BUG: soft lockup in sys

Kernel	Title	Count	Last	Reported	Patched	Status
android-5-15	BUG: soft lockup in sys_madvise	1	32d	32d	0/2	premoderation: reported on 2024/03/25 02:48
linux-4.19	BUG: soft lockup in sys_madvise (2)	1	588d	588d	0/1	auto-obsoleted due to no activity on 2023/01/14 20:18
upstream	INFO: rcu detected stall in sys_madvise scsi	1	263d	263d	0/26	auto-obsoleted due to no activity on 2023/11/05 19:10

misc userio: The device must be registered before sending interrupts watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [syz-executor.4:26625] Modules linked in: irq event stamp: 2488690 hardirqs last enabled at (2488689): [<ffffffff81003ce4>] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (2488690): [<ffffffff81003d00>] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (2486986): [<ffffffff88400678>] __do_softirq+0x678/0x980 kernel/softirq.c:318 softirqs last disabled at (2486847): [<ffffffff813927d5>] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (2486847): [<ffffffff813927d5>] irq_exit+0x215/0x260 kernel/softirq.c:412 CPU: 1 PID: 26625 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__read_once_size include/linux/compiler.h:263 [inline] RIP: 0010:trylock_clear_pending kernel/locking/qspinlock_paravirt.h:123 [inline] RIP: 0010:pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:436 [inline] RIP: 0010:__pv_queued_spin_lock_slowpath+0x3b5/0xae0 kernel/locking/qspinlock.c:474 Code: 83 e3 07 41 be 01 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8d 2c 01 eb 0c f3 90 41 83 ec 01 0f 84 38 04 00 00 41 0f b6 45 00 <38> d8 7f 08 84 c0 0f 85 75 05 00 00 0f b6 45 00 84 c0 75 db be 02 RSP: 0018:ffff888091cef318 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffff11012fc2176 RDX: 0000000000000001 RSI: ffffffff8167a995 RDI: 0000000000000286 RBP: ffff888097e10bb0 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 00000000000015bd R13: ffffed1012fc2176 R14: 0000000000000001 R15: ffff8880ba12be00 FS: 00007f784fead700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f784fe8bff8 CR3: 00000000ab38e000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:679 [inline] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:53 [inline] queued_spin_lock include/asm-generic/qspinlock.h:88 [inline] do_raw_spin_lock+0x189/0x220 kernel/locking/spinlock_debug.c:113 spin_lock include/linux/spinlock.h:329 [inline] map_pte mm/page_vma_mapped.c:51 [inline] page_vma_mapped_walk+0x1172/0x27d0 mm/page_vma_mapped.c:254 remove_migration_pte+0x145/0xff0 mm/migrate.c:217 rmap_walk_anon+0x472/0xa80 mm/rmap.c:1842 rmap_walk_locked+0x12a/0x190 mm/rmap.c:1924 remove_migration_ptes+0xbf/0x120 mm/migrate.c:298 remap_page+0xe2/0x180 mm/huge_memory.c:2452 __split_huge_page mm/huge_memory.c:2561 [inline] split_huge_page_to_list+0x1b20/0x2ce0 mm/huge_memory.c:2796 split_huge_page include/linux/huge_mm.h:146 [inline] madvise_free_huge_pmd+0x5a1/0xdd0 mm/huge_memory.c:1708 madvise_free_pte_range+0x6c5/0x2250 mm/madvise.c:325 walk_pmd_range mm/pagewalk.c:51 [inline] walk_pud_range mm/pagewalk.c:109 [inline] walk_p4d_range mm/pagewalk.c:135 [inline] walk_pgd_range+0x8fe/0x1150 mm/pagewalk.c:161 __walk_page_range mm/pagewalk.c:254 [inline] walk_page_range+0x1a5/0x490 mm/pagewalk.c:335 madvise_free_page_range.isra.0+0xae/0xf0 mm/madvise.c:454 madvise_free_single_vma+0x31c/0x4a0 mm/madvise.c:481 madvise_dontneed_free mm/madvise.c:565 [inline] madvise_vma mm/madvise.c:698 [inline] __do_sys_madvise mm/madvise.c:873 [inline] __se_sys_madvise+0x75c/0x1c10 mm/madvise.c:801 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f78515380e9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f784fead168 EFLAGS: 00000246 ORIG_RAX: 000000000000001c RAX: ffffffffffffffda RBX: 00007f785164af60 RCX: 00007f78515380e9 RDX: 0000000000000008 RSI: 0000000000600003 RDI: 0000000020000000 RBP: 00007f785159208d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe94d2948f R14: 00007f784fead300 R15: 0000000000022000 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:60 ---------------- Code disassembly (best guess): 0: 83 e3 07 and $0x7,%ebx 3: 41 be 01 00 00 00 mov $0x1,%r14d 9: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 10: fc ff df 13: 4c 8d 2c 01 lea (%rcx,%rax,1),%r13 17: eb 0c jmp 0x25 19: f3 90 pause 1b: 41 83 ec 01 sub $0x1,%r12d 1f: 0f 84 38 04 00 00 je 0x45d 25: 41 0f b6 45 00 movzbl 0x0(%r13),%eax * 2a: 38 d8 cmp %bl,%al <-- trapping instruction 2c: 7f 08 jg 0x36 2e: 84 c0 test %al,%al 30: 0f 85 75 05 00 00 jne 0x5ab 36: 0f b6 45 00 movzbl 0x0(%rbp),%eax 3a: 84 c0 test %al,%al 3c: 75 db jne 0x19 3e: be .byte 0xbe 3f: 02 .byte 0x2