watchdog: BUG: soft lockup - CPU#0 stuck for 144s! [syz.3.616:7072]
Modules linked in:
irq event stamp: 12437965
hardirqs last  enabled at (12437964): [<ffffffff8bc45533>] irqentry_exit+0x63/0x90 kernel/entry/common.c:357
hardirqs last disabled at (12437965): [<ffffffff8bc430de>] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1037
softirqs last  enabled at (4869254): [<ffffffff81576384>] __do_softirq kernel/softirq.c:588 [inline]
softirqs last  enabled at (4869254): [<ffffffff81576384>] invoke_softirq kernel/softirq.c:428 [inline]
softirqs last  enabled at (4869254): [<ffffffff81576384>] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
softirqs last disabled at (4869257): [<ffffffff81576384>] __do_softirq kernel/softirq.c:588 [inline]
softirqs last disabled at (4869257): [<ffffffff81576384>] invoke_softirq kernel/softirq.c:428 [inline]
softirqs last disabled at (4869257): [<ffffffff81576384>] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
CPU: 0 UID: 0 PID: 7072 Comm: syz.3.616 Not tainted 6.11.0-syzkaller-10556-g45126b155e3b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:hsr_addr_subst_dest+0x305/0xac0 net/hsr/hsr_framereg.c:441
Code: 51 ff ff ff 48 8b 7c 24 40 e8 a7 7e 5a f6 e9 42 ff ff ff 80 3d e4 d4 62 04 01 0f 85 28 05 00 00 e8 90 cf f0 f5 e9 b8 04 00 00 <e8> 86 cf f0 f5 e9 ae 04 00 00 e8 7c cf f0 f5 eb 19 4d 85 f6 74 0f
RSP: 0018:ffffc90000007828 EFLAGS: 00000202
RAX: 0000000000000100 RBX: 0000000000000001 RCX: ffff88802e428000
RDX: ffff88802e428000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000042 R08: ffffffff8ba3e383 R09: 1ffff1100609668c
R10: dffffc0000000000 R11: ffffed100609668d R12: ffff888061f70850
R13: 1ffff1100c3ee10a R14: ffff888061f7083a R15: 1ffff1100c3ee107
FS:  00007f9f900cb6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32e1fffc CR3: 0000000064bb4000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 hsr_xmit net/hsr/hsr_forward.c:402 [inline]
 hsr_forward_do net/hsr/hsr_forward.c:559 [inline]
 hsr_forward_skb+0x1445/0x2b60 net/hsr/hsr_forward.c:719
 send_hsr_supervision_frame+0x63b/0xcc0 net/hsr/hsr_device.c:351
 hsr_announce+0x1f8/0x3a0 net/hsr/hsr_device.c:408
 call_timer_fn+0x18e/0x650 kernel/time/timer.c:1794
 expire_timers kernel/time/timer.c:1845 [inline]
 __run_timers kernel/time/timer.c:2419 [inline]
 __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430
 run_timer_base kernel/time/timer.c:2439 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449
 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1037 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1037
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_is_held_type+0x13b/0x190
Code: 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 04 25 28 00 00 00 <48> 3b 44 24 08 75 42 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f
RSP: 0018:ffffc90008ce7438 EFLAGS: 00000206
RAX: ec48ad8d68f62c00 RBX: 0000000000000000 RCX: ffff88802e428000
RDX: 0000000000000000 RSI: ffffffff8c0adbc0 RDI: ffffffff8c6100a0
RBP: 0000000000000006 R08: ffffc90008ce75ff R09: 0000000000000000
R10: ffffc90008ce75f0 R11: fffff5200119cec0 R12: 0000000000000246
R13: ffff88802e428000 R14: 00000000ffffffff R15: ffffffff8e937e60
 lock_is_held include/linux/lockdep.h:249 [inline]
 schedule_debug kernel/sched/core.c:5894 [inline]
 __schedule+0x258/0x4b30 kernel/sched/core.c:6550
 preempt_schedule_common+0x84/0xd0 kernel/sched/core.c:6854
 preempt_schedule+0xe1/0xf0 kernel/sched/core.c:6878
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 on_each_cpu_cond_mask+0x79/0x80 kernel/smp.c:1052
 on_each_cpu include/linux/smp.h:71 [inline]
 text_poke_sync arch/x86/kernel/alternative.c:2085 [inline]
 text_poke_bp_batch+0x726/0xb30 arch/x86/kernel/alternative.c:2357
 text_poke_flush arch/x86/kernel/alternative.c:2486 [inline]
 text_poke_finish+0x30/0x50 arch/x86/kernel/alternative.c:2493
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 static_key_enable_cpuslocked+0x136/0x260 kernel/jump_label.c:210
 static_key_enable+0x1a/0x20 kernel/jump_label.c:223
 tracepoint_add_func+0x953/0x9e0 kernel/tracepoint.c:361
 tracepoint_probe_register_prio kernel/tracepoint.c:511 [inline]
 tracepoint_probe_register+0x105/0x160 kernel/tracepoint.c:531
 perf_trace_event_reg kernel/trace/trace_event_perf.c:129 [inline]
 perf_trace_event_init+0x478/0x930 kernel/trace/trace_event_perf.c:202
 perf_trace_init+0x243/0x2e0 kernel/trace/trace_event_perf.c:226
 perf_tp_event_init+0x8d/0x110 kernel/events/core.c:10358
 perf_try_init_event+0x146/0x810 kernel/events/core.c:11892
 perf_init_event kernel/events/core.c:11978 [inline]
 perf_event_alloc+0x135f/0x2310 kernel/events/core.c:12260
 __do_sys_perf_event_open kernel/events/core.c:12767 [inline]
 __se_sys_perf_event_open+0xb1f/0x3870 kernel/events/core.c:12658
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9f8f37dff9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9f900cb038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007f9f8f535f80 RCX: 00007f9f8f37dff9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007f9f8f3f0296 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f9f8f535f80 R15: 00007fff8510dba8
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 7077 Comm: syz.1.618 Not tainted 6.11.0-syzkaller-10556-g45126b155e3b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:lock_release+0x911/0xa30
Code: ff ff 48 8d 8c 24 80 00 00 00 80 e1 07 80 c1 03 38 c1 0f 8c fb fa ff ff 48 8d bc 24 80 00 00 00 e8 14 1f 8e 00 e9 e9 fa ff ff <f3> 0f 1e fa 4d 89 ee 4c 89 64 24 10 65 8b 05 58 92 93 7e 83 f8 08
RSP: 0018:ffffc90000a18900 EFLAGS: 00000802
RAX: f3f3f3f3f300f2f2 RBX: dffffc0000000000 RCX: 65ccee78c27c6500
RDX: dffffc0000000000 RSI: ffffffff84c1ff50 RDI: ffffffff8f09c5c0
RBP: ffffc90000a18a30 R08: ffffffff942687c7 R09: 1ffffffff284d0f8
R10: dffffc0000000000 R11: fffffbfff284d0f9 R12: 1ffff9200014312c
R13: ffffffff84c1ff50 R14: ffffffff84c1ff50 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd9bb94008 CR3: 000000000e734000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 debug_objects_fill_pool+0xc1/0x9f0 lib/debugobjects.c:616
 debug_object_activate+0x135/0x510 lib/debugobjects.c:704
 debug_hrtimer_activate kernel/time/hrtimer.c:423 [inline]
 debug_activate kernel/time/hrtimer.c:478 [inline]
 enqueue_hrtimer+0x30/0x3c0 kernel/time/hrtimer.c:1085
 __run_hrtimer kernel/time/hrtimer.c:1708 [inline]
 __hrtimer_run_queues+0x6cb/0xd50 kernel/time/hrtimer.c:1755
 hrtimer_interrupt+0x396/0x990 kernel/time/hrtimer.c:1817
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1026 [inline]
 __sysvec_apic_timer_interrupt+0x110/0x3f0 arch/x86/kernel/apic/apic.c:1043
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1037 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1037
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:preempt_count_add+0x44/0x190 kernel/sched/core.c:5786
Code: 00 00 00 fc ff df 42 0f b6 04 38 84 c0 0f 85 ed 00 00 00 83 3d 0c f6 d8 18 00 75 07 65 8b 05 8b d4 a0 7e 65 01 1d 84 d4 a0 7e <48> c7 c0 40 f9 3b 9a 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 e4 00
RSP: 0018:ffffc90008cc6e70 EFLAGS: 00000282
RAX: 0000000080000000 RBX: 0000000000000001 RCX: ffffffff9a3bf903
RDX: dffffc0000000000 RSI: ffffffff8156c8b7 RDI: 0000000000000001
RBP: ffffc90008cc6f98 R08: 0000000000000009 R09: ffffc90008cc7050
R10: ffffc90008cc6fb0 R11: ffffffff81806870 R12: dffffc0000000000
R13: ffffc90008cc6f60 R14: ffffffff8156c8b7 R15: dffffc0000000000
 unwind_next_frame+0xb0/0x22d0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122
 save_stack+0xfb/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x76/0x430 mm/page_owner.c:297
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_folios+0xf12/0x18d0 mm/page_alloc.c:2686
 folios_put_refs+0x76c/0x860 mm/swap.c:1007
 free_pages_and_swap_cache+0x2ea/0x690 mm/swap_state.c:332
 __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline]
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]
 tlb_flush_mmu+0x3a3/0x680 mm/mmu_gather.c:373
 tlb_finish_mmu+0xd4/0x200 mm/mmu_gather.c:465
 exit_mmap+0x496/0xc40 mm/mmap.c:1877
 __mmput+0x115/0x390 kernel/fork.c:1347
 exit_mm+0x220/0x310 kernel/exit.c:571
 do_exit+0x9b2/0x28e0 kernel/exit.c:926
 do_group_exit+0x207/0x2c0 kernel/exit.c:1088
 get_signal+0x176f/0x1810 kernel/signal.c:2936
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f95a737dff9
Code: Unable to access opcode bytes at 0x7f95a737dfcf.
RSP: 002b:00007f95a823cfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
RAX: fffffffffffffff4 RBX: 00007f95a7535f80 RCX: 00007f95a737dff9
RDX: 00000000200021c0 RSI: 0000000000000000 RDI: 0000000000040600
RBP: 00007f95a73f0296 R08: 0000000020004640 R09: 0000000020004640
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f95a7535f80 R15: 00007ffe7c1f4788
 </TASK>