watchdog: BUG: soft lockup - CPU#0 stuck for 21s! [syz-executor.6:18016]
Modules linked in:
irq event stamp: 2311377
hardirqs last  enabled at (2311376): [<ffffffff8484b4cb>] irqentry_exit+0x3b/0x90
hardirqs last disabled at (2311377): [<ffffffff84849e8f>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (2309360): [<ffffffff811a97ac>] handle_softirqs+0x50c/0x770
softirqs last disabled at (2309367): [<ffffffff811a9b44>] __irq_exit_rcu+0xc4/0x100
CPU: 0 UID: 0 PID: 18016 Comm: syz-executor.6 Not tainted 6.13.0-rc1-next-20241203 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:unwind_next_frame+0x534/0x2490
Code: 84 c6 0f 85 82 16 00 00 4c 89 f6 0f b6 41 05 48 ba 00 00 00 00 00 fc ff df 48 c1 ee 03 0f b6 14 16 4c 89 f6 c0 e8 03 83 e6 07 <83> e0 01 40 38 f2 7f 08 84 d2 0f 85 db 15 00 00 41 88 47 41 44 0f
RSP: 0018:ffff88806ce08c50 EFLAGS: 00000202
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff86bf0cde
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffff88806ce08d18 R08: ffffffff86bf0ce2 R09: ffff88806ce08d00
R10: 000000000003c001 R11: 00000000000c1b35 R12: ffff88806ce08d20
R13: ffff88806ce08d08 R14: ffff88806ce08d01 R15: ffff88806ce08cc0
FS:  00007f4d8fd81700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2f324000 CR3: 000000003c338000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 arch_stack_walk+0x87/0xf0
 stack_trace_save+0x8f/0xc0
 kasan_save_stack+0x24/0x50
 kasan_record_aux_stack+0x89/0xa0
 __call_rcu_common.constprop.0+0x6a/0xaa0
 kmem_cache_free+0x2ae/0x470
 kfree_skbmem+0x152/0x1f0
 tcp_ack+0x1b00/0x5640
 tcp_rcv_established+0xd4d/0x2160
 tcp_v4_do_rcv+0x5cf/0xa50
 tcp_v4_rcv+0x31a0/0x42d0
 ip_protocol_deliver_rcu+0xba/0x480
 ip_local_deliver_finish+0x2f0/0x500
 ip_local_deliver+0x1a3/0x200
 ip_sublist_rcv_finish+0x274/0x570
 ip_list_rcv_finish.constprop.0+0x3fe/0x580
 ip_list_rcv+0x2c5/0x3e0
 __netif_receive_skb_list_core+0x695/0x8d0
 netif_receive_skb_list_internal+0x6c2/0xc90
 napi_complete_done+0x219/0x830
 e1000_clean+0x9ae/0x2540
 __napi_poll+0xb9/0x540
 net_rx_action+0xa08/0xe00
 handle_softirqs+0x1b1/0x770
 __irq_exit_rcu+0xc4/0x100
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__slab_free+0x7f/0x310
Code: c1 e8 1f 4d 85 ed 66 89 5c 24 58 41 89 c6 41 0f 94 c2 66 85 db 74 05 45 84 d2 74 05 45 84 f6 74 42 41 8b 7f 08 4c 8b 4c 24 58 <4c> 89 ea 4c 89 e6 4c 8b 44 24 20 e8 f1 9f ff ff 84 c0 74 9d 4c 89
RSP: 0018:ffff88803e48f990 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 00000000000d000c RCX: 00000000000d000d
RDX: ffff88802ff484a0 RSI: ffffea0000bfd200 RDI: 0000000000089800
RBP: ffff88803e48fa30 R08: 0000000000000001 R09: 00000000000d000c
R10: ffffea0000bfd201 R11: 0000000000000000 R12: ffffea0000bfd200
R13: 0000000000000000 R14: 0000000000000000 R15: ffff888008c4f780
 qlist_free_all+0x50/0x160
 kasan_quarantine_reduce+0x19f/0x240
 __kasan_slab_alloc+0x49/0x70
 kmem_cache_alloc_noprof+0x13d/0x3d0
 taskstats_exit+0x674/0xba0
 do_exit+0x83f/0x2a40
 do_group_exit+0xd3/0x2a0
 get_signal+0x2240/0x2320
 arch_do_signal_or_restart+0x81/0x780
 syscall_exit_to_user_mode+0x123/0x1e0
 do_syscall_64+0xcc/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4d9280bb19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4d8fd81218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f4d9291ef68 RCX: 00007f4d9280bb19
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4d9291ef68
RBP: 00007f4d9291ef60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4d9291ef6c
R13: 00007fff0d95c38f R14: 00007f4d8fd81300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.13.0-rc1-next-20241203 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:hlock_class+0x56/0x130
Code: 20 66 81 e3 ff 1f 0f b7 db be 08 00 00 00 48 89 d8 48 c1 e8 06 48 8d 3c c5 20 0f ef 87 e8 a2 93 5c 00 48 0f a3 1d da d0 bf 06 <73> 16 48 8d 04 9b 48 8d 04 80 48 8d 04 c5 40 13 ef 87 5b e9 02 b8
RSP: 0018:ffff88806cf09c28 EFLAGS: 00000047
RAX: 0000000000000001 RBX: 00000000000000b7 RCX: ffffffff812f3e3e
RDX: fffffbfff0fde1e7 RSI: 0000000000000008 RDI: ffffffff87ef0f30
RBP: ffff88800961d280 R08: 0000000000000000 R09: fffffbfff0fde1e6
R10: ffffffff87ef0f37 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000001 R14: ffff88800961dcc0 R15: ffff88800961dcc0
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f09e4940810 CR3: 000000001c124000 CR4: 0000000000350ef0
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 mark_lock+0xac/0xed0
 __lock_acquire+0x1595/0x4360
 lock_acquire.part.0+0xeb/0x320
 tick_nohz_start_idle+0xa7/0x2a0
 tick_nohz_irq_exit+0x63/0x80
 irq_exit_rcu+0x9/0x20
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:default_idle+0x1e/0x30
Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 eb 0c 0f 1f 44 00 00 0f 00 2d e9 c5 3d 00 0f 1f 44 00 00 fb f4 <fa> e9 7c 2e 02 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
RSP: 0018:ffff8880096cfe68 EFLAGS: 00000202
RAX: 00000000000b159b RBX: 0000000000000001 RCX: ffffffff8484b837
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff812b16da
RBP: dffffc0000000000 R08: 0000000000000001 R09: ffffed100d9e6cba
R10: ffff88806cf365d3 R11: 0000000000000000 R12: ffffffff863fac90
R13: 1ffff110012d9fd2 R14: 0000000000000000 R15: 0000000000000000
 default_idle_call+0x6d/0xb0
 do_idle+0x2fa/0x3b0
 cpu_startup_entry+0x4f/0x60
 start_secondary+0x1c1/0x220
 common_startup_64+0x12c/0x138
 </TASK>
random: crng reseeded on system resumption
random: crng reseeded on system resumption
Restarting kernel threads ... done.
Bluetooth: hci7: command 0x0406 tx timeout
Bluetooth: hci4: command 0x0406 tx timeout
Bluetooth: hci6: command 0x0406 tx timeout
Bluetooth: hci1: command 0x0406 tx timeout
Bluetooth: hci2: command 0x0406 tx timeout
Bluetooth: hci3: command 0x0406 tx timeout
Bluetooth: hci5: command 0x0406 tx timeout
random: crng reseeded on system resumption
random: crng reseeded on system resumption
random: crng reseeded on system resumption
Restarting kernel threads ... done.
random: crng reseeded on system resumption
EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 4127195135 (only 16 groups)
audit: type=1326 audit(1733298711.423:13): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=18133 comm="syz-executor.2" exe="/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f40d4ca3b19 code=0x0
audit: type=1326 audit(1733298711.422:12): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=18133 comm="syz-executor.2" exe="/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f40d4ca3b19 code=0x0
EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 4127195135 (only 16 groups)
EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 4127195135 (only 16 groups)
EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 4127195135 (only 16 groups)
EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 4127195135 (only 16 groups)
EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 4127195135 (only 16 groups)
EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 4127195135 (only 16 groups)
EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 4127195135 (only 16 groups)
EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 4127195135 (only 16 groups)
EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 4127195135 (only 16 groups)
----------------
Code disassembly (best guess):
   0:	84 c6                	test   %al,%dh
   2:	0f 85 82 16 00 00    	jne    0x168a
   8:	4c 89 f6             	mov    %r14,%rsi
   b:	0f b6 41 05          	movzbl 0x5(%rcx),%eax
   f:	48 ba 00 00 00 00 00 	movabs $0xdffffc0000000000,%rdx
  16:	fc ff df
  19:	48 c1 ee 03          	shr    $0x3,%rsi
  1d:	0f b6 14 16          	movzbl (%rsi,%rdx,1),%edx
  21:	4c 89 f6             	mov    %r14,%rsi
  24:	c0 e8 03             	shr    $0x3,%al
  27:	83 e6 07             	and    $0x7,%esi
* 2a:	83 e0 01             	and    $0x1,%eax <-- trapping instruction
  2d:	40 38 f2             	cmp    %sil,%dl
  30:	7f 08                	jg     0x3a
  32:	84 d2                	test   %dl,%dl
  34:	0f 85 db 15 00 00    	jne    0x1615
  3a:	41 88 47 41          	mov    %al,0x41(%r15)
  3e:	44                   	rex.R
  3f:	0f                   	.byte 0xf