syzbot

watchdog: BUG: soft lockup - CPU#1 stuck for 123s! [syz-executor5:19584]
Modules linked in:
irq event stamp: 57904
hardirqs last  enabled at (57903): [<ffffffff81007d91>] trace_hardirqs_on_thunk+0x1a/0x1c
hardirqs last disabled at (57904): [<ffffffff81007dad>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last  enabled at (4670): [<ffffffff87e007ba>] __do_softirq+0x7ba/0xad8 kernel/softirq.c:318
softirqs last disabled at (4605): [<ffffffff814ab8df>] invoke_softirq kernel/softirq.c:372 [inline]
softirqs last disabled at (4605): [<ffffffff814ab8df>] irq_exit+0x17f/0x1c0 kernel/softirq.c:412
CPU: 1 PID: 19584 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #8
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:csd_lock_wait kernel/smp.c:108 [inline]
RIP: 0010:smp_call_function_single+0x2a1/0x660 kernel/smp.c:302
Code: 41 0f b6 14 24 44 8b 7c 24 78 84 d2 74 09 80 fa 03 0f 8e 2c 03 00 00 44 89 bc 24 e0 00 00 00 41 83 e7 01 31 ff 41 c6 04 24 f8 <44> 89 fe e8 27 4d 0c 00 45 85 ff 75 a5 e8 0d 4c 0c 00 e8 08 4c 0c
RSP: 0018:ffff8801b7516e80 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: ffff8801b7516ef8 RCX: ffffffff81728329
RDX: 0000000000000004 RSI: ffffffff817282d8 RDI: 0000000000000000
RBP: ffff8801b7516fd8 R08: ffff8801851380c0 R09: ffffed003b5c5ba0
R10: ffffed003b5c5ba0 R11: ffff8801dae2dd07 R12: ffffed0036ea2dec
R13: 1ffff10036ea2dd8 R14: dffffc0000000000 R15: 0000000000000001
FS:  0000000000c59940(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f91d5c10db8 CR3: 00000001870b8000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 smp_call_function_many+0x967/0xb60 kernel/smp.c:434
 smp_call_function+0x42/0x80 kernel/smp.c:492
 on_each_cpu+0x2f/0x1e0 kernel/smp.c:604
 text_poke_bp+0x102/0x1de arch/x86/kernel/alternative.c:804
 __jump_label_transform.isra.0+0x478/0x8f0 arch/x86/kernel/jump_label.c:105
 arch_jump_label_transform+0x2f/0x40 arch/x86/kernel/jump_label.c:113
 __jump_label_update+0x16e/0x1a0 kernel/jump_label.c:375
 jump_label_update+0x174/0x320 kernel/jump_label.c:760
 __static_key_slow_dec_cpuslocked+0xb8/0x210 kernel/jump_label.c:205
 __static_key_slow_dec kernel/jump_label.c:215 [inline]
 static_key_slow_dec+0x63/0xa0 kernel/jump_label.c:229
 tracepoint_remove_func kernel/tracepoint.c:298 [inline]
 tracepoint_probe_unregister+0x761/0x930 kernel/tracepoint.c:368
 trace_event_reg+0x10c/0x350 kernel/trace/trace_events.c:310
 perf_trace_event_unreg.isra.3+0xbb/0x220 kernel/trace/trace_event_perf.c:157
 perf_trace_destroy+0xc1/0x100 kernel/trace/trace_event_perf.c:238
 tp_perf_event_destroy+0x15/0x20 kernel/events/core.c:8329
 _free_event+0x414/0x1610 kernel/events/core.c:4445
 put_event+0x48/0x60 kernel/events/core.c:4531
 perf_event_release_kernel+0x8d4/0xfa0 kernel/events/core.c:4637
 perf_release+0x37/0x50 kernel/events/core.c:4647
 __fput+0x385/0xa30 fs/file_table.c:278
 ____fput+0x15/0x20 fs/file_table.c:309
 task_work_run+0x1e8/0x2a0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x410c51
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffe2d75c7c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000410c51
RDX: 0000000000000000 RSI: 0000000000730c90 RDI: 0000000000000005
RBP: 0000000000000000 R08: ffffffffffffffff R09: ffffffffffffffff
R10: 00007ffe2d75c6f0 R11: 0000000000000293 R12: 0000000000000007
R13: 0000000000069b54 R14: 0000000000000193 R15: badc0ffeebadface
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 19588 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #8
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__lock_acquire+0xa7b/0x4ec0 kernel/locking/lockdep.c:3415
Code: 32 08 85 c9 0f 84 7a f7 ff ff 48 8b 94 24 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 fd 31 00 00 <48> 8b 54 24 78 4d 89 9e 70 08 00 00 48 b8 00 00 00 00 00 fc ff df
RSP: 0018:ffff88016071eb60 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: 0000000052e781d2 RCX: 0000000000000001
RDX: 1ffff10038e5ad9e RSI: ffff8801c72d6d00 RDI: 0000000000000000
RBP: ffff88016071eee8 R08: ffff8801c72d6d98 R09: 0000000000000003
R10: ffff8801c72d6d78 R11: 20e41f6cec61ac7a R12: 00000000cdd303c4
R13: 0000000000000000 R14: ffff8801c72d6480 R15: 0000000000000000
FS:  00007f7c67253700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32b24000 CR3: 00000001d1b44000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3901
 rcu_lock_acquire include/linux/rcupdate.h:244 [inline]
 srcu_read_lock include/linux/srcu.h:199 [inline]
 kvm_arch_vcpu_put+0x171/0x420 arch/x86/kvm/x86.c:3178
 kvm_sched_out+0x91/0xb0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3985
 __fire_sched_out_preempt_notifiers kernel/sched/core.c:2497 [inline]
 fire_sched_out_preempt_notifiers kernel/sched/core.c:2505 [inline]
 prepare_task_switch kernel/sched/core.c:2611 [inline]
 context_switch kernel/sched/core.c:2790 [inline]
 __schedule+0xf8c/0x1ed0 kernel/sched/core.c:3473
 preempt_schedule_irq+0x87/0x110 kernel/sched/core.c:3700
 retint_kernel+0x1b/0x2d
RIP: 0010:write_comp_data+0x19/0x70 kernel/kcov.c:116
Code: ef c9 ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 65 4c 8b 04 25 40 ee 01 00 65 8b 05 ef 1e 83 7e a9 00 01 1f 00 48 89 e5 <75> 51 41 8b 80 d0 12 00 00 83 f8 03 75 45 49 8b 80 d8 12 00 00 45
RSP: 0018:ffff88016071f350 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000080000000 RBX: ffff8801d4c59dc0 RCX: ffffffff81c24e7c
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: ffff88016071f350 R08: ffff8801c72d6480 R09: 0000000000000002
R10: ffff8801c72d6d50 R11: 494c73b4c54f489c R12: 00000000006080c0
R13: 0000000000000000 R14: ffff8801d4c59dc0 R15: 00000000006080c0
 __sanitizer_cov_trace_const_cmp4+0x16/0x20 kernel/kcov.c:188
 __should_failslab+0x5c/0x180 mm/failslab.c:23
 should_failslab+0x9/0x14 mm/slab_common.c:1557
 slab_pre_alloc_hook mm/slab.h:423 [inline]
 slab_alloc mm/slab.c:3378 [inline]
 kmem_cache_alloc+0x2be/0x730 mm/slab.c:3552
 kmem_cache_zalloc include/linux/slab.h:697 [inline]
 mmu_topup_memory_cache arch/x86/kvm/mmu.c:917 [inline]
 mmu_topup_memory_caches+0x2ec/0x390 arch/x86/kvm/mmu.c:970
 kvm_mmu_load+0x21/0xfa0 arch/x86/kvm/mmu.c:4952
 kvm_mmu_reload arch/x86/kvm/mmu.h:86 [inline]
 vcpu_enter_guest+0x3dee/0x62e0 arch/x86/kvm/x86.c:7513
 vcpu_run arch/x86/kvm/x86.c:7711 [inline]
 kvm_arch_vcpu_ioctl_run+0x375/0x16e0 arch/x86/kvm/x86.c:7888
 kvm_vcpu_ioctl+0x72b/0x1150 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2590
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685
 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702
 __do_sys_ioctl fs/ioctl.c:709 [inline]
 __se_sys_ioctl fs/ioctl.c:707 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f7c67252c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f7c672536d4 RCX: 0000000000457099
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004cf730 R14: 00000000004c59b9 R15: 0000000000000000