IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor387:9404] Modules linked in: irq event stamp: 4008219 hardirqs last enabled at (4008218): [] restore_regs_and_return_to_kernel+0x0/0x2a hardirqs last disabled at (4008219): [] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:793 softirqs last enabled at (11894): [] __do_softirq+0x68b/0x9ff kernel/softirq.c:314 softirqs last disabled at (12939): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (12939): [] irq_exit+0x193/0x240 kernel/softirq.c:409 CPU: 0 PID: 9404 Comm: syz-executor387 Not tainted 4.14.277-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88809e256640 task.stack: ffff888096360000 RIP: 0010:__read_once_size include/linux/compiler.h:185 [inline] RIP: 0010:queued_write_lock_slowpath+0x80/0x1d0 kernel/locking/qrwlock.c:130 RSP: 0000:ffff8880ba4077b8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10 RAX: 00000000000000ff RBX: ffffffff89d962b0 RCX: 0000000000005835 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff89d962b0 RBP: ffffffff89d962b4 R08: ffffffff8b9d1c68 R09: 00000000000421a4 R10: ffff88809e256f68 R11: ffff88809e256640 R12: fffffbfff13b2c56 R13: 0000000000000001 R14: 0000000000000000 R15: ffff8880a13a6900 FS: 00005555569f2400(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f82dbdcf200 CR3: 000000009f258000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: queued_write_lock include/asm-generic/qrwlock.h:134 [inline] do_raw_write_lock+0xc2/0x1d0 kernel/locking/spinlock_debug.c:203 neigh_forced_gc net/core/neighbour.c:176 [inline] neigh_alloc net/core/neighbour.c:315 [inline] __neigh_create+0xb48/0x19c0 net/core/neighbour.c:499 ip6_finish_output2+0x802/0x1f10 net/ipv6/ip6_output.c:117 ip6_finish_output+0x5c6/0xd50 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:209 dst_output include/net/dst.h:470 [inline] NF_HOOK include/linux/netfilter.h:250 [inline] ndisc_send_skb+0x82a/0x1390 net/ipv6/ndisc.c:483 ndisc_send_rs+0x125/0x630 net/ipv6/ndisc.c:677 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3769 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline] RIP: 0010:lock_is_held_type+0x17a/0x210 kernel/locking/lockdep.c:4038 RSP: 0000:ffff888096367e50 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10 RAX: 1ffffffff11e1311 RBX: 0000000000000286 RCX: 0000000000000001 RDX: dffffc0000000000 RSI: 00000000ffffffff RDI: 0000000000000286 RBP: ffff88809e256640 R08: 0000000000000001 R09: 000000000005840f R10: ffff88809e256ec8 R11: ffff88809e256640 R12: 0000000000000000 R13: 00007f82dbdcf200 R14: 0000000000000001 R15: ffff88809e256640 lock_is_held include/linux/lockdep.h:437 [inline] ___might_sleep+0x227/0x2b0 kernel/sched/core.c:6006 __do_page_fault+0x2dc/0xad0 arch/x86/mm/fault.c:1385 page_fault+0x45/0x50 arch/x86/entry/entry_64.S:1123 RIP: 0001:0x7f82dbdd5e00 RSP: 0001:00007fffc4e476e0 EFLAGS: 00000000 Code: 0f 84 d3 00 00 00 49 89 dc 49 89 de 41 bd 01 00 00 00 49 c1 ec 03 41 83 e6 07 48 b8 00 00 00 00 00 fc ff df 49 01 c4 eb 02 f3 90 <41> 0f b6 04 24 44 38 f0 7f 08 84 c0 0f 85 f6 00 00 00 0f b6 03 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 9406 Comm: syz-executor387 Not tainted 4.14.277-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88809dfe06c0 task.stack: ffff88809e100000 RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:27 [inline] RIP: 0010:__orc_find+0x6f/0xf0 arch/x86/kernel/unwind_orc.c:49 RSP: 0018:ffff8880ba507118 EFLAGS: 00000a06 RAX: 1ffffffff1432e90 RBX: ffffffff8a197480 RCX: ffffffff817eb620 RDX: 0000000000000000 RSI: ffffffff8a7292ea RDI: ffffffff8a197474 RBP: ffffffff8a197474 R08: ffffffff8a7292ea R09: ffffffff8a72931a R10: 000000000001e639 R11: 0000000000066071 R12: ffffffff8a197490 R13: ffffffff8a197474 R14: ffffffff8a197474 R15: dffffc0000000000 FS: 00005555569f2400(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f82dbdc7130 CR3: 000000009e8ae000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: orc_find arch/x86/kernel/unwind_orc.c:118 [inline] unwind_next_frame+0x59a/0x17d0 arch/x86/kernel/unwind_orc.c:348 __save_stack_trace+0x90/0x160 arch/x86/kernel/stacktrace.c:44 save_stack mm/kasan/kasan.c:447 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551 slab_post_alloc_hook mm/slab.h:442 [inline] slab_alloc mm/slab.c:3390 [inline] kmem_cache_alloc+0x111/0x3c0 mm/slab.c:3550 kmem_cache_zalloc include/linux/slab.h:651 [inline] fill_pool lib/debugobjects.c:110 [inline] __debug_object_init+0x578/0x7a0 lib/debugobjects.c:341 debug_object_init lib/debugobjects.c:393 [inline] debug_object_activate+0x391/0x490 lib/debugobjects.c:474 debug_rcu_head_queue kernel/rcu/rcu.h:152 [inline] __call_rcu.constprop.0+0x31/0x7d0 kernel/rcu/tree.c:3050 dst_release+0x56/0x80 net/core/dst.c:188 refdst_drop include/net/dst.h:286 [inline] skb_dst_drop include/net/dst.h:298 [inline] __dev_queue_xmit+0x1543/0x2480 net/core/dev.c:3480 neigh_resolve_output+0x4e5/0x870 net/core/neighbour.c:1369 neigh_output include/net/neighbour.h:500 [inline] ip6_finish_output2+0xf48/0x1f10 net/ipv6/ip6_output.c:120 ip6_finish_output+0x5c6/0xd50 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:209 dst_output include/net/dst.h:470 [inline] NF_HOOK include/linux/netfilter.h:250 [inline] ndisc_send_skb+0x82a/0x1390 net/ipv6/ndisc.c:483 ndisc_send_rs+0x125/0x630 net/ipv6/ndisc.c:677 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3769 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:__sanitizer_cov_trace_pc+0x23/0x50 kernel/kcov.c:68 RSP: 0018:ffff88809e107940 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: ffff88809dfe06c0 RBX: 0000000000000000 RCX: 1ffffffff11993ad RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff88e0dba8 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000020012 R10: ffff88809dfe0f48 R11: ffff88809dfe06c0 R12: dffffc0000000000 R13: 0000000000000000 R14: 00007f82dbd468d9 R15: 0000000000000060 bpf_prog_kallsyms_find.part.0+0x132/0x240 kernel/bpf/core.c:468 bpf_prog_kallsyms_find include/linux/rcupdate.h:630 [inline] is_bpf_text_address+0x13b/0x150 kernel/bpf/core.c:501 kernel_text_address kernel/extable.c:150 [inline] kernel_text_address+0xbd/0xf0 kernel/extable.c:120 __kernel_text_address+0x9/0x30 kernel/extable.c:105 unwind_get_return_address arch/x86/kernel/unwind_orc.c:252 [inline] unwind_get_return_address+0x51/0x90 arch/x86/kernel/unwind_orc.c:247 __save_stack_trace+0xa0/0x160 arch/x86/kernel/stacktrace.c:45 save_stack mm/kasan/kasan.c:447 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551 slab_post_alloc_hook mm/slab.h:442 [inline] slab_alloc mm/slab.c:3390 [inline] kmem_cache_alloc_trace+0x11b/0x3d0 mm/slab.c:3616 kmalloc include/linux/slab.h:488 [inline] kzalloc include/linux/slab.h:661 [inline] aa_alloc_file_ctx security/apparmor/include/file.h:60 [inline] apparmor_file_alloc_security+0x129/0x800 security/apparmor/lsm.c:431 security_file_alloc+0x66/0xa0 security/security.c:874 get_empty_filp+0x16b/0x3f0 fs/file_table.c:129 alloc_file+0x23/0x440 fs/file_table.c:164 create_pipe_files+0x47c/0x880 fs/pipe.c:789 __do_pipe_flags fs/pipe.c:831 [inline] SYSC_pipe2 fs/pipe.c:879 [inline] SyS_pipe2+0x76/0x160 fs/pipe.c:873 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f82dbd468d9 RSP: 002b:00007fffc4e47738 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f82dbd468d9 RDX: 00007f82dbd468d9 RSI: 0000000000000000 RDI: 0000000020000180 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000003 R11: 0000000000000246 R12: 00007fffc4e47778 R13: 00007fffc4e47790 R14: 00007fffc4e477d0 R15: 0000000000000003 Code: ec 72 4d 4c 89 e0 48 29 e8 48 89 c2 48 c1 e8 3f 48 c1 fa 02 48 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 <48> 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 48 48 63 03 48 ---------------- Code disassembly (best guess): 0: 0f 84 d3 00 00 00 je 0xd9 6: 49 89 dc mov %rbx,%r12 9: 49 89 de mov %rbx,%r14 c: 41 bd 01 00 00 00 mov $0x1,%r13d 12: 49 c1 ec 03 shr $0x3,%r12 16: 41 83 e6 07 and $0x7,%r14d 1a: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 21: fc ff df 24: 49 01 c4 add %rax,%r12 27: eb 02 jmp 0x2b 29: f3 90 pause * 2b: 41 0f b6 04 24 movzbl (%r12),%eax <-- trapping instruction 30: 44 38 f0 cmp %r14b,%al 33: 7f 08 jg 0x3d 35: 84 c0 test %al,%al 37: 0f 85 f6 00 00 00 jne 0x133 3d: 0f b6 03 movzbl (%rbx),%eax