watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [syz-executor.0:9621]
Modules linked in:
irq event stamp: 3736821
hardirqs last  enabled at (3736820): [<ffffffff87400976>] restore_regs_and_return_to_kernel+0x0/0x2a
hardirqs last disabled at (3736821): [<ffffffff874018ae>] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:793
softirqs last  enabled at (5882): [<ffffffff8760068b>] __do_softirq+0x68b/0x9ff kernel/softirq.c:314
softirqs last disabled at (7039): [<ffffffff81321d13>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (7039): [<ffffffff81321d13>] irq_exit+0x193/0x240 kernel/softirq.c:409
CPU: 0 PID: 9621 Comm: syz-executor.0 Not tainted 4.14.272-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888091098580 task.stack: ffff88806fb88000
RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x50 kernel/kcov.c:60
RSP: 0018:ffff8880ba407c10 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000102 RBX: 00000000ffffb3be RCX: 0000000000000000
RDX: 0000000000000004 RSI: ffff888091098e58 RDI: 0000000000000001
RBP: ffff88809a3867b8 R08: ffffffff8bff8408 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 1ffff11017480f8b R14: 0000000000000000 R15: ffff8880ba42cb00
FS:  00007f8a4f3f6700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbf04b1d000 CR3: 000000009116c000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __mod_timer kernel/time/timer.c:1029 [inline]
 mod_timer+0x4ec/0xf70 kernel/time/timer.c:1070
 addrconf_rs_timer+0x421/0x5a0 net/ipv6/addrconf.c:3778
 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
 __run_timers kernel/time/timer.c:1637 [inline]
 run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650
 __do_softirq+0x24d/0x9ff kernel/softirq.c:288
 invoke_softirq kernel/softirq.c:368 [inline]
 irq_exit+0x193/0x240 kernel/softirq.c:409
 exiting_irq arch/x86/include/asm/apic.h:638 [inline]
 smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106
 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline]
RIP: 0010:lock_is_held_type+0x17a/0x210 kernel/locking/lockdep.c:4038
RSP: 0018:ffff88806fb8f488 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10
RAX: 1ffffffff11e12f1 RBX: 0000000000000286 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: 00000000ffffffff RDI: 0000000000000286
RBP: ffff888091098580 R08: 0000000000000000 R09: 0000000000040634
R10: ffff888091098e08 R11: ffff888091098580 R12: 0000000000000000
R13: ffff8880ba434380 R14: ffff88806fb88000 R15: ffff888091098580
 lock_is_held include/linux/lockdep.h:437 [inline]
 schedule_debug kernel/sched/core.c:3209 [inline]
 __schedule+0xf1b/0x1de0 kernel/sched/core.c:3311
 preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:3511
 ___preempt_schedule+0x16/0x18
 __mutex_lock_common kernel/locking/mutex.c:885 [inline]
 __mutex_lock+0xe56/0x1310 kernel/locking/mutex.c:893
 perf_poll+0xd8/0x1c0 kernel/events/core.c:4662
 do_select+0xa83/0x1290 fs/select.c:513
 core_sys_select+0x32f/0x6a0 fs/select.c:656
 do_pselect fs/select.c:733 [inline]
 SYSC_pselect6 fs/select.c:774 [inline]
 SyS_pselect6+0x358/0x3c0 fs/select.c:759
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f8a50a81049
RSP: 002b:00007f8a4f3f6168 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
RAX: ffffffffffffffda RBX: 00007f8a50b93f60 RCX: 00007f8a50a81049
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0e67d2ad1e0ff6b8
RBP: 00007f8a50adb08d R08: 0000000020000200 R09: 0000000000000000
R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdeff308ef R14: 00007f8a4f3f6300 R15: 0000000000022000
Code: ff ff 48 89 df e8 11 b1 29 00 e9 9f fe ff ff 4c 89 e7 e8 04 b1 29 00 e9 2c fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <65> 48 8b 04 25 c0 7f 02 00 48 85 c0 74 1a 65 8b 15 fb 3c ad 7e 
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 9614 Comm: syz-executor.5 Not tainted 4.14.272-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88809104a3c0 task.stack: ffff888090178000
RIP: 0010:rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1186 [inline]
RIP: 0010:rcu_lockdep_current_cpu_online+0x5b/0x140 kernel/rcu/tree.c:1177
RSP: 0018:ffff8880ba506810 EFLAGS: 00000046
RAX: 0000000000000001 RBX: 0000000000035280 RCX: 1ffffffff1198fad
RDX: dffffc0000000000 RSI: ffffffff87ccfb80 RDI: ffffffff88cc7d68
RBP: ffff8880ba506b30 R08: 0000000000000000 R09: 00000000000a6012
R10: ffff88809104adb0 R11: ffff88809104a3c0 R12: 0000000000000001
R13: ffff8880ba506cc0 R14: 0000000000000008 R15: ffff8880ba506b90
FS:  00007f23c318a700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8b26248922 CR3: 00000000a38f1000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 rcu_read_lock_held+0xc3/0x110 kernel/rcu/update.c:330
 __perf_output_begin kernel/events/ring_buffer.c:163 [inline]
 perf_output_begin_forward+0x76f/0xa10 kernel/events/ring_buffer.c:262
 __perf_event_output kernel/events/core.c:6284 [inline]
 perf_event_output_forward+0xde/0x1f0 kernel/events/core.c:6300
 __perf_event_overflow+0x113/0x310 kernel/events/core.c:7549
 perf_swevent_hrtimer+0x220/0x350 kernel/events/core.c:8754
 __run_hrtimer kernel/time/hrtimer.c:1223 [inline]
 __hrtimer_run_queues+0x30b/0xc80 kernel/time/hrtimer.c:1287
 hrtimer_interrupt+0x1e6/0x5e0 kernel/time/hrtimer.c:1321
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1079 [inline]
 smp_apic_timer_interrupt+0x117/0x5e0 arch/x86/kernel/apic/apic.c:1104
 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793
RIP: 0010:__read_once_size include/linux/compiler.h:185 [inline]
RIP: 0010:rspin_until_writer_unlock kernel/locking/qrwlock.c:59 [inline]
RIP: 0010:queued_read_lock_slowpath+0x109/0x190 kernel/locking/qrwlock.c:82
RSP: 0018:ffff8880ba507120 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 00000000000000ff RBX: ffff88809a386640 RCX: 00000000000054bc
RDX: 1ffff11013470cc9 RSI: 00000000000000ff RDI: ffff88809a386640
RBP: 0000000000000003 R08: ffffffff8b9ce0a0 R09: 0000000000062384
R10: ffff88809104ad60 R11: ffff88809104a3c0 R12: ffffed1013470cc8
R13: ffff8880a1b9c180 R14: ffff8880ba507200 R15: 0000000000000001
 __ipv6_dev_get_saddr+0x61/0x620 net/ipv6/addrconf.c:1563
 ipv6_dev_get_saddr+0x4c2/0x9c0 net/ipv6/addrconf.c:1737
 ip6_route_get_saddr include/net/ip6_route.h:111 [inline]
 ip6_dst_lookup_tail+0x107c/0x16c0 net/ipv6/ip6_output.c:1015
 ip6_dst_lookup_flow+0x7c/0x190 net/ipv6/ip6_output.c:1136
 geneve_get_v6_dst+0x42a/0x910 drivers/net/geneve.c:806
 geneve6_xmit_skb drivers/net/geneve.c:892 [inline]
 geneve_xmit+0x5fd/0x2ca0 drivers/net/geneve.c:945
 __netdev_start_xmit include/linux/netdevice.h:4052 [inline]
 netdev_start_xmit include/linux/netdevice.h:4061 [inline]
 xmit_one net/core/dev.c:3005 [inline]
 dev_hard_start_xmit+0x188/0x890 net/core/dev.c:3021
 __dev_queue_xmit+0x1d7f/0x2480 net/core/dev.c:3521
 neigh_resolve_output+0x4e5/0x870 net/core/neighbour.c:1369
 neigh_output include/net/neighbour.h:500 [inline]
 ip6_finish_output2+0xf48/0x1f10 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x5c6/0xd50 net/ipv6/ip6_output.c:192
 NF_HOOK_COND include/linux/netfilter.h:239 [inline]
 ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:209
 dst_output include/net/dst.h:470 [inline]
 NF_HOOK include/linux/netfilter.h:250 [inline]
 ndisc_send_skb+0x82a/0x1390 net/ipv6/ndisc.c:483
 ndisc_send_rs+0x125/0x630 net/ipv6/ndisc.c:677
 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3769
 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
 __run_timers kernel/time/timer.c:1637 [inline]
 run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650
 __do_softirq+0x24d/0x9ff kernel/softirq.c:288
 invoke_softirq kernel/softirq.c:368 [inline]
 irq_exit+0x193/0x240 kernel/softirq.c:409
 exiting_irq arch/x86/include/asm/apic.h:638 [inline]
 smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106
 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793
 </IRQ>
RIP: 0010:__sanitizer_cov_trace_pc+0x3d/0x50 kernel/kcov.c:87
RSP: 0018:ffff88809017f570 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 0000000000040000 RBX: 0000000000000001 RCX: ffffc900073fa000
RDX: 0000000000013845 RSI: ffffffff8319f035 RDI: ffffffff87ccfbc0
RBP: ffffffff87ccfbc0 R08: ffff88823fff7058 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000034380
R13: ffffffff87ccfb80 R14: dffffc0000000000 R15: 0000000000000000
 check_preemption_disabled+0x15/0x240 lib/smp_processor_id.c:14
 __schedule+0x66/0x1de0 kernel/sched/core.c:3307
 preempt_schedule_irq+0xb0/0x140 kernel/sched/core.c:3614
 retint_kernel+0x1b/0x2d
RIP: 0010:tty_poll+0x10b/0x1a0 drivers/tty/tty_io.c:2101
RSP: 0018:ffff88809017f740 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: dffffc0000000000 RBX: ffffffff8353dea0 RCX: ffffc900073fa000
RDX: 1ffffffff128e9cb RSI: ffffffff8353df77 RDI: ffffffff89474e58
RBP: ffff8880af8d9a80 R08: ffffffff8b9b0d00 R09: 00000000000503e5
R10: ffff88809104ac48 R11: ffff88809104a3c0 R12: ffff8880aad05840
R13: ffff88809431e540 R14: ffff88809017f8d0 R15: ffffffff89474e00
 do_select+0xa83/0x1290 fs/select.c:513
 core_sys_select+0x32f/0x6a0 fs/select.c:656
 do_pselect fs/select.c:733 [inline]
 SYSC_pselect6 fs/select.c:774 [inline]
 SyS_pselect6+0x358/0x3c0 fs/select.c:759
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f23c4815049
RSP: 002b:00007f23c318a168 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
RAX: ffffffffffffffda RBX: 00007f23c4927f60 RCX: 00007f23c4815049
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0e67d2ad1e0ff6b8
RBP: 00007f23c486f08d R08: 0000000020000200 R09: 0000000000000000
R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffac3452af R14: 00007f23c318a300 R15: 0000000000022000
Code: e8 db 39 d3 01 48 c7 c3 80 52 03 00 48 ba 00 00 00 00 00 fc ff df 89 c0 48 8d 3c c5 60 7d cc 88 48 89 f9 48 c1 e9 03 80 3c 11 00 <0f> 85 a5 00 00 00 48 03 1c c5 60 7d cc 88 48 b8 00 00 00 00 00 
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	48 89 df             	mov    %rbx,%rdi
   3:	e8 11 b1 29 00       	callq  0x29b119
   8:	e9 9f fe ff ff       	jmpq   0xfffffeac
   d:	4c 89 e7             	mov    %r12,%rdi
  10:	e8 04 b1 29 00       	callq  0x29b119
  15:	e9 2c fe ff ff       	jmpq   0xfffffe46
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	90                   	nop
  23:	90                   	nop
  24:	90                   	nop
  25:	90                   	nop
  26:	90                   	nop
  27:	90                   	nop
  28:	90                   	nop
* 29:	65 48 8b 04 25 c0 7f 	mov    %gs:0x27fc0,%rax <-- trapping instruction
  30:	02 00
  32:	48 85 c0             	test   %rax,%rax
  35:	74 1a                	je     0x51
  37:	65 8b 15 fb 3c ad 7e 	mov    %gs:0x7ead3cfb(%rip),%edx        # 0x7ead3d39