syzbot

 sign-in | mailing list | source | docs
🐞 Open [1512]
Subsystems
🐞 Fixed [6489]
🐞 Invalid [16491]
Missing Backports [200]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: soft lockup in br_hello_timer_expired

Status: closed as invalid on 2025/06/11 12:25
Subsystems: bridge
[Documentation on labels]
First crash: 97d, last: 97d

Sample crash report:
watchdog: BUG: soft lockup - CPU#1 stuck for 143s! [syz.6.424:7513]
Modules linked in:
irq event stamp: 19214313
hardirqs last  enabled at (19214312): [<ffffffff8b55e3c4>] irqentry_exit+0x74/0x90 kernel/entry/common.c:357
hardirqs last disabled at (19214313): [<ffffffff8b55cdbe>] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1049
softirqs last  enabled at (17484440): [<ffffffff8185c3fa>] __do_softirq kernel/softirq.c:613 [inline]
softirqs last  enabled at (17484440): [<ffffffff8185c3fa>] invoke_softirq kernel/softirq.c:453 [inline]
softirqs last  enabled at (17484440): [<ffffffff8185c3fa>] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
softirqs last disabled at (17484443): [<ffffffff8185c3fa>] __do_softirq kernel/softirq.c:613 [inline]
softirqs last disabled at (17484443): [<ffffffff8185c3fa>] invoke_softirq kernel/softirq.c:453 [inline]
softirqs last disabled at (17484443): [<ffffffff8185c3fa>] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
CPU: 1 UID: 0 PID: 7513 Comm: syz.6.424 Not tainted 6.15.0-rc4-syzkaller-g7b05f43155cb #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
RIP: 0010:rcu_read_unlock_special+0x87/0x4c0 kernel/rcu/tree_plugin.h:694
Code: f1 f1 f1 00 f2 f2 f2 4a 89 04 2b 66 42 c7 44 2b 09 f3 f3 42 c6 44 2b 0b f3 65 44 8b 35 e2 a3 cd 10 41 f7 c6 00 00 f0 00 74 49 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 66 42 c7 44 2b
RSP: 0018:ffffc90000a08060 EFLAGS: 00000206
RAX: a500429541f0aa00 RBX: 1ffff92000141014 RCX: a500429541f0aa00
RDX: 0000000000000002 RSI: ffffffff8d749fcc RDI: ffffffff8bc1cde0
RBP: ffffc90000a08158 R08: ffffffff8f7ed377 R09: 1ffffffff1efda6e
R10: dffffc0000000000 R11: fffffbfff1efda6f R12: ffffffff8df40c00
R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000002
FS:  0000000000000000(0000) GS:ffff8881261cc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4315327f98 CR3: 000000007fbf4000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 __rcu_read_unlock+0x84/0xe0 kernel/rcu/tree_plugin.h:438
 rcu_read_unlock include/linux/rcupdate.h:873 [inline]
 class_rcu_destructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0x19ae/0x2390 arch/x86/kernel/unwind_orc.c:680
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:319 [inline]
 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:345
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4161 [inline]
 slab_alloc_node mm/slub.c:4210 [inline]
 kmem_cache_alloc_node_noprof+0x1bb/0x3c0 mm/slub.c:4262
 kmalloc_reserve+0xbd/0x290 net/core/skbuff.c:577
 __alloc_skb+0x142/0x2d0 net/core/skbuff.c:668
 __netdev_alloc_skb+0x108/0x970 net/core/skbuff.c:732
 netdev_alloc_skb include/linux/skbuff.h:3413 [inline]
 dev_alloc_skb include/linux/skbuff.h:3426 [inline]
 br_send_bpdu+0xa2/0x940 net/bridge/br_stp_bpdu.c:40
 br_send_config_bpdu+0x45d/0x720 net/bridge/br_stp_bpdu.c:120
 br_transmit_config+0x3e6/0x6c0 net/bridge/br_stp.c:241
 br_config_bpdu_generation+0x123/0x1d0 net/bridge/br_stp.c:400
 br_hello_timer_expired+0x9b/0x1d0 net/bridge/br_stp_timer.c:37
 call_timer_fn+0x17b/0x5f0 kernel/time/timer.c:1789
 expire_timers kernel/time/timer.c:1840 [inline]
 __run_timers kernel/time/timer.c:2414 [inline]
 __run_timer_base+0x61a/0x860 kernel/time/timer.c:2426
 run_timer_base kernel/time/timer.c:2435 [inline]
 run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2445
 handle_softirqs+0x283/0x870 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:preempt_schedule_irq+0xb0/0x150 kernel/sched/core.c:7090
Code: 24 20 f6 44 24 21 02 74 0c 90 0f 0b 48 f7 03 08 00 00 00 74 64 bf 01 00 00 00 e8 eb c3 39 f6 e8 86 43 70 f6 fb bf 01 00 00 00 <e8> 4b ab ff ff 48 c7 44 24 40 00 00 00 00 9c 8f 44 24 40 8b 44 24
RSP: 0018:ffffc9000ca0f160 EFLAGS: 00000286
RAX: a500429541f0aa00 RBX: 0000000000000000 RCX: a500429541f0aa00
RDX: 0000000000000006 RSI: ffffffff8d749fcc RDI: 0000000000000001
RBP: ffffc9000ca0f200 R08: ffffffff8f7ed377 R09: 1ffffffff1efda6e
R10: dffffc0000000000 R11: fffffbfff1efda6f R12: 0000000000000000
R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92001941e2c
 irqentry_exit+0x6f/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:104 [inline]
RIP: 0010:__local_bh_enable_ip+0x135/0x1c0 kernel/softirq.c:414
Code: 8b e8 ef 3b d0 09 65 66 8b 05 2f 89 ef 10 66 85 c0 75 5a bf 01 00 00 00 e8 28 07 0b 00 e8 13 85 41 00 fb 65 8b 05 0b 89 ef 10 <85> c0 75 05 e8 72 cd ad ff 48 c7 04 24 0e 36 e0 45 4b c7 04 37 00
RSP: 0018:ffffc9000ca0f2c0 EFLAGS: 00000282
RAX: 0000000000000000 RBX: 0000000000000201 RCX: a500429541f0aa00
RDX: 0000000000000006 RSI: ffffffff8d749fcc RDI: ffffffff8bc1cde0
RBP: ffffc9000ca0f350 R08: ffffffff8f7ed377 R09: 1ffffffff1efda6e
R10: dffffc0000000000 R11: fffffbfff1efda6f R12: ffffffff8a0a61e4
R13: ffff88805e11ee08 R14: dffffc0000000000 R15: 1ffff92001941e58
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 addrconf_ifdown+0x694/0x1880 net/ipv6/addrconf.c:3908
 addrconf_notify+0x1bc/0x1010 net/ipv6/addrconf.c:-1
 notifier_call_chain+0x1b3/0x3e0 kernel/notifier.c:85
 call_netdevice_notifiers_extack net/core/dev.c:2214 [inline]
 call_netdevice_notifiers net/core/dev.c:2228 [inline]
 dev_close_many+0x29c/0x410 net/core/dev.c:1731
 unregister_netdevice_many_notify+0x834/0x2330 net/core/dev.c:11952
 unregister_netdevice_many net/core/dev.c:12046 [inline]
 unregister_netdevice_queue+0x33c/0x380 net/core/dev.c:11889
 unregister_netdevice include/linux/netdevice.h:3374 [inline]
 __tun_detach+0xda4/0x1560 drivers/net/tun.c:620
 tun_detach drivers/net/tun.c:636 [inline]
 tun_chr_close+0x10a/0x1c0 drivers/net/tun.c:3390
 __fput+0x449/0xa70 fs/file_table.c:465
 task_work_run+0x1d1/0x260 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x8d6/0x2550 kernel/exit.c:953
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1102
 get_signal+0x125e/0x1310 kernel/signal.c:3034
 arch_do_signal_or_restart+0x95/0x780 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x8b/0x120 kernel/entry/common.c:218
 do_syscall_64+0x103/0x210 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7efc0818e969
Code: Unable to access opcode bytes at 0x7efc0818e93f.
RSP: 002b:00007efc08f38fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
RAX: fffffffffffffff4 RBX: 00007efc083b5fa0 RCX: 00007efc0818e969
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011
RBP: 00007efc08210ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 00007efc083b5fa0 R15: 00007ffc8bed4c98
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 1299 Comm: aoe_tx0 Not tainted 6.15.0-rc4-syzkaller-g7b05f43155cb #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
RIP: 0010:io_serial_in+0x77/0xc0 drivers/tty/serial/8250/8250_port.c:409
Code: e8 de 43 82 fc 44 89 f9 d3 e3 49 83 c6 40 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 df 34 e4 fc 41 03 1e 89 da ec <0f> b6 c0 5b 41 5c 41 5e 41 5f c3 cc cc cc cc cc 44 89 f9 80 e1 07
RSP: 0018:ffffc9000422ef18 EFLAGS: 00000006
RAX: 1ffffffff3369705 RBX: 00000000000003f9 RCX: 0000000000000000
RDX: 00000000000003f9 RSI: 0000000000000000 RDI: 0000000000000020
RBP: ffffc9000422f0f0 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: ffffffff853d7aa0 R12: dffffc0000000000
R13: dffffc0000000000 R14: ffffffff99b4bbc0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881260cc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb99bab1e43 CR3: 000000007fbf4000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <TASK>
 serial_port_in include/linux/serial_core.h:791 [inline]
 serial8250_console_write+0x581/0x1ba0 drivers/tty/serial/8250/8250_port.c:3420
 console_emit_next_record kernel/printk/printk.c:3138 [inline]
 console_flush_all+0x725/0xc40 kernel/printk/printk.c:3226
 __console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
 console_unlock+0xc4/0x270 kernel/printk/printk.c:3325
 vprintk_emit+0x5b7/0x7a0 kernel/printk/printk.c:2450
 dev_vprintk_emit+0x337/0x3f0 drivers/base/core.c:4917
 dev_printk_emit+0xe0/0x130 drivers/base/core.c:4928
 __netdev_printk+0x3d7/0x4d0 net/core/dev.c:12403
 netdev_warn+0x10a/0x160 net/core/dev.c:12456
 ieee802154_subif_start_xmit+0x136/0x190 net/mac802154/tx.c:232
 __netdev_start_xmit include/linux/netdevice.h:5203 [inline]
 netdev_start_xmit include/linux/netdevice.h:5212 [inline]
 xmit_one net/core/dev.c:3776 [inline]
 dev_hard_start_xmit+0x2ff/0x880 net/core/dev.c:3792
 sch_direct_xmit+0x241/0x4b0 net/sched/sch_generic.c:343
 __dev_xmit_skb net/core/dev.c:4018 [inline]
 __dev_queue_xmit+0x17b6/0x3a70 net/core/dev.c:4595
 dev_queue_xmit include/linux/netdevice.h:3350 [inline]
 tx+0x6b/0x190 drivers/block/aoe/aoenet.c:62
 kthread+0x1cd/0x3e0 drivers/block/aoe/aoecmd.c:1237
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/01 21:49 bpf-next 7b05f43155cb 51b137cd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce BUG: soft lockup in br_hello_timer_expired
* Struck through repros no longer work on HEAD.