syzbot


INFO: task hung in addrconf_verify_work (2)

Status: fixed on 2019/11/04 14:50
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+cf0adbb9c28c8866c788@syzkaller.appspotmail.com
Fix commit: 39f13ea2f61b net: avoid potential infinite loop in tc_ctl_action()
First crash: 2270d, last: 1707d
Discussions (8)
Title Replies (including bot) Last reply
[PATCH 3.16 000/136] 3.16.80-rc1 review 140 (140) 2019/12/23 14:00
[PATCH 4.19 00/93] 4.19.81-stable review 107 (107) 2019/11/09 15:53
[PATCH 4.14 000/119] 4.14.151-stable review 132 (132) 2019/11/01 18:48
[PATCH 4.9 00/49] 4.9.198-stable review 55 (55) 2019/10/29 15:17
[PATCH 4.4 00/41] 4.4.198-stable review 52 (52) 2019/10/29 13:29
[PATCH 5.3 000/197] 5.3.8-stable review 203 (203) 2019/10/29 13:03
[PATCH net] net: avoid potential infinite loop in tc_ctl_action() 2 (2) 2019/10/16 03:21
INFO: task hung in addrconf_verify_work (2) 2 (3) 2019/10/14 18:02
Similar bugs (21)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-49 INFO: task hung in addrconf_verify_work 18 1718d 1890d 0/3 auto-closed as invalid on 2020/01/31 12:44
linux-6.1 INFO: task hung in addrconf_verify_work (2) 37 1d13h 138d 0/3 upstream: reported on 2024/01/29 22:05
linux-4.19 INFO: task hung in addrconf_verify_work (5) 3 704d 743d 0/1 auto-obsoleted due to no activity on 2022/11/10 09:18
linux-4.19 INFO: task hung in addrconf_verify_work (6) C error 4 485d 545d 0/1 upstream: reported C repro on 2022/12/19 15:22
linux-4.19 INFO: task hung in addrconf_verify_work (3) 1 1191d 1191d 0/1 auto-closed as invalid on 2021/07/11 07:19
linux-4.19 INFO: task hung in addrconf_verify_work (4) 6 885d 972d 0/1 auto-closed as invalid on 2022/05/13 00:19
linux-4.14 INFO: task hung in addrconf_verify_work (2) C error 7 483d 1327d 0/1 upstream: reported C repro on 2020/10/28 05:47
linux-4.19 INFO: task hung in addrconf_verify_work (2) 2 1331d 1420d 0/1 auto-closed as invalid on 2021/02/21 08:05
linux-5.15 INFO: task hung in addrconf_verify_work origin:upstream C 41 2d11h 26d 0/3 upstream: reported C repro on 2024/05/20 18:55
android-414 INFO: task hung in addrconf_verify_work C 6 1707d 1892d 0/1 public: reported C repro on 2019/04/12 00:01
upstream INFO: task hung in addrconf_verify_work (8) net C error 1159 15m 181d 0/27 upstream: reported C repro on 2023/12/18 14:44
android-44 INFO: task hung in addrconf_verify_work 3 2224d 2253d 0/2 auto-closed as invalid on 2019/02/22 14:29
linux-4.19 INFO: task hung in addrconf_verify_work 1 1550d 1550d 0/1 auto-closed as invalid on 2020/07/16 23:17
upstream INFO: task hung in addrconf_verify_work (3) C done 75 1321d 1355d 15/27 fixed on 2020/11/16 12:12
upstream INFO: task hung in addrconf_verify_work (5) net C done done 68 899d 991d 0/27 closed as invalid on 2022/02/01 17:39
upstream INFO: task hung in addrconf_verify_work (7) netfilter C error 64 199d 346d 0/27 closed as invalid on 2023/12/01 14:19
linux-6.1 INFO: task hung in addrconf_verify_work 2 408d 459d 0/3 auto-obsoleted due to no activity on 2023/08/23 09:09
linux-4.14 INFO: task hung in addrconf_verify_work 4 1476d 1548d 0/1 auto-closed as invalid on 2020/09/29 04:19
upstream INFO: task hung in addrconf_verify_work net C 2 2273d 2274d 0/27 closed as invalid on 2018/03/27 11:14
upstream INFO: task hung in addrconf_verify_work (4) C done 132 1212d 1299d 20/27 fixed on 2021/04/09 19:46
upstream INFO: task hung in addrconf_verify_work (6) C done 86 481d 719d 22/27 fixed on 2023/02/24 13:51

Sample crash report:
INFO: task kworker/1:0:17 blocked for more than 143 seconds.
      Not tainted 5.4.0-rc1+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:0     D26904    17      2 0x80004000
Workqueue: ipv6_addrconf addrconf_verify_work
Call Trace:
 context_switch kernel/sched/core.c:3384 [inline]
 __schedule+0x94f/0x1e70 kernel/sched/core.c:4069
 schedule+0xd9/0x260 kernel/sched/core.c:4136
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4195
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7b0/0x13c0 kernel/locking/mutex.c:1103
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
 addrconf_verify_work+0xe/0x20 net/ipv6/addrconf.c:4520
 process_one_work+0x9af/0x1740 kernel/workqueue.c:2269
 worker_thread+0x98/0xe40 kernel/workqueue.c:2415
 kthread+0x361/0x430 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

Showing all locks held in the system:
3 locks held by kworker/1:0/17:
 #0: ffff8882160cc628 ((wq_completion)ipv6_addrconf){+.+.}, at: __write_once_size include/linux/compiler.h:226 [inline]
 #0: ffff8882160cc628 ((wq_completion)ipv6_addrconf){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8882160cc628 ((wq_completion)ipv6_addrconf){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline]
 #0: ffff8882160cc628 ((wq_completion)ipv6_addrconf){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline]
 #0: ffff8882160cc628 ((wq_completion)ipv6_addrconf){+.+.}, at: set_work_data kernel/workqueue.c:620 [inline]
 #0: ffff8882160cc628 ((wq_completion)ipv6_addrconf){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:647 [inline]
 #0: ffff8882160cc628 ((wq_completion)ipv6_addrconf){+.+.}, at: process_one_work+0x88b/0x1740 kernel/workqueue.c:2240
 #1: ffff8880a9927dc0 ((addr_chk_work).work){+.+.}, at: process_one_work+0x8c1/0x1740 kernel/workqueue.c:2244
 #2: ffffffff899981a0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
1 lock held by khungtaskd/1064:
 #0: ffffffff88faae00 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:5337
1 lock held by rsyslogd/8660:
 #0: ffff8880930cd620 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:801
2 locks held by getty/8750:
 #0: ffff8880a7acaf10 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f2d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/8751:
 #0: ffff88808fa48bd0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f4b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/8752:
 #0: ffff88809189c250 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f432e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/8753:
 #0: ffff8880a7aca690 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f312e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/8754:
 #0: ffff88808fa49450 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f472e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/8755:
 #0: ffff8880a91673d0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f212e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/8756:
 #0: ffff88809189d350 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005f192e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
1 lock held by syz-executor687/8773:

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1064 Comm: khungtaskd Not tainted 5.4.0-rc1+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 nmi_cpu_backtrace.cold+0x70/0xb2 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x23b/0x28b lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline]
 watchdog+0x9d0/0xef0 kernel/hung_task.c:289
 kthread+0x361/0x430 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 0 to CPUs 1:
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.372 msecs
NMI backtrace for cpu 1
CPU: 1 PID: 8773 Comm: syz-executor687 Not tainted 5.4.0-rc1+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:check_memory_region+0x1f/0x1a0 mm/kasan/generic.c:191
Code: 00 66 2e 0f 1f 84 00 00 00 00 00 48 85 f6 0f 84 34 01 00 00 48 b8 ff ff ff ff ff 7f ff ff 55 0f b6 d2 48 39 c7 48 89 e5 41 55 <41> 54 53 0f 86 07 01 00 00 4c 8d 5c 37 ff 49 89 f8 48 b8 00 00 00
RSP: 0018:ffff88808665ed50 EFLAGS: 00000012
RAX: ffff7fffffffffff RBX: ffff8880ae935ac0 RCX: ffffffff8160d054
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880ae935ba0
RBP: ffff88808665ed58 R08: ffff88808c458500 R09: ffffed1015d26b75
R10: ffffed1015d26b74 R11: ffff8880ae935ba3 R12: ffff8880ae935ba0
R13: 0000000000000000 R14: ffff88808c458500 R15: ffffffff85d66353
FS:  0000000001cd3880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561e71f9b100 CR3: 00000000a43a3000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __kasan_check_read+0x11/0x20 mm/kasan/common.c:92
 atomic_read include/asm-generic/atomic-instrumented.h:26 [inline]
 rcu_dynticks_curr_cpu_in_eqs+0x54/0xb0 kernel/rcu/tree.c:301
 rcu_is_watching+0x10/0x30 kernel/rcu/tree.c:901
 rcu_read_unlock include/linux/rcupdate.h:649 [inline]
 is_bpf_text_address+0xe9/0x170 kernel/bpf/core.c:710
 kernel_text_address+0x73/0xf0 kernel/extable.c:147
 __kernel_text_address+0xd/0x40 kernel/extable.c:102
 unwind_get_return_address arch/x86/kernel/unwind_frame.c:19 [inline]
 unwind_get_return_address+0x61/0xa0 arch/x86/kernel/unwind_frame.c:14
 arch_stack_walk+0x97/0xf0 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0xac/0xe0 kernel/stacktrace.c:123
 save_stack+0x23/0x90 mm/kasan/common.c:69
 set_track mm/kasan/common.c:77 [inline]
 kasan_set_free_info mm/kasan/common.c:332 [inline]
 __kasan_slab_free+0x102/0x150 mm/kasan/common.c:471
 kasan_slab_free+0xe/0x10 mm/kasan/common.c:480
 __cache_free mm/slab.c:3425 [inline]
 kmem_cache_free+0x86/0x320 mm/slab.c:3693
 kfree_skbmem net/core/skbuff.c:623 [inline]
 kfree_skbmem+0xc5/0x150 net/core/skbuff.c:617
 __kfree_skb net/core/skbuff.c:680 [inline]
 kfree_skb net/core/skbuff.c:697 [inline]
 kfree_skb+0x109/0x3c0 net/core/skbuff.c:691
 netlink_attachskb+0x253/0x7c0 net/netlink/af_netlink.c:1216
 netlink_unicast+0x1fc/0x710 net/netlink/af_netlink.c:1337
 rtnetlink_send+0xf0/0x110 net/core/rtnetlink.c:716
 tcf_add_notify net/sched/act_api.c:1344 [inline]
 tcf_action_add+0x243/0x370 net/sched/act_api.c:1363
 tc_ctl_action+0x3b5/0x4bc net/sched/act_api.c:1411
 rtnetlink_rcv_msg+0x463/0xb00 net/core/rtnetlink.c:5223
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5241
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x531/0x710 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x8a5/0xd60 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:657
 ___sys_sendmsg+0x803/0x920 net/socket.c:2311
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2363
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x440939
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc22a6bbd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440939
RDX: 0000000020000010 RSI: 0000000020001480 RDI: 0000000000000003
RBP: 00000000006cb018 R08: 0000000000000002 R09: 00000000004002c8
R10: 0000000000000008 R11: 0000000000000246 R12: 00000000004021c0
R13: 0000000000402250 R14: 0000000000000000 R15: 0000000000000000

Crashes (22):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/14 04:43 net-old c23936fad79e 2f661ec4 .config console log report syz C ci-upstream-net-this-kasan-gce
2019/10/14 04:41 net-next-old c208bdb93788 2f661ec4 .config console log report syz C ci-upstream-net-kasan-gce
2019/01/19 17:03 upstream 2339e91d0e66 8aa587b0 .config console log report ci-upstream-kasan-gce-selinux-root
2018/11/15 04:40 upstream d41217aac0a5 5f5f6d14 .config console log report ci-upstream-kasan-gce-smack-root
2018/10/17 08:16 upstream b955a910d7fd 1ba7fd7e .config console log report ci-upstream-kasan-gce-smack-root
2018/07/08 07:37 upstream b2d44d145d2a c9a7a4dc .config console log report ci-upstream-kasan-gce-root
2018/07/06 11:45 upstream c42c12a90545 18403e65 .config console log report ci-upstream-kasan-gce-root
2018/07/05 01:26 upstream fc36def997cf e1b966c6 .config console log report ci-upstream-kasan-gce-root
2019/06/24 12:28 upstream 241e39004581 472f0082 .config console log report ci-upstream-kasan-gce-386
2019/05/03 14:17 net-old ea9866793d1e 1bfa09b9 .config console log report ci-upstream-net-this-kasan-gce
2019/03/14 07:05 bpf f48a920504e5 d09a902e .config console log report ci-upstream-bpf-kasan-gce
2018/08/13 11:32 net-old ec0c96714e7d 7a88b141 .config console log report ci-upstream-net-this-kasan-gce
2019/05/15 18:56 net-next-old 35c99ffa20ed 3345130d .config console log report ci-upstream-net-kasan-gce
2018/08/04 10:12 net-next-old a394b3af206c df7f6947 .config console log report ci-upstream-net-kasan-gce
2018/04/13 05:00 net-next-old 17dec0a94915 eb2295de .config console log report ci-upstream-net-kasan-gce
2018/04/09 10:36 net-next-old 17dec0a94915 f13fb445 .config console log report ci-upstream-net-kasan-gce
2018/03/30 08:21 net-next-old 18845557fd6f d47f0ed6 .config console log report ci-upstream-net-kasan-gce
2019/02/24 06:27 linux-next 94a47529a645 7a06e792 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/10/06 19:48 linux-next 12ffaa1197f5 8b311eaf .config console log report ci-upstream-linux-next-kasan-gce-root
2018/10/05 16:08 linux-next 12ffaa1197f5 8b311eaf .config console log report ci-upstream-linux-next-kasan-gce-root
2018/08/06 08:42 linux-next 116b181bb646 1beb8136 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/08/06 04:11 linux-next 116b181bb646 1beb8136 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.