watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.2:9576]
Modules linked in:
irq event stamp: 4018377
hardirqs last  enabled at (4018376): [<ffffffff87400976>] restore_regs_and_return_to_kernel+0x0/0x2a
hardirqs last disabled at (4018377): [<ffffffff874018ae>] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:793
softirqs last  enabled at (10312): [<ffffffff8760068b>] __do_softirq+0x68b/0x9ff kernel/softirq.c:314
softirqs last disabled at (11613): [<ffffffff81321d13>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (11613): [<ffffffff81321d13>] irq_exit+0x193/0x240 kernel/softirq.c:409
CPU: 0 PID: 9576 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888055a846c0 task.stack: ffff888055a88000
RIP: 0010:__save_stack_trace+0x93/0x160 arch/x86/kernel/stacktrace.c:43
RSP: 0000:ffff8880ba4074e8 EFLAGS: 00000292 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000002 RBX: ffffffff81486ae5 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: ffff8880ba4073e8 RDI: 0000000000000001
RBP: ffff8880ba407568 R08: 0000000000000001 R09: 0000000000000001
R10: ffff8880ba407f30 R11: 0000000000000001 R12: ffff8880ba407580
R13: 0000000000000000 R14: ffff88813fe74ac0 R15: 00000000000002c0
FS:  00007f1598e07700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2f226000 CR3: 00000000b47ab000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 save_stack mm/kasan/kasan.c:447 [inline]
 set_track mm/kasan/kasan.c:459 [inline]
 kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551
 __do_kmalloc mm/slab.c:3720 [inline]
 __kmalloc+0x15a/0x400 mm/slab.c:3729
 kmalloc include/linux/slab.h:493 [inline]
 kzalloc include/linux/slab.h:661 [inline]
 neigh_alloc net/core/neighbour.c:324 [inline]
 __neigh_create+0x1db/0x19b0 net/core/neighbour.c:499
 ip6_finish_output2+0x802/0x1f10 net/ipv6/ip6_output.c:117
 ip6_finish_output+0x5c6/0xd50 net/ipv6/ip6_output.c:192
 NF_HOOK_COND include/linux/netfilter.h:239 [inline]
 ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:209
 dst_output include/net/dst.h:470 [inline]
 NF_HOOK include/linux/netfilter.h:250 [inline]
 ndisc_send_skb+0x82a/0x1390 net/ipv6/ndisc.c:483
 ndisc_send_rs+0x125/0x630 net/ipv6/ndisc.c:677
 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3769
 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
 __run_timers kernel/time/timer.c:1637 [inline]
 run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650
 __do_softirq+0x24d/0x9ff kernel/softirq.c:288
 invoke_softirq kernel/softirq.c:368 [inline]
 irq_exit+0x193/0x240 kernel/softirq.c:409
 exiting_irq arch/x86/include/asm/apic.h:638 [inline]
 smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106
 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793
 </IRQ>
RIP: 0033:0x7f159a4920e9
RSP: 002b:00007f1598e07218 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000000 RBX: 00007f159a5a4f68 RCX: 00007f159a4920e9
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f159a5a4f6c
RBP: 00007f159a5a4f60 R08: 000000358c4b4143 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000246 R12: 00007f159a5a4f6c
R13: 00007ffcfaf8e77f R14: 00007f1598e07300 R15: 0000000000022000
Code: 75 2d eb 62 41 8b 04 24 41 3b 44 24 04 73 76 49 8b 54 24 08 8d 48 01 41 89 0c 24 48 89 1c c2 48 8d 7d 90 e8 f0 bc 05 00 8b 45 90 <85> c0 74 37 48 8d 7d 90 e8 a0 ba 05 00 48 85 c0 48 89 c3 74 26 
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 18 Comm: kworker/1:0 Not tainted 4.14.275-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events netstamp_clear
task: ffff8880b54b64c0 task.stack: ffff8880b54c0000
RIP: 0010:__sanitizer_cov_trace_pc+0x28/0x50 kernel/kcov.c:93
RSP: 0018:ffff8880b54c7a38 EFLAGS: 00000297
RAX: ffff8880b54b64c0 RBX: 1ffff11016a98f4c RCX: 1ffff11016a96dc1
RDX: 0000000000000000 RSI: ffff8880b54b6de8 RDI: 0000000000000286
RBP: ffff8880b54c7af0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555f7211ad8 CR3: 00000000966e7000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 rep_nop arch/x86/include/asm/processor.h:646 [inline]
 cpu_relax arch/x86/include/asm/processor.h:651 [inline]
 csd_lock_wait kernel/smp.c:108 [inline]
 smp_call_function_single+0x17f/0x370 kernel/smp.c:302
 smp_call_function_many+0x60f/0x7a0 kernel/smp.c:434
 smp_call_function kernel/smp.c:492 [inline]
 on_each_cpu+0x40/0x210 kernel/smp.c:602
 text_poke_bp+0x90/0x110 arch/x86/kernel/alternative.c:796
 __jump_label_transform+0x269/0x300 arch/x86/kernel/jump_label.c:102
 arch_jump_label_transform+0x26/0x40 arch/x86/kernel/jump_label.c:110
 __jump_label_update+0x113/0x170 kernel/jump_label.c:374
 jump_label_update kernel/jump_label.c:741 [inline]
 jump_label_update+0x140/0x2d0 kernel/jump_label.c:720
 static_key_enable_cpuslocked+0xf9/0x170 kernel/jump_label.c:141
 static_key_enable+0x16/0x20 kernel/jump_label.c:154
 netstamp_clear+0x2e/0x50 net/core/dev.c:1752
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: 90 90 90 65 48 8b 04 25 c0 7f 02 00 48 85 c0 74 1a 65 8b 15 fb 3c ad 7e 81 e2 00 01 1f 00 75 0b 8b 90 58 13 00 00 83 fa 01 74 01 <c3> 48 8b 34 24 48 8b 88 60 13 00 00 8b 80 5c 13 00 00 48 8b 11 
----------------
Code disassembly (best guess):
   0:	75 2d                	jne    0x2f
   2:	eb 62                	jmp    0x66
   4:	41 8b 04 24          	mov    (%r12),%eax
   8:	41 3b 44 24 04       	cmp    0x4(%r12),%eax
   d:	73 76                	jae    0x85
   f:	49 8b 54 24 08       	mov    0x8(%r12),%rdx
  14:	8d 48 01             	lea    0x1(%rax),%ecx
  17:	41 89 0c 24          	mov    %ecx,(%r12)
  1b:	48 89 1c c2          	mov    %rbx,(%rdx,%rax,8)
  1f:	48 8d 7d 90          	lea    -0x70(%rbp),%rdi
  23:	e8 f0 bc 05 00       	callq  0x5bd18
  28:	8b 45 90             	mov    -0x70(%rbp),%eax
* 2b:	85 c0                	test   %eax,%eax <-- trapping instruction
  2d:	74 37                	je     0x66
  2f:	48 8d 7d 90          	lea    -0x70(%rbp),%rdi
  33:	e8 a0 ba 05 00       	callq  0x5bad8
  38:	48 85 c0             	test   %rax,%rax
  3b:	48 89 c3             	mov    %rax,%rbx
  3e:	74 26                	je     0x66