audit: type=1804 audit(1645596590.112:526): pid=11626 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir749560903/syzkaller.aZrI3Y/815/bus" dev="sda1" ino=14775 res=1 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.1:11627] Modules linked in: irq event stamp: 1937219 hardirqs last enabled at (1937218): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (1937219): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (330): [] spin_unlock_bh include/linux/spinlock.h:374 [inline] softirqs last enabled at (330): [] clusterip_netdev_event+0x46f/0x640 net/ipv4/netfilter/ipt_CLUSTERIP.c:226 softirqs last disabled at (687): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (687): [] irq_exit+0x215/0x260 kernel/softirq.c:412 CPU: 1 PID: 11627 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:trace_timer_expire_entry include/trace/events/timer.h:90 [inline] RIP: 0010:call_timer_fn+0x543/0x700 kernel/time/timer.c:1337 Code: 84 db 0f 84 a4 fc ff ff e8 7a f8 0e 00 e8 37 b0 ac ff e9 95 fc ff ff e8 6b f8 0e 00 65 ff 05 44 52 ae 7e 48 8b 05 f5 54 bb 09 d8 10 fd ff 31 ff 41 89 c6 89 c6 e8 bc f9 0e 00 45 85 f6 74 20 RSP: 0018:ffff8880ba107d28 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000000 RBX: ffff8880a5388550 RCX: ffffffff81538930 RDX: 0000000000000100 RSI: ffffffff81538d05 RDI: 0000000000000001 RBP: 0000000000000100 R08: ffffffff8cd3e130 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880ba107d58 R13: 1ffff11017420fa7 R14: 0000000000000001 R15: 0000000000000000 FS: 00007f19b13a5700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b33a24000 CR3: 0000000097475000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:__read_once_size include/linux/compiler.h:263 [inline] RIP: 0010:batadv_hardif_get_by_netdev+0x111/0x3e0 net/batman-adv/hard-interface.c:82 Code: 00 4c 8b 3d 71 c0 03 06 48 8d 44 24 30 48 bb 00 00 00 00 00 fc ff df 48 89 44 24 08 49 81 ff 60 8c db 8d 75 2b e9 d5 01 00 00 5a b9 8a f9 4c 89 f8 48 c1 e8 03 80 3c 18 00 0f 85 7b 02 00 00 RSP: 0018:ffff88802ed1f5b8 EFLAGS: 00000287 ORIG_RAX: ffffffffffffff13 RAX: 1ffff11015ff76d4 RBX: dffffc0000000000 RCX: ffffc90006444000 RDX: 0000000000004cbc RSI: ffffffff87d7cc3c RDI: ffff8880affbb6a0 RBP: ffff8880a828e740 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880a828e740 R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880affbb680 batadv_hard_if_event+0xaf/0x15c0 net/batman-adv/hard-interface.c:1035 notifier_call_chain+0xc0/0x230 kernel/notifier.c:93 call_netdevice_notifiers net/core/dev.c:1762 [inline] __dev_open+0x104/0x3a0 net/core/dev.c:1391 __dev_change_flags+0x501/0x660 net/core/dev.c:7679 dev_change_flags+0x7e/0x140 net/core/dev.c:7748 devinet_ioctl+0x13c9/0x1b40 net/ipv4/devinet.c:1106 inet_ioctl+0x1ea/0x360 net/ipv4/af_inet.c:954 sock_do_ioctl+0xce/0x300 net/socket.c:1015 sock_ioctl+0x2ef/0x5d0 net/socket.c:1135 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f19b2a51059 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f19b13a5168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f19b2b64030 RCX: 00007f19b2a51059 RDX: 0000000020000040 RSI: 0000000000008914 RDI: 0000000000000004 RBP: 00007f19b2aab08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd879fd3ef R14: 00007f19b13a5300 R15: 0000000000022000 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 11614 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:csd_lock_wait kernel/smp.c:108 [inline] RIP: 0010:smp_call_function_single+0x1e0/0x420 kernel/smp.c:302 Code: 00 48 8b 4c 24 08 48 8b 54 24 10 48 8d 74 24 40 8b 7c 24 1c e8 a1 f9 ff ff 41 89 c5 eb 07 e8 e7 03 0a 00 f3 90 44 8b 64 24 58 <31> ff 41 83 e4 01 44 89 e6 e8 42 05 0a 00 45 85 e4 75 e1 e8 c8 03 RSP: 0018:ffff88802ee67a60 EFLAGS: 00000293 RAX: ffff88804c7ba500 RBX: 1ffff11005dccf50 RCX: ffffffff8158819e RDX: 0000000000000000 RSI: ffffffff81588189 RDI: 0000000000000005 RBP: ffff88802ee67b30 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000003 R13: 0000000000000000 R14: 0000000000000001 R15: ffff8880b48866bc FS: 0000555556afe400(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b33a25000 CR3: 0000000097475000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: task_function_call+0xe0/0x170 kernel/events/core.c:115 event_function_call+0x228/0x430 kernel/events/core.c:283 perf_remove_from_context+0x9b/0x1c0 kernel/events/core.c:2113 perf_event_release_kernel+0x169/0xcd0 kernel/events/core.c:4607 perf_release+0x33/0x40 kernel/events/core.c:4703 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f19b2a03c9b Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 RSP: 002b:00007ffd879fd450 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00007f19b2a03c9b RDX: 0000001b33a20000 RSI: 00007f19b25eebb8 RDI: 0000000000000005 RBP: 00007f19b2b65960 R08: 0000000000000000 R09: 00000000cebb0085 R10: 000ea30c55449e39 R11: 0000000000000293 R12: 000000000010718d R13: 00007ffd879fd550 R14: 00007f19b2b64100 R15: 0000000000000032 ---------------- Code disassembly (best guess): 0: 84 db test %bl,%bl 2: 0f 84 a4 fc ff ff je 0xfffffcac 8: e8 7a f8 0e 00 callq 0xef887 d: e8 37 b0 ac ff callq 0xffacb049 12: e9 95 fc ff ff jmpq 0xfffffcac 17: e8 6b f8 0e 00 callq 0xef887 1c: 65 ff 05 44 52 ae 7e incl %gs:0x7eae5244(%rip) # 0x7eae5267 23: 48 8b 05 f5 54 bb 09 mov 0x9bb54f5(%rip),%rax # 0x9bb551f * 2a: e8 d8 10 fd ff callq 0xfffd1107 <-- trapping instruction 2f: 31 ff xor %edi,%edi 31: 41 89 c6 mov %eax,%r14d 34: 89 c6 mov %eax,%esi 36: e8 bc f9 0e 00 callq 0xef9f7 3b: 45 85 f6 test %r14d,%r14d 3e: 74 20 je 0x60