watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-fuzzer:10841] Modules linked in: irq event stamp: 4173032 hardirqs last enabled at (4173031): [] kvm_wait arch/x86/kernel/kvm.c:799 [inline] hardirqs last enabled at (4173031): [] kvm_wait+0x14b/0x240 arch/x86/kernel/kvm.c:779 hardirqs last disabled at (4173032): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (4173020): [] __do_softirq+0x678/0x980 kernel/softirq.c:318 softirqs last disabled at (4172891): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (4172891): [] irq_exit+0x215/0x260 kernel/softirq.c:412 CPU: 0 PID: 10841 Comm: syz-fuzzer Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61 Code: 48 89 df e8 f4 20 7f f9 e9 2e ff ff ff 48 89 df e8 e7 20 7f f9 eb 82 90 90 90 90 90 e9 07 00 00 00 0f 00 2d 14 43 4e 00 fb f4 90 e9 07 00 00 00 0f 00 2d 04 43 4e 00 f4 c3 90 90 41 56 41 55 RSP: 0000:ffff888045527ad8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff13e3054 RBX: ffff8880b36d74d0 RCX: 1ffff11012560532 RDX: dffffc0000000000 RSI: ffff888092b02970 RDI: ffff888092b02944 RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000286 R13: ffffed10166dae9a R14: 0000000000000001 R15: ffff8880ba02be00 FS: 000000c010a27c90(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c02a2d95d1 CR3: 00000000af2b9000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] kvm_wait arch/x86/kernel/kvm.c:799 [inline] kvm_wait+0x179/0x240 arch/x86/kernel/kvm.c:779 pv_wait arch/x86/include/asm/paravirt.h:689 [inline] pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:471 [inline] __pv_queued_spin_lock_slowpath+0x86a/0xae0 kernel/locking/qspinlock.c:474 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:679 [inline] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:53 [inline] queued_spin_lock include/asm-generic/qspinlock.h:88 [inline] do_raw_spin_lock+0x189/0x220 kernel/locking/spinlock_debug.c:113 spin_lock include/linux/spinlock.h:329 [inline] do_anonymous_page+0xbb6/0x1be0 mm/memory.c:3331 handle_pte_fault mm/memory.c:4173 [inline] __handle_mm_fault+0x227a/0x41c0 mm/memory.c:4299 handle_mm_fault+0x436/0xb10 mm/memory.c:4336 __do_page_fault+0x68e/0xd60 arch/x86/mm/fault.c:1412 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x46649c Code: 00 01 00 00 48 81 c7 00 01 00 00 48 81 fb 00 01 00 00 0f 83 6e ff ff ff e9 f7 fe ff ff c5 fd ef c0 48 81 fb 00 00 00 02 73 46 fe 7f 07 c5 fe 7f 47 20 c5 fe 7f 47 40 c5 fe 7f 47 60 48 81 eb RSP: 002b:000000c00adab9e0 EFLAGS: 00010283 RAX: 0000000000000000 RBX: 0000000000000a2f RCX: 000000000000a000 RDX: 000000c02a2d95d1 RSI: 0000000000000001 RDI: 000000c02a2d95d1 RBP: 000000c00adaba40 R08: 00007fa0ca3495b8 R09: 0000000000000000 R10: 00007fa0988fa640 R11: 0000000000000001 R12: 000000c02a2d0000 R13: 0000000000000000 R14: 000000c00023b040 R15: 0000000001153fc0 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 8102 Comm: syz-fuzzer Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 RIP: 0010:fq_flow_add_tail net/sched/sch_fq.c:138 [inline] RIP: 0010:fq_dequeue+0x7be/0x12b0 net/sched/sch_fq.c:489 Code: 00 0f 85 a5 09 00 00 4c 89 f8 4c 8b 6d 40 48 c1 e8 03 42 80 3c 20 00 0f 85 13 09 00 00 48 8b 44 24 10 4d 89 2f 42 80 3c 20 00 <0f> 85 0d 09 00 00 48 83 bb 90 02 00 00 00 0f 84 ce 00 00 00 e8 99 RSP: 0000:ffff8880ba1071c0 EFLAGS: 00000246 RAX: 1ffff11014a11722 RBX: ffff8880a508b680 RCX: ffffffff8699cbf7 RDX: 0000000000000100 RSI: ffffffff8699cd5b RDI: ffff88809be26a18 RBP: ffff88809be269d8 R08: ffffffff8c665058 R09: 0000000000000000 R10: 0000000000000005 R11: ffffffff8c66505b R12: dffffc0000000000 R13: 0000000000000000 R14: ffff8880a508b900 R15: ffff8880a508b910 FS: 000000c0001dec90(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c02a289000 CR3: 00000000af2b9000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dequeue_skb net/sched/sch_generic.c:282 [inline] qdisc_restart net/sched/sch_generic.c:385 [inline] __qdisc_run+0x1b9/0x1640 net/sched/sch_generic.c:403 __dev_xmit_skb net/core/dev.c:3500 [inline] __dev_queue_xmit+0x1518/0x2e00 net/core/dev.c:3807 neigh_hh_output include/net/neighbour.h:491 [inline] neigh_output include/net/neighbour.h:499 [inline] ip_finish_output2+0xb6d/0x15a0 net/ipv4/ip_output.c:230 ip_finish_output+0xae9/0x10b0 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip_output+0x203/0x5f0 net/ipv4/ip_output.c:406 dst_output include/net/dst.h:455 [inline] ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125 ip_send_skb net/ipv4/ip_output.c:1452 [inline] ip_push_pending_frames+0x8b/0x140 net/ipv4/ip_output.c:1472 icmp_push_reply+0x3bb/0x530 net/ipv4/icmp.c:398 __icmp_send+0x11d1/0x1520 net/ipv4/icmp.c:773 icmp_send include/net/icmp.h:47 [inline] __udp4_lib_rcv+0x1613/0x3180 net/ipv4/udp.c:2268 ip_local_deliver_finish+0x495/0xc00 net/ipv4/ip_input.c:215 NF_HOOK include/linux/netfilter.h:289 [inline] ip_local_deliver+0x188/0x500 net/ipv4/ip_input.c:256 dst_input include/net/dst.h:461 [inline] ip_rcv_finish+0x1ca/0x2e0 net/ipv4/ip_input.c:414 NF_HOOK include/linux/netfilter.h:289 [inline] ip_rcv+0xca/0x3c0 net/ipv4/ip_input.c:524 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066 process_backlog+0x241/0x700 net/core/dev.c:5849 napi_poll net/core/dev.c:6280 [inline] net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:23 [inline] RIP: 0010:do_memsw_account mm/memcontrol.c:100 [inline] RIP: 0010:mem_cgroup_commit_charge+0x211/0x4d0 mm/memcontrol.c:6065 Code: 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 5d 02 00 00 48 83 3d a4 53 52 08 00 0f 84 b7 01 00 00 fb 66 0f 1f 44 00 00 0f 00 00 00 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 8b 05 RSP: 0000:ffff888095007bc8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff13e3053 RBX: 0000000000000000 RCX: 1ffff11013ff31b2 RDX: dffffc0000000000 RSI: ffff88809ff98d70 RDI: ffff88809ff98d44 RBP: ffffea0001483700 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffea0001483708 R13: ffffea0001483700 R14: 0000000000000001 R15: ffff8880b59f68c0 do_anonymous_page+0x1321/0x1be0 mm/memory.c:3350 handle_pte_fault mm/memory.c:4173 [inline] __handle_mm_fault+0x227a/0x41c0 mm/memory.c:4299 handle_mm_fault+0x436/0xb10 mm/memory.c:4336 __do_page_fault+0x68e/0xd60 arch/x86/mm/fault.c:1412 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x466a7c Code: 4c 01 de 48 29 c3 c5 fe 6f 06 c5 fe 6f 4e 20 c5 fe 6f 56 40 c5 fe 6f 5e 60 48 01 c6 c5 fd 7f 07 c5 fd 7f 4f 20 c5 fd 7f 57 40 fd 7f 5f 60 48 01 c7 48 29 c3 77 cf 48 01 c3 48 01 fb c4 c1 7e RSP: 002b:000000c02ab1b960 EFLAGS: 00010202 RAX: 0000000000000080 RBX: 0000000000002b1c RCX: 000000c0299cfb3c RDX: 000000000000c000 RSI: 000000c0299cd020 RDI: 000000c02a288fa0 RBP: 000000c02ab1ba10 R08: 00007fa0ca349108 R09: 0000000000000000 R10: 000000c02a280000 R11: 0000000000000020 R12: 000000c02a280000 R13: 0000000000000000 R14: 000000c00023a1a0 R15: 00007fa0a13719d5