CVE-2022-50445

In the Linux kernel, the following vulnerability has been resolved:

xfrm: Reinject transport-mode packets through workqueue

The following warning is displayed when the tcp6-multi-diffip11 stress test case of the LTP test suite is tested:

watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [ns-tcpserver:48198] CPU: 0 PID: 48198 Comm: ns-tcpserver Kdump: loaded Not tainted 6.0.0-rc6+ #39 Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : des3edeencrypt+0x27c/0x460 [libdes] lr : 0x3f sp : ffff80000ceaa1b0 x29: ffff80000ceaa1b0 x28: ffff0000df056100 x27: ffff0000e51e5280 x26: ffff80004df75030 x25: ffff0000e51e4600 x24: 000000000000003b x23: 0000000000802080 x22: 000000000000003d x21: 0000000000000038 x20: 0000000080000020 x19: 000000000000000a x18: 0000000000000033 x17: ffff0000e51e4780 x16: ffff80004e2d1448 x15: ffff80004e2d1248 x14: ffff0000e51e4680 x13: ffff80004e2d1348 x12: ffff80004e2d1548 x11: ffff80004e2d1848 x10: ffff80004e2d1648 x9 : ffff80004e2d1748 x8 : ffff80004e2d1948 x7 : 000000000bcaf83d x6 : 000000000000001b x5 : ffff80004e2d1048 x4 : 00000000761bf3bf x3 : 000000007f1dd0a3 x2 : ffff0000e51e4780 x1 : ffff0000e3b9a2f8 x0 : 00000000db44e872 Call trace: des3edeencrypt+0x27c/0x460 [libdes] cryptodes3edeencrypt+0x1c/0x30 [desgeneric] cryptocbcencrypt+0x148/0x190 cryptoskcipherencrypt+0x2c/0x40 cryptoauthencencrypt+0xc8/0xfc [authenc] cryptoaeadencrypt+0x2c/0x40 echainivencrypt+0x144/0x1a0 [echainiv] cryptoaeadencrypt+0x2c/0x40 esp6outputtail+0x1c8/0x5d0 [esp6] esp6output+0x120/0x278 [esp6] xfrmoutputone+0x458/0x4ec xfrmoutputresume+0x6c/0x1f0 xfrm_output+0xac/0x4ac __xfrm6output+0x130/0x270 xfrm6output+0x60/0xec ip6xmit+0x2ec/0x5bc inet6csk_xmit+0xbc/0x10c __tcptransmitskb+0x460/0x8c0 tcpwritexmit+0x348/0x890 __tcppushpending_frames+0x44/0x110 tcprcvestablished+0x3c8/0x720 tcpv6dorcv+0xdc/0x4a0 tcpv6rcv+0xc24/0xcb0 ip6protocoldeliverrcu+0xf0/0x574 ip6inputfinish+0x48/0x7c ip6input+0x48/0xc0 ip6rcvfinish+0x80/0x9c xfrmtransreinject+0xb0/0xf4 taskletactioncommon.constprop.0+0xf8/0x134 taskletaction+0x30/0x3c __dosoftirq+0x128/0x368 dosoftirq+0xb4/0xc0 __localbhenableip+0xb0/0xb4 putcpufpsimdcontext+0x40/0x70 kernelneonend+0x20/0x40 sha1basedoupdate.constprop.0.isra.0+0x11c/0x140 [sha1ce] sha1cefinup+0x94/0x110 [sha1ce] cryptoshashfinup+0x34/0xc0 hmacfinup+0x48/0xe0 cryptoshashfinup+0x34/0xc0 shashdigestunaligned+0x74/0x90 cryptoshashdigest+0x4c/0x9c shashahashdigest+0xc8/0xf0 shashasyncdigest+0x28/0x34 cryptoahashdigest+0x48/0xcc cryptoauthencgenicv+0x88/0xcc [authenc] cryptoauthencencrypt+0xd8/0xfc [authenc] cryptoaeadencrypt+0x2c/0x40 echainivencrypt+0x144/0x1a0 [echainiv] cryptoaeadencrypt+0x2c/0x40 esp6outputtail+0x1c8/0x5d0 [esp6] esp6output+0x120/0x278 [esp6] xfrmoutputone+0x458/0x4ec xfrmoutputresume+0x6c/0x1f0 xfrm_output+0xac/0x4ac __xfrm6output+0x130/0x270 xfrm6output+0x60/0xec ip6xmit+0x2ec/0x5bc inet6csk_xmit+0xbc/0x10c __tcptransmitskb+0x460/0x8c0 tcpwritexmit+0x348/0x890 __tcppushpending_frames+0x44/0x110 tcppush+0xb4/0x14c tcpsendmsglocked+0x71c/0xb64 tcpsendmsg+0x40/0x6c inet6sendmsg+0x4c/0x80 socksendmsg+0x5c/0x6c __sys_sendto+0x128/0x15c _arm64syssendto+0x30/0x40 invokesyscall+0x50/0x120 el0svccommon.constprop.0+0x170/0x194 doel0svc+0x38/0x4c el0svc+0x28/0xe0 el0t64synchandler+0xbc/0x13c el0t64sync+0x180/0x184

Get softirq info by bcc tool: ./softirqs -NT 10 Tracing soft irq event time... Hit Ctrl-C to end.

15:34:34 SOFTIRQ TOTALnsecs block 158990 timer 20030920 sched 46577080 netrx 676746820 tasklet 9906067650

15:34:45 SOFTIRQ TOTALnsecs block 86100 sched 38849790 netrx
---truncated---