======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz.1.3967/19627 is trying to acquire lock:
ffff88807cd38f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff88807cd38f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x237/0x360 net/hsr/hsr_device.c:235
but task is already holding lock:
ffff888031421158 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff888031421158 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: __netif_tx_lock include/linux/netdevice.h:4709 [inline]
ffff888031421158 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: sch_direct_xmit+0x153/0x4b0 net/sched/sch_generic.c:345
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}:
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
__netif_tx_lock include/linux/netdevice.h:4709 [inline]
sch_direct_xmit+0x153/0x4b0 net/sched/sch_generic.c:345
__dev_xmit_skb net/core/dev.c:4169 [inline]
__dev_queue_xmit+0x136f/0x3140 net/core/dev.c:4783
dev_queue_xmit include/linux/netdevice.h:3381 [inline]
hsr_xmit net/hsr/hsr_forward.c:440 [inline]
hsr_forward_do net/hsr/hsr_forward.c:581 [inline]
hsr_forward_skb+0x158b/0x2860 net/hsr/hsr_forward.c:743
send_hsr_supervision_frame+0x731/0xcb0 net/hsr/hsr_device.c:364
hsr_announce+0x1d5/0x360 net/hsr/hsr_device.c:421
call_timer_fn+0x16e/0x590 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x61a/0x860 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2404
handle_softirqs+0x27d/0x850 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
check_preemption_disabled+0x17/0x120 lib/smp_processor_id.c:13
rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline]
rcu_is_watching+0x15/0xb0 kernel/rcu/tree.c:751
rcu_read_lock_held_common kernel/rcu/update.c:109 [inline]
rcu_read_lock_held+0x15/0x50 kernel/rcu/update.c:349
lookup_page_ext mm/page_ext.c:254 [inline]
page_ext_lookup+0xe7/0x180 mm/page_ext.c:509
page_ext_iter_begin include/linux/page_ext.h:132 [inline]
page_table_check_clear+0x238/0x5f0 mm/page_table_check.c:78
ptep_get_and_clear_full arch/x86/include/asm/jump_label.h:-1 [inline]
get_and_clear_full_ptes include/linux/pgtable.h:725 [inline]
zap_present_folio_ptes mm/memory.c:1628 [inline]
zap_present_ptes mm/memory.c:1710 [inline]
do_zap_pte_range mm/memory.c:1811 [inline]
zap_pte_range mm/memory.c:1855 [inline]
zap_pmd_range mm/memory.c:1947 [inline]
zap_pud_range mm/memory.c:1976 [inline]
zap_p4d_range mm/memory.c:1997 [inline]
unmap_page_range+0x344b/0x4370 mm/memory.c:2018
unmap_single_vma mm/memory.c:2061 [inline]
unmap_vmas+0x399/0x580 mm/memory.c:2105
exit_mmap+0x23b/0xb20 mm/mmap.c:1280
__mmput+0x118/0x430 kernel/fork.c:1130
exit_mm+0x1da/0x2c0 kernel/exit.c:583
do_exit+0x658/0x2310 kernel/exit.c:961
do_group_exit+0x21c/0x2d0 kernel/exit.c:1114
get_signal+0x1285/0x1340 kernel/signal.c:3034
arch_do_signal_or_restart+0x9a/0x7a0 arch/x86/kernel/signal.c:337
__exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
exit_to_user_mode_loop+0x87/0x4f0 kernel/entry/common.c:75
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
do_syscall_64+0x2e3/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&hsr->seqnr_lock){+.-.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x15a6/0x2cf0 kernel/locking/lockdep.c:5237
lock_acquire+0x117/0x340 kernel/locking/lockdep.c:5868
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x36/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
hsr_dev_xmit+0x237/0x360 net/hsr/hsr_device.c:235
__netdev_start_xmit include/linux/netdevice.h:5272 [inline]
netdev_start_xmit include/linux/netdevice.h:5281 [inline]
xmit_one net/core/dev.c:3853 [inline]
dev_hard_start_xmit+0x2cd/0x800 net/core/dev.c:3869
__dev_queue_xmit+0x1493/0x3140 net/core/dev.c:4817
NF_HOOK+0x310/0x3a0 include/linux/netfilter.h:-1
arp_xmit+0x16c/0x270 net/ipv4/arp.c:664
arp_solicit+0xc1d/0xe60 net/ipv4/arp.c:392
neigh_probe net/core/neighbour.c:1097 [inline]
__neigh_event_send+0xf3e/0x1520 net/core/neighbour.c:1270
neigh_event_send_probe include/net/neighbour.h:480 [inline]
neigh_event_send include/net/neighbour.h:486 [inline]
neigh_resolve_output+0x198/0x750 net/core/neighbour.c:1578
neigh_output include/net/neighbour.h:556 [inline]
ip_finish_output2+0xd40/0x1160 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
iptunnel_xmit+0x5f8/0xa90 net/ipv4/ip_tunnel_core.c:84
ip_tunnel_xmit+0x1c41/0x2390 net/ipv4/ip_tunnel.c:845
__gre_xmit net/ipv4/ip_gre.c:488 [inline]
gre_tap_xmit+0x590/0x7a0 net/ipv4/ip_gre.c:776
__netdev_start_xmit include/linux/netdevice.h:5272 [inline]
netdev_start_xmit include/linux/netdevice.h:5281 [inline]
xmit_one net/core/dev.c:3853 [inline]
dev_hard_start_xmit+0x2cd/0x800 net/core/dev.c:3869
sch_direct_xmit+0x241/0x4b0 net/sched/sch_generic.c:347
__dev_xmit_skb net/core/dev.c:4169 [inline]
__dev_queue_xmit+0x136f/0x3140 net/core/dev.c:4783
__bond_start_xmit include/linux/netdevice.h:-1 [inline]
bond_start_xmit+0xdc7/0x1a10 drivers/net/bonding/bond_main.c:5488
__netdev_start_xmit include/linux/netdevice.h:5272 [inline]
netdev_start_xmit include/linux/netdevice.h:5281 [inline]
xmit_one net/core/dev.c:3853 [inline]
dev_hard_start_xmit+0x2cd/0x800 net/core/dev.c:3869
__dev_queue_xmit+0x1493/0x3140 net/core/dev.c:4817
neigh_output include/net/neighbour.h:556 [inline]
ip6_finish_output2+0xfb3/0x1480 net/ipv6/ip6_output.c:136
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbce/0x1510 net/ipv6/ndisc.c:512
addrconf_rs_timer+0x369/0x670 net/ipv6/addrconf.c:4037
call_timer_fn+0x16e/0x590 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x61a/0x860 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2404
handle_softirqs+0x27d/0x850 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
lock_is_held_type+0x137/0x190 kernel/locking/lockdep.c:5945
lookup_page_ext mm/page_ext.c:254 [inline]
page_ext_lookup+0xe7/0x180 mm/page_ext.c:509
page_ext_iter_begin include/linux/page_ext.h:132 [inline]
page_table_check_clear+0x238/0x5f0 mm/page_table_check.c:78
ptep_get_and_clear_full arch/x86/include/asm/jump_label.h:-1 [inline]
get_and_clear_full_ptes include/linux/pgtable.h:725 [inline]
zap_present_folio_ptes mm/memory.c:1628 [inline]
zap_present_ptes mm/memory.c:1710 [inline]
do_zap_pte_range mm/memory.c:1811 [inline]
zap_pte_range mm/memory.c:1855 [inline]
zap_pmd_range mm/memory.c:1947 [inline]
zap_pud_range mm/memory.c:1976 [inline]
zap_p4d_range mm/memory.c:1997 [inline]
unmap_page_range+0x344b/0x4370 mm/memory.c:2018
unmap_single_vma mm/memory.c:2061 [inline]
unmap_vmas+0x399/0x580 mm/memory.c:2105
exit_mmap+0x23b/0xb20 mm/mmap.c:1280
__mmput+0x118/0x430 kernel/fork.c:1130
exit_mm+0x1da/0x2c0 kernel/exit.c:583
do_exit+0x658/0x2310 kernel/exit.c:961
do_group_exit+0x21c/0x2d0 kernel/exit.c:1114
get_signal+0x1285/0x1340 kernel/signal.c:3034
arch_do_signal_or_restart+0x9a/0x7a0 arch/x86/kernel/signal.c:337
__exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
exit_to_user_mode_loop+0x87/0x4f0 kernel/entry/common.c:75
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
do_syscall_64+0x2e3/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&qdisc_xmit_lock_key#4);
lock(&hsr->seqnr_lock);
lock(&qdisc_xmit_lock_key#4);
lock(&hsr->seqnr_lock);
*** DEADLOCK ***
17 locks held by syz.1.3967/19627:
#0: ffff88802ea41bc0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:368 [inline]
#0: ffff88802ea41bc0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x126/0xb20 mm/mmap.c:1265
#1: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#1: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#1: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: ___pte_offset_map+0x29/0x250 mm/pgtable-generic.c:286
#2: ffff88802e8890d8 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
#2: ffff88802e8890d8 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: __pte_offset_map_lock+0x13e/0x210 mm/pgtable-generic.c:401
#3: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#3: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#3: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: page_table_check_clear+0x144/0x5f0 mm/page_table_check.c:77
#4: ffffc90000007be0 ((&ndev->rs_timer)){+.-.}-{0:0}, at: call_timer_fn+0xbe/0x590 kernel/time/timer.c:1745
#5: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#5: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#5: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: ndisc_send_skb+0x1e4/0x1510 net/ipv6/ndisc.c:482
#6: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#6: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#6: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: ip6_output+0x126/0x550 net/ipv6/ip6_output.c:235
#7: ffffffff8df41d20 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
#7: ffffffff8df41d20 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:918 [inline]
#7: ffffffff8df41d20 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x289/0x3140 net/core/dev.c:4742
#8: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#8: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#8: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: bond_start_xmit+0xf8/0x1a10 drivers/net/bonding/bond_main.c:5486
#9: ffffffff8df41d20 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
#9: ffffffff8df41d20 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:918 [inline]
#9: ffffffff8df41d20 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x289/0x3140 net/core/dev.c:4742
#10: ffff888055a10228 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+...}-{3:3}, at: spin_trylock include/linux/spinlock.h:361 [inline]
#10: ffff888055a10228 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+...}-{3:3}, at: qdisc_run_begin include/net/sch_generic.h:202 [inline]
#10: ffff888055a10228 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+...}-{3:3}, at: __dev_xmit_skb net/core/dev.c:4156 [inline]
#10: ffff888055a10228 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#3){+...}-{3:3}, at: __dev_queue_xmit+0xeb4/0x3140 net/core/dev.c:4783
#11: ffff888031421158 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
#11: ffff888031421158 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: __netif_tx_lock include/linux/netdevice.h:4709 [inline]
#11: ffff888031421158 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: sch_direct_xmit+0x153/0x4b0 net/sched/sch_generic.c:345
#12: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#12: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#12: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: ip_output+0x5b/0x450 net/ipv4/ip_output.c:433
#13: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#13: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#13: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: ip_finish_output2+0x452/0x1160 net/ipv4/ip_output.c:230
#14: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#14: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#14: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: arp_xmit+0x23/0x270 net/ipv4/arp.c:662
#15: ffffffff8df41d20 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
#15: ffffffff8df41d20 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:918 [inline]
#15: ffffffff8df41d20 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x289/0x3140 net/core/dev.c:4742
#16: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#16: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#16: ffffffff8df41cc0 (rcu_read_lock){....}-{1:3}, at: hsr_dev_xmit+0x2d/0x360 net/hsr/hsr_device.c:229
stack backtrace:
CPU: 0 UID: 0 PID: 19627 Comm: syz.1.3967 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
print_circular_bug+0x2e2/0x300 kernel/locking/lockdep.c:2043
check_noncircular+0x12e/0x150 kernel/locking/lockdep.c:2175
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x15a6/0x2cf0 kernel/locking/lockdep.c:5237
lock_acquire+0x117/0x340 kernel/locking/lockdep.c:5868
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x36/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
hsr_dev_xmit+0x237/0x360 net/hsr/hsr_device.c:235
__netdev_start_xmit include/linux/netdevice.h:5272 [inline]
netdev_start_xmit include/linux/netdevice.h:5281 [inline]
xmit_one net/core/dev.c:3853 [inline]
dev_hard_start_xmit+0x2cd/0x800 net/core/dev.c:3869
__dev_queue_xmit+0x1493/0x3140 net/core/dev.c:4817
NF_HOOK+0x310/0x3a0 include/linux/netfilter.h:-1
arp_xmit+0x16c/0x270 net/ipv4/arp.c:664
arp_solicit+0xc1d/0xe60 net/ipv4/arp.c:392
neigh_probe net/core/neighbour.c:1097 [inline]
__neigh_event_send+0xf3e/0x1520 net/core/neighbour.c:1270
neigh_event_send_probe include/net/neighbour.h:480 [inline]
neigh_event_send include/net/neighbour.h:486 [inline]
neigh_resolve_output+0x198/0x750 net/core/neighbour.c:1578
neigh_output include/net/neighbour.h:556 [inline]
ip_finish_output2+0xd40/0x1160 net/ipv4/ip_output.c:237
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x29f/0x450 net/ipv4/ip_output.c:438
iptunnel_xmit+0x5f8/0xa90 net/ipv4/ip_tunnel_core.c:84
ip_tunnel_xmit+0x1c41/0x2390 net/ipv4/ip_tunnel.c:845
__gre_xmit net/ipv4/ip_gre.c:488 [inline]
gre_tap_xmit+0x590/0x7a0 net/ipv4/ip_gre.c:776
__netdev_start_xmit include/linux/netdevice.h:5272 [inline]
netdev_start_xmit include/linux/netdevice.h:5281 [inline]
xmit_one net/core/dev.c:3853 [inline]
dev_hard_start_xmit+0x2cd/0x800 net/core/dev.c:3869
sch_direct_xmit+0x241/0x4b0 net/sched/sch_generic.c:347
__dev_xmit_skb net/core/dev.c:4169 [inline]
__dev_queue_xmit+0x136f/0x3140 net/core/dev.c:4783
__bond_start_xmit include/linux/netdevice.h:-1 [inline]
bond_start_xmit+0xdc7/0x1a10 drivers/net/bonding/bond_main.c:5488
__netdev_start_xmit include/linux/netdevice.h:5272 [inline]
netdev_start_xmit include/linux/netdevice.h:5281 [inline]
xmit_one net/core/dev.c:3853 [inline]
dev_hard_start_xmit+0x2cd/0x800 net/core/dev.c:3869
__dev_queue_xmit+0x1493/0x3140 net/core/dev.c:4817
neigh_output include/net/neighbour.h:556 [inline]
ip6_finish_output2+0xfb3/0x1480 net/ipv6/ip6_output.c:136
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbce/0x1510 net/ipv6/ndisc.c:512
addrconf_rs_timer+0x369/0x670 net/ipv6/addrconf.c:4037
call_timer_fn+0x16e/0x590 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x61a/0x860 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2404
handle_softirqs+0x27d/0x850 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_is_held_type+0x137/0x190 kernel/locking/lockdep.c:5945
Code: 01 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 05 a9 aa 2d 07 <48> 3b 44 24 08 75 43 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f
RSP: 0018:ffffc9000dfb72b0 EFLAGS: 00000206
RAX: f45ea7b36d0ae100 RBX: 0000000000000001 RCX: f45ea7b36d0ae100
RDX: 0000000000000000 RSI: ffffffff8d9520e6 RDI: ffffffff8bbfc660
RBP: 00000000ffffffff R08: ffffffff82324194 R09: ffffffff8df41cc0
R10: dffffc0000000000 R11: fffff940003d6b79 R12: 0000000000000246
R13: ffff88803f135b80 R14: ffffffff8df41cc0 R15: 0000000000000001
lookup_page_ext mm/page_ext.c:254 [inline]
page_ext_lookup+0xe7/0x180 mm/page_ext.c:509
page_ext_iter_begin include/linux/page_ext.h:132 [inline]
page_table_check_clear+0x238/0x5f0 mm/page_table_check.c:78
ptep_get_and_clear_full arch/x86/include/asm/jump_label.h:-1 [inline]
get_and_clear_full_ptes include/linux/pgtable.h:725 [inline]
zap_present_folio_ptes mm/memory.c:1628 [inline]
zap_present_ptes mm/memory.c:1710 [inline]
do_zap_pte_range mm/memory.c:1811 [inline]
zap_pte_range mm/memory.c:1855 [inline]
zap_pmd_range mm/memory.c:1947 [inline]
zap_pud_range mm/memory.c:1976 [inline]
zap_p4d_range mm/memory.c:1997 [inline]
unmap_page_range+0x344b/0x4370 mm/memory.c:2018
unmap_single_vma mm/memory.c:2061 [inline]
unmap_vmas+0x399/0x580 mm/memory.c:2105
exit_mmap+0x23b/0xb20 mm/mmap.c:1280
__mmput+0x118/0x430 kernel/fork.c:1130
exit_mm+0x1da/0x2c0 kernel/exit.c:583
do_exit+0x658/0x2310 kernel/exit.c:961
do_group_exit+0x21c/0x2d0 kernel/exit.c:1114
get_signal+0x1285/0x1340 kernel/signal.c:3034
arch_do_signal_or_restart+0x9a/0x7a0 arch/x86/kernel/signal.c:337
__exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
exit_to_user_mode_loop+0x87/0x4f0 kernel/entry/common.c:75
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
do_syscall_64+0x2e3/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f36d218f749
Code: Unable to access opcode bytes at 0x7f36d218f71f.
RSP: 002b:00007f36d30960e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000001 RBX: 00007f36d23e5fa8 RCX: 00007f36d218f749
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f36d23e5fac
RBP: 00007f36d23e5fa0 R08: 3fffffffffffffff R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007f36d23e6038 R14: 00007ffe0fd41a90 R15: 00007ffe0fd41b78
----------------
Code disassembly (best guess):
0: 01 75 44 add %esi,0x44(%rbp)
3: 48 c7 04 24 00 00 00 movq $0x0,(%rsp)
a: 00
b: 9c pushf
c: 8f 04 24 pop (%rsp)
f: f7 04 24 00 02 00 00 testl $0x200,(%rsp)
16: 75 4c jne 0x64
18: 41 f7 c4 00 02 00 00 test $0x200,%r12d
1f: 74 01 je 0x22
21: fb sti
22: 65 48 8b 05 a9 aa 2d mov %gs:0x72daaa9(%rip),%rax # 0x72daad3
29: 07
* 2a: 48 3b 44 24 08 cmp 0x8(%rsp),%rax <-- trapping instruction
2f: 75 43 jne 0x74
31: 89 d8 mov %ebx,%eax
33: 48 83 c4 10 add $0x10,%rsp
37: 5b pop %rbx
38: 41 5c pop %r12
3a: 41 5d pop %r13
3c: 41 5e pop %r14
3e: 41 5f pop %r15