watchdog: BUG: soft lockup - CPU#1 stuck for 123s! [syz.1.1790:6074]
Modules linked in:
CPU: 1 PID: 6074 Comm: syz.1.1790 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:preempt_count_add+0x30/0x180 kernel/sched/core.c:4008
Code: fb 48 c7 c0 c0 99 e9 86 48 c1 e8 03 49 bf 00 00 00 00 00 fc ff df 42 0f b6 04 38 84 c0 0f 85 e2 00 00 00 83 3d d0 b7 a4 05 00 <75> 07 65 8b 05 93 ab bd 7e 65 01 1d 8c ab bd 7e 48 c7 c0 c0 99 e9
RSP: 0018:ffff8881f6f095e0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000004 RBX: 0000000000000200 RCX: ffffffff86e99903
RDX: 0000000000000302 RSI: 0000000000000000 RDI: 0000000000000200
RBP: ffff8881f6f097f0 R08: ffffffff837e77db R09: ffffed1039296682
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff1103ede12f2 R14: ffff8881ca4da20c R15: dffffc0000000000
FS:  00007fb523b666c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb524a6f0e0 CR3: 00000001c9e5f000 CR4: 00000000003406a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 __local_bh_disable_ip include/linux/bottom_half.h:12 [inline]
 local_bh_disable include/linux/bottom_half.h:19 [inline]
 rcu_read_lock_bh include/linux/rcupdate.h:721 [inline]
 __dev_queue_xmit+0x1f8/0x27e0 net/core/dev.c:3740
 neigh_hh_output include/net/neighbour.h:502 [inline]
 neigh_output include/net/neighbour.h:516 [inline]
 ip6_finish_output2+0xf67/0x18e0 net/ipv6/ip6_output.c:144
 NF_HOOK_COND include/linux/netfilter.h:292 [inline]
 ip6_output+0x1b3/0x430 net/ipv6/ip6_output.c:248
 dst_output include/net/dst.h:438 [inline]
 NF_HOOK include/linux/netfilter.h:303 [inline]
 ndisc_send_skb+0x702/0xc30 net/ipv6/ndisc.c:509
 addrconf_rs_timer+0x2d1/0x600 net/ipv6/addrconf.c:3953
 call_timer_fn+0x36/0x390 kernel/time/timer.c:1448
 expire_timers kernel/time/timer.c:1493 [inline]
 __run_timers+0x879/0xbe0 kernel/time/timer.c:1817
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1830
 __do_softirq+0x23b/0x6b7 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x195/0x1c0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:538 [inline]
 smp_apic_timer_interrupt+0x11a/0x460 arch/x86/kernel/apic/apic.c:1149
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:834
 </IRQ>
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x45/0x60 kernel/locking/spinlock.c:199
Code: 08 00 74 0c 48 c7 c7 90 3b eb 85 e8 75 12 43 fd 48 83 3d cd 2c 9a 01 00 74 29 48 89 df e8 e3 e7 fa fc 66 90 fb bf 01 00 00 00 <e8> 66 d4 f3 fc 65 8b 05 ab 7e b1 7b 85 c0 74 02 5b c3 e8 34 45 af
RSP: 0018:ffff8881dfbefc30 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000001 RBX: ffff8881f6f57b40 RCX: dffffc0000000000
RDX: 0000000040000002 RSI: 0000000000000000 RDI: 0000000000000001
RBP: ffff8881dfbefc90 R08: ffffffff81799989 R09: fffffbfff0c96e5b
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f6f57b40
R13: ffff8881e5909f80 R14: dffffc0000000000 R15: 0000000000000000
 finish_lock_switch kernel/sched/core.c:3347 [inline]
 finish_task_switch+0x130/0x590 kernel/sched/core.c:3447
 context_switch kernel/sched/core.c:3611 [inline]
 __schedule+0xb0d/0x1320 kernel/sched/core.c:4307
 preempt_schedule_irq+0xc7/0x140 kernel/sched/core.c:4558
 retint_kernel+0x1b/0x1b
RIP: 0010:exit_to_usermode_loop+0x20/0x1a0 arch/x86/entry/common.c:148
Code: 2e 0f 1f 84 00 00 00 00 00 90 41 57 41 56 41 54 53 41 89 f7 49 89 fe 49 bc 00 00 00 00 00 fc ff df e8 a4 d2 63 00 fb 44 89 fe <83> e6 08 31 ff e8 86 d5 63 00 44 89 f8 83 e0 08 75 07 e8 89 d2 63
RSP: 0000:ffff8881dfbefef0 EFLAGS: 00000287 ORIG_RAX: ffffffffffffff09
RAX: ffffffff8100697c RBX: 0000000000000000 RCX: 0000000000040000
RDX: ffffc90003759000 RSI: 0000000000000008 RDI: 0000000000001409
RBP: 0000000000000008 R08: ffffffff810067f2 R09: ffffed103cb213f1
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff1103cb213f0 R14: ffff8881dfbeff58 R15: 0000000000000008
 prepare_exit_to_usermode+0x199/0x200 arch/x86/entry/common.c:194
 ret_from_intr+0x1c/0x1c
RIP: 0033:0x7fb5248e4b29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb523b66048 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: 00007fb524a72fa0 RCX: 00007fb5248e4b29
RDX: 00000000200006c0 RSI: 0000000000005452 RDI: 0000000000000004
RBP: 00007fb524965756 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fb524a72fa0 R15: 00007ffd2d4e5328
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 5109 Comm: syz.1.1507 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:rcu_nmi_enter_common kernel/rcu/tree.c:815 [inline]
RIP: 0010:rcu_irq_enter+0x67/0x2b0 kernel/rcu/tree.c:879
Code: e8 8e b9 42 00 48 8b 2b 4c 8d b5 98 89 05 00 4d 89 f5 49 c1 ed 03 43 80 7c 25 00 00 74 08 4c 89 f7 e8 6d b9 42 00 49 83 3e 00 <0f> 88 99 01 00 00 e8 1e 04 e0 00 89 c3 83 f8 08 0f 83 f2 01 00 00
RSP: 0018:ffff8881f6e095f0 EFLAGS: 00000002
RAX: 1ffffffff0ac63e2 RBX: ffffffff85631f10 RCX: ffff8881e7654ec0
RDX: 0000000000000503 RSI: 0000000000000503 RDI: 0000000000000000
RBP: ffff8881f6e00000 R08: ffffffff82316ca1 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: 1ffff1103edcb133 R14: ffff8881f6e58998 R15: 0000000000000000
FS:  00007f36937076c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3694485aff CR3: 0000000005e0e000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000020000300 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 irq_enter+0x8/0xa0 kernel/softirq.c:347
 ipi_entering_ack_irq arch/x86/include/asm/apic.h:531 [inline]
 smp_irq_work_interrupt+0xc/0x250 arch/x86/kernel/irq_work.c:18
 irq_work_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:865
RIP: 0010:___neigh_create+0x1270/0x1ae0 net/core/neighbour.c:640
Code: 24 08 0f 85 8f 06 00 00 31 c9 2a 4b 08 41 d3 ee 49 89 dc 49 c1 ec 03 43 80 3c 3c 00 48 89 df 74 09 e8 f4 29 11 fe 48 8b 3c 24 <45> 89 f6 49 c1 e6 03 48 8b 1f 4c 01 f3 48 89 d8 48 c1 e8 03 42 80
RSP: 0018:ffff8881f6e09720 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff09
RAX: 0000000000000000 RBX: ffff8881ef59ae00 RCX: 00000000000000f6
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffff8881ef59ae00
RBP: ffff8881c94b7000 R08: ffffffff8382f64c R09: fffffbfff0c7f88b
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1103deb35c0
R13: ffff8881c94b7000 R14: 00000000000003c1 R15: dffffc0000000000
 ip6_finish_output2+0x965/0x18e0 net/ipv6/ip6_output.c:141
 NF_HOOK_COND include/linux/netfilter.h:292 [inline]
 ip6_output+0x1b3/0x430 net/ipv6/ip6_output.c:248
 dst_output include/net/dst.h:438 [inline]
 NF_HOOK include/linux/netfilter.h:303 [inline]
 ndisc_send_skb+0x702/0xc30 net/ipv6/ndisc.c:509
 addrconf_rs_timer+0x2d1/0x600 net/ipv6/addrconf.c:3953
 call_timer_fn+0x36/0x390 kernel/time/timer.c:1448
 expire_timers kernel/time/timer.c:1493 [inline]
 __run_timers+0x879/0xbe0 kernel/time/timer.c:1817
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1830
 __do_softirq+0x23b/0x6b7 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x195/0x1c0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:538 [inline]
 smp_apic_timer_interrupt+0x11a/0x460 arch/x86/kernel/apic/apic.c:1149
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:834
 </IRQ>
RIP: 0010:__read_once_size_nocheck+0x3/0x10 include/linux/compiler.h:286
Code: 80 e1 07 38 c1 0f 8c ae fc ff ff 48 89 df e8 d4 37 64 00 48 ba 00 00 00 00 00 fc ff df e9 97 fc ff ff e8 e0 07 0b 00 48 8b 07 <48> 89 06 c3 66 0f 1f 84 00 00 00 00 00 be 17 00 00 00 48 c7 c7 a0
RSP: 0018:ffff8881eb59ead8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: ffff8881eb59f750 RBX: 1ffff1103d6b3d64 RCX: ffffffff8675f610
RDX: ffff8881eb59ee40 RSI: ffff8881eb59eb20 RDI: ffff8881eb59f5d8
RBP: ffff8881eb59ebb0 R08: 000000000000002d R09: ffff8881eb59ef10
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881eb59eb20
R13: dffffc0000000000 R14: 1ffff1103d6b3d60 R15: ffff8881eb59f5b8
 get_reg+0x105/0x220 arch/x86/kernel/unwind_orc.c:400
 unwind_next_frame+0x1574/0x1ea0 arch/x86/kernel/unwind_orc.c:574
 arch_stack_walk+0x111/0x140 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x118/0x1c0 kernel/stacktrace.c:123
 save_stack+0x95/0x880 mm/page_owner.c:122
 __reset_page_owner+0x1f/0x100 mm/page_owner.c:149
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1176 [inline]
 __free_pages_ok+0x847/0x950 mm/page_alloc.c:1438
 free_the_page mm/page_alloc.c:4955 [inline]
 __free_pages+0x91/0x140 mm/page_alloc.c:4961
 free_thread_stack kernel/fork.c:299 [inline]
 release_task_stack kernel/fork.c:439 [inline]
 put_task_stack+0x212/0x260 kernel/fork.c:450
 finish_task_switch+0x24a/0x590 kernel/sched/core.c:3479
 context_switch kernel/sched/core.c:3611 [inline]
 __schedule+0xb0d/0x1320 kernel/sched/core.c:4307
 preempt_schedule_irq+0xc7/0x140 kernel/sched/core.c:4558
 retint_kernel+0x1b/0x1b
RIP: 0010:uncharge_list mm/memcontrol.c:6799 [inline]
RIP: 0010:mem_cgroup_uncharge_list+0xbf/0x160 mm/memcontrol.c:6844
Code: 24 18 4c 8d 74 24 40 ba 40 00 00 00 4c 89 f7 31 f6 e8 d5 38 fc ff 43 80 3c 2c 00 74 08 4c 89 ff e8 46 65 fc ff 49 8b 1f eb 13 <48> 8b 1b 4c 89 e7 4c 89 f6 e8 23 f5 ff ff 4c 39 fb 74 1c 4c 8d 63
RSP: 0018:ffff8881eb59f660 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff02
RAX: 1ffffd4000f0e8f9 RBX: ffffea00078747c8 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffea0007874f00
RBP: ffff8881eb59f750 R08: dffffc0000000000 R09: fffff94000f0e9e1
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffea00078747c0
R13: dffffc0000000000 R14: ffff8881eb59f6a0 R15: ffff8881eb59f800
 release_pages+0xad0/0xb20 mm/swap.c:841
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:189 [inline]
 tlb_flush_mmu mm/mmu_gather.c:196 [inline]
 tlb_finish_mmu+0x177/0x320 mm/mmu_gather.c:277
 exit_mmap+0x2dc/0x520 mm/mmap.c:3193
 __mmput+0x8e/0x2c0 kernel/fork.c:1101
 exit_mm kernel/exit.c:536 [inline]
 do_exit+0xc08/0x2bc0 kernel/exit.c:846
 do_group_exit+0x138/0x300 kernel/exit.c:982
 get_signal+0xdb1/0x1440 kernel/signal.c:2735
 do_signal+0xb0/0x11f0 arch/x86/kernel/signal.c:809
 exit_to_usermode_loop+0xc0/0x1a0 arch/x86/entry/common.c:159
 prepare_exit_to_usermode+0x199/0x200 arch/x86/entry/common.c:194
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
RIP: 0033:0x7f3694485b29
Code: Bad RIP value.
RSP: 002b:00007f3693707048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: 0000000000000000 RBX: 00007f3694613fa0 RCX: 00007f3694485b29
RDX: 0000000020000540 RSI: 0000000000005452 RDI: 0000000000000004
RBP: 00007f3694506756 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f3694613fa0 R15: 00007fffb2a085f8