[v5.15] BUG: soft lockup in mld_ifc_work
3 views
Skip to first unread message
syzbot
Jul 20, 2023, 3:56:06 PM7/20/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d54cfc420586 Linux 5.15.120
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14ffaa06a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=1cbb66d8f24dbb30
dashboard link: https://syzkaller.appspot.com/bug?extid=6f86f2555abe83172a71
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a7edb50fe106/disk-d54cfc42.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6d9892e76c6e/vmlinux-d54cfc42.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0fd11af6d33e/Image-d54cfc42.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6f86f2...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [kworker/1:6:4096]
Modules linked in:
irq event stamp: 152427
hardirqs last enabled at (152426): [<ffff800011959e88>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:81 [inline]
hardirqs last enabled at (152426): [<ffff800011959e88>] exit_to_kernel_mode+0x100/0x178 arch/arm64/kernel/entry-common.c:91
hardirqs last disabled at (152427): [<ffff80001195a0d0>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last enabled at (148292): [<ffff8000109e96a0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (148294): [<ffff8000108819c0>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
CPU: 1 PID: 4096 Comm: kworker/1:6 Not tainted 5.15.120-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
Workqueue: mld mld_ifc_work
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : check_kcov_mode kernel/kcov.c:165 [inline]
pc : __sanitizer_cov_trace_pc+0x6c/0xa4 kernel/kcov.c:197
lr : get_packet_txtime net/sched/sch_taprio.c:392 [inline]
lr : taprio_enqueue_one+0xcdc/0x1468 net/sched/sch_taprio.c:426
sp : ffff80001d2f70f0
x29: ffff80001d2f72b0 x28: ffff0000d060f330 x27: 0000000000000000
x26: 1fffe0001a0c1e83 x25: 04c4add39da915c1 x24: 04c4add39da915c1
x23: ffff0000d060f418 x22: ffff0000d060f300 x21: 04c4add31da9162d
x20: 0000000000000001 x19: 04c4add39da91541 x18: 0000000000000000
x17: ff8080000fe833f8 x16: ffff8000082e8c60 x15: ffff80000fe833f8
x14: 1ffff0000291e06a x13: ffffffffffffffff x12: 0000000000000000
x11: ff808000100af0ec x10: 0000000000000000 x9 : ffff8000100af0ec
x8 : ffff0000cce78000 x7 : 0000000000000000 x6 : ffff80001d2f71f0
x5 : ffff80001d2f7210 x4 : 04c4add31da9162d x3 : ffff8000100af960
x2 : 0000000000000000 x1 : 7fffffffffffffff x0 : ffff0000d060f400
Call trace:
check_kcov_mode kernel/kcov.c:163 [inline]
__sanitizer_cov_trace_pc+0x6c/0xa4 kernel/kcov.c:197
taprio_enqueue+0x2b0/0x514 net/sched/sch_taprio.c:491
dev_qdisc_enqueue+0x60/0x35c net/core/dev.c:3789
__dev_xmit_skb net/core/dev.c:3873 [inline]
__dev_queue_xmit+0x1048/0x2a6c net/core/dev.c:4190
dev_queue_xmit+0x24/0x34 net/core/dev.c:4258
neigh_hh_output include/net/neighbour.h:493 [inline]
neigh_output include/net/neighbour.h:507 [inline]
ip6_finish_output2+0x1310/0x1c48 net/ipv6/ip6_output.c:126
__ip6_finish_output+0x518/0x67c net/ipv6/ip6_output.c:191
ip6_finish_output+0x40/0x218 net/ipv6/ip6_output.c:201
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip6_output+0x270/0x594 net/ipv6/ip6_output.c:224
dst_output include/net/dst.h:443 [inline]
NF_HOOK+0x160/0x4ec include/linux/netfilter.h:302
mld_sendpack+0x828/0x1264 net/ipv6/mcast.c:1820
mld_send_cr net/ipv6/mcast.c:2121 [inline]
mld_ifc_work+0x85c/0xb9c net/ipv6/mcast.c:2653
process_one_work+0x790/0x11b8 kernel/workqueue.c:2307
worker_thread+0x910/0x1034 kernel/workqueue.c:2454
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: d54cfc420586 Linux 5.15.120
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14ffaa06a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=1cbb66d8f24dbb30
dashboard link: https://syzkaller.appspot.com/bug?extid=6f86f2555abe83172a71
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a7edb50fe106/disk-d54cfc42.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6d9892e76c6e/vmlinux-d54cfc42.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0fd11af6d33e/Image-d54cfc42.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6f86f2...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [kworker/1:6:4096]
Modules linked in:
irq event stamp: 152427
hardirqs last enabled at (152426): [<ffff800011959e88>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:81 [inline]
hardirqs last enabled at (152426): [<ffff800011959e88>] exit_to_kernel_mode+0x100/0x178 arch/arm64/kernel/entry-common.c:91
hardirqs last disabled at (152427): [<ffff80001195a0d0>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last enabled at (148292): [<ffff8000109e96a0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (148294): [<ffff8000108819c0>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
CPU: 1 PID: 4096 Comm: kworker/1:6 Not tainted 5.15.120-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
Workqueue: mld mld_ifc_work
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : check_kcov_mode kernel/kcov.c:165 [inline]
pc : __sanitizer_cov_trace_pc+0x6c/0xa4 kernel/kcov.c:197
lr : get_packet_txtime net/sched/sch_taprio.c:392 [inline]
lr : taprio_enqueue_one+0xcdc/0x1468 net/sched/sch_taprio.c:426
sp : ffff80001d2f70f0
x29: ffff80001d2f72b0 x28: ffff0000d060f330 x27: 0000000000000000
x26: 1fffe0001a0c1e83 x25: 04c4add39da915c1 x24: 04c4add39da915c1
x23: ffff0000d060f418 x22: ffff0000d060f300 x21: 04c4add31da9162d
x20: 0000000000000001 x19: 04c4add39da91541 x18: 0000000000000000
x17: ff8080000fe833f8 x16: ffff8000082e8c60 x15: ffff80000fe833f8
x14: 1ffff0000291e06a x13: ffffffffffffffff x12: 0000000000000000
x11: ff808000100af0ec x10: 0000000000000000 x9 : ffff8000100af0ec
x8 : ffff0000cce78000 x7 : 0000000000000000 x6 : ffff80001d2f71f0
x5 : ffff80001d2f7210 x4 : 04c4add31da9162d x3 : ffff8000100af960
x2 : 0000000000000000 x1 : 7fffffffffffffff x0 : ffff0000d060f400
Call trace:
check_kcov_mode kernel/kcov.c:163 [inline]
__sanitizer_cov_trace_pc+0x6c/0xa4 kernel/kcov.c:197
taprio_enqueue+0x2b0/0x514 net/sched/sch_taprio.c:491
dev_qdisc_enqueue+0x60/0x35c net/core/dev.c:3789
__dev_xmit_skb net/core/dev.c:3873 [inline]
__dev_queue_xmit+0x1048/0x2a6c net/core/dev.c:4190
dev_queue_xmit+0x24/0x34 net/core/dev.c:4258
neigh_hh_output include/net/neighbour.h:493 [inline]
neigh_output include/net/neighbour.h:507 [inline]
ip6_finish_output2+0x1310/0x1c48 net/ipv6/ip6_output.c:126
__ip6_finish_output+0x518/0x67c net/ipv6/ip6_output.c:191
ip6_finish_output+0x40/0x218 net/ipv6/ip6_output.c:201
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip6_output+0x270/0x594 net/ipv6/ip6_output.c:224
dst_output include/net/dst.h:443 [inline]
NF_HOOK+0x160/0x4ec include/linux/netfilter.h:302
mld_sendpack+0x828/0x1264 net/ipv6/mcast.c:1820
mld_send_cr net/ipv6/mcast.c:2121 [inline]
mld_ifc_work+0x85c/0xb9c net/ipv6/mcast.c:2653
process_one_work+0x790/0x11b8 kernel/workqueue.c:2307
worker_thread+0x910/0x1034 kernel/workqueue.c:2454
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Oct 28, 2023, 3:55:17 PM10/28/23
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages