------------[ cut here ]------------
NETDEV WATCHDOG: sl47 (): transmit queue 0 timed out
WARNING: CPU: 0 PID: 10457 at net/sched/sch_generic.c:442 dev_watchdog+0x87a/0xa10 net/sched/sch_generic.c:442
Modules linked in:
CPU: 0 PID: 10457 Comm: syz-executor531 Not tainted 5.11.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:dev_watchdog+0x87a/0xa10 net/sched/sch_generic.c:442
Code: 0b e9 d0 fd ff ff 48 89 ef c6 05 51 60 a6 05 01 e8 3b 44 e9 ff 44 89 f9 48 89 ee 48 c7 c7 a0 16 78 89 48 89 c2 e8 66 28 7e 01 <0f> 0b e9 dc fd ff ff 4c 89 ef e8 57 0e 2b fb e9 77 fa ff ff 48 8b
RSP: 0018:ffffc90000007cf0 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff888019f98500 RCX: 0000000000000000
RDX: 0000000000000103 RSI: ffffffff888af2a0 RDI: fffff52000000f90
RBP: ffff888019f98000 R08: 0000000000000001 R09: ffffffff8e0db89f
R10: fffffbfff1c1b713 R11: 572056454454454e R12: 00000000ffffbe01
R13: ffff88801da79c00 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555555c775d0 CR3: 00000001afa92000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 call_timer_fn+0x163/0x4b0 kernel/time/timer.c:1417
 expire_timers kernel/time/timer.c:1462 [inline]
 __run_timers.part.0+0x52a/0x8b0 kernel/time/timer.c:1731
 __run_timers kernel/time/timer.c:1712 [inline]
 run_timer_softirq+0x9c/0x190 kernel/time/timer.c:1744
 __do_softirq+0x29b/0x9f6 kernel/softirq.c:343
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:226 [inline]
 __irq_exit_rcu kernel/softirq.c:420 [inline]
 irq_exit_rcu+0x134/0x200 kernel/softirq.c:432
 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:629
RIP: 0010:lock_page_memcg+0x1b5/0x4f0 mm/memcontrol.c:2185
Code: 41 b8 01 00 00 00 4c 89 f7 e8 e7 f2 ab ff 58 48 c7 c6 86 ff a4 81 4c 89 f7 e8 c7 eb ab ff 4d 85 ff 0f 85 2e 01 00 00 41 55 9d <4c> 8d ab c0 0b 00 00 be 04 00 00 00 4c 89 ef e8 07 b9 fb ff 4c 89
RSP: 0018:ffffc90038537760 EFLAGS: 00000286
RAX: 0000000000000279 RBX: ffff888140738000 RCX: ffffffff81506cee
RDX: 0000000000000000 RSI: ffffffff888af2a0 RDI: ffffffff88dc5000
RBP: ffffc900385377c0 R08: 0000000000000001 R09: ffffffff8e0db7f7
R10: fffffbfff1c1b6fe R11: 0000000000000001 R12: dffffc0000000000
R13: 0000000000000286 R14: ffff888140738688 R15: 0000000000000200
 page_remove_rmap+0x1d/0xcd0 mm/rmap.c:1334
 zap_pte_range mm/memory.c:1264 [inline]
 zap_pmd_range mm/memory.c:1368 [inline]
 zap_pud_range mm/memory.c:1397 [inline]
 zap_p4d_range mm/memory.c:1418 [inline]
 unmap_page_range+0x99e/0x1eb0 mm/memory.c:1439
 unmap_vmas+0x14c/0x280 mm/memory.c:1516
 exit_mmap+0x245/0x4c0 mm/mmap.c:3220
 __mmput+0xeb/0x3e0 kernel/fork.c:1082
 exit_mm kernel/exit.c:501 [inline]
 do_exit+0x9e9/0x2570 kernel/exit.c:812
 do_group_exit+0xe7/0x290 kernel/exit.c:922
 get_signal+0x36c/0x1b90 kernel/signal.c:2773
 arch_do_signal_or_restart+0x2a8/0x1eb0 arch/x86/kernel/signal.c:811
 handle_signal_work kernel/entry/common.c:147 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x148/0x250 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f67cf3c8849
Code: Unable to access opcode bytes at RIP 0x7f67cf3c881f.
RSP: 002b:00007f67cf37a318 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000001 RBX: 00007f67cf4503e8 RCX: 00007f67cf3c8849
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f67cf4503ec
RBP: 00007f67cf4503e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 6d74702f7665642f
R13: 00007ffd1d64064f R14: 00007f67cf37a400 R15: 0000000000022000
----------------
Code disassembly (best guess):
   0:	41 b8 01 00 00 00    	mov    $0x1,%r8d
   6:	4c 89 f7             	mov    %r14,%rdi
   9:	e8 e7 f2 ab ff       	callq  0xffabf2f5
   e:	58                   	pop    %rax
   f:	48 c7 c6 86 ff a4 81 	mov    $0xffffffff81a4ff86,%rsi
  16:	4c 89 f7             	mov    %r14,%rdi
  19:	e8 c7 eb ab ff       	callq  0xffabebe5
  1e:	4d 85 ff             	test   %r15,%r15
  21:	0f 85 2e 01 00 00    	jne    0x155
  27:	41 55                	push   %r13
  29:	9d                   	popfq
* 2a:	4c 8d ab c0 0b 00 00 	lea    0xbc0(%rbx),%r13 <-- trapping instruction
  31:	be 04 00 00 00       	mov    $0x4,%esi
  36:	4c 89 ef             	mov    %r13,%rdi
  39:	e8 07 b9 fb ff       	callq  0xfffbb945
  3e:	4c                   	rex.WR
  3f:	89                   	.byte 0x89