watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.5:297]
Modules linked in:
irq event stamp: 3815145
hardirqs last  enabled at (3815144): [<ffffffff84400d06>] asm_sysvec_apic_timer_interrupt+0x16/0x20
hardirqs last disabled at (3815145): [<ffffffff8422c43b>] sysvec_apic_timer_interrupt+0xb/0xc0
softirqs last  enabled at (3766706): [<ffffffff8116ebcb>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (3768063): [<ffffffff8116ebcb>] __irq_exit_rcu+0x11b/0x180
CPU: 1 PID: 297 Comm: syz-executor.5 Not tainted 6.0.0-rc3-next-20220829 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x4/0x20
Code: 84 00 00 00 00 00 48 8b 0c 24 0f b7 d6 0f b7 f7 bf 03 00 00 00 e9 bc fe ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 48 8b 0c 24 <89> f2 89 fe bf 05 00 00 00 e9 9e fe ff ff 66 66 2e 0f 1f 84 00 00
RSP: 0018:ffff88806cf09c88 EFLAGS: 00000246
RAX: 00000000f0e9d117 RBX: 00000000f0e9d116 RCX: ffffffff82183566
RDX: ffffed10014cc571 RSI: 00000000f0e9d116 RDI: 0000000000000000
RBP: 0000000000000007 R08: 0000000000000001 R09: ffff88800a662b83
R10: ffffed10014cc570 R11: 0000000000000001 R12: ffff88800f8f4410
R13: ffff88800a662bc8 R14: ffff88800a662b80 R15: ffff88800f8f4434
FS:  00005555559bc400(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe4815666f4 CR3: 000000003942c000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 __sbq_wake_up+0x1d6/0x3d0
 sbitmap_queue_clear+0xad/0x210
 blk_mq_put_tag+0xd8/0x160
 __blk_mq_free_request+0x2e0/0x380
 blk_mq_free_request+0x35d/0x500
 __blk_mq_end_request+0x358/0x580
 scsi_end_request+0x472/0x9a0
 scsi_io_completion+0xbc/0x2070
 scsi_complete+0x114/0x560
 blk_complete_reqs+0xb2/0xf0
 __do_softirq+0x1c8/0x8d0
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 sysvec_call_function_single+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_call_function_single+0x16/0x20
RIP: 0010:_raw_spin_unlock_irqrestore+0x2e/0x60
Code: 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 4a 4e 05 fd 48 89 ef e8 b2 c3 05 fd 80 e7 02 74 06 e8 68 df 27 fd fb bf 01 00 00 00 <e8> 0d 51 fb fc 65 8b 05 b6 99 dd 7b 85 c0 74 07 5b 5d e9 2b 66 3b
RSP: 0018:ffff8880188efc70 EFLAGS: 00000202
RAX: 0000000000397efd RBX: 0000000000000246 RCX: 1ffffffff0b5e5a1
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffff88806cf2a640 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
R13: 0000000000000001 R14: ffff8880188efdd8 R15: ffff88800d729ac0
 do_nanosleep+0x131/0x690
 hrtimer_nanosleep+0x257/0x6b0
 common_nsleep+0xa6/0xd0
 __x64_sys_clock_nanosleep+0x2fb/0x420
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f68827328e1
Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 aa e7 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 e3 e7 ff ff 48 8b 04 24 eb 97 66 2e 0f 1f
RSP: 002b:00007fff0301d120 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: ffffffffffffffda RBX: 0000000000000477 RCX: 00007f68827328e1
RDX: 00007fff0301d160 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007fff0301d1ec R08: 0000000000000000 R09: 00007fff03061080
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
R13: 0000000000220261 R14: 000000000000000c R15: 00007fff0301d250
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 13452 Comm: syz-executor.1 Not tainted 6.0.0-rc3-next-20220829 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:__sanitizer_cov_trace_pc+0xd/0x70
Code: a8 01 00 00 e8 b4 ff ff ff 31 c0 e9 2d 60 1a 03 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 65 8b 05 99 93 bc 7e 89 c1 48 8b 34 24 <81> e1 00 01 00 00 65 48 8b 14 25 c0 6e 02 00 a9 00 01 ff 00 74 0e
RSP: 0018:ffff88806ce09cc8 EFLAGS: 00000202
RAX: 0000000000000101 RBX: 0000000000000001 RCX: 0000000000000101
RDX: ffff88801b761ac0 RSI: ffffffff821848c5 RDI: 0000000000000001
RBP: ffff88800f8f4410 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: ffff88800f926200 R15: ffffe8ffffc03400
FS:  00007f5b118ca700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005597aff6a4c8 CR3: 0000000045fbe000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 sbitmap_queue_clear+0xa5/0x210
 blk_mq_put_tag+0xd8/0x160
 __blk_mq_free_request+0x2e0/0x380
 blk_mq_free_request+0x35d/0x500
 __blk_mq_end_request+0x358/0x580
 scsi_end_request+0x472/0x9a0
 scsi_io_completion+0xbc/0x2070
 scsi_complete+0x114/0x560
 blk_complete_reqs+0xb2/0xf0
 __do_softirq+0x1c8/0x8d0
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 common_interrupt+0xa4/0xc0
 </IRQ>
 <TASK>
 asm_common_interrupt+0x22/0x40
RIP: 0010:lock_acquire+0x1db/0x530
Code: 02 b8 ff ff ff ff 65 0f c1 05 a1 4b d8 7e 83 f8 01 0f 85 c8 02 00 00 48 83 7c 24 08 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24
RSP: 0018:ffff888044a6f0c0 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: 1ffff1100894de1a RCX: 00000000000061b5
RDX: 1ffff110036ec486 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff86cb4847
R10: fffffbfff0d96908 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8880490db7a0 R15: 0000000000000000
 _raw_spin_lock+0x2a/0x40
 do_get_write_access+0x120/0xf50
 jbd2_journal_get_write_access+0x126/0x190
 __ext4_journal_get_write_access+0x1ba/0x440
 ext4_reserve_inode_write+0x18b/0x270
 __ext4_mark_inode_dirty+0x15a/0x880
 ext4_dirty_inode+0xd4/0x110
 __mark_inode_dirty+0x455/0xf00
 generic_write_end+0x315/0x3d0
 ext4_da_write_end+0x15e/0x930
 generic_perform_write+0x308/0x570
 ext4_buffered_write_iter+0x164/0x460
 ext4_file_write_iter+0x3d5/0x1820
 do_iter_readv_writev+0x211/0x3c0
 do_iter_write+0x18b/0x700
 vfs_iter_write+0x70/0xa0
 iter_file_splice_write+0x73a/0xca0
 direct_splice_actor+0x10f/0x170
 splice_direct_to_actor+0x336/0x8c0
 do_splice_direct+0x1b8/0x290
 do_sendfile+0xb1d/0x1280
 __x64_sys_sendfile64+0x1d1/0x210
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f5b14375b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5b118ca188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f5b14489020 RCX: 00007f5b14375b19
RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007
RBP: 00007f5b143cff6d R08: 0000000000000000 R09: 0000000000000000
R10: 00000000fffffdef R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd43c6a3ef R14: 00007f5b118ca300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	84 00                	test   %al,(%rax)
   2:	00 00                	add    %al,(%rax)
   4:	00 00                	add    %al,(%rax)
   6:	48 8b 0c 24          	mov    (%rsp),%rcx
   a:	0f b7 d6             	movzwl %si,%edx
   d:	0f b7 f7             	movzwl %di,%esi
  10:	bf 03 00 00 00       	mov    $0x3,%edi
  15:	e9 bc fe ff ff       	jmpq   0xfffffed6
  1a:	66 66 2e 0f 1f 84 00 	data16 nopw %cs:0x0(%rax,%rax,1)
  21:	00 00 00 00
  25:	90                   	nop
  26:	48 8b 0c 24          	mov    (%rsp),%rcx
* 2a:	89 f2                	mov    %esi,%edx <-- trapping instruction
  2c:	89 fe                	mov    %edi,%esi
  2e:	bf 05 00 00 00       	mov    $0x5,%edi
  33:	e9 9e fe ff ff       	jmpq   0xfffffed6
  38:	66                   	data16
  39:	66                   	data16
  3a:	2e                   	cs
  3b:	0f                   	.byte 0xf
  3c:	1f                   	(bad)
  3d:	84 00                	test   %al,(%rax)