BUG: soft lockup in addrconf_dad

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-5.15	BUG: soft lockup in addrconf_dad_work	1				1	737d	737d	0/3	auto-obsoleted due to no activity on 2023/10/25 16:01
upstream	INFO: rcu detected stall in addrconf_dad_work (5) net	1	C	done	inconclusive	14	108d	1780d	0/29	upstream: reported C repro on 2020/09/07 15:59
linux-4.19	BUG: soft lockup in addrconf_dad_work	1	C		error	55	914d	1256d	0/1	upstream: reported C repro on 2022/02/13 10:05
android-5-15	BUG: soft lockup in addrconf_dad_work	1				3	397d	452d	0/2	auto-obsoleted due to no activity on 2024/09/19 17:30
linux-5.15	INFO: rcu detected stall in addrconf_dad_work origin:lts-only	1	syz		done	5	5d01h	325d	0/3	upstream: reported syz repro on 2024/09/01 00:22

watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [kworker/0:2:3025] Modules linked in: irq event stamp: 38543 hardirqs last enabled at (38542): [<ffffffff8100672a>] trace_hardirqs_on_thunk+0x1a/0x20 arch/x86/entry/thunk_64.S:41 hardirqs last disabled at (38543): [<ffffffff8100674a>] trace_hardirqs_off_thunk+0x1a/0x20 arch/x86/entry/thunk_64.S:42 softirqs last enabled at (10172): [<ffffffff86411d37>] spin_unlock_bh include/linux/spinlock.h:383 [inline] softirqs last enabled at (10172): [<ffffffff86411d37>] rt6_uncached_list_add+0x147/0x1a0 net/ipv6/route.c:140 softirqs last disabled at (10174): [<ffffffff863ae8b4>] lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline] softirqs last disabled at (10174): [<ffffffff863ae8b4>] ip6_finish_output2+0x214/0x2520 net/ipv6/ip6_output.c:102 CPU: 0 PID: 3025 Comm: kworker/0:2 Not tainted 5.3.0-rc7+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: ipv6_addrconf addrconf_dad_work RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x50 kernel/kcov.c:95 Code: 89 25 d4 7c 39 09 41 bc f4 ff ff ff e8 6d 9f e9 ff 48 c7 05 be 7c 39 09 00 00 00 00 e9 77 e9 ff ff 90 90 90 90 90 90 90 90 90 <55> 48 89 e5 65 48 8b 04 25 40 fe 01 00 65 8b 15 a4 88 8f 7e 81 e2 RSP: 0018:ffff88809fa66d50 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000000 RBX: ffff8880a14f47b8 RCX: ffffffff85c7dbb9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 RBP: ffff88809fa66da8 R08: ffff88809fa44280 R09: fffffbfff14e9555 R10: ffff88809fa44c78 R11: ffff88809fa44280 R12: dffffc0000000000 R13: ffff8880a14f44c0 R14: ffff8880a14f4850 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055aefde29110 CR3: 000000008fb64000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: dequeue_skb net/sched/sch_generic.c:258 [inline] qdisc_restart net/sched/sch_generic.c:361 [inline] __qdisc_run+0x1e7/0x19d0 net/sched/sch_generic.c:379 __dev_xmit_skb net/core/dev.c:3533 [inline] __dev_queue_xmit+0x16f1/0x3650 net/core/dev.c:3838 dev_queue_xmit+0x18/0x20 net/core/dev.c:3902 br_dev_queue_push_xmit+0x3f3/0x5c0 net/bridge/br_forward.c:52 NF_HOOK include/linux/netfilter.h:305 [inline] NF_HOOK include/linux/netfilter.h:299 [inline] br_forward_finish+0xfa/0x400 net/bridge/br_forward.c:65 NF_HOOK include/linux/netfilter.h:305 [inline] NF_HOOK include/linux/netfilter.h:299 [inline] __br_forward+0x641/0xb00 net/bridge/br_forward.c:109 deliver_clone+0x61/0xc0 net/bridge/br_forward.c:125 maybe_deliver+0x2c7/0x390 net/bridge/br_forward.c:181 br_flood+0x13a/0x3d0 net/bridge/br_forward.c:223 br_dev_xmit+0x98c/0x15a0 net/bridge/br_device.c:100 __netdev_start_xmit include/linux/netdevice.h:4419 [inline] netdev_start_xmit include/linux/netdevice.h:4433 [inline] xmit_one net/core/dev.c:3280 [inline] dev_hard_start_xmit+0x1a3/0x9c0 net/core/dev.c:3296 __dev_queue_xmit+0x2b15/0x3650 net/core/dev.c:3869 dev_queue_xmit+0x18/0x20 net/core/dev.c:3902 neigh_resolve_output net/core/neighbour.c:1490 [inline] neigh_resolve_output+0x5a5/0x970 net/core/neighbour.c:1470 neigh_output include/net/neighbour.h:511 [inline] ip6_finish_output2+0x1034/0x2520 net/ipv6/ip6_output.c:116 __ip6_finish_output+0x444/0xa50 net/ipv6/ip6_output.c:142 ip6_finish_output+0x38/0x1f0 net/ipv6/ip6_output.c:152 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip6_output+0x235/0x7c0 net/ipv6/ip6_output.c:175 dst_output include/net/dst.h:436 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] ndisc_send_skb+0xf29/0x1450 net/ipv6/ndisc.c:505 ndisc_send_ns+0x3a9/0x850 net/ipv6/ndisc.c:647 addrconf_dad_work+0xb88/0x1150 net/ipv6/addrconf.c:4120 process_one_work+0x9af/0x1740 kernel/workqueue.c:2269 worker_thread+0x98/0xe40 kernel/workqueue.c:2415 kthread+0x361/0x430 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 0 to CPUs 1: INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.301 msecs NMI backtrace for cpu 1 CPU: 1 PID: 2521 Comm: kworker/1:2 Not tainted 5.3.0-rc7+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: ipv6_addrconf addrconf_dad_work RIP: 0010:cpu_relax arch/x86/include/asm/processor.h:656 [inline] RIP: 0010:virt_spin_lock arch/x86/include/asm/qspinlock.h:84 [inline] RIP: 0010:native_queued_spin_lock_slowpath+0x132/0x9f0 kernel/locking/qspinlock.c:325 Code: 00 00 00 48 8b 45 d0 65 48 33 04 25 28 00 00 00 0f 85 37 07 00 00 48 81 c4 98 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 f3 90 <e9> 73 ff ff ff 8b 45 98 4c 8d 65 d8 3d 00 01 00 00 0f 84 e5 00 00 RSP: 0018:ffff8880ae908a60 EFLAGS: 00000202 RAX: 0000000000000000 RBX: ffff8880a14f45a8 RCX: ffffffff81595c37 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880a14f45a8 RBP: ffff8880ae908b20 R08: 1ffff1101429e8b5 R09: ffffed101429e8b6 R10: ffffed101429e8b5 R11: ffff8880a14f45ab R12: 0000000000000001 R13: 0000000000000003 R14: ffffed101429e8b5 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004c79a8 CR3: 00000000977e8000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:654 [inline] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:50 [inline] queued_spin_lock include/asm-generic/qspinlock.h:81 [inline] do_raw_spin_lock+0x20e/0x2e0 kernel/locking/spinlock_debug.c:113 __raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline] _raw_spin_lock+0x37/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:338 [inline] __dev_xmit_skb net/core/dev.c:3502 [inline] __dev_queue_xmit+0x14b8/0x3650 net/core/dev.c:3838 dev_queue_xmit+0x18/0x20 net/core/dev.c:3902 br_dev_queue_push_xmit+0x3f3/0x5c0 net/bridge/br_forward.c:52 br_nf_dev_queue_xmit+0x34e/0x1470 net/bridge/br_netfilter_hooks.c:796 NF_HOOK include/linux/netfilter.h:305 [inline] NF_HOOK include/linux/netfilter.h:299 [inline] br_nf_post_routing+0x1502/0x1d30 net/bridge/br_netfilter_hooks.c:844 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline] nf_hook_slow+0xbc/0x1e0 net/netfilter/core.c:512 nf_hook include/linux/netfilter.h:260 [inline] NF_HOOK include/linux/netfilter.h:303 [inline] br_forward_finish+0x215/0x400 net/bridge/br_forward.c:65 br_nf_hook_thresh+0x2e9/0x370 net/bridge/br_netfilter_hooks.c:1015 br_nf_forward_finish+0x66c/0xa90 net/bridge/br_netfilter_hooks.c:560 NF_HOOK include/linux/netfilter.h:305 [inline] NF_HOOK include/linux/netfilter.h:299 [inline] br_nf_forward_ip net/bridge/br_netfilter_hooks.c:630 [inline] br_nf_forward_ip+0xc74/0x21e0 net/bridge/br_netfilter_hooks.c:571 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline] nf_hook_slow+0xbc/0x1e0 net/netfilter/core.c:512 nf_hook include/linux/netfilter.h:260 [inline] NF_HOOK include/linux/netfilter.h:303 [inline] __br_forward+0x393/0xb00 net/bridge/br_forward.c:109 deliver_clone+0x61/0xc0 net/bridge/br_forward.c:125 br_flood+0x325/0x3d0 net/bridge/br_forward.c:232 br_handle_frame_finish+0xb46/0x1670 net/bridge/br_input.c:162 br_nf_hook_thresh+0x2e9/0x370 net/bridge/br_netfilter_hooks.c:1015 br_nf_pre_routing_finish_ipv6+0x6fb/0xd80 net/bridge/br_netfilter_ipv6.c:206 NF_HOOK include/linux/netfilter.h:305 [inline] br_nf_pre_routing_ipv6+0x456/0x832 net/bridge/br_netfilter_ipv6.c:236 br_nf_pre_routing+0x1743/0x2355 net/bridge/br_netfilter_hooks.c:501 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline] nf_hook_bridge_pre net/bridge/br_input.c:223 [inline] br_handle_frame+0x806/0x133e net/bridge/br_input.c:348 __netif_receive_skb_core+0xfc1/0x3060 net/core/dev.c:4907 __netif_receive_skb_one_core+0xa8/0x1a0 net/core/dev.c:5004 __netif_receive_skb+0x2c/0x1d0 net/core/dev.c:5120 process_backlog+0x206/0x750 net/core/dev.c:5951 napi_poll net/core/dev.c:6388 [inline] net_rx_action+0x4d6/0x1080 net/core/dev.c:6456 __do_softirq+0x262/0x98c kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x19b/0x1e0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:537 [inline] smp_apic_timer_interrupt+0x1a3/0x610 arch/x86/kernel/apic/apic.c:1133 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:830 </IRQ> RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:94 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:109 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:135 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:166 [inline] RIP: 0010:check_memory_region_inline mm/kasan/generic.c:182 [inline] RIP: 0010:check_memory_region+0x11a/0x1a0 mm/kasan/generic.c:192 Code: 8d 44 25 00 4d 85 c0 75 31 49 89 d9 49 29 c1 e9 68 ff ff ff 5b b8 01 00 00 00 41 5c 41 5d 5d c3 4d 85 c9 74 ef 4d 01 e1 eb 09 <48> 83 c0 01 4c 39 c8 74 e1 80 38 00 74 f2 eb 8c 4d 39 c2 74 4d e8 RSP: 0018:ffff8880a30cfa28 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: fffffbfff13321c8 RBX: fffffbfff13321c9 RCX: ffffffff81575838 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff89990e40 RBP: ffff8880a30cfa40 R08: 1ffffffff13321c8 R09: fffffbfff13321c9 R10: fffffbfff13321c8 R11: ffffffff89990e47 R12: fffffbfff13321c8 R13: ffff8880a30e8700 R14: 0000000000000000 R15: dffffc0000000000 __kasan_check_read+0x11/0x20 mm/kasan/common.c:92 atomic64_read include/asm-generic/atomic-instrumented.h:836 [inline] atomic_long_read include/asm-generic/atomic-long.h:28 [inline] __mutex_owner include/linux/mutex.h:75 [inline] mutex_spin_on_owner+0x88/0x330 kernel/locking/mutex.c:530 mutex_optimistic_spin kernel/locking/mutex.c:647 [inline] __mutex_lock_common kernel/locking/mutex.c:1026 [inline] __mutex_lock+0xb3c/0x13c0 kernel/locking/mutex.c:1077 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1092 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72 addrconf_dad_work+0xad/0x1150 net/ipv6/addrconf.c:4033 process_one_work+0x9af/0x1740 kernel/workqueue.c:2269 worker_thread+0x98/0xe40 kernel/workqueue.c:2415 kthread+0x361/0x430 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352