watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz-executor.1:9599]
Modules linked in:
irq event stamp: 3486481
hardirqs last  enabled at (3486480): [<ffffffff87400976>] restore_regs_and_return_to_kernel+0x0/0x2a
hardirqs last disabled at (3486481): [<ffffffff874018ae>] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:793
softirqs last  enabled at (4108): [<ffffffff8760068b>] __do_softirq+0x68b/0x9ff kernel/softirq.c:314
softirqs last disabled at (6217): [<ffffffff81321d13>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (6217): [<ffffffff81321d13>] irq_exit+0x193/0x240 kernel/softirq.c:409
CPU: 0 PID: 9599 Comm: syz-executor.1 Not tainted 4.14.269-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888077cf0200 task.stack: ffff888077cf8000
RIP: 0010:call_rcu+0x0/0x10 kernel/rcu/tree_plugin.h:730
RSP: 0018:ffff8880ba4076f8 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff10
RAX: ffff888077cf0200 RBX: ffff8880a023d1c0 RCX: ffff88809adfbecc
RDX: 0000000000000100 RSI: ffffffff85c61a80 RDI: ffff8880a023d1c8
RBP: ffff88809adfbe00 R08: ffffffff85c46e0c R09: 00000000000222ba
R10: ffff888077cf0b00 R11: ffff888077cf0200 R12: ffff8880a023d1c0
R13: 0000000000000000 R14: ffff88809adfbed8 R15: ffff8880a9a72cc0
FS:  0000000000000000(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe0b9c74c18 CR3: 0000000097f1b000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 dst_release+0x56/0x80 net/core/dst.c:188
 refdst_drop include/net/dst.h:286 [inline]
 skb_dst_drop include/net/dst.h:298 [inline]
 __dev_queue_xmit+0x1543/0x2480 net/core/dev.c:3480
 neigh_resolve_output+0x4e5/0x870 net/core/neighbour.c:1369
 neigh_output include/net/neighbour.h:500 [inline]
 ip6_finish_output2+0xf48/0x1f10 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x5c6/0xd50 net/ipv6/ip6_output.c:192
 NF_HOOK_COND include/linux/netfilter.h:239 [inline]
 ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:209
 dst_output include/net/dst.h:470 [inline]
 NF_HOOK include/linux/netfilter.h:250 [inline]
 ndisc_send_skb+0x82a/0x1390 net/ipv6/ndisc.c:483
 ndisc_send_rs+0x125/0x630 net/ipv6/ndisc.c:677
 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3769
 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
 __run_timers kernel/time/timer.c:1637 [inline]
 run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650
 __do_softirq+0x24d/0x9ff kernel/softirq.c:288
 invoke_softirq kernel/softirq.c:368 [inline]
 irq_exit+0x193/0x240 kernel/softirq.c:409
 exiting_irq arch/x86/include/asm/apic.h:638 [inline]
 smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106
 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793
 </IRQ>
RIP: 0010:ldt_arch_exit_mmap+0x0/0x10 arch/x86/kernel/ldt.c:323
RSP: 0018:ffff888077cff990 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff10
RAX: ffff888077cf0200 RBX: 1ffff1100ef9ff34 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffff888077c3d940
RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888077c3d940
R13: 000000000000112f R14: 0000000000000001 R15: ffff888077c3d940
 arch_exit_mmap arch/x86/include/asm/mmu_context.h:262 [inline]
 exit_mmap+0x20e/0x4d0 mm/mmap.c:3047
 __mmput kernel/fork.c:931 [inline]
 mmput kernel/fork.c:952 [inline]
 mmput+0xfa/0x420 kernel/fork.c:947
 exit_mm kernel/exit.c:548 [inline]
 do_exit+0x984/0x2850 kernel/exit.c:855
 do_group_exit+0x100/0x2e0 kernel/exit.c:965
 get_signal+0x38d/0x1ca0 kernel/signal.c:2412
 do_signal+0x7c/0x1550 arch/x86/kernel/signal.c:792
 exit_to_usermode_loop+0x160/0x200 arch/x86/entry/common.c:160
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f67a9c52049
RSP: 002b:00007f67a85c7218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
ISOFS: Invalid session number or type of track
RAX: fffffffffffffe00 RBX: 00007f67a9d64f68 RCX: 00007f67a9c52049
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f67a9d64f68
RBP: 00007f67a9d64f60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f67a9d64f6c
R13: 00007fff34ef099f R14: 00007f67a85c7300 R15: 0000000000022000
Code: e9 3e fc ff 
ISOFS: Invalid session number
ff e8 f1 04 38 00 e9 09 fc ff ff e8 17 07 38 00 e9 5d fc ff ff 48 c7 c7 c8 93 f0 88 e8 d6 04 38 00 e9 95 fd ff ff 90 <31> c9 48 c7 c2 80 9c f7 88 e9 22 f8 ff ff 66 90 b9 01 00 00 00 
isofs_fill_super: get root inode failed
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 9607 Comm: syz-executor.0 Not tainted 4.14.269-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880778ec400 task.stack: ffff8880778f0000
RIP: 0010:select_task_rq_fair+0x2f8/0x2300 kernel/sched/fair.c:5976
RSP: 0018:ffff8880ba507c70 EFLAGS: 00000046
RAX: 00000000000012af RBX: 0000000000000001 RCX: 0000000000000010
RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffff8880b5fa3890
RBP: ffff8880b5fa3840 R08: 0000000000000001 R09: 00000000000a4012
R10: ffff8880778eccd8 R11: ffff8880778ec400 R12: 0000000000000001
R13: dffffc0000000000 R14: 0000000000034380 R15: ffff888079b2a140
FS:  00007f49e178d700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007faf4594a000 CR3: 0000000097f2d000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 select_task_rq kernel/sched/core.c:1563 [inline]
 try_to_wake_up+0x46f/0x1100 kernel/sched/core.c:2075
 hrtimer_wakeup+0x43/0x60 kernel/time/hrtimer.c:1441
 __run_hrtimer kernel/time/hrtimer.c:1223 [inline]
 __hrtimer_run_queues+0x30b/0xc80 kernel/time/hrtimer.c:1287
 hrtimer_interrupt+0x1e6/0x5e0 kernel/time/hrtimer.c:1321
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1079 [inline]
 smp_apic_timer_interrupt+0x117/0x5e0 arch/x86/kernel/apic/apic.c:1104
 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline]
RIP: 0010:console_trylock_spinning kernel/printk/printk.c:1685 [inline]
RIP: 0010:vprintk_emit+0x549/0x620 kernel/printk/printk.c:1922
RSP: 0018:ffff8880778f79b8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 0000000000040000 RBX: 1ffffffff11e1279 RCX: ffffc90006422000
RDX: 0000000000040000 RSI: ffffffff81440874 RDI: 0000000000000246
RBP: ffff8880778f79f0 R08: ffffffff8b9a3d40 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000027
R13: ffff888077cf0200 R14: 0000000000000246 R15: 0000000000000000
 vprintk_func+0x58/0x160 kernel/printk/printk_safe.c:409
 printk+0x9e/0xbc kernel/printk/printk.c:1996
 isofs_fill_super.cold+0x2b5/0x3ce fs/isofs/inode.c:998
 mount_bdev+0x2b3/0x360 fs/super.c:1134
 mount_fs+0x92/0x2a0 fs/super.c:1237
 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2572 [inline]
 do_mount+0xe65/0x2a10 fs/namespace.c:2902
 SYSC_mount fs/namespace.c:3118 [inline]
 SyS_mount+0xa8/0x120 fs/namespace.c:3095
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f49e2e5b57a
RSP: 002b:00007f49e178cf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000600 RCX: 00007f49e2e5b57a
RDX: 0000000020000000 RSI: 00000000200001c0 RDI: 00007f49e178cfe0
RBP: 00007f49e178d020 R08: 00007f49e178d020 R09: 0000000020000000
R10: 0000000000000001 R11: 0000000000000206 R12: 0000000020000000
R13: 00000000200001c0 R14: 00007f49e178cfe0 R15: 0000000020000bc0
Code: 8b 6d 00 48 85 ed 0f 84 96 02 00 00 48 8d 7d 50 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 74 08 3c 03 0f 8e 25 19 00 00 8b 45 50 <a8> 01 0f 84 6f 02 00 00 45 85 e4 75 89 85 c8 0f 84 62 02 00 00 
----------------
Code disassembly (best guess):
   0:	8b 6d 00             	mov    0x0(%rbp),%ebp
   3:	48 85 ed             	test   %rbp,%rbp
   6:	0f 84 96 02 00 00    	je     0x2a2
   c:	48 8d 7d 50          	lea    0x50(%rbp),%rdi
  10:	48 89 f8             	mov    %rdi,%rax
  13:	48 c1 e8 03          	shr    $0x3,%rax
  17:	42 0f b6 04 28       	movzbl (%rax,%r13,1),%eax
  1c:	84 c0                	test   %al,%al
  1e:	74 08                	je     0x28
  20:	3c 03                	cmp    $0x3,%al
  22:	0f 8e 25 19 00 00    	jle    0x194d
  28:	8b 45 50             	mov    0x50(%rbp),%eax
* 2b:	a8 01                	test   $0x1,%al <-- trapping instruction
  2d:	0f 84 6f 02 00 00    	je     0x2a2
  33:	45 85 e4             	test   %r12d,%r12d
  36:	75 89                	jne    0xffffffc1
  38:	85 c8                	test   %ecx,%eax
  3a:	0f 84 62 02 00 00    	je     0x2a2