BUG: soft lockup in ip_rcv
14 views
Skip to first unread message
syzbot
May 3, 2021, 11:32:25 PM5/3/21
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 97a8651c Linux 4.19.189
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1210ada3d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=82311d18bf81a023
dashboard link: https://syzkaller.appspot.com/bug?extid=b18d5a06aac2503313d6
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b18d5a...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.2:15094]
Modules linked in:
irq event stamp: 2547141
hardirqs last enabled at (2547140): [<ffffffff81003ce4>] trace_hardirqs_on_thunk+0x1a/0x1c
hardirqs last disabled at (2547141): [<ffffffff81003d00>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last enabled at (2508570): [<ffffffff88400678>] __do_softirq+0x678/0x980 kernel/softirq.c:318
softirqs last disabled at (2508573): [<ffffffff813926d5>] invoke_softirq kernel/softirq.c:372 [inline]
softirqs last disabled at (2508573): [<ffffffff813926d5>] irq_exit+0x215/0x260 kernel/softirq.c:412
CPU: 1 PID: 15094 Comm: syz-executor.2 Not tainted 4.19.189-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:fib_table_lookup+0x106/0x1e30 net/ipv4/fib_trie.c:1332
Code: 1a 00 00 48 8b 5b 08 e8 18 16 68 fa 31 ff 89 c5 89 c6 e8 bd f8 79 fa 85 ed 49 89 df 74 1e e8 41 f7 79 fa 0f b6 2d 62 40 26 04 <31> ff 89 ee e8 61 f8 79 fa 40 84 ed 0f 84 48 11 00 00 e8 23 f7 79
RSP: 0018:ffff8880ba106ee8 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13
RAX: ffff88804e338540 RBX: ffff8880b336a8a0 RCX: ffffffff86e86723
RDX: 0000000000000100 RSI: ffffffff86e8672f RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: ffff8880ba1072a0
R13: ffff8880a50a4980 R14: ffff8880a50a49b0 R15: ffff8880b336a8a0
FS: 00007fd031456700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c01fe74000 CR3: 0000000009e6d000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
fib_lookup include/net/ip_fib.h:330 [inline]
ip_route_output_key_hash_rcu+0x404/0x3060 net/ipv4/route.c:2485
ip_route_output_key_hash+0x1c6/0x320 net/ipv4/route.c:2375
__ip_route_output_key include/net/route.h:124 [inline]
ip_route_output_flow+0x23/0x150 net/ipv4/route.c:2632
ip_route_output_key include/net/route.h:134 [inline]
sctp_v4_get_dst+0x391/0x1190 net/sctp/protocol.c:457
sctp_transport_route+0x125/0x350 net/sctp/transport.c:312
sctp_ootb_pkt_new+0x1cf/0x390 net/sctp/sm_statefuns.c:6287
sctp_sf_tabort_8_4_8.constprop.0+0x30/0x420 net/sctp/sm_statefuns.c:3388
sctp_sf_ootb+0x5ba/0x670 net/sctp/sm_statefuns.c:3616
sctp_do_sm+0x162/0x5110 net/sctp/sm_sideeffect.c:1167
sctp_endpoint_bh_rcv+0x405/0x880 net/sctp/endpointola.c:457
sctp_inq_push+0x1da/0x270 net/sctp/inqueue.c:95
sctp_rcv+0x1625/0x3270 net/sctp/input.c:268
ip_local_deliver_finish+0x495/0xc00 net/ipv4/ip_input.c:215
NF_HOOK include/linux/netfilter.h:289 [inline]
ip_local_deliver+0x188/0x500 net/ipv4/ip_input.c:256
dst_input include/net/dst.h:461 [inline]
ip_rcv_finish+0x1ca/0x2e0 net/ipv4/ip_input.c:414
NF_HOOK include/linux/netfilter.h:289 [inline]
ip_rcv+0xca/0x3c0 net/ipv4/ip_input.c:524
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
__netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
process_backlog+0x241/0x700 net/core/dev.c:5848
napi_poll net/core/dev.c:6272 [inline]
net_rx_action+0x4ac/0xfb0 net/core/dev.c:6338
__do_softirq+0x265/0x980 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x215/0x260 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:535 [inline]
smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
</IRQ>
RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:317 [inline]
RIP: 0010:PageSwapBacked include/linux/page-flags.h:295 [inline]
RIP: 0010:mm_counter_file include/linux/mm.h:1639 [inline]
RIP: 0010:mm_counter include/linux/mm.h:1648 [inline]
RIP: 0010:zap_pte_range mm/memory.c:1349 [inline]
RIP: 0010:zap_pmd_range mm/memory.c:1452 [inline]
RIP: 0010:zap_pud_range mm/memory.c:1481 [inline]
RIP: 0010:zap_p4d_range mm/memory.c:1502 [inline]
RIP: 0010:unmap_page_range+0x128d/0x2a70 mm/memory.c:1523
Code: 00 00 00 e8 f5 f8 d6 ff 48 8b 94 24 c0 00 00 00 48 85 d2 0f 85 01 0f 00 00 e8 4f f7 d6 ff 48 89 da 48 c1 ea 03 42 80 3c 32 00 <0f> 85 28 17 00 00 48 8b 1b 31 ff 48 c1 eb 12 83 e3 01 89 de c1 e3
RSP: 0018:ffff8880411a7770 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: ffff88804e338540 RBX: ffffea0002ab8c80 RCX: ffffffff818b670b
RDX: 1ffffd4000557190 RSI: ffffffff818b6721 RDI: 0000000000000007
RBP: ffffea0002ab8c88 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000000 R12: dead000000000100
R13: ffffea0002ab8c80 R14: dffffc0000000000 R15: 00007fd033781000
unmap_single_vma+0x198/0x300 mm/memory.c:1568
unmap_vmas+0xa9/0x180 mm/memory.c:1598
exit_mmap+0x2b9/0x530 mm/mmap.c:3093
__mmput kernel/fork.c:1015 [inline]
mmput+0x14e/0x4a0 kernel/fork.c:1036
exit_mm kernel/exit.c:549 [inline]
do_exit+0xaec/0x2be0 kernel/exit.c:857
do_group_exit+0x125/0x310 kernel/exit.c:967
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4665f9
Code: Bad RIP value.
RSP: 002b:00007fd031456188 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: fffffffffffffe00 RBX: 000000000056bf60 RCX: 00000000004665f9
RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005
RBP: 00000000004bfce1 R08: 000000000000001c R09: 0000000000000000
R10: 000000002055bfe4 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007ffd6158aadf R14: 00007fd031456300 R15: 0000000000022000
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 15152 Comm: syz-executor.4 Not tainted 4.19.189-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__lock_acquire+0x19f/0x3ff0 kernel/locking/lockdep.c:3275
Code: 4c 89 f7 e8 c3 92 ff ff 48 85 c0 0f 85 b5 00 00 00 45 31 ff 48 b8 00 00 00 00 00 fc ff df 48 03 44 24 08 48 c7 00 00 00 00 00 <48> c7 40 08 00 00 00 00 c7 40 18 00 00 00 00 48 8b 84 24 90 01 00
RSP: 0018:ffff8880ba0068e8 EFLAGS: 00000086
RAX: ffffed1017400d30 RBX: ffffffff8c70eb20 RCX: 0000000000002f71
RDX: 1ffff11016a39168 RSI: 00000000208f3a1a RDI: ffffffff8c70eb38
RBP: dffffc0000000000 R08: ffffffff8cd2d0c8 R09: 0000000000000006
R10: ffff8880b51c8c38 R11: ffffffff8c66301b R12: 1d44d3f713be2a7e
R13: ffff8880b51c82c0 R14: ffff8880b51c8c50 R15: 0000000000000001
FS: 00007f100918b700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c015f45000 CR3: 0000000097750000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
seqcount_lockdep_reader_access include/linux/seqlock.h:81 [inline]
read_seqcount_begin include/linux/seqlock.h:164 [inline]
ktime_get_update_offsets_now+0xcd/0x460 kernel/time/timekeeping.c:2225
hrtimer_update_base kernel/time/hrtimer.c:621 [inline]
hrtimer_interrupt+0x449/0x9e0 kernel/time/hrtimer.c:1571
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1071 [inline]
smp_apic_timer_interrupt+0x10c/0x550 arch/x86/kernel/apic/apic.c:1096
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
RIP: 0010:unwind_next_frame+0x153/0x1400 arch/x86/kernel/unwind_orc.c:410
Code: 00 00 48 89 44 24 18 e8 cb e8 17 00 49 8d 46 50 48 89 c2 48 89 44 24 08 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 <0f> 85 33 0f 00 00 4d 8b 6e 50 4d 85 ed 74 30 49 8d bd 88 00 00 00
RSP: 0018:ffff8880ba006d30 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: dffffc0000000000 RBX: 1ffff11017400daf RCX: 0000000000000000
RDX: 1ffff11017400dd6 RSI: ffff8880ba006cc0 RDI: 0000000000000001
RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000000001
R10: ffff8880ba006ebf R11: 0000000000074071 R12: ffff8880ba006ea8
R13: 0000000000000000 R14: ffff8880ba006e60 R15: 00000000000000e8
__save_stack_trace+0x9f/0x190 arch/x86/kernel/stacktrace.c:44
save_stack mm/kasan/kasan.c:448 [inline]
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553
slab_post_alloc_hook mm/slab.h:445 [inline]
slab_alloc_node mm/slab.c:3340 [inline]
kmem_cache_alloc_node+0x133/0x3b0 mm/slab.c:3647
__alloc_skb+0x71/0x560 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:995 [inline]
sctp_packet_transmit+0x246/0x3660 net/sctp/output.c:584
sctp_outq_flush_transports+0x19d/0x340 net/sctp/outqueue.c:1166
sctp_outq_flush net/sctp/outqueue.c:1214 [inline]
sctp_outq_uncork+0x185/0x200 net/sctp/outqueue.c:777
sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1815 [inline]
sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline]
sctp_do_sm+0x72a/0x5110 net/sctp/sm_sideeffect.c:1170
sctp_assoc_bh_rcv+0x345/0x650 net/sctp/associola.c:1073
sctp_inq_push+0x1da/0x270 net/sctp/inqueue.c:95
sctp_rcv+0x1625/0x3270 net/sctp/input.c:268
sctp6_rcv+0x12/0x30 net/sctp/ipv6.c:1067
ip6_input_finish+0x46a/0x17a0 net/ipv6/ip6_input.c:385
NF_HOOK include/linux/netfilter.h:289 [inline]
ip6_input+0xcf/0x3c0 net/ipv6/ip6_input.c:428
dst_input include/net/dst.h:461 [inline]
ip6_rcv_finish+0x1d9/0x2f0 net/ipv6/ip6_input.c:76
NF_HOOK include/linux/netfilter.h:289 [inline]
ipv6_rcv+0xf2/0x3f0 net/ipv6/ip6_input.c:273
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
__netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
process_backlog+0x241/0x700 net/core/dev.c:5848
napi_poll net/core/dev.c:6272 [inline]
net_rx_action+0x4ac/0xfb0 net/core/dev.c:6338
__do_softirq+0x265/0x980 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x215/0x260 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:535 [inline]
smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
</IRQ>
RIP: 0010:preempt_schedule_irq+0xa6/0x140 kernel/sched/core.c:3744
Code: 00 00 e8 2d 5e 2a f9 e8 08 7a 50 f9 4c 89 e8 48 c1 e8 03 80 3c 18 00 75 69 48 83 3d 7b 75 da 01 00 74 5b fb 66 0f 1f 44 00 00 <bf> 01 00 00 00 e8 40 d1 ff ff 48 c7 c0 50 82 f1 89 48 c1 e8 03 80
RSP: 0018:ffff88809ee1f4a0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e304b RBX: dffffc0000000000 RCX: 1ffff11016a39172
RDX: 0000000000000000 RSI: ffff8880b51c8b70 RDI: ffff8880b51c8b44
RBP: ffffed1016a39058 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880b51c82c0
R13: ffffffff89f18258 R14: 0000000000000000 R15: 0000000000000000
retint_kernel+0x1b/0x2d
RIP: 0010:refcount_dec_and_test arch/x86/include/asm/refcount.h:76 [inline]
RIP: 0010:sctp_transport_put+0x10/0x120 net/sctp/transport.c:340
Code: ff ff e8 23 16 2a fa e9 25 ff ff ff e8 19 16 2a fa e9 5b ff ff ff 0f 1f 40 00 41 54 55 48 89 fd 53 e8 04 54 f4 f9 f0 ff 4d 20 <0f> 88 2d 63 a7 00 0f 94 c3 31 ff 89 de e8 1e 55 f4 f9 84 db 75 09
RSP: 0018:ffff88809ee1f578 EFLAGS: 00000203 ORIG_RAX: ffffffffffffff13
RAX: ffff8880b51c82c0 RBX: ffff8880b4f82940 RCX: ffffffff876c7c7a
RDX: 0000000000000000 RSI: ffffffff876e0a6c RDI: ffff8880b4f82940
RBP: ffff8880b4f82940 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: ffff8880a5704c10
R13: 0000000000000020 R14: ffff8880a5704ac0 R15: dffffc0000000000
sctp_cmd_hb_timers_stop net/sctp/sm_sideeffect.c:714 [inline]
sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1681 [inline]
sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline]
sctp_do_sm+0x219b/0x5110 net/sctp/sm_sideeffect.c:1170
sctp_primitive_SHUTDOWN+0x9b/0xc0 net/sctp/primitive.c:104
sctp_close+0x3d9/0x800 net/sctp/socket.c:1560
inet_release+0xd7/0x1e0 net/ipv4/af_inet.c:427
inet6_release+0x4c/0x70 net/ipv6/af_inet6.c:472
__sock_release+0xcd/0x2a0 net/socket.c:579
sock_close+0x15/0x20 net/socket.c:1140
__fput+0x2ce/0x890 fs/file_table.c:278
task_work_run+0x148/0x1c0 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0xbf3/0x2be0 kernel/exit.c:870
do_group_exit+0x125/0x310 kernel/exit.c:967
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799
Lost 14 message(s)!
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 97a8651c Linux 4.19.189
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1210ada3d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=82311d18bf81a023
dashboard link: https://syzkaller.appspot.com/bug?extid=b18d5a06aac2503313d6
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b18d5a...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.2:15094]
Modules linked in:
irq event stamp: 2547141
hardirqs last enabled at (2547140): [<ffffffff81003ce4>] trace_hardirqs_on_thunk+0x1a/0x1c
hardirqs last disabled at (2547141): [<ffffffff81003d00>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last enabled at (2508570): [<ffffffff88400678>] __do_softirq+0x678/0x980 kernel/softirq.c:318
softirqs last disabled at (2508573): [<ffffffff813926d5>] invoke_softirq kernel/softirq.c:372 [inline]
softirqs last disabled at (2508573): [<ffffffff813926d5>] irq_exit+0x215/0x260 kernel/softirq.c:412
CPU: 1 PID: 15094 Comm: syz-executor.2 Not tainted 4.19.189-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:fib_table_lookup+0x106/0x1e30 net/ipv4/fib_trie.c:1332
Code: 1a 00 00 48 8b 5b 08 e8 18 16 68 fa 31 ff 89 c5 89 c6 e8 bd f8 79 fa 85 ed 49 89 df 74 1e e8 41 f7 79 fa 0f b6 2d 62 40 26 04 <31> ff 89 ee e8 61 f8 79 fa 40 84 ed 0f 84 48 11 00 00 e8 23 f7 79
RSP: 0018:ffff8880ba106ee8 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13
RAX: ffff88804e338540 RBX: ffff8880b336a8a0 RCX: ffffffff86e86723
RDX: 0000000000000100 RSI: ffffffff86e8672f RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: ffff8880ba1072a0
R13: ffff8880a50a4980 R14: ffff8880a50a49b0 R15: ffff8880b336a8a0
FS: 00007fd031456700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c01fe74000 CR3: 0000000009e6d000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
fib_lookup include/net/ip_fib.h:330 [inline]
ip_route_output_key_hash_rcu+0x404/0x3060 net/ipv4/route.c:2485
ip_route_output_key_hash+0x1c6/0x320 net/ipv4/route.c:2375
__ip_route_output_key include/net/route.h:124 [inline]
ip_route_output_flow+0x23/0x150 net/ipv4/route.c:2632
ip_route_output_key include/net/route.h:134 [inline]
sctp_v4_get_dst+0x391/0x1190 net/sctp/protocol.c:457
sctp_transport_route+0x125/0x350 net/sctp/transport.c:312
sctp_ootb_pkt_new+0x1cf/0x390 net/sctp/sm_statefuns.c:6287
sctp_sf_tabort_8_4_8.constprop.0+0x30/0x420 net/sctp/sm_statefuns.c:3388
sctp_sf_ootb+0x5ba/0x670 net/sctp/sm_statefuns.c:3616
sctp_do_sm+0x162/0x5110 net/sctp/sm_sideeffect.c:1167
sctp_endpoint_bh_rcv+0x405/0x880 net/sctp/endpointola.c:457
sctp_inq_push+0x1da/0x270 net/sctp/inqueue.c:95
sctp_rcv+0x1625/0x3270 net/sctp/input.c:268
ip_local_deliver_finish+0x495/0xc00 net/ipv4/ip_input.c:215
NF_HOOK include/linux/netfilter.h:289 [inline]
ip_local_deliver+0x188/0x500 net/ipv4/ip_input.c:256
dst_input include/net/dst.h:461 [inline]
ip_rcv_finish+0x1ca/0x2e0 net/ipv4/ip_input.c:414
NF_HOOK include/linux/netfilter.h:289 [inline]
ip_rcv+0xca/0x3c0 net/ipv4/ip_input.c:524
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
__netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
process_backlog+0x241/0x700 net/core/dev.c:5848
napi_poll net/core/dev.c:6272 [inline]
net_rx_action+0x4ac/0xfb0 net/core/dev.c:6338
__do_softirq+0x265/0x980 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x215/0x260 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:535 [inline]
smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
</IRQ>
RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:317 [inline]
RIP: 0010:PageSwapBacked include/linux/page-flags.h:295 [inline]
RIP: 0010:mm_counter_file include/linux/mm.h:1639 [inline]
RIP: 0010:mm_counter include/linux/mm.h:1648 [inline]
RIP: 0010:zap_pte_range mm/memory.c:1349 [inline]
RIP: 0010:zap_pmd_range mm/memory.c:1452 [inline]
RIP: 0010:zap_pud_range mm/memory.c:1481 [inline]
RIP: 0010:zap_p4d_range mm/memory.c:1502 [inline]
RIP: 0010:unmap_page_range+0x128d/0x2a70 mm/memory.c:1523
Code: 00 00 00 e8 f5 f8 d6 ff 48 8b 94 24 c0 00 00 00 48 85 d2 0f 85 01 0f 00 00 e8 4f f7 d6 ff 48 89 da 48 c1 ea 03 42 80 3c 32 00 <0f> 85 28 17 00 00 48 8b 1b 31 ff 48 c1 eb 12 83 e3 01 89 de c1 e3
RSP: 0018:ffff8880411a7770 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: ffff88804e338540 RBX: ffffea0002ab8c80 RCX: ffffffff818b670b
RDX: 1ffffd4000557190 RSI: ffffffff818b6721 RDI: 0000000000000007
RBP: ffffea0002ab8c88 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000000 R12: dead000000000100
R13: ffffea0002ab8c80 R14: dffffc0000000000 R15: 00007fd033781000
unmap_single_vma+0x198/0x300 mm/memory.c:1568
unmap_vmas+0xa9/0x180 mm/memory.c:1598
exit_mmap+0x2b9/0x530 mm/mmap.c:3093
__mmput kernel/fork.c:1015 [inline]
mmput+0x14e/0x4a0 kernel/fork.c:1036
exit_mm kernel/exit.c:549 [inline]
do_exit+0xaec/0x2be0 kernel/exit.c:857
do_group_exit+0x125/0x310 kernel/exit.c:967
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4665f9
Code: Bad RIP value.
RSP: 002b:00007fd031456188 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: fffffffffffffe00 RBX: 000000000056bf60 RCX: 00000000004665f9
RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005
RBP: 00000000004bfce1 R08: 000000000000001c R09: 0000000000000000
R10: 000000002055bfe4 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007ffd6158aadf R14: 00007fd031456300 R15: 0000000000022000
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 15152 Comm: syz-executor.4 Not tainted 4.19.189-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__lock_acquire+0x19f/0x3ff0 kernel/locking/lockdep.c:3275
Code: 4c 89 f7 e8 c3 92 ff ff 48 85 c0 0f 85 b5 00 00 00 45 31 ff 48 b8 00 00 00 00 00 fc ff df 48 03 44 24 08 48 c7 00 00 00 00 00 <48> c7 40 08 00 00 00 00 c7 40 18 00 00 00 00 48 8b 84 24 90 01 00
RSP: 0018:ffff8880ba0068e8 EFLAGS: 00000086
RAX: ffffed1017400d30 RBX: ffffffff8c70eb20 RCX: 0000000000002f71
RDX: 1ffff11016a39168 RSI: 00000000208f3a1a RDI: ffffffff8c70eb38
RBP: dffffc0000000000 R08: ffffffff8cd2d0c8 R09: 0000000000000006
R10: ffff8880b51c8c38 R11: ffffffff8c66301b R12: 1d44d3f713be2a7e
R13: ffff8880b51c82c0 R14: ffff8880b51c8c50 R15: 0000000000000001
FS: 00007f100918b700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c015f45000 CR3: 0000000097750000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
seqcount_lockdep_reader_access include/linux/seqlock.h:81 [inline]
read_seqcount_begin include/linux/seqlock.h:164 [inline]
ktime_get_update_offsets_now+0xcd/0x460 kernel/time/timekeeping.c:2225
hrtimer_update_base kernel/time/hrtimer.c:621 [inline]
hrtimer_interrupt+0x449/0x9e0 kernel/time/hrtimer.c:1571
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1071 [inline]
smp_apic_timer_interrupt+0x10c/0x550 arch/x86/kernel/apic/apic.c:1096
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
RIP: 0010:unwind_next_frame+0x153/0x1400 arch/x86/kernel/unwind_orc.c:410
Code: 00 00 48 89 44 24 18 e8 cb e8 17 00 49 8d 46 50 48 89 c2 48 89 44 24 08 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 <0f> 85 33 0f 00 00 4d 8b 6e 50 4d 85 ed 74 30 49 8d bd 88 00 00 00
RSP: 0018:ffff8880ba006d30 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: dffffc0000000000 RBX: 1ffff11017400daf RCX: 0000000000000000
RDX: 1ffff11017400dd6 RSI: ffff8880ba006cc0 RDI: 0000000000000001
RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000000001
R10: ffff8880ba006ebf R11: 0000000000074071 R12: ffff8880ba006ea8
R13: 0000000000000000 R14: ffff8880ba006e60 R15: 00000000000000e8
__save_stack_trace+0x9f/0x190 arch/x86/kernel/stacktrace.c:44
save_stack mm/kasan/kasan.c:448 [inline]
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553
slab_post_alloc_hook mm/slab.h:445 [inline]
slab_alloc_node mm/slab.c:3340 [inline]
kmem_cache_alloc_node+0x133/0x3b0 mm/slab.c:3647
__alloc_skb+0x71/0x560 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:995 [inline]
sctp_packet_transmit+0x246/0x3660 net/sctp/output.c:584
sctp_outq_flush_transports+0x19d/0x340 net/sctp/outqueue.c:1166
sctp_outq_flush net/sctp/outqueue.c:1214 [inline]
sctp_outq_uncork+0x185/0x200 net/sctp/outqueue.c:777
sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1815 [inline]
sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline]
sctp_do_sm+0x72a/0x5110 net/sctp/sm_sideeffect.c:1170
sctp_assoc_bh_rcv+0x345/0x650 net/sctp/associola.c:1073
sctp_inq_push+0x1da/0x270 net/sctp/inqueue.c:95
sctp_rcv+0x1625/0x3270 net/sctp/input.c:268
sctp6_rcv+0x12/0x30 net/sctp/ipv6.c:1067
ip6_input_finish+0x46a/0x17a0 net/ipv6/ip6_input.c:385
NF_HOOK include/linux/netfilter.h:289 [inline]
ip6_input+0xcf/0x3c0 net/ipv6/ip6_input.c:428
dst_input include/net/dst.h:461 [inline]
ip6_rcv_finish+0x1d9/0x2f0 net/ipv6/ip6_input.c:76
NF_HOOK include/linux/netfilter.h:289 [inline]
ipv6_rcv+0xf2/0x3f0 net/ipv6/ip6_input.c:273
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
__netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
process_backlog+0x241/0x700 net/core/dev.c:5848
napi_poll net/core/dev.c:6272 [inline]
net_rx_action+0x4ac/0xfb0 net/core/dev.c:6338
__do_softirq+0x265/0x980 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x215/0x260 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:535 [inline]
smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
</IRQ>
RIP: 0010:preempt_schedule_irq+0xa6/0x140 kernel/sched/core.c:3744
Code: 00 00 e8 2d 5e 2a f9 e8 08 7a 50 f9 4c 89 e8 48 c1 e8 03 80 3c 18 00 75 69 48 83 3d 7b 75 da 01 00 74 5b fb 66 0f 1f 44 00 00 <bf> 01 00 00 00 e8 40 d1 ff ff 48 c7 c0 50 82 f1 89 48 c1 e8 03 80
RSP: 0018:ffff88809ee1f4a0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e304b RBX: dffffc0000000000 RCX: 1ffff11016a39172
RDX: 0000000000000000 RSI: ffff8880b51c8b70 RDI: ffff8880b51c8b44
RBP: ffffed1016a39058 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880b51c82c0
R13: ffffffff89f18258 R14: 0000000000000000 R15: 0000000000000000
retint_kernel+0x1b/0x2d
RIP: 0010:refcount_dec_and_test arch/x86/include/asm/refcount.h:76 [inline]
RIP: 0010:sctp_transport_put+0x10/0x120 net/sctp/transport.c:340
Code: ff ff e8 23 16 2a fa e9 25 ff ff ff e8 19 16 2a fa e9 5b ff ff ff 0f 1f 40 00 41 54 55 48 89 fd 53 e8 04 54 f4 f9 f0 ff 4d 20 <0f> 88 2d 63 a7 00 0f 94 c3 31 ff 89 de e8 1e 55 f4 f9 84 db 75 09
RSP: 0018:ffff88809ee1f578 EFLAGS: 00000203 ORIG_RAX: ffffffffffffff13
RAX: ffff8880b51c82c0 RBX: ffff8880b4f82940 RCX: ffffffff876c7c7a
RDX: 0000000000000000 RSI: ffffffff876e0a6c RDI: ffff8880b4f82940
RBP: ffff8880b4f82940 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: ffff8880a5704c10
R13: 0000000000000020 R14: ffff8880a5704ac0 R15: dffffc0000000000
sctp_cmd_hb_timers_stop net/sctp/sm_sideeffect.c:714 [inline]
sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1681 [inline]
sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline]
sctp_do_sm+0x219b/0x5110 net/sctp/sm_sideeffect.c:1170
sctp_primitive_SHUTDOWN+0x9b/0xc0 net/sctp/primitive.c:104
sctp_close+0x3d9/0x800 net/sctp/socket.c:1560
inet_release+0xd7/0x1e0 net/ipv4/af_inet.c:427
inet6_release+0x4c/0x70 net/ipv6/af_inet6.c:472
__sock_release+0xcd/0x2a0 net/socket.c:579
sock_close+0x15/0x20 net/socket.c:1140
__fput+0x2ce/0x890 fs/file_table.c:278
task_work_run+0x148/0x1c0 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0xbf3/0x2be0 kernel/exit.c:870
do_group_exit+0x125/0x310 kernel/exit.c:967
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799
Lost 14 message(s)!
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 20, 2021, 10:26:23 PM9/20/21
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: b172b44fcb17 Linux 4.19.206
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15bae31d300000
kernel config: https://syzkaller.appspot.com/x/.config?x=b9ba3521ce0be3cd
dashboard link: https://syzkaller.appspot.com/bug?extid=b18d5a06aac2503313d6
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=178504d3300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b18d5a...@syzkaller.appspotmail.com
ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy1 wpan1: encryption failed: -22
watchdog: BUG: soft lockup - CPU#0 stuck for 21s! [syz-executor.1:10244]
Modules linked in:
irq event stamp: 2654851
hardirqs last enabled at (2654850): [<ffffffff81003ce4>] trace_hardirqs_on_thunk+0x1a/0x1c
hardirqs last disabled at (2654851): [<ffffffff81003d00>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last enabled at (2622848): [<ffffffff88400678>] __do_softirq+0x678/0x980 kernel/softirq.c:318
softirqs last disabled at (2622851): [<ffffffff81393705>] invoke_softirq kernel/softirq.c:372 [inline]
softirqs last disabled at (2622851): [<ffffffff81393705>] irq_exit+0x215/0x260 kernel/softirq.c:412
CPU: 0 PID: 10244 Comm: syz-executor.1 Not tainted 4.19.206-syzkaller #0
Code: f7 4c 89 44 24 30 48 8d 70 f8 48 89 44 24 28 e8 34 f4 ff ff 84 c0 0f 84 72 fa ff ff 48 b8 00 00 00 00 00 fc ff df 48 8b 14 24 <4c> 8b 64 24 68 4c 8b 44 24 30 48 c1 ea 03 80 3c 02 00 0f 85 8c 09
RSP: 0018:ffff8880ba006e48 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
RAX: dffffc0000000000 RBX: 1ffff11017400dd2 RCX: 0000000000000000
RDX: ffff8880ba007068 RSI: ffff8880ba006dd8 RDI: ffff8880ba007018
RBP: 0000000000000002 R08: ffffffff8b9096a8 R09: ffffffff8b9096a4
R10: ffff8880ba00708f R11: 0000000000074071 R12: ffff8880ba007078
R13: ffff8880ba007065 R14: ffff8880ba007030 R15: ffffffff8b9096a4
FS: 00007fa65483c700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
unwind_start arch/x86/include/asm/unwind.h:60 [inline]
__save_stack_trace+0x72/0x190 arch/x86/kernel/stacktrace.c:43
kmem_cache_zalloc include/linux/slab.h:699 [inline]
sctp_chunkify+0x4b/0x2e0 net/sctp/sm_make_chunk.c:1349
_sctp_make_chunk+0x149/0x260 net/sctp/sm_make_chunk.c:1422
sctp_make_control net/sctp/sm_make_chunk.c:1458 [inline]
sctp_make_abort+0x3f/0x410 net/sctp/sm_make_chunk.c:970
sctp_sf_tabort_8_4_8.constprop.0+0x4e/0x420 net/sctp/sm_statefuns.c:3411
sctp_sf_ootb+0x5ba/0x670 net/sctp/sm_statefuns.c:3632
napi_poll net/core/dev.c:6280 [inline]
net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346
Code: cf 89 48 89 fa 48 c1 ea 03 42 80 3c 32 00 0f 85 79 1c 00 00 4c 03 3c c5 00 9f cf 89 49 8d 87 20 0a 00 00 4c 89 bd 70 ff ff ff <48> 89 c2 48 89 85 58 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1
RSP: 0018:ffff88808d50eec8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: ffff8880ba02bae0 RBX: 0000000000000001 RCX: ffffffff83771ea3
RDX: 1ffffffff139f3e0 RSI: ffffffff83771eb1 RDI: ffffffff89cf9f00
RBP: ffff88808d50ef90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: ffff88809f9a8400
R13: 000000000002b0c0 R14: dffffc0000000000 R15: ffff8880ba02b0c0
preempt_schedule_irq+0xb0/0x140 kernel/sched/core.c:3744
retint_kernel+0x1b/0x2d
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:99 [inline]
RIP: 0010:__local_bh_enable_ip+0x18d/0x270 kernel/softirq.c:196
Code: 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 dd 00 00 00 48 83 3d d8 50 b8 08 00 0f 84 8d 00 00 00 fb 66 0f 1f 44 00 00 <65> 8b 05 3c ad c8 7e 85 c0 74 7d 5b 5d 41 5c c3 80 3d 85 75 d5 09
RSP: 0018:ffff88808d50f070 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e305b RBX: 0000000000000200 RCX: 1ffff11013f35195
RDX: dffffc0000000000 RSI: ffff88809f9a8cb0 RDI: ffff88809f9a8c84
RBP: ffffffff8701f876 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88809f9a8400
R13: ffff8880941443c0 R14: ffff88809e541b50 R15: ffff8880a18de800
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline]
ip6_finish_output2+0x11a9/0x2290 net/ipv6/ip6_output.c:121
ip6_finish_output+0x89b/0x10f0 net/ipv6/ip6_output.c:192
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip6_output+0x205/0x770 net/ipv6/ip6_output.c:209
dst_output include/net/dst.h:455 [inline]
NF_HOOK include/linux/netfilter.h:289 [inline]
ip6_xmit+0xdbf/0x20a0 net/ipv6/ip6_output.c:313
sctp_v6_xmit+0x377/0x710 net/sctp/ipv6.c:229
sctp_packet_transmit+0x1e21/0x3660 net/sctp/output.c:641
sk_backlog_rcv include/net/sock.h:950 [inline]
__release_sock+0x134/0x3a0 net/core/sock.c:2344
release_sock+0x54/0x1b0 net/core/sock.c:2881
sctp_setsockopt+0x21c/0x4b40 net/sctp/socket.c:4501
__sys_setsockopt+0x14d/0x240 net/socket.c:2013
__do_sys_setsockopt net/socket.c:2024 [inline]
__se_sys_setsockopt net/socket.c:2021 [inline]
__x64_sys_setsockopt+0xba/0x150 net/socket.c:2021
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fa6550c5739
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa65483c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fa6551c9f80 RCX: 00007fa6550c5739
R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007fa6551c9f80
R13: 00007fff53f165af R14: 00007fa65483c300 R15: 0000000000022000
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 10293 Comm: syz-executor.4 Not tainted 4.19.206-syzkaller #0
Code: 2e 0f 1f 84 00 00 00 00 00 90 48 8b 0c 24 89 f2 89 fe bf 04 00 00 00 e9 4e ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 0c 24 48 89 f2 48 89 fe bf 06 00 00 00 e9 2c ff ff ff 66 66
RSP: 0018:ffff8880ba106a48 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: 0000018a0eb5bd5e RCX: ffffffff87efc770
RDX: 1ffff11017424abf RSI: 0000018a0eb5bd5e RDI: 0000018a0e39e67c
RBP: 0000018a0e39e67c R08: 0000000000000000 R09: 0000018a0e39e67c
R10: 0000000000000006 R11: ffffffff8c66405b R12: ffff88809d268358
R13: 0000000000000000 R14: ffff8880ba124d80 R15: 0000018a0e39e67c
FS: 00007fd472d48700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
enqueue_hrtimer+0x139/0x3d0 kernel/time/hrtimer.c:979
__run_hrtimer kernel/time/hrtimer.c:1434 [inline]
__hrtimer_run_queues+0xae6/0xe60 kernel/time/hrtimer.c:1481
hrtimer_interrupt+0x326/0x9e0 kernel/time/hrtimer.c:1539
RIP: 0010:__ipv6_neigh_lookup_noref include/net/ndisc.h:379 [inline]
RIP: 0010:ip6_dst_lookup_tail+0xb86/0x19b0 net/ipv6/ip6_output.c:1036
Code: ff 48 89 de e8 9b 6b 60 fa 48 85 db 0f 84 b6 04 00 00 e8 fd 69 60 fa 48 8d bb a0 02 00 00 48 89 f8 48 c1 e8 03 42 80 3c 20 00 <0f> 85 77 0a 00 00 4c 3b b3 a0 02 00 00 0f 85 6d ff ff ff e8 d2 69
RSP: 0018:ffff8880ba106d70 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 1ffff11013ba3724 RBX: ffff88809dd1b680 RCX: ffffffff87022819
RDX: 0000000000000100 RSI: ffffffff870228c3 RDI: ffff88809dd1b920
RBP: ffff8880ba106ec8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff8880ba1070a8 R14: ffff8880ae9be140 R15: ffff8880ae9be140
ip6_dst_lookup_flow+0x8c/0x1d0 net/ipv6/ip6_output.c:1120
sctp_v6_get_dst+0x69f/0x1c90 net/sctp/ipv6.c:291
sctp_transport_route+0x125/0x350 net/sctp/transport.c:312
sctp_assoc_add_peer+0x5bf/0x1050 net/sctp/associola.c:677
sctp_process_param net/sctp/sm_make_chunk.c:2546 [inline]
sctp_process_init+0x250a/0x2b60 net/sctp/sm_make_chunk.c:2366
sctp_sf_do_5_1B_init+0x85f/0xde0 net/sctp/sm_statefuns.c:426
sctp6_rcv+0x12/0x30 net/sctp/ipv6.c:1072
napi_poll net/core/dev.c:6280 [inline]
net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346
__do_softirq+0x265/0x980 kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
</IRQ>
do_softirq.part.0+0x160/0x1c0 kernel/softirq.c:336
do_softirq kernel/softirq.c:328 [inline]
__local_bh_enable_ip+0x20e/0x270 kernel/softirq.c:189
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline]
ip6_finish_output2+0x11a9/0x2290 net/ipv6/ip6_output.c:121
ip6_finish_output+0x89b/0x10f0 net/ipv6/ip6_output.c:192
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip6_output+0x205/0x770 net/ipv6/ip6_output.c:209
dst_output include/net/dst.h:455 [inline]
NF_HOOK include/linux/netfilter.h:289 [inline]
ip6_xmit+0xdbf/0x20a0 net/ipv6/ip6_output.c:313
sctp_v6_xmit+0x377/0x710 net/sctp/ipv6.c:229
sctp_packet_transmit+0x1e21/0x3660 net/sctp/output.c:641
sctp_packet_singleton net/sctp/outqueue.c:792 [inline]
sctp_outq_flush_ctrl.constprop.0+0x6d3/0xc40 net/sctp/outqueue.c:923
sctp_outq_flush net/sctp/outqueue.c:1205 [inline]
sctp_outq_uncork+0x10b/0x200 net/sctp/outqueue.c:777
__sctp_connect+0x968/0xd00 net/sctp/socket.c:1258
__sctp_setsockopt_connectx+0x132/0x1c0 net/sctp/socket.c:1381
sctp_setsockopt_connectx_old net/sctp/socket.c:1397 [inline]
sctp_setsockopt+0x29d9/0x4b40 net/sctp/socket.c:4354
__sys_setsockopt+0x14d/0x240 net/socket.c:2013
__do_sys_setsockopt net/socket.c:2024 [inline]
__se_sys_setsockopt net/socket.c:2021 [inline]
__x64_sys_setsockopt+0xba/0x150 net/socket.c:2021
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fd4735d1739
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd472d48188 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fd4736d5f80 RCX: 00007fd4735d1739
R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007fd4736d5f80
R13: 00007fff211edb4f R14: 00007fd472d48300 R15: 0000000000022000
----------------
Code disassembly (best guess):
0: f7 4c 89 44 24 30 48 testl $0x8d483024,0x44(%rcx,%rcx,4)
7: 8d
8: 70 f8 jo 0x2
a: 48 89 44 24 28 mov %rax,0x28(%rsp)
f: e8 34 f4 ff ff callq 0xfffff448
14: 84 c0 test %al,%al
16: 0f 84 72 fa ff ff je 0xfffffa8e
1c: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
23: fc ff df
26: 48 8b 14 24 mov (%rsp),%rdx
* 2a: 4c 8b 64 24 68 mov 0x68(%rsp),%r12 <-- trapping instruction
2f: 4c 8b 44 24 30 mov 0x30(%rsp),%r8
34: 48 c1 ea 03 shr $0x3,%rdx
38: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
3c: 0f .byte 0xf
3d: 85 .byte 0x85
3e: 8c 09 mov %cs,(%rcx)
HEAD commit: b172b44fcb17 Linux 4.19.206
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15bae31d300000
kernel config: https://syzkaller.appspot.com/x/.config?x=b9ba3521ce0be3cd
dashboard link: https://syzkaller.appspot.com/bug?extid=b18d5a06aac2503313d6
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=178504d3300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b18d5a...@syzkaller.appspotmail.com
ieee802154 phy1 wpan1: encryption failed: -22
watchdog: BUG: soft lockup - CPU#0 stuck for 21s! [syz-executor.1:10244]
Modules linked in:
irq event stamp: 2654851
hardirqs last enabled at (2654850): [<ffffffff81003ce4>] trace_hardirqs_on_thunk+0x1a/0x1c
hardirqs last disabled at (2654851): [<ffffffff81003d00>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last enabled at (2622848): [<ffffffff88400678>] __do_softirq+0x678/0x980 kernel/softirq.c:318
softirqs last disabled at (2622851): [<ffffffff81393705>] invoke_softirq kernel/softirq.c:372 [inline]
softirqs last disabled at (2622851): [<ffffffff81393705>] irq_exit+0x215/0x260 kernel/softirq.c:412
CPU: 0 PID: 10244 Comm: syz-executor.1 Not tainted 4.19.206-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:unwind_next_frame+0xa12/0x1400 arch/x86/kernel/unwind_orc.c:508
Code: f7 4c 89 44 24 30 48 8d 70 f8 48 89 44 24 28 e8 34 f4 ff ff 84 c0 0f 84 72 fa ff ff 48 b8 00 00 00 00 00 fc ff df 48 8b 14 24 <4c> 8b 64 24 68 4c 8b 44 24 30 48 c1 ea 03 80 3c 02 00 0f 85 8c 09
RSP: 0018:ffff8880ba006e48 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
RAX: dffffc0000000000 RBX: 1ffff11017400dd2 RCX: 0000000000000000
RDX: ffff8880ba007068 RSI: ffff8880ba006dd8 RDI: ffff8880ba007018
RBP: 0000000000000002 R08: ffffffff8b9096a8 R09: ffffffff8b9096a4
R10: ffff8880ba00708f R11: 0000000000074071 R12: ffff8880ba007078
R13: ffff8880ba007065 R14: ffff8880ba007030 R15: ffffffff8b9096a4
FS: 00007fa65483c700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f471e4ef718 CR3: 000000009f9b3000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
__unwind_start+0x5b8/0x960 arch/x86/kernel/unwind_orc.c:667
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
unwind_start arch/x86/include/asm/unwind.h:60 [inline]
__save_stack_trace+0x72/0x190 arch/x86/kernel/stacktrace.c:43
save_stack mm/kasan/kasan.c:448 [inline]
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553
kmem_cache_alloc+0x122/0x370 mm/slab.c:3559
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553
kmem_cache_zalloc include/linux/slab.h:699 [inline]
sctp_chunkify+0x4b/0x2e0 net/sctp/sm_make_chunk.c:1349
_sctp_make_chunk+0x149/0x260 net/sctp/sm_make_chunk.c:1422
sctp_make_control net/sctp/sm_make_chunk.c:1458 [inline]
sctp_make_abort+0x3f/0x410 net/sctp/sm_make_chunk.c:970
sctp_sf_tabort_8_4_8.constprop.0+0x4e/0x420 net/sctp/sm_statefuns.c:3411
sctp_sf_ootb+0x5ba/0x670 net/sctp/sm_statefuns.c:3632
sctp_do_sm+0x162/0x5110 net/sctp/sm_sideeffect.c:1167
sctp_endpoint_bh_rcv+0x405/0x880 net/sctp/endpointola.c:457
sctp_inq_push+0x1da/0x270 net/sctp/inqueue.c:95
sctp_rcv+0x1651/0x3340 net/sctp/input.c:268
sctp_endpoint_bh_rcv+0x405/0x880 net/sctp/endpointola.c:457
sctp_inq_push+0x1da/0x270 net/sctp/inqueue.c:95
ip_local_deliver_finish+0x495/0xc00 net/ipv4/ip_input.c:215
NF_HOOK include/linux/netfilter.h:289 [inline]
ip_local_deliver+0x188/0x500 net/ipv4/ip_input.c:256
dst_input include/net/dst.h:461 [inline]
ip_rcv_finish+0x1ca/0x2e0 net/ipv4/ip_input.c:414
NF_HOOK include/linux/netfilter.h:289 [inline]
ip_rcv+0xca/0x3c0 net/ipv4/ip_input.c:524
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
__netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
process_backlog+0x241/0x700 net/core/dev.c:5849
NF_HOOK include/linux/netfilter.h:289 [inline]
ip_local_deliver+0x188/0x500 net/ipv4/ip_input.c:256
dst_input include/net/dst.h:461 [inline]
ip_rcv_finish+0x1ca/0x2e0 net/ipv4/ip_input.c:414
NF_HOOK include/linux/netfilter.h:289 [inline]
ip_rcv+0xca/0x3c0 net/ipv4/ip_input.c:524
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
__netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
napi_poll net/core/dev.c:6280 [inline]
net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346
__do_softirq+0x265/0x980 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x215/0x260 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x215/0x260 kernel/softirq.c:412
smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
</IRQ>
RIP: 0010:__schedule+0xad/0x2040 kernel/sched/core.c:3437
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
</IRQ>
Code: cf 89 48 89 fa 48 c1 ea 03 42 80 3c 32 00 0f 85 79 1c 00 00 4c 03 3c c5 00 9f cf 89 49 8d 87 20 0a 00 00 4c 89 bd 70 ff ff ff <48> 89 c2 48 89 85 58 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1
RSP: 0018:ffff88808d50eec8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: ffff8880ba02bae0 RBX: 0000000000000001 RCX: ffffffff83771ea3
RDX: 1ffffffff139f3e0 RSI: ffffffff83771eb1 RDI: ffffffff89cf9f00
RBP: ffff88808d50ef90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: ffff88809f9a8400
R13: 000000000002b0c0 R14: dffffc0000000000 R15: ffff8880ba02b0c0
preempt_schedule_irq+0xb0/0x140 kernel/sched/core.c:3744
retint_kernel+0x1b/0x2d
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:99 [inline]
RIP: 0010:__local_bh_enable_ip+0x18d/0x270 kernel/softirq.c:196
Code: 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 dd 00 00 00 48 83 3d d8 50 b8 08 00 0f 84 8d 00 00 00 fb 66 0f 1f 44 00 00 <65> 8b 05 3c ad c8 7e 85 c0 74 7d 5b 5d 41 5c c3 80 3d 85 75 d5 09
RSP: 0018:ffff88808d50f070 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e305b RBX: 0000000000000200 RCX: 1ffff11013f35195
RDX: dffffc0000000000 RSI: ffff88809f9a8cb0 RDI: ffff88809f9a8c84
RBP: ffffffff8701f876 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88809f9a8400
R13: ffff8880941443c0 R14: ffff88809e541b50 R15: ffff8880a18de800
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline]
ip6_finish_output2+0x11a9/0x2290 net/ipv6/ip6_output.c:121
ip6_finish_output+0x89b/0x10f0 net/ipv6/ip6_output.c:192
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip6_output+0x205/0x770 net/ipv6/ip6_output.c:209
dst_output include/net/dst.h:455 [inline]
NF_HOOK include/linux/netfilter.h:289 [inline]
ip6_xmit+0xdbf/0x20a0 net/ipv6/ip6_output.c:313
sctp_v6_xmit+0x377/0x710 net/sctp/ipv6.c:229
sctp_packet_transmit+0x1e21/0x3660 net/sctp/output.c:641
sctp_outq_flush_transports+0x19d/0x340 net/sctp/outqueue.c:1166
sctp_outq_flush net/sctp/outqueue.c:1214 [inline]
sctp_outq_uncork+0x185/0x200 net/sctp/outqueue.c:777
sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1815 [inline]
sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline]
sctp_do_sm+0x72a/0x5110 net/sctp/sm_sideeffect.c:1170
sctp_assoc_bh_rcv+0x345/0x650 net/sctp/associola.c:1073
sctp_inq_push+0x1da/0x270 net/sctp/inqueue.c:95
sctp_backlog_rcv+0x1e9/0x11e0 net/sctp/input.c:356
sctp_outq_flush net/sctp/outqueue.c:1214 [inline]
sctp_outq_uncork+0x185/0x200 net/sctp/outqueue.c:777
sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1815 [inline]
sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline]
sctp_do_sm+0x72a/0x5110 net/sctp/sm_sideeffect.c:1170
sctp_assoc_bh_rcv+0x345/0x650 net/sctp/associola.c:1073
sctp_inq_push+0x1da/0x270 net/sctp/inqueue.c:95
sk_backlog_rcv include/net/sock.h:950 [inline]
__release_sock+0x134/0x3a0 net/core/sock.c:2344
release_sock+0x54/0x1b0 net/core/sock.c:2881
sctp_setsockopt+0x21c/0x4b40 net/sctp/socket.c:4501
__sys_setsockopt+0x14d/0x240 net/socket.c:2013
__do_sys_setsockopt net/socket.c:2024 [inline]
__se_sys_setsockopt net/socket.c:2021 [inline]
__x64_sys_setsockopt+0xba/0x150 net/socket.c:2021
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fa6550c5739
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa65483c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fa6551c9f80 RCX: 00007fa6550c5739
RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005
RBP: 00007fa65511fcc4 R08: 000000000000001c R09: 0000000000000000
R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007fa6551c9f80
R13: 00007fff53f165af R14: 00007fa65483c300 R15: 0000000000022000
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 10293 Comm: syz-executor.4 Not tainted 4.19.206-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__sanitizer_cov_trace_cmp8+0x0/0x20 kernel/kcov.c:168
Code: 2e 0f 1f 84 00 00 00 00 00 90 48 8b 0c 24 89 f2 89 fe bf 04 00 00 00 e9 4e ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 0c 24 48 89 f2 48 89 fe bf 06 00 00 00 e9 2c ff ff ff 66 66
RSP: 0018:ffff8880ba106a48 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: 0000018a0eb5bd5e RCX: ffffffff87efc770
RDX: 1ffff11017424abf RSI: 0000018a0eb5bd5e RDI: 0000018a0e39e67c
RBP: 0000018a0e39e67c R08: 0000000000000000 R09: 0000018a0e39e67c
R10: 0000000000000006 R11: ffffffff8c66405b R12: ffff88809d268358
R13: 0000000000000000 R14: ffff8880ba124d80 R15: 0000018a0e39e67c
FS: 00007fd472d48700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000557e2a3042e8 CR3: 00000000a84de000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
timerqueue_add+0x238/0x300 lib/timerqueue.c:60
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
enqueue_hrtimer+0x139/0x3d0 kernel/time/hrtimer.c:979
__run_hrtimer kernel/time/hrtimer.c:1434 [inline]
__hrtimer_run_queues+0xae6/0xe60 kernel/time/hrtimer.c:1481
hrtimer_interrupt+0x326/0x9e0 kernel/time/hrtimer.c:1539
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1071 [inline]
smp_apic_timer_interrupt+0x10c/0x550 arch/x86/kernel/apic/apic.c:1096
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
RIP: 0010:___neigh_lookup_noref include/net/neighbour.h:290 [inline]
smp_apic_timer_interrupt+0x10c/0x550 arch/x86/kernel/apic/apic.c:1096
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
RIP: 0010:__ipv6_neigh_lookup_noref include/net/ndisc.h:379 [inline]
RIP: 0010:ip6_dst_lookup_tail+0xb86/0x19b0 net/ipv6/ip6_output.c:1036
Code: ff 48 89 de e8 9b 6b 60 fa 48 85 db 0f 84 b6 04 00 00 e8 fd 69 60 fa 48 8d bb a0 02 00 00 48 89 f8 48 c1 e8 03 42 80 3c 20 00 <0f> 85 77 0a 00 00 4c 3b b3 a0 02 00 00 0f 85 6d ff ff ff e8 d2 69
RSP: 0018:ffff8880ba106d70 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 1ffff11013ba3724 RBX: ffff88809dd1b680 RCX: ffffffff87022819
RDX: 0000000000000100 RSI: ffffffff870228c3 RDI: ffff88809dd1b920
RBP: ffff8880ba106ec8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff8880ba1070a8 R14: ffff8880ae9be140 R15: ffff8880ae9be140
ip6_dst_lookup_flow+0x8c/0x1d0 net/ipv6/ip6_output.c:1120
sctp_v6_get_dst+0x69f/0x1c90 net/sctp/ipv6.c:291
sctp_transport_route+0x125/0x350 net/sctp/transport.c:312
sctp_assoc_add_peer+0x5bf/0x1050 net/sctp/associola.c:677
sctp_process_param net/sctp/sm_make_chunk.c:2546 [inline]
sctp_process_init+0x250a/0x2b60 net/sctp/sm_make_chunk.c:2366
sctp_sf_do_5_1B_init+0x85f/0xde0 net/sctp/sm_statefuns.c:426
sctp_do_sm+0x162/0x5110 net/sctp/sm_sideeffect.c:1167
sctp_endpoint_bh_rcv+0x405/0x880 net/sctp/endpointola.c:457
sctp_inq_push+0x1da/0x270 net/sctp/inqueue.c:95
sctp_rcv+0x1651/0x3340 net/sctp/input.c:268
sctp_endpoint_bh_rcv+0x405/0x880 net/sctp/endpointola.c:457
sctp_inq_push+0x1da/0x270 net/sctp/inqueue.c:95
sctp6_rcv+0x12/0x30 net/sctp/ipv6.c:1072
ip6_input_finish+0x46a/0x17a0 net/ipv6/ip6_input.c:385
NF_HOOK include/linux/netfilter.h:289 [inline]
ip6_input+0xcf/0x3c0 net/ipv6/ip6_input.c:428
dst_input include/net/dst.h:461 [inline]
ip6_rcv_finish+0x1d9/0x2f0 net/ipv6/ip6_input.c:76
NF_HOOK include/linux/netfilter.h:289 [inline]
ipv6_rcv+0xf2/0x3f0 net/ipv6/ip6_input.c:273
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
__netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
process_backlog+0x241/0x700 net/core/dev.c:5849
NF_HOOK include/linux/netfilter.h:289 [inline]
ip6_input+0xcf/0x3c0 net/ipv6/ip6_input.c:428
dst_input include/net/dst.h:461 [inline]
ip6_rcv_finish+0x1d9/0x2f0 net/ipv6/ip6_input.c:76
NF_HOOK include/linux/netfilter.h:289 [inline]
ipv6_rcv+0xf2/0x3f0 net/ipv6/ip6_input.c:273
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
__netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
napi_poll net/core/dev.c:6280 [inline]
net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346
__do_softirq+0x265/0x980 kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
</IRQ>
do_softirq.part.0+0x160/0x1c0 kernel/softirq.c:336
do_softirq kernel/softirq.c:328 [inline]
__local_bh_enable_ip+0x20e/0x270 kernel/softirq.c:189
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline]
ip6_finish_output2+0x11a9/0x2290 net/ipv6/ip6_output.c:121
ip6_finish_output+0x89b/0x10f0 net/ipv6/ip6_output.c:192
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip6_output+0x205/0x770 net/ipv6/ip6_output.c:209
dst_output include/net/dst.h:455 [inline]
NF_HOOK include/linux/netfilter.h:289 [inline]
ip6_xmit+0xdbf/0x20a0 net/ipv6/ip6_output.c:313
sctp_v6_xmit+0x377/0x710 net/sctp/ipv6.c:229
sctp_packet_transmit+0x1e21/0x3660 net/sctp/output.c:641
sctp_packet_singleton net/sctp/outqueue.c:792 [inline]
sctp_outq_flush_ctrl.constprop.0+0x6d3/0xc40 net/sctp/outqueue.c:923
sctp_outq_flush net/sctp/outqueue.c:1205 [inline]
sctp_outq_uncork+0x10b/0x200 net/sctp/outqueue.c:777
sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1815 [inline]
sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline]
sctp_do_sm+0x72a/0x5110 net/sctp/sm_sideeffect.c:1170
sctp_primitive_ASSOCIATE+0x98/0xc0 net/sctp/primitive.c:88
sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline]
sctp_do_sm+0x72a/0x5110 net/sctp/sm_sideeffect.c:1170
__sctp_connect+0x968/0xd00 net/sctp/socket.c:1258
__sctp_setsockopt_connectx+0x132/0x1c0 net/sctp/socket.c:1381
sctp_setsockopt_connectx_old net/sctp/socket.c:1397 [inline]
sctp_setsockopt+0x29d9/0x4b40 net/sctp/socket.c:4354
__sys_setsockopt+0x14d/0x240 net/socket.c:2013
__do_sys_setsockopt net/socket.c:2024 [inline]
__se_sys_setsockopt net/socket.c:2021 [inline]
__x64_sys_setsockopt+0xba/0x150 net/socket.c:2021
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fd4735d1739
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd472d48188 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fd4736d5f80 RCX: 00007fd4735d1739
RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005
RBP: 00007fd47362bcc4 R08: 000000000000001c R09: 0000000000000000
R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007fd4736d5f80
R13: 00007fff211edb4f R14: 00007fd472d48300 R15: 0000000000022000
----------------
Code disassembly (best guess):
0: f7 4c 89 44 24 30 48 testl $0x8d483024,0x44(%rcx,%rcx,4)
7: 8d
8: 70 f8 jo 0x2
a: 48 89 44 24 28 mov %rax,0x28(%rsp)
f: e8 34 f4 ff ff callq 0xfffff448
14: 84 c0 test %al,%al
16: 0f 84 72 fa ff ff je 0xfffffa8e
1c: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
23: fc ff df
26: 48 8b 14 24 mov (%rsp),%rdx
* 2a: 4c 8b 64 24 68 mov 0x68(%rsp),%r12 <-- trapping instruction
2f: 4c 8b 44 24 30 mov 0x30(%rsp),%r8
34: 48 c1 ea 03 shr $0x3,%rdx
38: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
3c: 0f .byte 0xf
3d: 85 .byte 0x85
3e: 8c 09 mov %cs,(%rcx)
syzbot
Oct 6, 2021, 9:28:30 PM10/6/21
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 6db10b4d5efd Linux 4.19.209
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17996ba8b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=b2538a2e2837a9e5
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11483520b00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b18d5a...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [syz-executor942:9813]
Modules linked in:
irq event stamp: 2207993
hardirqs last enabled at (2207992): [<ffffffff81003ce4>] trace_hardirqs_on_thunk+0x1a/0x1c
hardirqs last disabled at (2207993): [<ffffffff81003d00>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last enabled at (2155502): [<ffffffff88400678>] __do_softirq+0x678/0x980 kernel/softirq.c:318
softirqs last disabled at (2155505): [<ffffffff813927d5>] invoke_softirq kernel/softirq.c:372 [inline]
softirqs last disabled at (2155505): [<ffffffff813927d5>] irq_exit+0x215/0x260 kernel/softirq.c:412
CPU: 1 PID: 9813 Comm: syz-executor942 Not tainted 4.19.209-syzkaller #0
Code: e8 2c de 6e 00 4c 8b 44 24 30 48 8b 4c 24 28 e9 06 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 8b 14 24 48 c1 ea 03 80 3c 02 00 <0f> 85 c4 09 00 00 4c 89 f8 49 8b 4e 38 48 ba 00 00 00 00 00 fc ff
RSP: 0018:ffff8880ba107420 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: dffffc0000000000 RBX: 1ffff11017420e8d RCX: ffffffff8c0658c3
RDX: 1ffff11017420eb1 RSI: 0000000000000001 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffff8c0658c2 R09: ffffffff8c0658be
R10: ffff8880ba1075af R11: 0000000000074071 R12: ffff8880ba107598
R13: ffff8880ba107585 R14: ffff8880ba107550 R15: ffffffff8c0658be
FS: 00007f630b77c700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
Code: 29 f9 e8 c8 4e 4f f9 4c 89 e8 48 c1 e8 03 80 3c 18 00 75 69 48 83 3d 0b 28 d9 01 00 74 5b fb 66 0f 1f 44 00 00 bf 01 00 00 00 <e8> 40 d1 ff ff 48 c7 c0 90 82 f1 89 48 c1 e8 03 80 3c 18 00 75 4b
RSP: 0018:ffff888094f6eeb0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e3053 RBX: dffffc0000000000 RCX: 1ffff11015473da5
RDX: 0000000000000000 RSI: ffff8880aa39ed30 RDI: 0000000000000001
RBP: ffffed1015473c90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880aa39e480
R13: ffffffff89f18298 R14: 0000000000000000 R15: 0000000000000000
retint_kernel+0x1b/0x2d
RSP: 0018:ffff888094f6ef80 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e3053 RBX: 0000000000000200 RCX: 1ffff11015473da5
RDX: dffffc0000000000 RSI: ffff8880aa39ed30 RDI: ffff8880aa39ed04
RBP: ffffffff87020786 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880aa39e480
R13: 0000000000000010 R14: 000000000000000e R15: ffff8880a951a400
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f630b77c308 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f630b8574c8 RCX: 00007f630b7ce759
R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007f630b8574cc
R13: 00007f630b82451c R14: 0100000000000000 R15: 0000000000022000
5: 4c 8b 44 24 30 mov 0x30(%rsp),%r8
a: 48 8b 4c 24 28 mov 0x28(%rsp),%rcx
f: e9 06 ff ff ff jmpq 0xffffff1a
14: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
1b: fc ff df
1e: 48 8b 14 24 mov (%rsp),%rdx
22: 48 c1 ea 03 shr $0x3,%rdx
26: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
* 2a: 0f 85 c4 09 00 00 jne 0x9f4 <-- trapping instruction
30: 4c 89 f8 mov %r15,%rax
33: 49 8b 4e 38 mov 0x38(%r14),%rcx
37: 48 rex.W
38: ba 00 00 00 00 mov $0x0,%edx
3d: 00 fc add %bh,%ah
3f: ff .byte 0xff
HEAD commit: 6db10b4d5efd Linux 4.19.209
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17996ba8b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=b2538a2e2837a9e5
dashboard link: https://syzkaller.appspot.com/bug?extid=b18d5a06aac2503313d6
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1071f5e0b00000
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11483520b00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b18d5a...@syzkaller.appspotmail.com
Modules linked in:
irq event stamp: 2207993
hardirqs last enabled at (2207992): [<ffffffff81003ce4>] trace_hardirqs_on_thunk+0x1a/0x1c
hardirqs last disabled at (2207993): [<ffffffff81003d00>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last enabled at (2155502): [<ffffffff88400678>] __do_softirq+0x678/0x980 kernel/softirq.c:318
softirqs last disabled at (2155505): [<ffffffff813927d5>] invoke_softirq kernel/softirq.c:372 [inline]
softirqs last disabled at (2155505): [<ffffffff813927d5>] irq_exit+0x215/0x260 kernel/softirq.c:412
CPU: 1 PID: 9813 Comm: syz-executor942 Not tainted 4.19.209-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:unwind_next_frame+0x759/0x1400 arch/x86/kernel/unwind_orc.c:437
Code: e8 2c de 6e 00 4c 8b 44 24 30 48 8b 4c 24 28 e9 06 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 8b 14 24 48 c1 ea 03 80 3c 02 00 <0f> 85 c4 09 00 00 4c 89 f8 49 8b 4e 38 48 ba 00 00 00 00 00 fc ff
RSP: 0018:ffff8880ba107420 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: dffffc0000000000 RBX: 1ffff11017420e8d RCX: ffffffff8c0658c3
RDX: 1ffff11017420eb1 RSI: 0000000000000001 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffff8c0658c2 R09: ffffffff8c0658be
R10: ffff8880ba1075af R11: 0000000000074071 R12: ffff8880ba107598
R13: ffff8880ba107585 R14: ffff8880ba107550 R15: ffffffff8c0658be
FS: 00007f630b77c700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f630b75b718 CR3: 00000000a96e1000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
__save_stack_trace+0x9f/0x190 arch/x86/kernel/stacktrace.c:44
save_stack mm/kasan/kasan.c:448 [inline]
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553
save_stack mm/kasan/kasan.c:448 [inline]
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553
kmem_cache_alloc+0x122/0x370 mm/slab.c:3559
kmem_cache_zalloc include/linux/slab.h:699 [inline]
sctp_chunkify+0x4b/0x2e0 net/sctp/sm_make_chunk.c:1349
sctp_rcv+0x136e/0x3300 net/sctp/input.c:222
kmem_cache_zalloc include/linux/slab.h:699 [inline]
sctp_chunkify+0x4b/0x2e0 net/sctp/sm_make_chunk.c:1349
ip_local_deliver_finish+0x495/0xc00 net/ipv4/ip_input.c:215
NF_HOOK include/linux/netfilter.h:289 [inline]
ip_local_deliver+0x188/0x500 net/ipv4/ip_input.c:256
dst_input include/net/dst.h:461 [inline]
ip_rcv_finish+0x1ca/0x2e0 net/ipv4/ip_input.c:414
NF_HOOK include/linux/netfilter.h:289 [inline]
ip_rcv+0xca/0x3c0 net/ipv4/ip_input.c:524
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
__netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
NF_HOOK include/linux/netfilter.h:289 [inline]
ip_local_deliver+0x188/0x500 net/ipv4/ip_input.c:256
dst_input include/net/dst.h:461 [inline]
ip_rcv_finish+0x1ca/0x2e0 net/ipv4/ip_input.c:414
NF_HOOK include/linux/netfilter.h:289 [inline]
ip_rcv+0xca/0x3c0 net/ipv4/ip_input.c:524
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
__netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
process_backlog+0x241/0x700 net/core/dev.c:5849
napi_poll net/core/dev.c:6280 [inline]
net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346
napi_poll net/core/dev.c:6280 [inline]
net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346
__do_softirq+0x265/0x980 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x215/0x260 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x215/0x260 kernel/softirq.c:412
smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
</IRQ>
RIP: 0010:preempt_schedule_irq+0xab/0x140 kernel/sched/core.c:3744
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
</IRQ>
Code: 29 f9 e8 c8 4e 4f f9 4c 89 e8 48 c1 e8 03 80 3c 18 00 75 69 48 83 3d 0b 28 d9 01 00 74 5b fb 66 0f 1f 44 00 00 bf 01 00 00 00 <e8> 40 d1 ff ff 48 c7 c0 90 82 f1 89 48 c1 e8 03 80 3c 18 00 75 4b
RSP: 0018:ffff888094f6eeb0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e3053 RBX: dffffc0000000000 RCX: 1ffff11015473da5
RDX: 0000000000000000 RSI: ffff8880aa39ed30 RDI: 0000000000000001
RBP: ffffed1015473c90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880aa39e480
R13: ffffffff89f18298 R14: 0000000000000000 R15: 0000000000000000
retint_kernel+0x1b/0x2d
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:99 [inline]
RIP: 0010:__local_bh_enable_ip+0x18d/0x270 kernel/softirq.c:196
Code: 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 dd 00 00 00 48 83 3d c8 5f b8 08 00 0f 84 8d 00 00 00 fb 66 0f 1f 44 00 00 <65> 8b 05 6c bc c8 7e 85 c0 74 7d 5b 5d 41 5c c3 80 3d 73 87 d5 09
RIP: 0010:__local_bh_enable_ip+0x18d/0x270 kernel/softirq.c:196
RSP: 0018:ffff888094f6ef80 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e3053 RBX: 0000000000000200 RCX: 1ffff11015473da5
RDX: dffffc0000000000 RSI: ffff8880aa39ed30 RDI: ffff8880aa39ed04
RBP: ffffffff87020786 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880aa39e480
R13: 0000000000000010 R14: 000000000000000e R15: ffff8880a951a400
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline]
ip6_finish_output2+0x11a9/0x2290 net/ipv6/ip6_output.c:121
ip6_finish_output+0x89b/0x10f0 net/ipv6/ip6_output.c:192
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip6_output+0x205/0x770 net/ipv6/ip6_output.c:209
dst_output include/net/dst.h:455 [inline]
NF_HOOK include/linux/netfilter.h:289 [inline]
ip6_xmit+0xdbf/0x20a0 net/ipv6/ip6_output.c:313
sctp_v6_xmit+0x377/0x710 net/sctp/ipv6.c:229
sctp_packet_transmit+0x1e21/0x3660 net/sctp/output.c:641
sctp_packet_singleton net/sctp/outqueue.c:792 [inline]
sctp_outq_flush_ctrl.constprop.0+0x6d3/0xc40 net/sctp/outqueue.c:923
sctp_outq_flush net/sctp/outqueue.c:1205 [inline]
sctp_outq_uncork+0x10b/0x200 net/sctp/outqueue.c:777
rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline]
ip6_finish_output2+0x11a9/0x2290 net/ipv6/ip6_output.c:121
ip6_finish_output+0x89b/0x10f0 net/ipv6/ip6_output.c:192
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip6_output+0x205/0x770 net/ipv6/ip6_output.c:209
dst_output include/net/dst.h:455 [inline]
NF_HOOK include/linux/netfilter.h:289 [inline]
ip6_xmit+0xdbf/0x20a0 net/ipv6/ip6_output.c:313
sctp_v6_xmit+0x377/0x710 net/sctp/ipv6.c:229
sctp_packet_transmit+0x1e21/0x3660 net/sctp/output.c:641
sctp_packet_singleton net/sctp/outqueue.c:792 [inline]
sctp_outq_flush_ctrl.constprop.0+0x6d3/0xc40 net/sctp/outqueue.c:923
sctp_outq_flush net/sctp/outqueue.c:1205 [inline]
sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1815 [inline]
sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline]
sctp_do_sm+0x72a/0x5110 net/sctp/sm_sideeffect.c:1170
sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline]
sctp_do_sm+0x72a/0x5110 net/sctp/sm_sideeffect.c:1170
sctp_primitive_ASSOCIATE+0x98/0xc0 net/sctp/primitive.c:88
__sctp_connect+0x968/0xd00 net/sctp/socket.c:1258
__sctp_setsockopt_connectx+0x132/0x1c0 net/sctp/socket.c:1381
sctp_setsockopt_connectx_old net/sctp/socket.c:1397 [inline]
sctp_setsockopt+0x29d9/0x4b40 net/sctp/socket.c:4354
__sys_setsockopt+0x14d/0x240 net/socket.c:2013
__do_sys_setsockopt net/socket.c:2024 [inline]
__se_sys_setsockopt net/socket.c:2021 [inline]
__x64_sys_setsockopt+0xba/0x150 net/socket.c:2021
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f630b7ce759
__sctp_connect+0x968/0xd00 net/sctp/socket.c:1258
__sctp_setsockopt_connectx+0x132/0x1c0 net/sctp/socket.c:1381
sctp_setsockopt_connectx_old net/sctp/socket.c:1397 [inline]
sctp_setsockopt+0x29d9/0x4b40 net/sctp/socket.c:4354
__sys_setsockopt+0x14d/0x240 net/socket.c:2013
__do_sys_setsockopt net/socket.c:2024 [inline]
__se_sys_setsockopt net/socket.c:2021 [inline]
__x64_sys_setsockopt+0xba/0x150 net/socket.c:2021
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f630b77c308 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f630b8574c8 RCX: 00007f630b7ce759
RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000005
RBP: 00007f630b8574c0 R08: 000000000000001c R09: 0000000000000000
R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007f630b8574cc
R13: 00007f630b82451c R14: 0100000000000000 R15: 0000000000022000
----------------
Code disassembly (best guess):
0: e8 2c de 6e 00 callq 0x6ede31
Code disassembly (best guess):
5: 4c 8b 44 24 30 mov 0x30(%rsp),%r8
a: 48 8b 4c 24 28 mov 0x28(%rsp),%rcx
f: e9 06 ff ff ff jmpq 0xffffff1a
14: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
1b: fc ff df
1e: 48 8b 14 24 mov (%rsp),%rdx
22: 48 c1 ea 03 shr $0x3,%rdx
26: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
* 2a: 0f 85 c4 09 00 00 jne 0x9f4 <-- trapping instruction
30: 4c 89 f8 mov %r15,%rax
33: 49 8b 4e 38 mov 0x38(%r14),%rcx
37: 48 rex.W
38: ba 00 00 00 00 mov $0x0,%edx
3d: 00 fc add %bh,%ah
3f: ff .byte 0xff
Reply all
Reply to author
Forward
0 new messages