watchdog: BUG: soft lockup - CPU#0 stuck for 142s! [syz-executor.1:5468] Modules linked in: irq event stamp: 63083 hardirqs last enabled at (63082): [] irqentry_exit+0x63/0x90 kernel/entry/common.c:357 hardirqs last disabled at (63083): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1043 softirqs last enabled at (2858): [] invoke_softirq kernel/softirq.c:428 [inline] softirqs last enabled at (2858): [] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 softirqs last disabled at (3205): [] invoke_softirq kernel/softirq.c:428 [inline] softirqs last disabled at (3205): [] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 CPU: 0 PID: 5468 Comm: syz-executor.1 Not tainted 6.9.0-rc5-syzkaller-01478-g7e2c7a3f732b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:434 [inline] RIP: 0010:__pv_queued_spin_lock_slowpath+0x5ff/0xc60 kernel/locking/qspinlock.c:511 Code: 01 00 00 49 89 dd c6 03 00 48 8b 44 24 10 0f b6 04 10 84 c0 0f 85 44 01 00 00 48 8b 04 24 c6 00 01 bb 00 80 ff ff eb 06 f3 90 c3 74 5d 41 0f b6 04 14 84 c0 75 36 41 80 3f 00 75 eb 4c 89 ff RSP: 0018:ffffc90000006ce0 EFLAGS: 00000206 RAX: 0000000000000000 RBX: 00000000ffffbbdc RCX: ffff88807d33da00 RDX: dffffc0000000000 RSI: ffffffff8bcab900 RDI: ffffffff8c1f9e40 RBP: ffffc90000006dd8 R08: ffffffff92f405cf R09: 1ffffffff25e80b9 R10: dffffc0000000000 R11: fffffbfff25e80ba R12: 1ffff11005b497e0 R13: ffff8880b943f514 R14: 1ffff11017280001 R15: ffff88802da4bf00 FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32322000 CR3: 0000000064554000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline] queued_spin_lock_slowpath+0x42/0x50 arch/x86/include/asm/qspinlock.h:51 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline] do_raw_spin_lock+0x272/0x370 kernel/locking/spinlock_debug.c:116 tcp_v4_rcv+0x2d5e/0x3800 net/ipv4/tcp_ipv4.c:2340 ip_protocol_deliver_rcu+0x225/0x430 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x33f/0x5f0 net/ipv4/ip_input.c:233 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 ip_local_deliver net/ipv4/ip_input.c:254 [inline] dst_input include/net/dst.h:460 [inline] ip_sublist_rcv_finish+0x3be/0x4f0 net/ipv4/ip_input.c:580 ip_list_rcv_finish net/ipv4/ip_input.c:631 [inline] ip_sublist_rcv+0x75d/0xab0 net/ipv4/ip_input.c:639 ip_list_rcv+0x42b/0x480 net/ipv4/ip_input.c:674 __netif_receive_skb_list_ptype net/core/dev.c:5654 [inline] __netif_receive_skb_list_core+0x95a/0x980 net/core/dev.c:5702 __netif_receive_skb_list net/core/dev.c:5754 [inline] netif_receive_skb_list_internal+0xa51/0xe30 net/core/dev.c:5846 gro_normal_list include/net/gro.h:438 [inline] napi_complete_done+0x310/0x8e0 net/core/dev.c:6189 virtqueue_napi_complete drivers/net/virtio_net.c:515 [inline] virtnet_poll+0xf14/0x1ad0 drivers/net/virtio_net.c:2227 __napi_poll+0xcb/0x490 net/core/dev.c:6708 napi_poll net/core/dev.c:6777 [inline] net_rx_action+0x7bb/0x10a0 net/core/dev.c:6893 __do_softirq+0x2c6/0x980 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 common_interrupt+0xaa/0xd0 arch/x86/kernel/irq.c:247 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 RIP: 0010:unwind_next_frame+0x1932/0x2a00 Code: 89 f7 e8 b1 74 b9 00 49 89 1e 42 0f b6 44 2d 00 84 c0 0f 85 61 0e 00 00 48 8b 44 24 20 c6 00 00 4c 8b 74 24 48 48 8b 6c 24 28 <48> 8b 44 24 38 42 0f b6 04 28 84 c0 0f 85 ea 0b 00 00 48 8b 44 24 RSP: 0018:ffffc90009b5f108 EFLAGS: 00000246 RAX: ffffc90009b5f230 RBX: ffffc90009b5f218 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90009b5f240 RBP: ffffffff9036adba R08: ffffc90009b5f23f R09: 0000000000000000 R10: ffffc90009b5f230 R11: fffff5200136be48 R12: ffffc90009b5f588 R13: dffffc0000000000 R14: ffffc90009b5f230 R15: 1ffff9200136be3c arch_stack_walk+0x151/0x1b0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122 save_stack+0xfb/0x1f0 mm/page_owner.c:156 __reset_page_owner+0x75/0x3f0 mm/page_owner.c:302 reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1141 [inline] free_unref_page_prepare+0x986/0xab0 mm/page_alloc.c:2347 free_unref_folios+0x185/0xb30 mm/page_alloc.c:2536 folios_put_refs+0x8eb/0xa10 mm/swap.c:1034 free_pages_and_swap_cache+0x5c8/0x690 mm/swap_state.c:332 __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline] tlb_batch_pages_flush mm/mmu_gather.c:149 [inline] tlb_flush_mmu_free mm/mmu_gather.c:366 [inline] tlb_flush_mmu+0x3a3/0x680 mm/mmu_gather.c:373 tlb_finish_mmu+0xd4/0x200 mm/mmu_gather.c:465 exit_mmap+0x4bb/0xd60 mm/mmap.c:3280 __mmput+0x115/0x3c0 kernel/fork.c:1346 exit_mm+0x220/0x310 kernel/exit.c:569 do_exit+0x99e/0x27e0 kernel/exit.c:865 do_group_exit+0x207/0x2c0 kernel/exit.c:1027 __do_sys_exit_group kernel/exit.c:1038 [inline] __se_sys_exit_group kernel/exit.c:1036 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fa44687dd69 Code: Unable to access opcode bytes at 0x7fa44687dd3f. RSP: 002b:00007ffc3d94b638 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007fa44687dd69 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 R10: 00007fa446800000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 5450 Comm: syz-executor.0 Not tainted 6.9.0-rc5-syzkaller-01478-g7e2c7a3f732b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:rcu_dynticks_curr_cpu_in_eqs include/linux/context_tracking.h:122 [inline] RIP: 0010:rcu_is_watching+0x3a/0xb0 kernel/rcu/tree.c:700 Code: e8 8b 4e 05 0a 89 c3 83 f8 08 73 7a 49 bf 00 00 00 00 00 fc ff df 4c 8d 34 dd e0 69 d5 8d 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 <74> 08 4c 89 f7 e8 5c 5f 7e 00 48 c7 c3 c8 7c 03 00 49 03 1e 48 89 RSP: 0018:ffffc90000a08210 EFLAGS: 00000046 RAX: 1ffffffff1baad3d RBX: 0000000000000001 RCX: ffff88807d0f0000 RDX: ffff88807d0f0000 RSI: ffffffff8c1f9e20 RDI: ffffffff8c1f9de0 RBP: ffffc90000a08338 R08: ffffffff81a0dd7e R09: 1ffffffff25e80a0 R10: dffffc0000000000 R11: fffffbfff25e80a1 R12: ffffffff81a0dcac R13: dffffc0000000000 R14: ffffffff8dd569e8 R15: dffffc0000000000 FS: 00007f5fd990e6c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b3202a000 CR3: 000000007da8c000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rcu_read_lock_held_common kernel/rcu/update.c:109 [inline] rcu_read_lock_held+0x15/0x50 kernel/rcu/update.c:349 trace_call_bpf+0x197/0x8a0 kernel/trace/bpf_trace.c:147 perf_trace_run_bpf_submit+0x7c/0x1d0 kernel/events/core.c:10161 perf_trace_preemptirq_template+0x2d2/0x3f0 include/trace/events/preemptirq.h:14 trace_irq_enable+0xf1/0x120 include/trace/events/preemptirq.h:40 trace_hardirqs_on+0x18/0x40 kernel/trace/trace_preemptirq.c:56 irqentry_exit+0x63/0x90 kernel/entry/common.c:357 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738 RIP: 0010:rcu_read_unlock_special+0x88/0x550 kernel/rcu/tree_plugin.h:682 Code: f1 f1 f1 00 f2 f2 f2 49 89 04 17 66 41 c7 44 17 09 f3 f3 41 c6 44 17 0b f3 65 44 8b 25 a9 8d 86 7e 41 f7 c4 00 00 f0 00 74 49 <48> c7 44 24 20 0e 36 e0 45 4a c7 04 3a 00 00 00 00 66 42 c7 44 3a RSP: 0018:ffffc90000a08580 EFLAGS: 00000206 RAX: dbda9ae6d0ae1300 RBX: 1ffff920001410b8 RCX: ffffffff817308ca RDX: dffffc0000000000 RSI: ffffffff8bcab900 RDI: ffffffff8c1f9e40 RBP: ffffc90000a08650 R08: ffffffff92f405bf R09: 1ffffffff25e80b7 R10: dffffc0000000000 R11: fffffbfff25e80b8 R12: ffffffff8e339a00 R13: ffff88807d0f0458 R14: ffffc90000a085c0 R15: 1ffff920001410b4 __rcu_read_unlock+0xa1/0x110 kernel/rcu/tree_plugin.h:426 rcu_read_unlock include/linux/rcupdate.h:813 [inline] __ip_queue_xmit+0x1212/0x1b70 net/ipv4/ip_output.c:536 __tcp_transmit_skb+0x2557/0x3b80 net/ipv4/tcp_output.c:1465 tcp_transmit_skb net/ipv4/tcp_output.c:1483 [inline] tcp_write_xmit+0x18b3/0x69d0 net/ipv4/tcp_output.c:2828 tcp_tsq_handler+0x12d/0x200 net/ipv4/tcp_output.c:1087 tcp_tasklet_func+0x4f3/0x570 net/ipv4/tcp_output.c:1119 tasklet_action_common+0x321/0x4d0 kernel/softirq.c:781 __do_softirq+0x2c6/0x980 kernel/softirq.c:554 invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645 common_interrupt+0xaa/0xd0 arch/x86/kernel/irq.c:247 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 RIP: 0010:finish_task_switch+0x1ea/0x870 kernel/sched/core.c:5283 Code: c9 50 e8 69 d3 0b 00 48 83 c4 08 4c 89 f7 e8 9d 38 00 00 0f 1f 44 00 00 4c 89 f7 e8 30 a6 25 0a e8 eb 96 36 00 fb 48 8b 5d c0 <48> 8d bb f0 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc RSP: 0018:ffffc900095669a8 EFLAGS: 00000286 RAX: dbda9ae6d0ae1300 RBX: ffff88807d0f0000 RCX: ffffffff94738603 RDX: dffffc0000000000 RSI: ffffffff8bcab900 RDI: ffffffff8c1f9e40 RBP: ffffc900095669f0 R08: ffffffff8fa936af R09: 1ffffffff1f526d5 R10: dffffc0000000000 R11: fffffbfff1f526d6 R12: 1ffff110172a7e7f R13: dffffc0000000000 R14: ffff8880b953e680 R15: ffff8880b953f3f8 context_switch kernel/sched/core.c:5412 [inline] __schedule+0x17f0/0x4a50 kernel/sched/core.c:6746 preempt_schedule_notrace+0x100/0x140 kernel/sched/core.c:7018 preempt_schedule_notrace_thunk+0x1a/0x30 arch/x86/entry/thunk_64.S:13 trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0x2c1/0x3a0 mm/slub.c:4377 clear_jmp_history kernel/bpf/verifier.c:1381 [inline] is_state_visited kernel/bpf/verifier.c:17630 [inline] do_check+0x453d/0x10930 kernel/bpf/verifier.c:17779 do_check_common+0x14bd/0x1dd0 kernel/bpf/verifier.c:20802 do_check_main kernel/bpf/verifier.c:20893 [inline] bpf_check+0x139c0/0x18a90 kernel/bpf/verifier.c:21563 bpf_prog_load+0x1667/0x20f0 kernel/bpf/syscall.c:2908 __sys_bpf+0x4ee/0x810 kernel/bpf/syscall.c:5682 __do_sys_bpf kernel/bpf/syscall.c:5789 [inline] __se_sys_bpf kernel/bpf/syscall.c:5787 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5787 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5fd8c7dd69 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f5fd990e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f5fd8dabf80 RCX: 00007f5fd8c7dd69 RDX: 0000000000000048 RSI: 00000000200054c0 RDI: 0000000000000005 RBP: 00007f5fd8cca49e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f5fd8dabf80 R15: 00007ffc5f686cf8