watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.2:90053]
Modules linked in:
irq event stamp: 47300
hardirqs last  enabled at (47299): [<ffffffff84b7e57b>] irqentry_exit+0x3b/0x90
hardirqs last disabled at (47300): [<ffffffff84b7d1af>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (47178): [<ffffffff813b5e3c>] handle_softirqs+0x50c/0x770
softirqs last disabled at (47173): [<ffffffff813b61d4>] __irq_exit_rcu+0xc4/0x100
CPU: 1 UID: 0 PID: 90053 Comm: syz-executor.2 Not tainted 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:queued_spin_lock_slowpath+0x240/0xb60
Code: 02 48 89 e8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 85 08 00 00 b8 01 00 00 00 66 89 45 00 e9 c0 fe ff ff 89 44 24 38 f3 90 <e9> 5c fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03
RSP: 0018:ffff88804fc7f678 EFLAGS: 00000202
RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff84ba2d8e
RDX: fffffbfff0ba92c5 RSI: 0000000000000004 RDI: ffffffff85d49620
RBP: ffffffff85d49620 R08: 0000000000000000 R09: fffffbfff0ba92c4
R10: ffffffff85d49623 R11: 0000000000000001 R12: 1ffff11009f8fed0
R13: 0000000000000003 R14: fffffbfff0ba92c4 R15: ffff88804fc7f6b0
FS:  00007f87e5c35700(0000) GS:ffff8880e56f3000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020005880 CR3: 000000004fc2f000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 do_raw_spin_lock+0x1dc/0x260
 __register_sysctl_table+0x641/0x16a0
 register_pidns_sysctls+0x119/0x1c0
 copy_pid_ns+0x54c/0xd20
 create_new_namespaces+0x2b2/0xab0
 copy_namespaces+0x45c/0x580
 copy_process+0x26d5/0x73b0
 kernel_clone+0xea/0x820
 __do_sys_clone3+0x1f5/0x280
 do_syscall_64+0xbf/0x360
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f87e86bfb19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f87e5c35188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
RAX: ffffffffffffffda RBX: 00007f87e87d2f60 RCX: 00007f87e86bfb19
RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020005880
RBP: 00007f87e8719f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff4fbc495f R14: 00007f87e5c35300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 89415 Comm: syz-executor.6 Not tainted 6.16.0-rc4-next-20250704 #1 PREEMPT(voluntary) 
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:native_apic_msr_eoi+0xf/0x20
Code: 01 00 00 00 e9 a2 bf 86 03 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 31 c0 b9 0b 08 00 00 89 c2 0f 30 <e9> 7c bf 86 03 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
RSP: 0018:ffff88806ce088c0 EFLAGS: 00000046
RAX: 0000000000000000 RBX: ffff8880e55f3000 RCX: 000000000000080b
RDX: 0000000000000000 RSI: ffffffff8134a781 RDI: 0000000000000001
RBP: ffff88806ce08908 R08: 0000000000000001 R09: ffffed100d9c4751
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f2149ecb700(0000) GS:ffff8880e55f3000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0a2b136545 CR3: 0000000049663000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 kvm_guest_apic_eoi_write+0x46/0x50
 __sysvec_irq_work+0xf/0x360
 sysvec_irq_work+0x5f/0xc0
 asm_sysvec_irq_work+0x1a/0x20
RIP: 0010:__rcu_read_unlock+0xc6/0x4f0
Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 77 01 00 00 8b 85 00 04 00 00 85 c0 75 57 <65> 48 8b 1d 0a 1c 27 06 48 8d bb fc 03 00 00 48 b8 00 00 00 00 00
RSP: 0018:ffff88806ce089b0 EFLAGS: 00000206
RAX: 000000000000054e RBX: ffff88806ce37d40 RCX: 0000000000000004
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff815bb53e
RBP: ffffffff85c28680 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff86438757 R11: 0000000000000001 R12: 0000000000000001
R13: ffff88806ce08a00 R14: 0000000000000200 R15: ffff88806ce08a50
 unwind_next_frame+0x3bc/0x2540
 arch_stack_walk+0x86/0xf0
 stack_trace_save+0x8e/0xc0
 kasan_save_stack+0x24/0x50
 kasan_record_aux_stack+0x89/0xa0
 __call_rcu_common.constprop.0+0x70/0x960
 kmem_cache_free+0x2ed/0x460
 rcu_core+0x7c8/0x1790
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:find_entry.isra.0+0xfa/0x280
Code: 48 c1 e8 03 80 3c 28 00 0f 85 38 01 00 00 4c 8b 7b 18 4c 89 f8 48 c1 e8 03 80 3c 28 00 0f 85 44 01 00 00 49 8d 7f 40 4d 8b 27 <48> 89 f8 48 c1 e8 03 80 3c 28 00 0f 85 22 01 00 00 48 89 d8 49 2b
RSP: 0018:ffff88804b027600 EFLAGS: 00000246
RAX: 1ffff110012d0c00 RBX: ffff888009686058 RCX: ffffc90001e14000
RDX: 0000000000040000 RSI: ffffffff81d7fb69 RDI: ffff888009686040
RBP: dffffc0000000000 R08: 0000000000000001 R09: ffffed1009604eec
R10: 00000000fffffff7 R11: 0000000000000001 R12: ffff888009686098
R13: 00000000fffffff7 R14: 0000000000000007 R15: ffff888009686000
 get_links.part.0+0x14e/0x4b0
 insert_header+0x2a4/0x15f0
 __register_sysctl_table+0x723/0x16a0
 register_pidns_sysctls+0x119/0x1c0
 copy_pid_ns+0x54c/0xd20
 create_new_namespaces+0x2b2/0xab0
 copy_namespaces+0x45c/0x580
 copy_process+0x26d5/0x73b0
 kernel_clone+0xea/0x820
 __do_sys_clone3+0x1f5/0x280
 do_syscall_64+0xbf/0x360
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f214c955b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2149ecb188 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
RAX: ffffffffffffffda RBX: 00007f214ca68f60 RCX: 00007f214c955b19
RDX: 0000000000000000 RSI: 0000000000000058 RDI: 0000000020005880
RBP: 00007f214c9aff6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcf321eaaf R14: 00007f2149ecb300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	02 48 89             	add    -0x77(%rax),%cl
   3:	e8 83 e0 07 83       	callq  0x8307e08b
   8:	c0 01 38             	rolb   $0x38,(%rcx)
   b:	d0 7c 08 84          	sarb   -0x7c(%rax,%rcx,1)
   f:	d2 0f                	rorb   %cl,(%rdi)
  11:	85 85 08 00 00 b8    	test   %eax,-0x47fffff8(%rbp)
  17:	01 00                	add    %eax,(%rax)
  19:	00 00                	add    %al,(%rax)
  1b:	66 89 45 00          	mov    %ax,0x0(%rbp)
  1f:	e9 c0 fe ff ff       	jmpq   0xfffffee4
  24:	89 44 24 38          	mov    %eax,0x38(%rsp)
  28:	f3 90                	pause
* 2a:	e9 5c fe ff ff       	jmpq   0xfffffe8b <-- trapping instruction
  2f:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  36:	fc ff df
  39:	48 89 fa             	mov    %rdi,%rdx
  3c:	48 c1 ea 03          	shr    $0x3,%rdx