watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz-executor.1:9599] Modules linked in: irq event stamp: 3486481 hardirqs last enabled at (3486480): [] restore_regs_and_return_to_kernel+0x0/0x2a hardirqs last disabled at (3486481): [] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:793 softirqs last enabled at (4108): [] __do_softirq+0x68b/0x9ff kernel/softirq.c:314 softirqs last disabled at (6217): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (6217): [] irq_exit+0x193/0x240 kernel/softirq.c:409 CPU: 0 PID: 9599 Comm: syz-executor.1 Not tainted 4.14.269-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff888077cf0200 task.stack: ffff888077cf8000 RIP: 0010:call_rcu+0x0/0x10 kernel/rcu/tree_plugin.h:730 RSP: 0018:ffff8880ba4076f8 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff10 RAX: ffff888077cf0200 RBX: ffff8880a023d1c0 RCX: ffff88809adfbecc RDX: 0000000000000100 RSI: ffffffff85c61a80 RDI: ffff8880a023d1c8 RBP: ffff88809adfbe00 R08: ffffffff85c46e0c R09: 00000000000222ba R10: ffff888077cf0b00 R11: ffff888077cf0200 R12: ffff8880a023d1c0 R13: 0000000000000000 R14: ffff88809adfbed8 R15: ffff8880a9a72cc0 FS: 0000000000000000(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe0b9c74c18 CR3: 0000000097f1b000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dst_release+0x56/0x80 net/core/dst.c:188 refdst_drop include/net/dst.h:286 [inline] skb_dst_drop include/net/dst.h:298 [inline] __dev_queue_xmit+0x1543/0x2480 net/core/dev.c:3480 neigh_resolve_output+0x4e5/0x870 net/core/neighbour.c:1369 neigh_output include/net/neighbour.h:500 [inline] ip6_finish_output2+0xf48/0x1f10 net/ipv6/ip6_output.c:120 ip6_finish_output+0x5c6/0xd50 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:209 dst_output include/net/dst.h:470 [inline] NF_HOOK include/linux/netfilter.h:250 [inline] ndisc_send_skb+0x82a/0x1390 net/ipv6/ndisc.c:483 ndisc_send_rs+0x125/0x630 net/ipv6/ndisc.c:677 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3769 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:ldt_arch_exit_mmap+0x0/0x10 arch/x86/kernel/ldt.c:323 RSP: 0018:ffff888077cff990 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff10 RAX: ffff888077cf0200 RBX: 1ffff1100ef9ff34 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffff888077c3d940 RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888077c3d940 R13: 000000000000112f R14: 0000000000000001 R15: ffff888077c3d940 arch_exit_mmap arch/x86/include/asm/mmu_context.h:262 [inline] exit_mmap+0x20e/0x4d0 mm/mmap.c:3047 __mmput kernel/fork.c:931 [inline] mmput kernel/fork.c:952 [inline] mmput+0xfa/0x420 kernel/fork.c:947 exit_mm kernel/exit.c:548 [inline] do_exit+0x984/0x2850 kernel/exit.c:855 do_group_exit+0x100/0x2e0 kernel/exit.c:965 get_signal+0x38d/0x1ca0 kernel/signal.c:2412 do_signal+0x7c/0x1550 arch/x86/kernel/signal.c:792 exit_to_usermode_loop+0x160/0x200 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f67a9c52049 RSP: 002b:00007f67a85c7218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca ISOFS: Invalid session number or type of track RAX: fffffffffffffe00 RBX: 00007f67a9d64f68 RCX: 00007f67a9c52049 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f67a9d64f68 RBP: 00007f67a9d64f60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f67a9d64f6c R13: 00007fff34ef099f R14: 00007f67a85c7300 R15: 0000000000022000 Code: e9 3e fc ff ISOFS: Invalid session number ff e8 f1 04 38 00 e9 09 fc ff ff e8 17 07 38 00 e9 5d fc ff ff 48 c7 c7 c8 93 f0 88 e8 d6 04 38 00 e9 95 fd ff ff 90 <31> c9 48 c7 c2 80 9c f7 88 e9 22 f8 ff ff 66 90 b9 01 00 00 00 isofs_fill_super: get root inode failed Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 9607 Comm: syz-executor.0 Not tainted 4.14.269-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8880778ec400 task.stack: ffff8880778f0000 RIP: 0010:select_task_rq_fair+0x2f8/0x2300 kernel/sched/fair.c:5976 RSP: 0018:ffff8880ba507c70 EFLAGS: 00000046 RAX: 00000000000012af RBX: 0000000000000001 RCX: 0000000000000010 RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffff8880b5fa3890 RBP: ffff8880b5fa3840 R08: 0000000000000001 R09: 00000000000a4012 R10: ffff8880778eccd8 R11: ffff8880778ec400 R12: 0000000000000001 R13: dffffc0000000000 R14: 0000000000034380 R15: ffff888079b2a140 FS: 00007f49e178d700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007faf4594a000 CR3: 0000000097f2d000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: select_task_rq kernel/sched/core.c:1563 [inline] try_to_wake_up+0x46f/0x1100 kernel/sched/core.c:2075 hrtimer_wakeup+0x43/0x60 kernel/time/hrtimer.c:1441 __run_hrtimer kernel/time/hrtimer.c:1223 [inline] __hrtimer_run_queues+0x30b/0xc80 kernel/time/hrtimer.c:1287 hrtimer_interrupt+0x1e6/0x5e0 kernel/time/hrtimer.c:1321 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1079 [inline] smp_apic_timer_interrupt+0x117/0x5e0 arch/x86/kernel/apic/apic.c:1104 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline] RIP: 0010:console_trylock_spinning kernel/printk/printk.c:1685 [inline] RIP: 0010:vprintk_emit+0x549/0x620 kernel/printk/printk.c:1922 RSP: 0018:ffff8880778f79b8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 0000000000040000 RBX: 1ffffffff11e1279 RCX: ffffc90006422000 RDX: 0000000000040000 RSI: ffffffff81440874 RDI: 0000000000000246 RBP: ffff8880778f79f0 R08: ffffffff8b9a3d40 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000027 R13: ffff888077cf0200 R14: 0000000000000246 R15: 0000000000000000 vprintk_func+0x58/0x160 kernel/printk/printk_safe.c:409 printk+0x9e/0xbc kernel/printk/printk.c:1996 isofs_fill_super.cold+0x2b5/0x3ce fs/isofs/inode.c:998 mount_bdev+0x2b3/0x360 fs/super.c:1134 mount_fs+0x92/0x2a0 fs/super.c:1237 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046 vfs_kern_mount fs/namespace.c:1036 [inline] do_new_mount fs/namespace.c:2572 [inline] do_mount+0xe65/0x2a10 fs/namespace.c:2902 SYSC_mount fs/namespace.c:3118 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3095 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f49e2e5b57a RSP: 002b:00007f49e178cf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000020000600 RCX: 00007f49e2e5b57a RDX: 0000000020000000 RSI: 00000000200001c0 RDI: 00007f49e178cfe0 RBP: 00007f49e178d020 R08: 00007f49e178d020 R09: 0000000020000000 R10: 0000000000000001 R11: 0000000000000206 R12: 0000000020000000 R13: 00000000200001c0 R14: 00007f49e178cfe0 R15: 0000000020000bc0 Code: 8b 6d 00 48 85 ed 0f 84 96 02 00 00 48 8d 7d 50 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 74 08 3c 03 0f 8e 25 19 00 00 8b 45 50 01 0f 84 6f 02 00 00 45 85 e4 75 89 85 c8 0f 84 62 02 00 00 ---------------- Code disassembly (best guess): 0: 8b 6d 00 mov 0x0(%rbp),%ebp 3: 48 85 ed test %rbp,%rbp 6: 0f 84 96 02 00 00 je 0x2a2 c: 48 8d 7d 50 lea 0x50(%rbp),%rdi 10: 48 89 f8 mov %rdi,%rax 13: 48 c1 e8 03 shr $0x3,%rax 17: 42 0f b6 04 28 movzbl (%rax,%r13,1),%eax 1c: 84 c0 test %al,%al 1e: 74 08 je 0x28 20: 3c 03 cmp $0x3,%al 22: 0f 8e 25 19 00 00 jle 0x194d 28: 8b 45 50 mov 0x50(%rbp),%eax * 2b: a8 01 test $0x1,%al <-- trapping instruction 2d: 0f 84 6f 02 00 00 je 0x2a2 33: 45 85 e4 test %r12d,%r12d 36: 75 89 jne 0xffffffc1 38: 85 c8 test %ecx,%eax 3a: 0f 84 62 02 00 00 je 0x2a2