watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz-executor.7:5961] Modules linked in: irq event stamp: 4850049 hardirqs last enabled at (4850048): [] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 hardirqs last disabled at (4850049): [] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1106 softirqs last enabled at (4840178): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (4840181): [] asm_call_irq_on_stack+0x12/0x20 CPU: 0 PID: 5961 Comm: syz-executor.7 Not tainted 5.10.233 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:mac80211_hwsim_tx_frame_no_nl.isra.0+0x734/0x13d0 drivers/net/wireless/mac80211_hwsim.c:1451 Code: 44 24 08 e8 ce 71 77 fe 0f b6 44 24 08 84 c0 0f 85 ac 06 00 00 e8 ac 78 77 fe e8 a7 78 77 fe 48 89 d8 48 c1 e8 03 80 3c 28 00 <0f> 85 c1 09 00 00 48 8b 1b 48 81 fb e0 d5 3d 85 0f 84 f7 04 00 00 RSP: 0018:ffff88806ce09b90 EFLAGS: 00000246 RAX: 1ffff11008e4d638 RBX: ffff88804726b1c0 RCX: ffffffff82c94139 RDX: ffff888048a0cec0 RSI: ffffffff82c93f59 RDI: 0000000000000004 RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000003 R10: 0000000000000007 R11: 0000000000000001 R12: ffff88803f5ffb40 R13: ffff8880492db3f0 R14: ffff8880492db1c0 R15: 0000000000000003 FS: 00007f350e83a700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f06b755a718 CR3: 0000000048ada000 CR4: 0000000000350ef0 Call Trace: mac80211_hwsim_tx_frame+0x152/0x1e0 drivers/net/wireless/mac80211_hwsim.c:1716 mac80211_hwsim_beacon_tx+0x494/0x940 drivers/net/wireless/mac80211_hwsim.c:1770 __iterate_interfaces+0x1f0/0x550 net/mac80211/util.c:792 ieee80211_iterate_active_interfaces_atomic+0x71/0x1c0 net/mac80211/util.c:828 mac80211_hwsim_beacon+0xd1/0x1d0 drivers/net/wireless/mac80211_hwsim.c:1793 __run_hrtimer kernel/time/hrtimer.c:1586 [inline] __hrtimer_run_queues+0x632/0xb40 kernel/time/hrtimer.c:1650 hrtimer_run_softirq+0x148/0x310 kernel/time/hrtimer.c:1667 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1106 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:mem_cgroup_lruvec include/linux/memcontrol.h:488 [inline] RIP: 0010:mod_objcg_state mm/slab.h:312 [inline] RIP: 0010:memcg_slab_free_hook mm/slab.h:383 [inline] RIP: 0010:memcg_slab_free_hook mm/slab.h:351 [inline] RIP: 0010:do_slab_free mm/slub.c:3105 [inline] RIP: 0010:___cache_free+0x185/0x360 mm/slub.c:3156 Code: 48 8b 45 10 0f 1f 44 00 00 49 63 95 40 35 00 00 48 85 c0 48 0f 44 05 e2 09 fb 03 48 8b bc d0 70 0b 00 00 4c 3b af 80 00 00 00 <0f> 85 c3 00 00 00 9c 41 5d fa 41 f7 c5 00 02 00 00 0f 85 5d 01 00 RSP: 0018:ffff888039bbf7b0 EFLAGS: 00000246 RAX: ffff888048114000 RBX: ffff88801afe3570 RCX: 0000000008967b30 RDX: 0000000000000000 RSI: d0ffd03340de0770 RDI: ffff88801ceee000 RBP: ffff8880180e8580 R08: 0000000000000000 R09: ffffffff8686a6e7 R10: 0000000000000246 R11: 0000000000000001 R12: ffff8880083f6c80 R13: ffff88807ffdc000 R14: 0000000000000005 R15: 00000000ffffff10 qlink_free mm/kasan/quarantine.c:151 [inline] qlist_free_all+0x59/0xe0 mm/kasan/quarantine.c:170 quarantine_reduce+0x184/0x210 mm/kasan/quarantine.c:267 __kasan_kmalloc.constprop.0+0xa2/0xd0 mm/kasan/common.c:442 slab_post_alloc_hook mm/slab.h:532 [inline] slab_alloc_node mm/slub.c:2896 [inline] slab_alloc mm/slub.c:2904 [inline] kmem_cache_alloc+0x13b/0x310 mm/slub.c:2909 kmem_cache_zalloc include/linux/slab.h:654 [inline] jbd2_alloc_handle include/linux/jbd2.h:1554 [inline] new_handle fs/jbd2/transaction.c:464 [inline] jbd2__journal_start+0x190/0x7e0 fs/jbd2/transaction.c:491 __ext4_journal_start_sb+0x214/0x390 fs/ext4/ext4_jbd2.c:105 __ext4_journal_start fs/ext4/ext4_jbd2.h:328 [inline] ext4_da_write_begin+0x51f/0xd40 fs/ext4/inode.c:3055 generic_perform_write+0x20a/0x4f0 mm/filemap.c:3336 ext4_buffered_write_iter+0x232/0x4a0 fs/ext4/file.c:269 ext4_dio_write_iter fs/ext4/file.c:567 [inline] ext4_file_write_iter+0xccd/0x1530 fs/ext4/file.c:660 call_write_iter include/linux/fs.h:2039 [inline] new_sync_write+0x42c/0x660 fs/read_write.c:518 vfs_write+0x7c0/0xb10 fs/read_write.c:605 ksys_write+0x12d/0x260 fs/read_write.c:658 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 RIP: 0033:0x7f35112c4b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f350e83a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f35113d7f60 RCX: 00007f35112c4b19 RDX: 000000000000fdef RSI: 00000000200001c0 RDI: 0000000000000003 RBP: 00007f351131ef6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcbfe7a42f R14: 00007f350e83a300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline] NMI backtrace for cpu 1 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline] NMI backtrace for cpu 1 skipped: idling at default_idle+0xe/0x20 arch/x86/kernel/process.c:706 FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) ---------------- Code disassembly (best guess): 0: 44 24 08 rex.R and $0x8,%al 3: e8 ce 71 77 fe callq 0xfe7771d6 8: 0f b6 44 24 08 movzbl 0x8(%rsp),%eax d: 84 c0 test %al,%al f: 0f 85 ac 06 00 00 jne 0x6c1 15: e8 ac 78 77 fe callq 0xfe7778c6 1a: e8 a7 78 77 fe callq 0xfe7778c6 1f: 48 89 d8 mov %rbx,%rax 22: 48 c1 e8 03 shr $0x3,%rax 26: 80 3c 28 00 cmpb $0x0,(%rax,%rbp,1) * 2a: 0f 85 c1 09 00 00 jne 0x9f1 <-- trapping instruction 30: 48 8b 1b mov (%rbx),%rbx 33: 48 81 fb e0 d5 3d 85 cmp $0xffffffff853dd5e0,%rbx 3a: 0f 84 f7 04 00 00 je 0x537