BUG: soft lockup in rcu_read_lock

IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor5:4521]
Modules linked in:
irq event stamp: 7217899
hardirqs last  enabled at (7217898): [<ffffffff81b563b0>] kmem_cache_free+0xa0/0x2d0 mm/slab.c:3757
hardirqs last disabled at (7217899): [<ffffffff87800905>] interrupt_entry+0xb5/0xf0 arch/x86/entry/entry_64.S:625
softirqs last  enabled at (87404): [<ffffffff87a00778>] __do_softirq+0x778/0xaf5 kernel/softirq.c:311
softirqs last disabled at (87883): [<ffffffff81475281>] invoke_softirq kernel/softirq.c:365 [inline]
softirqs last disabled at (87883): [<ffffffff81475281>] irq_exit+0x1d1/0x200 kernel/softirq.c:405
CPU: 0 PID: 4521 Comm: syz-executor5 Not tainted 4.17.0-rc5+ #82
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__read_once_size include/linux/compiler.h:188 [inline]
RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:31 [inline]
RIP: 0010:atomic_read include/asm-generic/atomic-instrumented.h:22 [inline]
RIP: 0010:rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:349 [inline]
RIP: 0010:rcu_is_watching+0xd5/0x140 kernel/rcu/tree.c:1075
RSP: 0018:ffff8801dae06258 EFLAGS: 00000a06 ORIG_RAX: ffffffffffffff13
RAX: 000000000000dc02 RBX: 1ffff1003b5c0c4c RCX: 1ffff1003b5c0c50
RDX: 0000000000000004 RSI: 0000000000000004 RDI: ffff8801dae23610
RBP: ffff8801dae062e8 R08: ffffed003b5c46c3 R09: ffffed003b5c46c2
R10: ffffed003b5c46c2 R11: ffff8801dae23613 R12: 1ffff1003b5c0c50
R13: ffff8801dae23610 R14: ffff8801dae062c0 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8801dae00000(0063) knlGS:0000000008a86900
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000012c6fd0 CR3: 00000001ae4cb000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 rcu_read_lock_held+0x87/0xc0 kernel/rcu/update.c:329
 __in6_dev_get include/net/addrconf.h:307 [inline]
 ip6_dst_hoplimit+0x3f9/0x4c0 net/ipv6/output_core.c:133
 ip6_xmit+0xfc7/0x23f0 net/ipv6/ip6_output.c:246
 sctp_v6_xmit+0x4a5/0x6b0 net/sctp/ipv6.c:225
 sctp_packet_transmit+0x26f6/0x3ba0 net/sctp/output.c:650
 sctp_outq_flush+0x1373/0x4370 net/sctp/outqueue.c:1197
 sctp_outq_uncork+0x6a/0x80 net/sctp/outqueue.c:776
 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1820 [inline]
 sctp_side_effects net/sctp/sm_sideeffect.c:1220 [inline]
 sctp_do_sm+0x596/0x7160 net/sctp/sm_sideeffect.c:1191
 sctp_generate_heartbeat_event+0x218/0x450 net/sctp/sm_sideeffect.c:406
 call_timer_fn+0x230/0x940 kernel/time/timer.c:1326
 expire_timers kernel/time/timer.c:1363 [inline]
 __run_timers+0x79e/0xc50 kernel/time/timer.c:1666
 run_timer_softirq+0x4c/0x70 kernel/time/timer.c:1692
 __do_softirq+0x2e0/0xaf5 kernel/softirq.c:285
 invoke_softirq kernel/softirq.c:365 [inline]
 irq_exit+0x1d1/0x200 kernel/softirq.c:405
 exiting_irq arch/x86/include/asm/apic.h:525 [inline]
 smp_apic_timer_interrupt+0x17e/0x710 arch/x86/kernel/apic/apic.c:1052
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:783 [inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xa1/0xc0 kernel/locking/spinlock.c:184
RSP: 0018:ffff8801ae457b80 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: dffffc0000000000 RBX: 0000000000000286 RCX: 0000000000000000
RDX: 1ffffffff11a30e5 RSI: 0000000000000001 RDI: 0000000000000286
RBP: ffff8801ae457b90 R08: fffffbfff151c986 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8a8e4c28
R13: 0000000000000000 R14: ffffffff8a8e4c28 R15: 1ffff10035c8af7c
 debug_object_free+0x31e/0x5f0 lib/debugobjects.c:649
 destroy_hrtimer_on_stack kernel/time/hrtimer.c:442 [inline]
 hrtimer_nanosleep+0x2fc/0x610 kernel/time/hrtimer.c:1758
 __do_compat_sys_nanosleep kernel/time/hrtimer.c:1793 [inline]
 __se_compat_sys_nanosleep kernel/time/hrtimer.c:1780 [inline]
 __ia32_compat_sys_nanosleep+0x1ea/0x270 kernel/time/hrtimer.c:1780
 do_syscall_32_irqs_on arch/x86/entry/common.c:323 [inline]
 do_fast_syscall_32+0x345/0xf9b arch/x86/entry/common.c:394
 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7fe0cb9
RSP: 002b:00000000ff8969bc EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
RAX: ffffffffffffffda RBX: 00000000ff8969e8 RCX: 0000000000000000
RDX: 0000000000000005 RSI: 00000000000179e6 RDI: 0000000000000000
RBP: 0000000000000005 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Code: 00 00 00 fc ff df 41 8b 44 24 10 4d 8d 66 c0 4c 89 e1 48 c1 e9 03 0f b6 14 11 84 d2 74 05 80 fa 03 7e 43 49 c1 ec 03 41 89 46 c0 <48> ba 00 00 00 00 00 fc ff df 41 c6 04 14 f8 48 01 d3 d1 e8 65 
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 17 Comm: ksoftirqd/1 Not tainted 4.17.0-rc5+ #82
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:rep_nop arch/x86/include/asm/processor.h:667 [inline]
RIP: 0010:cpu_relax arch/x86/include/asm/processor.h:672 [inline]
RIP: 0010:virt_spin_lock arch/x86/include/asm/qspinlock.h:69 [inline]
RIP: 0010:native_queued_spin_lock_slowpath+0x204/0xde0 kernel/locking/qspinlock.c:305
RSP: 0018:ffff8801d9b3e478 EFLAGS: 00000202
RAX: 0000000000000000 RBX: ffffed003b367ca8 RCX: 0000000000000004
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8801b5c32888
RBP: ffff8801d9b3e7e8 R08: ffffed0036b86512 R09: ffffed0036b86511
R10: ffffed0036b86511 R11: ffff8801b5c3288b R12: ffff8801b5c32888
R13: ffff8801d9b3e7c0 R14: 0000000000000001 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f48dcd50000 CR3: 0000000008c6a000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:674 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:30 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:90 [inline]
 do_raw_spin_lock+0x1a7/0x200 kernel/locking/spinlock_debug.c:113
 __raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_lock+0x32/0x40 kernel/locking/spinlock.c:144
 spin_lock include/linux/spinlock.h:310 [inline]
 sctp_rcv+0xdc7/0x3a60 net/sctp/input.c:242
 sctp6_rcv+0x15/0x30 net/sctp/ipv6.c:1045
 ip6_input_finish+0x3ff/0x1a30 net/ipv6/ip6_input.c:284
 NF_HOOK include/linux/netfilter.h:288 [inline]
 ip6_input+0xe1/0x5e0 net/ipv6/ip6_input.c:327
 dst_input include/net/dst.h:450 [inline]
 ip6_rcv_finish+0x29c/0xa10 net/ipv6/ip6_input.c:71
 NF_HOOK include/linux/netfilter.h:288 [inline]
 ipv6_rcv+0xed6/0x22a0 net/ipv6/ip6_input.c:208
 __netif_receive_skb_core+0x26f5/0x3630 net/core/dev.c:4592
 __netif_receive_skb+0x2c/0x1e0 net/core/dev.c:4657
 process_backlog+0x219/0x760 net/core/dev.c:5337
 napi_poll net/core/dev.c:5735 [inline]
 net_rx_action+0x7b7/0x1930 net/core/dev.c:5801
 __do_softirq+0x2e0/0xaf5 kernel/softirq.c:285
 run_ksoftirqd+0x86/0x100 kernel/softirq.c:646
 smpboot_thread_fn+0x417/0x870 kernel/smpboot.c:164
 kthread+0x345/0x410 kernel/kthread.c:240
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
Code: 5c 00 00 00 00 48 83 e7 f8 49 29 fc 41 8d 4c 24 64 c1 e9 03 f3 48 ab 48 81 c4 48 03 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 f3 90 <e9> 3b ff ff ff 89 f1 81 fe 00 01 00 00 0f 84 9e 03 00 00 41 be 
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.293 msecs