watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [syz-executor.1:4013]
Modules linked in:
irq event stamp: 5499305
hardirqs last  enabled at (5499304): [<ffffffff84000d02>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
hardirqs last disabled at (5499305): [<ffffffff83e6374b>] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1106
softirqs last  enabled at (5498264): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
softirqs last disabled at (5498267): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
CPU: 1 PID: 4013 Comm: syz-executor.1 Not tainted 5.10.230 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:queue_work_on+0x83/0xd0 kernel/workqueue.c:1540
Code: 31 ff 89 ee e8 0e 07 26 00 40 84 ed 74 4a e8 f4 0d 26 00 31 ff 48 89 de e8 5a 07 26 00 48 85 db 75 2a e8 e0 0d 26 00 41 56 9d <48> 83 c4 08 44 89 f8 5b 5d 41 5c 41 5d 41 5e 41 5f e9 07 8f 05 03
RSP: 0018:ffff88806cf098a8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000200 RCX: 1ffffffff0d15bc2
RDX: ffff888017c50000 RSI: ffffffff811ab0a0 RDI: ffffffff811ab0cf
RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff8686a797
R10: fffffbfff0d0d4f2 R11: 0000000000000001 R12: ffff88801c33d340
R13: ffff88800d6b4000 R14: 0000000000000246 R15: 0000000000000001
FS:  00007fe305f5a700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2d224000 CR3: 0000000048c20000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 queue_work include/linux/workqueue.h:509 [inline]
 ieee80211_queue_work net/mac80211/util.c:931 [inline]
 ieee80211_queue_work+0x129/0x160 net/mac80211/util.c:924
 ieee80211_rx_h_mgmt net/mac80211/rx.c:3722 [inline]
 ieee80211_rx_handlers+0x5d24/0xa3f0 net/mac80211/rx.c:3888
 ieee80211_invoke_rx_handlers net/mac80211/rx.c:3918 [inline]
 ieee80211_prepare_and_rx_handle+0x17d4/0x5890 net/mac80211/rx.c:4605
 __ieee80211_rx_handle_packet net/mac80211/rx.c:4666 [inline]
 ieee80211_rx_list+0xdd0/0x2370 net/mac80211/rx.c:4846
 ieee80211_rx_napi+0xdc/0x3c0 net/mac80211/rx.c:4867
 ieee80211_rx include/net/mac80211.h:4502 [inline]
 ieee80211_tasklet_handler+0xd3/0x130 net/mac80211/main.c:235
 tasklet_action_common.constprop.0+0x244/0x2f0 kernel/softirq.c:560
 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298
 asm_call_irq_on_stack+0x12/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:393 [inline]
 __irq_exit_rcu kernel/softirq.c:423 [inline]
 irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435
 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1106
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:qlink_free mm/kasan/quarantine.c:151 [inline]
RIP: 0010:qlist_free_all+0x3f/0xe0 mm/kasan/quarantine.c:170
Code: a3 00 00 00 49 89 fc 41 bd 00 00 00 80 49 c7 c6 00 00 00 80 48 bd 00 00 00 00 00 fc ff df eb 2c 48 63 87 c0 00 00 00 4c 8b 3e <48> c7 c2 a5 b7 6c 81 48 29 c6 48 89 f0 48 c1 e8 03 c6 04 28 fb e8
RSP: 0018:ffff8880489c7990 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffea000036d9ff
RDX: 0000000000000000 RSI: ffff88800977af30 RDI: ffff88800804d640
RBP: dffffc0000000000 R08: 0000000000000011 R09: ffffffff816cb701
R10: ffff88800977ad80 R11: 0000000000000001 R12: ffff8880489c79c8
R13: 0000000080000000 R14: ffffffff80000000 R15: ffff88800977abd0
 quarantine_reduce+0x184/0x210 mm/kasan/quarantine.c:267
 __kasan_kmalloc.constprop.0+0xa2/0xd0 mm/kasan/common.c:442
 slab_post_alloc_hook mm/slab.h:532 [inline]
 slab_alloc_node mm/slub.c:2896 [inline]
 slab_alloc mm/slub.c:2904 [inline]
 kmem_cache_alloc+0x13b/0x310 mm/slub.c:2909
 kmem_cache_zalloc include/linux/slab.h:654 [inline]
 jbd2_alloc_handle include/linux/jbd2.h:1554 [inline]
 new_handle fs/jbd2/transaction.c:464 [inline]
 jbd2__journal_start+0x190/0x7e0 fs/jbd2/transaction.c:491
 __ext4_journal_start_sb+0x214/0x390 fs/ext4/ext4_jbd2.c:105
 __ext4_journal_start fs/ext4/ext4_jbd2.h:328 [inline]
 ext4_truncate+0x665/0x1160 fs/ext4/inode.c:4308
 ext4_truncate_failed_write fs/ext4/truncate.h:20 [inline]
 ext4_inode_extension_cleanup fs/ext4/file.c:315 [inline]
 ext4_dio_write_iter fs/ext4/file.c:553 [inline]
 ext4_file_write_iter+0x113d/0x1530 fs/ext4/file.c:660
 call_write_iter include/linux/fs.h:2039 [inline]
 new_sync_write+0x42c/0x660 fs/read_write.c:518
 vfs_write+0x7c0/0xb10 fs/read_write.c:605
 ksys_write+0x12d/0x260 fs/read_write.c:658
 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x67/0xd1
RIP: 0033:0x7fe3089e4b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fe305f5a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fe308af7f60 RCX: 00007fe3089e4b19
RDX: 000000000000fdef RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 00007fe308a3ef6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe02f42eff R14: 00007fe305f5a300 R15: 0000000000022000
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline]
NMI backtrace for cpu 0 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline]
NMI backtrace for cpu 0 skipped: idling at default_idle+0xe/0x20 arch/x86/kernel/process.c:706
audit: type=1400 audit(1734437053.227:10): avc:  denied  { map } for  pid=4034 comm="syz-executor.7" path="/proc/4034/task/4035/io" dev="proc" ino=13765 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=file permissive=1
audit: type=1400 audit(1734437053.227:11): avc:  denied  { execute } for  pid=4034 comm="syz-executor.7" path="/proc/4034/task/4035/io" dev="proc" ino=13765 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=file permissive=1
netlink: 'syz-executor.0': attribute type 12 has an invalid length.
audit: type=1400 audit(1734437053.313:12): avc:  denied  { read } for  pid=4036 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
----------------
Code disassembly (best guess):
   0:	31 ff                	xor    %edi,%edi
   2:	89 ee                	mov    %ebp,%esi
   4:	e8 0e 07 26 00       	callq  0x260717
   9:	40 84 ed             	test   %bpl,%bpl
   c:	74 4a                	je     0x58
   e:	e8 f4 0d 26 00       	callq  0x260e07
  13:	31 ff                	xor    %edi,%edi
  15:	48 89 de             	mov    %rbx,%rsi
  18:	e8 5a 07 26 00       	callq  0x260777
  1d:	48 85 db             	test   %rbx,%rbx
  20:	75 2a                	jne    0x4c
  22:	e8 e0 0d 26 00       	callq  0x260e07
  27:	41 56                	push   %r14
  29:	9d                   	popfq
* 2a:	48 83 c4 08          	add    $0x8,%rsp <-- trapping instruction
  2e:	44 89 f8             	mov    %r15d,%eax
  31:	5b                   	pop    %rbx
  32:	5d                   	pop    %rbp
  33:	41 5c                	pop    %r12
  35:	41 5d                	pop    %r13
  37:	41 5e                	pop    %r14
  39:	41 5f                	pop    %r15
  3b:	e9 07 8f 05 03       	jmpq   0x3058f47