IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.1:9431] Modules linked in: irq event stamp: 4111049 hardirqs last enabled at (4111048): [] restore_regs_and_return_to_kernel+0x0/0x2a hardirqs last disabled at (4111049): [] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:793 softirqs last enabled at (228648): [] __do_softirq+0x68b/0x9ff kernel/softirq.c:314 softirqs last disabled at (230127): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (230127): [] irq_exit+0x193/0x240 kernel/softirq.c:409 CPU: 1 PID: 9431 Comm: syz-executor.1 Not tainted 4.14.267-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff888063060440 task.stack: ffff888063068000 RIP: 0010:unwind_next_frame+0xfad/0x17d0 arch/x86/kernel/unwind_orc.c:474 RSP: 0018:ffff8880ba507838 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000007 RBX: 1ffff110174a0f0e RCX: ffffffff8a728bb4 RDX: ffff8880ba507938 RSI: 0000000000000000 RDI: ffffffff8a728bb6 RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000000001 R10: ffff8880ba507bd0 R11: 0000000000000001 R12: ffff8880ba50792d R13: ffff8880ba507930 R14: ffff8880ba507948 R15: ffff8880ba5078f8 FS: 00007f71f55f8700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd4f0f0f78 CR3: 000000009d78a000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __save_stack_trace+0x90/0x160 arch/x86/kernel/stacktrace.c:44 save_stack mm/kasan/kasan.c:447 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551 IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready kmem_cache_alloc_node+0x146/0x410 mm/slab.c:3642 __alloc_skb+0x5c/0x510 net/core/skbuff.c:193 alloc_skb include/linux/skbuff.h:980 [inline] ndisc_alloc_skb+0x134/0x310 net/ipv6/ndisc.c:402 ndisc_send_rs+0x2ec/0x630 net/ipv6/ndisc.c:661 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3769 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280 IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready expire_timers+0x232/0x4d0 kernel/time/timer.c:1319 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 RIP: 0010:debug_lockdep_rcu_enabled+0x23/0xe0 kernel/rcu/update.c:299 RSP: 0018:ffff88806306f828 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000007 RBX: ffff8880b0149948 RCX: 1ffffffff1412928 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000286 RBP: ffff88813fe6b040 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8124ecc3 R13: ffffffff8124ecc3 R14: ffff88806306f9d0 R15: dffffc0000000000 trace_kmem_cache_free include/trace/events/kmem.h:144 [inline] kmem_cache_free+0x20d/0x2b0 mm/slab.c:3761 pgtable_pmd_page_dtor include/linux/mm.h:1864 [inline] ___pmd_free_tlb+0xa3/0xf0 arch/x86/mm/pgtable.c:76 __pmd_free_tlb arch/x86/include/asm/pgalloc.h:124 [inline] free_pmd_range mm/memory.c:505 [inline] free_pud_range mm/memory.c:523 [inline] free_p4d_range mm/memory.c:556 [inline] free_pgd_range+0x697/0xcd0 mm/memory.c:636 free_pgtables+0x1ec/0x2b0 mm/memory.c:668 exit_mmap+0x27f/0x4d0 mm/mmap.c:3059 __mmput kernel/fork.c:931 [inline] mmput kernel/fork.c:952 [inline] mmput+0xfa/0x420 kernel/fork.c:947 exit_mm kernel/exit.c:548 [inline] do_exit+0x984/0x2850 kernel/exit.c:855 do_group_exit+0x100/0x2e0 kernel/exit.c:965 get_signal+0x38d/0x1ca0 kernel/signal.c:2412 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! do_signal+0x7c/0x1550 arch/x86/kernel/signal.c:792 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 exit_to_usermode_loop+0x160/0x200 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f71f6c83059 RSP: 002b:00007f71f55f8218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007f71f6d95f68 RCX: 00007f71f6c83059 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f71f6d95f68 RBP: 00007f71f6d95f60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f71f6d95f6c R13: 00007fffba0ec03f R14: 00007f71f55f8300 R15: 0000000000022000 Code: b6 34 31 49 89 f9 41 83 e1 07 batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 45 38 c8 41 0f 9e c1 45 84 c0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 41 0f 95 c0 45 84 c1 0f 85 2e 04 00 00 83 e0 07 40 38 c6 41 0f 9e c0 <40> 84 f6 0f 95 c0 41 84 c0 0f 85 15 04 00 00 48 0f bf 71 02 4c Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 8034 Comm: syz-executor.2 Not tainted 4.14.267-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88809cb84540 task.stack: ffff88809cd50000 RIP: 0010:debug_lockdep_rcu_enabled+0x35/0xe0 kernel/rcu/update.c:299 RSP: 0018:ffff8880ba407c30 EFLAGS: 00000046 RAX: 0000000000000007 RBX: 1ffff11017480f8b RCX: 1ffffffff1412928 RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88809cb84dc4 RBP: ffff88813fe468d8 R08: ffffffff8b9af370 R09: 0000000000000004 R10: 0000000000000000 R11: ffff88809cb84540 R12: ffffffff8135f807 R13: ffff88809cb84540 R14: ffff88813fe46910 R15: 00000000ffffc1e0 FS: 0000555556ae1400(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4614b2d000 CR3: 000000009fcdf000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: trace_lock_release include/trace/events/lock.h:58 [inline] lock_release+0x5a6/0x870 kernel/locking/lockdep.c:4016 __raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline] _raw_spin_unlock+0x17/0x40 kernel/locking/spinlock.c:184 spin_unlock include/linux/spinlock.h:357 [inline] __queue_work+0x517/0xf70 kernel/workqueue.c:1468 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280 expire_timers+0x94/0x4d0 kernel/time/timer.c:1315 __run_timers kernel/time/timer.c:1637 [inline] run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline] RIP: 0010:console_trylock_spinning kernel/printk/printk.c:1685 [inline] RIP: 0010:vprintk_emit+0x549/0x620 kernel/printk/printk.c:1922 RSP: 0018:ffff88809cd570e0 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff10 RAX: ffff88809cb84540 RBX: 1ffffffff11e1279 RCX: 1ffff110139709bd RDX: 0000000000000000 RSI: ffff88809cb84df0 RDI: 0000000000000297 RBP: ffff88809cd57118 R08: ffffffff8b9b6538 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000056 R13: ffff888063060440 R14: 0000000000000297 R15: 0000000000000000 vprintk_func+0x58/0x160 kernel/printk/printk_safe.c:409 printk+0x9e/0xbc kernel/printk/printk.c:1996 batadv_check_known_mac_addr.cold+0x23/0x28 net/batman-adv/hard-interface.c:522 batadv_hard_if_event+0x742/0x11c0 net/batman-adv/hard-interface.c:1033 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93 call_netdevice_notifiers_info net/core/dev.c:1667 [inline] call_netdevice_notifiers net/core/dev.c:1683 [inline] dev_set_mac_address net/core/dev.c:6970 [inline] dev_set_mac_address+0x1e8/0x2d0 net/core/dev.c:6955 do_setlink+0xc58/0x2bf0 net/core/rtnetlink.c:2047 rtnl_newlink+0x1271/0x1830 net/core/rtnetlink.c:2662 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4322 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2446 netlink_unicast_kernel net/netlink/af_netlink.c:1294 [inline] netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1320 netlink_sendmsg+0x648/0xbc0 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0x100 net/socket.c:656 SYSC_sendto net/socket.c:1763 [inline] SyS_sendto+0x1c7/0x2c0 net/socket.c:1731 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f167722be1c RSP: 002b:00007ffc96a782e0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f16782c4320 RCX: 00007f167722be1c RDX: 000000000000002c RSI: 00007f16782c4370 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007ffc96a78334 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f16782c4370 R14: 0000000000000003 R15: 0000000000000000 Code: 00 00 00 00 00 fc ff df 48 89 c1 83 e0 07 48 c1 e9 03 83 c0 03 0f b6 14 11 38 d0 7c 08 84 d2 0f 85 87 00 00 00 8b 35 bf 27 c3 08 <85> f6 74 79 48 c7 c0 80 1f 3d 89 48 ba 00 00 00 00 00 fc ff df ---------------- Code disassembly (best guess), 7 bytes skipped: 0: df 48 89 fisttps -0x77(%rax) 3: c1 83 e0 07 48 c1 e9 roll $0xe9,-0x3eb7f820(%rbx) a: 03 83 c0 03 0f b6 add -0x49f0fc40(%rbx),%eax 10: 14 11 adc $0x11,%al 12: 38 d0 cmp %dl,%al 14: 7c 08 jl 0x1e 16: 84 d2 test %dl,%dl 18: 0f 85 87 00 00 00 jne 0xa5 1e: 8b 35 bf 27 c3 08 mov 0x8c327bf(%rip),%esi # 0x8c327e3 * 24: 85 f6 test %esi,%esi <-- trapping instruction 26: 74 79 je 0xa1 28: 48 c7 c0 80 1f 3d 89 mov $0xffffffff893d1f80,%rax 2f: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 36: fc ff df