0x29 22: 48 89 01 mov %rax,(%rcx) 25: 48 89 34 c1 mov %rsi,(%rcx,%rax,8) * 29: e9 ef 89 1a 03 jmpq 0x31a8a1d <-- trapping instruction 2e: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1) 35: 00 00 00 00 39: 0f 1f 40 00 nopl 0x0(%rax) 3d: 41 55 push %r13