watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [syz-executor.6:4445] Modules linked in: irq event stamp: 4038265 hardirqs last enabled at (4038264): [] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 hardirqs last disabled at (4038265): [] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1094 softirqs last enabled at (64412): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (64415): [] asm_call_irq_on_stack+0x12/0x20 CPU: 1 PID: 4445 Comm: syz-executor.6 Not tainted 5.10.227 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:29 [inline] RIP: 0010:rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:322 [inline] RIP: 0010:rcu_is_watching+0x17/0x70 kernel/rcu/tree.c:1112 Code: a1 3e 00 48 8b 14 24 eb c0 66 2e 0f 1f 84 00 00 00 00 00 53 65 ff 05 78 5e d4 7e 48 c7 c3 00 c0 03 00 65 48 03 1d a1 04 d4 7e <48> 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 RSP: 0018:ffff88806cf09860 EFLAGS: 00000286 RAX: 0000000000000001 RBX: ffff88806cf3c000 RCX: ffffffff8373f470 RDX: ffff88801e3b3480 RSI: ffffffff8373f47d RDI: 0000000000000001 RBP: ffff888047eb8870 R08: 0000000000000001 R09: ffffffff8686a6e7 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 R13: ffff888018222800 R14: ffff888047eb8860 R15: dffffc0000000000 FS: 00007fd83c776700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f77e7d76d58 CR3: 0000000045508000 CR4: 0000000000350ee0 Call Trace: rcu_read_lock_held_common kernel/rcu/update.c:106 [inline] rcu_read_lock_held+0x1c/0x50 kernel/rcu/update.c:307 __in6_dev_get include/net/addrconf.h:323 [inline] ipv6_chk_mcast_addr+0x2c2/0x720 net/ipv6/mcast.c:998 ip6_protocol_deliver_rcu+0xb90/0x17b0 net/ipv6/ip6_input.c:418 ip6_input_finish+0x64/0x1b0 net/ipv6/ip6_input.c:468 NF_HOOK include/linux/netfilter.h:296 [inline] NF_HOOK include/linux/netfilter.h:290 [inline] ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:477 ip6_mc_input+0x230/0x4c0 net/ipv6/ip6_input.c:571 dst_input include/net/dst.h:442 [inline] ip6_sublist_rcv_finish+0x9a/0x280 net/ipv6/ip6_input.c:89 ip6_list_rcv_finish.constprop.0+0x503/0x900 net/ipv6/ip6_input.c:146 ip6_sublist_rcv net/ipv6/ip6_input.c:311 [inline] ipv6_list_rcv+0x2c4/0x3c0 net/ipv6/ip6_input.c:346 __netif_receive_skb_list_ptype net/core/dev.c:5422 [inline] __netif_receive_skb_list_core+0x4ca/0x8e0 net/core/dev.c:5470 __netif_receive_skb_list net/core/dev.c:5522 [inline] netif_receive_skb_list_internal+0x6ca/0xcd0 net/core/dev.c:5632 netif_receive_skb_list+0x54/0x370 net/core/dev.c:5684 ieee80211_rx_napi+0x35a/0x3c0 net/mac80211/rx.c:4871 ieee80211_rx include/net/mac80211.h:4502 [inline] ieee80211_tasklet_handler+0xd3/0x130 net/mac80211/main.c:235 tasklet_action_common.constprop.0+0x244/0x2f0 kernel/softirq.c:560 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1094 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:__up_read+0x1c9/0x7a0 kernel/locking/rwsem.c:1447 Code: 48 c7 c0 00 ff ff ff f0 48 0f c1 45 00 48 89 d9 83 e3 07 48 2d 00 01 00 00 48 ba 00 00 00 00 00 fc ff df 48 c1 e9 03 83 c3 03 <0f> b6 14 11 38 d3 7c 08 84 d2 0f 85 87 04 00 00 8b 0d 29 a5 41 04 RSP: 0018:ffff888045b7fdf0 EFLAGS: 00000206 RAX: 0000000000000002 RBX: 0000000000000003 RCX: 1ffffffff0acf0d7 RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88801e38c6b8 RBP: ffff88801e38c6b8 R08: 0000000000000001 R09: ffff88801e38c6bf R10: ffffed1003c718d7 R11: 0000000000000001 R12: 1ffff11008b6ffc1 R13: 0000000000000007 R14: ffff88801e3b3480 R15: ffff88801e38c6c0 mmap_read_unlock include/linux/mmap_lock.h:61 [inline] do_user_addr_fault+0x5a7/0xc60 arch/x86/mm/fault.c:1366 handle_page_fault arch/x86/mm/fault.c:1402 [inline] exc_page_fault+0xa2/0x1a0 arch/x86/mm/fault.c:1458 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:571 RIP: 0033:0x7fd83f19f059 Code: c4 a0 00 00 00 5d c3 66 2e 0f 1f 84 00 00 00 00 00 48 c7 c0 ff ff ff ff eb e4 0f 1f 80 00 00 00 00 55 53 48 81 ec 28 04 00 00 <48> 89 7c 24 18 48 89 74 24 10 48 89 54 24 08 48 8b 44 24 18 48 83 RSP: 002b:00007fd83c775d40 EFLAGS: 00010202 RAX: 00007fd83f19f050 RBX: 00007fd83f313f60 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000004 RDI: 000000000000000c RBP: 00007fd83f25af6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 000000000005ac94 R12: 0000000000000000 R13: 00007fff6837c60f R14: 00007fd83c776300 R15: 0000000000022000 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline] NMI backtrace for cpu 0 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline] NMI backtrace for cpu 0 skipped: idling at default_idle+0xe/0x20 arch/x86/kernel/process.c:706 ---------------- Code disassembly (best guess): 0: a1 3e 00 48 8b 14 24 movabs 0xc0eb24148b48003e,%eax 7: eb c0 9: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 10: 00 00 00 13: 53 push %rbx 14: 65 ff 05 78 5e d4 7e incl %gs:0x7ed45e78(%rip) # 0x7ed45e93 1b: 48 c7 c3 00 c0 03 00 mov $0x3c000,%rbx 22: 65 48 03 1d a1 04 d4 add %gs:0x7ed404a1(%rip),%rbx # 0x7ed404cb 29: 7e * 2a: 48 8d bb 28 01 00 00 lea 0x128(%rbx),%rdi <-- trapping instruction 31: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 38: fc ff df 3b: 48 89 fa mov %rdi,%rdx 3e: 48 rex.W 3f: c1 .byte 0xc1