watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz-executor.5:9526] Modules linked in: irq event stamp: 3946951 hardirqs last enabled at (3946950): [] restore_regs_and_return_to_kernel+0x0/0x2a hardirqs last disabled at (3946951): [] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:793 softirqs last enabled at (20474): [] __do_softirq+0x68b/0x9ff kernel/softirq.c:314 softirqs last disabled at (21905): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (21905): [] irq_exit+0x193/0x240 kernel/softirq.c:409 CPU: 0 PID: 9526 Comm: syz-executor.5 Not tainted 4.14.274-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88809a768200 task.stack: ffff888099ab8000 RIP: 0010:unwind_next_frame+0x11/0x17d0 arch/x86/kernel/unwind_orc.c:323 RSP: 0018:ffff8880ba4078f0 EFLAGS: 00000287 ORIG_RAX: ffffffffffffff10 RAX: dffffc0000000000 RBX: ffffffff817ee51b RCX: 0000000000000001 RDX: ffff8880ba4079b8 RSI: ffff8880ba407770 RDI: ffff8880ba407918 RBP: ffff8880ba407988 R08: 0000000000000001 R09: 0000000000000001 R10: ffff8880ba407998 R11: 0000000000000001 R12: ffff8880ba4079a0 R13: 0000000000000000 R14: ffff88813fe74ac0 R15: ffff8880ba407918 FS: 00007f7558ea2700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007eff7df5a718 CR3: 000000009dd77000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __save_stack_trace+0x90/0x160 arch/x86/kernel/stacktrace.c:44 save_stack mm/kasan/kasan.c:447 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551 __do_kmalloc_node mm/slab.c:3682 [inline] __kmalloc_node_track_caller+0x4c/0x70 mm/slab.c:3696 __kmalloc_reserve net/core/skbuff.c:137 [inline] __alloc_skb+0x96/0x510 net/core/skbuff.c:205 alloc_skb include/linux/skbuff.h:980 [inline] ndisc_alloc_skb+0x134/0x310 net/ipv6/ndisc.c:402 ndisc_send_rs+0x2ec/0x630 net/ipv6/ndisc.c:661 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3769 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:is_event_hup kernel/events/core.c:4595 [inline] RIP: 0010:perf_poll+0xad/0x1c0 kernel/events/core.c:4655 RSP: 0018:ffff888099abf748 EFLAGS: 00000a02 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000000 RBX: ffff888098ff4100 RCX: ffffc90006605000 RDX: 1ffff110131fe831 RSI: ffffffff816303e1 RDI: ffff888098ff4188 RBP: ffff88809cce3a80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: ffff88809a768200 R12: ffff888099abf8d0 R13: 0000000000000000 R14: 0000000000000004 R15: dffffc0000000000 do_select+0xa83/0x1290 fs/select.c:513 core_sys_select+0x32f/0x6a0 fs/select.c:656 do_pselect fs/select.c:733 [inline] SYSC_pselect6 fs/select.c:774 [inline] SyS_pselect6+0x358/0x3c0 fs/select.c:759 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f755a52d049 RSP: 002b:00007f7558ea2168 EFLAGS: 00000246 ORIG_RAX: 000000000000010e RAX: ffffffffffffffda RBX: 00007f755a63ff60 RCX: 00007f755a52d049 RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000040 RBP: 00007f755a58708d R08: 0000000020000200 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffa5a6041f R14: 00007f7558ea2300 R15: 0000000000022000 Code: e8 f5 85 5b 00 eb b0 48 89 0c 24 e8 ba 83 5b 00 48 8b 0c 24 e9 5b ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 41 57 49 89 ff 41 56 <41> 55 41 54 55 53 48 83 ec 78 48 c7 44 24 38 b3 8a b5 41 48 8d Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 9571 Comm: syz-executor.1 Not tainted 4.14.274-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88809722c600 task.stack: ffff88809eb30000 RIP: 0010:clockevents_program_event+0x12e/0x2d0 kernel/time/clockevents.c:335 RSP: 0018:ffff8880ba507ed8 EFLAGS: 00000806 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000017 RDX: 1ffff110174a505c RSI: 0000000000000000 RDI: ffff8880ba5282e0 RBP: ffff8880ba5282c0 R08: ffff88823fff7058 R09: ffff88823fff704f R10: ffff88823fff7057 R11: 000000134e90d1ef R12: 0000000000001616 R13: 0000000000000003 R14: 00000011e938b651 R15: 0000001219756f90 FS: 00007fc644b13700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2ee2a000 CR3: 0000000098203000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: tick_program_event+0x78/0xd0 kernel/time/tick-oneshot.c:47 hrtimer_interrupt+0x336/0x5e0 kernel/time/hrtimer.c:1334 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1079 [inline] smp_apic_timer_interrupt+0x117/0x5e0 arch/x86/kernel/apic/apic.c:1104 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:__fget+0x2/0x3e0 fs/file.c:739 RSP: 0018:ffff88809eb37748 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc90008414000 RDX: 0000000000000001 RSI: 0000000000004000 RDI: 0000000000000008 RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: ffff88809722c600 R12: ffff888098202b80 R13: 0000000000000100 R14: 0000000000000008 R15: dffffc0000000000 __fget_light fs/file.c:794 [inline] __fdget+0x185/0x1f0 fs/file.c:802 fdget include/linux/file.h:59 [inline] do_select+0x9de/0x1290 fs/select.c:505 core_sys_select+0x32f/0x6a0 fs/select.c:656 do_pselect fs/select.c:733 [inline] SYSC_pselect6 fs/select.c:774 [inline] SyS_pselect6+0x358/0x3c0 fs/select.c:759 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7fc64619e049 RSP: 002b:00007fc644b13168 EFLAGS: 00000246 ORIG_RAX: 000000000000010e RAX: ffffffffffffffda RBX: 00007fc6462b0f60 RCX: 00007fc64619e049 RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000040 RBP: 00007fc6461f808d R08: 0000000020000200 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdf84ec60f R14: 00007fc644b13300 R15: 0000000000022000 Code: e8 18 f8 fd ff 49 29 c4 4d 85 e4 0f 8e 34 01 00 00 e8 b7 0f 0a 00 48 8d 7d 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 8c 01 00 00 48 8d 7d 28 4c 39 65 20 48 b8 00 ---------------- Code disassembly (best guess): 0: e8 f5 85 5b 00 callq 0x5b85fa 5: eb b0 jmp 0xffffffb7 7: 48 89 0c 24 mov %rcx,(%rsp) b: e8 ba 83 5b 00 callq 0x5b83ca 10: 48 8b 0c 24 mov (%rsp),%rcx 14: e9 5b ff ff ff jmpq 0xffffff74 19: 90 nop 1a: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 21: fc ff df 24: 41 57 push %r15 26: 49 89 ff mov %rdi,%r15 29: 41 56 push %r14 * 2b: 41 55 push %r13 <-- trapping instruction 2d: 41 54 push %r12 2f: 55 push %rbp 30: 53 push %rbx 31: 48 83 ec 78 sub $0x78,%rsp 35: 48 c7 44 24 38 b3 8a movq $0x41b58ab3,0x38(%rsp) 3c: b5 41 3e: 48 rex.W 3f: 8d .byte 0x8d