[v5.15] BUG: soft lockup in addrconf_dad_work
4 views
Skip to first unread message
syzbot
Jul 17, 2023, 12:03:23 PM7/17/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d54cfc420586 Linux 5.15.120
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1564d5e4a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=1cbb66d8f24dbb30
dashboard link: https://syzkaller.appspot.com/bug?extid=9cc4d6f6ed377c6dca6f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a7edb50fe106/disk-d54cfc42.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6d9892e76c6e/vmlinux-d54cfc42.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0fd11af6d33e/Image-d54cfc42.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9cc4d6...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [kworker/1:12:4981]
Modules linked in:
irq event stamp: 388165
hardirqs last enabled at (388164): [<ffff800011959e88>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:81 [inline]
hardirqs last enabled at (388164): [<ffff800011959e88>] exit_to_kernel_mode+0x100/0x178 arch/arm64/kernel/entry-common.c:91
hardirqs last disabled at (388165): [<ffff80001195a0d0>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last enabled at (383818): [<ffff8000109e96a0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (383820): [<ffff8000108819c0>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
CPU: 1 PID: 4981 Comm: kworker/1:12 Not tainted 5.15.120-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
Workqueue: ipv6_addrconf addrconf_dad_work
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : find_entry_to_transmit+0x51c/0x6ac
lr : find_entry_to_transmit+0x4a4/0x6ac
sp : ffff800022936e20
x29: ffff800022936ee0 x28: 05062b647cea4d63 x27: 0000000000000080
x26: ffff0000c8559710 x25: ffff0000cb6b3000 x24: 0000000000000000
x23: 05062b64fcea4cc0 x22: 05062b64fcea4cc0 x21: 05062b64fcea4d01
x20: dfff800000000000 x19: 05062b64fcea4cc0 x18: 0000000000000200
x17: ff8080000ff4afcc x16: ffff8000082e8c60 x15: ffff80000ff4afcc
x14: 1ffff0000291e06a x13: ffffffffffffffff x12: 0000000000000000
x11: ff808000100afd1c x10: 0000000000000000 x9 : 05062b64fcea4c81
x8 : 1ffff00004526e06 x7 : 0000000000000000 x6 : ffff800022937030
x5 : ffff800022937050 x4 : 05062b647cea4d63 x3 : ffff8000100af960
x2 : 0000000000000000 x1 : 7fffffffffffffff x0 : 05062b64fcea4d01
Call trace:
find_entry_to_transmit+0x51c/0x6ac
get_packet_txtime net/sched/sch_taprio.c:379 [inline]
taprio_enqueue_one+0xdac/0x1468 net/sched/sch_taprio.c:426
taprio_enqueue+0x2b0/0x514 net/sched/sch_taprio.c:491
dev_qdisc_enqueue+0x60/0x35c net/core/dev.c:3789
__dev_xmit_skb net/core/dev.c:3873 [inline]
__dev_queue_xmit+0x1048/0x2a6c net/core/dev.c:4190
dev_queue_xmit+0x24/0x34 net/core/dev.c:4258
neigh_resolve_output+0x52c/0x5dc net/core/neighbour.c:1493
neigh_output include/net/neighbour.h:509 [inline]
ip6_finish_output2+0x1344/0x1c48 net/ipv6/ip6_output.c:126
__ip6_finish_output+0x518/0x67c net/ipv6/ip6_output.c:191
ip6_finish_output+0x40/0x218 net/ipv6/ip6_output.c:201
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip6_output+0x270/0x594 net/ipv6/ip6_output.c:224
dst_output include/net/dst.h:443 [inline]
NF_HOOK include/linux/netfilter.h:302 [inline]
ndisc_send_skb+0xbf8/0x1788 net/ipv6/ndisc.c:508
ndisc_send_ns+0x538/0x6ec net/ipv6/ndisc.c:650
addrconf_dad_work+0x81c/0x126c net/ipv6/addrconf.c:4174
process_one_work+0x790/0x11b8 kernel/workqueue.c:2307
worker_thread+0x910/0x1034 kernel/workqueue.c:2454
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: d54cfc420586 Linux 5.15.120
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1564d5e4a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=1cbb66d8f24dbb30
dashboard link: https://syzkaller.appspot.com/bug?extid=9cc4d6f6ed377c6dca6f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a7edb50fe106/disk-d54cfc42.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6d9892e76c6e/vmlinux-d54cfc42.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0fd11af6d33e/Image-d54cfc42.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9cc4d6...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [kworker/1:12:4981]
Modules linked in:
irq event stamp: 388165
hardirqs last enabled at (388164): [<ffff800011959e88>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:81 [inline]
hardirqs last enabled at (388164): [<ffff800011959e88>] exit_to_kernel_mode+0x100/0x178 arch/arm64/kernel/entry-common.c:91
hardirqs last disabled at (388165): [<ffff80001195a0d0>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last enabled at (383818): [<ffff8000109e96a0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (383820): [<ffff8000108819c0>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
CPU: 1 PID: 4981 Comm: kworker/1:12 Not tainted 5.15.120-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
Workqueue: ipv6_addrconf addrconf_dad_work
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : find_entry_to_transmit+0x51c/0x6ac
lr : find_entry_to_transmit+0x4a4/0x6ac
sp : ffff800022936e20
x29: ffff800022936ee0 x28: 05062b647cea4d63 x27: 0000000000000080
x26: ffff0000c8559710 x25: ffff0000cb6b3000 x24: 0000000000000000
x23: 05062b64fcea4cc0 x22: 05062b64fcea4cc0 x21: 05062b64fcea4d01
x20: dfff800000000000 x19: 05062b64fcea4cc0 x18: 0000000000000200
x17: ff8080000ff4afcc x16: ffff8000082e8c60 x15: ffff80000ff4afcc
x14: 1ffff0000291e06a x13: ffffffffffffffff x12: 0000000000000000
x11: ff808000100afd1c x10: 0000000000000000 x9 : 05062b64fcea4c81
x8 : 1ffff00004526e06 x7 : 0000000000000000 x6 : ffff800022937030
x5 : ffff800022937050 x4 : 05062b647cea4d63 x3 : ffff8000100af960
x2 : 0000000000000000 x1 : 7fffffffffffffff x0 : 05062b64fcea4d01
Call trace:
find_entry_to_transmit+0x51c/0x6ac
get_packet_txtime net/sched/sch_taprio.c:379 [inline]
taprio_enqueue_one+0xdac/0x1468 net/sched/sch_taprio.c:426
taprio_enqueue+0x2b0/0x514 net/sched/sch_taprio.c:491
dev_qdisc_enqueue+0x60/0x35c net/core/dev.c:3789
__dev_xmit_skb net/core/dev.c:3873 [inline]
__dev_queue_xmit+0x1048/0x2a6c net/core/dev.c:4190
dev_queue_xmit+0x24/0x34 net/core/dev.c:4258
neigh_resolve_output+0x52c/0x5dc net/core/neighbour.c:1493
neigh_output include/net/neighbour.h:509 [inline]
ip6_finish_output2+0x1344/0x1c48 net/ipv6/ip6_output.c:126
__ip6_finish_output+0x518/0x67c net/ipv6/ip6_output.c:191
ip6_finish_output+0x40/0x218 net/ipv6/ip6_output.c:201
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip6_output+0x270/0x594 net/ipv6/ip6_output.c:224
dst_output include/net/dst.h:443 [inline]
NF_HOOK include/linux/netfilter.h:302 [inline]
ndisc_send_skb+0xbf8/0x1788 net/ipv6/ndisc.c:508
ndisc_send_ns+0x538/0x6ec net/ipv6/ndisc.c:650
addrconf_dad_work+0x81c/0x126c net/ipv6/addrconf.c:4174
process_one_work+0x790/0x11b8 kernel/workqueue.c:2307
worker_thread+0x910/0x1034 kernel/workqueue.c:2454
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Oct 25, 2023, 12:01:48 PM10/25/23
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages