watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [syz.0.454:1549] Modules linked in: CPU: 0 PID: 1549 Comm: syz.0.454 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:__memcpy+0x0/0x20 arch/x86/lib/memcpy_64.S:31 Code: e1 07 38 c1 7c b2 4c 89 f7 e8 ec a3 44 fd eb a8 66 2e 0f 1f 84 00 00 00 00 00 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 RSP: 0018:ffff8881f6e099b8 EFLAGS: 00000256 ORIG_RAX: ffffffffffffff13 RAX: ffff8881f6e09b01 RBX: ffff8881f6e09b78 RCX: ffffffff83d7baf0 RDX: 0000000000000010 RSI: ffff8881f6e09b78 RDI: ffff8881f37e0324 RBP: ffff8881dddbb600 R08: dffffc0000000000 R09: ffffed103e6fc067 R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 R13: ffff8881dc28f000 R14: ffff8881f37e0280 R15: ffff8881f37e0280 FS: 00007ff1409ec6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b3191bff8 CR3: 00000001dc3ac000 CR4: 00000000003406b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: icmp6_dst_alloc+0x220/0x550 net/ipv6/route.c:3193 ndisc_send_skb+0x262/0xc30 net/ipv6/ndisc.c:489 addrconf_rs_timer+0x2d1/0x600 net/ipv6/addrconf.c:3953 call_timer_fn+0x36/0x390 kernel/time/timer.c:1448 expire_timers kernel/time/timer.c:1493 [inline] __run_timers+0x879/0xbe0 kernel/time/timer.c:1817 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1830 __do_softirq+0x23b/0x6b7 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x195/0x1c0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:538 [inline] smp_apic_timer_interrupt+0x11a/0x460 arch/x86/kernel/apic/apic.c:1149 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:834 RIP: 0010:preempt_schedule_irq+0xc2/0x140 kernel/sched/core.c:4558 Code: 4c 89 e7 e8 90 e1 43 fd f6 44 24 21 02 74 0b 0f 0b 48 f7 03 08 00 00 00 74 4d bf 01 00 00 00 e8 04 a2 f4 fc fb bf 01 00 00 00 b9 e6 ff ff fa bf 01 00 00 00 e8 6e a3 f4 fc 65 48 8b 1d a6 4d RSP: 0018:ffff8881eb45fc80 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 1ffff1103daa890f RBX: 1ffff1103d68bf94 RCX: ffffffff84511c00 RDX: ffffc90000741000 RSI: 000000000003ffff RDI: 0000000000000001 RBP: ffff8881eb45fd08 R08: ffffffff82316d59 R09: ffffed103edcb135 R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881eb45fca0 R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff1103d68bf90 retint_kernel+0x1b/0x1b RIP: 0010:check_memory_region+0x1a0/0x280 mm/kasan/generic.c:191 Code: 4c 89 d5 48 8d 5d 07 48 85 ed 48 0f 49 dd 48 83 e3 f8 48 29 dd 74 12 41 80 39 00 0f 85 a2 00 00 00 49 ff c1 48 ff cd 75 ee 5b <41> 5e 41 5f 5d c3 45 84 f6 75 61 41 f7 c6 00 ff 00 00 75 5d 41 f7 RSP: 0018:ffff8881eb45fdc0 EFLAGS: 00000256 ORIG_RAX: ffffffffffffff13 RAX: ffffffff81591a01 RBX: 0000000000000010 RCX: ffffffff81591ac4 RDX: 0000000000000001 RSI: 0000000000000010 RDI: ffff8881eb45fe80 RBP: 0000000000000002 R08: dffffc0000000000 R09: ffffed103d68bfd2 R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 R13: 1ffff1103d68bfcc R14: ffffed103d68bfd2 R15: ffff8881eb45fe80 memset+0x1f/0x40 mm/kasan/common.c:106 __do_sys_futex kernel/futex.c:3921 [inline] __se_sys_futex+0xb4/0x470 kernel/futex.c:3917 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x5c/0xc1 RIP: 0033:0x7ff14176ad39 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff1409ec0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00007ff1418f8fa8 RCX: 00007ff14176ad39 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff1418f8fac RBP: 00007ff1418f8fa0 R08: 00007ffcd47fc0b0 R09: 00007ff1409ec6c0 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff1418f8fac R13: 000000000000000b R14: 00007ffcd47fa4c0 R15: 00007ffcd47fa5a8 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 1378 Comm: syz.3.405 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:arch_irq_work_raise+0x3c/0xd0 arch/x86/kernel/irq_work.c:31 Code: 00 00 00 fc ff df 42 80 3c 30 00 74 0c 48 c7 c7 0c 56 4b 86 e8 25 78 6c 00 48 f7 05 f6 ac 23 05 00 02 00 00 75 04 5b 41 5e c3 <48> c7 c0 00 25 63 85 48 c1 e8 03 42 80 3c 30 00 74 0c 48 c7 c7 00 RSP: 0018:ffff8881f6f076e0 EFLAGS: 00000006 RAX: 1ffffffff0c96ac1 RBX: 0000000000000000 RCX: ffff8881f0d1cec0 RDX: 0000000000010506 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffff822c4161 R09: ffffed103edea9b7 R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 R13: 1ffff1103dd65660 R14: dffffc0000000000 R15: dffffc0000000001 FS: 00007fc78757e6c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc7882fcd0f CR3: 00000001e109b000 CR4: 00000000003406a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: irq_work_queue+0xfe/0x140 kernel/irq_work.c:83 __perf_event_overflow+0x282/0x360 kernel/events/core.c:8305 perf_swevent_hrtimer+0x3fd/0x560 kernel/events/core.c:9688 __run_hrtimer kernel/time/hrtimer.c:1581 [inline] __hrtimer_run_queues+0x3e9/0xb90 kernel/time/hrtimer.c:1643 hrtimer_interrupt+0x38a/0x890 kernel/time/hrtimer.c:1705 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1122 [inline] smp_apic_timer_interrupt+0x110/0x460 arch/x86/kernel/apic/apic.c:1147 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:834 RIP: 0010:deref_stack_reg arch/x86/kernel/unwind_orc.c:350 [inline] RIP: 0010:unwind_next_frame+0xfb0/0x1ea0 arch/x86/kernel/unwind_orc.c:526 Code: 80 3c 3b 00 74 08 4c 89 ef e8 cc 53 64 00 48 c7 84 24 40 01 00 00 00 00 00 00 4c 89 f7 4c 89 ee e8 95 1b 00 00 42 80 3c 3b 00 <74> 08 4c 89 ef e8 26 53 64 00 4c 8b ac 24 40 01 00 00 48 8b 44 24 RSP: 0018:ffff8881f6f07da0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: ffffffff818d5658 RBX: 1ffff1103ede0fdc RCX: 1ffff1103ede1014 RDX: ffffffff86823a50 RSI: ffff8881f6f07ee0 RDI: ffff8881ef157558 RBP: ffff8881f6f08090 R08: 0000000000000001 R09: ffff8881f6f080f0 R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffffffff0d0474a R13: ffff8881f6f07ee0 R14: ffff8881ef157558 R15: dffffc0000000000 arch_stack_walk+0x111/0x140 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x118/0x1c0 kernel/stacktrace.c:123 save_stack mm/kasan/common.c:70 [inline] set_track mm/kasan/common.c:78 [inline] kasan_set_free_info mm/kasan/common.c:345 [inline] __kasan_slab_free+0x1b5/0x270 mm/kasan/common.c:487 slab_free_hook mm/slub.c:1455 [inline] slab_free_freelist_hook mm/slub.c:1494 [inline] slab_free mm/slub.c:3080 [inline] kfree+0x123/0x370 mm/slub.c:4071 skb_release_all net/core/skbuff.c:675 [inline] __kfree_skb net/core/skbuff.c:689 [inline] consume_skb+0xa5/0x2a0 net/core/skbuff.c:849 __dev_kfree_skb_any+0x159/0x180 net/core/dev.c:2748 free_old_xmit_skbs+0x119/0x290 drivers/net/virtio_net.c:1450 start_xmit+0x109/0x1470 drivers/net/virtio_net.c:1669 __netdev_start_xmit include/linux/netdevice.h:4538 [inline] netdev_start_xmit include/linux/netdevice.h:4552 [inline] xmit_one net/core/dev.c:3221 [inline] dev_hard_start_xmit+0x1b7/0x6b0 net/core/dev.c:3237 sch_direct_xmit+0x28f/0xa10 net/sched/sch_generic.c:336 qdisc_restart net/sched/sch_generic.c:401 [inline] __qdisc_run+0xa14/0x1e80 net/sched/sch_generic.c:409 qdisc_run+0xf8/0x300 include/net/pkt_sched.h:122 __dev_xmit_skb net/core/dev.c:3413 [inline] __dev_queue_xmit+0xb43/0x27e0 net/core/dev.c:3768 neigh_hh_output include/net/neighbour.h:502 [inline] neigh_output include/net/neighbour.h:516 [inline] ip_finish_output2+0xb4f/0xfc0 net/ipv4/ip_output.c:236 NF_HOOK_COND include/linux/netfilter.h:292 [inline] ip_output+0x19b/0x3a0 net/ipv4/ip_output.c:440 dst_output include/net/dst.h:438 [inline] ip_local_out net/ipv4/ip_output.c:126 [inline] __ip_queue_xmit+0xfaa/0x1850 net/ipv4/ip_output.c:541 __tcp_transmit_skb+0x1dfa/0x33a0 net/ipv4/tcp_output.c:1179 tcp_rcv_established+0x11b8/0x1a80 net/ipv4/tcp_input.c:5767 tcp_v4_do_rcv+0x3a9/0x770 net/ipv4/tcp_ipv4.c:1589 tcp_v4_rcv+0x219a/0x26f0 net/ipv4/tcp_ipv4.c:1971 ip_protocol_deliver_rcu+0x2e0/0x630 net/ipv4/ip_input.c:204 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline] NF_HOOK include/linux/netfilter.h:303 [inline] ip_local_deliver+0x2c6/0x5a0 net/ipv4/ip_input.c:252 dst_input include/net/dst.h:444 [inline] ip_sublist_rcv_finish net/ipv4/ip_input.c:541 [inline] ip_list_rcv_finish net/ipv4/ip_input.c:579 [inline] ip_sublist_rcv+0xc02/0xc80 net/ipv4/ip_input.c:587 ip_list_rcv+0x477/0x4c0 net/ipv4/ip_input.c:621 __netif_receive_skb_list_ptype net/core/dev.c:5015 [inline] __netif_receive_skb_list_core+0x6dd/0x8f0 net/core/dev.c:5063 __netif_receive_skb_list net/core/dev.c:5115 [inline] netif_receive_skb_list_internal+0x944/0xc90 net/core/dev.c:5210 gro_normal_list net/core/dev.c:5321 [inline] napi_complete_done+0x20a/0x580 net/core/dev.c:6052 virtqueue_napi_complete drivers/net/virtio_net.c:357 [inline] virtnet_poll+0xb61/0x1250 drivers/net/virtio_net.c:1516 napi_poll net/core/dev.c:6367 [inline] net_rx_action+0x53f/0x1160 net/core/dev.c:6435 __do_softirq+0x23b/0x6b7 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x195/0x1c0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:538 [inline] do_IRQ+0xd3/0x1e0 arch/x86/kernel/irq.c:263 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:609 RIP: 0010:preempt_schedule_irq+0xc2/0x140 kernel/sched/core.c:4558 Code: 4c 89 e7 e8 90 e1 43 fd f6 44 24 21 02 74 0b 0f 0b 48 f7 03 08 00 00 00 74 4d bf 01 00 00 00 e8 04 a2 f4 fc fb bf 01 00 00 00 b9 e6 ff ff fa bf 01 00 00 00 e8 6e a3 f4 fc 65 48 8b 1d a6 4d RSP: 0018:ffff8881ef1571a0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffd6 RAX: 1ffff1103e1a3b07 RBX: 1ffff1103de2ae38 RCX: ffffffff84511c00 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 RBP: ffff8881ef157228 R08: dffffc0000000000 R09: ffffed103edeaf6d R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881ef1571c0 R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff1103de2ae34 retint_kernel+0x1b/0x1b RIP: 0010:free_unref_page_prepare+0x178/0x380 mm/page_alloc.c:3091 Code: 80 f3 3d 89 d9 49 d3 ee 41 83 e6 07 49 83 c4 20 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 5c 4c 04 00 4d 89 34 24 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 65 8b 1d cc 5b 72 7e 89 d8 RSP: 0018:ffff8881ef1572e8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff02 RAX: 1ffffd4000eb00cc RBX: 000000000000001d RCX: 000000000000001d RDX: 0000000000000200 RSI: 00000000000000ff RDI: ffffed103ac03400 RBP: ffffea0007580658 R08: dffffc0000000000 R09: ffffed103ac03200 R10: 0000000000000000 R11: dffffc0000000001 R12: ffffea0007580660 R13: dffffc0000000000 R14: 0000000000000001 R15: ffffea00075bc7c8 free_unref_page_list+0x10a/0x590 mm/page_alloc.c:3154 release_pages+0xad8/0xb20 mm/swap.c:842 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline] tlb_flush_mmu_free mm/mmu_gather.c:189 [inline] tlb_flush_mmu+0xc8/0x170 mm/mmu_gather.c:196 zap_pte_range mm/memory.c:1173 [inline] zap_pmd_range mm/memory.c:1222 [inline] zap_pud_range mm/memory.c:1251 [inline] zap_p4d_range mm/memory.c:1272 [inline] unmap_page_range+0x1d29/0x2620 mm/memory.c:1293 unmap_single_vma mm/memory.c:1338 [inline] unmap_vmas+0x355/0x4b0 mm/memory.c:1370 exit_mmap+0x2bc/0x520 mm/mmap.c:3191 __mmput+0x8e/0x2c0 kernel/fork.c:1101 exit_mm kernel/exit.c:536 [inline] do_exit+0xc08/0x2bc0 kernel/exit.c:846 do_group_exit+0x138/0x300 kernel/exit.c:982 get_signal+0xdb1/0x1440 kernel/signal.c:2735 do_signal+0xb0/0x11f0 arch/x86/kernel/signal.c:809 exit_to_usermode_loop+0xc0/0x1a0 arch/x86/entry/common.c:159 prepare_exit_to_usermode+0x199/0x200 arch/x86/entry/common.c:194 entry_SYSCALL_64_after_hwframe+0x5c/0xc1 RIP: 0033:0x7fc7882fcd39 Code: Bad RIP value. RSP: 002b:00007fc78757e0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 00007fc78848afa8 RCX: 00007fc7882fcd39 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fc78848afac RBP: 00007fc78848afa0 R08: 00007ffd1ffc90b0 R09: 00007fc78757e6c0 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc78848afac R13: 000000000000000b R14: 00007ffd1fe90400 R15: 00007ffd1fe904e8