bridge0: port 2(bridge_slave_1) entered disabled state FAT-fs (loop0): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop1): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz-executor.3:9502] Modules linked in: irq event stamp: 3984761 hardirqs last enabled at (3984760): [] restore_regs_and_return_to_kernel+0x0/0x2a hardirqs last disabled at (3984761): [] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:793 softirqs last enabled at (121312): [] __do_softirq+0x68b/0x9ff kernel/softirq.c:314 softirqs last disabled at (123133): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (123133): [] irq_exit+0x193/0x240 kernel/softirq.c:409 CPU: 0 PID: 9502 Comm: syz-executor.3 Not tainted 4.14.278-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88809cf303c0 task.stack: ffff88805d278000 RIP: 0010:__read_once_size include/linux/compiler.h:185 [inline] RIP: 0010:queued_write_lock_slowpath+0x92/0x1d0 kernel/locking/qrwlock.c:130 RSP: 0018:ffff8880ba4077b8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000000 RBX: ffffffff89d962f0 RCX: 00000000000062bc RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff89d962f0 RBP: ffffffff89d962f4 R08: ffffffff8b9d70a0 R09: 00000000000421a4 R10: ffff88809cf30d10 R11: ffff88809cf303c0 R12: fffffbfff13b2c5e R13: 0000000000000001 R14: 0000000000000000 R15: ffff8880945c7bc0 FS: 00007f02fe7d0700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8c97e7084c CR3: 00000000a5fac000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: queued_write_lock include/asm-generic/qrwlock.h:134 [inline] do_raw_write_lock+0xc2/0x1d0 kernel/locking/spinlock_debug.c:203 neigh_forced_gc net/core/neighbour.c:176 [inline] neigh_alloc net/core/neighbour.c:315 [inline] __neigh_create+0xb48/0x19c0 net/core/neighbour.c:499 ip6_finish_output2+0x802/0x1f10 net/ipv6/ip6_output.c:117 ip6_finish_output+0x5c6/0xd50 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:209 dst_output include/net/dst.h:470 [inline] NF_HOOK include/linux/netfilter.h:250 [inline] ndisc_send_skb+0x82a/0x1390 net/ipv6/ndisc.c:483 ndisc_send_rs+0x125/0x630 net/ipv6/ndisc.c:677 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3773 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:lock_release+0xe/0x870 kernel/locking/lockdep.c:4007 RSP: 0018:ffff88805d27f788 EFLAGS: 00000217 ORIG_RAX: ffffffffffffff10 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffffffff11993ac RDX: ffffffff8183fdcf RSI: 0000000000000001 RDI: ffffffff88f77ec0 RBP: ffffea000242e180 R08: 0000000000000000 R09: 0000000000020012 R10: ffff88809cf30c70 R11: ffff88809cf303c0 R12: ffffea000242e180 R13: ffffea000242e160 R14: 00007f02ffe20000 R15: 0000000000000000 page_remove_rmap+0x96/0xe0 mm/rmap.c:1293 zap_pte_range mm/memory.c:1375 [inline] zap_pmd_range mm/memory.c:1479 [inline] zap_pud_range mm/memory.c:1508 [inline] zap_p4d_range mm/memory.c:1529 [inline] unmap_page_range+0xf41/0x1d90 mm/memory.c:1550 unmap_single_vma+0x147/0x2b0 mm/memory.c:1595 unmap_vmas+0x9d/0x160 mm/memory.c:1625 exit_mmap+0x270/0x4d0 mm/mmap.c:3058 __mmput kernel/fork.c:931 [inline] mmput kernel/fork.c:952 [inline] mmput+0xfa/0x420 kernel/fork.c:947 exit_mm kernel/exit.c:548 [inline] do_exit+0x984/0x2850 kernel/exit.c:855 do_group_exit+0x100/0x2e0 kernel/exit.c:965 get_signal+0x38d/0x1ca0 kernel/signal.c:2412 do_signal+0x7c/0x1550 arch/x86/kernel/signal.c:792 exit_to_usermode_loop+0x160/0x200 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f02ffe5b0e9 RSP: 002b:00007f02fe7d0168 EFLAGS: 00000246 ORIG_RAX: 000000000000010e RAX: fffffffffffffdfe RBX: 00007f02fff6df60 RCX: 00007f02ffe5b0e9 RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000040 RBP: 00007f02ffeb508d R08: 0000000020000200 R09: 0000000000000000 R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffccd63ebef R14: 00007f02fe7d0300 R15: 0000000000022000 Code: 49 c1 ec 03 41 83 e6 07 48 b8 00 00 00 00 00 fc ff df 49 01 c4 eb 02 f3 90 41 0f b6 04 24 44 38 f0 7f 08 84 c0 0f 85 f6 00 00 00 <0f> b6 03 84 c0 75 e5 f0 44 0f b0 2b 84 c0 75 dc 49 89 dd 49 89 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 skipped: idling at pc 0xffffffff872466fe ---------------- Code disassembly (best guess): 0: 49 c1 ec 03 shr $0x3,%r12 4: 41 83 e6 07 and $0x7,%r14d 8: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax f: fc ff df 12: 49 01 c4 add %rax,%r12 15: eb 02 jmp 0x19 17: f3 90 pause 19: 41 0f b6 04 24 movzbl (%r12),%eax 1e: 44 38 f0 cmp %r14b,%al 21: 7f 08 jg 0x2b 23: 84 c0 test %al,%al 25: 0f 85 f6 00 00 00 jne 0x121 * 2b: 0f b6 03 movzbl (%rbx),%eax <-- trapping instruction 2e: 84 c0 test %al,%al 30: 75 e5 jne 0x17 32: f0 44 0f b0 2b lock cmpxchg %r13b,(%rbx) 37: 84 c0 test %al,%al 39: 75 dc jne 0x17 3b: 49 89 dd mov %rbx,%r13 3e: 49 rex.WB 3f: 89 .byte 0x89