warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz-executor.4:4815]
Modules linked in:
irq event stamp: 4579444
hardirqs last  enabled at (4579443): [<ffffffff84200ccb>] asm_sysvec_apic_timer_interrupt+0x1b/0x20
hardirqs last disabled at (4579444): [<ffffffff8416c57b>] sysvec_apic_timer_interrupt+0xb/0xc0
softirqs last  enabled at (28106): [<ffffffff81168cb3>] __irq_exit_rcu+0x113/0x170
softirqs last disabled at (27645): [<ffffffff81168cb3>] __irq_exit_rcu+0x113/0x170
CPU: 0 PID: 4815 Comm: syz-executor.4 Not tainted 5.18.0-next-20220531 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:obj_cgroup_charge+0x250/0x870
Code: 85 35 05 00 00 49 c7 44 24 28 00 00 00 00 48 c7 c6 7b f0 79 81 4c 89 e7 e8 cd 2a af ff 4d 85 f6 74 06 e8 b3 38 d1 ff fb 31 c0 <45> 84 ff 0f 85 f2 00 00 00 49 89 df 81 e3 ff 0f 00 00 49 c1 ef 0c
RSP: 0018:ffff8880453379c0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000048 RCX: ffffffff81287b4f
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff88800f710d00 R08: 0000000000000001 R09: ffffffff86a5d83f
R10: fffffbfff0d4bb07 R11: 0000000000000001 R12: ffff88806ce34be0
R13: ffffffff86dea780 R14: 0000000000000200 R15: 0000000000000001
FS:  00007f5a8c95d700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000000 CR3: 00000000439be000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 kmem_cache_alloc_trace+0x96/0x3c0
 io_cqring_event_overflow+0xb9/0x650
 __io_req_complete_post+0x45e/0x530
 io_req_complete_post+0x56/0x1d0
 io_queue_async+0x83/0x220
 io_submit_sqes+0x437d/0x7e50
 __do_sys_io_uring_enter+0x107f/0x2280
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f5a8f3e7b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5a8c95d188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
RAX: ffffffffffffffda RBX: 00007f5a8f4faf60 RCX: 00007f5a8f3e7b19
RDX: 0000000000000000 RSI: 0000000000007fd6 RDI: 0000000000000003
RBP: 00007f5a8f441f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe2e5a02cf R14: 00007f5a8c95d300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 4814 Comm: syz-executor.1 Not tainted 5.18.0-next-20220531 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:rcu_lockdep_current_cpu_online+0x57/0x130
Code: 4f ac e6 02 48 c7 c3 c0 8a 03 00 48 ba 00 00 00 00 00 fc ff df 89 c0 48 8d 3c c5 e0 d8 f3 84 48 89 f9 48 c1 e9 03 80 3c 11 00 <0f> 85 b9 00 00 00 48 03 1c c5 e0 d8 f3 84 48 b8 00 00 00 00 00 fc
RSP: 0018:ffff88806cf09a98 EFLAGS: 00000046
RAX: 0000000000000001 RBX: 0000000000038ac0 RCX: 1ffffffff09e7b1d
RDX: dffffc0000000000 RSI: 0000000000010003 RDI: ffffffff84f3d8e8
RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff858eaf17
R10: fffffbfff0b1d5e2 R11: 0000000000000001 R12: 0000000000000001
R13: 0000000000000000 R14: ffffffff85223508 R15: 0000000000000000
FS:  00007f4f25344700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f63137e4718 CR3: 00000000439ba000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 rcu_read_lock_sched_held+0x25/0x70
 lock_acquire+0x45a/0x530
 ktime_get+0x7c/0x1f0
 perf_swevent_hrtimer+0x250/0x400
 __hrtimer_run_queues+0x1ca/0xbd0
 hrtimer_interrupt+0x315/0x770
 __sysvec_apic_timer_interrupt+0x144/0x4f0
 sysvec_apic_timer_interrupt+0x89/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1b/0x20
RIP: 0010:filter_irq_stacks+0x51/0x90
Code: 4b 48 8b 07 48 3d b0 01 20 84 72 18 48 3d 90 0e 20 84 73 10 44 8d 63 01 48 83 c4 08 44 89 e0 5b 5d 41 5c c3 48 3d 00 00 40 84 <72> 08 48 3d c7 08 40 84 72 e0 83 c3 01 48 83 c7 08 41 39 dc 75 b4
RSP: 0018:ffff88800f177798 EFLAGS: 00000283
RAX: ffffffff8192fb79 RBX: 0000000000000002 RCX: 0000000000000001
RDX: 0000000000400820 RSI: 000000000000000a RDI: ffff88800f177828
RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 000000000000000a
R13: 0000000000400820 R14: ffff88800f177818 R15: 0000000000000020
 __stack_depot_save+0x35/0x450
 kasan_save_stack+0x2e/0x40
 __kasan_kmalloc+0x81/0xa0
 io_cqring_event_overflow+0xb9/0x650
 __io_req_complete_post+0x45e/0x530
 io_req_complete_post+0x56/0x1d0
 io_queue_async+0x83/0x220
 io_submit_sqes+0x437d/0x7e50
 __do_sys_io_uring_enter+0x107f/0x2280
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f4f27dceb19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4f25344188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
RAX: ffffffffffffffda RBX: 00007f4f27ee1f60 RCX: 00007f4f27dceb19
RDX: 0000000000000000 RSI: 0000000000007fd6 RDI: 0000000000000003
RBP: 00007f4f27e28f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffd2c6f73f R14: 00007f4f25344300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	85 35 05 00 00 49    	test   %esi,0x49000005(%rip)        # 0x4900000b
   6:	c7 44 24 28 00 00 00 	movl   $0x0,0x28(%rsp)
   d:	00
   e:	48 c7 c6 7b f0 79 81 	mov    $0xffffffff8179f07b,%rsi
  15:	4c 89 e7             	mov    %r12,%rdi
  18:	e8 cd 2a af ff       	callq  0xffaf2aea
  1d:	4d 85 f6             	test   %r14,%r14
  20:	74 06                	je     0x28
  22:	e8 b3 38 d1 ff       	callq  0xffd138da
  27:	fb                   	sti
  28:	31 c0                	xor    %eax,%eax
* 2a:	45 84 ff             	test   %r15b,%r15b <-- trapping instruction
  2d:	0f 85 f2 00 00 00    	jne    0x125
  33:	49 89 df             	mov    %rbx,%r15
  36:	81 e3 ff 0f 00 00    	and    $0xfff,%ebx
  3c:	49 c1 ef 0c          	shr    $0xc,%r15