sd 0:0:0:0: [sg0] tag#0 CDB[60]: 7b cd 40 d7 b0 98 62 51 2d df ba 11 b9 33 ad fc sd 0:0:0:0: [sg0] tag#0 CDB[70]: f9 40 99 0e 19 06 57 32 01 df da ea 31 fc 56 cf sd 0:0:0:0: [sg0] tag#0 CDB[80]: 08 a2 4d 89 25 ff 9c 02 6e 91 4e 53 00 watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.5:3899] Modules linked in: irq event stamp: 6105121 hardirqs last enabled at (6105120): [] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 hardirqs last disabled at (6105121): [] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1106 softirqs last enabled at (6095526): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (6095529): [] asm_call_irq_on_stack+0x12/0x20 CPU: 1 PID: 3899 Comm: syz-executor.5 Not tainted 5.10.237 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:ieee80211_rx_list+0xbec/0x2370 net/mac80211/rx.c:4826 Code: 24 10 44 39 f8 0f 8d 2c 12 00 00 e8 be dd 7f fd 49 8d 7c 24 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <0f> 85 23 15 00 00 49 8b 44 24 08 4b 8d 54 6d 00 48 8d 04 90 48 89 RSP: 0018:ffff88806cf09cc8 EFLAGS: 00000246 RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff83c0df10 RDX: 1ffff11008e3263e RSI: ffffffff83c0df22 RDI: ffff8880471931f0 RBP: ffff88804952a3c0 R08: 0000000000000000 R09: ffffffff8686c6a7 R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880471931e8 R13: 0000000000000000 R14: ffff888047190d00 R15: 000000000000000c FS: 0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000563b285de678 CR3: 000000000ccc0000 CR4: 0000000000350ee0 Call Trace: ieee80211_rx_napi+0xdc/0x3c0 net/mac80211/rx.c:4867 ieee80211_rx include/net/mac80211.h:4502 [inline] ieee80211_tasklet_handler+0xd3/0x130 net/mac80211/main.c:237 tasklet_action_common.constprop.0+0x244/0x2f0 kernel/softirq.c:560 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1106 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:91 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:108 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:134 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:165 [inline] RIP: 0010:check_memory_region_inline mm/kasan/generic.c:183 [inline] RIP: 0010:check_memory_region+0x198/0x1f0 mm/kasan/generic.c:192 Code: 7d 85 41 bb 01 00 00 00 5b 5d 44 89 d8 41 5c e9 fe 7e b3 02 48 85 d2 74 e9 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 db 80 38 00 <74> f2 e9 28 ff ff ff 48 29 c3 48 89 da 49 89 d3 49 c1 fb 3f 49 c1 RSP: 0018:ffff888016eaf610 EFLAGS: 00000246 RAX: fffff940001fedc6 RBX: fffff940001fedc7 RCX: ffffffff8156fb0d RDX: fffff940001fedc7 RSI: 0000000000000004 RDI: ffffea0000ff6e34 RBP: fffff940001fedc6 R08: 0000000000000001 R09: ffffea0000ff6e37 R10: fffff940001fedc6 R11: 0000000000000001 R12: ffffea0000ff6e34 R13: dffffc0000000000 R14: ffff88801adbe5a0 R15: ffffea0000ff6e00 instrument_atomic_read_write include/linux/instrumented.h:101 [inline] atomic_dec_and_test include/asm-generic/atomic-instrumented.h:748 [inline] page_ref_dec_and_test include/linux/page_ref.h:148 [inline] put_page_testzero include/linux/mm.h:708 [inline] release_pages+0x15d/0xc20 mm/swap.c:914 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline] tlb_flush_mmu_free mm/mmu_gather.c:240 [inline] tlb_flush_mmu+0xe9/0x6e0 mm/mmu_gather.c:247 zap_pte_range mm/memory.c:1355 [inline] zap_pmd_range mm/memory.c:1404 [inline] zap_pud_range mm/memory.c:1433 [inline] zap_p4d_range mm/memory.c:1454 [inline] unmap_page_range+0x17d9/0x1fe0 mm/memory.c:1475 unmap_single_vma+0x198/0x300 mm/memory.c:1520 unmap_vmas+0x16d/0x300 mm/memory.c:1552 exit_mmap+0x27f/0x4f0 mm/mmap.c:3253 __mmput kernel/fork.c:1101 [inline] mmput+0xca/0x340 kernel/fork.c:1122 exit_mm kernel/exit.c:536 [inline] do_exit+0xa96/0x2600 kernel/exit.c:847 do_group_exit+0x125/0x310 kernel/exit.c:982 get_signal+0x4bc/0x2350 kernel/signal.c:2762 arch_do_signal_or_restart+0x2b7/0x1990 arch/x86/kernel/signal.c:805 handle_signal_work kernel/entry/common.c:145 [inline] exit_to_user_mode_loop kernel/entry/common.c:169 [inline] exit_to_user_mode_prepare+0x10f/0x190 kernel/entry/common.c:199 syscall_exit_to_user_mode+0x38/0x1d0 kernel/entry/common.c:274 entry_SYSCALL_64_after_hwframe+0x67/0xd1 RIP: 0033:0x7f9541ed2b19 Code: Unable to access opcode bytes at RIP 0x7f9541ed2aef. RSP: 002b:00007f953f448188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: 0000000000000003 RBX: 00007f9541fe5f60 RCX: 00007f9541ed2b19 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020001d80 RBP: 00007f9541f2cf6d R08: 0000000000000008 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffb0a4e73f R14: 00007f953f448300 R15: 0000000000022000 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline] NMI backtrace for cpu 0 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline] NMI backtrace for cpu 0 skipped: idling at default_idle+0xe/0x20 arch/x86/kernel/process.c:711 ---------------- Code disassembly (best guess): 0: 24 10 and $0x10,%al 2: 44 39 f8 cmp %r15d,%eax 5: 0f 8d 2c 12 00 00 jge 0x1237 b: e8 be dd 7f fd callq 0xfd7fddce 10: 49 8d 7c 24 08 lea 0x8(%r12),%rdi 15: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 1c: fc ff df 1f: 48 89 fa mov %rdi,%rdx 22: 48 c1 ea 03 shr $0x3,%rdx 26: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) * 2a: 0f 85 23 15 00 00 jne 0x1553 <-- trapping instruction 30: 49 8b 44 24 08 mov 0x8(%r12),%rax 35: 4b 8d 54 6d 00 lea 0x0(%r13,%r13,2),%rdx 3a: 48 8d 04 90 lea (%rax,%rdx,4),%rax 3e: 48 rex.W 3f: 89 .byte 0x89