watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [syz-executor.4:9993]
Modules linked in:
irq event stamp: 0
hardirqs last  enabled at (0): [<0000000000000000>] 0x0
hardirqs last disabled at (0): [<ffffffff81436de5>] copy_process+0x1815/0x6b00 kernel/fork.c:1960
softirqs last  enabled at (0): [<ffffffff81436e8c>] copy_process+0x18bc/0x6b00 kernel/fork.c:1963
softirqs last disabled at (0): [<0000000000000000>] 0x0
CPU: 0 PID: 9993 Comm: syz-executor.4 Not tainted 5.3.0-rc8+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:68 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0xd/0x50 kernel/kcov.c:102
Code: 6d 9f e9 ff 48 c7 05 de 4c 19 09 00 00 00 00 e9 77 e9 ff ff 90 90 90 90 90 90 90 90 90 55 48 89 e5 65 48 8b 04 25 40 fe 01 00 <65> 8b 15 c4 88 8f 7e 81 e2 00 01 1f 00 48 8b 75 08 75 2b 8b 90 f0
RSP: 0018:ffff8880ae809478 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: ffff88809a484680 RBX: ffff8880a3d0abf8 RCX: ffffffff85c65b39
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: ffff8880ae809478 R08: ffff88809a484680 R09: 0000000000000000
R10: fffffbfff134afaf R11: ffff88809a484680 R12: dffffc0000000000
R13: ffff8880a3d0a900 R14: ffff8880a3d0ac90 R15: 0000000000000000
FS:  00005555560b6940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000738008 CR3: 000000006ccb7000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 hhf_dequeue+0x537/0xa20 net/sched/sch_hhf.c:435
 dequeue_skb net/sched/sch_generic.c:258 [inline]
 qdisc_restart net/sched/sch_generic.c:361 [inline]
 __qdisc_run+0x1e7/0x19d0 net/sched/sch_generic.c:379
 __dev_xmit_skb net/core/dev.c:3533 [inline]
 __dev_queue_xmit+0x16f1/0x3650 net/core/dev.c:3838
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3902
 neigh_resolve_output net/core/neighbour.c:1490 [inline]
 neigh_resolve_output+0x5a5/0x970 net/core/neighbour.c:1470
 neigh_output include/net/neighbour.h:511 [inline]
 ip6_finish_output2+0x1034/0x2520 net/ipv6/ip6_output.c:116
 __ip6_finish_output+0x444/0xa50 net/ipv6/ip6_output.c:142
 ip6_finish_output+0x38/0x1f0 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0x235/0x7c0 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 ndisc_send_skb+0xf29/0x1450 net/ipv6/ndisc.c:504
 ndisc_send_rs+0x134/0x6d0 net/ipv6/ndisc.c:698
 addrconf_rs_timer+0x30f/0x680 net/ipv6/addrconf.c:3879
 call_timer_fn+0x1ac/0x780 kernel/time/timer.c:1322
 expire_timers kernel/time/timer.c:1366 [inline]
 __run_timers kernel/time/timer.c:1685 [inline]
 __run_timers kernel/time/timer.c:1653 [inline]
 run_timer_softirq+0x697/0x17a0 kernel/time/timer.c:1698
 __do_softirq+0x262/0x98c kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x19b/0x1e0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:537 [inline]
 smp_apic_timer_interrupt+0x1a3/0x610 arch/x86/kernel/apic/apic.c:1137
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:830
 </IRQ>
RIP: 0010:__read_once_size include/linux/compiler.h:199 [inline]
RIP: 0010:wait_consider_task+0x9e/0x38a0 kernel/exit.c:1349
Code: 25 28 00 00 00 48 89 45 d0 31 c0 e8 1c 95 2d 00 49 8d 8e 74 04 00 00 48 89 c8 48 89 8d 48 ff ff ff 48 c1 e8 03 42 0f b6 14 20 <48> 89 c8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 47 1a 00 00 45
RSP: 0018:ffff88806cd27aa0 EFLAGS: 00000a03 ORIG_RAX: ffffffffffffff13
RAX: 1ffff110132c88d6 RBX: 0000000000000000 RCX: ffff8880996446b4
RDX: 0000000000000000 RSI: ffffffff8144e014 RDI: ffff88806cd27cb8
RBP: ffff88806cd27bc8 R08: ffff88809a484680 R09: fffffbfff1181219
R10: fffffbfff1181218 R11: ffffffff88c090c3 R12: dffffc0000000000
R13: dffffc0000000000 R14: ffff888099644240 R15: ffff88806cd27cb8
 do_wait_thread kernel/exit.c:1458 [inline]
 do_wait+0x452/0xa10 kernel/exit.c:1529
 kernel_wait4+0x171/0x290 kernel/exit.c:1671
 __do_sys_wait4+0x147/0x160 kernel/exit.c:1683
 __se_sys_wait4 kernel/exit.c:1679 [inline]
 __x64_sys_wait4+0x97/0xf0 kernel/exit.c:1679
 do_syscall_64+0xfd/0x6a0 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x41387a
Code: 0f 83 6a 18 00 00 c3 66 0f 1f 84 00 00 00 00 00 8b 05 1e 2a 66 00 85 c0 75 36 45 31 d2 48 63 d2 48 63 ff b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 d4 ff ff ff f7
RSP: 002b:0000000000a6fda8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
RAX: ffffffffffffffda RBX: 000000000020b8a2 RCX: 000000000041387a
RDX: 0000000040000001 RSI: 0000000000a6fde0 RDI: ffffffffffffffff
RBP: 0000000000002fd3 R08: 0000000000000001 R09: 00005555560b6940
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a
R13: 0000000000a6fde0 R14: 000000000020b821 R15: 0000000000a6fdf0
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 27233 Comm: syz-executor.5 Not tainted 5.3.0-rc8+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__read_once_size include/linux/compiler.h:199 [inline]
RIP: 0010:queued_write_lock_slowpath+0x13e/0x290 kernel/locking/qrwlock.c:77
Code: 00 00 fc ff df 4c 8d 2c 01 41 83 c7 03 41 0f b6 45 00 41 38 c7 7c 08 84 c0 0f 85 0c 01 00 00 8b 03 3d 00 01 00 00 74 1a f3 90 <41> 0f b6 55 00 41 38 d7 7c eb 84 d2 74 e7 48 89 df e8 9c c1 52 00
RSP: 0018:ffff8881c680f9d0 EFLAGS: 00000006
RAX: 0000000000000300 RBX: ffffffff88c090c0 RCX: 1ffffffff1181218
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff88c090c0
RBP: ffff8881c680fa68 R08: 1ffffffff1181218 R09: fffffbfff1181219
R10: fffffbfff1181218 R11: ffffffff88c090c3 R12: 00000000000000ff
R13: fffffbfff1181218 R14: 1ffff11038d01f3c R15: 0000000000000003
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c849000 CR3: 00000001c6802000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 queued_write_lock include/asm-generic/qrwlock.h:95 [inline]
 do_raw_write_lock+0x1d6/0x290 kernel/locking/spinlock_debug.c:207
 __raw_write_lock_irq include/linux/rwlock_api_smp.h:197 [inline]
 _raw_write_lock_irq+0x68/0x80 kernel/locking/spinlock.c:311
 exit_notify kernel/exit.c:717 [inline]
 do_exit+0x9cb/0x2e50 kernel/exit.c:900
 do_group_exit+0x135/0x360 kernel/exit.c:983
 get_signal+0x47c/0x2500 kernel/signal.c:2734
 do_signal+0x87/0x1700 arch/x86/kernel/signal.c:815
 exit_to_usermode_loop+0x286/0x380 arch/x86/entry/common.c:159
 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:274 [inline]
 do_syscall_64+0x5a9/0x6a0 arch/x86/entry/common.c:299
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4598e9
Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f4cece58cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 000000000075bf28 RCX: 00000000004598e9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf28
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf2c
R13: 0000000000a6fb7f R14: 00007f4cece599c0 R15: 000000000075bf2c