watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [kworker/0:1H:9]
Modules linked in:
irq event stamp: 91933
hardirqs last  enabled at (91932): [<ffffffff84400d06>] asm_sysvec_apic_timer_interrupt+0x16/0x20
hardirqs last disabled at (91933): [<ffffffff8422c43b>] sysvec_apic_timer_interrupt+0xb/0xc0
softirqs last  enabled at (39618): [<ffffffff8116ebcb>] __irq_exit_rcu+0x11b/0x180
softirqs last disabled at (39663): [<ffffffff8116ebcb>] __irq_exit_rcu+0x11b/0x180
CPU: 0 PID: 9 Comm: kworker/0:1H Not tainted 6.0.0-rc3-next-20220829 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue:  0x0 (kblockd)
RIP: 0010:__sbq_wake_up+0x1ca/0x3d0
Code: 63 01 00 00 e8 a7 a5 2d ff 4d 85 f6 74 86 e8 9d a5 2d ff be 04 00 00 00 4c 89 f7 e8 c0 9e 60 ff b8 ff ff ff ff f0 41 0f c1 06 <8d> 58 ff 31 ff 89 de e8 2a a2 2d ff 85 db 0f 88 1e 01 00 00 e8 6d
RSP: 0018:ffff88806ce09c90 EFLAGS: 00000297
RAX: 00000000ef079f29 RBX: 0000000000000003 RCX: ffffffff82183550
RDX: ffffed1001ee2331 RSI: 0000000000000004 RDI: ffff88800f711980
RBP: 0000000000000003 R08: 0000000000000001 R09: ffff88800f711983
R10: ffffed1001ee2330 R11: 0000000000000001 R12: ffff88800c802610
R13: ffff88800f7119c8 R14: ffff88800f711980 R15: ffff88800c802634
FS:  0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1f0524e7a0 CR3: 00000000371de000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 sbitmap_queue_clear+0xad/0x210
 blk_mq_put_tag+0xd8/0x160
 __blk_mq_free_request+0x2e0/0x380
 blk_mq_free_request+0x35d/0x500
 __blk_mq_end_request+0x358/0x580
 scsi_end_request+0x472/0x9a0
 scsi_io_completion+0xbc/0x2070
 scsi_complete+0x114/0x560
 blk_complete_reqs+0xb2/0xf0
 __do_softirq+0x1c8/0x8d0
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 common_interrupt+0xa4/0xc0
 </IRQ>
 <TASK>
 asm_common_interrupt+0x22/0x40
RIP: 0010:finish_task_switch.isra.0+0x237/0x8a0
Code: 89 ff 48 c7 03 00 00 00 00 e8 b5 c7 3f 03 4d 85 e4 75 ba 4c 89 ff e8 98 62 04 03 e8 e3 42 2c 00 fb 65 48 8b 1c 25 c0 6e 02 00 <48> 8d bb 10 14 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
RSP: 0018:ffff88800863fd00 EFLAGS: 00000206
RAX: 0000000000009aed RBX: ffff888008630000 RCX: 1ffffffff0b5e5a1
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff88800863fd40 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88806ce37cd8
R13: ffff888045611ac0 R14: ffff8880086304b0 R15: ffff88806ce37cc0
 __schedule+0x89b/0x24a0
 schedule+0xda/0x1b0
 worker_thread+0x15f/0x1260
 kthread+0x2ed/0x3a0
 ret_from_fork+0x22/0x30
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 295 Comm: syz-executor.2 Not tainted 6.0.0-rc3-next-20220829 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:__kasan_check_read+0x4/0x10
Code: 0f 0b 48 83 c4 60 5b 5d 41 5c e9 17 67 e7 02 48 05 00 80 00 00 48 89 fb 48 39 c7 0f 82 b8 1c 9c 02 eb dd cc cc cc 48 8b 0c 24 <89> f6 31 d2 e9 b3 f9 ff ff 0f 1f 00 48 8b 0c 24 89 f6 ba 01 00 00
RSP: 0018:ffff88806cf09c88 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff821834f4
RDX: ffff888018979ac0 RSI: 0000000000000004 RDI: ffff88800c802634
RBP: 0000000000000000 R08: 0000000000000180 R09: ffff88800c802637
R10: ffffed10019004c6 R11: 0000000000000001 R12: ffff88800c802610
R13: ffff88800f7119c8 R14: ffff88800f711980 R15: ffff88800c802634
FS:  0000555556722400(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2df22000 CR3: 000000000ddda000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 __sbq_wake_up+0x164/0x3d0
 sbitmap_queue_clear+0xad/0x210
 blk_mq_put_tag+0xd8/0x160
 __blk_mq_free_request+0x2e0/0x380
 blk_mq_free_request+0x35d/0x500
 __blk_mq_end_request+0x358/0x580
 scsi_end_request+0x472/0x9a0
 scsi_io_completion+0xbc/0x2070
 scsi_complete+0x114/0x560
 blk_complete_reqs+0xb2/0xf0
 __do_softirq+0x1c8/0x8d0
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 sysvec_call_function_single+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_call_function_single+0x16/0x20
RIP: 0010:syscall_enter_from_user_mode+0x27/0x50
Code: fd 66 90 41 54 49 89 f4 55 48 89 fd 48 8b 7c 24 10 e8 dd fa ff ff e8 58 e4 29 fd e8 33 e2 29 fd fb 65 48 8b 04 25 c0 6e 02 00 <48> 8b 70 08 40 f6 c6 3f 75 0b 4c 89 e0 5d 41 5c e9 f4 68 3d 00 48
RSP: 0018:ffff888017c1ff28 EFLAGS: 00000202
RAX: ffff888018979ac0 RBX: 0000000000000000 RCX: 1ffffffff0b5e5a1
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff888017c1ff58 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000001 R12: 000000000000003d
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 do_syscall_64+0x16/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f047df51fb7
Code: 89 7c 24 10 48 89 4c 24 18 e8 d5 50 02 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 05 51 02 00 8b 44
RSP: 002b:00007ffeb4f15460 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
RAX: ffffffffffffffda RBX: 00000000000000dd RCX: 00007f047df51fb7
RDX: 0000000040000001 RSI: 00007ffeb4f154ec RDI: 00000000ffffffff
RBP: 00007ffeb4f154ec R08: 0000000000000000 R09: 00007ffeb4f5b080
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
R13: 000000000003550a R14: 0000000000000003 R15: 00007ffeb4f15550
 </TASK>
----------------
Code disassembly (best guess):
   0:	63 01                	movsxd (%rcx),%eax
   2:	00 00                	add    %al,(%rax)
   4:	e8 a7 a5 2d ff       	callq  0xff2da5b0
   9:	4d 85 f6             	test   %r14,%r14
   c:	74 86                	je     0xffffff94
   e:	e8 9d a5 2d ff       	callq  0xff2da5b0
  13:	be 04 00 00 00       	mov    $0x4,%esi
  18:	4c 89 f7             	mov    %r14,%rdi
  1b:	e8 c0 9e 60 ff       	callq  0xff609ee0
  20:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
  25:	f0 41 0f c1 06       	lock xadd %eax,(%r14)
* 2a:	8d 58 ff             	lea    -0x1(%rax),%ebx <-- trapping instruction
  2d:	31 ff                	xor    %edi,%edi
  2f:	89 de                	mov    %ebx,%esi
  31:	e8 2a a2 2d ff       	callq  0xff2da260
  36:	85 db                	test   %ebx,%ebx
  38:	0f 88 1e 01 00 00    	js     0x15c
  3e:	e8                   	.byte 0xe8
  3f:	6d                   	insl   (%dx),%es:(%rdi)