watchdog: BUG: soft lockup - CPU#1 stuck for 120s! [syz-executor.4:25925] Modules linked in: irq event stamp: 25451369 hardirqs last enabled at (25451368): [] restore_regs_and_return_to_kernel+0x0/0x2e hardirqs last disabled at (25451369): [] apic_timer_interrupt+0x8a/0xa0 arch/x86/entry/entry_64.S:792 softirqs last enabled at (1022354): [] __do_softirq+0x664/0x9bf kernel/softirq.c:314 softirqs last disabled at (1027017): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (1027017): [] irq_exit+0x15b/0x1a0 kernel/softirq.c:409 CPU: 1 PID: 25925 Comm: syz-executor.4 Not tainted 4.14.176-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88804372c640 task.stack: ffff88820e268000 RIP: 0010:bytes_is_nonzero mm/kasan/kasan.c:167 [inline] RIP: 0010:memory_is_nonzero mm/kasan/kasan.c:184 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/kasan.c:210 [inline] RIP: 0010:memory_is_poisoned mm/kasan/kasan.c:241 [inline] RIP: 0010:check_memory_region_inline mm/kasan/kasan.c:257 [inline] RIP: 0010:check_memory_region+0x108/0x180 mm/kasan/kasan.c:267 RSP: 0018:ffff8880aeb074c0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: ffffed1015d60eb6 RBX: ffffed1015d60eb3 RCX: ffffffff81281dc5 RDX: 0000000000000001 RSI: 0000000000000058 RDI: ffff8880aeb07598 RBP: ffffed1015d60ebe R08: 0000000000000001 R09: ffffed1015d60ebe R10: ffffed1015d60ebd R11: ffff8880aeb075ef R12: 0000000000000058 R13: 0000000000000000 R14: dffffc0000000000 R15: ffff8880aeb07598 FS: 00007f17ba7f2700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b30b2c000 CR3: 000000006d5d5000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: memset+0x20/0x40 mm/kasan/kasan.c:285 memset include/linux/string.h:332 [inline] __unwind_start+0x65/0x800 arch/x86/kernel/unwind_orc.c:511 unwind_start arch/x86/include/asm/unwind.h:60 [inline] __save_stack_trace+0x4a/0xd0 arch/x86/kernel/stacktrace.c:43 save_stack+0x32/0xa0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc mm/kasan/kasan.c:551 [inline] kasan_kmalloc+0xbf/0xe0 mm/kasan/kasan.c:529 kmem_cache_alloc+0x127/0x770 mm/slab.c:3552 kmem_cache_zalloc include/linux/slab.h:651 [inline] sctp_chunkify+0x46/0x280 net/sctp/sm_make_chunk.c:1326 _sctp_make_chunk+0x13d/0x250 net/sctp/sm_make_chunk.c:1399 sctp_make_control+0x30/0x150 net/sctp/sm_make_chunk.c:1429 sctp_make_heartbeat+0x79/0x240 net/sctp/sm_make_chunk.c:1148 sctp_sf_heartbeat.isra.0+0x21/0x170 net/sctp/sm_statefuns.c:981 sctp_sf_sendbeat_8_3+0x34e/0x4f0 net/sctp/sm_statefuns.c:1025 sctp_do_sm+0xf6/0x4a90 net/sctp/sm_sideeffect.c:1147 sctp_generate_heartbeat_event+0x1da/0x3f0 net/sctp/sm_sideeffect.c:391 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1279 expire_timers kernel/time/timer.c:1318 [inline] __run_timers kernel/time/timer.c:1636 [inline] __run_timers kernel/time/timer.c:1604 [inline] run_timer_softirq+0x52a/0x1390 kernel/time/timer.c:1649 __do_softirq+0x254/0x9bf kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x15b/0x1a0 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:648 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1102 apic_timer_interrupt+0x8f/0xa0 arch/x86/entry/entry_64.S:792 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline] RIP: 0010:lock_acquire+0x1ec/0x3f0 kernel/locking/lockdep.c:3997 RSP: 0018:ffff88820e26f700 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10 RAX: 1ffffffff0fa2cd1 RBX: ffff88804372c640 RCX: 0000000090259772 RDX: dffffc0000000000 RSI: ffff88804372cee8 RDI: 0000000000000282 RBP: ffffffff87d84360 R08: 0000000000000000 R09: 0000000000020012 R10: ffff88804372cee8 R11: ffff88804372c640 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002 rcu_lock_acquire include/linux/rcupdate.h:242 [inline] rcu_read_lock include/linux/rcupdate.h:629 [inline] lock_page_memcg+0x36/0x220 mm/memcontrol.c:1669 page_remove_file_rmap mm/rmap.c:1211 [inline] page_remove_rmap+0x193/0x920 mm/rmap.c:1296 zap_pte_range mm/memory.c:1342 [inline] zap_pmd_range mm/memory.c:1444 [inline] zap_pud_range mm/memory.c:1473 [inline] zap_p4d_range mm/memory.c:1494 [inline] unmap_page_range+0xa60/0x1930 mm/memory.c:1515 unmap_single_vma+0x147/0x2b0 mm/memory.c:1560 unmap_vmas+0x9d/0x160 mm/memory.c:1590 exit_mmap+0x26d/0x4b0 mm/mmap.c:3056 __mmput kernel/fork.c:930 [inline] mmput+0x103/0x420 kernel/fork.c:951 exit_mm kernel/exit.c:545 [inline] do_exit+0x933/0x2b00 kernel/exit.c:845 do_group_exit+0x100/0x310 kernel/exit.c:955 get_signal+0x385/0x1ca0 kernel/signal.c:2423 do_signal+0x7c/0x1690 arch/x86/kernel/signal.c:814 exit_to_usermode_loop+0x159/0x220 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45c889 RSP: 002b:00007f17ba7f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 RAX: 0000000000000058 RBX: 00007f17ba7f26d4 RCX: 000000000045c889 RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000d14 R14: 00000000004cb241 R15: 000000000076bf0c Code: ee 49 8d 04 1c 4d 85 c0 75 25 49 89 e9 49 29 c1 e9 74 ff ff ff 4d 85 c9 74 be 49 01 d9 eb 09 48 83 c0 01 4c 39 c8 74 b0 80 38 00 <74> f2 eb a4 4c 89 c0 49 39 c2 74 4b 5b 5d 41 5c e9 93 0d 00 00 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 25927 Comm: syz-executor.5 Not tainted 4.14.176-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff888084a32040 task.stack: ffff888212cf0000 RIP: 0010:lock_is_held_type+0x135/0x210 kernel/locking/lockdep.c:4033 RSP: 0018:ffff8880aea072b8 EFLAGS: 00000807 RAX: dffffc0000000000 RBX: 0000000000000082 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff87d84360 RDI: ffff888084a328bc RBP: ffff888084a32040 R08: 0000000000000001 R09: 0000000000000007 R10: ffff888084a32a00 R11: ffff888084a32040 R12: 0000000000000001 R13: 000000000000001d R14: 0000000000000001 R15: 0000000000000082 FS: 00007fa79c9df700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000b70004 CR3: 00000000985b5000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kill_fasync_rcu fs/fcntl.c:1000 [inline] kill_fasync fs/fcntl.c:1011 [inline] kill_fasync+0x211/0x3c0 fs/fcntl.c:1004 perf_event_wakeup+0x20c/0x350 kernel/events/core.c:5569 perf_pending_event+0xa5/0xd0 kernel/events/core.c:5593 irq_work_run_list+0xf0/0x160 kernel/irq_work.c:156 irq_work_run+0x4e/0xb0 kernel/irq_work.c:171 smp_irq_work_interrupt+0xa3/0x4e0 arch/x86/kernel/irq_work.c:21 irq_work_interrupt+0x8f/0xa0 arch/x86/entry/entry_64.S:823 RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:111 [inline] RIP: 0010:unwind_next_frame+0x53e/0x17a0 arch/x86/kernel/unwind_orc.c:348 RSP: 0018:ffff8880aea07480 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff09 RAX: 0000000000008ada RBX: ffff8880aea07530 RCX: 0000000000008ada RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff89583aa4 RBP: 1ffff11015d40e97 R08: 0000000000000001 R09: ffff888212cf7aa8 R10: ffff8880aea07565 R11: 0000000000058071 R12: ffffffff818ada0e R13: ffff8880aea07568 R14: ffff8880aea07578 R15: 0000000000000001 __save_stack_trace+0x6b/0xd0 arch/x86/kernel/stacktrace.c:44 save_stack+0x32/0xa0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc mm/kasan/kasan.c:551 [inline] kasan_kmalloc+0xbf/0xe0 mm/kasan/kasan.c:529 kmem_cache_alloc_node+0x148/0x7a0 mm/slab.c:3642 __alloc_skb+0x9a/0x4c0 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:980 [inline] _sctp_make_chunk+0x44/0x250 net/sctp/sm_make_chunk.c:1388 sctp_make_control+0x30/0x150 net/sctp/sm_make_chunk.c:1429 sctp_make_heartbeat+0x79/0x240 net/sctp/sm_make_chunk.c:1148 sctp_sf_heartbeat.isra.0+0x21/0x170 net/sctp/sm_statefuns.c:981 sctp_sf_sendbeat_8_3+0x34e/0x4f0 net/sctp/sm_statefuns.c:1025 sctp_do_sm+0xf6/0x4a90 net/sctp/sm_sideeffect.c:1147 sctp_generate_heartbeat_event+0x1da/0x3f0 net/sctp/sm_sideeffect.c:391 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1279 expire_timers kernel/time/timer.c:1318 [inline] __run_timers kernel/time/timer.c:1636 [inline] __run_timers kernel/time/timer.c:1604 [inline] run_timer_softirq+0x52a/0x1390 kernel/time/timer.c:1649 __do_softirq+0x254/0x9bf kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x15b/0x1a0 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:648 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1102 apic_timer_interrupt+0x8f/0xa0 arch/x86/entry/entry_64.S:792 RIP: 0010:inet_diag_dump_icsk+0x692/0x14e0 net/ipv4/inet_diag.c:956 RSP: 0018:ffff888212cf7410 EFLAGS: 00000a06 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000000 RBX: 000000004000003f RCX: ffffc90007c65000 RDX: 0000000000040000 RSI: ffffffff85651f1c RDI: 0000000000000001 RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000004 R10: ffff888084a32960 R11: ffff888084a32040 R12: ffff888062e99790 R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 __inet_diag_dump+0x89/0x110 net/ipv4/inet_diag.c:1049 netlink_dump+0x3da/0xab0 net/netlink/af_netlink.c:2203 __netlink_dump_start+0x4e2/0x740 net/netlink/af_netlink.c:2300 netlink_dump_start include/linux/netlink.h:217 [inline] inet_diag_handler_cmd+0x1ea/0x290 net/ipv4/inet_diag.c:1170 __sock_diag_cmd net/core/sock_diag.c:231 [inline] sock_diag_rcv_msg+0x28d/0x390 net/core/sock_diag.c:263 netlink_rcv_skb+0x127/0x370 net/netlink/af_netlink.c:2433 sock_diag_rcv+0x26/0x40 net/core/sock_diag.c:274 netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline] netlink_unicast+0x437/0x620 net/netlink/af_netlink.c:1313 netlink_sendmsg+0x733/0xbe0 net/netlink/af_netlink.c:1878 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xc5/0x100 net/socket.c:656 sock_write_iter+0x22c/0x370 net/socket.c:925 call_write_iter include/linux/fs.h:1778 [inline] do_iter_readv_writev+0x3df/0x600 fs/read_write.c:675 do_iter_write fs/read_write.c:954 [inline] do_iter_write+0x152/0x550 fs/read_write.c:935 vfs_writev+0x170/0x2a0 fs/read_write.c:999 do_writev+0xfc/0x2c0 fs/read_write.c:1034 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45c889 RSP: 002b:00007fa79c9dec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007fa79c9df6d4 RCX: 000000000045c889 RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000007 RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000d14 R14: 00000000004cb241 R15: 000000000076bf0c Code: fd ff ff 65 48 8b 2c 25 40 ee 01 00 48 8d bd 7c 08 00 00 41 89 c4 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 6f 48 c7 c0 88