device bridge800 entered promiscuous mode
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.2:1198]
Modules linked in:
irq event stamp: 4034845
hardirqs last  enabled at (4034844): [<ffffffff81003ce4>] trace_hardirqs_on_thunk+0x1a/0x1c
hardirqs last disabled at (4034845): [<ffffffff81003d00>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last  enabled at (49274): [<ffffffff88400678>] __do_softirq+0x678/0x980 kernel/softirq.c:318
softirqs last disabled at (53317): [<ffffffff813927d5>] invoke_softirq kernel/softirq.c:372 [inline]
softirqs last disabled at (53317): [<ffffffff813927d5>] irq_exit+0x215/0x260 kernel/softirq.c:412
CPU: 0 PID: 1198 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:184
Code: 48 c7 c0 88 82 f1 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 2f 48 83 3d 7c 31 d8 01 00 74 15 48 89 df 57 9d <0f> 1f 44 00 00 eb b2 e8 fb eb e6 f8 eb c0 0f 0b 0f 0b 48 c7 c7 88
RSP: 0018:ffff8880ba007cb0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e3051 RBX: 0000000000000286 RCX: 1ffff1100428d97f
RDX: dffffc0000000000 RSI: ffff88802146cbd8 RDI: 0000000000000286
RBP: ffff8880b5001d70 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8880b5001d70 R14: 0000000000000000 R15: 0000000000000000
FS:  00007fb687531700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fed58dc2000 CR3: 000000003008b000 CR4: 00000000003426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 spin_unlock_irqrestore include/linux/spinlock.h:384 [inline]
 skb_dequeue+0x125/0x180 net/core/skbuff.c:2839
 mrp_queue_xmit net/802/mrp.c:366 [inline]
 mrp_join_timer+0x97/0xc0 net/802/mrp.c:611
 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338
 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1696 [inline]
 run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709
 __do_softirq+0x265/0x980 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x215/0x260 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:184
Code: 48 c7 c0 88 82 f1 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 2f 48 83 3d 7c 31 d8 01 00 74 15 48 89 df 57 9d <0f> 1f 44 00 00 eb b2 e8 fb eb e6 f8 eb c0 0f 0b 0f 0b 48 c7 c7 88
RSP: 0018:ffff8881cf7e7828 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e3051 RBX: 0000000000000286 RCX: 1ffff1100428d97a
RDX: dffffc0000000000 RSI: ffff88802146cbb0 RDI: 0000000000000286
RBP: ffff8881cf7e7a10 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 1ffff11039efcf0a
 spin_unlock_irqrestore include/linux/spinlock.h:384 [inline]
 __wake_up_common_lock+0xe0/0x170 kernel/sched/wait.c:122
 __d_lookup_done+0x1df/0x4a0 fs/dcache.c:2553
 __d_add fs/dcache.c:2571 [inline]
 d_add+0x536/0x650 fs/dcache.c:2604
 simple_lookup fs/libfs.c:68 [inline]
 simple_lookup+0xc9/0x110 fs/libfs.c:62
 __lookup_slow+0x246/0x4a0 fs/namei.c:1672
 lookup_one_len+0x163/0x190 fs/namei.c:2544
 start_creating+0xc9/0x220 fs/debugfs/inode.c:313
 __debugfs_create_file+0x5e/0x480 fs/debugfs/inode.c:352
 kvm_create_vm_debugfs arch/x86/kvm/../../../virt/kvm/kvm_main.c:650 [inline]
 kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3475 [inline]
 kvm_dev_ioctl+0xa2b/0x16e0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3502
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
 __do_sys_ioctl fs/ioctl.c:712 [inline]
 __se_sys_ioctl fs/ioctl.c:710 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fb6885bbaf9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb687531188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fb6886cef60 RCX: 00007fb6885bbaf9
RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000005
RBP: 00007fb688615ff7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc1441699f R14: 00007fb687531300 R15: 0000000000022000
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 1208 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:mark_irqflags kernel/locking/lockdep.c:3007 [inline]
RIP: 0010:__lock_acquire+0x1072/0x3ff0 kernel/locking/lockdep.c:3373
Code: 48 c7 c7 40 19 6a 88 e8 21 b5 a7 06 0f 0b e9 2e f1 ff ff 31 d2 4c 89 d6 4c 89 ef 44 89 44 24 30 44 89 4c 24 28 4c 89 54 24 20 <e8> 39 dd ff ff 4c 8b 54 24 20 85 c0 44 8b 4c 24 28 44 8b 44 24 30
RSP: 0018:ffff8880ba107ab8 EFLAGS: 00000046
RAX: 000000000000000c RBX: 0000000000000040 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff888025eb8bd8 RDI: ffff888025eb8300
RBP: ffff888025eb8bfa R08: 0000000000000001 R09: 0000000000000002
R10: ffff888025eb8bd8 R11: ffffffff8c66505b R12: 00000000000c4001
R13: ffff888025eb8300 R14: ffff888025eb8bf0 R15: 0000000000000001
FS:  00007f9b5f450700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000002e841000 CR4: 00000000003426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152
 debug_object_deactivate lib/debugobjects.c:540 [inline]
 debug_object_deactivate+0xfc/0x2e0 lib/debugobjects.c:529
 debug_hrtimer_deactivate kernel/time/hrtimer.c:421 [inline]
 debug_deactivate kernel/time/hrtimer.c:471 [inline]
 __run_hrtimer kernel/time/hrtimer.c:1435 [inline]
 __hrtimer_run_queues+0x1bc/0xe60 kernel/time/hrtimer.c:1527
 hrtimer_interrupt+0x326/0x9e0 kernel/time/hrtimer.c:1585
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1071 [inline]
 smp_apic_timer_interrupt+0x10c/0x550 arch/x86/kernel/apic/apic.c:1096
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:vmx_handle_external_intr+0x1a6/0x1f0 arch/x86/kvm/vmx.c:10494
Code: 38 d0 0f 9e c2 84 c0 0f 95 c0 84 c2 75 50 8b 43 08 48 c1 e0 20 48 09 e8 4c 09 e0 48 89 e2 48 83 e4 f0 6a 18 52 9c 6a 10 ff d0 <5b> 5d 41 5c e9 41 b5 4a 00 e8 2c 92 80 00 e9 be fe ff ff be 02 00
RSP: 0018:ffff8881bbb6f9f0 EFLAGS: 00000086 ORIG_RAX: ffffffffffffff13
RAX: ffffffff88201450 RBX: fffffe0000000ec0 RCX: 0000000000000000
RDX: ffff8881bbb6f9f0 RSI: 0000000000000001 RDI: fffffe0000000ec8
RBP: 0000000088200000 R08: 0000000000000000 R09: 0000000080000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000001450
R13: ffff888029790bc0 R14: ffff888029790bf0 R15: dffffc0000000000
----------------
Code disassembly (best guess):
   0:	48 c7 c0 88 82 f1 89 	mov    $0xffffffff89f18288,%rax
   7:	48 ba 00 00 00 00 00 	movabs $0xdffffc0000000000,%rdx
   e:	fc ff df
  11:	48 c1 e8 03          	shr    $0x3,%rax
  15:	80 3c 10 00          	cmpb   $0x0,(%rax,%rdx,1)
  19:	75 2f                	jne    0x4a
  1b:	48 83 3d 7c 31 d8 01 	cmpq   $0x0,0x1d8317c(%rip)        # 0x1d8319f
  22:	00
  23:	74 15                	je     0x3a
  25:	48 89 df             	mov    %rbx,%rdi
  28:	57                   	push   %rdi
  29:	9d                   	popfq
* 2a:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1) <-- trapping instruction
  2f:	eb b2                	jmp    0xffffffe3
  31:	e8 fb eb e6 f8       	callq  0xf8e6ec31
  36:	eb c0                	jmp    0xfffffff8
  38:	0f 0b                	ud2
  3a:	0f 0b                	ud2
  3c:	48                   	rex.W
  3d:	c7                   	.byte 0xc7
  3e:	c7                   	(bad)
  3f:	88                   	.byte 0x88