EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. device vlan765 entered promiscuous mode device bridge831 entered promiscuous mode watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.4:29190] Modules linked in: irq event stamp: 3142991 hardirqs last enabled at (3142990): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (3142991): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (3071836): [] __do_softirq+0x678/0x980 kernel/softirq.c:318 softirqs last disabled at (3071839): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (3071839): [] irq_exit+0x215/0x260 kernel/softirq.c:412 CPU: 0 PID: 29190 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__read_once_size include/linux/compiler.h:263 [inline] RIP: 0010:queued_write_lock_slowpath+0x11f/0x290 kernel/locking/qrwlock.c:88 Code: 03 41 83 e7 07 4c 8d 2c 02 41 83 c7 03 41 0f b6 45 00 41 38 c7 7c 08 84 c0 0f 85 34 01 00 00 8b 03 3d 00 01 00 00 74 1a f3 90 <41> 0f b6 45 00 41 38 c7 7c eb 84 c0 74 e7 48 89 df e8 ab 62 4c 00 RSP: 0018:ffff8880ba007678 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13 RAX: 00000000000001ff RBX: ffffffff8af113c0 RCX: ffffffff814bfec6 RDX: 1ffffffff15e2278 RSI: 0000000000000004 RDI: ffffffff8af113c0 RBP: 1ffff11017400ed0 R08: 0000000000000001 R09: fffffbfff15e2278 R10: ffffffff8af113c3 R11: 0000000000000000 R12: ffffffff8af113c4 R13: fffffbfff15e2278 R14: ffff8880ba0076a0 R15: 0000000000000003 FS: 00007faec9ecf700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b33a35000 CR3: 0000000093b87000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: queued_write_lock include/asm-generic/qrwlock.h:103 [inline] do_raw_write_lock+0xcf/0x1e0 kernel/locking/spinlock_debug.c:203 neigh_forced_gc net/core/neighbour.c:177 [inline] neigh_alloc net/core/neighbour.c:317 [inline] __neigh_create+0xbfb/0x1c40 net/core/neighbour.c:501 ip6_finish_output2+0x8cc/0x2290 net/ipv6/ip6_output.c:117 ip6_finish_output+0x89b/0x10f0 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip6_output+0x205/0x770 net/ipv6/ip6_output.c:209 dst_output include/net/dst.h:455 [inline] NF_HOOK include/linux/netfilter.h:289 [inline] ndisc_send_skb+0xa24/0x1720 net/ipv6/ndisc.c:491 ndisc_send_rs+0x131/0x690 net/ipv6/ndisc.c:685 addrconf_rs_timer+0x384/0x6a0 net/ipv6/addrconf.c:3835 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:lock_release+0x93/0x8b0 kernel/locking/lockdep.c:3920 Code: 34 25 28 00 00 00 48 89 74 24 70 31 f6 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 d0 05 00 00 <44> 8b 93 84 08 00 00 45 85 d2 0f 85 8b 03 00 00 48 c7 c0 80 82 f1 RSP: 0018:ffff88805e697690 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000007 RBX: ffff888054d5e580 RCX: ffffffff81518c83 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888054d5ee04 RBP: ffffffff89f85fa0 R08: 0000000000000000 R09: ffffed101740455a R10: ffff8880ba022ad3 R11: 0000000000000000 R12: 1ffff1100bcd2ed5 R13: ffffffff819ec55f R14: dead000000000100 R15: 00007faeca7c5000 page_remove_rmap+0xe5/0x120 mm/rmap.c:1297 zap_pte_range mm/memory.c:1350 [inline] zap_pmd_range mm/memory.c:1463 [inline] zap_pud_range mm/memory.c:1492 [inline] zap_p4d_range mm/memory.c:1513 [inline] unmap_page_range+0x147d/0x2c50 mm/memory.c:1534 unmap_single_vma+0x198/0x300 mm/memory.c:1579 unmap_vmas+0xa9/0x180 mm/memory.c:1609 exit_mmap+0x2b9/0x530 mm/mmap.c:3093 __mmput kernel/fork.c:1016 [inline] mmput+0x14e/0x4a0 kernel/fork.c:1037 exit_mm kernel/exit.c:549 [inline] do_exit+0xaec/0x2be0 kernel/exit.c:857 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7faecb57b049 Code: Bad RIP value. RSP: 002b:00007faec9ecf218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007faecb68e038 RCX: 00007faecb57b049 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007faecb68e038 RBP: 00007faecb68e030 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007faecb68e03c R13: 00007ffda543d67f R14: 00007faec9ecf300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 29180 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:435 [inline] RIP: 0010:__pv_queued_spin_lock_slowpath+0x3a6/0xae0 kernel/locking/qspinlock.c:474 Code: eb c6 45 01 01 41 bc 00 80 00 00 48 c1 e9 03 83 e3 07 41 be 01 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8d 2c 01 eb 0c f3 90 <41> 83 ec 01 0f 84 38 04 00 00 41 0f b6 45 00 38 d8 7f 08 84 c0 0f RSP: 0018:ffff8880ba1075a0 EFLAGS: 00000206 RAX: 0000000000000003 RBX: 0000000000000004 RCX: 1ffffffff15e2278 RDX: 0000000000000005 RSI: ffffffff8167a995 RDI: 0000000000000286 RBP: ffffffff8af113c4 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 000000000000037b R13: fffffbfff15e2278 R14: 0000000000000001 R15: ffff8880ba12be00 FS: 000055555603d400(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555556046848 CR3: 0000000093b87000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:679 [inline] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:53 [inline] queued_spin_lock include/asm-generic/qspinlock.h:88 [inline] queued_write_lock_slowpath+0x229/0x290 kernel/locking/qrwlock.c:76 queued_write_lock include/asm-generic/qrwlock.h:103 [inline] do_raw_write_lock+0xcf/0x1e0 kernel/locking/spinlock_debug.c:203 __neigh_create+0x7d9/0x1c40 net/core/neighbour.c:536 ip6_finish_output2+0x8cc/0x2290 net/ipv6/ip6_output.c:117 ip6_finish_output+0x89b/0x10f0 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip6_output+0x205/0x770 net/ipv6/ip6_output.c:209 dst_output include/net/dst.h:455 [inline] NF_HOOK include/linux/netfilter.h:289 [inline] ndisc_send_skb+0xa24/0x1720 net/ipv6/ndisc.c:491 ndisc_send_rs+0x131/0x690 net/ipv6/ndisc.c:685 addrconf_rs_timer+0x384/0x6a0 net/ipv6/addrconf.c:3835 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:PageCompound include/linux/page-flags.h:156 [inline] RIP: 0010:PageHuge+0x2a/0x160 mm/hugetlb.c:1374 Code: 41 54 55 53 48 89 fb e8 b4 65 ce ff 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 13 01 00 00 48 8b 2b <31> ff 48 c1 ed 0f 83 e5 01 89 ee e8 b6 66 ce ff 40 84 ed 0f 84 8c RSP: 0018:ffff88803feb76e8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: ffffea0002494080 RCX: ffffffff81518c83 RDX: 1ffffd4000492810 RSI: ffffffff81941fbc RDI: ffffea0002494080 RBP: 00fff00000000000 R08: 0000000000000000 R09: ffffed101742455a R10: ffff8880ba122ad3 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: ffffea0002494080 R15: 00007f8400add000 page_remove_file_rmap+0x3e/0xa30 mm/rmap.c:1215 page_remove_rmap+0xe5/0x120 mm/rmap.c:1297 zap_pte_range mm/memory.c:1350 [inline] zap_pmd_range mm/memory.c:1463 [inline] zap_pud_range mm/memory.c:1492 [inline] zap_p4d_range mm/memory.c:1513 [inline] unmap_page_range+0x147d/0x2c50 mm/memory.c:1534 unmap_single_vma+0x198/0x300 mm/memory.c:1579 unmap_vmas+0xa9/0x180 mm/memory.c:1609 exit_mmap+0x2b9/0x530 mm/mmap.c:3093 __mmput kernel/fork.c:1016 [inline] mmput+0x14e/0x4a0 kernel/fork.c:1037 exit_mm kernel/exit.c:549 [inline] do_exit+0xaec/0x2be0 kernel/exit.c:857 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198 retint_user+0x8/0x18 RIP: 0033:0x7f84013c7f0a Code: 14 0f 1f 80 00 00 00 00 48 8b 50 f8 48 83 e8 08 48 39 ca 77 f3 48 39 c3 73 3e 48 89 13 48 8b 50 f8 48 89 38 49 8b 0e 48 8b 3e <48> 83 c3 08 48 83 c6 08 eb bc 48 39 d1 72 9e 48 39 d0 73 47 49 89 RSP: 002b:00007ffc1c242970 EFLAGS: 00000287 ORIG_RAX: ffffffffffffff13 RAX: 00007f8401246d08 RBX: 00007f84012309f8 RCX: ffffffff83771e05 RDX: ffffffff83636bfa RSI: 00007f8401230a00 RDI: ffffffff83771e05 RBP: 00007f8401214b00 R08: 00007f840125c168 R09: 00000000c2ee2f26 R10: 00075884edcd170f R11: 0000000000000001 R12: 00007f8401214af8 R13: 00007f84012309f8 R14: 00007f8401214af0 R15: 000000000000001e ---------------- Code disassembly (best guess): 0: 03 41 83 add -0x7d(%rcx),%eax 3: e7 07 out %eax,$0x7 5: 4c 8d 2c 02 lea (%rdx,%rax,1),%r13 9: 41 83 c7 03 add $0x3,%r15d d: 41 0f b6 45 00 movzbl 0x0(%r13),%eax 12: 41 38 c7 cmp %al,%r15b 15: 7c 08 jl 0x1f 17: 84 c0 test %al,%al 19: 0f 85 34 01 00 00 jne 0x153 1f: 8b 03 mov (%rbx),%eax 21: 3d 00 01 00 00 cmp $0x100,%eax 26: 74 1a je 0x42 28: f3 90 pause * 2a: 41 0f b6 45 00 movzbl 0x0(%r13),%eax <-- trapping instruction 2f: 41 38 c7 cmp %al,%r15b 32: 7c eb jl 0x1f 34: 84 c0 test %al,%al 36: 74 e7 je 0x1f 38: 48 89 df mov %rbx,%rdi 3b: e8 ab 62 4c 00 callq 0x4c62eb