IPv6: ADDRCONF(NETDEV_UP): veth2171: link is not ready device veth2141 entered promiscuous mode device bridge1260 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): hsr861: link is not ready watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz-executor.0:25950] Modules linked in: irq event stamp: 2532959 hardirqs last enabled at (2532958): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (2532959): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (13686): [] __do_softirq+0x678/0x980 kernel/softirq.c:318 softirqs last disabled at (14493): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (14493): [] irq_exit+0x215/0x260 kernel/softirq.c:412 CPU: 0 PID: 25950 Comm: syz-executor.0 Not tainted 4.19.209-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__read_once_size include/linux/compiler.h:263 [inline] RIP: 0010:queued_write_lock_slowpath+0x124/0x290 kernel/locking/qrwlock.c:88 Code: 4c 8d 2c 02 41 83 c7 03 41 0f b6 45 00 41 38 c7 7c 08 84 c0 0f 85 34 01 00 00 8b 03 3d 00 01 00 00 74 1a f3 90 41 0f b6 45 00 <41> 38 c7 7c eb 84 c0 74 e7 48 89 df e8 ab 62 4c 00 eb dd 48 89 df RSP: 0018:ffff8880ba007678 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000000 RBX: ffffffff8af11340 RCX: ffffffff814bfec6 RDX: 1ffffffff15e2268 RSI: 0000000000000004 RDI: ffffffff8af11340 RBP: 1ffff11017400ed0 R08: 0000000000000001 R09: fffffbfff15e2268 R10: ffffffff8af11343 R11: 0000000000000000 R12: ffffffff8af11344 R13: fffffbfff15e2268 R14: ffff8880ba0076a0 R15: 0000000000000003 FS: 00007faecfe43700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555555f22708 CR3: 000000001525a000 CR4: 00000000003426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: queued_write_lock include/asm-generic/qrwlock.h:103 [inline] do_raw_write_lock+0xcf/0x1e0 kernel/locking/spinlock_debug.c:203 __neigh_create+0x7d9/0x1c40 net/core/neighbour.c:536 ip6_finish_output2+0x8cc/0x2290 net/ipv6/ip6_output.c:117 ip6_finish_output+0x89b/0x10f0 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip6_output+0x205/0x770 net/ipv6/ip6_output.c:209 dst_output include/net/dst.h:455 [inline] NF_HOOK include/linux/netfilter.h:289 [inline] ndisc_send_skb+0xa24/0x1720 net/ipv6/ndisc.c:491 ndisc_send_rs+0x131/0x690 net/ipv6/ndisc.c:685 addrconf_rs_timer+0x384/0x6a0 net/ipv6/addrconf.c:3835 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] RIP: 0010:lock_is_held_type+0x17a/0x210 kernel/locking/lockdep.c:3948 Code: 00 00 00 00 fc ff df c7 85 84 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 75 63 48 83 3d 45 cc a6 08 00 74 2c 48 89 df 57 9d <0f> 1f 44 00 00 48 83 c4 08 44 89 e0 5b 5d 41 5c c3 48 83 c4 08 41 RSP: 0018:ffff888015977928 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff13e3051 RBX: 0000000000000286 RCX: 0000000000000001 RDX: dffffc0000000000 RSI: 00000000ffffffff RDI: 0000000000000286 RBP: ffff8880138ea480 R08: ffffffff8cd26210 R09: 0000000000000000 R10: 0000000000000007 R11: 0000000000000000 R12: 0000000000000000 R13: ffff88813bfec040 R14: ffff88813bfec040 R15: 0000000000000000 lock_is_held include/linux/lockdep.h:344 [inline] ___might_sleep+0x227/0x2b0 kernel/sched/core.c:6157 cache_alloc_debugcheck_before mm/slab.c:3071 [inline] slab_alloc mm/slab.c:3387 [inline] kmem_cache_alloc+0x2a7/0x370 mm/slab.c:3557 ptlock_alloc+0x1d/0x70 mm/memory.c:4969 ptlock_init include/linux/mm.h:1900 [inline] pgtable_page_ctor include/linux/mm.h:1934 [inline] pte_alloc_one+0x68/0x190 arch/x86/mm/pgtable.c:38 __pte_alloc+0x21/0x340 mm/memory.c:665 copy_pte_range mm/memory.c:1089 [inline] copy_pmd_range mm/memory.c:1165 [inline] copy_pud_range mm/memory.c:1199 [inline] copy_p4d_range mm/memory.c:1221 [inline] copy_page_range+0x1d3d/0x2ff0 mm/memory.c:1283 dup_mmap kernel/fork.c:549 [inline] dup_mm kernel/fork.c:1285 [inline] copy_mm kernel/fork.c:1341 [inline] copy_process.part.0+0x5b22/0x8260 kernel/fork.c:1913 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7faed28cc8d9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007faecfe43188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 RAX: ffffffffffffffda RBX: 00007faed29d0f60 RCX: 00007faed28cc8d9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007faed2926cb4 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc24c2dc7f R14: 00007faecfe43300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 25935 Comm: syz-executor.2 Not tainted 4.19.209-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:debug_lockdep_rcu_enabled+0x8/0xe0 kernel/rcu/update.c:253 Code: 47 00 e9 fa fd ff ff 48 89 ef e8 83 c4 47 00 e9 62 fe ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 c7 c0 c4 df 26 8b 53 <48> ba 00 00 00 00 00 fc ff df 48 89 c1 83 e0 07 48 c1 e9 03 83 c0 RSP: 0018:ffff8880ba1072f0 EFLAGS: 00000007 RAX: ffffffff8b26dfc4 RBX: ffff88801b216240 RCX: 0000000000000002 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88801b216ac4 RBP: ffffffff89f95488 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000005 R11: ffffffff8c66505b R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000001 FS: 00007f287254b700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd4d6e18718 CR3: 000000003384a000 CR4: 00000000003426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: trace_lock_acquire include/trace/events/lock.h:13 [inline] lock_acquire+0x2e7/0x3c0 kernel/locking/lockdep.c:3907 seqcount_lockdep_reader_access include/linux/seqlock.h:81 [inline] read_seqcount_begin include/linux/seqlock.h:164 [inline] ktime_get+0xd0/0x2f0 kernel/time/timekeeping.c:756 clockevents_program_event+0x141/0x350 kernel/time/clockevents.c:336 tick_program_event+0xac/0x140 kernel/time/tick-oneshot.c:48 hrtimer_interrupt+0x40a/0x9e0 kernel/time/hrtimer.c:1598 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1071 [inline] smp_apic_timer_interrupt+0x10c/0x550 arch/x86/kernel/apic/apic.c:1096 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:435 [inline] RIP: 0010:__pv_queued_spin_lock_slowpath+0x3a6/0xae0 kernel/locking/qspinlock.c:474 Code: eb c6 45 01 01 41 bc 00 80 00 00 48 c1 e9 03 83 e3 07 41 be 01 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8d 2c 01 eb 0c f3 90 <41> 83 ec 01 0f 84 38 04 00 00 41 0f b6 45 00 38 d8 7f 08 84 c0 0f RSP: 0018:ffff8880ba1075a0 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000003 RBX: 0000000000000004 RCX: 1ffffffff15e2268 RDX: 0000000000000005 RSI: ffffffff8167a995 RDI: 0000000000000286 RBP: ffffffff8af11344 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 00000000000000e6 R13: fffffbfff15e2268 R14: 0000000000000001 R15: ffff8880ba12be00 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:679 [inline] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:53 [inline] queued_spin_lock include/asm-generic/qspinlock.h:88 [inline] queued_write_lock_slowpath+0x229/0x290 kernel/locking/qrwlock.c:76 queued_write_lock include/asm-generic/qrwlock.h:103 [inline] do_raw_write_lock+0xcf/0x1e0 kernel/locking/spinlock_debug.c:203 __neigh_create+0x7d9/0x1c40 net/core/neighbour.c:536 ip6_finish_output2+0x8cc/0x2290 net/ipv6/ip6_output.c:117 ip6_finish_output+0x89b/0x10f0 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip6_output+0x205/0x770 net/ipv6/ip6_output.c:209 dst_output include/net/dst.h:455 [inline] NF_HOOK include/linux/netfilter.h:289 [inline] ndisc_send_skb+0xa24/0x1720 net/ipv6/ndisc.c:491 ndisc_send_rs+0x131/0x690 net/ipv6/ndisc.c:685 addrconf_rs_timer+0x384/0x6a0 net/ipv6/addrconf.c:3835 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:23 [inline] RIP: 0010:preempt_latency_start kernel/sched/core.c:3215 [inline] RIP: 0010:preempt_schedule_common+0x2a/0xc0 kernel/sched/core.c:3640 Code: 41 55 41 54 49 bc 00 00 00 00 00 fc ff df 55 65 48 8b 2c 25 c0 df 01 00 53 48 89 eb 48 c1 eb 03 4c 01 e3 65 ff 05 06 88 e9 77 <65> 8b 05 ff 87 e9 77 25 ff ff ff 7f 83 f8 01 74 2c bf 01 00 00 00 RSP: 0018:ffff8880150f7b10 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000286 RBX: ffffed1003642c48 RCX: ffffc9000a024000 RDX: dffffc0000000000 RSI: ffffffff818aef9b RDI: 0000000000000005 RBP: ffff88801b216240 R08: ffffffffffffffe8 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000440549 R12: dffffc0000000000 R13: 0000000000000015 R14: 00000000000001eb R15: ffff8880150f7d48 ___preempt_schedule+0x16/0x18 __kunmap_atomic include/linux/highmem.h:78 [inline] clear_user_highpage include/linux/highmem.h:138 [inline] clear_subpage.constprop.0+0xe0/0x100 mm/memory.c:4849 process_huge_page mm/memory.c:4812 [inline] clear_huge_page+0x18d/0x460 mm/memory.c:4863 __do_huge_pmd_anonymous_page mm/huge_memory.c:583 [inline] do_huge_pmd_anonymous_page+0xbb5/0x1e60 mm/huge_memory.c:740 create_huge_pmd mm/memory.c:4066 [inline] __handle_mm_fault+0x289c/0x41c0 mm/memory.c:4270 handle_mm_fault+0x436/0xb10 mm/memory.c:4336 __do_page_fault+0x68e/0xd60 arch/x86/mm/fault.c:1412 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x7f2874f77970 Code: 89 d0 45 01 ed 44 29 e8 83 f8 05 77 52 48 63 04 81 48 01 c8 ff e0 0f 1f 40 00 4d 89 c5 44 89 e0 83 c2 01 66 c1 e8 03 0f b7 c0 <4c> 89 ac c6 00 38 00 00 83 fa 20 75 b3 5b 5d 41 5c 41 5d c3 0f 1f RSP: 002b:00007f28725495d8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00008b0000889120 RCX: 00007f287503de70 RDX: 0000000000000001 RSI: 0000000020fe8000 RDI: 00000000aaaaaaab RBP: 0000860000109120 R08: 0000870000109120 R09: 0000830000789120 R10: 00008e0000309120 R11: 00008f0000309120 R12: 0000000000000000 R13: 0000860000109120 R14: 0000000000000007 R15: 0000000000000000 ---------------- Code disassembly (best guess): 0: 4c 8d 2c 02 lea (%rdx,%rax,1),%r13 4: 41 83 c7 03 add $0x3,%r15d 8: 41 0f b6 45 00 movzbl 0x0(%r13),%eax d: 41 38 c7 cmp %al,%r15b 10: 7c 08 jl 0x1a 12: 84 c0 test %al,%al 14: 0f 85 34 01 00 00 jne 0x14e 1a: 8b 03 mov (%rbx),%eax 1c: 3d 00 01 00 00 cmp $0x100,%eax 21: 74 1a je 0x3d 23: f3 90 pause 25: 41 0f b6 45 00 movzbl 0x0(%r13),%eax * 2a: 41 38 c7 cmp %al,%r15b <-- trapping instruction 2d: 7c eb jl 0x1a 2f: 84 c0 test %al,%al 31: 74 e7 je 0x1a 33: 48 89 df mov %rbx,%rdi 36: e8 ab 62 4c 00 callq 0x4c62e6 3b: eb dd jmp 0x1a 3d: 48 89 df mov %rbx,%rdi