syzbot


BUG: soft lockup in neigh_timer_handler

Status: auto-obsoleted due to no activity on 2023/03/12 06:57
Reported-by: syzbot+e8b9b40f2d14d6af88f0@syzkaller.appspotmail.com
First crash: 1000d, last: 742d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 BUG: soft lockup in neigh_timer_handler 2 457d 465d 0/2 auto-obsoleted due to no activity on 2023/11/22 05:43
linux-4.14 BUG: soft lockup in neigh_timer_handler 3 1010d 1053d 0/1 auto-closed as invalid on 2022/06/16 21:59
android-6-1 BUG: soft lockup in neigh_timer_handler 2 371d 393d 0/2 auto-obsoleted due to no activity on 2024/02/16 02:11
android-54 BUG: soft lockup in neigh_timer_handler 3 156d 167d 0/2 auto-obsoleted due to no activity on 2024/09/18 13:19
upstream BUG: soft lockup in neigh_timer_handler net 1 489d 464d 0/28 auto-obsoleted due to no activity on 2023/10/20 21:15
upstream INFO: rcu detected stall in neigh_timer_handler (8) net C done done 72 104d 163d 28/28 fixed on 2024/10/21 12:45
upstream INFO: rcu detected stall in neigh_timer_handler (7) net 1 1320d 1320d 0/28 auto-closed as invalid on 2021/07/11 19:14
linux-6.1 INFO: rcu detected stall in neigh_timer_handler 4 59d 169d 0/3 upstream: reported on 2024/06/06 22:02

Sample crash report:
watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [swapper/0:0]
Modules linked in:
irq event stamp: 1253961
hardirqs last  enabled at (1253960): [<ffffffff8129070b>] kvm_wait arch/x86/kernel/kvm.c:799 [inline]
hardirqs last  enabled at (1253960): [<ffffffff8129070b>] kvm_wait+0x14b/0x240 arch/x86/kernel/kvm.c:779
hardirqs last disabled at (1253961): [<ffffffff81003d00>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last  enabled at (1244374): [<ffffffff813925ad>] irq_enter+0xbd/0xd0 kernel/softirq.c:354
softirqs last disabled at (1244375): [<ffffffff813927d5>] invoke_softirq kernel/softirq.c:372 [inline]
softirqs last disabled at (1244375): [<ffffffff813927d5>] irq_exit+0x215/0x260 kernel/softirq.c:412
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61
Code: 48 89 df e8 f4 20 7f f9 e9 2e ff ff ff 48 89 df e8 e7 20 7f f9 eb 82 90 90 90 90 90 e9 07 00 00 00 0f 00 2d 14 43 4e 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 04 43 4e 00 f4 c3 90 90 41 56 41 55
RSP: 0018:ffff8880ba007300 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e3054 RBX: ffff88809143f768 RCX: 1ffffffff13cf13e
RDX: dffffc0000000000 RSI: ffffffff89e789d0 RDI: ffffffff89e78904
RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000286
R13: ffffed1012287eed R14: 0000000000000001 R15: ffff8880ba02be00
FS:  0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d4cfaa08e0 CR3: 00000000b38f2000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
 kvm_wait arch/x86/kernel/kvm.c:799 [inline]
 kvm_wait+0x179/0x240 arch/x86/kernel/kvm.c:779
 pv_wait arch/x86/include/asm/paravirt.h:689 [inline]
 pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:471 [inline]
 __pv_queued_spin_lock_slowpath+0x86a/0xae0 kernel/locking/qspinlock.c:474
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:679 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:53 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:88 [inline]
 do_raw_spin_lock+0x189/0x220 kernel/locking/spinlock_debug.c:113
 spin_lock include/linux/spinlock.h:329 [inline]
 __dev_xmit_skb net/core/dev.c:3469 [inline]
 __dev_queue_xmit+0x134e/0x2e00 net/core/dev.c:3807
 neigh_resolve_output+0x55a/0x910 net/core/neighbour.c:1374
 neigh_output include/net/neighbour.h:501 [inline]
 ip6_finish_output2+0x113d/0x2290 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x89b/0x10f0 net/ipv6/ip6_output.c:192
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip6_output+0x205/0x770 net/ipv6/ip6_output.c:209
 dst_output include/net/dst.h:455 [inline]
 ip6_local_out+0xaf/0x170 net/ipv6/output_core.c:160
 ip6_send_skb+0xb3/0x300 net/ipv6/ip6_output.c:1741
 ip6_push_pending_frames+0xbd/0xe0 net/ipv6/ip6_output.c:1761
 icmpv6_push_pending_frames+0x294/0x470 net/ipv6/icmp.c:288
 icmp6_send+0x1c0f/0x22c0 net/ipv6/icmp.c:584
 __icmpv6_send include/linux/icmpv6.h:28 [inline]
 icmpv6_send include/linux/icmpv6.h:49 [inline]
 ip6_link_failure+0x2d/0x4f0 net/ipv6/route.c:2297
 dst_link_failure include/net/dst.h:438 [inline]
 ndisc_error_report+0xc7/0x190 net/ipv6/ndisc.c:695
 neigh_invalidate+0x22c/0x540 net/core/neighbour.c:900
 neigh_timer_handler+0x9b2/0xc70 net/core/neighbour.c:986
 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338
 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1696 [inline]
 run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709
 __do_softirq+0x265/0x980 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x215/0x260 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61
Code: 48 89 df e8 f4 20 7f f9 e9 2e ff ff ff 48 89 df e8 e7 20 7f f9 eb 82 90 90 90 90 90 e9 07 00 00 00 0f 00 2d 14 43 4e 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 04 43 4e 00 f4 c3 90 90 41 56 41 55
RSP: 0018:ffffffff89e07d40 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e3054 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff89e78904
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff89f18290
R13: 1ffffffff13c0fb2 R14: 0000000000000000 R15: 0000000000000000
 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
 default_idle+0x49/0x310 arch/x86/kernel/process.c:557
 cpuidle_idle_call kernel/sched/idle.c:153 [inline]
 do_idle+0x2ec/0x4b0 kernel/sched/idle.c:263
 cpu_startup_entry+0xc5/0xe0 kernel/sched/idle.c:369
 start_kernel+0x8d6/0x911 init/main.c:736
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 17387 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:arch_local_irq_disable arch/x86/include/asm/paravirt.h:794 [inline]
RIP: 0010:arch_local_irq_save arch/x86/include/asm/paravirt.h:807 [inline]
RIP: 0010:lock_release+0xe5/0x8b0 kernel/locking/lockdep.c:3923
Code: 00 0f 85 c3 06 00 00 48 83 3d c6 37 a6 08 00 0f 84 1b 05 00 00 9c 58 0f 1f 44 00 00 48 ba 00 00 00 00 00 fc ff df 48 89 04 24 <48> c7 c0 90 82 f1 89 48 c1 e8 03 80 3c 10 00 0f 85 7a 06 00 00 48
RSP: 0018:ffff88803cd8f258 EFLAGS: 00000286
RAX: 0000000000000286 RBX: ffff888044d8c5c0 RCX: ffffc9000943c000
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffff888044d8ce44
RBP: ffff88809e73f108 R08: 0000000000000024 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000074071 R12: 1ffff110079b1e4e
R13: ffffffff868c9b16 R14: ffff88809e73f0f0 R15: 0000000000000024
FS:  00007f9c1c881700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31322000 CR3: 000000009bf79000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline]
 _raw_spin_unlock+0x17/0x40 kernel/locking/spinlock.c:176
 spin_unlock include/linux/spinlock.h:369 [inline]
 tcf_police_act+0x786/0xe60 net/sched/act_police.c:268
 tcf_action_exec net/sched/act_api.c:618 [inline]
 tcf_action_exec+0x160/0x400 net/sched/act_api.c:598
 tcf_exts_exec include/net/pkt_cls.h:388 [inline]
 route4_classify+0x8d6/0x1420 net/sched/cls_route.c:183
 tcf_classify+0x120/0x3c0 net/sched/cls_api.c:979
 drr_classify net/sched/sch_drr.c:329 [inline]
 drr_enqueue+0x39e/0x8c0 net/sched/sch_drr.c:357
 __dev_xmit_skb net/core/dev.c:3494 [inline]
 __dev_queue_xmit+0x140a/0x2e00 net/core/dev.c:3807
 neigh_hh_output include/net/neighbour.h:491 [inline]
 neigh_output include/net/neighbour.h:499 [inline]
 ip_finish_output2+0xb6d/0x15a0 net/ipv4/ip_output.c:230
 ip_finish_output+0xae9/0x10b0 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip_output+0x203/0x5f0 net/ipv4/ip_output.c:406
 dst_output include/net/dst.h:455 [inline]
 ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
 ip_send_skb net/ipv4/ip_output.c:1452 [inline]
 ip_push_pending_frames+0x8b/0x140 net/ipv4/ip_output.c:1472
 raw_sendmsg+0x1e9d/0x29e0 net/ipv4/raw.c:677
 inet_sendmsg+0x132/0x5a0 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xc3/0x120 net/socket.c:661
 __sys_sendto+0x21a/0x320 net/socket.c:1899
 __do_sys_sendto net/socket.c:1911 [inline]
 __se_sys_sendto net/socket.c:1907 [inline]
 __x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f9c1e32f639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9c1c881168 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f9c1e450050 RCX: 00007f9c1e32f639
RDX: 0000000000000002 RSI: 0000000020000200 RDI: 0000000000000007
RBP: 00007f9c1e38aa41 R08: 0000000020000100 R09: 0000000000000010
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd2a90254f R14: 00007f9c1c881300 R15: 0000000000022000

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/11/12 06:57 linux-4.19.y 3f8a27f9e27b f42ee5d8 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 BUG: soft lockup in neigh_timer_handler
2022/10/03 15:15 linux-4.19.y 3f8a27f9e27b feb56351 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 BUG: soft lockup in neigh_timer_handler
2022/06/24 23:14 linux-4.19.y 3f8a27f9e27b a371c43c .config console log report info ci2-linux-4-19 BUG: soft lockup in neigh_timer_handler
2022/02/26 15:33 linux-4.19.y 3f8a27f9e27b 45a13a73 .config console log report info ci2-linux-4-19 BUG: soft lockup in neigh_timer_handler
* Struck through repros no longer work on HEAD.