watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.4:9558] Modules linked in: irq event stamp: 4156851 hardirqs last enabled at (4156850): [] restore_regs_and_return_to_kernel+0x0/0x2a hardirqs last disabled at (4156851): [] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:793 softirqs last enabled at (66320): [] __do_softirq+0x68b/0x9ff kernel/softirq.c:314 softirqs last disabled at (67059): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (67059): [] irq_exit+0x193/0x240 kernel/softirq.c:409 CPU: 0 PID: 9558 Comm: syz-executor.4 Not tainted 4.14.285-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8880a97cc200 task.stack: ffff8880709b0000 RIP: 0010:__read_once_size include/linux/compiler.h:185 [inline] RIP: 0010:queued_write_lock_slowpath+0x80/0x1d0 kernel/locking/qrwlock.c:130 RSP: 0018:ffff8880ba4077b8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10 RAX: 00000000000000ff RBX: ffffffff89d930b0 RCX: 0000000000005a2f RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff89d930b0 RBP: ffffffff89d930b4 R08: ffffffff8b9cdc78 R09: 00000000000421a5 R10: ffff8880a97ccb78 R11: ffff8880a97cc200 R12: fffffbfff13b2616 R13: 0000000000000001 R14: 0000000000000000 R15: ffff88809b60fdc0 FS: 00007f0c91a9e700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2eb21000 CR3: 00000000aa03b000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: queued_write_lock include/asm-generic/qrwlock.h:134 [inline] do_raw_write_lock+0xc2/0x1d0 kernel/locking/spinlock_debug.c:203 neigh_forced_gc net/core/neighbour.c:176 [inline] neigh_alloc net/core/neighbour.c:315 [inline] __neigh_create+0xb48/0x19c0 net/core/neighbour.c:499 ip6_finish_output2+0x802/0x1f10 net/ipv6/ip6_output.c:117 ip6_finish_output+0x5c6/0xd50 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:209 dst_output include/net/dst.h:470 [inline] NF_HOOK include/linux/netfilter.h:250 [inline] ndisc_send_skb+0x82a/0x1390 net/ipv6/ndisc.c:483 ndisc_send_rs+0x125/0x630 net/ipv6/ndisc.c:677 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3773 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:pid_nr_ns kernel/pid.c:506 [inline] RIP: 0010:__task_pid_nr_ns+0x181/0x440 kernel/pid.c:535 RSP: 0018:ffff8880709b7358 EFLAGS: 00000a07 ORIG_RAX: ffffffffffffff10 RAX: dffffc0000000000 RBX: ffff888090eb76c0 RCX: ffffc900091ed000 RDX: 0000000000000000 RSI: ffffffff8136ea39 RDI: ffff888090eb76c4 RBP: ffff8880929ce998 R08: 0000000000000000 R09: 0000000000020011 R10: ffff8880a97ccad8 R11: ffff8880a97cc200 R12: 0000000000000001 R13: 0000000000000550 R14: ffff8880a97cc200 R15: ffff8880a8d46eb8 perf_event_pid_type kernel/events/core.c:1293 [inline] perf_event_pid kernel/events/core.c:1302 [inline] __perf_event_header__init_id+0x364/0x5a0 kernel/events/core.c:5779 perf_event_header__init_id kernel/events/core.c:5803 [inline] perf_event_comm_output+0x5a4/0x700 kernel/events/core.c:6718 perf_iterate_ctx+0x117/0x610 kernel/events/core.c:6376 perf_iterate_sb+0x62f/0x8a0 kernel/events/core.c:6433 perf_event_comm_event kernel/events/core.c:6753 [inline] perf_event_comm+0x197/0x1f0 kernel/events/core.c:6780 set_task_comm include/linux/sched.h:1559 [inline] comm_write+0x1b1/0x1f0 fs/proc/base.c:1560 __vfs_write+0xe4/0x630 fs/read_write.c:480 __kernel_write+0xf5/0x330 fs/read_write.c:501 write_pipe_buf+0x143/0x1c0 fs/splice.c:797 splice_from_pipe_feed fs/splice.c:502 [inline] __splice_from_pipe+0x326/0x7a0 fs/splice.c:626 splice_from_pipe fs/splice.c:661 [inline] default_file_splice_write+0xc5/0x150 fs/splice.c:809 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x115/0x160 fs/splice.c:1018 splice_direct_to_actor+0x27c/0x730 fs/splice.c:973 do_splice_direct+0x164/0x210 fs/splice.c:1061 do_sendfile+0x47f/0xb30 fs/read_write.c:1441 SYSC_sendfile64 fs/read_write.c:1502 [inline] SyS_sendfile64+0xff/0x110 fs/read_write.c:1488 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f0c93129109 RSP: 002b:00007f0c91a9e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f0c9323bf60 RCX: 00007f0c93129109 RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 RBP: 00007f0c9318305d R08: 0000000000000000 R09: 0000000000000000 R10: 0000800000000035 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc85aebd0f R14: 00007f0c91a9e300 R15: 0000000000022000 Code: 0f 84 d3 00 00 00 49 89 dc 49 89 de 41 bd 01 00 00 00 49 c1 ec 03 41 83 e6 07 48 b8 00 00 00 00 00 fc ff df 49 01 c4 eb 02 f3 90 <41> 0f b6 04 24 44 38 f0 7f 08 84 c0 0f 85 f6 00 00 00 0f b6 03 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 9563 Comm: syz-executor.2 Not tainted 4.14.285-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff888070b08340 task.stack: ffff888070b10000 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline] RIP: 0010:lock_release+0x41e/0x870 kernel/locking/lockdep.c:4020 RSP: 0018:ffff8880ba507260 EFLAGS: 00000086 RAX: 1ffffffff11e1341 RBX: 1ffff110174a0e4f RCX: 1ffff1100e16118d RDX: dffffc0000000000 RSI: 0000000000000005 RDI: 0000000000000086 RBP: ffff888070b08340 R08: ffff8880916bb000 R09: 0000000000000004 R10: 0000000000000000 R11: ffff888070b08340 R12: 7e6b4e21b4366083 R13: 0000000000000003 R14: ffff888070b08340 R15: 0000000000000005 FS: 00007f4dbce99700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2ec34000 CR3: 000000008fc0b000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __perf_event_output kernel/events/core.c:6289 [inline] perf_event_output_forward+0x100/0x1f0 kernel/events/core.c:6300 __perf_event_overflow+0x113/0x310 kernel/events/core.c:7549 perf_swevent_hrtimer+0x220/0x350 kernel/events/core.c:8757 __run_hrtimer kernel/time/hrtimer.c:1223 [inline] __hrtimer_run_queues+0x30b/0xc80 kernel/time/hrtimer.c:1287 hrtimer_interrupt+0x1e6/0x5e0 kernel/time/hrtimer.c:1321 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1079 [inline] smp_apic_timer_interrupt+0x117/0x5e0 arch/x86/kernel/apic/apic.c:1104 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:get_stack_pointer arch/x86/include/asm/stacktrace.h:82 [inline] RIP: 0010:unwind_start arch/x86/include/asm/unwind.h:58 [inline] RIP: 0010:__save_stack_trace+0x152/0x160 arch/x86/kernel/stacktrace.c:43 RSP: 0018:ffff8880ba5078c0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: ffff888070b08340 RBX: ffff8880964572c0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff888070b08340 RDI: ffff8880ba507958 RBP: ffff8880ba507940 R08: ffffed1012c8ae18 R09: ffffed1012c8ae58 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880ba507958 R13: 0000000000000000 R14: ffff88813fe74940 R15: 0000000000000200 save_stack mm/kasan/kasan.c:447 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551 slab_post_alloc_hook mm/slab.h:442 [inline] slab_alloc_node mm/slab.c:3333 [inline] kmem_cache_alloc_node_trace+0x13d/0x400 mm/slab.c:3659 __do_kmalloc_node mm/slab.c:3681 [inline] __kmalloc_node_track_caller+0x38/0x70 mm/slab.c:3696 __kmalloc_reserve net/core/skbuff.c:137 [inline] __alloc_skb+0x96/0x510 net/core/skbuff.c:205 alloc_skb include/linux/skbuff.h:980 [inline] ndisc_alloc_skb+0x134/0x310 net/ipv6/ndisc.c:402 ndisc_send_rs+0x6b/0x630 net/ipv6/ndisc.c:661 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3773 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:page_outside_zone_boundaries+0x2/0x310 mm/page_alloc.c:489 RSP: 0018:ffff888070b17190 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10 RAX: 1ffffffff11e1341 RBX: 0000000000000000 RCX: 1ffff1100e161182 RDX: 0000000000000000 RSI: ffffea000296c280 RDI: ffff88813fffb6c0 RBP: 0000000000000004 R08: ffffea000296c280 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffea000296c280 R13: dffffc0000000000 R14: ffff88813fffb6c0 R15: ffffea000296c280 bad_range mm/page_alloc.c:525 [inline] rmqueue mm/page_alloc.c:2857 [inline] get_page_from_freelist+0xaf6/0x25a0 mm/page_alloc.c:3173 __alloc_pages_nodemask+0x365/0x2720 mm/page_alloc.c:4185 alloc_pages_current+0x155/0x260 mm/mempolicy.c:2107 alloc_pages include/linux/gfp.h:520 [inline] push_pipe+0x3d6/0x760 lib/iov_iter.c:516 __pipe_get_pages lib/iov_iter.c:1037 [inline] pipe_get_pages lib/iov_iter.c:1071 [inline] iov_iter_get_pages+0x3fa/0xce0 lib/iov_iter.c:1082 dio_refill_pages fs/direct-io.c:170 [inline] dio_get_page fs/direct-io.c:214 [inline] do_direct_IO fs/direct-io.c:983 [inline] do_blockdev_direct_IO fs/direct-io.c:1337 [inline] __blockdev_direct_IO+0x5539/0xdcb0 fs/direct-io.c:1423 ext4_direct_IO_read fs/ext4/inode.c:3852 [inline] ext4_direct_IO+0x549/0x1b80 fs/ext4/inode.c:3888 generic_file_read_iter+0x234/0x21c0 mm/filemap.c:2252 ext4_file_read_iter+0x14b/0x330 fs/ext4/file.c:76 call_read_iter include/linux/fs.h:1774 [inline] generic_file_splice_read+0x3a7/0x5c0 fs/splice.c:307 do_splice_to+0xfb/0x140 fs/splice.c:880 splice_direct_to_actor+0x207/0x730 fs/splice.c:952 do_splice_direct+0x164/0x210 fs/splice.c:1061 do_sendfile+0x47f/0xb30 fs/read_write.c:1441 SYSC_sendfile64 fs/read_write.c:1502 [inline] SyS_sendfile64+0xff/0x110 fs/read_write.c:1488 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f4dbe524109 RSP: 002b:00007f4dbce99168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f4dbe636f60 RCX: 00007f4dbe524109 RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 RBP: 00007f4dbe57e05d R08: 0000000000000000 R09: 0000000000000000 R10: 0000800000000035 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff5ac9fe2f R14: 00007f4dbce99300 R15: 0000000000022000 Code: 85 84 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 88 03 00 00 48 83 3d 26 c8 ae 07 00 0f 84 ba 01 00 00 48 8b 3c 24 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 c7 04 03 00 00 ---------------- Code disassembly (best guess): 0: 0f 84 d3 00 00 00 je 0xd9 6: 49 89 dc mov %rbx,%r12 9: 49 89 de mov %rbx,%r14 c: 41 bd 01 00 00 00 mov $0x1,%r13d 12: 49 c1 ec 03 shr $0x3,%r12 16: 41 83 e6 07 and $0x7,%r14d 1a: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 21: fc ff df 24: 49 01 c4 add %rax,%r12 27: eb 02 jmp 0x2b 29: f3 90 pause * 2b: 41 0f b6 04 24 movzbl (%r12),%eax <-- trapping instruction 30: 44 38 f0 cmp %r14b,%al 33: 7f 08 jg 0x3d 35: 84 c0 test %al,%al 37: 0f 85 f6 00 00 00 jne 0x133 3d: 0f b6 03 movzbl (%rbx),%eax