watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz.1.474:8310]
Modules linked in:
irq event stamp: 11691
hardirqs last  enabled at (11690): [<ffff80008b00487c>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline]
hardirqs last  enabled at (11690): [<ffff80008b00487c>] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96
hardirqs last disabled at (11691): [<ffff80008b001cbc>] __el1_irq arch/arm64/kernel/entry-common.c:650 [inline]
hardirqs last disabled at (11691): [<ffff80008b001cbc>] el1_interrupt+0x24/0x54 arch/arm64/kernel/entry-common.c:668
softirqs last  enabled at (132): [<ffff800089d7cd18>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (132): [<ffff800089d7cd18>] xfrm_find_acq+0xa4/0xcc net/xfrm/xfrm_state.c:2355
softirqs last disabled at (134): [<ffff800089d7e02c>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (134): [<ffff800089d7e02c>] xfrm_alloc_spi+0xb0/0xd04 net/xfrm/xfrm_state.c:2572
CPU: 0 UID: 0 PID: 8310 Comm: syz.1.474 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : __sanitizer_cov_trace_cmp4+0x4/0xa0 kernel/kcov.c:287
lr : xfrm_state_lookup_spi_proto net/xfrm/xfrm_state.c:1708 [inline]
lr : xfrm_alloc_spi+0x380/0xd04 net/xfrm/xfrm_state.c:2589
sp : ffff80009dc86f40
x29: ffff80009dc87040 x28: 0000000000000033 x27: 0000000000000003
x26: ffff0000caed2440 x25: ffff0000caed38e0 x24: dfff800000000000
x23: ffff0000f7490cc0 x22: ffff0000caed38e0 x21: 00000000000018c0
x20: 0000000000000000 x19: 00000000ca060100 x18: 0000000000000000
x17: 00000000ffff0000 x16: ffff80008b007230 x15: ffff700013b90dd0
x14: 1ffff00013b90dd0 x13: 0000000000000004 x12: ffffffffffffffff
x11: 0000000000080000 x10: 000000000007ffff x9 : 0000000000000007
x8 : 0000000000000000 x7 : ffff800089d85e44 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 00000000ca060100
Call trace:
 __sanitizer_cov_trace_cmp4+0x4/0xa0 kernel/kcov.c:287 (P)
 xfrm_alloc_userspi+0x55c/0x9c8 net/xfrm/xfrm_user.c:1873
 xfrm_user_rcv_msg+0x588/0x7c4 net/xfrm/xfrm_user.c:3501
 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2552
 xfrm_netlink_rcv+0x80/0x9c net/xfrm/xfrm_user.c:3523
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg net/socket.c:729 [inline]
 ____sys_sendmsg+0x490/0x7b8 net/socket.c:2614
 ___sys_sendmsg+0x204/0x278 net/socket.c:2668
 __sys_sendmsg net/socket.c:2700 [inline]
 __do_sys_sendmsg net/socket.c:2705 [inline]
 __se_sys_sendmsg net/socket.c:2703 [inline]
 __arm64_sys_sendmsg+0x184/0x238 net/socket.c:2703
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 8505 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : raw_atomic_read include/linux/atomic/atomic-arch-fallback.h:457 [inline]
pc : rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline]
pc : rcu_is_watching+0x98/0x134 kernel/rcu/tree.c:751
lr : rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline]
lr : rcu_is_watching+0x50/0x134 kernel/rcu/tree.c:751
sp : ffff80009d887080
x29: ffff80009d887080 x28: ffff00010b0438c0 x27: ffff0000c25c3d00
x26: f9da800080d16580 x25: 0000000000000000 x24: 0000000000000000
x23: 0000000000000002 x22: dfff800000000000 x21: 1fffe000184b87a1
x20: ffff00019bd11a00 x19: ffff0000c25c3d08 x18: 1fffe000337a0688
x17: ffff0001fea8c8b0 x16: ffff80008b007230 x15: 0000000000000001
x14: 1fffe00021608718 x13: 0000000000000000 x12: 0000000000000000
x11: 00000000ac39dc05 x10: 0000000000000003 x9 : ffff80008f7149f8
x8 : 0000000000000000 x7 : ffff800080d16554 x6 : ffff800080d16554
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000000 x1 : ffff80008b6577c0 x0 : 0000000000000001
Call trace:
 raw_atomic_read include/linux/atomic/atomic-arch-fallback.h:457 [inline] (P)
 rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline] (P)
 rcu_is_watching+0x98/0x134 kernel/rcu/tree.c:751 (P)
 trace_lock_acquire include/trace/events/lock.h:24 [inline]
 lock_acquire+0x80/0x2e0 kernel/locking/lockdep.c:5831
 rcu_lock_acquire+0x44/0x54 include/linux/rcupdate.h:331
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 page_table_check_clear+0x18c/0x570 mm/page_table_check.c:77
 __page_table_check_pte_clear+0xa0/0xc0 mm/page_table_check.c:154
 page_table_check_pte_clear include/linux/page_table_check.h:51 [inline]
 __ptep_get_and_clear_anysz arch/arm64/include/asm/pgtable.h:1370 [inline]
 __ptep_get_and_clear arch/arm64/include/asm/pgtable.h:1390 [inline]
 __get_and_clear_full_ptes arch/arm64/include/asm/pgtable.h:1411 [inline]
 get_and_clear_full_ptes arch/arm64/include/asm/pgtable.h:1826 [inline]
 zap_present_folio_ptes mm/memory.c:1499 [inline]
 zap_present_ptes mm/memory.c:1581 [inline]
 do_zap_pte_range mm/memory.c:1682 [inline]
 zap_pte_range mm/memory.c:1726 [inline]
 zap_pmd_range mm/memory.c:1818 [inline]
 zap_pud_range mm/memory.c:1847 [inline]
 zap_p4d_range mm/memory.c:1868 [inline]
 unmap_page_range+0x2760/0x3168 mm/memory.c:1889
 unmap_single_vma mm/memory.c:1932 [inline]
 unmap_vmas+0x264/0x3d4 mm/memory.c:1976
 exit_mmap+0x1bc/0xabc mm/mmap.c:1280
 __mmput+0xec/0x3f4 kernel/fork.c:1130
 mmput+0x70/0xac kernel/fork.c:1152
 exit_mm+0x13c/0x200 kernel/exit.c:582
 do_exit+0x4bc/0x1a14 kernel/exit.c:949
 do_group_exit+0x194/0x22c kernel/exit.c:1102
 get_signal+0x11dc/0x12f8 kernel/signal.c:3034
 do_signal+0x274/0x4434 arch/arm64/kernel/signal.c:1618
 do_notify_resume+0xb0/0x1f4 arch/arm64/kernel/entry-common.c:152
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:173 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:182 [inline]
 el0_svc+0xb8/0x180 arch/arm64/kernel/entry-common.c:880
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596