watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [syz-executor.4:10426]
Modules linked in:
irq event stamp: 0
hardirqs last  enabled at (0): [<0000000000000000>] 0x0
hardirqs last disabled at (0): [<ffffffff81436975>] copy_process+0x1815/0x6b00 kernel/fork.c:1960
softirqs last  enabled at (0): [<ffffffff81436a1c>] copy_process+0x18bc/0x6b00 kernel/fork.c:1963
softirqs last disabled at (0): [<0000000000000000>] 0x0
CPU: 0 PID: 10426 Comm: syz-executor.4 Not tainted 5.3.0-rc1-next-20190726 #53
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__kasan_check_read+0xc/0x20 mm/kasan/common.c:92
Code: 27 ee ff ff 48 8b 73 58 89 c2 48 c7 c7 c8 a9 89 88 f7 da e8 7a 48 af ff e9 da ee ff ff 90 55 89 f6 31 d2 48 89 e5 48 8b 4d 08 <e8> cf 26 00 00 5d c3 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 55 89
RSP: 0018:ffff8880ae8091b0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: ffff88805e2da648 RCX: ffffffff8159a3d7
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88805e2da648
RBP: ffff8880ae8091b0 R08: 1ffff1100bc5b4c9 R09: ffffed100bc5b4ca
R10: ffffed100bc5b4c9 R11: ffff88805e2da64b R12: 0000000000000001
R13: 0000000000000003 R14: ffffed100bc5b4c9 R15: 0000000000000001
FS:  0000555556f07940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000221eeb0 CR3: 0000000065196000 CR4: 00000000001426f0
Call Trace:
 <IRQ>
 atomic_read include/asm-generic/atomic-instrumented.h:26 [inline]
 virt_spin_lock arch/x86/include/asm/qspinlock.h:83 [inline]
 native_queued_spin_lock_slowpath+0xb7/0x9f0 kernel/locking/qspinlock.c:325
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:642 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:50 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:81 [inline]
 do_raw_spin_lock+0x20e/0x2e0 kernel/locking/spinlock_debug.c:113
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:136 [inline]
 _raw_spin_lock_bh+0x3b/0x50 kernel/locking/spinlock.c:175
 spin_lock_bh include/linux/spinlock.h:343 [inline]
 release_sock+0x20/0x1c0 net/core/sock.c:2932
 wait_on_pending_writer+0x20f/0x420 net/tls/tls_main.c:91
 tls_sk_proto_cleanup+0x2c5/0x3e0 net/tls/tls_main.c:295
 tls_sk_proto_unhash+0x90/0x3f0 net/tls/tls_main.c:330
 tcp_set_state+0x5b9/0x7d0 net/ipv4/tcp.c:2235
 tcp_done+0xe2/0x320 net/ipv4/tcp.c:3824
 tcp_reset+0x132/0x500 net/ipv4/tcp_input.c:4080
 tcp_validate_incoming+0xa2d/0x1660 net/ipv4/tcp_input.c:5440
 tcp_rcv_established+0x6b5/0x1e70 net/ipv4/tcp_input.c:5648
 tcp_v6_do_rcv+0x41e/0x12c0 net/ipv6/tcp_ipv6.c:1356
 tcp_v6_rcv+0x31f1/0x3500 net/ipv6/tcp_ipv6.c:1588
 ip6_protocol_deliver_rcu+0x2fe/0x1660 net/ipv6/ip6_input.c:397
 ip6_input_finish+0x84/0x170 net/ipv6/ip6_input.c:438
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip6_input+0xe4/0x3f0 net/ipv6/ip6_input.c:447
 dst_input include/net/dst.h:442 [inline]
 ip6_rcv_finish+0x1de/0x2f0 net/ipv6/ip6_input.c:76
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ipv6_rcv+0x10e/0x420 net/ipv6/ip6_input.c:272
 __netif_receive_skb_one_core+0x113/0x1a0 net/core/dev.c:4999
 __netif_receive_skb+0x2c/0x1d0 net/core/dev.c:5113
 process_backlog+0x206/0x750 net/core/dev.c:5924
 napi_poll net/core/dev.c:6347 [inline]
 net_rx_action+0x508/0x10c0 net/core/dev.c:6413
 __do_softirq+0x262/0x98c kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x19b/0x1e0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x1a3/0x610 arch/x86/kernel/apic/apic.c:1095
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:828
 </IRQ>
RIP: 0010:___might_sleep+0xce/0x280 kernel/sched/core.c:6666
Code: c1 83 e0 07 48 c1 e9 03 83 c0 03 0f b6 14 11 38 d0 7c 08 84 d2 0f 85 6e 01 00 00 8b 05 2f bc 56 08 83 e8 01 83 f8 01 76 0b 5b <41> 5c 41 5d 41 5e 41 5f 5d c3 48 c7 c0 e0 81 8d 8a 48 ba 00 00 00
RSP: 0018:ffff8880651afd10 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000007 RBX: ffff8880651a4040 RCX: 1ffffffff134be76
RDX: 0000000000000000 RSI: 000000000000000a RDI: ffff8880651a4064
RBP: ffff8880651afd30 R08: ffff8880651a4040 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff87c628e0
R13: 000000000000000a R14: ffff8880651a4040 R15: ffff8880651a4040
 __might_sleep+0x95/0x190 kernel/sched/core.c:6617
 __might_fault+0xc6/0x1e0 mm/memory.c:4441
 _copy_from_user+0x30/0x1a0 lib/usercopy.c:10
 copy_from_user include/linux/uaccess.h:144 [inline]
 get_timespec64+0x7d/0x270 kernel/time/time.c:877
 __do_sys_nanosleep kernel/time/hrtimer.c:1759 [inline]
 __se_sys_nanosleep kernel/time/hrtimer.c:1754 [inline]
 __x64_sys_nanosleep+0xb6/0x220 kernel/time/hrtimer.c:1754
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457cd0
Code: c0 5b 5d c3 66 0f 1f 44 00 00 8b 04 24 48 83 c4 18 5b 5d c3 66 0f 1f 44 00 00 83 3d 81 ea 61 00 00 75 14 b8 23 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 24 d3 fb ff c3 48 83 ec 08 e8 ea 46 00 00
RSP: 002b:00007ffd5f159458 EFLAGS: 00000246 ORIG_RAX: 0000000000000023
RAX: ffffffffffffffda RBX: 00000000000f4f1f RCX: 0000000000457cd0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffd5f159460
RBP: 0000000000004304 R08: 0000000000000001 R09: 0000555556f07940
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009
R13: 00007ffd5f1594b0 R14: 00000000000f4ee1 R15: 00007ffd5f1594c0
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 25556 Comm: syz-executor.4 Not tainted 5.3.0-rc1-next-20190726 #53
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:check_memory_region+0x1f/0x1a0 mm/kasan/generic.c:191
Code: 00 66 2e 0f 1f 84 00 00 00 00 00 48 85 f6 0f 84 34 01 00 00 48 b8 ff ff ff ff ff 7f ff ff 55 0f b6 d2 48 39 c7 48 89 e5 41 55 <41> 54 53 0f 86 07 01 00 00 4c 8d 5c 37 ff 49 89 f8 48 b8 00 00 00
RSP: 0018:ffff88809eee7550 EFLAGS: 00000212
RAX: ffff7fffffffffff RBX: ffff88805e2da648 RCX: ffffffff8159a3d7
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88805e2da648
RBP: ffff88809eee7558 R08: 1ffff1100bc5b4c9 R09: ffffed100bc5b4ca
R10: ffffed100bc5b4c9 R11: ffff88805e2da64b R12: 0000000000000001
R13: 0000000000000003 R14: ffffed100bc5b4c9 R15: 0000000000000001
FS:  00007f4207bda700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000070f158 CR3: 000000005fd2f000 CR4: 00000000001426e0
Call Trace:
 __kasan_check_read+0x11/0x20 mm/kasan/common.c:92
 atomic_read include/asm-generic/atomic-instrumented.h:26 [inline]
 virt_spin_lock arch/x86/include/asm/qspinlock.h:83 [inline]
 native_queued_spin_lock_slowpath+0xb7/0x9f0 kernel/locking/qspinlock.c:325
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:642 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:50 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:81 [inline]
 do_raw_spin_lock+0x20e/0x2e0 kernel/locking/spinlock_debug.c:113
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:136 [inline]
 _raw_spin_lock_bh+0x3b/0x50 kernel/locking/spinlock.c:175
 spin_lock_bh include/linux/spinlock.h:343 [inline]
 lock_sock_nested+0x41/0x120 net/core/sock.c:2917
 lock_sock include/net/sock.h:1522 [inline]
 sk_stream_wait_memory+0x83f/0xfc0 net/core/stream.c:149
 do_tcp_sendpages+0x86b/0x1bc0 net/ipv4/tcp.c:1048
 tcp_sendpage_locked net/ipv4/tcp.c:1085 [inline]
 tcp_sendpage_locked+0x84/0xd0 net/ipv4/tcp.c:1077
 tcp_sendpage+0x3f/0x60 net/ipv4/tcp.c:1095
 inet_sendpage+0xdb/0x150 net/ipv4/af_inet.c:821
 kernel_sendpage+0x92/0xf0 net/socket.c:3682
 sock_sendpage+0x8b/0xc0 net/socket.c:935
 pipe_to_sendpage+0x296/0x360 fs/splice.c:449
 splice_from_pipe_feed fs/splice.c:500 [inline]
 __splice_from_pipe+0x397/0x7d0 fs/splice.c:624
 splice_from_pipe+0x108/0x170 fs/splice.c:659
 generic_splice_sendpage+0x3c/0x50 fs/splice.c:829
 do_splice_from fs/splice.c:848 [inline]
 do_splice+0x708/0x1410 fs/splice.c:1155
 __do_sys_splice fs/splice.c:1425 [inline]
 __se_sys_splice fs/splice.c:1405 [inline]
 __x64_sys_splice+0x2c6/0x330 fs/splice.c:1405
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459829
Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f4207bd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459829
RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4207bda6d4
R13: 00000000004c8f44 R14: 00000000004df308 R15: 00000000ffffffff