watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz-executor.0:9621] Modules linked in: irq event stamp: 3736821 hardirqs last enabled at (3736820): [] restore_regs_and_return_to_kernel+0x0/0x2a hardirqs last disabled at (3736821): [] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:793 softirqs last enabled at (5882): [] __do_softirq+0x68b/0x9ff kernel/softirq.c:314 softirqs last disabled at (7039): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (7039): [] irq_exit+0x193/0x240 kernel/softirq.c:409 CPU: 0 PID: 9621 Comm: syz-executor.0 Not tainted 4.14.272-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff888091098580 task.stack: ffff88806fb88000 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x50 kernel/kcov.c:60 RSP: 0018:ffff8880ba407c10 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000102 RBX: 00000000ffffb3be RCX: 0000000000000000 RDX: 0000000000000004 RSI: ffff888091098e58 RDI: 0000000000000001 RBP: ffff88809a3867b8 R08: ffffffff8bff8408 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 1ffff11017480f8b R14: 0000000000000000 R15: ffff8880ba42cb00 FS: 00007f8a4f3f6700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fbf04b1d000 CR3: 000000009116c000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __mod_timer kernel/time/timer.c:1029 [inline] mod_timer+0x4ec/0xf70 kernel/time/timer.c:1070 addrconf_rs_timer+0x421/0x5a0 net/ipv6/addrconf.c:3778 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline] RIP: 0010:lock_is_held_type+0x17a/0x210 kernel/locking/lockdep.c:4038 RSP: 0018:ffff88806fb8f488 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10 RAX: 1ffffffff11e12f1 RBX: 0000000000000286 RCX: 0000000000000001 RDX: dffffc0000000000 RSI: 00000000ffffffff RDI: 0000000000000286 RBP: ffff888091098580 R08: 0000000000000000 R09: 0000000000040634 R10: ffff888091098e08 R11: ffff888091098580 R12: 0000000000000000 R13: ffff8880ba434380 R14: ffff88806fb88000 R15: ffff888091098580 lock_is_held include/linux/lockdep.h:437 [inline] schedule_debug kernel/sched/core.c:3209 [inline] __schedule+0xf1b/0x1de0 kernel/sched/core.c:3311 preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:3511 ___preempt_schedule+0x16/0x18 __mutex_lock_common kernel/locking/mutex.c:885 [inline] __mutex_lock+0xe56/0x1310 kernel/locking/mutex.c:893 perf_poll+0xd8/0x1c0 kernel/events/core.c:4662 do_select+0xa83/0x1290 fs/select.c:513 core_sys_select+0x32f/0x6a0 fs/select.c:656 do_pselect fs/select.c:733 [inline] SYSC_pselect6 fs/select.c:774 [inline] SyS_pselect6+0x358/0x3c0 fs/select.c:759 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f8a50a81049 RSP: 002b:00007f8a4f3f6168 EFLAGS: 00000246 ORIG_RAX: 000000000000010e RAX: ffffffffffffffda RBX: 00007f8a50b93f60 RCX: 00007f8a50a81049 RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0e67d2ad1e0ff6b8 RBP: 00007f8a50adb08d R08: 0000000020000200 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdeff308ef R14: 00007f8a4f3f6300 R15: 0000000000022000 Code: ff ff 48 89 df e8 11 b1 29 00 e9 9f fe ff ff 4c 89 e7 e8 04 b1 29 00 e9 2c fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <65> 48 8b 04 25 c0 7f 02 00 48 85 c0 74 1a 65 8b 15 fb 3c ad 7e Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 9614 Comm: syz-executor.5 Not tainted 4.14.272-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88809104a3c0 task.stack: ffff888090178000 RIP: 0010:rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1186 [inline] RIP: 0010:rcu_lockdep_current_cpu_online+0x5b/0x140 kernel/rcu/tree.c:1177 RSP: 0018:ffff8880ba506810 EFLAGS: 00000046 RAX: 0000000000000001 RBX: 0000000000035280 RCX: 1ffffffff1198fad RDX: dffffc0000000000 RSI: ffffffff87ccfb80 RDI: ffffffff88cc7d68 RBP: ffff8880ba506b30 R08: 0000000000000000 R09: 00000000000a6012 R10: ffff88809104adb0 R11: ffff88809104a3c0 R12: 0000000000000001 R13: ffff8880ba506cc0 R14: 0000000000000008 R15: ffff8880ba506b90 FS: 00007f23c318a700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8b26248922 CR3: 00000000a38f1000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rcu_read_lock_held+0xc3/0x110 kernel/rcu/update.c:330 __perf_output_begin kernel/events/ring_buffer.c:163 [inline] perf_output_begin_forward+0x76f/0xa10 kernel/events/ring_buffer.c:262 __perf_event_output kernel/events/core.c:6284 [inline] perf_event_output_forward+0xde/0x1f0 kernel/events/core.c:6300 __perf_event_overflow+0x113/0x310 kernel/events/core.c:7549 perf_swevent_hrtimer+0x220/0x350 kernel/events/core.c:8754 __run_hrtimer kernel/time/hrtimer.c:1223 [inline] __hrtimer_run_queues+0x30b/0xc80 kernel/time/hrtimer.c:1287 hrtimer_interrupt+0x1e6/0x5e0 kernel/time/hrtimer.c:1321 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1079 [inline] smp_apic_timer_interrupt+0x117/0x5e0 arch/x86/kernel/apic/apic.c:1104 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:__read_once_size include/linux/compiler.h:185 [inline] RIP: 0010:rspin_until_writer_unlock kernel/locking/qrwlock.c:59 [inline] RIP: 0010:queued_read_lock_slowpath+0x109/0x190 kernel/locking/qrwlock.c:82 RSP: 0018:ffff8880ba507120 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 00000000000000ff RBX: ffff88809a386640 RCX: 00000000000054bc RDX: 1ffff11013470cc9 RSI: 00000000000000ff RDI: ffff88809a386640 RBP: 0000000000000003 R08: ffffffff8b9ce0a0 R09: 0000000000062384 R10: ffff88809104ad60 R11: ffff88809104a3c0 R12: ffffed1013470cc8 R13: ffff8880a1b9c180 R14: ffff8880ba507200 R15: 0000000000000001 __ipv6_dev_get_saddr+0x61/0x620 net/ipv6/addrconf.c:1563 ipv6_dev_get_saddr+0x4c2/0x9c0 net/ipv6/addrconf.c:1737 ip6_route_get_saddr include/net/ip6_route.h:111 [inline] ip6_dst_lookup_tail+0x107c/0x16c0 net/ipv6/ip6_output.c:1015 ip6_dst_lookup_flow+0x7c/0x190 net/ipv6/ip6_output.c:1136 geneve_get_v6_dst+0x42a/0x910 drivers/net/geneve.c:806 geneve6_xmit_skb drivers/net/geneve.c:892 [inline] geneve_xmit+0x5fd/0x2ca0 drivers/net/geneve.c:945 __netdev_start_xmit include/linux/netdevice.h:4052 [inline] netdev_start_xmit include/linux/netdevice.h:4061 [inline] xmit_one net/core/dev.c:3005 [inline] dev_hard_start_xmit+0x188/0x890 net/core/dev.c:3021 __dev_queue_xmit+0x1d7f/0x2480 net/core/dev.c:3521 neigh_resolve_output+0x4e5/0x870 net/core/neighbour.c:1369 neigh_output include/net/neighbour.h:500 [inline] ip6_finish_output2+0xf48/0x1f10 net/ipv6/ip6_output.c:120 ip6_finish_output+0x5c6/0xd50 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:209 dst_output include/net/dst.h:470 [inline] NF_HOOK include/linux/netfilter.h:250 [inline] ndisc_send_skb+0x82a/0x1390 net/ipv6/ndisc.c:483 ndisc_send_rs+0x125/0x630 net/ipv6/ndisc.c:677 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3769 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:__sanitizer_cov_trace_pc+0x3d/0x50 kernel/kcov.c:87 RSP: 0018:ffff88809017f570 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 0000000000040000 RBX: 0000000000000001 RCX: ffffc900073fa000 RDX: 0000000000013845 RSI: ffffffff8319f035 RDI: ffffffff87ccfbc0 RBP: ffffffff87ccfbc0 R08: ffff88823fff7058 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000034380 R13: ffffffff87ccfb80 R14: dffffc0000000000 R15: 0000000000000000 check_preemption_disabled+0x15/0x240 lib/smp_processor_id.c:14 __schedule+0x66/0x1de0 kernel/sched/core.c:3307 preempt_schedule_irq+0xb0/0x140 kernel/sched/core.c:3614 retint_kernel+0x1b/0x2d RIP: 0010:tty_poll+0x10b/0x1a0 drivers/tty/tty_io.c:2101 RSP: 0018:ffff88809017f740 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: dffffc0000000000 RBX: ffffffff8353dea0 RCX: ffffc900073fa000 RDX: 1ffffffff128e9cb RSI: ffffffff8353df77 RDI: ffffffff89474e58 RBP: ffff8880af8d9a80 R08: ffffffff8b9b0d00 R09: 00000000000503e5 R10: ffff88809104ac48 R11: ffff88809104a3c0 R12: ffff8880aad05840 R13: ffff88809431e540 R14: ffff88809017f8d0 R15: ffffffff89474e00 do_select+0xa83/0x1290 fs/select.c:513 core_sys_select+0x32f/0x6a0 fs/select.c:656 do_pselect fs/select.c:733 [inline] SYSC_pselect6 fs/select.c:774 [inline] SyS_pselect6+0x358/0x3c0 fs/select.c:759 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f23c4815049 RSP: 002b:00007f23c318a168 EFLAGS: 00000246 ORIG_RAX: 000000000000010e RAX: ffffffffffffffda RBX: 00007f23c4927f60 RCX: 00007f23c4815049 RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0e67d2ad1e0ff6b8 RBP: 00007f23c486f08d R08: 0000000020000200 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffac3452af R14: 00007f23c318a300 R15: 0000000000022000 Code: e8 db 39 d3 01 48 c7 c3 80 52 03 00 48 ba 00 00 00 00 00 fc ff df 89 c0 48 8d 3c c5 60 7d cc 88 48 89 f9 48 c1 e9 03 80 3c 11 00 <0f> 85 a5 00 00 00 48 03 1c c5 60 7d cc 88 48 b8 00 00 00 00 00 ---------------- Code disassembly (best guess), 2 bytes skipped: 0: 48 89 df mov %rbx,%rdi 3: e8 11 b1 29 00 callq 0x29b119 8: e9 9f fe ff ff jmpq 0xfffffeac d: 4c 89 e7 mov %r12,%rdi 10: e8 04 b1 29 00 callq 0x29b119 15: e9 2c fe ff ff jmpq 0xfffffe46 1a: 90 nop 1b: 90 nop 1c: 90 nop 1d: 90 nop 1e: 90 nop 1f: 90 nop 20: 90 nop 21: 90 nop 22: 90 nop 23: 90 nop 24: 90 nop 25: 90 nop 26: 90 nop 27: 90 nop 28: 90 nop * 29: 65 48 8b 04 25 c0 7f mov %gs:0x27fc0,%rax <-- trapping instruction 30: 02 00 32: 48 85 c0 test %rax,%rax 35: 74 1a je 0x51 37: 65 8b 15 fb 3c ad 7e mov %gs:0x7ead3cfb(%rip),%edx # 0x7ead3d39