watchdog: BUG: soft lockup - CPU#1 stuck for 123s! [syz.5.686:4292]
Modules linked in:
CPU: 1 PID: 4292 Comm: syz.5.686 Not tainted 5.10.226-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline]
RIP: 0010:update_stack_state+0x399/0x460 arch/x86/kernel/unwind_frame.c:242
Code: 00 00 00 48 83 c0 08 48 89 c3 eb 08 48 8b 5d 88 48 83 eb 80 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 87 26 76 00 <65> 48 8b 05 2f 4d d0 7e 49 39 06 74 0d 48 89 df e8 42 fc ff ff 49
RSP: 0018:ffffc9000016f7d0 EFLAGS: 00000246
RAX: 1ffff9200002df29 RBX: ffffc90000ca7e88 RCX: ffffc90000ca7eb0
RDX: 1ffff9200002df26 RSI: ffffc90000ca7e09 RDI: ffffc9000016f978
RBP: ffffc9000016f888 R08: ffffc9000016fa08 R09: 0000000000000025
R10: ffffc9000016fa10 R11: dffffc0000000001 R12: 1ffff9200002df2c
R13: ffffc90000ca7e90 R14: ffffc9000016f948 R15: dffffc0000000000
FS:  00007f497eea76c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffdfa50000 CR3: 000000013ab7c000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 unwind_next_frame+0x3cb/0x700 arch/x86/kernel/unwind_frame.c:305
 arch_stack_walk+0x10d/0x140 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x113/0x1c0 kernel/stacktrace.c:121
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:45
 kasan_set_free_info+0x23/0x40 mm/kasan/generic.c:370
 ____kasan_slab_free+0x121/0x160 mm/kasan/common.c:362
 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:370
 kasan_slab_free include/linux/kasan.h:220 [inline]
 slab_free_hook mm/slub.c:1595 [inline]
 slab_free_freelist_hook+0xc0/0x190 mm/slub.c:1621
 slab_free mm/slub.c:3203 [inline]
 kfree+0xc3/0x270 mm/slub.c:4191
 skb_free_head net/core/skbuff.c:606 [inline]
 skb_release_data+0x5c6/0x6f0 net/core/skbuff.c:626
 skb_release_all net/core/skbuff.c:680 [inline]
 __kfree_skb net/core/skbuff.c:694 [inline]
 kfree_skb+0xb9/0x320 net/core/skbuff.c:713
 ip_tunnel_xmit+0x1615/0x2760
 __gre_xmit net/ipv4/ip_gre.c:469 [inline]
 gre_tap_xmit+0x516/0x700 net/ipv4/ip_gre.c:746
 __netdev_start_xmit include/linux/netdevice.h:4858 [inline]
 netdev_start_xmit include/linux/netdevice.h:4872 [inline]
 xmit_one net/core/dev.c:3607 [inline]
 dev_hard_start_xmit+0x228/0x620 net/core/dev.c:3623
 sch_direct_xmit+0x292/0x9b0 net/sched/sch_generic.c:336
 qdisc_restart net/sched/sch_generic.c:401 [inline]
 __qdisc_run+0xa85/0x1df0 net/sched/sch_generic.c:409
 qdisc_run+0x121/0x330 include/net/pkt_sched.h:127
 __dev_xmit_skb net/core/dev.c:3799 [inline]
 __dev_queue_xmit+0xcf0/0x28e0 net/core/dev.c:4155
 dev_queue_xmit+0x17/0x20 net/core/dev.c:4223
 neigh_resolve_output+0x6b8/0x760 net/core/neighbour.c:1509
 neigh_output include/net/neighbour.h:517 [inline]
 ip6_finish_output2+0xf21/0x1850 net/ipv6/ip6_output.c:145
 __ip6_finish_output+0x5ec/0x780 net/ipv6/ip6_output.c:216
 ip6_finish_output+0x34/0x1e0 net/ipv6/ip6_output.c:226
 NF_HOOK_COND include/linux/netfilter.h:288 [inline]
 ip6_output+0x1f7/0x4c0 net/ipv6/ip6_output.c:249
 dst_output include/net/dst.h:437 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ndisc_send_skb+0x6e9/0xc00 net/ipv6/ndisc.c:511
 ndisc_send_rs+0x532/0x6a0 net/ipv6/ndisc.c:705
 addrconf_rs_timer+0x2d1/0x600 net/ipv6/addrconf.c:3964
 call_timer_fn+0x3b/0x2d0 kernel/time/timer.c:1450
 expire_timers kernel/time/timer.c:1495 [inline]
 __run_timers+0x72a/0xa10 kernel/time/timer.c:1789
 run_timer_softirq+0x69/0xf0 kernel/time/timer.c:1802
 __do_softirq+0x268/0x5bb kernel/softirq.c:309
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x60/0x80 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:405 [inline]
 __irq_exit_rcu+0x128/0x150 kernel/softirq.c:435
 irq_exit_rcu+0x9/0x10 kernel/softirq.c:447
 sysvec_apic_timer_interrupt+0xbf/0xe0 arch/x86/kernel/apic/apic.c:1094
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:preempt_schedule_irq+0xc2/0x140 kernel/sched/core.c:5065
Code: 4c 89 e7 e8 b0 d6 f6 fc f6 44 24 21 02 74 0b 0f 0b 48 f7 03 08 00 00 00 74 4d bf 01 00 00 00 e8 14 a2 97 fc fb bf 01 00 00 00 <e8> 89 e6 ff ff fa bf 01 00 00 00 e8 9e a3 97 fc 65 48 8b 1d 26 fd
RSP: 0018:ffffc90000ca7d40 EFLAGS: 00000246
RAX: 1ffff11022a84146 RBX: 1ffff92000194fac RCX: ffffffff84b29800
RDX: 1ffff11022a84004 RSI: 0000000000000000 RDI: 0000000000000001
RBP: ffffc90000ca7dc0 R08: ffffffff87084048 R09: ffffffff87084058
R10: ffffffff87084050 R11: ffffffff87084043 R12: ffffc90000ca7d60
R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92000194fa8
 irqentry_exit_cond_resched kernel/entry/common.c:365 [inline]
 irqentry_exit+0x4f/0x60 kernel/entry/common.c:395
 sysvec_apic_timer_interrupt+0xcb/0xe0 arch/x86/kernel/apic/apic.c:1094
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:check_kcov_mode kernel/kcov.c:174 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:218 [inline]
RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x34/0x90 kernel/kcov.c:284
Code: 8b 15 d0 bc 97 7e 65 8b 05 d5 bc 97 7e a9 00 01 ff 00 74 10 a9 00 01 00 00 74 5b 83 ba dc 0a 00 00 00 74 52 8b 82 b8 0a 00 00 <83> f8 03 75 47 48 8b 8a c0 0a 00 00 44 8b 92 bc 0a 00 00 49 c1 e2
RSP: 0018:ffffc90000ca7eb8 EFLAGS: 00000246
RAX: 0000000000000002 RBX: 0000000000000000 RCX: 0000000000040000
RDX: ffff888115420000 RSI: 0000000000000000 RDI: 00000000fffffdfd
RBP: ffffc90000ca7eb8 R08: ffffffff81b59297 R09: ffffed102122a21d
R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000200006c0
R13: ffff88811a130f00 R14: 0000000000005452 R15: 0000000000005452
 __do_sys_ioctl fs/ioctl.c:752 [inline]
 __se_sys_ioctl+0xa7/0x190 fs/ioctl.c:739
 __x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:739
 do_syscall_64+0x34/0x70
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f498022e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f497eea7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f49803e5f80 RCX: 00007f498022e719
RDX: 00000000200006c0 RSI: 0000000000005452 RDI: 0000000000000005
RBP: 00007f49802a132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f49803e5f80 R15: 00007ffd53f35c58
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 3940 Comm: syz.8.664 Not tainted 5.10.226-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:perf_swevent_hrtimer+0x0/0x560 kernel/events/core.c:10444
Code: 08 00 00 00 e8 61 80 1b 00 48 89 d8 49 87 86 d8 01 00 00 48 29 c3 49 01 9e b0 00 00 00 5b 41 5e 5d c3 0f 1f 84 00 00 00 00 00 <55> 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 c0 48 81 ec c0 01
RSP: 0018:ffffc900000074d8 EFLAGS: 00000046
RAX: ffffffff815b2362 RBX: ffffffff818cc890 RCX: ffff888124f48000
RDX: 0000000000010101 RSI: 0000000000000046 RDI: ffff888127315158
RBP: ffffc90000007618 R08: ffffffff82723908 R09: 0000000000000003
R10: fffff52000000eb0 R11: dffffc0000000001 R12: 1ffff11024e62a32
R13: ffff888127315158 R14: ffff8881f7049940 R15: ffff8881f7049940
FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffdfa50000 CR3: 000000010c2a3000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 hrtimer_interrupt+0x39a/0x8b0 kernel/time/hrtimer.c:1711
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1083 [inline]
 __sysvec_apic_timer_interrupt+0xfd/0x3c0 arch/x86/kernel/apic/apic.c:1100
 run_sysvec_on_irqstack_cond arch/x86/include/asm/irq_stack.h:91 [inline]
 sysvec_apic_timer_interrupt+0xba/0xe0 arch/x86/kernel/apic/apic.c:1094
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:xfrm_lookup_with_ifid+0x15dd/0x19d0 net/xfrm/xfrm_policy.c:3161
Code: 48 3b 84 24 c0 00 00 00 0f 85 da 03 00 00 4c 89 e0 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 18 e0 4e fd 45 31 e4 eb af <e8> 0e e0 4e fd eb a8 e8 07 e0 4e fd eb a1 e8 00 e0 4e fd e9 93 f1
RSP: 0018:ffffc90000007840 EFLAGS: 00000246
RAX: 1ffff1102403e87c RBX: 0000000000000000 RCX: ffff888124f48000
RDX: 0000000000000101 RSI: 00000000ffffffff RDI: 00000000ffffffff
RBP: ffffc90000007950 R08: ffffffff841c0216 R09: ffffc900000078e0
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881201f43c0
R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
 xfrm_lookup+0x38/0x50 net/xfrm/xfrm_policy.c:3191
 icmp6_dst_alloc+0x4f0/0x560 net/ipv6/route.c:3185
 ndisc_send_skb+0x25a/0xc00 net/ipv6/ndisc.c:491
 ndisc_send_rs+0x532/0x6a0 net/ipv6/ndisc.c:705
 addrconf_rs_timer+0x2d1/0x600 net/ipv6/addrconf.c:3964
 call_timer_fn+0x3b/0x2d0 kernel/time/timer.c:1450
 expire_timers kernel/time/timer.c:1495 [inline]
 __run_timers+0x72a/0xa10 kernel/time/timer.c:1789
 run_timer_softirq+0x69/0xf0 kernel/time/timer.c:1802
 __do_softirq+0x268/0x5bb kernel/softirq.c:309
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x60/0x80 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:405 [inline]
 __irq_exit_rcu+0x128/0x150 kernel/softirq.c:435
 irq_exit_rcu+0x9/0x10 kernel/softirq.c:447
 sysvec_apic_timer_interrupt+0xbf/0xe0 arch/x86/kernel/apic/apic.c:1094
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:preempt_schedule_irq+0xc2/0x140 kernel/sched/core.c:5065
Code: 4c 89 e7 e8 b0 d6 f6 fc f6 44 24 21 02 74 0b 0f 0b 48 f7 03 08 00 00 00 74 4d bf 01 00 00 00 e8 14 a2 97 fc fb bf 01 00 00 00 <e8> 89 e6 ff ff fa bf 01 00 00 00 e8 9e a3 97 fc 65 48 8b 1d 26 fd
RSP: 0018:ffffc90000ed7360 EFLAGS: 00000246
RAX: 1ffff110249e9146 RBX: 1ffff920001dae70 RCX: ffffffff84b29800
RDX: 1ffff110249e9004 RSI: 0000000000000000 RDI: 0000000000000001
RBP: ffffc90000ed73f0 R08: ffffffff87084008 R09: ffffffff87084018
R10: ffffffff87084010 R11: ffffffff87084003 R12: ffffc90000ed7380
R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff920001dae6c
 irqentry_exit_cond_resched kernel/entry/common.c:365 [inline]
 irqentry_exit+0x4f/0x60 kernel/entry/common.c:395
 sysvec_apic_timer_interrupt+0xcb/0xe0 arch/x86/kernel/apic/apic.c:1094
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:25 [inline]
RIP: 0010:static_key_false include/linux/jump_label.h:221 [inline]
RIP: 0010:trace_android_vh_zap_pte_range_tlb_end include/trace/hooks/mm.h:121 [inline]
RIP: 0010:zap_pte_range mm/memory.c:1388 [inline]
RIP: 0010:zap_pmd_range mm/memory.c:1435 [inline]
RIP: 0010:zap_pud_range mm/memory.c:1464 [inline]
RIP: 0010:zap_p4d_range mm/memory.c:1485 [inline]
RIP: 0010:unmap_page_range+0x1f39/0x23b0 mm/memory.c:1506
Code: 48 8b 54 24 10 0f 85 9e 00 00 00 80 22 83 48 8b bc 24 d0 00 00 00 e8 d6 05 15 03 48 8b 7c 24 28 e8 6c 27 03 00 0f 1f 44 00 00 <e8> 82 28 cd ff 4c 3b bc 24 80 00 00 00 0f 84 1a 03 00 00 e8 6f 28
RSP: 0018:ffffc90000ed74e0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
RBP: ffffc90000ed7710 R08: ffffffff819d808f R09: ffffed10231fe73e
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0400000000000000 R14: 8000000120336007 R15: 00007f4d77c11000
 unmap_single_vma mm/memory.c:1551 [inline]
 unmap_vmas+0x37f/0x4f0 mm/memory.c:1583
 exit_mmap+0x2f2/0x5c0 mm/mmap.c:3355
 __mmput+0x95/0x2d0 kernel/fork.c:1153
 mmput+0x59/0x170 kernel/fork.c:1176
 exit_mm kernel/exit.c:539 [inline]
 do_exit+0xbda/0x2a50 kernel/exit.c:850
 do_group_exit+0x141/0x310 kernel/exit.c:985
 get_signal+0x10a0/0x1410 kernel/signal.c:2790
 arch_do_signal_or_restart+0xbd/0x17c0 arch/x86/kernel/signal.c:805
 handle_signal_work kernel/entry/common.c:145 [inline]
 exit_to_user_mode_loop+0x9b/0xd0 kernel/entry/common.c:169
 exit_to_user_mode_prepare kernel/entry/common.c:199 [inline]
 syscall_exit_to_user_mode+0xa2/0x1a0 kernel/entry/common.c:274
 do_syscall_64+0x40/0x70 arch/x86/entry/common.c:56
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f4d78365719
Code: Unable to access opcode bytes at RIP 0x7f4d783656ef.
RSP: 002b:00007f4d76fbd0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000000 RBX: 00007f4d7851d060 RCX: 00007f4d78365719
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4d7851d060
RBP: 00007f4d7851d058 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4d7851d064
R13: 0000000000000000 R14: 00007ffca8fd9730 R15: 00007ffca8fd9818