audit: type=1804 audit(1671811887.321:6): pid=9899 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir264522176/syzkaller.cp3jYj/24/bus" dev="sda1" ino=13916 res=1
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.4:9872]
Modules linked in:
irq event stamp: 4614947
hardirqs last  enabled at (4614946): [<ffffffff874009d1>] restore_regs_and_return_to_kernel+0x0/0x2f
hardirqs last disabled at (4614947): [<ffffffff87401a1e>] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:796
softirqs last  enabled at (82632): [<ffffffff8760068b>] __do_softirq+0x68b/0x9ff kernel/softirq.c:314
softirqs last disabled at (83283): [<ffffffff81322d13>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (83283): [<ffffffff81322d13>] irq_exit+0x193/0x240 kernel/softirq.c:409
CPU: 0 PID: 9872 Comm: syz-executor.4 Not tainted 4.14.302-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
task: ffff8880ae7686c0 task.stack: ffff888092628000
RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x50 kernel/kcov.c:60
RSP: 0018:ffff8880ba407c70 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff10
RAX: ffff8880ae7686c0 RBX: ffff8880aa5c6440 RCX: 0000000000000001
RDX: 0000000000000100 RSI: 0000000000000002 RDI: ffff8880ae768f44
RBP: ffff8880ba407cc0 R08: 0000000000000000 R09: 0000000000022011
R10: ffff8880ae768f98 R11: ffff8880ae7686c0 R12: ffff8880a96cf3c0
R13: ffff8880a96cf240 R14: 0000000000000040 R15: ffff8880aa5c6440
FS:  00007f5e4e2f3700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd6c9902418 CR3: 00000000b5500000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 lock_is_held include/linux/lockdep.h:437 [inline]
 lockdep_rtnl_is_held+0x5/0x20 net/core/rtnetlink.c:125
 __in6_dev_get include/net/addrconf.h:305 [inline]
 ipv6_get_lladdr+0x33f/0x3e0 net/ipv6/addrconf.c:1780
 addrconf_rs_timer+0x29b/0x5a0 net/ipv6/addrconf.c:3772
 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
 __run_timers kernel/time/timer.c:1637 [inline]
 run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650
 __do_softirq+0x24d/0x9ff kernel/softirq.c:288
 invoke_softirq kernel/softirq.c:368 [inline]
 irq_exit+0x193/0x240 kernel/softirq.c:409
 exiting_irq arch/x86/include/asm/apic.h:638 [inline]
 smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106
 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:796
 </IRQ>
RIP: 0010:sync_mapping_buffers+0x91/0x9f0 fs/buffer.c:571
RSP: 0018:ffff88809262fa78 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: ffff8880a3eeab80 RBX: dffffc0000000000 RCX: ffffc900077f4000
RDX: 0000000000040000 RSI: ffffffff8193affe RDI: ffff8880a3eeace0
RBP: ffff88809829dd00 R08: ffffffff8b9ba3f0 R09: 0000000000000001
R10: 0000000000000000 R11: ffff8880ae7686c0 R12: ffff8880a3eea970
R13: ffff88808e949b80 R14: ffff8880ae7686c0 R15: ffff8880b1ffe4e8
 ext4_sync_parent fs/ext4/fsync.c:70 [inline]
 ext4_sync_file+0xc2a/0x12c0 fs/ext4/fsync.c:120
 vfs_fsync_range+0x103/0x260 fs/sync.c:196
 generic_write_sync include/linux/fs.h:2684 [inline]
 ext4_file_write_iter+0x5fa/0xd20 fs/ext4/file.c:281
 call_write_iter include/linux/fs.h:1780 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x44c/0x630 fs/read_write.c:482
 vfs_write+0x17f/0x4d0 fs/read_write.c:544
 SYSC_pwrite64 fs/read_write.c:632 [inline]
 SyS_pwrite64+0x116/0x140 fs/read_write.c:619
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f5e4fd810a9
RSP: 002b:00007f5e4e2f3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
RAX: ffffffffffffffda RBX: 00007f5e4fea0f80 RCX: 00007f5e4fd810a9
RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000004
RBP: 00007f5e4fddcae9 R08: 0000000000000000 R09: 0000000000000000
R10: 000004010040bffd R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc19c9002f R14: 00007f5e4e2f3300 R15: 0000000000022000
Code: ff ff 48 89 df e8 21 c1 29 00 e9 9f fe ff ff 4c 89 e7 e8 14 c1 29 00 e9 2c fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <65> 48 8b 04 25 c0 7f 02 00 48 85 c0 74 1a 65 8b 15 fb 24 ad 7e 
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 9920 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
task: ffff88809a1664c0 task.stack: ffff8880b1160000
RIP: 0010:trace_lock_release include/trace/events/lock.h:58 [inline]
RIP: 0010:lock_release+0x163/0x870 kernel/locking/lockdep.c:4016
RSP: 0018:ffff8880ba507560 EFLAGS: 00000097
RAX: 0000000000000001 RBX: 1ffff110174a0eaf RCX: ffff8880b3e0ef48
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88809a166d44
RBP: ffff8880ba52ec98 R08: ffffffff8b9e1a30 R09: 0000000000000004
R10: 0000000000000000 R11: ffff88809a1664c0 R12: ffffffff8148fa85
R13: ffff88809a1664c0 R14: dffffc0000000000 R15: 0000000000000000
FS:  00007fa981ba3700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30335000 CR3: 00000000b3458000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline]
 _raw_spin_unlock+0x17/0x40 kernel/locking/spinlock.c:184
 __run_hrtimer kernel/time/hrtimer.c:1221 [inline]
 __hrtimer_run_queues+0x2c5/0xc80 kernel/time/hrtimer.c:1287
 hrtimer_interrupt+0x1e6/0x5e0 kernel/time/hrtimer.c:1321
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1079 [inline]
 smp_apic_timer_interrupt+0x117/0x5e0 arch/x86/kernel/apic/apic.c:1104
 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:796
RIP: 0010:unwind_next_frame+0xe5b/0x17d0 arch/x86/kernel/unwind_orc.c:498
RSP: 0018:ffff8880ba507858 EFLAGS: 00000213 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000102 RBX: 1ffff110174a0f12 RCX: 0000000000000000
RDX: 0000000000000101 RSI: ffff8880ba507808 RDI: 0000000000000001
RBP: ffff8880b1167be0 R08: 0000000000000001 R09: 0000000000000001
R10: ffff8880b1167be0 R11: 0000000000000001 R12: ffff8880b1160000
R13: ffff8880ba507950 R14: ffff8880ba507968 R15: ffff8880ba507918
 __save_stack_trace+0x90/0x160 arch/x86/kernel/stacktrace.c:44
 save_stack mm/kasan/kasan.c:447 [inline]
 set_track mm/kasan/kasan.c:459 [inline]
 kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551
 __do_kmalloc_node mm/slab.c:3682 [inline]
 __kmalloc_node_track_caller+0x4c/0x70 mm/slab.c:3696
 __kmalloc_reserve net/core/skbuff.c:137 [inline]
 __alloc_skb+0x96/0x510 net/core/skbuff.c:205
 alloc_skb include/linux/skbuff.h:980 [inline]
 ndisc_alloc_skb+0x134/0x310 net/ipv6/ndisc.c:402
 ndisc_send_rs+0x2ec/0x630 net/ipv6/ndisc.c:661
 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3773
 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
 __run_timers kernel/time/timer.c:1637 [inline]
 run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650
 __do_softirq+0x24d/0x9ff kernel/softirq.c:288
 invoke_softirq kernel/softirq.c:368 [inline]
 irq_exit+0x193/0x240 kernel/softirq.c:409
 exiting_irq arch/x86/include/asm/apic.h:638 [inline]
 smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106
 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:796
 </IRQ>
RIP: 0010:scsi_queue_rq+0x0/0x1ba0 drivers/scsi/scsi_lib.c:1985
RSP: 0018:ffff8880b11676c8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 1ffffffff0fc8bc8 RBX: ffffffff87e45e40 RCX: ffffc90008bfe000
RDX: 0000000000034103 RSI: ffff8880b1167758 RDI: ffff8880ac7fe900
RBP: dffffc0000000000 R08: ffff8880ae7b8638 R09: 0000000000000002
R10: 0000000000000000 R11: ffff88809a1664c0 R12: ffff8880ac03c408
R13: ffff8880b1167800 R14: ffff8880b1167800 R15: ffff8880ac03c400
 blk_mq_dispatch_rq_list+0x592/0xea0 block/blk-mq.c:1095
 blk_mq_sched_dispatch_requests+0x469/0x690 block/blk-mq-sched.c:147
 __blk_mq_run_hw_queue+0x12a/0x320 block/blk-mq.c:1195
 __blk_mq_delay_run_hw_queue+0x19f/0x1f0 block/blk-mq.c:1243
 blk_mq_flush_plug_list+0x606/0xa60 block/blk-mq.c:1536
 blk_flush_plug_list+0x2de/0x9f0 block/blk-core.c:3372
 blk_finish_plug block/blk-core.c:3436 [inline]
 blk_finish_plug+0x50/0xa0 block/blk-core.c:3432
 fsync_buffers_list fs/buffer.c:770 [inline]
 sync_mapping_buffers+0x34e/0x9f0 fs/buffer.c:574
 ext4_sync_parent fs/ext4/fsync.c:70 [inline]
 ext4_sync_file+0xc2a/0x12c0 fs/ext4/fsync.c:120
 vfs_fsync_range+0x103/0x260 fs/sync.c:196
 generic_write_sync include/linux/fs.h:2684 [inline]
 ext4_file_write_iter+0x5fa/0xd20 fs/ext4/file.c:281
 call_write_iter include/linux/fs.h:1780 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x44c/0x630 fs/read_write.c:482
 vfs_write+0x17f/0x4d0 fs/read_write.c:544
 SYSC_pwrite64 fs/read_write.c:632 [inline]
 SyS_pwrite64+0x116/0x140 fs/read_write.c:619
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fa9836310a9
RSP: 002b:00007fa981ba3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
RAX: ffffffffffffffda RBX: 00007fa983750f80 RCX: 00007fa9836310a9
RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000004
RBP: 00007fa98368cae9 R08: 0000000000000000 R09: 0000000000000000
R10: 000004010040bffd R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff51a7166f R14: 00007fa981ba3300 R15: 0000000000022000
Code: 00 41 c7 85 84 08 00 00 01 00 00 00 0f 1f 44 00 00 65 8b 05 d0 3f c0 7e 83 f8 07 0f 87 c9 04 00 00 89 c0 48 0f a3 05 65 58 c7 08 <0f> 82 2a 04 00 00 48 c7 c0 40 37 3d 89 48 ba 00 00 00 00 00 fc