watchdog: BUG: soft lockup - CPU#1 stuck for 122s! [syz.0.12:5955]
Modules linked in:
irq event stamp: 14020601
hardirqs last  enabled at (14020600): [<ffffffff8bd06d53>] irqentry_exit+0x63/0x90 kernel/entry/common.c:357
hardirqs last disabled at (14020601): [<ffffffff8bd0496e>] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1049
softirqs last  enabled at (14000746): [<ffffffff8161d567>] __do_softirq kernel/softirq.c:588 [inline]
softirqs last  enabled at (14000746): [<ffffffff8161d567>] invoke_softirq kernel/softirq.c:428 [inline]
softirqs last  enabled at (14000746): [<ffffffff8161d567>] __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:655
softirqs last disabled at (14000749): [<ffffffff8161d567>] __do_softirq kernel/softirq.c:588 [inline]
softirqs last disabled at (14000749): [<ffffffff8161d567>] invoke_softirq kernel/softirq.c:428 [inline]
softirqs last disabled at (14000749): [<ffffffff8161d567>] __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:655
CPU: 1 UID: 0 PID: 5955 Comm: syz.0.12 Not tainted 6.13.0-rc1-syzkaller-00033-ge2f0791124a1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:node_reclaim_enabled include/linux/swap.h:439 [inline]
RIP: 0010:get_page_from_freelist+0x544/0x37a0 mm/page_alloc.c:3448
Code: c0 0f 85 ae 01 00 00 8b 44 24 0c 83 e0 04 0f 85 a1 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 8c 24 78 01 00 00 0f b6 04 01 <84> c0 0f 85 21 2f 00 00 f6 05 e5 72 1d 0e 07 0f 84 cc 02 00 00 48
RSP: 0018:ffffc90000a18198 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffc90000a1843c RCX: 1ffffffff20329e3
RDX: ffff88813fffc3c0 RSI: 0000000000000008 RDI: ffff88813fffca90
RBP: ffff88813fffc3e0 R08: ffff88813fffca97 R09: 1ffff11027fff952
R10: dffffc0000000000 R11: ffffed1027fff953 R12: 1ffff92000143087
R13: 0000000000000002 R14: 1ffff92000143082 R15: 0000000000000002
FS:  00007f59c80ae6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055558a14c5c8 CR3: 000000007f3ac000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4751
 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
 alloc_slab_page+0x6a/0x140 mm/slub.c:2408
 allocate_slab+0x5a/0x2f0 mm/slub.c:2574
 new_slab mm/slub.c:2627 [inline]
 ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3815
 __slab_alloc+0x58/0xa0 mm/slub.c:3905
 __slab_alloc_node mm/slub.c:3980 [inline]
 slab_alloc_node mm/slub.c:4141 [inline]
 kmem_cache_alloc_node_noprof+0x269/0x380 mm/slub.c:4205
 kmalloc_reserve+0xa8/0x2a0 net/core/skbuff.c:587
 __alloc_skb+0x1f3/0x440 net/core/skbuff.c:678
 skb_copy+0x19d/0x9c0 net/core/skbuff.c:2159
 mac80211_hwsim_tx_frame_no_nl+0x106b/0x18d0 drivers/net/wireless/virtual/mac80211_hwsim.c:1866
 mac80211_hwsim_tx_frame+0x1cc/0x220 drivers/net/wireless/virtual/mac80211_hwsim.c:2215
 mac80211_hwsim_beacon_tx+0x3bf/0x850 drivers/net/wireless/virtual/mac80211_hwsim.c:2315
 __iterate_interfaces+0x297/0x570 net/mac80211/util.c:775
 ieee80211_iterate_active_interfaces_atomic+0xd8/0x170 net/mac80211/util.c:811
 mac80211_hwsim_beacon+0xd4/0x1f0 drivers/net/wireless/virtual/mac80211_hwsim.c:2345
 __run_hrtimer kernel/time/hrtimer.c:1739 [inline]
 __hrtimer_run_queues+0x59b/0xd30 kernel/time/hrtimer.c:1803
 hrtimer_run_softirq+0x19a/0x2c0 kernel/time/hrtimer.c:1820
 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:655
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:671
 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline]
 sysvec_irq_work+0xa3/0xc0 arch/x86/kernel/irq_work.c:17
 </IRQ>
 <TASK>
 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738
RIP: 0010:lock_is_held_type+0x13b/0x190
Code: 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 04 25 28 00 00 00 <48> 3b 44 24 08 75 42 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f
RSP: 0018:ffffc900047df538 EFLAGS: 00000206
RAX: 32b3ea20b29e1c00 RBX: 0000000000000000 RCX: ffff8880310e0000
RDX: 0000000000000000 RSI: ffffffff8c0aa880 RDI: ffffffff8c5f6660
RBP: 0000000000000003 R08: ffffc900047df71f R09: 0000000000000000
R10: ffffc900047df710 R11: fffff520008fbee4 R12: 0000000000000246
R13: ffff8880310e0000 R14: 00000000ffffffff R15: ffffffff8e937b00
 lock_is_held include/linux/lockdep.h:249 [inline]
 schedule_debug kernel/sched/core.c:5959 [inline]
 __schedule+0x20c/0x4c30 kernel/sched/core.c:6655
 preempt_schedule_common+0x84/0xd0 kernel/sched/core.c:6935
 preempt_schedule+0xe1/0xf0 kernel/sched/core.c:6959
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 free_unref_page+0x751/0x1130 mm/page_alloc.c:2681
 discard_slab mm/slub.c:2673 [inline]
 __put_partials+0xeb/0x130 mm/slub.c:3142
 put_cpu_partial+0x17c/0x250 mm/slub.c:3217
 __slab_free+0x2ea/0x3d0 mm/slub.c:4468
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4104 [inline]
 slab_alloc_node mm/slub.c:4153 [inline]
 kmem_cache_alloc_lru_noprof+0x1dd/0x390 mm/slub.c:4172
 __d_alloc+0x31/0x700 fs/dcache.c:1646
 d_alloc_pseudo+0x1f/0xb0 fs/dcache.c:1778
 alloc_path_pseudo fs/file_table.c:356 [inline]
 alloc_file_pseudo+0x123/0x290 fs/file_table.c:372
 __anon_inode_getfile fs/anon_inodes.c:109 [inline]
 anon_inode_getfile+0xc8/0x180 fs/anon_inodes.c:147
 __do_sys_perf_event_open kernel/events/core.c:13010 [inline]
 __se_sys_perf_event_open+0x224f/0x34b0 kernel/events/core.c:12721
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f59c737ff19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f59c80ae058 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007f59c7545fa0 RCX: 00007f59c737ff19
RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000500
RBP: 00007f59c73f3986 R08: 0000000000000009 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f59c7545fa0 R15: 00007ffd396d0078
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 5933 Comm: syz.1.9 Not tainted 6.13.0-rc1-syzkaller-00033-ge2f0791124a1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:kasan_check_range+0x5/0x290 mm/kasan/generic.c:188
Code: 8e e8 6f 94 e1 ff 90 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 55 <41> 57 41 56 41 54 53 b0 01 48 85 f6 0f 84 a0 01 00 00 4c 8d 04 37
RSP: 0018:ffffc900000070f8 EFLAGS: 00000046
RAX: 0000000000000001 RBX: 0000000000000053 RCX: ffffffff817b246a
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff942b8888
RBP: 0000000000000001 R08: ffffffff942b888f R09: 1ffffffff2857111
R10: dffffc0000000000 R11: fffffbfff2857112 R12: ffff88802a9264c4
R13: dffffc0000000000 R14: 0000000000000002 R15: ffff88802a9265a8
FS:  00007f5d530406c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f68cf80d509 CR3: 000000002888c000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
 hlock_class kernel/locking/lockdep.c:228 [inline]
 mark_lock+0x9a/0x360 kernel/locking/lockdep.c:4727
 mark_usage kernel/locking/lockdep.c:4626 [inline]
 __lock_acquire+0xb78/0x2100 kernel/locking/lockdep.c:5180
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
 seqcount_lockdep_reader_access+0xfc/0x220 include/linux/seqlock.h:72
 ktime_get+0x3e/0x1f0 kernel/time/timekeeping.c:810
 clockevents_program_event+0xe6/0x350 kernel/time/clockevents.c:326
 hrtimer_interrupt+0x5b7/0xa40 kernel/time/hrtimer.c:1878
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
 __sysvec_apic_timer_interrupt+0x110/0x420 arch/x86/kernel/apic/apic.c:1055
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:trylock_clear_pending kernel/locking/qspinlock_paravirt.h:122 [inline]
RIP: 0010:pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:431 [inline]
RIP: 0010:__pv_queued_spin_lock_slowpath+0x758/0xdb0 kernel/locking/qspinlock.c:508
Code: 85 a3 01 00 00 48 8b 44 24 28 c6 00 00 48 8b 44 24 10 42 0f b6 04 28 84 c0 0f 85 a8 01 00 00 41 c6 04 24 01 41 bc 00 80 ff ff <42> 0f b6 04 2b 84 c0 75 6c 66 c7 84 24 b0 00 00 00 00 01 48 8b 44
RSP: 0018:ffffc900000076e0 EFLAGS: 00000286
RAX: 0000000000000000 RBX: 1ffff92000000ef2 RCX: ffffc90000007701
RDX: 0000000000000100 RSI: ffffffff8c0a9680 RDI: ffffffff8c5f6660
RBP: ffffc90000007818 R08: ffffffff942b88f7 R09: 1ffffffff285711e
R10: dffffc0000000000 R11: fffffbfff285711f R12: 00000000ffffbcfc
R13: dffffc0000000000 R14: ffffffff8f521a60 R15: ffffc900000077a0
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline]
 queued_spin_lock_slowpath+0x42/0x50 arch/x86/include/asm/qspinlock.h:51
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock+0x272/0x370 kernel/locking/spinlock_debug.c:116
 spin_lock include/linux/spinlock.h:351 [inline]
 mac80211_hwsim_tx_frame_no_nl+0x982/0x18d0 drivers/net/wireless/virtual/mac80211_hwsim.c:1817
 mac80211_hwsim_tx_frame+0x1cc/0x220 drivers/net/wireless/virtual/mac80211_hwsim.c:2215
 mac80211_hwsim_beacon_tx+0x3bf/0x850 drivers/net/wireless/virtual/mac80211_hwsim.c:2315
 __iterate_interfaces+0x297/0x570 net/mac80211/util.c:775
 ieee80211_iterate_active_interfaces_atomic+0xd8/0x170 net/mac80211/util.c:811
 mac80211_hwsim_beacon+0xd4/0x1f0 drivers/net/wireless/virtual/mac80211_hwsim.c:2345
 __run_hrtimer kernel/time/hrtimer.c:1739 [inline]
 __hrtimer_run_queues+0x59b/0xd30 kernel/time/hrtimer.c:1803
 hrtimer_run_softirq+0x19a/0x2c0 kernel/time/hrtimer.c:1820
 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:655
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:671
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:folio_remove_rmap_ptes+0x0/0x480 mm/rmap.c:1619
Code: e9 33 fc ff ff e8 f0 9f a8 ff e9 45 fe ff ff e8 e6 9f a8 ff e9 7c fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <66> 0f 1f 00 55 41 57 41 56 41 55 41 54 53 50 49 89 cd 41 89 d4 48
RSP: 0018:ffffc9000439f358 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffea000195e7c0 RCX: ffff8880293ba3e0
RDX: 0000000000000001 RSI: ffffea000195e7c0 RDI: ffffea000195e7c0
RBP: ffffc9000439f690 R08: ffffffff814d3bb1 R09: 1ffffd400032bcf8
R10: dffffc0000000000 R11: fffff9400032bcf9 R12: 0000000000000000
R13: 00007f5d50d05000 R14: ffffc9000439f5e0 R15: 800000006579f007
 zap_present_folio_ptes mm/memory.c:1526 [inline]
 zap_present_ptes mm/memory.c:1585 [inline]
 zap_pte_range mm/memory.c:1627 [inline]
 zap_pmd_range mm/memory.c:1753 [inline]
 zap_pud_range mm/memory.c:1782 [inline]
 zap_p4d_range mm/memory.c:1803 [inline]
 unmap_page_range+0x1b4e/0x4230 mm/memory.c:1824
 unmap_vmas+0x3cc/0x5f0 mm/memory.c:1914
 exit_mmap+0x275/0xc20 mm/mmap.c:1667
 __mmput+0x115/0x3c0 kernel/fork.c:1353
 copy_process+0x28da/0x3d50 kernel/fork.c:2656
 kernel_clone+0x226/0x8e0 kernel/fork.c:2807
 __do_sys_clone kernel/fork.c:2950 [inline]
 __se_sys_clone kernel/fork.c:2934 [inline]
 __x64_sys_clone+0x258/0x2a0 kernel/fork.c:2934
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5d5217ff19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5d53040008 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007f5d52345fa0 RCX: 00007f5d5217ff19
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000028280000
RBP: 00007f5d521f3986 R08: ffffffffff600000 R09: ffffffffff600000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f5d52345fa0 R15: 00007ffc1323aed8
 </TASK>