watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor.3:4195]
Modules linked in:
irq event stamp: 227776
hardirqs last  enabled at (227775): [<ffffffff84bb91eb>] irqentry_exit+0x3b/0x90
hardirqs last disabled at (227776): [<ffffffff84bb7e0f>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (227698): [<ffffffff813bafcc>] handle_softirqs+0x50c/0x770
softirqs last disabled at (227693): [<ffffffff813bb364>] __irq_exit_rcu+0xc4/0x100
CPU: 0 UID: 0 PID: 4195 Comm: syz-executor.3 Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x80
Code: 4a 03 48 c7 c0 f4 ff ff ff eb 92 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 34 24 <65> 48 8b 15 88 48 10 06 65 8b 05 99 48 10 06 a9 00 01 ff 00 74 27
RSP: 0018:ffff88803bf676f0 EFLAGS: 00000202
RAX: 0000000000000000 RBX: ffff88806cf3c300 RCX: ffffffff816880fc
RDX: ffff88803c15d280 RSI: ffffffff816880d6 RDI: 0000000000000005
RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000001 R11: 1ffff1100d9c6bb1 R12: ffffed100d9e7861
R13: ffff88806cf3c308 R14: 0000000000000001 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880e55dd000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f76a9fca310 CR3: 00000000348b8000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 smp_call_function_many_cond+0xa36/0x1110
 on_each_cpu_cond_mask+0x57/0xa0
 kvm_flush_tlb_multi+0x1e8/0x320
 flush_tlb_mm_range+0x3fc/0x1420
 tlb_finish_mmu+0x3d5/0x7e0
 exit_mmap+0x3a4/0xaa0
 mmput+0xd5/0x390
 do_exit+0x79d/0x2970
 do_group_exit+0xd3/0x2a0
 get_signal+0x2315/0x2340
 arch_do_signal_or_restart+0x80/0x790
 exit_to_user_mode_loop+0x8b/0x110
 do_syscall_64+0x2f7/0x360
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa270c6fb19
Code: Unable to access opcode bytes at 0x7fa270c6faef.
RSP: 002b:00007fa26e1e5218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007fa270d82f68 RCX: 00007fa270c6fb19
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa270d82f68
RBP: 00007fa270d82f60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa270d82f6c
R13: 00007ffdb312729f R14: 00007fa26e1e5300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 4254 Comm: modprobe Tainted: G        W           6.17.0-rc3-next-20250829 #1 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:__mm_cid_try_get.constprop.0+0x393/0x490
Code: 89 c3 89 c2 89 54 24 68 0f b6 55 00 84 d2 74 09 80 fa 03 0f 8e b0 00 00 00 41 8b 95 d8 00 00 00 39 da 0f 87 38 ff ff ff f3 90 <41> 80 3e 00 0f 85 ad 00 00 00 49 8b 04 24 48 83 f8 ff 75 ba ba 40
RSP: 0018:ffff88803bb4f580 EFLAGS: 00000046
RAX: 0000000000000002 RBX: 0000000000000002 RCX: dffffc0000000000
RDX: 0000000000000002 RSI: 0000000000000008 RDI: ffff88800f6d09d0
RBP: ffffed1001eda01b R08: 0000000000000001 R09: ffffed1001eda13a
R10: ffff88800f6d09d7 R11: ffff88803c832038 R12: ffff88800f6d09d0
R13: ffff88800f6d0000 R14: ffffed1001eda13a R15: ffff88800f6d00c4
FS:  0000000000000000(0000) GS:ffff8880e56dd000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb06840f6f4 CR3: 000000000e747000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 mm_cid_get.isra.0+0x16a/0x570
 __schedule+0x1744/0x3590
 __cond_resched+0x4c/0x80
 unmap_page_range+0x1090/0x36d0
 unmap_single_vma.constprop.0+0x153/0x230
 unmap_vmas+0x1d6/0x430
 exit_mmap+0x181/0xaa0
 mmput+0xd5/0x390
 do_exit+0x79d/0x2970
 do_group_exit+0xd3/0x2a0
 __x64_sys_exit_group+0x3e/0x50
 x64_sys_call+0x18c5/0x18d0
 do_syscall_64+0xbf/0x360
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb068007699
Code: Unable to access opcode bytes at 0x7fb06800766f.
RSP: 002b:00007ffc0dea6ac8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007fb0680fc610 RCX: 00007fb068007699
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffffffffff80 R09: 0000000000000001
R10: 0000000000000004 R11: 0000000000000246 R12: 00007fb0680fc610
R13: 0000000000000001 R14: 00007fb0680fcae8 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	48 c7 c0 f4 ff ff ff 	mov    $0xfffffffffffffff4,%rax
   7:	eb 92                	jmp    0xffffff9b
   9:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	f3 0f 1e fa          	endbr64
  24:	48 8b 34 24          	mov    (%rsp),%rsi
* 28:	65 48 8b 15 88 48 10 	mov    %gs:0x6104888(%rip),%rdx        # 0x61048b8 <-- trapping instruction
  2f:	06
  30:	65 8b 05 99 48 10 06 	mov    %gs:0x6104899(%rip),%eax        # 0x61048d0
  37:	a9 00 01 ff 00       	test   $0xff0100,%eax
  3c:	74 27                	je     0x65