watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz.0.149:7083]
Modules linked in:
irq event stamp: 34156456
hardirqs last  enabled at (34156455): [<ffff80008035fd50>] try_to_grab_pending kernel/workqueue.c:2132 [inline]
hardirqs last  enabled at (34156455): [<ffff80008035fd50>] work_grab_pending+0x300/0x834 kernel/workqueue.c:2157
hardirqs last disabled at (34156456): [<ffff80008b6859a4>] __el1_irq arch/arm64/kernel/entry-common.c:557 [inline]
hardirqs last disabled at (34156456): [<ffff80008b6859a4>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:575
softirqs last  enabled at (34127064): [<ffff80008030d534>] softirq_handle_end kernel/softirq.c:400 [inline]
softirqs last  enabled at (34127064): [<ffff80008030d534>] handle_softirqs+0xb44/0xd34 kernel/softirq.c:582
softirqs last disabled at (34127055): [<ffff800080020db4>] __do_softirq+0x14/0x20 kernel/softirq.c:588
CPU: 1 UID: 0 PID: 7083 Comm: syz.0.149 Not tainted 6.13.0-rc2-syzkaller-g2e7aff49b5da #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : cpu_relax arch/arm64/include/asm/vdso/processor.h:12 [inline]
pc : work_grab_pending+0x70/0x834 kernel/workqueue.c:2160
lr : try_to_grab_pending kernel/workqueue.c:2132 [inline]
lr : work_grab_pending+0x320/0x834 kernel/workqueue.c:2157
sp : ffff8000a42677a0
x29: ffff8000a42677c0 x28: 1ffff0001484cf0c x27: dfff800000000000
x26: 0000000000000001 x25: 1fffffbff7ee0b7f x24: 0000000000000001
x23: ffff8000a4267860 x22: 0000000000000001 x21: fffffdffbf705bf8
x20: 00000000000000c0 x19: fffffdffbf705bf8 x18: ffff8000a42675c0
x17: 000000000002d0f9 x16: ffff800080460e20 x15: 0000000000000001
x14: 1fffffbff7ee0b7f x13: ffff8000a4268000 x12: 0000000000000003
x11: 0000000000080000 x10: 000000000007ffff x9 : ffff8000a4e59000
x8 : 0000000000000000 x7 : ffff80008037ab90 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000007 x1 : 0000000000000080 x0 : 0000000000000000
Call trace:
 __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline] (P)
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline] (P)
 try_to_grab_pending kernel/workqueue.c:2132 [inline] (P)
 work_grab_pending+0x70/0x834 kernel/workqueue.c:2157 (P)
 try_to_grab_pending kernel/workqueue.c:2132 [inline] (L)
 work_grab_pending+0x320/0x834 kernel/workqueue.c:2157 (L)
 mod_delayed_work_on+0xb4/0x1f0 kernel/workqueue.c:2585
 xfs_inodegc_queue fs/xfs/xfs_icache.c:2212 [inline]
 xfs_inode_mark_reclaimable+0x664/0x1094 fs/xfs/xfs_icache.c:2248
 xfs_fs_destroy_inode+0x324/0x670 fs/xfs/xfs_super.c:672
 destroy_inode fs/inode.c:386 [inline]
 evict+0x744/0x978 fs/inode.c:827
 iput_final fs/inode.c:1946 [inline]
 iput+0x740/0x8e8 fs/inode.c:1972
 do_unlinkat+0x528/0x700 fs/namei.c:4594
 __do_sys_unlinkat fs/namei.c:4630 [inline]
 __se_sys_unlinkat fs/namei.c:4623 [inline]
 __arm64_sys_unlinkat+0xc8/0xf8 fs/namei.c:4623
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 7170 Comm: syz-executor Not tainted 6.13.0-rc2-syzkaller-g2e7aff49b5da #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : preempt_count arch/arm64/include/asm/preempt.h:13 [inline]
pc : check_kcov_mode kernel/kcov.c:183 [inline]
pc : write_comp_data kernel/kcov.c:246 [inline]
pc : __sanitizer_cov_trace_const_cmp4+0x14/0xa0 kernel/kcov.c:314
lr : rcu_read_unlock_sched include/linux/rcupdate.h:960 [inline]
lr : pfn_valid+0x328/0x418 include/linux/mmzone.h:2058
sp : ffff80009db06ed0
x29: ffff80009db06ee0 x28: 1fffffbff882f873 x27: 1fffe00020c25df6
x26: fffffdffc417c388 x25: fffffdffc417c380 x24: dfff800000000000
x23: fffffdffbf00000f x22: dfff800000000000 x21: fffffdffbf00000f
x20: 0000000000000001 x19: 0000000000000001 x18: 1fffe0001a54295c
x17: ffff80008f97d000 x16: ffff80008b689958 x15: 0000000000000001
x14: 1ffff00011f300ca x13: dfff800000000000 x12: 0000000031f6ac4d
x11: 00000000c60eb3fe x10: 0000000000ff0100 x9 : 0000000000000002
x8 : ffff0000ceda5ac0 x7 : ffff800080ca32a8 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
 preempt_count arch/arm64/include/asm/preempt.h:13 [inline] (P)
 check_kcov_mode kernel/kcov.c:183 [inline] (P)
 write_comp_data kernel/kcov.c:246 [inline] (P)
 __sanitizer_cov_trace_const_cmp4+0x14/0xa0 kernel/kcov.c:314 (P)
 rcu_read_unlock_sched include/linux/rcupdate.h:960 [inline] (L)
 pfn_valid+0x328/0x418 include/linux/mmzone.h:2058 (L)
 page_table_check_clear+0x34/0x3f8 mm/page_table_check.c:70
 __page_table_check_pte_clear+0xa0/0xc0 mm/page_table_check.c:169
 page_table_check_pte_clear include/linux/page_table_check.h:49 [inline]
 __ptep_get_and_clear arch/arm64/include/asm/pgtable.h:1284 [inline]
 __get_and_clear_full_ptes arch/arm64/include/asm/pgtable.h:1307 [inline]
 get_and_clear_full_ptes arch/arm64/include/asm/pgtable.h:1708 [inline]
 zap_present_folio_ptes mm/memory.c:1502 [inline]
 zap_present_ptes mm/memory.c:1585 [inline]
 zap_pte_range mm/memory.c:1627 [inline]
 zap_pmd_range mm/memory.c:1753 [inline]
 zap_pud_range mm/memory.c:1782 [inline]
 zap_p4d_range mm/memory.c:1803 [inline]
 unmap_page_range+0x26b8/0x2e60 mm/memory.c:1824
 unmap_single_vma mm/memory.c:1870 [inline]
 unmap_vmas+0x378/0x598 mm/memory.c:1914
 exit_mmap+0x1dc/0xbf8 mm/mmap.c:1668
 __mmput+0xec/0x390 kernel/fork.c:1353
 mmput+0x70/0xac kernel/fork.c:1375
 exit_mm+0x148/0x210 kernel/exit.c:570
 do_exit+0x470/0x1ad0 kernel/exit.c:925
 do_group_exit+0x194/0x22c kernel/exit.c:1087
 get_signal+0x1418/0x1534 kernel/signal.c:3017
 do_signal+0x23c/0x391c arch/arm64/kernel/signal.c:1645
 do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:745
 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600