watchdog: BUG: soft lockup - CPU#1 stuck for 122s! [syz-executor.5:15436]
Modules linked in:
irq event stamp: 15204241
hardirqs last  enabled at (15204240): [<ffffffff8aa014aa>] asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:670
hardirqs last disabled at (15204241): [<ffffffff8a7d8e8e>] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1076
softirqs last  enabled at (111094): [<ffffffff815019c7>] invoke_softirq kernel/softirq.c:427 [inline]
softirqs last  enabled at (111094): [<ffffffff815019c7>] __irq_exit_rcu kernel/softirq.c:632 [inline]
softirqs last  enabled at (111094): [<ffffffff815019c7>] irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644
softirqs last disabled at (111097): [<ffffffff815019c7>] invoke_softirq kernel/softirq.c:427 [inline]
softirqs last disabled at (111097): [<ffffffff815019c7>] __irq_exit_rcu kernel/softirq.c:632 [inline]
softirqs last disabled at (111097): [<ffffffff815019c7>] irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644
CPU: 1 PID: 15436 Comm: syz-executor.5 Not tainted 6.6.0-syzkaller-10136-g0ca98fca84b3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
RIP: 0010:unwind_next_frame+0x1788/0x2390 arch/x86/kernel/unwind_orc.c:521
Code: 48 c1 e8 03 0f b6 0c 10 49 8d 44 24 01 48 89 c6 48 c1 ee 03 0f b6 14 16 4c 89 e6 83 e6 07 40 38 f1 40 0f 9e c6 84 c9 0f 95 c1 <40> 84 ce 75 15 83 e0 07 38 c2 0f 9e c1 84 d2 0f 95 c0 84 c1 0f 84
RSP: 0018:ffffc900001f0540 EFLAGS: 00000246
RAX: ffffffff8faf6a3d RBX: ffffc900001f05c0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffc900001f0600
RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000000009
R10: 0000000000000004 R11: dffffc0000000000 R12: ffffffff8faf6a3c
R13: 0000000000000004 R14: ffffffff8faf6a40 R15: ffffc900001f0a20
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b3162e000 CR3: 000000000cd77000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 arch_stack_walk+0xfa/0x170 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x96/0xd0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x50 mm/kasan/common.c:45
 kasan_set_track+0x25/0x30 mm/kasan/common.c:52
 kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:522
 ____kasan_slab_free mm/kasan/common.c:236 [inline]
 ____kasan_slab_free+0x15b/0x1b0 mm/kasan/common.c:200
 kasan_slab_free include/linux/kasan.h:164 [inline]
 slab_free_hook mm/slub.c:1800 [inline]
 slab_free_freelist_hook+0x114/0x1e0 mm/slub.c:1826
 slab_free mm/slub.c:3809 [inline]
 kmem_cache_free+0xf0/0x470 mm/slub.c:3831
 kfree_skbmem+0x166/0x1b0 net/core/skbuff.c:1036
 tcp_wmem_free_skb include/net/tcp.h:312 [inline]
 tcp_write_queue_purge+0x186/0xd60 net/ipv4/tcp.c:2960
 tcp_write_err net/ipv4/tcp_timer.c:79 [inline]
 tcp_write_timeout net/ipv4/tcp_timer.c:295 [inline]
 tcp_retransmit_timer+0x10cc/0x4050 net/ipv4/tcp_timer.c:577
 tcp_write_timer_handler net/ipv4/tcp_timer.c:693 [inline]
 tcp_write_timer_handler+0x55a/0xa50 net/ipv4/tcp_timer.c:667
 tcp_write_timer+0xa6/0x2b0 net/ipv4/tcp_timer.c:710
 call_timer_fn+0x193/0x580 kernel/time/timer.c:1700
 expire_timers kernel/time/timer.c:1751 [inline]
 __run_timers+0x764/0xb10 kernel/time/timer.c:2022
 run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035
 __do_softirq+0x21a/0x968 kernel/softirq.c:553
 invoke_softirq kernel/softirq.c:427 [inline]
 __irq_exit_rcu kernel/softirq.c:632 [inline]
 irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1076
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:page_table_check_clear mm/page_table_check.c:84 [inline]
RIP: 0010:page_table_check_clear+0x49d/0x9a0 mm/page_table_check.c:61
Code: 89 df e8 56 53 f5 ff 48 89 d8 48 c1 e8 03 42 0f b6 14 38 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 26 04 00 00 8b 03 <31> ff 89 c6 89 44 24 08 e8 56 b6 9e ff 8b 44 24 08 85 c0 0f 85 35
RSP: 0018:ffffc900035ef610 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff888017218c80 RCX: ffffffff81e9cb3a
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888017218c80
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed1002e43190
R10: ffff888017218c83 R11: 0000000000000001 R12: ffff888017218c40
R13: 0000000000000001 R14: 0000000000000000 R15: dffffc0000000000
 __page_table_check_pte_clear+0xef/0x100 mm/page_table_check.c:158
 page_table_check_pte_clear include/linux/page_table_check.h:49 [inline]
 ptep_get_and_clear_full arch/x86/include/asm/pgtable.h:1301 [inline]
 zap_pte_range mm/memory.c:1431 [inline]
 zap_pmd_range mm/memory.c:1573 [inline]
 zap_pud_range mm/memory.c:1602 [inline]
 zap_p4d_range mm/memory.c:1623 [inline]
 unmap_page_range+0x18e0/0x2c10 mm/memory.c:1644
 unmap_single_vma+0x194/0x2b0 mm/memory.c:1690
 unmap_vmas+0x229/0x470 mm/memory.c:1734
 exit_mmap+0x1ad/0xa60 mm/mmap.c:3224
 __mmput+0x12a/0x4d0 kernel/fork.c:1349
 mmput+0x62/0x70 kernel/fork.c:1371
 exit_mm kernel/exit.c:569 [inline]
 do_exit+0x9ad/0x2a20 kernel/exit.c:863
 do_group_exit+0xd4/0x2a0 kernel/exit.c:1026
 get_signal+0x23ba/0x2790 kernel/signal.c:2900
 arch_do_signal_or_restart+0x90/0x7f0 arch/x86/kernel/signal.c:309
 exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
 exit_to_user_mode_prepare+0x11f/0x240 kernel/entry/common.c:204
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x1d/0x60 kernel/entry/common.c:296
 do_syscall_64+0x4b/0x110 arch/x86/entry/common.c:88
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f5959a7cae9
Code: Unable to access opcode bytes at 0x7f5959a7cabf.
RSP: 002b:00007f595a871178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000000 RBX: 00007f5959b9bf88 RCX: 00007f5959a7cae9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5959b9bf88
RBP: 00007f5959b9bf80 R08: 00007f595a8716c0 R09: 00007f595a8716c0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5959b9bf8c
R13: 000000000000000b R14: 00007ffd66634270 R15: 00007ffd66634358
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 15435 Comm: syz-executor.4 Not tainted 6.6.0-syzkaller-10136-g0ca98fca84b3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
RIP: 0010:check_region_inline mm/kasan/generic.c:167 [inline]
RIP: 0010:kasan_check_range+0x14c/0x190 mm/kasan/generic.c:187
Code: c0 01 49 89 d3 48 39 d0 74 11 80 38 00 74 ef 4d 8d 1c 2c 48 85 c0 48 89 c2 75 97 48 89 da 4c 89 d8 4c 29 da e9 30 ff ff ff 5b <b8> 01 00 00 00 5d 41 5c c3 b8 01 00 00 00 c3 48 29 c3 48 89 da 49
RSP: 0018:ffffc90000007030 EFLAGS: 00000046
RAX: fffffbfff23dedda RBX: 000000000000004f RCX: ffffffff81689b47
RDX: fffffbfff23dedda RSI: 0000000000000008 RDI: ffffffff91ef6ec8
RBP: fffffbfff23dedd9 R08: 0000000000000000 R09: fffffbfff23dedd9
R10: ffffffff91ef6ecf R11: 0000000000000000 R12: 000000000000004f
R13: ffff88804c700b48 R14: 0000000000000000 R15: 0000000000020000
FS:  00007fbce20566c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31639000 CR3: 000000003418d000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
 hlock_class kernel/locking/lockdep.c:228 [inline]
 check_wait_context kernel/locking/lockdep.c:4772 [inline]
 __lock_acquire+0x437/0x5de0 kernel/locking/lockdep.c:5086
 lock_acquire kernel/locking/lockdep.c:5753 [inline]
 lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5718
 seqcount_lockdep_reader_access include/linux/seqlock.h:102 [inline]
 ktime_get+0x80/0x490 kernel/time/timekeeping.c:846
 clockevents_program_event+0x14b/0x370 kernel/time/clockevents.c:326
 tick_program_event+0xa5/0x130 kernel/time/tick-oneshot.c:44
 hrtimer_interrupt+0x36d/0x800 kernel/time/hrtimer.c:1827
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1065 [inline]
 __sysvec_apic_timer_interrupt+0x105/0x3f0 arch/x86/kernel/apic/apic.c:1082
 sysvec_apic_timer_interrupt+0x42/0xc0 arch/x86/kernel/apic/apic.c:1076
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:__sanitizer_cov_trace_pc+0x59/0x60 kernel/kcov.c:225
Code: 82 e8 15 00 00 83 f8 02 75 20 48 8b 8a f0 15 00 00 8b 92 ec 15 00 00 48 8b 01 48 83 c0 01 48 39 d0 73 07 48 89 01 48 89 34 c1 <c3> 66 0f 1f 44 00 00 f3 0f 1e fa 41 57 41 56 41 55 41 54 55 53 48
RSP: 0018:ffffc900000074e8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffffff8f3557fc RCX: ffffffff813a7be4
RDX: ffff88804c700000 RSI: ffffffff813a7b90 RDI: 0000000000000006
RBP: ffffffff8f3557fc R08: 0000000000000006 R09: ffffffff8237c52c
R10: ffffffff8237c4fb R11: dffffc0000000000 R12: ffffffff8237c52c
R13: ffffffff8237c4fb R14: dffffc0000000000 R15: ffffffff8f3557f8
 __orc_find+0x70/0x130 arch/x86/kernel/unwind_orc.c:99
 orc_find arch/x86/kernel/unwind_orc.c:227 [inline]
 unwind_next_frame+0x329/0x2390 arch/x86/kernel/unwind_orc.c:494
 arch_stack_walk+0xfa/0x170 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x96/0xd0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x50 mm/kasan/common.c:45
 kasan_set_track+0x25/0x30 mm/kasan/common.c:52
 kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:522
 ____kasan_slab_free mm/kasan/common.c:236 [inline]
 ____kasan_slab_free+0x15b/0x1b0 mm/kasan/common.c:200
 kasan_slab_free include/linux/kasan.h:164 [inline]
 slab_free_hook mm/slub.c:1800 [inline]
 slab_free_freelist_hook+0x114/0x1e0 mm/slub.c:1826
 slab_free mm/slub.c:3809 [inline]
 kmem_cache_free+0xf0/0x470 mm/slub.c:3831
 kfree_skbmem+0x166/0x1b0 net/core/skbuff.c:1036
 tcp_wmem_free_skb include/net/tcp.h:312 [inline]
 tcp_write_queue_purge+0x186/0xd60 net/ipv4/tcp.c:2960
 tcp_write_err net/ipv4/tcp_timer.c:79 [inline]
 tcp_write_timeout net/ipv4/tcp_timer.c:295 [inline]
 tcp_retransmit_timer+0x10cc/0x4050 net/ipv4/tcp_timer.c:577
 tcp_write_timer_handler net/ipv4/tcp_timer.c:693 [inline]
 tcp_write_timer_handler+0x55a/0xa50 net/ipv4/tcp_timer.c:667
 tcp_write_timer+0xa6/0x2b0 net/ipv4/tcp_timer.c:710
 call_timer_fn+0x193/0x580 kernel/time/timer.c:1700
 expire_timers kernel/time/timer.c:1751 [inline]
 __run_timers+0x764/0xb10 kernel/time/timer.c:2022
 run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035
 __do_softirq+0x21a/0x968 kernel/softirq.c:553
 invoke_softirq kernel/softirq.c:427 [inline]
 __irq_exit_rcu kernel/softirq.c:632 [inline]
 irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1076
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:preempt_schedule_irq+0x4d/0x90 kernel/sched/core.c:7008
Code: 55 65 48 8b 2c 25 c0 bc 03 00 53 48 89 eb 48 c1 eb 03 48 01 c3 bf 01 00 00 00 e8 1e 14 db f6 e8 99 4c 0f f7 fb bf 01 00 00 00 <e8> 7e 97 ff ff 9c 58 fa f6 c4 02 75 1a bf 01 00 00 00 e8 ac d1 da
RSP: 0018:ffffc900035df0d8 EFLAGS: 00000206
RAX: 0000000000001dc3 RBX: ffffed10098e0000 RCX: 1ffffffff23e701a
RDX: 0000000000000000 RSI: ffffffff8accbce0 RDI: 0000000000000001
RBP: ffff88804c700000 R08: 0000000000000001 R09: fffffbfff23dedeb
R10: ffffffff91ef6f5f R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 irqentry_exit+0x35/0x80 kernel/entry/common.c:432
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:__sanitizer_cov_trace_pc+0x34/0x60 kernel/kcov.c:207
Code: bc 03 00 65 8b 05 64 36 7b 7e a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74 35 8b 82 0c 16 00 00 85 c0 74 2b 8b 82 e8 15 00 00 <83> f8 02 75 20 48 8b 8a f0 15 00 00 8b 92 ec 15 00 00 48 8b 01 48
RSP: 0018:ffffc900035df1a8 EFLAGS: 00000246
RAX: 0000000000000002 RBX: 0000000000000001 RCX: ffffffff813a9884
RDX: ffff88804c700000 RSI: ffffffff813a8681 RDI: 0000000000000005
RBP: ffffc900035df580 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000000 R11: 0000000000000000 R12: ffffc900035d8000
R13: ffffc900035e0000 R14: ffffc900035df588 R15: ffffc900035df360
 unwind_next_frame+0x51/0x2390 arch/x86/kernel/unwind_orc.c:476
 arch_stack_walk+0xfa/0x170 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x96/0xd0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x50 mm/kasan/common.c:45
 kasan_set_track+0x25/0x30 mm/kasan/common.c:52
 kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:522
 ____kasan_slab_free mm/kasan/common.c:236 [inline]
 ____kasan_slab_free+0x15b/0x1b0 mm/kasan/common.c:200
 kasan_slab_free include/linux/kasan.h:164 [inline]
 slab_free_hook mm/slub.c:1800 [inline]
 slab_free_freelist_hook+0x114/0x1e0 mm/slub.c:1826
 slab_free mm/slub.c:3809 [inline]
 kmem_cache_free+0xf0/0x470 mm/slub.c:3831
 jbd2_free_handle include/linux/jbd2.h:1597 [inline]
 jbd2_journal_stop+0x708/0xe10 fs/jbd2/transaction.c:1959
 __ext4_journal_stop+0xdd/0x200 fs/ext4/ext4_jbd2.c:134
 ext4_dirty_inode+0xed/0x130 fs/ext4/inode.c:5958
 __mark_inode_dirty+0x1e0/0xd50 fs/fs-writeback.c:2452
 generic_update_time+0xcf/0xf0 fs/inode.c:1941
 inode_update_time fs/inode.c:1954 [inline]
 touch_atime+0x4eb/0x5d0 fs/inode.c:2026
 pick_link fs/namei.c:1788 [inline]
 step_into+0x14a4/0x2230 fs/namei.c:1872
 walk_component+0xfc/0x5a0 fs/namei.c:2008
 link_path_walk.part.0.constprop.0+0x71f/0xce0 fs/namei.c:2329
 link_path_walk fs/namei.c:2253 [inline]
 path_lookupat+0x93/0x770 fs/namei.c:2482
 do_o_path fs/namei.c:3750 [inline]
 path_openat+0x19cd/0x2c40 fs/namei.c:3772
 do_filp_open+0x1de/0x430 fs/namei.c:3809
 do_sys_openat2+0x176/0x1e0 fs/open.c:1440
 do_sys_open fs/open.c:1455 [inline]
 __do_sys_openat fs/open.c:1471 [inline]
 __se_sys_openat fs/open.c:1466 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1466
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fbce127cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbce20560c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fbce139bf80 RCX: 00007fbce127cae9
RDX: 0000000000200002 RSI: 0000000020000280 RDI: ffffffffffffff9c
RBP: 00007fbce12c847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fbce139bf80 R15: 00007fffd3226268
 </TASK>