[v5.15] BUG: soft lockup in wg_expired_retransmit_handshake
4 views
Skip to first unread message
syzbot
May 3, 2025, 1:57:31 AM5/3/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 16fdf2c7111b Linux 5.15.181
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=163098d4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=78ce1ad3d91bc375
dashboard link: https://syzkaller.appspot.com/bug?extid=3fa304599ba6504719c1
compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=142e4b68580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cbc22554cbd8/disk-16fdf2c7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d03dacaa22f5/vmlinux-16fdf2c7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b3dc7f1264c1/Image-16fdf2c7.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3fa304...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [swapper/1:0]
Modules linked in:
irq event stamp: 156889
hardirqs last enabled at (156888): [<ffff8000111a214c>] exit_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:235
hardirqs last disabled at (156889): [<ffff8000111a2130>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last enabled at (152514): [<ffff80000819d0d8>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last enabled at (152514): [<ffff80000819d0d8>] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:586
softirqs last disabled at (152551): [<ffff80000819d6dc>] __do_softirq kernel/softirq.c:592 [inline]
softirqs last disabled at (152551): [<ffff80000819d6dc>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (152551): [<ffff80000819d6dc>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (152551): [<ffff80000819d6dc>] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:641
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.15.181-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : queued_write_lock_slowpath+0x148/0x32c kernel/locking/qrwlock.c:78
lr : instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
lr : atomic_or include/linux/atomic/atomic-instrumented.h:377 [inline]
lr : queued_write_lock_slowpath+0xf0/0x32c kernel/locking/qrwlock.c:74
sp : ffff800008017900
x29: ffff800008017960 x28: ffff8000140a1008 x27: 00000000000000ff
x26: 0000000000000100 x25: 0000000000000003 x24: 1fffe0001825d02c
x23: ffff800008017900 x22: 1ffff00001002f20 x21: dfff800000000000
x20: ffff0000c12e8164 x19: ffff0000c12e8160 x18: 0000000000010001
x17: 0000000000010001 x16: ffff8000082d50e8 x15: 0000000000000003
x14: 00000000ffff8000 x13: 1ffff0000282a06b x12: 0000000000000001
x11: 1fffe0001825d02c x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000300 x7 : ffff80000c4289b4 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000082d5b1c
x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
Call trace:
__cmpwait_case_32 arch/arm64/include/asm/cmpxchg.h:252 [inline]
__cmpwait arch/arm64/include/asm/cmpxchg.h:278 [inline]
queued_write_lock_slowpath+0x148/0x32c kernel/locking/qrwlock.c:78
queued_write_lock include/asm-generic/qrwlock.h:97 [inline]
do_raw_write_lock+0x2d0/0x2d4 kernel/locking/spinlock_debug.c:210
__raw_write_lock_bh include/linux/rwlock_api_smp.h:204 [inline]
_raw_write_lock_bh+0x11c/0x1b4 kernel/locking/spinlock.c:324
wg_socket_clear_peer_endpoint_src+0x20/0x50 drivers/net/wireguard/socket.c:310
wg_expired_retransmit_handshake+0xc4/0x270 drivers/net/wireguard/timers.c:73
call_timer_fn+0x19c/0x858 kernel/time/timer.c:1451
expire_timers kernel/time/timer.c:1496 [inline]
__run_timers+0x46c/0x6c4 kernel/time/timer.c:1767
run_timer_softirq+0x7c/0x114 kernel/time/timer.c:1780
handle_softirqs+0x344/0xbf0 kernel/softirq.c:558
__do_softirq kernel/softirq.c:592 [inline]
do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
invoke_softirq kernel/softirq.c:439 [inline]
__irq_exit_rcu+0x240/0x440 kernel/softirq.c:641
irq_exit+0x14/0x88 kernel/softirq.c:665
handle_domain_irq+0x14c/0x1fc kernel/irq/irqdesc.c:711
gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:899
do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
arch_local_irq_enable+0xc/0x18 arch/arm64/include/asm/irqflags.h:35
default_idle_call+0xcc/0x418 kernel/sched/idle.c:112
cpuidle_idle_call kernel/sched/idle.c:194 [inline]
do_idle+0x1c8/0x480 kernel/sched/idle.c:306
cpu_startup_entry+0x24/0x28 kernel/sched/idle.c:403
secondary_start_kernel+0x23c/0x294 arch/arm64/kernel/smp.c:265
__secondary_switched+0x94/0x98 arch/arm64/kernel/head.S:661
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 16fdf2c7111b Linux 5.15.181
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=163098d4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=78ce1ad3d91bc375
dashboard link: https://syzkaller.appspot.com/bug?extid=3fa304599ba6504719c1
compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=142e4b68580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cbc22554cbd8/disk-16fdf2c7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d03dacaa22f5/vmlinux-16fdf2c7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b3dc7f1264c1/Image-16fdf2c7.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3fa304...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [swapper/1:0]
Modules linked in:
irq event stamp: 156889
hardirqs last enabled at (156888): [<ffff8000111a214c>] exit_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:235
hardirqs last disabled at (156889): [<ffff8000111a2130>] enter_el1_irq_or_nmi+0x10/0x1c arch/arm64/kernel/entry-common.c:227
softirqs last enabled at (152514): [<ffff80000819d0d8>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last enabled at (152514): [<ffff80000819d0d8>] handle_softirqs+0xa4c/0xbf0 kernel/softirq.c:586
softirqs last disabled at (152551): [<ffff80000819d6dc>] __do_softirq kernel/softirq.c:592 [inline]
softirqs last disabled at (152551): [<ffff80000819d6dc>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (152551): [<ffff80000819d6dc>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (152551): [<ffff80000819d6dc>] __irq_exit_rcu+0x240/0x440 kernel/softirq.c:641
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.15.181-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : queued_write_lock_slowpath+0x148/0x32c kernel/locking/qrwlock.c:78
lr : instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
lr : atomic_or include/linux/atomic/atomic-instrumented.h:377 [inline]
lr : queued_write_lock_slowpath+0xf0/0x32c kernel/locking/qrwlock.c:74
sp : ffff800008017900
x29: ffff800008017960 x28: ffff8000140a1008 x27: 00000000000000ff
x26: 0000000000000100 x25: 0000000000000003 x24: 1fffe0001825d02c
x23: ffff800008017900 x22: 1ffff00001002f20 x21: dfff800000000000
x20: ffff0000c12e8164 x19: ffff0000c12e8160 x18: 0000000000010001
x17: 0000000000010001 x16: ffff8000082d50e8 x15: 0000000000000003
x14: 00000000ffff8000 x13: 1ffff0000282a06b x12: 0000000000000001
x11: 1fffe0001825d02c x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000000000300 x7 : ffff80000c4289b4 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000082d5b1c
x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000001
Call trace:
__cmpwait_case_32 arch/arm64/include/asm/cmpxchg.h:252 [inline]
__cmpwait arch/arm64/include/asm/cmpxchg.h:278 [inline]
queued_write_lock_slowpath+0x148/0x32c kernel/locking/qrwlock.c:78
queued_write_lock include/asm-generic/qrwlock.h:97 [inline]
do_raw_write_lock+0x2d0/0x2d4 kernel/locking/spinlock_debug.c:210
__raw_write_lock_bh include/linux/rwlock_api_smp.h:204 [inline]
_raw_write_lock_bh+0x11c/0x1b4 kernel/locking/spinlock.c:324
wg_socket_clear_peer_endpoint_src+0x20/0x50 drivers/net/wireguard/socket.c:310
wg_expired_retransmit_handshake+0xc4/0x270 drivers/net/wireguard/timers.c:73
call_timer_fn+0x19c/0x858 kernel/time/timer.c:1451
expire_timers kernel/time/timer.c:1496 [inline]
__run_timers+0x46c/0x6c4 kernel/time/timer.c:1767
run_timer_softirq+0x7c/0x114 kernel/time/timer.c:1780
handle_softirqs+0x344/0xbf0 kernel/softirq.c:558
__do_softirq kernel/softirq.c:592 [inline]
do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
invoke_softirq kernel/softirq.c:439 [inline]
__irq_exit_rcu+0x240/0x440 kernel/softirq.c:641
irq_exit+0x14/0x88 kernel/softirq.c:665
handle_domain_irq+0x14c/0x1fc kernel/irq/irqdesc.c:711
gic_handle_irq+0x78/0x1c8 drivers/irqchip/irq-gic-v3.c:765
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:899
do_interrupt_handler+0x6c/0x88 arch/arm64/kernel/entry-common.c:267
el1_interrupt+0x30/0x58 arch/arm64/kernel/entry-common.c:454
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:470
el1h_64_irq+0x78/0x7c arch/arm64/kernel/entry.S:522
arch_local_irq_enable+0xc/0x18 arch/arm64/include/asm/irqflags.h:35
default_idle_call+0xcc/0x418 kernel/sched/idle.c:112
cpuidle_idle_call kernel/sched/idle.c:194 [inline]
do_idle+0x1c8/0x480 kernel/sched/idle.c:306
cpu_startup_entry+0x24/0x28 kernel/sched/idle.c:403
secondary_start_kernel+0x23c/0x294 arch/arm64/kernel/smp.c:265
__secondary_switched+0x94/0x98 arch/arm64/kernel/head.S:661
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages