watchdog: BUG: soft lockup - CPU#0 stuck for 21s! [syz-executor.4:25890] Modules linked in: irq event stamp: 4941501 hardirqs last enabled at (4941500): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (4941501): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (4865062): [] __do_softirq+0x678/0x980 kernel/softirq.c:318 softirqs last disabled at (4865065): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (4865065): [] irq_exit+0x215/0x260 kernel/softirq.c:412 CPU: 0 PID: 25890 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__memset+0x0/0x30 arch/x86/lib/memset_64.S:30 Code: 66 44 8b 1e 66 44 8b 54 16 fe 66 44 89 1f 66 44 89 54 17 fe eb 0c 48 83 fa 01 72 06 44 8a 1e 44 88 1f c3 90 90 90 90 90 90 90 2e 0f 1f 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 RSP: 0018:ffff8880ba007690 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: ffffed1017400ef8 RBX: ffff8880ba0077e0 RCX: ffffffff81299566 RDX: 0000000000000060 RSI: 0000000000000000 RDI: ffff8880ba007760 RBP: 1ffff11017400ed7 R08: 0000000000000001 R09: ffffed1017400ef7 R10: ffff8880ba0077bf R11: 0000000000000000 R12: ffff888026fac4c0 R13: 0000000000000000 R14: dffffc0000000000 R15: ffff8880ba007760 FS: 00007fca0c474700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c023b6b000 CR3: 00000000a0894000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: memset include/linux/string.h:362 [inline] __unwind_start+0x76/0x960 arch/x86/kernel/unwind_orc.c:595 unwind_start arch/x86/include/asm/unwind.h:60 [inline] __save_stack_trace+0x72/0x190 arch/x86/kernel/stacktrace.c:43 save_stack mm/kasan/kasan.c:448 [inline] set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553 slab_post_alloc_hook mm/slab.h:445 [inline] slab_alloc_node mm/slab.c:3340 [inline] kmem_cache_alloc_node+0x133/0x3b0 mm/slab.c:3647 __alloc_skb+0x71/0x560 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:995 [inline] ndisc_alloc_skb+0x134/0x320 net/ipv6/ndisc.c:403 ndisc_send_ns+0x162/0x840 net/ipv6/ndisc.c:609 ndisc_solicit+0x2cd/0x500 net/ipv6/ndisc.c:725 neigh_probe+0xcc/0x110 net/core/neighbour.c:916 neigh_timer_handler+0x5af/0xc70 net/core/neighbour.c:997 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:lock_acquire+0x1f6/0x3c0 kernel/locking/lockdep.c:3912 Code: 03 80 3c 10 00 0f 85 b7 01 00 00 48 83 3d 09 2e a6 08 00 0f 84 2a 01 00 00 48 8b 7c 24 08 57 9d 0f 1f 44 00 00 48 83 c4 18 5b <5d> 41 5c 41 5d 41 5e 41 5f c3 65 8b 05 89 2c b6 7e 83 f8 07 0f 87 RSP: 0018:ffff888024527688 EFLAGS: 00000292 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff13e3051 RBX: ffffea0001493f80 RCX: f571382d69872f36 RDX: dffffc0000000000 RSI: 00000000580e209d RDI: 0000000000000286 RBP: ffffffff89f85fa0 R08: 000000005eaf3dab R09: 0000000000000001 R10: ffff888026facd70 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000000 rcu_lock_acquire include/linux/rcupdate.h:242 [inline] rcu_read_lock include/linux/rcupdate.h:627 [inline] lock_page_memcg+0x36/0x220 mm/memcontrol.c:1908 page_remove_file_rmap+0x36/0xa30 mm/rmap.c:1212 page_remove_rmap+0xe5/0x120 mm/rmap.c:1297 zap_pte_range mm/memory.c:1350 [inline] zap_pmd_range mm/memory.c:1463 [inline] zap_pud_range mm/memory.c:1492 [inline] zap_p4d_range mm/memory.c:1513 [inline] unmap_page_range+0x147d/0x2c50 mm/memory.c:1534 unmap_single_vma+0x198/0x300 mm/memory.c:1579 unmap_vmas+0xa9/0x180 mm/memory.c:1609 exit_mmap+0x2b9/0x530 mm/mmap.c:3093 __mmput kernel/fork.c:1016 [inline] mmput+0x14e/0x4a0 kernel/fork.c:1037 exit_mm kernel/exit.c:549 [inline] do_exit+0xaec/0x2be0 kernel/exit.c:857 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fca0daff109 Code: Bad RIP value. RSP: 002b:00007fca0c474218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007fca0dc11f68 RCX: 00007fca0daff109 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fca0dc11f68 RBP: 00007fca0dc11f60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fca0dc11f6c R13: 00007fffc7d9a36f R14: 00007fca0c474300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 25913 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__read_once_size include/linux/compiler.h:263 [inline] RIP: 0010:csd_lock_wait kernel/smp.c:108 [inline] RIP: 0010:smp_call_function_single+0x1db/0x420 kernel/smp.c:302 Code: 00 e8 09 04 0a 00 48 8b 4c 24 08 48 8b 54 24 10 48 8d 74 24 40 8b 7c 24 1c e8 a1 f9 ff ff 41 89 c5 eb 07 e8 e7 03 0a 00 f3 90 <44> 8b 64 24 58 31 ff 41 83 e4 01 44 89 e6 e8 42 05 0a 00 45 85 e4 RSP: 0018:ffff888025ee73a0 EFLAGS: 00000293 RAX: ffff888025878680 RBX: 1ffff11004bdce78 RCX: ffffffff8158819e RDX: 0000000000000000 RSI: ffffffff81588189 RDI: 0000000000000005 RBP: ffff888025ee7480 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000002 FS: 00007fd69542b700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555555bef848 CR3: 00000000b3391000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: smp_call_function_many+0x743/0x8d0 kernel/smp.c:434 smp_call_function kernel/smp.c:492 [inline] on_each_cpu+0x47/0x240 kernel/smp.c:602 text_poke_bp+0xd7/0x1a0 arch/x86/kernel/alternative.c:818 __jump_label_transform+0x2d6/0x460 arch/x86/kernel/jump_label.c:103 arch_jump_label_transform+0x26/0x40 arch/x86/kernel/jump_label.c:111 __jump_label_update+0x1cf/0x230 kernel/jump_label.c:383 jump_label_update kernel/jump_label.c:768 [inline] jump_label_update+0x177/0x310 kernel/jump_label.c:747 __static_key_slow_dec_cpuslocked+0x23d/0x280 kernel/jump_label.c:212 __static_key_slow_dec kernel/jump_label.c:223 [inline] static_key_slow_dec+0x5b/0x90 kernel/jump_label.c:237 tracepoint_remove_func kernel/tracepoint.c:347 [inline] tracepoint_probe_unregister+0x513/0x860 kernel/tracepoint.c:443 trace_event_reg+0x181/0x340 kernel/trace/trace_events.c:310 perf_trace_event_unreg.isra.0+0xaa/0x200 kernel/trace/trace_event_perf.c:157 perf_trace_destroy+0xb5/0xf0 kernel/trace/trace_event_perf.c:238 _free_event+0x32c/0x1150 kernel/events/core.c:4484 put_event kernel/events/core.c:4578 [inline] perf_event_release_kernel+0x6d9/0xcd0 kernel/events/core.c:4693 perf_release+0x33/0x40 kernel/events/core.c:4703 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xbf3/0x2be0 kernel/exit.c:870 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath+0x3f0/0x4a0 arch/x86/entry/common.c:271 ret_from_fork+0x15/0x30 arch/x86/entry/entry_64.S:407 RIP: 0033:0x7fd696b1a531 Code: Bad RIP value. RSP: 002b:00007fd69542b2f0 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 RAX: 0000000000000000 RBX: 00007fd69542b700 RCX: 00007fd696b1a531 RDX: 00007fd69542b9d0 RSI: 00007fd69542b2f0 RDI: 00000000003d0f00 RBP: 00007fffac348030 R08: 00007fd69542b700 R09: 00007fd69542b700 R10: 00007fd69542b9d0 R11: 0000000000000206 R12: 00007fffac347e9e R13: 00007fffac347e9f R14: 00007fd69542b300 R15: 0000000000022000 ---------------- Code disassembly (best guess): 0: 66 44 8b 1e mov (%rsi),%r11w 4: 66 44 8b 54 16 fe mov -0x2(%rsi,%rdx,1),%r10w a: 66 44 89 1f mov %r11w,(%rdi) e: 66 44 89 54 17 fe mov %r10w,-0x2(%rdi,%rdx,1) 14: eb 0c jmp 0x22 16: 48 83 fa 01 cmp $0x1,%rdx 1a: 72 06 jb 0x22 1c: 44 8a 1e mov (%rsi),%r11b 1f: 44 88 1f mov %r11b,(%rdi) 22: c3 retq 23: 90 nop 24: 90 nop 25: 90 nop 26: 90 nop 27: 90 nop 28: 90 nop 29: 90 nop * 2a: eb 2e jmp 0x5a <-- trapping instruction 2c: 0f 1f 00 nopl (%rax) 2f: 49 89 f9 mov %rdi,%r9 32: 48 89 d1 mov %rdx,%rcx 35: 83 e2 07 and $0x7,%edx 38: 48 c1 e9 03 shr $0x3,%rcx 3c: 40 0f b6 f6 movzbl %sil,%esi