audit: type=1804 audit(1658043359.783:2147): pid=29422 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir331752809/syzkaller.3IiN9k/288/bus" dev="sda1" ino=14541 res=1 bond1149: making interface vlan957 the new active one bond1149: Enslaving vlan957 as an active interface with an up link watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.0:29508] Modules linked in: irq event stamp: 3785881 hardirqs last enabled at (3785880): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (3785880): [] _raw_spin_unlock_irq+0x24/0x80 kernel/locking/spinlock.c:192 hardirqs last disabled at (3785881): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (3332748): [] __do_softirq+0x678/0x980 kernel/softirq.c:318 softirqs last disabled at (3332751): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (3332751): [] irq_exit+0x215/0x260 kernel/softirq.c:412 CPU: 0 PID: 29508 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] RIP: 0010:_raw_spin_unlock_irq+0x50/0x80 kernel/locking/spinlock.c:192 Code: c0 98 82 f1 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 31 48 83 3d 01 31 d8 01 00 74 25 fb 66 0f 1f 44 00 00 01 00 00 00 e8 26 1b 28 f9 65 8b 05 9f 8d e8 77 85 c0 74 02 5d RSP: 0000:ffff8880ba007de0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff13e3053 RBX: dffffc0000000000 RCX: 0000000000000000 RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffff88802d0f2b04 RBP: ffff8880ba022b40 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff868939f0 R13: ffff8880ba022b40 R14: ffff8880ba007e78 R15: 0000000000000000 FS: 00007f488929f700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f488a998d60 CR3: 00000000a9cda000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: expire_timers+0x238/0x4e0 kernel/time/timer.c:1374 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:preempt_schedule_irq+0xa6/0x140 kernel/sched/core.c:3744 Code: 00 00 e8 3d 04 29 f9 e8 58 3f 4f f9 4c 89 e8 48 c1 e8 03 80 3c 18 00 75 69 48 83 3d 9b 18 d9 01 00 74 5b fb 66 0f 1f 44 00 00 01 00 00 00 e8 40 d1 ff ff 48 c7 c0 90 82 f1 89 48 c1 e8 03 80 RSP: 0000:ffff888031e6fe20 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff13e3053 RBX: dffffc0000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88802d0f2b04 RBP: ffffed1005a1e450 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88802d0f2280 R13: ffffffff89f18298 R14: 0000000000000000 R15: 0000000000000000 retint_kernel+0x1b/0x2d RIP: 0010:exit_to_usermode_loop+0x65/0x2a0 arch/x86/entry/common.c:152 Code: f1 89 48 c1 e8 03 80 3c 28 00 0f 85 0b 02 00 00 48 83 3d a5 2a f1 08 00 0f 84 e0 01 00 00 e8 72 2d 62 00 fb 66 0f 1f 44 00 00 <41> 89 df 31 ff 41 83 e7 08 44 89 fe e8 ca 2e 62 00 45 85 ff 0f 85 RSP: 0000:ffff888031e6fef8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 RAX: ffff88802d0f2280 RBX: 000000000000000c RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff810057fe RDI: ffff88802d0f2b04 RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888031e6ff58 R13: ffffed1005a1e450 R14: ffff88802d0f2280 R15: 0000000000000000 prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198 retint_user+0x8/0x18 RIP: 0033:0x7f488a8f58f7 Code: ba 80 00 00 00 48 89 de bf ca 00 00 00 e8 a1 58 05 00 8b 03 85 c0 74 e3 c7 45 08 00 00 00 00 48 89 ef e8 8c c5 ff ff 8b 45 0c <85> c0 75 39 b9 40 42 0f 00 ba 81 00 00 00 4c 89 e6 41 c7 04 24 01 RSP: 002b:00007f488929f220 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000000 RBX: 00007f488aa5e038 RCX: 00007f488a99d450 RDX: 0000000000056811 RSI: 0000000000000040 RDI: 00007f488a9b673a RBP: 00007f488aa5e030 R08: ffffffffffffffff R09: 000001be3196c61d R10: 001b3224cd669281 R11: 0000000000000001 R12: 00007f488aa5e03c R13: 00007fff3e55f0df R14: 00007f488929f300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 29507 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 RIP: 0010:__lock_release kernel/locking/lockdep.c:3665 [inline] RIP: 0010:lock_release+0x1e0/0x8b0 kernel/locking/lockdep.c:3927 Code: 45 85 c9 0f 84 f3 01 00 00 49 8d 86 80 08 00 00 48 89 c2 48 89 44 24 08 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 0f b6 04 02 <84> c0 74 08 3c 03 0f 8e ef 05 00 00 48 c7 c3 60 37 24 8d 45 8b be RSP: 0018:ffff8880ba107980 EFLAGS: 00000802 RAX: 0000000000000000 RBX: ffff888034f0a300 RCX: 1ffffffff148be2c RDX: 1ffff110069e1570 RSI: 0000000000000002 RDI: ffff888034f0ab84 RBP: ffffffff8d37e420 R08: 0000000000000086 R09: 0000000000000001 R10: 0000000000000000 R11: ffffffff8c66505b R12: 1ffff11017420f33 R13: ffffffff83772ee9 R14: ffff888034f0a300 R15: ffffffff8d37e408 FS: 00007fa6041b2700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5914049000 CR3: 000000009f26f000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:158 [inline] _raw_spin_unlock_irqrestore+0x1b/0xe0 kernel/locking/spinlock.c:184 debug_object_deactivate lib/debugobjects.c:568 [inline] debug_object_deactivate+0x1f9/0x2e0 lib/debugobjects.c:529 debug_hrtimer_deactivate kernel/time/hrtimer.c:421 [inline] debug_deactivate kernel/time/hrtimer.c:471 [inline] __run_hrtimer kernel/time/hrtimer.c:1435 [inline] __hrtimer_run_queues+0x1bc/0xe60 kernel/time/hrtimer.c:1527 hrtimer_interrupt+0x326/0x9e0 kernel/time/hrtimer.c:1585 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1071 [inline] smp_apic_timer_interrupt+0x10c/0x550 arch/x86/kernel/apic/apic.c:1096 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] RIP: 0010:_raw_spin_unlock_irq+0x50/0x80 kernel/locking/spinlock.c:192 Code: c0 98 82 f1 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 31 48 83 3d 01 31 d8 01 00 74 25 fb 66 0f 1f 44 00 00 01 00 00 00 e8 26 1b 28 f9 65 8b 05 9f 8d e8 77 85 c0 74 02 5d RSP: 0018:ffff8880ba107de0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff13e3053 RBX: dffffc0000000000 RCX: 1ffff110069e1575 RDX: dffffc0000000000 RSI: ffff888034f0ab88 RDI: ffff888034f0ab84 RBP: ffff8880ba122b40 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff868939f0 R13: ffff8880ba122b40 R14: ffff8880ba107e78 R15: 0000000000000000 expire_timers+0x238/0x4e0 kernel/time/timer.c:1374 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:native_local_ptep_get_and_clear arch/x86/include/asm/pgtable.h:1041 [inline] RIP: 0010:ptep_get_and_clear_full arch/x86/include/asm/pgtable.h:1123 [inline] RIP: 0010:zap_pte_range mm/memory.c:1334 [inline] RIP: 0010:zap_pmd_range mm/memory.c:1463 [inline] RIP: 0010:zap_pud_range mm/memory.c:1492 [inline] RIP: 0010:zap_p4d_range mm/memory.c:1513 [inline] RIP: 0010:unmap_page_range+0x11ad/0x2c50 mm/memory.c:1534 Code: 24 b8 00 00 00 83 e3 01 89 de e8 0e e9 d6 ff 84 db 0f 84 fc 07 00 00 e8 d1 e7 d6 ff 48 8b 44 24 30 48 c1 e8 03 42 80 3c 30 00 <0f> 85 41 1a 00 00 48 8b 44 24 30 48 8b 08 48 c7 00 00 00 00 00 48 RSP: 0018:ffff88802b96f770 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 1ffff1100aed66fa RBX: 0000000000000001 RCX: ffffffff818b9d92 RDX: 0000000000000000 RSI: ffffffff818b9d9f RDI: 0000000000000001 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 800000009960d007 R13: ffffea0002658340 R14: dffffc0000000000 R15: 00007fa604afb000 unmap_single_vma+0x198/0x300 mm/memory.c:1579 unmap_vmas+0xa9/0x180 mm/memory.c:1609 exit_mmap+0x2b9/0x530 mm/mmap.c:3093 __mmput kernel/fork.c:1016 [inline] mmput+0x14e/0x4a0 kernel/fork.c:1037 exit_mm kernel/exit.c:549 [inline] do_exit+0xaec/0x2be0 kernel/exit.c:857 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa60583d199 Code: Bad RIP value. RSP: 002b:00007fa6041b2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: 0000000000000004 RBX: 00007fa60594ff60 RCX: 00007fa60583d199 RDX: 0000000000000048 RSI: 000000002000e000 RDI: 0000000000000005 RBP: 00007fa60589713b R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff3c3daa5f R14: 00007fa6041b2300 R15: 0000000000022000