ip6_tables: ip6tables: counters copy to user failed while replacing table
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.0:9569]
Modules linked in:
irq event stamp: 4187929
hardirqs last  enabled at (4187928): [<ffffffff87400976>] restore_regs_and_return_to_kernel+0x0/0x2a
hardirqs last disabled at (4187929): [<ffffffff874018ae>] apic_timer_interrupt+0x8e/0xa0 arch/x86/entry/entry_64.S:793
softirqs last  enabled at (42038): [<ffffffff8760068b>] __do_softirq+0x68b/0x9ff kernel/softirq.c:314
softirqs last disabled at (43495): [<ffffffff81321d13>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (43495): [<ffffffff81321d13>] irq_exit+0x193/0x240 kernel/softirq.c:409
CPU: 0 PID: 9569 Comm: syz-executor.0 Not tainted 4.14.273-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888050f94400 task.stack: ffff888050f98000
RIP: 0010:debug_object_init lib/debugobjects.c:393 [inline]
RIP: 0010:debug_object_activate+0x391/0x490 lib/debugobjects.c:474
RSP: 0018:ffff8880ba4075d8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10
RAX: dffffc0000000000 RBX: 0000000000000005 RCX: 0000000000000000
RDX: 0000000000000004 RSI: ffff888050f94d28 RDI: 0000000000000001
RBP: 0000000000000000 R08: ffffffff8b9b40c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888090610548
R13: dffffc0000000000 R14: 1ffff11017480ebe R15: ffff8880ba407670
FS:  00007f57c5e16700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffcefad5ff8 CR3: 00000000b306a000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 debug_rcu_head_queue kernel/rcu/rcu.h:152 [inline]
 __call_rcu.constprop.0+0x31/0x7d0 kernel/rcu/tree.c:3050
 dst_release+0x56/0x80 net/core/dst.c:188
 refdst_drop include/net/dst.h:286 [inline]
 skb_dst_drop include/net/dst.h:298 [inline]
 __dev_queue_xmit+0x1543/0x2480 net/core/dev.c:3480
 neigh_resolve_output+0x4e5/0x870 net/core/neighbour.c:1369
 neigh_output include/net/neighbour.h:500 [inline]
 ip6_finish_output2+0xf48/0x1f10 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x5c6/0xd50 net/ipv6/ip6_output.c:192
 NF_HOOK_COND include/linux/netfilter.h:239 [inline]
 ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:209
 dst_output include/net/dst.h:470 [inline]
 NF_HOOK include/linux/netfilter.h:250 [inline]
 ndisc_send_skb+0x82a/0x1390 net/ipv6/ndisc.c:483
 ndisc_send_rs+0x125/0x630 net/ipv6/ndisc.c:677
 addrconf_rs_timer+0x2bb/0x5a0 net/ipv6/addrconf.c:3769
 call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
 expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
 __run_timers kernel/time/timer.c:1637 [inline]
 run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650
 __do_softirq+0x24d/0x9ff kernel/softirq.c:288
 invoke_softirq kernel/softirq.c:368 [inline]
 irq_exit+0x193/0x240 kernel/softirq.c:409
 exiting_irq arch/x86/include/asm/apic.h:638 [inline]
 smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106
 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793
 </IRQ>
RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x50 kernel/kcov.c:60
RSP: 0018:ffff888050f9f7b8 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff10
RAX: ffff888050f94400 RBX: dffffc0000000000 RCX: 1ffff1100a1f2996
RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffffea0002734258
RBP: ffff88809dce1228 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: ffff888050f94400 R12: ffffea0002734240
R13: 0000000000000002 R14: 00007f57c6e46000 R15: 0000000000000000
 __tlb_remove_page include/asm-generic/tlb.h:152 [inline]
 zap_pte_range mm/memory.c:1367 [inline]
 zap_pmd_range mm/memory.c:1466 [inline]
 zap_pud_range mm/memory.c:1495 [inline]
 zap_p4d_range mm/memory.c:1516 [inline]
 unmap_page_range+0xf80/0x1ce0 mm/memory.c:1537
 unmap_single_vma+0x147/0x2b0 mm/memory.c:1582
 unmap_vmas+0x9d/0x160 mm/memory.c:1612
 exit_mmap+0x270/0x4d0 mm/mmap.c:3058
 __mmput kernel/fork.c:931 [inline]
 mmput kernel/fork.c:952 [inline]
 mmput+0xfa/0x420 kernel/fork.c:947
 exit_mm kernel/exit.c:548 [inline]
 do_exit+0x984/0x2850 kernel/exit.c:855
 do_group_exit+0x100/0x2e0 kernel/exit.c:965
 get_signal+0x38d/0x1ca0 kernel/signal.c:2412
 do_signal+0x7c/0x1550 arch/x86/kernel/signal.c:792
 exit_to_usermode_loop+0x160/0x200 arch/x86/entry/common.c:160
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f57c74a1049
RSP: 002b:00007f57c5e16168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: 0000000000000012 RBX: 00007f57c75b3f60 RCX: 00007f57c74a1049
RDX: 0000000000000300 RSI: 0000000000000002 RDI: 0000000000000011
RBP: 00007f57c74fb08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdcb176b9f R14: 00007f57c5e16300 R15: 0000000000022000
Code: d0 84 c0 0f 85 c8 fe ff ff 41 bf ea ff ff ff e9 21 fd ff ff 8b 05 08 68 ef 06 85 c0 74 11 4c 89 ce 31 d2 4c 89 e7 e8 6f eb ff ff <4c> 8b 0c 24 4c 89 ce 4c 89 e7 45 31 ff e8 5d fc ff ff e9 f3 fc 
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 7970 Comm: syz-executor.4 Not tainted 4.14.273-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880a97f6340 task.stack: ffff8880a4310000
RIP: 0010:__read_once_size include/linux/compiler.h:185 [inline]
RIP: 0010:csd_lock_wait kernel/smp.c:108 [inline]
RIP: 0010:smp_call_function_single+0x181/0x370 kernel/smp.c:302
RSP: 0018:ffff8880a4317840 EFLAGS: 00000297
RAX: ffff8880a97f6340 RBX: 1ffff11014862f0c RCX: 1ffffffff1198fac
RDX: 0000000000000000 RSI: ffff8880a4317880 RDI: ffff8880a4317880
RBP: ffff8880a4317900 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
FS:  0000555557235400(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd709827558 CR3: 00000000af2c7000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 smp_call_function_many+0x60f/0x7a0 kernel/smp.c:434
 smp_call_function kernel/smp.c:492 [inline]
 on_each_cpu+0x40/0x210 kernel/smp.c:602
 text_poke_bp+0x90/0x110 arch/x86/kernel/alternative.c:796
 __jump_label_transform+0x269/0x300 arch/x86/kernel/jump_label.c:102
 arch_jump_label_transform+0x26/0x40 arch/x86/kernel/jump_label.c:110
 __jump_label_update+0x113/0x170 kernel/jump_label.c:374
 jump_label_update kernel/jump_label.c:741 [inline]
 jump_label_update+0x140/0x2d0 kernel/jump_label.c:720
 __static_key_slow_dec_cpuslocked+0x3d/0xf0 kernel/jump_label.c:204
 __static_key_slow_dec kernel/jump_label.c:214 [inline]
 static_key_slow_dec+0x53/0x70 kernel/jump_label.c:228
 cleanup_entry+0x232/0x310 net/ipv6/netfilter/ip6_tables.c:685
 __do_replace+0x38d/0x580 net/ipv6/netfilter/ip6_tables.c:1106
 do_replace net/ipv6/netfilter/ip6_tables.c:1162 [inline]
 do_ip6t_set_ctl+0x256/0x3b0 net/ipv6/netfilter/ip6_tables.c:1688
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x5f/0xb0 net/netfilter/nf_sockopt.c:115
 ipv6_setsockopt+0xc0/0x120 net/ipv6/ipv6_sockglue.c:937
 tcp_setsockopt+0x7b/0xc0 net/ipv4/tcp.c:2830
 SYSC_setsockopt net/socket.c:1865 [inline]
 SyS_setsockopt+0x110/0x1e0 net/socket.c:1844
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7fd70974769a
RSP: 002b:00007ffd6351c848 EFLAGS: 00000206 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000029 RCX: 00007fd70974769a
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 00007ffd6351c870 R08: 00000000000003b8 R09: ff00000000000000
R10: 00007fd709827bc0 R11: 0000000000000206 R12: 00007ffd6351c8d0
R13: 0000000000000003 R14: 00007ffd6351c86c R15: 00007fd709827b60
Code: c9 08 00 48 8b 54 24 10 4c 89 e9 8b 7c 24 1c 48 8d 74 24 40 e8 71 fa ff ff 41 89 c4 8b 44 24 58 a8 01 74 0f e8 61 c9 08 00 f3 90 <8b> 44 24 58 a8 01 75 f1 e8 52 c9 08 00 e8 4d c9 08 00 bf 01 00 
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	84 c0                	test   %al,%al
   2:	0f 85 c8 fe ff ff    	jne    0xfffffed0
   8:	41 bf ea ff ff ff    	mov    $0xffffffea,%r15d
   e:	e9 21 fd ff ff       	jmpq   0xfffffd34
  13:	8b 05 08 68 ef 06    	mov    0x6ef6808(%rip),%eax        # 0x6ef6821
  19:	85 c0                	test   %eax,%eax
  1b:	74 11                	je     0x2e
  1d:	4c 89 ce             	mov    %r9,%rsi
  20:	31 d2                	xor    %edx,%edx
  22:	4c 89 e7             	mov    %r12,%rdi
  25:	e8 6f eb ff ff       	callq  0xffffeb99
* 2a:	4c 8b 0c 24          	mov    (%rsp),%r9 <-- trapping instruction
  2e:	4c 89 ce             	mov    %r9,%rsi
  31:	4c 89 e7             	mov    %r12,%rdi
  34:	45 31 ff             	xor    %r15d,%r15d
  37:	e8 5d fc ff ff       	callq  0xfffffc99
  3c:	e9                   	.byte 0xe9
  3d:	f3 fc                	repz cld