[moderation] [tipc?] BUG: soft lockup in tipc_accept
1 view
Skip to first unread message
syzbot
7:03 AM (6 hours ago) 7:03 AM
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4b4362973b6f Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=15e8cc2e580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a834c6344141a58b
dashboard link: https://syzkaller.appspot.com/bug?extid=7e7b6a2e6887fb57edaf
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
CC: [da...@davemloft.net edum...@google.com ho...@kernel.org jma...@redhat.com ku...@kernel.org linux-...@vger.kernel.org net...@vger.kernel.org pab...@redhat.com tipc-di...@lists.sourceforge.net]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f69f86c90ee5/disk-4b436297.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/79fa7b33aaab/vmlinux-4b436297.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ef080156d0de/Image-4b436297.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7e7b6a...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#0 stuck for 31s! [kworker/u8:6:1374]
Modules linked in:
irq event stamp: 1581021
hardirqs last enabled at (1581021): [<ffff800080308254>] __local_bh_enable_ip+0x1ec/0x35c kernel/softirq.c:455
hardirqs last disabled at (1581019): [<ffff8000803081d4>] __local_bh_enable_ip+0x16c/0x35c kernel/softirq.c:432
softirqs last enabled at (1581020): [<ffff800084abdd3c>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (1581020): [<ffff800084abdd3c>] lock_sock_nested+0xb0/0x110 net/core/sock.c:3806
softirqs last disabled at (1581018): [<ffff800084abdcfc>] spin_lock_bh include/linux/spinlock.h:348 [inline]
softirqs last disabled at (1581018): [<ffff800084abdcfc>] lock_sock_nested+0x70/0x110 net/core/sock.c:3802
CPU: 0 UID: 0 PID: 1374 Comm: kworker/u8:6 Tainted: G L syzkaller #0 PREEMPT
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Workqueue: tipc_rcv tipc_topsrv_accept
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : lock_acquire+0x16c/0x368 arch/arm64/include/asm/irqflags.h:-1
lr : lockdep_recursion_finish kernel/locking/lockdep.c:470 [inline]
lr : lock_acquire+0x14c/0x368 kernel/locking/lockdep.c:5870
sp : ffff800094737490
x29: ffff8000947374e0 x28: 0000000000000000 x27: 0000000000000000
x26: ffff800088890230 x25: 0000000000000000 x24: 0000000000000001
x23: 0000000000000000 x22: ffff800088be7480 x21: ffff800080aa3ce4
x20: 0000000000000000 x19: 0000000000000000 x18: 00000000ffffffff
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000000
x11: 00000000000038af x10: 0000000000000003 x9 : 0000000000000000
x8 : 00000000000000c0 x7 : 0000000000000000 x6 : ffff80008047caa0
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008048cd74
x2 : 0000000100000000 x1 : ffff0000c9511d00 x0 : 0000000000000000
Call trace:
__daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline] (P)
arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline] (P)
lock_acquire+0x16c/0x368 kernel/locking/lockdep.c:5871 (P)
fs_reclaim_acquire+0xb8/0x110 mm/page_alloc.c:4342
might_alloc include/linux/sched/mm.h:317 [inline]
slab_pre_alloc_hook mm/slub.c:4520 [inline]
slab_alloc_node mm/slub.c:4875 [inline]
kmem_cache_alloc_noprof+0x58/0x610 mm/slub.c:4905
sk_prot_alloc+0x60/0x1ec net/core/sock.c:2241
sk_alloc+0x44/0x3a0 net/core/sock.c:2303
tipc_sk_create+0xd0/0x1b90 net/tipc/socket.c:486
tipc_accept+0x3ec/0xd14 net/tipc/socket.c:2740
kernel_accept+0x178/0x2c8 net/socket.c:3705
tipc_topsrv_accept+0xcc/0x250 net/tipc/topsrv.c:472
process_one_work kernel/workqueue.c:3314 [inline]
process_scheduled_works+0x79c/0x1098 kernel/workqueue.c:3397
worker_thread+0x754/0xba0 kernel/workqueue.c:3478
kthread+0x2f8/0x3c8 kernel/kthread.c:436
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:842
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 18509 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 23400005 (nzCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline]
pc : _raw_spin_unlock_irqrestore+0x44/0x98 kernel/locking/spinlock.c:198
lr : __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline]
lr : _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:198
sp : ffff8000950b6fa0
x29: ffff8000950b6fa0 x28: 1fffffbff896a660 x27: dfff800000000000
x26: ffff00012d4cd000 x25: 0000000000000000 x24: 0000000000000001
x23: ffff00012d4cc000 x22: 0000000000000002 x21: 0000000000000000
x20: ffff80008e753a38 x19: 0000000000000000 x18: 1fffe00035c23420
x17: 0000000000000002 x16: 0000000000000000 x15: 000000000000e43d
x14: 1fffe00035c26a20 x13: 0000000000000001 x12: 0000000000000000
x11: ffff800080154b2c x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 00000000000000c0 x7 : 0000000000000000 x6 : ffff800081941b2c
x5 : 0000000000000000 x4 : 0000000000000008 x3 : ffff800080154bd4
x2 : 0000000000000000 x1 : ffff0000da530000 x0 : ffff80008675f3d4
Call trace:
__daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline] (P)
arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline] (P)
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] (P)
_raw_spin_unlock_irqrestore+0x44/0x98 kernel/locking/spinlock.c:198 (P)
__debug_check_no_obj_freed lib/debugobjects.c:1125 [inline]
debug_check_no_obj_freed+0x2e4/0x3c0 lib/debugobjects.c:1146
__free_pages_prepare mm/page_alloc.c:1409 [inline]
free_unref_folios+0x568/0x1410 mm/page_alloc.c:3004
folios_put_refs+0x7c8/0x8c4 mm/swap.c:1008
free_pages_and_swap_cache+0x368/0x3e0 mm/swap_state.c:404
__tlb_batch_free_encoded_pages mm/mmu_gather.c:138 [inline]
tlb_batch_pages_flush mm/mmu_gather.c:151 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:417 [inline]
tlb_flush_mmu+0xf0/0x33c mm/mmu_gather.c:424
tlb_finish_mmu+0xf4/0x228 mm/mmu_gather.c:549
exit_mmap+0x3d0/0xaf8 mm/mmap.c:1313
__mmput+0xe4/0x2f0 kernel/fork.c:1178
mmput+0x70/0xa8 kernel/fork.c:1201
exit_mm+0x190/0x26c kernel/exit.c:582
do_exit+0x518/0x1a6c kernel/exit.c:964
do_group_exit+0x194/0x22c kernel/exit.c:1119
get_signal+0xfb0/0x1094 kernel/signal.c:3037
arch_do_signal_or_restart+0x290/0x43a0 arch/arm64/kernel/signal.c:1665
__exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
exit_to_user_mode_loop+0x70/0x17c kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline]
arm64_syscall_exit_to_user_mode arch/arm64/kernel/entry-common.c:88 [inline]
el0_svc+0x18c/0x260 arch/arm64/kernel/entry-common.c:741
el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 4b4362973b6f Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=15e8cc2e580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a834c6344141a58b
dashboard link: https://syzkaller.appspot.com/bug?extid=7e7b6a2e6887fb57edaf
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
CC: [da...@davemloft.net edum...@google.com ho...@kernel.org jma...@redhat.com ku...@kernel.org linux-...@vger.kernel.org net...@vger.kernel.org pab...@redhat.com tipc-di...@lists.sourceforge.net]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f69f86c90ee5/disk-4b436297.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/79fa7b33aaab/vmlinux-4b436297.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ef080156d0de/Image-4b436297.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7e7b6a...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#0 stuck for 31s! [kworker/u8:6:1374]
Modules linked in:
irq event stamp: 1581021
hardirqs last enabled at (1581021): [<ffff800080308254>] __local_bh_enable_ip+0x1ec/0x35c kernel/softirq.c:455
hardirqs last disabled at (1581019): [<ffff8000803081d4>] __local_bh_enable_ip+0x16c/0x35c kernel/softirq.c:432
softirqs last enabled at (1581020): [<ffff800084abdd3c>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (1581020): [<ffff800084abdd3c>] lock_sock_nested+0xb0/0x110 net/core/sock.c:3806
softirqs last disabled at (1581018): [<ffff800084abdcfc>] spin_lock_bh include/linux/spinlock.h:348 [inline]
softirqs last disabled at (1581018): [<ffff800084abdcfc>] lock_sock_nested+0x70/0x110 net/core/sock.c:3802
CPU: 0 UID: 0 PID: 1374 Comm: kworker/u8:6 Tainted: G L syzkaller #0 PREEMPT
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Workqueue: tipc_rcv tipc_topsrv_accept
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : lock_acquire+0x16c/0x368 arch/arm64/include/asm/irqflags.h:-1
lr : lockdep_recursion_finish kernel/locking/lockdep.c:470 [inline]
lr : lock_acquire+0x14c/0x368 kernel/locking/lockdep.c:5870
sp : ffff800094737490
x29: ffff8000947374e0 x28: 0000000000000000 x27: 0000000000000000
x26: ffff800088890230 x25: 0000000000000000 x24: 0000000000000001
x23: 0000000000000000 x22: ffff800088be7480 x21: ffff800080aa3ce4
x20: 0000000000000000 x19: 0000000000000000 x18: 00000000ffffffff
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000000
x11: 00000000000038af x10: 0000000000000003 x9 : 0000000000000000
x8 : 00000000000000c0 x7 : 0000000000000000 x6 : ffff80008047caa0
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008048cd74
x2 : 0000000100000000 x1 : ffff0000c9511d00 x0 : 0000000000000000
Call trace:
__daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline] (P)
arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline] (P)
lock_acquire+0x16c/0x368 kernel/locking/lockdep.c:5871 (P)
fs_reclaim_acquire+0xb8/0x110 mm/page_alloc.c:4342
might_alloc include/linux/sched/mm.h:317 [inline]
slab_pre_alloc_hook mm/slub.c:4520 [inline]
slab_alloc_node mm/slub.c:4875 [inline]
kmem_cache_alloc_noprof+0x58/0x610 mm/slub.c:4905
sk_prot_alloc+0x60/0x1ec net/core/sock.c:2241
sk_alloc+0x44/0x3a0 net/core/sock.c:2303
tipc_sk_create+0xd0/0x1b90 net/tipc/socket.c:486
tipc_accept+0x3ec/0xd14 net/tipc/socket.c:2740
kernel_accept+0x178/0x2c8 net/socket.c:3705
tipc_topsrv_accept+0xcc/0x250 net/tipc/topsrv.c:472
process_one_work kernel/workqueue.c:3314 [inline]
process_scheduled_works+0x79c/0x1098 kernel/workqueue.c:3397
worker_thread+0x754/0xba0 kernel/workqueue.c:3478
kthread+0x2f8/0x3c8 kernel/kthread.c:436
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:842
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 18509 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 23400005 (nzCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline]
pc : _raw_spin_unlock_irqrestore+0x44/0x98 kernel/locking/spinlock.c:198
lr : __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline]
lr : _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:198
sp : ffff8000950b6fa0
x29: ffff8000950b6fa0 x28: 1fffffbff896a660 x27: dfff800000000000
x26: ffff00012d4cd000 x25: 0000000000000000 x24: 0000000000000001
x23: ffff00012d4cc000 x22: 0000000000000002 x21: 0000000000000000
x20: ffff80008e753a38 x19: 0000000000000000 x18: 1fffe00035c23420
x17: 0000000000000002 x16: 0000000000000000 x15: 000000000000e43d
x14: 1fffe00035c26a20 x13: 0000000000000001 x12: 0000000000000000
x11: ffff800080154b2c x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 00000000000000c0 x7 : 0000000000000000 x6 : ffff800081941b2c
x5 : 0000000000000000 x4 : 0000000000000008 x3 : ffff800080154bd4
x2 : 0000000000000000 x1 : ffff0000da530000 x0 : ffff80008675f3d4
Call trace:
__daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline] (P)
arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline] (P)
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] (P)
_raw_spin_unlock_irqrestore+0x44/0x98 kernel/locking/spinlock.c:198 (P)
__debug_check_no_obj_freed lib/debugobjects.c:1125 [inline]
debug_check_no_obj_freed+0x2e4/0x3c0 lib/debugobjects.c:1146
__free_pages_prepare mm/page_alloc.c:1409 [inline]
free_unref_folios+0x568/0x1410 mm/page_alloc.c:3004
folios_put_refs+0x7c8/0x8c4 mm/swap.c:1008
free_pages_and_swap_cache+0x368/0x3e0 mm/swap_state.c:404
__tlb_batch_free_encoded_pages mm/mmu_gather.c:138 [inline]
tlb_batch_pages_flush mm/mmu_gather.c:151 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:417 [inline]
tlb_flush_mmu+0xf0/0x33c mm/mmu_gather.c:424
tlb_finish_mmu+0xf4/0x228 mm/mmu_gather.c:549
exit_mmap+0x3d0/0xaf8 mm/mmap.c:1313
__mmput+0xe4/0x2f0 kernel/fork.c:1178
mmput+0x70/0xa8 kernel/fork.c:1201
exit_mm+0x190/0x26c kernel/exit.c:582
do_exit+0x518/0x1a6c kernel/exit.c:964
do_group_exit+0x194/0x22c kernel/exit.c:1119
get_signal+0xfb0/0x1094 kernel/signal.c:3037
arch_do_signal_or_restart+0x290/0x43a0 arch/arm64/kernel/signal.c:1665
__exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
exit_to_user_mode_loop+0x70/0x17c kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline]
arm64_syscall_exit_to_user_mode arch/arm64/kernel/entry-common.c:88 [inline]
el0_svc+0x18c/0x260 arch/arm64/kernel/entry-common.c:741
el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages