watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.4:6014] Modules linked in: irq event stamp: 4258919 hardirqs last enabled at (4258918): [] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 hardirqs last disabled at (4258919): [] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1095 softirqs last enabled at (4258554): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (4258557): [] asm_call_irq_on_stack+0x12/0x20 CPU: 0 PID: 6014 Comm: syz-executor.4 Not tainted 5.10.156 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x60 kernel/kcov.c:196 Code: ff ff ff b8 08 00 00 00 4d 8b 17 49 8b 16 48 0f bd c8 48 63 c9 e9 5e ff ff ff 4c 01 d2 49 89 17 e9 cd fd ff ff 90 48 8b 34 24 <65> 48 8b 14 25 80 6f 02 00 65 8b 05 4c 45 c2 7e a9 00 01 ff 00 74 RSP: 0018:ffff88806ce09e58 EFLAGS: 00000246 RAX: ffff88806ce09e88 RBX: 0000000000000001 RCX: ffff88806ce09de8 RDX: 1ffff1100d9c13d1 RSI: ffffffff83ba433c RDI: ffff88806ce09e88 RBP: ffff8880450f8d00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 R13: ffff88806ce09e88 R14: 0000000000000000 R15: 1ffff1100d9c13cd FS: 00007f253f5b9700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe71e54e78 CR3: 000000004d922000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: ieee80211_rx_napi+0x31c/0x380 net/mac80211/rx.c:4870 ieee80211_rx include/net/mac80211.h:4502 [inline] ieee80211_tasklet_handler+0xd3/0x130 net/mac80211/main.c:235 tasklet_action_common.constprop.0+0x244/0x2f0 kernel/softirq.c:560 __do_softirq+0x1b8/0x86b kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1095 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:__preempt_count_sub arch/x86/include/asm/preempt.h:84 [inline] RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0x25/0x40 kernel/locking/spinlock.c:191 Code: 3e 00 0f 1f 00 55 48 89 fd 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 5a e4 44 fd 48 89 ef e8 32 9e 45 fd f6 c7 02 75 10 53 9d <65> ff 0d 44 5f 20 7c 5b 5d e9 fd 2f 3e 00 e8 d8 6e 64 fd eb e9 66 RSP: 0018:ffff88801ce87490 EFLAGS: 00000216 RAX: 00000000003ef809 RBX: 0000000000000216 RCX: 1ffffffff0cf8fca RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff83e21008 RBP: ffffffff84e127b0 R08: 0000000000000001 R09: ffffffff867996df R10: fffffbfff0cf32db R11: 0000000000000001 R12: ffffffff84e127b0 R13: 1ffff110039d0e96 R14: ffffffff84e127f0 R15: ffffea0001374000 spin_unlock_irqrestore include/linux/spinlock.h:409 [inline] wake_up_page_bit+0x1ae/0x230 mm/filemap.c:1151 unlock_page+0x111/0x180 mm/filemap.c:1469 ext4_bio_write_page+0xd32/0x1390 fs/ext4/page-io.c:561 mpage_submit_page+0x14b/0x260 fs/ext4/inode.c:2133 mpage_map_and_submit_buffers fs/ext4/inode.c:2381 [inline] mpage_map_and_submit_extent fs/ext4/inode.c:2520 [inline] ext4_writepages+0x2047/0x3590 fs/ext4/inode.c:2849 do_writepages+0xee/0x2a0 mm/page-writeback.c:2352 __filemap_fdatawrite_range+0x24b/0x2f0 mm/filemap.c:422 filemap_write_and_wait_range mm/filemap.c:655 [inline] filemap_write_and_wait_range+0x65/0x100 mm/filemap.c:649 filemap_write_and_wait include/linux/fs.h:2652 [inline] swap_inode_boot_loader fs/ext4/ioctl.c:148 [inline] __ext4_ioctl+0x1578/0x41c0 fs/ext4/ioctl.c:1060 ext4_ioctl+0x46/0x90 fs/ext4/ioctl.c:1326 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x61/0xc6 RIP: 0033:0x7f2542043b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f253f5b9188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f2542156f60 RCX: 00007f2542043b19 RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000003 RBP: 00007f254209df6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff34a4ed8f R14: 00007f253f5b9300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.10.156 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:__pvclock_read_cycles arch/x86/include/asm/pvclock.h:84 [inline] RIP: 0010:pvclock_clocksource_read+0xe6/0x520 arch/x86/kernel/pvclock.c:76 Code: 01 f9 66 90 48 c1 e2 20 48 8b 74 24 10 4c 89 c9 48 09 d0 41 0f b6 55 00 48 c1 e9 03 83 e6 07 0f b6 0c 29 40 38 f2 40 0f 9e c6 <84> d2 0f 95 c2 40 84 d6 0f 85 1f 03 00 00 4c 89 ca 83 e2 07 38 d1 RSP: 0018:ffff88800856fc80 EFLAGS: 00000046 RAX: 0000020a003d4220 RBX: ffffffff8607a040 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff8607a05c RBP: dffffc0000000000 R08: ffffffff8607a058 R09: ffffffff8607a04f R10: ffffffff8607a057 R11: ffffffff8607a05b R12: ffffffff8607a043 R13: fffffbfff0c0f409 R14: ffffffff8607a05d R15: ffffffff8607a050 FS: 0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555556be1c58 CR3: 00000000183c2000 CR4: 0000000000350ee0 Call Trace: kvm_clock_read arch/x86/kernel/kvmclock.c:80 [inline] kvm_sched_clock_read+0x14/0x30 arch/x86/kernel/kvmclock.c:92 paravirt_sched_clock arch/x86/include/asm/paravirt.h:22 [inline] sched_clock+0x5/0x10 arch/x86/kernel/tsc.c:252 sched_clock_cpu+0x18/0x170 kernel/sched/clock.c:371 tick_nohz_start_idle kernel/time/tick-sched.c:573 [inline] tick_nohz_irq_exit+0xbe/0x100 kernel/time/tick-sched.c:1043 tick_irq_exit kernel/softirq.c:408 [inline] __irq_exit_rcu kernel/softirq.c:425 [inline] irq_exit_rcu+0xa0/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1095 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:default_idle+0xe/0x20 arch/x86/kernel/process.c:690 Code: 89 fd e9 4b ff ff ff 4c 89 e7 e8 4d da 89 fd eb 8f 66 66 2e 0f 1f 84 00 00 00 00 00 e9 07 00 00 00 0f 00 2d 84 49 60 00 fb f4 fd 47 3e 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 41 55 41 54 RSP: 0018:ffff88800856fe78 EFLAGS: 00000202 RAX: ffffffff83e1f7f0 RBX: ffff88800852b300 RCX: ffffffff83e0753c RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff83e1fbb3 RBP: ffffed10010a5660 R08: 0000000000000001 R09: ffff88806cf3c12b R10: ffffed100d9e7825 R11: 0000000000000001 R12: 0000000000000001 R13: ffffffff85670cc8 R14: 0000000000000000 R15: dffffc0000000000 default_idle_call+0x8b/0xd0 kernel/sched/idle.c:112 cpuidle_idle_call kernel/sched/idle.c:194 [inline] do_idle+0x3ad/0x520 kernel/sched/idle.c:300 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:396 secondary_startup_64_no_verify+0xc2/0xcb ---------------- Code disassembly (best guess), 3 bytes skipped: 0: b8 08 00 00 00 mov $0x8,%eax 5: 4d 8b 17 mov (%r15),%r10 8: 49 8b 16 mov (%r14),%rdx b: 48 0f bd c8 bsr %rax,%rcx f: 48 63 c9 movslq %ecx,%rcx 12: e9 5e ff ff ff jmpq 0xffffff75 17: 4c 01 d2 add %r10,%rdx 1a: 49 89 17 mov %rdx,(%r15) 1d: e9 cd fd ff ff jmpq 0xfffffdef 22: 90 nop 23: 48 8b 34 24 mov (%rsp),%rsi * 27: 65 48 8b 14 25 80 6f mov %gs:0x26f80,%rdx <-- trapping instruction 2e: 02 00 30: 65 8b 05 4c 45 c2 7e mov %gs:0x7ec2454c(%rip),%eax # 0x7ec24583 37: a9 00 01 ff 00 test $0xff0100,%eax 3c: 74 .byte 0x74