watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [syz-executor.7:6160]
Modules linked in:
irq event stamp: 49943
hardirqs last  enabled at (49942): [<ffffffff84400d06>] asm_sysvec_apic_timer_interrupt+0x16/0x20
hardirqs last disabled at (49943): [<ffffffff8422b2cb>] sysvec_apic_timer_interrupt+0xb/0xc0
softirqs last  enabled at (0): [<ffffffff8114c38e>] copy_process+0x1dfe/0x6dd0
softirqs last disabled at (287): [<ffffffff8116cbcb>] __irq_exit_rcu+0x11b/0x180
CPU: 1 PID: 6160 Comm: syz-executor.7 Not tainted 6.0.0-rc2-next-20220826 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:__sbq_wake_up+0x1ca/0x3d0
Code: 63 01 00 00 e8 67 a6 2d ff 4d 85 f6 74 86 e8 5d a6 2d ff be 04 00 00 00 4c 89 f7 e8 70 9c 60 ff b8 ff ff ff ff f0 41 0f c1 06 <8d> 58 ff 31 ff 89 de e8 ea a2 2d ff 85 db 0f 88 1e 01 00 00 e8 2d
RSP: 0018:ffff88806cf09c90 EFLAGS: 00000297
RAX: 00000000edd0468c RBX: 0000000000000004 RCX: ffffffff82181590
RDX: ffffed100139ed41 RSI: 0000000000000004 RDI: ffff888009cf6a00
RBP: 0000000000000004 R08: 0000000000000001 R09: ffff888009cf6a03
R10: ffffed100139ed40 R11: 0000000000000001 R12: ffff888009c57010
R13: ffff888009cf6a48 R14: ffff888009cf6a00 R15: ffff888009c57034
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb0bf2cdad0 CR3: 000000003dc8a000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 sbitmap_queue_clear+0xad/0x210
 blk_mq_put_tag+0xd8/0x160
 __blk_mq_free_request+0x2e0/0x380
 blk_mq_free_request+0x35d/0x500
 __blk_mq_end_request+0x358/0x580
 scsi_end_request+0x472/0x9a0
 scsi_io_completion+0xbc/0x2070
 scsi_complete+0x114/0x560
 blk_complete_reqs+0xb2/0xf0
 __do_softirq+0x1c8/0x8d0
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 sysvec_apic_timer_interrupt+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:__sanitizer_cov_trace_pc+0xd/0x70
Code: a8 01 00 00 e8 b4 ff ff ff 31 c0 e9 ed 7e 1a 03 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 65 8b 05 99 b2 bc 7e 89 c1 48 8b 34 24 <81> e1 00 01 00 00 65 48 8b 14 25 c0 6e 02 00 a9 00 01 ff 00 74 0e
RSP: 0018:ffff88803fcaf610 EFLAGS: 00000293
RAX: 0000000080000001 RBX: 0000000000000000 RCX: 0000000080000001
RDX: ffff888041895040 RSI: ffffffff816e558a RDI: 0000000000000007
RBP: ffffea0000f0f400 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: ffff8880410a05b0 R14: 0000000000000000 R15: ffffea0000f0f400
 page_remove_rmap+0x6a/0x490
 unmap_page_range+0x1c26/0x2a10
 unmap_single_vma+0x190/0x380
 unmap_vmas+0x21e/0x370
 exit_mmap+0x154/0x680
 mmput+0xd1/0x390
 do_exit+0xb44/0x2940
 do_group_exit+0xd0/0x2a0
 get_signal+0x2205/0x24b0
 arch_do_signal_or_restart+0x89/0x1be0
 exit_to_user_mode_prepare+0x131/0x1a0
 syscall_exit_to_user_mode+0x19/0x40
 do_syscall_64+0x48/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f2c38aafb19
Code: Unable to access opcode bytes at RIP 0x7f2c38aafaef.
RSP: 002b:00007f2c35fd2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000001 RBX: 00007f2c38bc30e8 RCX: 00007f2c38aafb19
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2c38bc30ec
RBP: 00007f2c38bc30e0 R08: 0000000000000009 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f2c38bc30ec
R13: 00007ffd2bb1c3cf R14: 00007f2c35fd2300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 9 Comm: kworker/0:1H Not tainted 6.0.0-rc2-next-20220826 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue:  0x0 (kblockd)
RIP: 0010:__kasan_check_read+0x0/0x10
Code: 39 c7 73 0f 0f 0b 48 83 c4 60 5b 5d 41 5c e9 e7 88 e7 02 48 05 00 80 00 00 48 89 fb 48 39 c7 0f 82 7e 2e 9c 02 eb dd cc cc cc <48> 8b 0c 24 89 f6 31 d2 e9 b3 f9 ff ff 0f 1f 00 48 8b 0c 24 89 f6
RSP: 0018:ffff88806ce09b88 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000100
RDX: ffff888008630000 RSI: 0000000000000004 RDI: ffff888009c57034
RBP: ffff888009c57040 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff888009c57010
R13: 0000000000000000 R14: ffff888009f31e00 R15: ffff888009c57034
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f77babea000 CR3: 000000000f4be000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 __sbq_wake_up+0x7f/0x3d0
 sbitmap_queue_clear+0xad/0x210
 blk_mq_put_tag+0xd8/0x160
 __blk_mq_free_request+0x2e0/0x380
 blk_mq_free_request+0x35d/0x500
 __blk_mq_end_request+0x358/0x580
 blk_flush_complete_seq+0x7f8/0xd40
 flush_end_io+0x775/0xc30
 __blk_mq_end_request+0x125/0x580
 scsi_end_request+0x472/0x9a0
 scsi_io_completion+0xbc/0x2070
 scsi_complete+0x114/0x560
 blk_complete_reqs+0xb2/0xf0
 __do_softirq+0x1c8/0x8d0
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 common_interrupt+0xa4/0xc0
 </IRQ>
 <TASK>
 asm_common_interrupt+0x22/0x40
RIP: 0010:_raw_spin_unlock_irq+0x25/0x50
Code: 0f 1f 44 00 00 55 48 8b 74 24 08 48 89 fd 48 83 c7 18 e8 de 40 05 fd 48 89 ef e8 46 b6 05 fd e8 31 d2 27 fd fb bf 01 00 00 00 <e8> 06 43 fb fc 65 8b 05 7f ab dd 7b 85 c0 74 06 5d e9 b5 77 3b 00
RSP: 0018:ffff88800863fe48 EFLAGS: 00000202
RAX: 0000000000030ccb RBX: ffff888008630000 RCX: 1ffffffff0b5e569
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffff88806ce378c8 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: ffff88800c378330 R14: ffff88806ce378c8 R15: ffff888008422a00
 worker_thread+0x15a/0x1260
 kthread+0x2ed/0x3a0
 ret_from_fork+0x22/0x30
 </TASK>
----------------
Code disassembly (best guess):
   0:	63 01                	movsxd (%rcx),%eax
   2:	00 00                	add    %al,(%rax)
   4:	e8 67 a6 2d ff       	callq  0xff2da670
   9:	4d 85 f6             	test   %r14,%r14
   c:	74 86                	je     0xffffff94
   e:	e8 5d a6 2d ff       	callq  0xff2da670
  13:	be 04 00 00 00       	mov    $0x4,%esi
  18:	4c 89 f7             	mov    %r14,%rdi
  1b:	e8 70 9c 60 ff       	callq  0xff609c90
  20:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
  25:	f0 41 0f c1 06       	lock xadd %eax,(%r14)
* 2a:	8d 58 ff             	lea    -0x1(%rax),%ebx <-- trapping instruction
  2d:	31 ff                	xor    %edi,%edi
  2f:	89 de                	mov    %ebx,%esi
  31:	e8 ea a2 2d ff       	callq  0xff2da320
  36:	85 db                	test   %ebx,%ebx
  38:	0f 88 1e 01 00 00    	js     0x15c
  3e:	e8                   	.byte 0xe8
  3f:	2d                   	.byte 0x2d