watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz-executor.2:26064] Modules linked in: irq event stamp: 2837261 hardirqs last enabled at (2837260): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (2837261): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (7884): [] __do_softirq+0x678/0x980 kernel/softirq.c:318 softirqs last disabled at (9173): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (9173): [] irq_exit+0x215/0x260 kernel/softirq.c:412 CPU: 0 PID: 26064 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ipv6_get_saddr_eval+0x132/0x1020 net/ipv6/addrconf.c:1584 Code: 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 8b 0d 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 6b 08 <49> 8d 7d 64 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 RSP: 0018:ffff8880ba0070f0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: ffff8880ba007248 RCX: ffffffff8703f348 RDX: 1ffff11017400e4a RSI: ffffffff8703f3e5 RDI: ffff8880ba007250 RBP: 000000000000000a R08: 0000000000000000 R09: 000000000000000a R10: 0000000000000005 R11: 0000000000000000 R12: 000000000000000a R13: ffff888010572840 R14: ffff88809fa24500 R15: ffff8880ba0071e8 FS: 00007fd0bcf52700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe4fafcf6b8 CR3: 000000001a381000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __ipv6_dev_get_saddr+0x20b/0x5f0 net/ipv6/addrconf.c:1639 ipv6_dev_get_saddr+0x56c/0xc20 net/ipv6/addrconf.c:1774 ip6_route_get_saddr include/net/ip6_route.h:124 [inline] ip6_dst_lookup_tail+0x1233/0x19b0 net/ipv6/ip6_output.c:997 ip6_dst_lookup_flow+0x8c/0x1d0 net/ipv6/ip6_output.c:1120 sctp_v6_get_dst+0x69f/0x1c90 net/sctp/ipv6.c:291 sctp_transport_pmtu+0x245/0x470 net/sctp/transport.c:242 sctp_transport_route+0x15b/0x350 net/sctp/transport.c:319 sctp_packet_config+0xbd8/0xe50 net/sctp/output.c:118 sctp_packet_singleton net/sctp/outqueue.c:790 [inline] sctp_outq_flush_ctrl.constprop.0+0x6bd/0xc40 net/sctp/outqueue.c:923 sctp_outq_flush net/sctp/outqueue.c:1205 [inline] sctp_outq_uncork+0x10b/0x200 net/sctp/outqueue.c:777 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1815 [inline] sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline] sctp_do_sm+0x72a/0x5110 net/sctp/sm_sideeffect.c:1170 sctp_generate_timeout_event+0x1bb/0x3a0 net/sctp/sm_sideeffect.c:310 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x50 kernel/kcov.c:100 Code: e8 11 dd 35 00 e9 ab fe ff ff 4c 89 ef e8 04 dd 35 00 e9 23 fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 8b 34 24 <65> 48 8b 04 25 c0 df 01 00 65 8b 15 cc 59 9f 7e 81 e2 00 01 1f 00 RSP: 0018:ffff8880216efa20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000002 RBX: 0000000000000010 RCX: ffffffff818c7385 RDX: 0000000000000000 RSI: ffffffff818c7393 RDI: 0000000000000007 RBP: dead000000000100 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000007 R11: 0000000048102452 R12: ffffea0002a7d880 R13: dffffc0000000000 R14: ffffea0002a7d880 R15: 0000000000000000 PageAnon include/linux/page-flags.h:419 [inline] mm_counter include/linux/mm.h:1649 [inline] copy_one_pte mm/memory.c:1054 [inline] copy_pte_range mm/memory.c:1114 [inline] copy_pmd_range mm/memory.c:1165 [inline] copy_pud_range mm/memory.c:1199 [inline] copy_p4d_range mm/memory.c:1221 [inline] copy_page_range+0x1103/0x2ff0 mm/memory.c:1283 dup_mmap kernel/fork.c:549 [inline] dup_mm kernel/fork.c:1285 [inline] copy_mm kernel/fork.c:1341 [inline] copy_process.part.0+0x5b22/0x8260 kernel/fork.c:1913 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fd0be5dceb9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd0bcf52168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007fd0be6eff60 RCX: 00007fd0be5dceb9 RDX: 0000000020000280 RSI: 0000000020000400 RDI: 0000000000200000 RBP: 00007fd0be63708d R08: 00000000200004c0 R09: 0000000000000000 R10: 0000000020000380 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffb2602c2f R14: 00007fd0bcf52300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 26074 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__preempt_count_add arch/x86/include/asm/preempt.h:76 [inline] RIP: 0010:kvm_clock_read arch/x86/kernel/kvmclock.c:93 [inline] RIP: 0010:kvm_clock_get_cycles+0x0/0x30 arch/x86/kernel/kvmclock.c:101 Code: 2e 0f 1f 84 00 00 00 00 00 90 48 c7 c7 a0 81 67 88 e9 34 ff ff ff 0f 1f 40 00 48 c7 c7 e0 81 67 88 e9 24 ff ff ff 0f 1f 40 00 <65> ff 05 d9 c2 d8 7e 65 48 8b 3d 49 c8 d8 7e e8 2c 11 00 00 65 ff RSP: 0018:ffff8880ba106ae8 EFLAGS: 00000046 RAX: 1ffffffff13e2f90 RBX: ffffffff89f17c80 RCX: ffffffff81549362 RDX: 0000000000010100 RSI: ffffffff8154936f RDI: ffffffff89f17c80 RBP: fffffbfff13e3050 R08: ffffffff8cd54e80 R09: 0000000000000000 R10: 0000000000000001 R11: ffffffff8c66505b R12: dffffc0000000000 R13: 1ffffffff13e3052 R14: 000000000002db96 R15: ffff8880ba124d40 FS: 00007f0a23939700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555555792848 CR3: 0000000014192000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: tk_clock_read kernel/time/timekeeping.c:172 [inline] timekeeping_get_delta kernel/time/timekeeping.c:266 [inline] timekeeping_get_ns kernel/time/timekeeping.c:373 [inline] ktime_get+0x188/0x2f0 kernel/time/timekeeping.c:758 hrtimer_forward_now include/linux/hrtimer.h:479 [inline] perf_swevent_hrtimer+0x318/0x3e0 kernel/events/core.c:9266 __run_hrtimer kernel/time/hrtimer.c:1465 [inline] __hrtimer_run_queues+0x3f6/0xe60 kernel/time/hrtimer.c:1527 hrtimer_interrupt+0x326/0x9e0 kernel/time/hrtimer.c:1585 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1071 [inline] smp_apic_timer_interrupt+0x10c/0x550 arch/x86/kernel/apic/apic.c:1096 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:__sanitizer_cov_trace_pc+0x47/0x50 kernel/kcov.c:111 Code: 90 60 13 00 00 83 fa 02 75 20 48 8b 88 68 13 00 00 8b 80 64 13 00 00 48 8b 11 48 83 c2 01 48 39 d0 76 07 48 89 34 d1 48 89 11 0f 1f 84 00 00 00 00 00 49 89 f1 49 89 fa 65 48 8b 34 25 c0 df RSP: 0018:ffff8880ba1070a0 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13 RAX: ffff88809318e640 RBX: ffff8880ba1071e0 RCX: ffffffff8703f371 RDX: 0000000000000100 RSI: ffffffff8703f3bb RDI: 0000000000000005 RBP: 0000000000000005 R08: 0000000000000000 R09: 0000000000000009 R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000005 R13: 0000000000000001 R14: ffff88808bbc8400 R15: ffff8880ba1071a0 ipv6_get_saddr_eval+0xdb/0x1020 net/ipv6/addrconf.c:1595 __ipv6_dev_get_saddr+0x1f8/0x5f0 net/ipv6/addrconf.c:1638 ipv6_dev_get_saddr+0x56c/0xc20 net/ipv6/addrconf.c:1774 ip6_route_get_saddr include/net/ip6_route.h:124 [inline] ip6_dst_lookup_tail+0x1233/0x19b0 net/ipv6/ip6_output.c:997 ip6_dst_lookup_flow+0x8c/0x1d0 net/ipv6/ip6_output.c:1120 sctp_v6_get_dst+0x69f/0x1c90 net/sctp/ipv6.c:291 sctp_transport_pmtu+0x245/0x470 net/sctp/transport.c:242 sctp_transport_route+0x15b/0x350 net/sctp/transport.c:319 sctp_packet_config+0xbd8/0xe50 net/sctp/output.c:118 sctp_outq_select_transport+0x1e4/0x740 net/sctp/outqueue.c:878 sctp_outq_flush_ctrl.constprop.0+0x291/0xc40 net/sctp/outqueue.c:912 sctp_outq_flush net/sctp/outqueue.c:1205 [inline] sctp_outq_uncork+0x10b/0x200 net/sctp/outqueue.c:777 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1815 [inline] sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline] sctp_do_sm+0x72a/0x5110 net/sctp/sm_sideeffect.c:1170 sctp_generate_timeout_event+0x1bb/0x3a0 net/sctp/sm_sideeffect.c:310 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:write_comp_data+0x23/0x70 kernel/kcov.c:122 Code: 1f 84 00 00 00 00 00 49 89 f1 49 89 fa 65 48 8b 34 25 c0 df 01 00 65 8b 05 7a 59 9f 7e a9 00 01 1f 00 75 4f 8b 86 60 13 00 00 <83> f8 03 75 44 48 8b 86 68 13 00 00 8b b6 64 13 00 00 48 8b 38 48 RSP: 0018:ffff88802607f768 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000000 RBX: 8000000000000007 RCX: ffffffff818b9ed1 RDX: 0000000000000000 RSI: ffff88809318e640 RDI: 0000000000000005 RBP: ffffea0001391a48 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 R13: ffffea0001391a40 R14: dffffc0000000000 R15: 00007f0a24e42000 zap_pte_range mm/memory.c:1341 [inline] zap_pmd_range mm/memory.c:1463 [inline] zap_pud_range mm/memory.c:1492 [inline] zap_p4d_range mm/memory.c:1513 [inline] unmap_page_range+0x12d1/0x2c50 mm/memory.c:1534 unmap_single_vma+0x198/0x300 mm/memory.c:1579 unmap_vmas+0xa9/0x180 mm/memory.c:1609 exit_mmap+0x2b9/0x530 mm/mmap.c:3093 __mmput kernel/fork.c:1016 [inline] mmput+0x14e/0x4a0 kernel/fork.c:1037 exit_mm kernel/exit.c:549 [inline] do_exit+0xaec/0x2be0 kernel/exit.c:857 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f0a24fc3eb9 Code: Bad RIP value. RSP: 002b:00007f0a23939218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000000 RBX: 00007f0a250d6f68 RCX: 00007f0a24fc3eb9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f0a250d6f68 RBP: 00007f0a250d6f60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0a250d6f6c R13: 00007ffee5af72df R14: 00007f0a23939300 R15: 0000000000022000 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 7: fc ff df a: 48 89 fa mov %rdi,%rdx d: 48 c1 ea 03 shr $0x3,%rdx 11: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 15: 0f 85 8b 0d 00 00 jne 0xda6 1b: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 22: fc ff df 25: 4c 8b 6b 08 mov 0x8(%rbx),%r13 * 29: 49 8d 7d 64 lea 0x64(%r13),%rdi <-- trapping instruction 2d: 48 89 fa mov %rdi,%rdx 30: 48 c1 ea 03 shr $0x3,%rdx 34: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx 38: 48 89 f8 mov %rdi,%rax 3b: 83 e0 07 and $0x7,%eax 3e: 83 .byte 0x83