watchdog: BUG: soft lockup - CPU#1 stuck for 123s! [swapper/1:0]
Modules linked in:
CPU: 1 PID: 0 Comm: swapper/1 Tainted: G        W         5.4.289-syzkaller-00025-g49530c73f82d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:__read_once_size include/linux/compiler.h:268 [inline]
RIP: 0010:queued_write_lock_slowpath+0x180/0x390 kernel/locking/qrwlock.c:79
Code: 00 00 00 42 0f b6 04 33 84 c0 4c 8b 64 24 08 74 37 44 89 f9 80 e1 07 80 c1 03 38 c1 7c 2a 4c 89 ff e8 64 d5 47 00 eb 20 f3 90 <42> 0f b6 04 33 84 c0 74 15 44 89 f9 80 e1 07 80 c1 03 38 c1 7c 08
RSP: 0018:ffff8881f6f09620 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13
RAX: 00000000000001ff RBX: 1ffffffff0c80145 RCX: ffffffff814c5efb
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff86400a28
RBP: ffff8881f6f096d0 R08: dffffc0000000000 R09: fffffbfff0c80146
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1103ede12ce
R13: 00000000000000ff R14: dffffc0000000000 R15: ffffffff86400a28
FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f83cd6f9000 CR3: 00000001dcaff000 CR4: 00000000003406a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 queued_write_lock include/asm-generic/qrwlock.h:95 [inline]
 __raw_write_lock_bh include/linux/rwlock_api_smp.h:204 [inline]
 _raw_write_lock_bh+0x10a/0x170 kernel/locking/spinlock.c:319
 neigh_forced_gc net/core/neighbour.c:237 [inline]
 neigh_alloc net/core/neighbour.c:430 [inline]
 ___neigh_create+0x202/0x1ae0 net/core/neighbour.c:592
 ip6_finish_output2+0x8b1/0x1640 net/ipv6/ip6_output.c:126
 NF_HOOK_COND include/linux/netfilter.h:292 [inline]
 ip6_output+0x1b3/0x430 net/ipv6/ip6_output.c:233
 dst_output include/net/dst.h:438 [inline]
 NF_HOOK include/linux/netfilter.h:303 [inline]
 mld_sendpack+0x606/0xb50 net/ipv6/mcast.c:1679
 mld_send_cr net/ipv6/mcast.c:1975 [inline]
 mld_ifc_timer_expire+0x814/0xc10 net/ipv6/mcast.c:2474
 call_timer_fn+0x36/0x390 kernel/time/timer.c:1448
 expire_timers kernel/time/timer.c:1493 [inline]
 __run_timers+0x879/0xbe0 kernel/time/timer.c:1817
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1830
 __do_softirq+0x23b/0x6b7 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x195/0x1c0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:539 [inline]
 smp_apic_timer_interrupt+0x11a/0x490 arch/x86/kernel/apic/apic.c:1161
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:834
 </IRQ>
RIP: 0010:default_idle+0x1f/0x30 arch/x86/kernel/process.c:573
Code: 90 90 90 90 90 90 90 90 90 90 90 e8 0b b2 da fd bf 01 00 00 00 89 c6 e8 4f 9a d1 fc 0f 1f 44 00 00 0f 00 2d 83 a9 4d 00 fb f4 <e8> ec b1 da fd bf ff ff ff ff 89 c6 e9 30 9a d1 fc 41 57 41 56 53
RSP: 0018:ffff8881f5df7d78 EFLAGS: 000002d2 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000001 RBX: dffffc0000000000 RCX: ffff8881f5dc5e80
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffff8881f5df7e80 R08: ffffffff8231c921 R09: ffffed103ebb8bd1
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffff864c4ba8
R13: ffff8881f5dc5e80 R14: 1ffff1103ebb8bd0 R15: 0000000000000001
 default_idle_call kernel/sched/idle.c:94 [inline]
 cpuidle_idle_call kernel/sched/idle.c:154 [inline]
 do_idle+0x248/0x660 kernel/sched/idle.c:264
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:356
 start_secondary+0x3a5/0x460 arch/x86/kernel/smpboot.c:277
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 2107 Comm: syz.1.419 Tainted: G        W         5.4.289-syzkaller-00025-g49530c73f82d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:arch_static_branch arch/x86/include/asm/msr.h:105 [inline]
RIP: 0010:static_key_false include/linux/jump_label.h:200 [inline]
RIP: 0010:native_write_msr arch/x86/include/asm/msr.h:164 [inline]
RIP: 0010:wrmsr arch/x86/include/asm/msr.h:275 [inline]
RIP: 0010:native_apic_msr_write+0x35/0x50 arch/x86/include/asm/apic.h:208
Code: 74 2d 83 ff 30 74 28 eb 10 81 ff d0 00 00 00 74 1e 81 ff e0 00 00 00 74 16 c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <0f> 1f 44 00 00 c3 89 f6 31 d2 e9 fc 95 1a 01 66 66 2e 0f 1f 84 00
RSP: 0018:ffff8881f6e09498 EFLAGS: 00000046
RAX: 00000000000000dc RBX: ffffffff856441e0 RCX: 0000000000000838
RDX: 0000000000000000 RSI: 00000000000000dc RDI: 0000000000000838
RBP: 00000000000000dc R08: ffffffff8157d43b R09: ffffffff8157d3c7
R10: ffff8881d6978fc0 R11: 0000000000000002 R12: dffffc0000000000
R13: 0000000000000002 R14: 00000000000000dc R15: dffffc0000000000
FS:  00007f6dd4b6e6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6dd6503d7f CR3: 00000001dcaff000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 apic_write arch/x86/include/asm/apic.h:396 [inline]
 lapic_next_event+0x5b/0x70 arch/x86/kernel/apic/apic.c:466
 clockevents_program_event+0x199/0x2c0 kernel/time/clockevents.c:334
 hrtimer_interrupt+0x4b3/0x890 kernel/time/hrtimer.c:1720
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1134 [inline]
 smp_apic_timer_interrupt+0x110/0x490 arch/x86/kernel/apic/apic.c:1159
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:834
RIP: 0010:rtnl_notify+0x4b/0xc0 net/core/rtnetlink.c:731
Code: 00 00 00 00 00 fc ff df e8 22 3e de fd 48 81 c5 10 01 00 00 48 89 e8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 ef e8 35 28 0e fe <48> 8b 6d 00 48 85 db 74 27 e8 f7 3d de fd 48 83 c3 06 48 89 d8 48
RSP: 0018:ffff8881f6e096d8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 1ffff1103c52db62 RBX: 0000000000000000 RCX: ffff8881d6978fc0
RDX: 0000000000000501 RSI: ffff8881e296da00 RDI: ffff8881e776e780
RBP: ffff8881e296db10 R08: 0000000000000000 R09: 0000000000000a20
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000003
R13: ffff8881e776e780 R14: dffffc0000000000 R15: 0000000000000000
 neigh_cleanup_and_release+0x2b/0x210 net/core/neighbour.c:102
 neigh_del net/core/neighbour.c:198 [inline]
 neigh_remove_one+0x350/0x3b0 net/core/neighbour.c:219
 neigh_forced_gc net/core/neighbour.c:252 [inline]
 neigh_alloc net/core/neighbour.c:430 [inline]
 ___neigh_create+0x3b3/0x1ae0 net/core/neighbour.c:592
 ip6_finish_output2+0x8b1/0x1640 net/ipv6/ip6_output.c:126
 NF_HOOK_COND include/linux/netfilter.h:292 [inline]
 ip6_output+0x1b3/0x430 net/ipv6/ip6_output.c:233
 dst_output include/net/dst.h:438 [inline]
 NF_HOOK include/linux/netfilter.h:303 [inline]
 mld_sendpack+0x606/0xb50 net/ipv6/mcast.c:1679
 mld_send_cr net/ipv6/mcast.c:1975 [inline]
 mld_ifc_timer_expire+0x814/0xc10 net/ipv6/mcast.c:2474
 call_timer_fn+0x36/0x390 kernel/time/timer.c:1448
 expire_timers kernel/time/timer.c:1493 [inline]
 __run_timers+0x879/0xbe0 kernel/time/timer.c:1817
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1830
 __do_softirq+0x23b/0x6b7 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x195/0x1c0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:539 [inline]
 smp_apic_timer_interrupt+0x11a/0x490 arch/x86/kernel/apic/apic.c:1161
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:834
 </IRQ>
RIP: 0010:find_stack lib/stackdepot.c:185 [inline]
RIP: 0010:stack_depot_save+0x146/0x480 lib/stackdepot.c:245
Code: c1 c7 18 41 29 fe 44 89 f5 81 e5 ff ff 0f 00 4c 8b 3c ed 80 38 f3 86 44 89 eb eb 03 4d 8b 3f 4d 85 ff 74 29 45 39 77 08 75 f2 <45> 39 6f 0c 75 ec 31 c0 49 8b 0c c4 49 3b 4c c7 18 75 df 48 ff c0
RSP: 0018:ffff8881d4787420 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 000000004e63d9f6 RBX: 000000000000000d RCX: 000000005c7440ba
RDX: 0000000000002800 RSI: ffff8881d4787520 RDI: 0000000037c23649
RBP: 00000000000ed6f3 R08: 0000000000000002 R09: ffffed103edcb135
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881d47874c0
R13: 000000000000000d R14: 00000000302ed6f3 R15: ffff8881d9540ca0
 save_stack+0x7de/0x880 mm/page_owner.c:135
 __reset_page_owner+0x1f/0x100 mm/page_owner.c:149
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1176 [inline]
 free_pcp_prepare mm/page_alloc.c:1233 [inline]
 free_unref_page_prepare+0x297/0x380 mm/page_alloc.c:3085
 free_unref_page_list+0x10a/0x590 mm/page_alloc.c:3154
 release_pages+0xad8/0xb20 mm/swap.c:842
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:189 [inline]
 tlb_flush_mmu mm/mmu_gather.c:196 [inline]
 tlb_finish_mmu+0x177/0x320 mm/mmu_gather.c:277
 exit_mmap+0x2dc/0x520 mm/mmap.c:3193
 __mmput+0x8e/0x2c0 kernel/fork.c:1101
 exit_mm kernel/exit.c:538 [inline]
 do_exit+0xc08/0x2bc0 kernel/exit.c:848
 do_group_exit+0x138/0x300 kernel/exit.c:984
 get_signal+0xdb1/0x1440 kernel/signal.c:2738
 do_signal+0xb0/0x11f0 arch/x86/kernel/signal.c:809
 exit_to_usermode_loop+0xc0/0x1a0 arch/x86/entry/common.c:159
 prepare_exit_to_usermode+0x199/0x200 arch/x86/entry/common.c:194
 ret_from_intr+0x1c/0x1c
RIP: 0033:0x7f6dd6503da9
Code: Bad RIP value.
RSP: 002b:00007f6dd4b6e038 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: 00007f6dd671cfa0 RCX: 00007f6dd6503da9
RDX: 00000000200006c0 RSI: 0000000000005452 RDI: 0000000000000005
RBP: 00007f6dd65852a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f6dd671cfa0 R15: 00007ffef833f458