[moderation] [batman?] BUG: soft lockup in batadv_tt_purge
0 views
Skip to first unread message
syzbot
Jun 24, 2024, 11:04:22 AM (5 days ago) Jun 24
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: ac2193b4b460 Merge branches 'for-next/misc', 'for-next/kse..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=14d911fa980000
kernel config: https://syzkaller.appspot.com/x/.config?x=36900d37ec67d13f
dashboard link: https://syzkaller.appspot.com/bug?extid=a46df9511a6ccab38c81
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
CC: [a...@unstable.cc b.a.t...@lists.open-mesh.org da...@davemloft.net edum...@google.com ku...@kernel.org linux-...@vger.kernel.org marekl...@neomailbox.ch net...@vger.kernel.org pab...@redhat.com sv...@narfation.org s...@simonwunderlich.de]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2c4f87d36ca3/disk-ac2193b4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8410475de662/vmlinux-ac2193b4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/495a4ced254d/Image-ac2193b4.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a46df9...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [kworker/u8:3:43]
Modules linked in:
irq event stamp: 620964
hardirqs last enabled at (620963): [<ffff8000801e9670>] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:387
hardirqs last disabled at (620964): [<ffff80008b066fd4>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
hardirqs last disabled at (620964): [<ffff80008b066fd4>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
softirqs last enabled at (620962): [<ffff80008add3288>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (620962): [<ffff80008add3288>] batadv_tt_global_purge net/batman-adv/translation-table.c:2258 [inline]
softirqs last enabled at (620962): [<ffff80008add3288>] batadv_tt_purge+0x47c/0x92c net/batman-adv/translation-table.c:3520
softirqs last disabled at (620960): [<ffff80008add2f1c>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (620960): [<ffff80008add2f1c>] batadv_tt_global_purge net/batman-adv/translation-table.c:2238 [inline]
softirqs last disabled at (620960): [<ffff80008add2f1c>] batadv_tt_purge+0x110/0x92c net/batman-adv/translation-table.c:3520
CPU: 1 PID: 43 Comm: kworker/u8:3 Tainted: G W 6.10.0-rc3-syzkaller-gac2193b4b460 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: bat_events batadv_tt_purge
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline]
pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:389
lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:387
sp : ffff800095677a10
x29: ffff800095677a20 x28: ffff80008f11f200 x27: ffff0001ffa08f78
x26: 1fffe000195c5481 x25: ffff0000c1fe0d78 x24: 0000000000000001
x23: 1fffe00018372791 x22: dfff800000000000 x21: ffff80008add3288
x20: ffff0001b3d89f00 x19: ffff0000c1b93c88 x18: 1fffe000367b18bf
x17: ffff800124c8e000 x16: ffff800080338014 x15: 0000000000000001
x14: 1fffe0001d354d78 x13: 0000000000000000 x12: 0000000000000003
x11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 00000000000979a3 x7 : ffff80008add2f1c x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800124c8e000
Call trace:
__daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline]
arch_local_irq_enable arch/arm64/include/asm/irqflags.h:48 [inline]
__local_bh_enable_ip+0x228/0x44c kernel/softirq.c:387
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
batadv_tt_global_purge net/batman-adv/translation-table.c:2258 [inline]
batadv_tt_purge+0x47c/0x92c net/batman-adv/translation-table.c:3520
process_one_work+0x79c/0x15b8 kernel/workqueue.c:3231
process_scheduled_works kernel/workqueue.c:3312 [inline]
worker_thread+0x938/0xef4 kernel/workqueue.c:3393
kthread+0x288/0x310 kernel/kthread.c:389
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 6316 Comm: syz-executor.0 Tainted: G W 6.10.0-rc3-syzkaller-gac2193b4b460 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : csd_lock_wait kernel/smp.c:311 [inline]
pc : smp_call_function_many_cond+0x17e0/0x2f30 kernel/smp.c:855
lr : csd_lock_wait kernel/smp.c:311 [inline]
lr : smp_call_function_many_cond+0x17f8/0x2f30 kernel/smp.c:855
sp : ffff80009b2578f0
x29: ffff80009b257a20 x28: 1fffe000367ad018 x27: 0000000000000008
x26: ffffffffffffffff x25: dfff800000000000 x24: 1fffe000367ad019
x23: ffff0001b3d90c68 x22: 0000000000000001 x21: 0000000000000011
x20: ffff0001b3d680c0 x19: ffff0001b3d680c8 x18: 1fffe000367aa1de
x17: ffff80008f19d000 x16: ffff800080338014 x15: 0000000000000001
x14: 1fffe000367b218d x13: 0000000000000000 x12: 0000000000000000
x11: ffff6000367b218e x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 0000000000000011 x7 : ffff800080823fec x6 : 0000000000000000
x5 : 0000000000000000 x4 : ffff800080c49930 x3 : ffff8000804a95d0
x2 : 0000000000000000 x1 : 0000000000000004 x0 : 0000000000000001
Call trace:
__cmpwait_case_32 arch/arm64/include/asm/cmpxchg.h:231 [inline]
__cmpwait arch/arm64/include/asm/cmpxchg.h:257 [inline]
csd_lock_wait kernel/smp.c:311 [inline]
smp_call_function_many_cond+0x17e0/0x2f30 kernel/smp.c:855
on_each_cpu_cond_mask+0x5c/0xc4 kernel/smp.c:1023
on_each_cpu_cond include/linux/smp.h:105 [inline]
invalidate_bh_lrus+0x34/0x40 fs/buffer.c:1542
invalidate_bdev+0x74/0xa4 block/bdev.c:99
ext4_put_super+0x554/0xafc fs/ext4/super.c:1345
generic_shutdown_super+0x128/0x2b8 fs/super.c:642
kill_block_super+0x44/0x90 fs/super.c:1676
ext4_kill_sb+0x68/0xa4 fs/ext4/super.c:7301
deactivate_locked_super+0xc4/0x12c fs/super.c:473
deactivate_super+0xe0/0x100 fs/super.c:506
cleanup_mnt+0x34c/0x3dc fs/namespace.c:1267
__cleanup_mnt+0x20/0x30 fs/namespace.c:1274
task_work_run+0x230/0x2e0 kernel/task_work.c:180
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
do_notify_resume+0x178/0x1f4 arch/arm64/kernel/entry-common.c:151
exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: ac2193b4b460 Merge branches 'for-next/misc', 'for-next/kse..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=14d911fa980000
kernel config: https://syzkaller.appspot.com/x/.config?x=36900d37ec67d13f
dashboard link: https://syzkaller.appspot.com/bug?extid=a46df9511a6ccab38c81
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
CC: [a...@unstable.cc b.a.t...@lists.open-mesh.org da...@davemloft.net edum...@google.com ku...@kernel.org linux-...@vger.kernel.org marekl...@neomailbox.ch net...@vger.kernel.org pab...@redhat.com sv...@narfation.org s...@simonwunderlich.de]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2c4f87d36ca3/disk-ac2193b4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8410475de662/vmlinux-ac2193b4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/495a4ced254d/Image-ac2193b4.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a46df9...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [kworker/u8:3:43]
Modules linked in:
irq event stamp: 620964
hardirqs last enabled at (620963): [<ffff8000801e9670>] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:387
hardirqs last disabled at (620964): [<ffff80008b066fd4>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
hardirqs last disabled at (620964): [<ffff80008b066fd4>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
softirqs last enabled at (620962): [<ffff80008add3288>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (620962): [<ffff80008add3288>] batadv_tt_global_purge net/batman-adv/translation-table.c:2258 [inline]
softirqs last enabled at (620962): [<ffff80008add3288>] batadv_tt_purge+0x47c/0x92c net/batman-adv/translation-table.c:3520
softirqs last disabled at (620960): [<ffff80008add2f1c>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (620960): [<ffff80008add2f1c>] batadv_tt_global_purge net/batman-adv/translation-table.c:2238 [inline]
softirqs last disabled at (620960): [<ffff80008add2f1c>] batadv_tt_purge+0x110/0x92c net/batman-adv/translation-table.c:3520
CPU: 1 PID: 43 Comm: kworker/u8:3 Tainted: G W 6.10.0-rc3-syzkaller-gac2193b4b460 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: bat_events batadv_tt_purge
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline]
pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:389
lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:387
sp : ffff800095677a10
x29: ffff800095677a20 x28: ffff80008f11f200 x27: ffff0001ffa08f78
x26: 1fffe000195c5481 x25: ffff0000c1fe0d78 x24: 0000000000000001
x23: 1fffe00018372791 x22: dfff800000000000 x21: ffff80008add3288
x20: ffff0001b3d89f00 x19: ffff0000c1b93c88 x18: 1fffe000367b18bf
x17: ffff800124c8e000 x16: ffff800080338014 x15: 0000000000000001
x14: 1fffe0001d354d78 x13: 0000000000000000 x12: 0000000000000003
x11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 00000000000979a3 x7 : ffff80008add2f1c x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800124c8e000
Call trace:
__daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline]
arch_local_irq_enable arch/arm64/include/asm/irqflags.h:48 [inline]
__local_bh_enable_ip+0x228/0x44c kernel/softirq.c:387
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
batadv_tt_global_purge net/batman-adv/translation-table.c:2258 [inline]
batadv_tt_purge+0x47c/0x92c net/batman-adv/translation-table.c:3520
process_one_work+0x79c/0x15b8 kernel/workqueue.c:3231
process_scheduled_works kernel/workqueue.c:3312 [inline]
worker_thread+0x938/0xef4 kernel/workqueue.c:3393
kthread+0x288/0x310 kernel/kthread.c:389
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 6316 Comm: syz-executor.0 Tainted: G W 6.10.0-rc3-syzkaller-gac2193b4b460 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : csd_lock_wait kernel/smp.c:311 [inline]
pc : smp_call_function_many_cond+0x17e0/0x2f30 kernel/smp.c:855
lr : csd_lock_wait kernel/smp.c:311 [inline]
lr : smp_call_function_many_cond+0x17f8/0x2f30 kernel/smp.c:855
sp : ffff80009b2578f0
x29: ffff80009b257a20 x28: 1fffe000367ad018 x27: 0000000000000008
x26: ffffffffffffffff x25: dfff800000000000 x24: 1fffe000367ad019
x23: ffff0001b3d90c68 x22: 0000000000000001 x21: 0000000000000011
x20: ffff0001b3d680c0 x19: ffff0001b3d680c8 x18: 1fffe000367aa1de
x17: ffff80008f19d000 x16: ffff800080338014 x15: 0000000000000001
x14: 1fffe000367b218d x13: 0000000000000000 x12: 0000000000000000
x11: ffff6000367b218e x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 0000000000000011 x7 : ffff800080823fec x6 : 0000000000000000
x5 : 0000000000000000 x4 : ffff800080c49930 x3 : ffff8000804a95d0
x2 : 0000000000000000 x1 : 0000000000000004 x0 : 0000000000000001
Call trace:
__cmpwait_case_32 arch/arm64/include/asm/cmpxchg.h:231 [inline]
__cmpwait arch/arm64/include/asm/cmpxchg.h:257 [inline]
csd_lock_wait kernel/smp.c:311 [inline]
smp_call_function_many_cond+0x17e0/0x2f30 kernel/smp.c:855
on_each_cpu_cond_mask+0x5c/0xc4 kernel/smp.c:1023
on_each_cpu_cond include/linux/smp.h:105 [inline]
invalidate_bh_lrus+0x34/0x40 fs/buffer.c:1542
invalidate_bdev+0x74/0xa4 block/bdev.c:99
ext4_put_super+0x554/0xafc fs/ext4/super.c:1345
generic_shutdown_super+0x128/0x2b8 fs/super.c:642
kill_block_super+0x44/0x90 fs/super.c:1676
ext4_kill_sb+0x68/0xa4 fs/ext4/super.c:7301
deactivate_locked_super+0xc4/0x12c fs/super.c:473
deactivate_super+0xe0/0x100 fs/super.c:506
cleanup_mnt+0x34c/0x3dc fs/namespace.c:1267
__cleanup_mnt+0x20/0x30 fs/namespace.c:1274
task_work_run+0x230/0x2e0 kernel/task_work.c:180
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
do_notify_resume+0x178/0x1f4 arch/arm64/kernel/entry-common.c:151
exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages