watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz.0.382:8152]
Modules linked in:
irq event stamp: 5391
hardirqs last  enabled at (5390): [<ffff80008b00487c>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:86 [inline]
hardirqs last  enabled at (5390): [<ffff80008b00487c>] exit_to_kernel_mode+0xc0/0xf0 arch/arm64/kernel/entry-common.c:96
hardirqs last disabled at (5391): [<ffff80008b001cbc>] __el1_irq arch/arm64/kernel/entry-common.c:650 [inline]
hardirqs last disabled at (5391): [<ffff80008b001cbc>] el1_interrupt+0x24/0x54 arch/arm64/kernel/entry-common.c:668
softirqs last  enabled at (292): [<ffff80008961dcc0>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (292): [<ffff80008961dcc0>] sch_tree_unlock+0x120/0x1d4 include/net/sch_generic.h:-1
softirqs last disabled at (294): [<ffff80008961daec>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (294): [<ffff80008961daec>] sch_tree_lock+0x120/0x1d4 include/net/sch_generic.h:-1
CPU: 0 UID: 0 PID: 8152 Comm: syz.0.382 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : arch_local_irq_restore+0x8/0xc arch/arm64/include/asm/irqflags.h:197
lr : lock_is_held_type+0x140/0x198 kernel/locking/lockdep.c:5942
sp : ffff80009c1d6c60
x29: ffff80009c1d6c60 x28: 1ffff00011b78f58 x27: dfff800000000000
x26: ffff0000f90e0000 x25: ffff80008f706570 x24: ffff80008f87a810
x23: 0000000000000002 x22: ffff0000f90e0ae0 x21: ffff80008f9a9060
x20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000001
x17: ffff800093507000 x16: ffff800080528a28 x15: ffff70001383ad8c
x14: 0000000000000002 x13: 00000000ffffffff x12: 0000000000ff0100
x11: 0000000000080000 x10: 0000000000000003 x9 : 0000000000000000
x8 : 00000000000000c0 x7 : ffff80008950e640 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : ffff80008f0a537d x0 : 0000000000000000
Call trace:
 __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline] (P)
 arch_local_irq_restore+0x8/0xc arch/arm64/include/asm/irqflags.h:195 (P)
 lock_is_held include/linux/lockdep.h:249 [inline]
 rcu_read_lock_held+0x34/0x50 kernel/rcu/update.c:351
 qdisc_lookup_rcu+0x74/0x668 net/sched/sch_api.c:327
 qdisc_tree_reduce_backlog+0x188/0x410 net/sched/sch_api.c:795
 fq_change+0x121c/0x1e0c net/sched/sch_fq.c:1147
 fq_init+0x5fc/0xdec net/sched/sch_fq.c:1201
 qdisc_create+0x6a4/0xce4 net/sched/sch_api.c:1319
 __tc_modify_qdisc net/sched/sch_api.c:1748 [inline]
 tc_modify_qdisc+0x11f4/0x1cd4 net/sched/sch_api.c:1812
 rtnetlink_rcv_msg+0x624/0x97c net/core/rtnetlink.c:6955
 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2552
 rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6973
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg net/socket.c:729 [inline]
 ____sys_sendmsg+0x490/0x7b8 net/socket.c:2614
 ___sys_sendmsg+0x204/0x278 net/socket.c:2668
 __sys_sendmsg net/socket.c:2700 [inline]
 __do_sys_sendmsg net/socket.c:2705 [inline]
 __se_sys_sendmsg net/socket.c:2703 [inline]
 __arm64_sys_sendmsg+0x184/0x238 net/socket.c:2703
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 8191 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : _compound_head include/linux/page-flags.h:284 [inline]
pc : zap_present_ptes mm/memory.c:1564 [inline]
pc : do_zap_pte_range mm/memory.c:1682 [inline]
pc : zap_pte_range mm/memory.c:1726 [inline]
pc : zap_pmd_range mm/memory.c:1818 [inline]
pc : zap_pud_range mm/memory.c:1847 [inline]
pc : zap_p4d_range mm/memory.c:1868 [inline]
pc : unmap_page_range+0xac8/0x3168 mm/memory.c:1889
lr : zap_present_ptes mm/memory.c:1551 [inline]
lr : do_zap_pte_range mm/memory.c:1682 [inline]
lr : zap_pte_range mm/memory.c:1726 [inline]
lr : zap_pmd_range mm/memory.c:1818 [inline]
lr : zap_pud_range mm/memory.c:1847 [inline]
lr : zap_p4d_range mm/memory.c:1868 [inline]
lr : unmap_page_range+0xac4/0x3168 mm/memory.c:1889
sp : ffff80009c7f7220
x29: ffff80009c7f7440 x28: ffff0001024af190 x27: fffffdffc4073980
x26: 00000000000001ce x25: dfff800000000000 x24: 0000ffff8d032000
x23: ffff0000cd5a0000 x22: 0068000141ce7fc3 x21: ffff0001024af190
x20: ffff80009c7f7680 x19: ffff0000c6a2ae40 x18: 1fffe000337a0688
x17: ffff0001fea8c8b0 x16: ffff80008b007340 x15: 0000000000000001
x14: 1fffffbff880e736 x13: 0000000000000000 x12: 0000000000000000
x11: ffff7fbff880e737 x10: 0000000000ff0100 x9 : ffffc1ffc0000000
x8 : 00003c00040739c0 x7 : ffff800080d16554 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0068000141ce7fc3 x1 : 000000000020ac5d x0 : fffffdffc40739c0
Call trace:
 zap_present_ptes mm/memory.c:1552 [inline] (P)
 do_zap_pte_range mm/memory.c:1682 [inline] (P)
 zap_pte_range mm/memory.c:1726 [inline] (P)
 zap_pmd_range mm/memory.c:1818 [inline] (P)
 zap_pud_range mm/memory.c:1847 [inline] (P)
 zap_p4d_range mm/memory.c:1868 [inline] (P)
 unmap_page_range+0xac8/0x3168 mm/memory.c:1889 (P)
 unmap_single_vma mm/memory.c:1932 [inline]
 unmap_vmas+0x264/0x3d4 mm/memory.c:1976
 exit_mmap+0x1bc/0xabc mm/mmap.c:1280
 __mmput+0xec/0x3f4 kernel/fork.c:1130
 mmput+0x70/0xac kernel/fork.c:1152
 exit_mm+0x13c/0x200 kernel/exit.c:582
 do_exit+0x4bc/0x1a14 kernel/exit.c:949
 do_group_exit+0x194/0x22c kernel/exit.c:1102
 get_signal+0x11dc/0x12f8 kernel/signal.c:3034
 do_signal+0x274/0x4434 arch/arm64/kernel/signal.c:1618
 do_notify_resume+0xb0/0x1f4 arch/arm64/kernel/entry-common.c:152
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:173 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:182 [inline]
 el0_svc+0xb8/0x180 arch/arm64/kernel/entry-common.c:880
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596