watchdog: BUG: soft lockup - CPU#1 stuck for 21s! [syz-executor.1:5742] Modules linked in: irq event stamp: 7437999 hardirqs last enabled at (7437998): [] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 hardirqs last disabled at (7437999): [] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1094 softirqs last enabled at (7436230): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (7436233): [] asm_call_irq_on_stack+0x12/0x20 CPU: 1 PID: 5742 Comm: syz-executor.1 Not tainted 5.10.226 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x60 kernel/kcov.c:196 Code: ff ff ff b8 08 00 00 00 4d 8b 17 49 8b 16 48 0f bd c8 48 63 c9 e9 5e ff ff ff 4c 01 d2 49 89 17 e9 cd fd ff ff 90 48 8b 34 24 <65> 48 8b 14 25 80 6f 02 00 65 8b 05 ec cf c1 7e a9 00 01 ff 00 74 RSP: 0018:ffff88806cf09cc0 EFLAGS: 00000286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83bdd107 RDX: ffff8880187f3480 RSI: ffffffff83bf5698 RDI: 0000000000000003 RBP: ffff88801ce6b500 R08: 0000000000000000 R09: ffff88801b438d5f R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000080 R13: 0000000000000080 R14: ffff88801b438d00 R15: 0000000000000000 FS: 00007fcd97ad4700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fbb7be46718 CR3: 0000000046cea000 CR4: 0000000000350ee0 Call Trace: ieee80211_rx_list+0x6f8/0x2370 net/mac80211/rx.c:4843 ieee80211_rx_napi+0xdc/0x3c0 net/mac80211/rx.c:4867 ieee80211_rx include/net/mac80211.h:4502 [inline] ieee80211_tasklet_handler+0xd3/0x130 net/mac80211/main.c:235 tasklet_action_common.constprop.0+0x244/0x2f0 kernel/softirq.c:560 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1094 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:memcg_slab_free_hook mm/slab.h:378 [inline] RIP: 0010:memcg_slab_free_hook mm/slab.h:351 [inline] RIP: 0010:do_slab_free mm/slub.c:3105 [inline] RIP: 0010:___cache_free+0xdb/0x360 mm/slub.c:3156 Code: 48 29 ca 41 8b 4e 20 89 d6 48 0f af f1 41 0f b6 4e 24 48 c1 ee 20 29 f2 d3 ea 41 0f b6 4e 25 01 f2 d3 ea 48 8d 14 d7 48 8b 2a <48> 85 ed 0f 84 fa 00 00 00 48 c7 02 00 00 00 00 41 8b 76 18 48 89 RSP: 0018:ffff888037b5fa80 EFLAGS: 00000212 RAX: ffffea0000332f00 RBX: ffff88800ccbec00 RCX: 0000000000000009 RDX: ffff88800b96e658 RSI: 0000000000000000 RDI: ffff88800b96e600 RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff816c9400 R10: ffff8880094fee00 R11: 0000000000000001 R12: ffff888008041280 R13: ffffea0000332f00 R14: ffff888008041280 R15: ffff888046a30280 qlink_free mm/kasan/quarantine.c:151 [inline] qlist_free_all+0x59/0xe0 mm/kasan/quarantine.c:170 quarantine_reduce+0x184/0x210 mm/kasan/quarantine.c:267 __kasan_kmalloc.constprop.0+0xa2/0xd0 mm/kasan/common.c:442 kmalloc include/linux/slab.h:552 [inline] __memcg_init_list_lru_node+0x7f/0x1e0 mm/list_lru.c:339 memcg_init_list_lru_node mm/list_lru.c:362 [inline] memcg_init_list_lru mm/list_lru.c:448 [inline] __list_lru_init+0x44d/0x890 mm/list_lru.c:615 alloc_super+0x8e2/0xa90 fs/super.c:274 sget_fc+0x110/0x860 fs/super.c:542 vfs_get_super fs/super.c:1207 [inline] get_tree_nodev+0x24/0x1d0 fs/super.c:1242 mqueue_get_tree+0xf2/0x130 ipc/mqueue.c:434 vfs_get_tree+0x8e/0x300 fs/super.c:1570 fc_mount+0x13/0xc0 fs/namespace.c:978 mq_create_mount ipc/mqueue.c:484 [inline] mq_init_ns+0x39e/0x530 ipc/mqueue.c:1700 create_ipc_ns ipc/namespace.c:58 [inline] copy_ipcs+0x2f5/0x480 ipc/namespace.c:84 create_new_namespaces+0x210/0xb20 kernel/nsproxy.c:90 unshare_nsproxy_namespaces+0xbd/0x1f0 kernel/nsproxy.c:231 ksys_unshare+0x449/0x8a0 kernel/fork.c:3003 __do_sys_unshare kernel/fork.c:3071 [inline] __se_sys_unshare kernel/fork.c:3069 [inline] __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3069 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 RIP: 0033:0x7fcd9a55eb19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fcd97ad4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00007fcd9a671f60 RCX: 00007fcd9a55eb19 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000048020200 RBP: 00007fcd9a5b8f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe740db09f R14: 00007fcd97ad4300 R15: 0000000000022000 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 5749 Comm: syz-executor.6 Not tainted 5.10.226 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x60 kernel/kcov.c:196 Code: ff ff ff b8 08 00 00 00 4d 8b 17 49 8b 16 48 0f bd c8 48 63 c9 e9 5e ff ff ff 4c 01 d2 49 89 17 e9 cd fd ff ff 90 48 8b 34 24 <65> 48 8b 14 25 80 6f 02 00 65 8b 05 ec cf c1 7e a9 00 01 ff 00 74 RSP: 0018:ffff888046f4f758 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff815fe6fe RDX: 0000000000000000 RSI: ffffffff815fe70b RDI: 0000000000000005 RBP: ffffea0000ec4dc0 R08: 0000000000000000 R09: ffffea0000ec4dc7 R10: 0000000000000000 R11: 0000000000000001 R12: ffffea0000ec4dc8 R13: ffff888035b65038 R14: dffffc0000000000 R15: 00007fcb25208000 FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055e182752678 CR3: 000000000d9a2000 CR4: 0000000000350ef0 Call Trace: page_mapcount include/linux/mm.h:837 [inline] zap_pte_range mm/memory.c:1288 [inline] zap_pmd_range mm/memory.c:1404 [inline] zap_pud_range mm/memory.c:1433 [inline] zap_p4d_range mm/memory.c:1454 [inline] unmap_page_range+0x139b/0x1fe0 mm/memory.c:1475 unmap_single_vma+0x198/0x300 mm/memory.c:1520 unmap_vmas+0x16d/0x300 mm/memory.c:1552 exit_mmap+0x27f/0x4f0 mm/mmap.c:3235 __mmput kernel/fork.c:1101 [inline] mmput+0xca/0x340 kernel/fork.c:1122 exit_mm kernel/exit.c:536 [inline] do_exit+0xa96/0x2600 kernel/exit.c:847 do_group_exit+0x125/0x310 kernel/exit.c:982 get_signal+0x4bc/0x2350 kernel/signal.c:2759 arch_do_signal_or_restart+0x2b7/0x1990 arch/x86/kernel/signal.c:805 handle_signal_work kernel/entry/common.c:145 [inline] exit_to_user_mode_loop kernel/entry/common.c:169 [inline] exit_to_user_mode_prepare+0x10f/0x190 kernel/entry/common.c:199 syscall_exit_to_user_mode+0x38/0x1d0 kernel/entry/common.c:274 entry_SYSCALL_64_after_hwframe+0x67/0xd1 RIP: 0033:0x7fcb2598fb19 Code: Unable to access opcode bytes at RIP 0x7fcb2598faef. RSP: 002b:00007fcb22ee4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: 0000000000000000 RBX: 00007fcb25aa3020 RCX: 00007fcb2598fb19 RDX: 00000000200001c0 RSI: 0000000000008914 RDI: 0000000000000004 RBP: 00007fcb259e9f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff1d6c4bef R14: 00007fcb22ee4300 R15: 0000000000022000 ---------------- Code disassembly (best guess), 3 bytes skipped: 0: b8 08 00 00 00 mov $0x8,%eax 5: 4d 8b 17 mov (%r15),%r10 8: 49 8b 16 mov (%r14),%rdx b: 48 0f bd c8 bsr %rax,%rcx f: 48 63 c9 movslq %ecx,%rcx 12: e9 5e ff ff ff jmpq 0xffffff75 17: 4c 01 d2 add %r10,%rdx 1a: 49 89 17 mov %rdx,(%r15) 1d: e9 cd fd ff ff jmpq 0xfffffdef 22: 90 nop 23: 48 8b 34 24 mov (%rsp),%rsi * 27: 65 48 8b 14 25 80 6f mov %gs:0x26f80,%rdx <-- trapping instruction 2e: 02 00 30: 65 8b 05 ec cf c1 7e mov %gs:0x7ec1cfec(%rip),%eax # 0x7ec1d023 37: a9 00 01 ff 00 test $0xff0100,%eax 3c: 74 .byte 0x74