watchdog: BUG: soft lockup - CPU#1 stuck for 229s! [syz.4.1797:13806]
Modules linked in:
irq event stamp: 726270
hardirqs last  enabled at (726269): [<ffffffff8b84084b>] irqentry_exit+0x3b/0x90 kernel/entry/common.c:310
hardirqs last disabled at (726270): [<ffffffff8b83f26e>] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1050
softirqs last  enabled at (726266): [<ffffffff817ceeae>] softirq_handle_end kernel/softirq.c:425 [inline]
softirqs last  enabled at (726266): [<ffffffff817ceeae>] handle_softirqs+0x5be/0x8e0 kernel/softirq.c:607
softirqs last disabled at (726261): [<ffffffff817cf369>] __do_softirq kernel/softirq.c:613 [inline]
softirqs last disabled at (726261): [<ffffffff817cf369>] invoke_softirq kernel/softirq.c:453 [inline]
softirqs last disabled at (726261): [<ffffffff817cf369>] __irq_exit_rcu+0x109/0x170 kernel/softirq.c:680
CPU: 1 UID: 0 PID: 13806 Comm: syz.4.1797 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:csd_lock_wait kernel/smp.c:340 [inline]
RIP: 0010:smp_call_function_many_cond+0xd7f/0x1510 kernel/smp.c:885
Code: 00 45 85 ed 74 46 48 8b 14 24 49 89 d6 49 89 d5 49 c1 ee 03 41 83 e5 07 4d 01 e6 41 83 c5 03 e8 27 15 0c 00 f3 90 41 0f b6 06 <41> 38 c5 7c 08 84 c0 0f 85 6f 05 00 00 8b 43 08 31 ff 83 e0 01 89
RSP: 0018:ffffc9001f087720 EFLAGS: 00000293
RAX: 0000000000000000 RBX: ffff8880b84420a0 RCX: ffffffff81afd2dd
RDX: ffff8880334eda00 RSI: ffffffff81afd2b9 RDI: 0000000000000005
RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
R13: 0000000000000003 R14: ffffed1017088415 R15: ffff8880b853b6c0
FS:  0000000000000000(0000) GS:ffff888124827000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe5df9fe8f8 CR3: 000000005c60c000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 on_each_cpu_cond_mask+0x40/0x90 kernel/smp.c:1052
 __flush_tlb_multi arch/x86/include/asm/paravirt.h:91 [inline]
 flush_tlb_multi arch/x86/mm/tlb.c:1361 [inline]
 flush_tlb_mm_range+0x4a0/0x1790 arch/x86/mm/tlb.c:1451
 tlb_flush arch/x86/include/asm/tlb.h:23 [inline]
 tlb_flush_mmu_tlbonly include/asm-generic/tlb.h:490 [inline]
 tlb_flush_mmu_tlbonly include/asm-generic/tlb.h:480 [inline]
 tlb_flush_mmu mm/mmu_gather.c:403 [inline]
 tlb_finish_mmu+0x3c9/0x7c0 mm/mmu_gather.c:497
 exit_mmap+0x403/0xb90 mm/mmap.c:1297
 __mmput+0x12a/0x410 kernel/fork.c:1121
 mmput+0x62/0x70 kernel/fork.c:1144
 exit_mm kernel/exit.c:581 [inline]
 do_exit+0x7c4/0x2bd0 kernel/exit.c:952
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1105
 get_signal+0x2673/0x26d0 kernel/signal.c:3034
 arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0x84/0x110 kernel/entry/common.c:111
 exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
 do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd46c18e9a9
Code: Unable to access opcode bytes at 0x7fd46c18e97f.
RSP: 002b:00007fd46d0010e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007fd46c3b6088 RCX: 00007fd46c18e9a9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd46c3b6088
RBP: 00007fd46c3b6080 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd46c3b608c
R13: 0000000000000000 R14: 00007ffdb3ad17c0 R15: 00007ffdb3ad18a8
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 13812 Comm: syz.2.1799 Not tainted 6.16.0-rc7-syzkaller-00105-g2942242dde89 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:__rcu_read_unlock+0x0/0x580 kernel/rcu/tree_plugin.h:431
Code: c2 24 91 a9 90 e9 60 fb ff ff e8 9b 0d 7e 00 e9 6d fc ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 41 56 41 55 41 54 55 65 48 8b 2d a5 57 2d 12 53 48 8d
RSP: 0000:ffffc90000007d88 EFLAGS: 00000096
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffc90000007d54
RDX: 0000000000000006 RSI: ffffffff8de06a2d RDI: ffffffff8c156120
RBP: ffff888056213400 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 1862f6c7bc000000
R13: 1862f6c7bc000000 R14: 0000000000000002 R15: ffff888056212c10
FS:  000055555640c500(0000) GS:ffff888124727000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c2a8dc5 CR3: 000000007d3aa000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 rcu_read_unlock include/linux/rcupdate.h:873 [inline]
 advance_sched+0x6f6/0xc80 net/sched/sch_taprio.c:987
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x202/0xad0 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x397/0x8e0 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x10b/0x3f0 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x9f/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:rcu_lockdep_current_cpu_online+0x35/0x150 kernel/rcu/tree.c:3998
Code: 81 e2 00 00 f0 00 b8 01 00 00 00 75 0a 8b 15 8e f5 07 0f 85 d2 75 05 e9 54 d6 6e ff 55 53 65 ff 05 70 25 2e 12 e8 4b aa e2 09 <48> c7 c3 00 44 d1 93 89 c5 83 f8 07 0f 87 ed 00 00 00 48 8d 3c ed
RSP: 0000:ffffc9001f1f7950 EFLAGS: 00000296
RAX: 0000000000000000 RBX: 00000000000123d4 RCX: ffffffff822bdc61
RDX: 0000000000000001 RSI: ffffffff8c1560a0 RDI: ffffffff8c1560e0
RBP: ffff88813fffa440 R08: 0000000000000006 R09: 0000000000001000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88801bf00000
R13: ffff88823ffef400 R14: 0000000000000000 R15: 0000000000000000
 rcu_read_lock_held_common kernel/rcu/update.c:113 [inline]
 rcu_read_lock_held+0x27/0x50 kernel/rcu/update.c:349
 lookup_page_ext+0x10d/0x1d0 mm/page_ext.c:254
 page_ext_iter_begin include/linux/page_ext.h:132 [inline]
 page_table_check_set+0x1e6/0x750 mm/page_table_check.c:113
 __page_table_check_ptes_set+0x318/0x420 mm/page_table_check.c:209
 page_table_check_ptes_set include/linux/page_table_check.h:76 [inline]
 set_ptes include/linux/pgtable.h:292 [inline]
 set_pte_range+0x4e8/0x740 mm/memory.c:5330
 filemap_map_order0_folio mm/filemap.c:3692 [inline]
 filemap_map_pages+0x56c/0x1680 mm/filemap.c:3746
 do_fault_around mm/memory.c:5548 [inline]
 do_read_fault mm/memory.c:5581 [inline]
 do_fault mm/memory.c:5724 [inline]
 do_pte_missing mm/memory.c:4251 [inline]
 handle_pte_fault mm/memory.c:6069 [inline]
 __handle_mm_fault+0x3b3b/0x5490 mm/memory.c:6212
 handle_mm_fault+0x589/0xd10 mm/memory.c:6381
 do_user_addr_fault+0x60c/0x1370 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x5c/0xb0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7ffbf7e6ecfd
Code: ff 48 83 e8 01 48 89 ee bf 01 00 00 00 48 c1 e0 0e 48 c1 ee 06 48 01 c8 48 89 e9 81 e6 ff 3f 00 00 48 c1 e9 03 83 e1 07 d3 e7 <40> 84 bc 06 20 20 00 00 0f 85 11 fd ff ff e9 c0 fd ff ff e8 0b 2b
RSP: 002b:00007fffabc08fd0 EFLAGS: 00010212
RAX: 000000110c2a4000 RBX: 00007ffbf8ce5720 RCX: 0000000000000001
RDX: 000000000000094c RSI: 0000000000002da5 RDI: 0000000000000002
RBP: ffffffff81ab694c R08: 00007ffbf81b6038 R09: 00007ffbf81a2000
R10: 00007ffbf75ff008 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffffffff81ab6026 R15: 0000000000000000
 </TASK>