watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.4:12011] Modules linked in: irq event stamp: 1891341 hardirqs last enabled at (1891340): [] slab_alloc_node mm/slab.c:3327 [inline] hardirqs last enabled at (1891340): [] kmem_cache_alloc_node_trace+0x2f0/0x400 mm/slab.c:3659 hardirqs last disabled at (1891341): [] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:793 softirqs last enabled at (156116): [] ipt_do_table+0xb7f/0x16f0 net/ipv4/netfilter/ip_tables.c:362 softirqs last disabled at (156118): [] lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline] softirqs last disabled at (156118): [] ip_finish_output2+0x23f/0x1340 net/ipv4/ip_output.c:221 CPU: 0 PID: 12011 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8880b19682c0 task.stack: ffff888096bc0000 RIP: 0010:memcmp+0x46/0xb0 lib/string.c:918 RSP: 0018:ffff888096bc5858 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000000 RBX: ffff888096bc5a83 RCX: 0000000000000002 RDX: 0000000000000003 RSI: ffff8880b4d8e4e3 RDI: ffff888096bc58f8 RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000009 R10: 0000000000000000 R11: ffff8880b19682c0 R12: ffff888096bc5ab8 R13: 0000000000000038 R14: ffff888096bc58f8 R15: ffff8880b4d8e340 FS: 00007f5171245700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2eb2f000 CR3: 0000000097e2c000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: find_stack lib/stackdepot.c:180 [inline] depot_save_stack+0x10d/0x3f0 lib/stackdepot.c:229 save_stack mm/kasan/kasan.c:453 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0x139/0x160 mm/kasan/kasan.c:551 slab_post_alloc_hook mm/slab.h:442 [inline] slab_alloc_node mm/slab.c:3333 [inline] kmem_cache_alloc_node_trace+0x13d/0x400 mm/slab.c:3659 __do_kmalloc_node mm/slab.c:3681 [inline] __kmalloc_node_track_caller+0x38/0x70 mm/slab.c:3696 __kmalloc_reserve net/core/skbuff.c:137 [inline] __alloc_skb+0x96/0x510 net/core/skbuff.c:205 skb_segment+0x677/0x2e60 net/core/skbuff.c:3683 sctp_gso_segment net/sctp/offload.c:76 [inline] sctp_gso_segment+0x204/0x810 net/sctp/offload.c:43 inet_gso_segment+0x487/0x10f0 net/ipv4/af_inet.c:1272 inet_gso_segment+0x487/0x10f0 net/ipv4/af_inet.c:1272 skb_mac_gso_segment+0x240/0x4c0 net/core/dev.c:2745 __skb_gso_segment+0x302/0x600 net/core/dev.c:2818 skb_gso_segment include/linux/netdevice.h:4003 [inline] validate_xmit_skb+0x49c/0x9f0 net/core/dev.c:3071 validate_xmit_skb_list+0xaf/0x110 net/core/dev.c:3122 sch_direct_xmit+0x2dc/0x500 net/sched/sch_generic.c:181 qdisc_restart net/sched/sch_generic.c:249 [inline] __qdisc_run+0x25d/0xe00 net/sched/sch_generic.c:257 __dev_xmit_skb net/core/dev.c:3231 [inline] __dev_queue_xmit+0x13ac/0x2480 net/core/dev.c:3489 neigh_hh_output include/net/neighbour.h:490 [inline] neigh_output include/net/neighbour.h:498 [inline] ip_finish_output2+0x9db/0x1340 net/ipv4/ip_output.c:237 ip_finish_output+0x37c/0xc50 net/ipv4/ip_output.c:325 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip_output+0x1cd/0x510 net/ipv4/ip_output.c:413 dst_output include/net/dst.h:470 [inline] ip_local_out+0x93/0x170 net/ipv4/ip_output.c:125 iptunnel_xmit+0x5cc/0x950 net/ipv4/ip_tunnel_core.c:91 ip_tunnel_xmit+0xedc/0x33e0 net/ipv4/ip_tunnel.c:799 sit_tunnel_xmit__ net/ipv6/sit.c:1006 [inline] sit_tunnel_xmit+0x1ab/0x2130 net/ipv6/sit.c:1019 __netdev_start_xmit include/linux/netdevice.h:4052 [inline] netdev_start_xmit include/linux/netdevice.h:4061 [inline] xmit_one net/core/dev.c:3005 [inline] dev_hard_start_xmit+0x188/0x890 net/core/dev.c:3021 __dev_queue_xmit+0x1d7f/0x2480 net/core/dev.c:3521 neigh_output include/net/neighbour.h:500 [inline] ip_finish_output2+0xba6/0x1340 net/ipv4/ip_output.c:237 ip_finish_output+0x37c/0xc50 net/ipv4/ip_output.c:325 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip_output+0x1cd/0x510 net/ipv4/ip_output.c:413 dst_output include/net/dst.h:470 [inline] ip_local_out+0x93/0x170 net/ipv4/ip_output.c:125 nf_dup_ipv4 net/ipv4/netfilter/nf_dup_ipv4.c:91 [inline] nf_dup_ipv4+0x4bb/0x680 net/ipv4/netfilter/nf_dup_ipv4.c:53 tee_tg4+0x109/0x160 net/netfilter/xt_TEE.c:36 ipt_do_table+0xa9d/0x16f0 net/ipv4/netfilter/ip_tables.c:353 iptable_filter_hook+0x172/0x1e0 net/ipv4/netfilter/iptable_filter.c:47 nf_hook_entry_hookfn include/linux/netfilter.h:108 [inline] nf_hook_slow+0xb0/0x1a0 net/netfilter/core.c:468 nf_hook include/linux/netfilter.h:205 [inline] __ip_local_out+0x398/0x730 net/ipv4/ip_output.c:114 ip_local_out+0x25/0x170 net/ipv4/ip_output.c:123 iptunnel_xmit+0x5cc/0x950 net/ipv4/ip_tunnel_core.c:91 ip_tunnel_xmit+0xedc/0x33e0 net/ipv4/ip_tunnel.c:799 ipgre_xmit+0x412/0x780 net/ipv4/ip_gre.c:672 __netdev_start_xmit include/linux/netdevice.h:4052 [inline] netdev_start_xmit include/linux/netdevice.h:4061 [inline] xmit_one net/core/dev.c:3005 [inline] dev_hard_start_xmit+0x188/0x890 net/core/dev.c:3021 __dev_queue_xmit+0x1d7f/0x2480 net/core/dev.c:3521 neigh_connected_output+0x39c/0x580 net/core/neighbour.c:1398 neigh_output include/net/neighbour.h:500 [inline] ip_finish_output2+0xba6/0x1340 net/ipv4/ip_output.c:237 ip_finish_output+0x37c/0xc50 net/ipv4/ip_output.c:325 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip_output+0x1cd/0x510 net/ipv4/ip_output.c:413 dst_output include/net/dst.h:470 [inline] ip_local_out+0x93/0x170 net/ipv4/ip_output.c:125 ip_send_skb+0x3a/0xc0 net/ipv4/ip_output.c:1431 udp_send_skb+0x601/0xb70 net/ipv4/udp.c:833 udp_sendmsg+0x15a1/0x1c80 net/ipv4/udp.c:1057 udpv6_sendmsg+0x12ea/0x2560 net/ipv6/udp.c:1193 inet_sendmsg+0x11a/0x4e0 net/ipv4/af_inet.c:762 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0x100 net/socket.c:656 ___sys_sendmsg+0x326/0x800 net/socket.c:2062 __sys_sendmmsg+0x129/0x330 net/socket.c:2152 SYSC_sendmmsg net/socket.c:2183 [inline] SyS_sendmmsg+0x2f/0x50 net/socket.c:2178 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f51728f1049 RSP: 002b:00007f5171245168 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007f5172a04030 RCX: 00007f51728f1049 RDX: 0400000000000132 RSI: 0000000020004d80 RDI: 000000000000000e RBP: 00007f517294b08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe80807faf R14: 00007f5171245300 R15: 0000000000022000 Code: 83 ec 10 eb 0d 48 83 c3 01 48 83 c6 01 49 39 dc 74 45 48 89 d8 48 89 da 48 c1 e8 03 83 e2 07 0f b6 04 28 38 d0 7f 04 84 c0 75 54 <48> 89 f2 48 89 f1 0f b6 03 48 c1 ea 03 83 e1 07 0f b6 14 2a 38 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 7986 Comm: syz-executor.3 Not tainted 4.14.275-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88808f712540 task.stack: ffff8880a26b8000 RIP: 0010:__read_once_size include/linux/compiler.h:185 [inline] RIP: 0010:__read_seqcount_begin include/linux/seqlock.h:113 [inline] RIP: 0010:raw_read_seqcount_begin include/linux/seqlock.h:148 [inline] RIP: 0010:read_seqcount_begin include/linux/seqlock.h:165 [inline] RIP: 0010:get_counters+0x46a/0x5d0 net/ipv6/netfilter/ip6_tables.c:797 RSP: 0018:ffff8880a26bfbd8 EFLAGS: 00000297 RAX: ffff88808f712540 RBX: ffffe8ffffcd8000 RCX: 1ffff11011ee25bd RDX: 0000000000000000 RSI: ffff88808f712dc8 RDI: 0000000000000297 RBP: ffff88809315adc0 R08: ffffffff8b9af9c8 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000003 R13: ffff8880ba433600 R14: ffffed10174866c0 R15: dffffc0000000000 FS: 00005555573f0400(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555557205848 CR3: 00000000ab314000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: do_arpt_get_ctl+0x412/0x6d0 net/ipv4/netfilter/arp_tables.c:662 nf_sockopt net/netfilter/nf_sockopt.c:104 [inline] nf_getsockopt+0x62/0xc0 net/netfilter/nf_sockopt.c:122 ip_getsockopt net/ipv4/ip_sockglue.c:1566 [inline] ip_getsockopt+0x105/0x150 net/ipv4/ip_sockglue.c:1551 tcp_getsockopt+0x7b/0xc0 net/ipv4/tcp.c:3259 SYSC_getsockopt net/socket.c:1896 [inline] SyS_getsockopt+0x102/0x1c0 net/socket.c:1878 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f1e2dd9766a RSP: 002b:00007ffee97f5da8 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007ffee97f5dbc RCX: 00007f1e2dd9766a RDX: 0000000000000061 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 0000000000000003 R08: 00007ffee97f5dbc R09: ff00000000000000 R10: 00007ffee97f5e10 R11: 0000000000000212 R12: 00007ffee97f5e10 R13: 000000000001d7a7 R14: 0000000000000005 R15: 00007ffee97f6520 Code: ff e8 4b b4 2b fb 0f 0b e8 44 b4 2b fb 0f 0b 4d 89 ee 4d 89 ec 49 c1 ee 03 41 83 e4 07 4d 01 fe 41 83 c4 03 e8 28 b4 2b fb f3 90 <41> 0f b6 06 41 38 c4 7c 08 84 c0 0f 85 3f 01 00 00 41 8b 45 00 ---------------- Code disassembly (best guess): 0: 83 ec 10 sub $0x10,%esp 3: eb 0d jmp 0x12 5: 48 83 c3 01 add $0x1,%rbx 9: 48 83 c6 01 add $0x1,%rsi d: 49 39 dc cmp %rbx,%r12 10: 74 45 je 0x57 12: 48 89 d8 mov %rbx,%rax 15: 48 89 da mov %rbx,%rdx 18: 48 c1 e8 03 shr $0x3,%rax 1c: 83 e2 07 and $0x7,%edx 1f: 0f b6 04 28 movzbl (%rax,%rbp,1),%eax 23: 38 d0 cmp %dl,%al 25: 7f 04 jg 0x2b 27: 84 c0 test %al,%al 29: 75 54 jne 0x7f * 2b: 48 89 f2 mov %rsi,%rdx <-- trapping instruction 2e: 48 89 f1 mov %rsi,%rcx 31: 0f b6 03 movzbl (%rbx),%eax 34: 48 c1 ea 03 shr $0x3,%rdx 38: 83 e1 07 and $0x7,%ecx 3b: 0f b6 14 2a movzbl (%rdx,%rbp,1),%edx 3f: 38 .byte 0x38