overlayfs: fs on './file0' does not support file handles, falling back to index=off. watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.0:9551] Modules linked in: irq event stamp: 3764811 hardirqs last enabled at (3764810): [] restore_regs_and_return_to_kernel+0x0/0x2a hardirqs last disabled at (3764811): [] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:793 softirqs last enabled at (26174): [] __do_softirq+0x68b/0x9ff kernel/softirq.c:314 softirqs last disabled at (26651): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (26651): [] irq_exit+0x193/0x240 kernel/softirq.c:409 CPU: 0 PID: 9551 Comm: syz-executor.0 Not tainted 4.14.274-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88805de80500 task.stack: ffff88805de88000 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline] RIP: 0010:lock_is_held_type+0x17a/0x210 kernel/locking/lockdep.c:4038 RSP: 0018:ffff8880ba407d18 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10 RAX: 1ffffffff11e1309 RBX: 0000000000000286 RCX: 0000000000000000 RDX: dffffc0000000000 RSI: 00000000ffffffff RDI: 0000000000000286 RBP: ffff88805de80500 R08: ffffffff8c035848 R09: 0000000000000002 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 1ffff11017480fae R14: 1ffff11017480fd3 R15: 0000000000000000 FS: 00007f0587e4f700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa5fc1b1e48 CR3: 000000009bfc9000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_is_held include/linux/lockdep.h:437 [inline] rcu_read_lock_sched_held+0x16c/0x1d0 kernel/rcu/update.c:116 trace_timer_expire_exit include/trace/events/timer.h:121 [inline] call_timer_fn+0x515/0x650 kernel/time/timer.c:1281 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:preempt_schedule_irq+0xa6/0x140 kernel/sched/core.c:3614 RSP: 0018:ffff88805de8f610 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10 RAX: 1ffffffff11e130b RBX: dffffc0000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff88805de80d88 RDI: ffff88805de80d84 RBP: ffffed100bbd00a0 R08: ffffffff8b9e0320 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88805de80500 R13: ffffffff88f09858 R14: 0000000000000000 R15: 0000000000000000 retint_kernel+0x1b/0x2d RIP: 0010:__write_once_size include/linux/compiler.h:212 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x4a/0x50 kernel/kcov.c:90 RSP: 0018:ffff88805de8f6e0 EFLAGS: 00000212 ORIG_RAX: ffffffffffffff10 RAX: 0000000000040000 RBX: ffff88805de80500 RCX: ffffc90005cba000 RDX: 0000000000017246 RSI: ffffffff818d2d7a RDI: ffff88805de80d84 RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000020012 R10: ffff88805de80d88 R11: ffff88805de80500 R12: ffff88809c88e400 R13: 0000000000000008 R14: 0000000000000003 R15: ffff88809c88e400 rcu_read_lock include/linux/rcupdate.h:630 [inline] __fget+0x8a/0x3e0 fs/file.c:743 __fget_light fs/file.c:794 [inline] __fdget+0x185/0x1f0 fs/file.c:802 fdget include/linux/file.h:59 [inline] do_select+0x9de/0x1290 fs/select.c:505 core_sys_select+0x32f/0x6a0 fs/select.c:656 do_pselect fs/select.c:733 [inline] SYSC_pselect6 fs/select.c:774 [inline] SyS_pselect6+0x358/0x3c0 fs/select.c:759 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f05894da049 RSP: 002b:00007f0587e4f168 EFLAGS: 00000246 ORIG_RAX: 000000000000010e RAX: ffffffffffffffda RBX: 00007f05895ecf60 RCX: 00007f05894da049 RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0e67d2ad1e0ff6b8 RBP: 00007f058953408d R08: 0000000020000200 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe6418715f R14: 00007f0587e4f300 R15: 0000000000022000 Code: 00 00 00 00 00 fc ff df c7 85 84 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 75 63 48 83 3d 35 5f af 07 00 74 2c 48 89 df 57 9d <0f> 1f 44 00 00 48 83 c4 08 44 89 e0 5b 5d 41 5c c3 48 83 c4 08 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 9553 Comm: syz-executor.3 Not tainted 4.14.274-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88809bf4a580 task.stack: ffff88805df58000 RIP: 0010:native_apic_mem_write+0x8/0x10 arch/x86/include/asm/apic.h:100 RSP: 0018:ffff8880ba507400 EFLAGS: 00000046 RAX: dffffc0000000000 RBX: ffffffff88cc9000 RCX: 0000000000000020 RDX: 1ffffffff119921d RSI: 00000000000000ce RDI: 0000000000000380 RBP: ffff8880ba5282c0 R08: ffff88823fff7058 R09: ffff88823fff704f R10: ffff88823fff7057 R11: 00000029abe1af5e R12: 00000000000000ce R13: 0000000000000003 R14: 000000283e7ffec7 R15: 000000306ca2f4a8 FS: 00007fa5faab7700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b30842000 CR3: 00000000a537f000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: apic_write arch/x86/include/asm/apic.h:385 [inline] lapic_next_event+0x53/0x80 arch/x86/kernel/apic/apic.c:468 clockevents_program_event+0x1f1/0x2d0 kernel/time/clockevents.c:339 tick_program_event+0x78/0xd0 kernel/time/tick-oneshot.c:47 hrtimer_interrupt+0x336/0x5e0 kernel/time/hrtimer.c:1334 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1079 [inline] smp_apic_timer_interrupt+0x117/0x5e0 arch/x86/kernel/apic/apic.c:1104 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:deref_stack_reg arch/x86/kernel/unwind_orc.c:289 [inline] RIP: 0010:deref_stack_reg+0x12d/0x1a0 arch/x86/kernel/unwind_orc.c:283 RSP: 0018:ffff8880ba5075f0 EFLAGS: 00000a06 ORIG_RAX: ffffffffffffff10 RAX: ffffffff863ae21e RBX: 1ffff110174a0ebf RCX: ffffffff8ad0db8a RDX: 1ffff110174a0eee RSI: ffff8880ba507618 RDI: ffff8880ba507b00 RBP: ffffffff863ae21e R08: ffffffff8ad0db8e R09: ffffffff8ad0db8f R10: 0000000000119e63 R11: 0000000000000001 R12: ffff8880ba507728 R13: ffff8880ba507770 R14: ffff8880ba500000 R15: ffff8880ba507728 unwind_next_frame+0xc98/0x17d0 arch/x86/kernel/unwind_orc.c:425 __save_stack_trace+0x90/0x160 arch/x86/kernel/stacktrace.c:44 save_stack mm/kasan/kasan.c:447 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551 kmem_cache_alloc+0x124/0x3c0 mm/slab.c:3552 dst_alloc+0xed/0x6d0 net/core/dst.c:107 __ip6_dst_alloc net/ipv6/route.c:357 [inline] ip6_dst_alloc+0x39/0x2d0 net/ipv6/route.c:370 icmp6_dst_alloc+0x155/0x580 net/ipv6/route.c:1768 ndisc_send_skb+0xace/0x1390 net/ipv6/ndisc.c:463 ndisc_send_rs+0x125/0x630 net/ipv6/ndisc.c:677 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3769 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:__raw_callee_save___pv_queued_spin_unlock+0xc/0x12 RSP: 0018:ffff88805df5fd20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 1ffff110137e95c1 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8880625ca0b8 RBP: ffff8880625ca0b8 R08: ffffffff8b9bed40 R09: 0000000000000000 R10: 0000000000000000 R11: ffff88809bf4a580 R12: ffff8880625ca0c0 R13: ffff8880625ca0c8 R14: ffff8880625ca1a8 R15: 0000000000000001 pv_queued_spin_unlock arch/x86/include/asm/paravirt.h:674 [inline] queued_spin_unlock arch/x86/include/asm/qspinlock.h:57 [inline] do_raw_spin_unlock+0x164/0x220 kernel/locking/spinlock_debug.c:135 __raw_spin_unlock include/linux/spinlock_api_smp.h:151 [inline] _raw_spin_unlock+0x1f/0x40 kernel/locking/spinlock.c:184 spin_unlock include/linux/spinlock.h:357 [inline] evict+0x49f/0x700 fs/inode.c:570 iput_final fs/inode.c:1524 [inline] iput+0x458/0x7e0 fs/inode.c:1551 __sock_release+0x232/0x2b0 net/socket.c:615 sock_release net/socket.c:623 [inline] __sock_create+0x255/0x620 net/socket.c:1304 sock_create net/socket.c:1315 [inline] SYSC_socket net/socket.c:1345 [inline] SyS_socket+0xd1/0x1b0 net/socket.c:1325 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7fa5fc142049 RSP: 002b:00007fa5faab7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007fa5fc254f60 RCX: 00007fa5fc142049 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fa5fc19c08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe5d07a70f R14: 00007fa5faab7300 R15: 0000000000022000 Code: 83 3d dc 0c 0c 0a 01 7f 02 5d c3 89 ef 5d e9 12 1b df 05 48 c7 c7 c0 93 2e 8b e8 c4 6b 5c 00 eb df 66 90 89 ff 89 b7 00 c0 5f ff 0f 1f 80 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 53 89 fb ---------------- Code disassembly (best guess), 7 bytes skipped: 0: df c7 ffreep %st(7) 2: 85 84 08 00 00 00 00 test %eax,0x0(%rax,%rcx,1) 9: 00 00 add %al,(%rax) b: 48 c1 e8 03 shr $0x3,%rax f: 80 3c 10 00 cmpb $0x0,(%rax,%rdx,1) 13: 75 63 jne 0x78 15: 48 83 3d 35 5f af 07 cmpq $0x0,0x7af5f35(%rip) # 0x7af5f52 1c: 00 1d: 74 2c je 0x4b 1f: 48 89 df mov %rbx,%rdi 22: 57 push %rdi 23: 9d popfq * 24: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) <-- trapping instruction 29: 48 83 c4 08 add $0x8,%rsp 2d: 44 89 e0 mov %r12d,%eax 30: 5b pop %rbx 31: 5d pop %rbp 32: 41 5c pop %r12 34: c3 retq 35: 48 83 c4 08 add $0x8,%rsp