audit: type=1804 audit(1645624449.289:9): pid=9620 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir728262671/syzkaller.uqCw40/3/file0/file0" dev="sda1" ino=13945 res=1 watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz-executor.2:9561] Modules linked in: irq event stamp: 4628579 hardirqs last enabled at (4628578): [] restore_regs_and_return_to_kernel+0x0/0x2a hardirqs last disabled at (4628579): [] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:793 softirqs last enabled at (388342): [] __do_softirq+0x68b/0x9ff kernel/softirq.c:314 softirqs last disabled at (389509): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (389509): [] irq_exit+0x193/0x240 kernel/softirq.c:409 CPU: 0 PID: 9561 Comm: syz-executor.2 Not tainted 4.14.268-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff888067f065c0 task.stack: ffff888067f08000 RIP: 0010:unwind_next_frame+0x167/0x17d0 arch/x86/kernel/unwind_orc.c:348 RSP: 0018:ffff8880ba407838 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000001 RBX: 1ffff11017480f0e RCX: 1ffff11017480f28 RDX: dffffc0000000000 RSI: ffff888067f0f9a8 RDI: ffff888067f0fa30 RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff8ae19ecb R10: 0000000000146afa R11: 0000000000000001 R12: ffff8880ba40792d R13: ffff8880ba407930 R14: ffff8880ba407948 R15: ffff8880ba4078f8 FS: 00007f8de6b34700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556f42701160 CR3: 00000000a94d2000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __save_stack_trace+0x90/0x160 arch/x86/kernel/stacktrace.c:44 save_stack mm/kasan/kasan.c:447 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551 kmem_cache_alloc_node+0x146/0x410 mm/slab.c:3642 __alloc_skb+0x5c/0x510 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:980 [inline] ndisc_alloc_skb+0x134/0x310 net/ipv6/ndisc.c:402 ndisc_send_rs+0x2ec/0x630 net/ipv6/ndisc.c:661 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3769 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:rmap_walk+0xc5/0x150 mm/rmap.c:1858 RSP: 0018:ffff888067f0fa50 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 0000000000040000 RBX: 1ffff1100cfe1f4e RCX: ffffc90009209000 RDX: 0000000000040000 RSI: ffffffff81787074 RDI: 0000000000000286 RBP: ffffea0001b29240 R08: ffffffff8b9b3500 R09: 0000000000000001 R10: 0000000000000000 R11: ffff888067f065c0 R12: ffff888067f0faa0 R13: dead000000000100 R14: ffffea0001b29260 R15: ffffea0001b2925c try_to_munlock+0x1b7/0x250 mm/rmap.c:1706 __munlock_isolated_page+0x5e/0x190 mm/mlock.c:132 __munlock_pagevec+0x4b7/0xa50 mm/mlock.c:340 munlock_vma_pages_range+0x6ef/0xa50 mm/mlock.c:493 mlock_fixup+0x2c2/0x500 mm/mlock.c:569 apply_mlockall_flags+0x2a2/0x480 mm/mlock.c:783 sys_munlockall+0x54/0xc0 mm/mlock.c:827 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f8de81bf059 RSP: 002b:00007f8de6b34168 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 RAX: ffffffffffffffda RBX: 00007f8de82d1f60 RCX: 00007f8de81bf059 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f8de821908d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc44f259ff R14: 00007f8de6b34300 R15: 0000000000022000 Code: d0 7f 08 84 c0 0f 85 3d 08 00 00 49 8d 4f 48 41 0f b6 47 35 48 ba 00 00 00 00 00 fc ff df 48 89 4c 24 08 48 c1 e9 03 80 3c 11 00 <0f> 85 da 0f 00 00 49 8b 4f 48 3c 01 48 83 d9 00 48 85 c9 0f 84 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 9609 Comm: syz-executor.3 Not tainted 4.14.268-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88809f84c3c0 task.stack: ffff888067358000 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x50 kernel/kcov.c:60 RSP: 0018:ffff8880ba507a40 EFLAGS: 00000046 RAX: ffff88809f84c3c0 RBX: ffff8880ba507b10 RCX: 0000000000000000 RDX: 0000000000010000 RSI: ffff8880ba507c40 RDI: ffff8880abdab4c2 RBP: ffff8880ba507c40 R08: 0000000000000000 R09: 00000000000a4012 R10: ffff88809f84cc98 R11: ffff88809f84c3c0 R12: 0000000000000000 R13: ffff8880abdab380 R14: ffff8880ba507b14 R15: ffff8880ba507b10 FS: 00007fbee6d55700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f069a4e1558 CR3: 000000009f832000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: perf_prepare_sample+0x492/0x1370 kernel/events/core.c:6199 __perf_event_output kernel/events/core.c:6282 [inline] perf_event_output_forward+0xc9/0x1f0 kernel/events/core.c:6300 __perf_event_overflow+0x113/0x310 kernel/events/core.c:7549 perf_swevent_hrtimer+0x220/0x350 kernel/events/core.c:8754 __run_hrtimer kernel/time/hrtimer.c:1223 [inline] __hrtimer_run_queues+0x30b/0xc80 kernel/time/hrtimer.c:1287 hrtimer_interrupt+0x1e6/0x5e0 kernel/time/hrtimer.c:1321 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1079 [inline] smp_apic_timer_interrupt+0x117/0x5e0 arch/x86/kernel/apic/apic.c:1104 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:__sanitizer_cov_trace_pc+0x3d/0x50 kernel/kcov.c:87 RSP: 0018:ffff88806735f9c8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 0000000000040000 RBX: dffffc0000000000 RCX: ffffc90009008000 RDX: 000000000003ffff RSI: ffffffff8177ff4f RDI: ffff88809fae6e40 RBP: ffffea00019986c0 R08: ffffffff8b9b3500 R09: 0000000000050417 R10: ffff88809f84cc70 R11: ffff88809f84c3c0 R12: ffff88809fae6da8 R13: ffff88806735faa0 R14: 000000002052f000 R15: 000000002052f000 vma_address mm/internal.h:349 [inline] rmap_walk_file+0x2cf/0x7c0 mm/rmap.c:1831 rmap_walk+0xc4/0x150 mm/rmap.c:1857 try_to_munlock+0x1b7/0x250 mm/rmap.c:1706 __munlock_isolated_page+0x5e/0x190 mm/mlock.c:132 __munlock_pagevec+0x4b7/0xa50 mm/mlock.c:340 munlock_vma_pages_range+0x6ef/0xa50 mm/mlock.c:493 mlock_fixup+0x2c2/0x500 mm/mlock.c:569 apply_mlockall_flags+0x2a2/0x480 mm/mlock.c:783 sys_munlockall+0x54/0xc0 mm/mlock.c:827 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7fbee83e0059 RSP: 002b:00007fbee6d55168 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 RAX: ffffffffffffffda RBX: 00007fbee84f2f60 RCX: 00007fbee83e0059 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fbee843a08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff0bcc65cf R14: 00007fbee6d55300 R15: 0000000000022000 Code: ff ff 48 89 df e8 81 b1 29 00 e9 9f fe ff ff 4c 89 e7 e8 74 b1 29 00 e9 2c fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <65> 48 8b 04 25 c0 7f 02 00 48 85 c0 74 1a 65 8b 15 1b 3d ad 7e ---------------- Code disassembly (best guess): 0: d0 7f 08 sarb 0x8(%rdi) 3: 84 c0 test %al,%al 5: 0f 85 3d 08 00 00 jne 0x848 b: 49 8d 4f 48 lea 0x48(%r15),%rcx f: 41 0f b6 47 35 movzbl 0x35(%r15),%eax 14: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 1b: fc ff df 1e: 48 89 4c 24 08 mov %rcx,0x8(%rsp) 23: 48 c1 e9 03 shr $0x3,%rcx 27: 80 3c 11 00 cmpb $0x0,(%rcx,%rdx,1) * 2b: 0f 85 da 0f 00 00 jne 0x100b <-- trapping instruction 31: 49 8b 4f 48 mov 0x48(%r15),%rcx 35: 3c 01 cmp $0x1,%al 37: 48 83 d9 00 sbb $0x0,%rcx 3b: 48 85 c9 test %rcx,%rcx 3e: 0f .byte 0xf 3f: 84 .byte 0x84