ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 watchdog: BUG: soft lockup - CPU#0 stuck for 21s! [syz-executor.1:10244] Modules linked in: irq event stamp: 2654851 hardirqs last enabled at (2654850): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (2654851): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (2622848): [] __do_softirq+0x678/0x980 kernel/softirq.c:318 softirqs last disabled at (2622851): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (2622851): [] irq_exit+0x215/0x260 kernel/softirq.c:412 CPU: 0 PID: 10244 Comm: syz-executor.1 Not tainted 4.19.206-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:unwind_next_frame+0xa12/0x1400 arch/x86/kernel/unwind_orc.c:508 Code: f7 4c 89 44 24 30 48 8d 70 f8 48 89 44 24 28 e8 34 f4 ff ff 84 c0 0f 84 72 fa ff ff 48 b8 00 00 00 00 00 fc ff df 48 8b 14 24 <4c> 8b 64 24 68 4c 8b 44 24 30 48 c1 ea 03 80 3c 02 00 0f 85 8c 09 RSP: 0018:ffff8880ba006e48 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: 1ffff11017400dd2 RCX: 0000000000000000 RDX: ffff8880ba007068 RSI: ffff8880ba006dd8 RDI: ffff8880ba007018 RBP: 0000000000000002 R08: ffffffff8b9096a8 R09: ffffffff8b9096a4 R10: ffff8880ba00708f R11: 0000000000074071 R12: ffff8880ba007078 R13: ffff8880ba007065 R14: ffff8880ba007030 R15: ffffffff8b9096a4 FS: 00007fa65483c700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f471e4ef718 CR3: 000000009f9b3000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __unwind_start+0x5b8/0x960 arch/x86/kernel/unwind_orc.c:667 unwind_start arch/x86/include/asm/unwind.h:60 [inline] __save_stack_trace+0x72/0x190 arch/x86/kernel/stacktrace.c:43 save_stack mm/kasan/kasan.c:448 [inline] set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553 kmem_cache_alloc+0x122/0x370 mm/slab.c:3559 kmem_cache_zalloc include/linux/slab.h:699 [inline] sctp_chunkify+0x4b/0x2e0 net/sctp/sm_make_chunk.c:1349 _sctp_make_chunk+0x149/0x260 net/sctp/sm_make_chunk.c:1422 sctp_make_control net/sctp/sm_make_chunk.c:1458 [inline] sctp_make_abort+0x3f/0x410 net/sctp/sm_make_chunk.c:970 sctp_sf_tabort_8_4_8.constprop.0+0x4e/0x420 net/sctp/sm_statefuns.c:3411 sctp_sf_ootb+0x5ba/0x670 net/sctp/sm_statefuns.c:3632 sctp_do_sm+0x162/0x5110 net/sctp/sm_sideeffect.c:1167 sctp_endpoint_bh_rcv+0x405/0x880 net/sctp/endpointola.c:457 sctp_inq_push+0x1da/0x270 net/sctp/inqueue.c:95 sctp_rcv+0x1651/0x3340 net/sctp/input.c:268 ip_local_deliver_finish+0x495/0xc00 net/ipv4/ip_input.c:215 NF_HOOK include/linux/netfilter.h:289 [inline] ip_local_deliver+0x188/0x500 net/ipv4/ip_input.c:256 dst_input include/net/dst.h:461 [inline] ip_rcv_finish+0x1ca/0x2e0 net/ipv4/ip_input.c:414 NF_HOOK include/linux/netfilter.h:289 [inline] ip_rcv+0xca/0x3c0 net/ipv4/ip_input.c:524 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066 process_backlog+0x241/0x700 net/core/dev.c:5849 napi_poll net/core/dev.c:6280 [inline] net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:__schedule+0xad/0x2040 kernel/sched/core.c:3437 Code: cf 89 48 89 fa 48 c1 ea 03 42 80 3c 32 00 0f 85 79 1c 00 00 4c 03 3c c5 00 9f cf 89 49 8d 87 20 0a 00 00 4c 89 bd 70 ff ff ff <48> 89 c2 48 89 85 58 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1 RSP: 0018:ffff88808d50eec8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: ffff8880ba02bae0 RBX: 0000000000000001 RCX: ffffffff83771ea3 RDX: 1ffffffff139f3e0 RSI: ffffffff83771eb1 RDI: ffffffff89cf9f00 RBP: ffff88808d50ef90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: ffff88809f9a8400 R13: 000000000002b0c0 R14: dffffc0000000000 R15: ffff8880ba02b0c0 preempt_schedule_irq+0xb0/0x140 kernel/sched/core.c:3744 retint_kernel+0x1b/0x2d RIP: 0010:should_resched arch/x86/include/asm/preempt.h:99 [inline] RIP: 0010:__local_bh_enable_ip+0x18d/0x270 kernel/softirq.c:196 Code: 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 dd 00 00 00 48 83 3d d8 50 b8 08 00 0f 84 8d 00 00 00 fb 66 0f 1f 44 00 00 <65> 8b 05 3c ad c8 7e 85 c0 74 7d 5b 5d 41 5c c3 80 3d 85 75 d5 09 RSP: 0018:ffff88808d50f070 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff13e305b RBX: 0000000000000200 RCX: 1ffff11013f35195 RDX: dffffc0000000000 RSI: ffff88809f9a8cb0 RDI: ffff88809f9a8c84 RBP: ffffffff8701f876 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88809f9a8400 R13: ffff8880941443c0 R14: ffff88809e541b50 R15: ffff8880a18de800 local_bh_enable include/linux/bottom_half.h:32 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline] ip6_finish_output2+0x11a9/0x2290 net/ipv6/ip6_output.c:121 ip6_finish_output+0x89b/0x10f0 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip6_output+0x205/0x770 net/ipv6/ip6_output.c:209 dst_output include/net/dst.h:455 [inline] NF_HOOK include/linux/netfilter.h:289 [inline] ip6_xmit+0xdbf/0x20a0 net/ipv6/ip6_output.c:313 sctp_v6_xmit+0x377/0x710 net/sctp/ipv6.c:229 sctp_packet_transmit+0x1e21/0x3660 net/sctp/output.c:641 sctp_outq_flush_transports+0x19d/0x340 net/sctp/outqueue.c:1166 sctp_outq_flush net/sctp/outqueue.c:1214 [inline] sctp_outq_uncork+0x185/0x200 net/sctp/outqueue.c:777 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1815 [inline] sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline] sctp_do_sm+0x72a/0x5110 net/sctp/sm_sideeffect.c:1170 sctp_assoc_bh_rcv+0x345/0x650 net/sctp/associola.c:1073 sctp_inq_push+0x1da/0x270 net/sctp/inqueue.c:95 sctp_backlog_rcv+0x1e9/0x11e0 net/sctp/input.c:356 sk_backlog_rcv include/net/sock.h:950 [inline] __release_sock+0x134/0x3a0 net/core/sock.c:2344 release_sock+0x54/0x1b0 net/core/sock.c:2881 sctp_setsockopt+0x21c/0x4b40 net/sctp/socket.c:4501 __sys_setsockopt+0x14d/0x240 net/socket.c:2013 __do_sys_setsockopt net/socket.c:2024 [inline] __se_sys_setsockopt net/socket.c:2021 [inline] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2021 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa6550c5739 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa65483c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fa6551c9f80 RCX: 00007fa6550c5739 RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 RBP: 00007fa65511fcc4 R08: 000000000000001c R09: 0000000000000000 R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007fa6551c9f80 R13: 00007fff53f165af R14: 00007fa65483c300 R15: 0000000000022000 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 10293 Comm: syz-executor.4 Not tainted 4.19.206-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__sanitizer_cov_trace_cmp8+0x0/0x20 kernel/kcov.c:168 Code: 2e 0f 1f 84 00 00 00 00 00 90 48 8b 0c 24 89 f2 89 fe bf 04 00 00 00 e9 4e ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 0c 24 48 89 f2 48 89 fe bf 06 00 00 00 e9 2c ff ff ff 66 66 RSP: 0018:ffff8880ba106a48 EFLAGS: 00000046 RAX: dffffc0000000000 RBX: 0000018a0eb5bd5e RCX: ffffffff87efc770 RDX: 1ffff11017424abf RSI: 0000018a0eb5bd5e RDI: 0000018a0e39e67c RBP: 0000018a0e39e67c R08: 0000000000000000 R09: 0000018a0e39e67c R10: 0000000000000006 R11: ffffffff8c66405b R12: ffff88809d268358 R13: 0000000000000000 R14: ffff8880ba124d80 R15: 0000018a0e39e67c FS: 00007fd472d48700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000557e2a3042e8 CR3: 00000000a84de000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: timerqueue_add+0x238/0x300 lib/timerqueue.c:60 enqueue_hrtimer+0x139/0x3d0 kernel/time/hrtimer.c:979 __run_hrtimer kernel/time/hrtimer.c:1434 [inline] __hrtimer_run_queues+0xae6/0xe60 kernel/time/hrtimer.c:1481 hrtimer_interrupt+0x326/0x9e0 kernel/time/hrtimer.c:1539 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1071 [inline] smp_apic_timer_interrupt+0x10c/0x550 arch/x86/kernel/apic/apic.c:1096 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:___neigh_lookup_noref include/net/neighbour.h:290 [inline] RIP: 0010:__ipv6_neigh_lookup_noref include/net/ndisc.h:379 [inline] RIP: 0010:ip6_dst_lookup_tail+0xb86/0x19b0 net/ipv6/ip6_output.c:1036 Code: ff 48 89 de e8 9b 6b 60 fa 48 85 db 0f 84 b6 04 00 00 e8 fd 69 60 fa 48 8d bb a0 02 00 00 48 89 f8 48 c1 e8 03 42 80 3c 20 00 <0f> 85 77 0a 00 00 4c 3b b3 a0 02 00 00 0f 85 6d ff ff ff e8 d2 69 RSP: 0018:ffff8880ba106d70 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 1ffff11013ba3724 RBX: ffff88809dd1b680 RCX: ffffffff87022819 RDX: 0000000000000100 RSI: ffffffff870228c3 RDI: ffff88809dd1b920 RBP: ffff8880ba106ec8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000007 R11: 0000000000000000 R12: dffffc0000000000 R13: ffff8880ba1070a8 R14: ffff8880ae9be140 R15: ffff8880ae9be140 ip6_dst_lookup_flow+0x8c/0x1d0 net/ipv6/ip6_output.c:1120 sctp_v6_get_dst+0x69f/0x1c90 net/sctp/ipv6.c:291 sctp_transport_route+0x125/0x350 net/sctp/transport.c:312 sctp_assoc_add_peer+0x5bf/0x1050 net/sctp/associola.c:677 sctp_process_param net/sctp/sm_make_chunk.c:2546 [inline] sctp_process_init+0x250a/0x2b60 net/sctp/sm_make_chunk.c:2366 sctp_sf_do_5_1B_init+0x85f/0xde0 net/sctp/sm_statefuns.c:426 sctp_do_sm+0x162/0x5110 net/sctp/sm_sideeffect.c:1167 sctp_endpoint_bh_rcv+0x405/0x880 net/sctp/endpointola.c:457 sctp_inq_push+0x1da/0x270 net/sctp/inqueue.c:95 sctp_rcv+0x1651/0x3340 net/sctp/input.c:268 sctp6_rcv+0x12/0x30 net/sctp/ipv6.c:1072 ip6_input_finish+0x46a/0x17a0 net/ipv6/ip6_input.c:385 NF_HOOK include/linux/netfilter.h:289 [inline] ip6_input+0xcf/0x3c0 net/ipv6/ip6_input.c:428 dst_input include/net/dst.h:461 [inline] ip6_rcv_finish+0x1d9/0x2f0 net/ipv6/ip6_input.c:76 NF_HOOK include/linux/netfilter.h:289 [inline] ipv6_rcv+0xf2/0x3f0 net/ipv6/ip6_input.c:273 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066 process_backlog+0x241/0x700 net/core/dev.c:5849 napi_poll net/core/dev.c:6280 [inline] net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346 __do_softirq+0x265/0x980 kernel/softirq.c:292 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092 do_softirq.part.0+0x160/0x1c0 kernel/softirq.c:336 do_softirq kernel/softirq.c:328 [inline] __local_bh_enable_ip+0x20e/0x270 kernel/softirq.c:189 local_bh_enable include/linux/bottom_half.h:32 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline] ip6_finish_output2+0x11a9/0x2290 net/ipv6/ip6_output.c:121 ip6_finish_output+0x89b/0x10f0 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip6_output+0x205/0x770 net/ipv6/ip6_output.c:209 dst_output include/net/dst.h:455 [inline] NF_HOOK include/linux/netfilter.h:289 [inline] ip6_xmit+0xdbf/0x20a0 net/ipv6/ip6_output.c:313 sctp_v6_xmit+0x377/0x710 net/sctp/ipv6.c:229 sctp_packet_transmit+0x1e21/0x3660 net/sctp/output.c:641 sctp_packet_singleton net/sctp/outqueue.c:792 [inline] sctp_outq_flush_ctrl.constprop.0+0x6d3/0xc40 net/sctp/outqueue.c:923 sctp_outq_flush net/sctp/outqueue.c:1205 [inline] sctp_outq_uncork+0x10b/0x200 net/sctp/outqueue.c:777 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1815 [inline] sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline] sctp_do_sm+0x72a/0x5110 net/sctp/sm_sideeffect.c:1170 sctp_primitive_ASSOCIATE+0x98/0xc0 net/sctp/primitive.c:88 __sctp_connect+0x968/0xd00 net/sctp/socket.c:1258 __sctp_setsockopt_connectx+0x132/0x1c0 net/sctp/socket.c:1381 sctp_setsockopt_connectx_old net/sctp/socket.c:1397 [inline] sctp_setsockopt+0x29d9/0x4b40 net/sctp/socket.c:4354 __sys_setsockopt+0x14d/0x240 net/socket.c:2013 __do_sys_setsockopt net/socket.c:2024 [inline] __se_sys_setsockopt net/socket.c:2021 [inline] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2021 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fd4735d1739 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd472d48188 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fd4736d5f80 RCX: 00007fd4735d1739 RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005 RBP: 00007fd47362bcc4 R08: 000000000000001c R09: 0000000000000000 R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007fd4736d5f80 R13: 00007fff211edb4f R14: 00007fd472d48300 R15: 0000000000022000 ---------------- Code disassembly (best guess): 0: f7 4c 89 44 24 30 48 testl $0x8d483024,0x44(%rcx,%rcx,4) 7: 8d 8: 70 f8 jo 0x2 a: 48 89 44 24 28 mov %rax,0x28(%rsp) f: e8 34 f4 ff ff callq 0xfffff448 14: 84 c0 test %al,%al 16: 0f 84 72 fa ff ff je 0xfffffa8e 1c: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 23: fc ff df 26: 48 8b 14 24 mov (%rsp),%rdx * 2a: 4c 8b 64 24 68 mov 0x68(%rsp),%r12 <-- trapping instruction 2f: 4c 8b 44 24 30 mov 0x30(%rsp),%r8 34: 48 c1 ea 03 shr $0x3,%rdx 38: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 3c: 0f .byte 0xf 3d: 85 .byte 0x85 3e: 8c 09 mov %cs,(%rcx)