loop2: detected capacity change from 0 to 40 watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [syz-executor.4:17341] Modules linked in: irq event stamp: 2842769 hardirqs last enabled at (2842768): [] irqentry_exit+0x3b/0x90 hardirqs last disabled at (2842769): [] sysvec_apic_timer_interrupt+0xf/0x80 softirqs last enabled at (2822152): [] handle_softirqs+0x50c/0x770 softirqs last disabled at (2822155): [] __irq_exit_rcu+0xc4/0x100 CPU: 1 UID: 0 PID: 17341 Comm: syz-executor.4 Not tainted 6.13.0-rc7-next-20250116 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:lock_acquire+0x1c7/0x520 Code: ff ff ff 48 83 c4 28 65 0f c1 05 3c 5c b2 7e 83 f8 01 0f 85 d5 02 00 00 48 83 3c 24 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24 RSP: 0018:ffff88806cf09380 EFLAGS: 00000206 RAX: dffffc0000000000 RBX: 1ffff1100d9e1273 RCX: 1ffff1100d9e1258 RDX: 1ffff11007e60149 RSI: 0000000000000001 RDI: 000000000e6dd8cc RBP: 0000000000000001 R08: 0000000000000000 R09: fffffbfff0fe13e4 R10: ffffffff87f09f27 R11: ffff88806cf43450 R12: 0000000000000000 R13: 0000000000000001 R14: ffff88806cf41518 R15: 0000000000000000 FS: 00007f0d0d426700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000056317329bfc0 CR3: 0000000009a24000 CR4: 0000000000350ef0 Call Trace: _raw_spin_trylock+0x46/0x60 get_page_from_freelist+0x4a5/0x1fe0 __alloc_frozen_pages_noprof+0x213/0x1f90 alloc_pages_mpol+0xee/0x340 new_slab+0x220/0x2e0 ___slab_alloc+0x89c/0x11d0 kmem_cache_alloc_node_noprof+0x238/0x3e0 __alloc_skb+0x2ad/0x370 skb_copy+0x1d5/0x3b0 mac80211_hwsim_tx_frame_no_nl.isra.0+0xafb/0x1320 mac80211_hwsim_tx_frame+0x1ee/0x2a0 mac80211_hwsim_beacon_tx+0x546/0x950 __iterate_interfaces+0x2e0/0x650 ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 mac80211_hwsim_beacon+0x105/0x200 __hrtimer_run_queues+0x1ab/0xa80 hrtimer_run_softirq+0x14c/0x310 handle_softirqs+0x1b1/0x770 __irq_exit_rcu+0xc4/0x100 irq_exit_rcu+0x9/0x20 sysvec_apic_timer_interrupt+0x70/0x80 asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:qlist_free_all+0x28/0x160 Code: 90 90 48 8b 07 48 85 c0 0f 84 41 01 00 00 41 57 41 56 41 55 49 89 fd 41 54 49 89 f4 55 53 eb 3e 48 63 95 c0 00 00 00 48 8b 18 <48> 89 ef 48 29 d0 48 89 c6 49 89 c6 e8 77 f0 ff ff 49 89 c7 66 90 RSP: 0018:ffff888040c07c60 EFLAGS: 00000246 RAX: ffff888015e17b90 RBX: ffff888018dce940 RCX: ffffea00005785c0 RDX: 0000000000000000 RSI: ffff888008c4f780 RDI: ffffffff81a47376 RBP: ffff888008c4f780 R08: 0000000000000001 R09: fffffbfff0fe13e9 R10: ffffffff87f09f4f R11: 0000000000000001 R12: 0000000000000000 R13: ffff888040c07c98 R14: ffff888018dce378 R15: ffff888018dce378 kasan_quarantine_reduce+0x19f/0x240 __kasan_slab_alloc+0x49/0x70 kmem_cache_alloc_noprof+0x13d/0x3d0 security_inode_alloc+0x3e/0x130 inode_init_always_gfp+0xc94/0xff0 alloc_inode+0x89/0x240 sock_alloc+0x40/0x270 __sock_create+0xc1/0x810 __sys_socket+0x147/0x260 __x64_sys_socket+0x73/0xb0 do_syscall_64+0xbf/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f0d0feb0b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0d0d426188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007f0d0ffc3f60 RCX: 00007f0d0feb0b19 RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000000a RBP: 00007f0d0ff0af6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff5ba1fcff R14: 00007f0d0d426300 R15: 0000000000022000 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 57 Comm: kworker/u9:2 Not tainted 6.13.0-rc7-next-20250116 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Workqueue: writeback wb_workfn (flush-8:0) RIP: 0010:lockdep_hardirqs_on_prepare+0x16a/0x3f0 Code: 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 64 01 00 00 8b 85 30 0a 00 00 85 c0 0f 85 f0 00 00 00 b8 ff ff ff ff <65> 0f c1 05 76 ba b2 7e 83 f8 01 0f 85 ec 00 00 00 5b 5d e9 fe 70 RSP: 0018:ffff88800ed27908 EFLAGS: 00000086 RAX: 00000000ffffffff RBX: ffff88800ebb3780 RCX: 1ffffffff0fe85a3 RDX: dffffc0000000000 RSI: 0000000000000040 RDI: ffffffff87f42d18 RBP: ffff88800ebb3780 R08: 0000000000000000 R09: fffffbfff0fe13f6 R10: ffffffff87f09fb7 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000003 R14: 0000607f92e1e258 R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000563173934618 CR3: 000000000c61a000 CR4: 0000000000350ef0 Call Trace: trace_hardirqs_on+0x36/0x40 _raw_spin_unlock_irqrestore+0x2c/0x50 __percpu_counter_sum+0x1ba/0x250 domain_over_bg_thresh+0x1d4/0x280 wb_over_bg_thresh+0xf4/0x180 wb_workfn+0x4b2/0xb50 process_one_work+0x8ee/0x1a10 worker_thread+0x674/0xe70 kthread+0x3ab/0x720 ret_from_fork+0x48/0x80 ret_from_fork_asm+0x1a/0x30 ---------------- Code disassembly (best guess), 3 bytes skipped: 0: 48 83 c4 28 add $0x28,%rsp 4: 65 0f c1 05 3c 5c b2 xadd %eax,%gs:0x7eb25c3c(%rip) # 0x7eb25c48 b: 7e c: 83 f8 01 cmp $0x1,%eax f: 0f 85 d5 02 00 00 jne 0x2ea 15: 48 83 3c 24 00 cmpq $0x0,(%rsp) 1a: 74 01 je 0x1d 1c: fb sti 1d: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 24: fc ff df * 27: 48 01 c3 add %rax,%rbx <-- trapping instruction 2a: 48 c7 03 00 00 00 00 movq $0x0,(%rbx) 31: 48 c7 43 08 00 00 00 movq $0x0,0x8(%rbx) 38: 00 39: 48 rex.W 3a: 8b .byte 0x8b 3b: 84 .byte 0x84 3c: 24 .byte 0x24