syzbot

 sign-in | mailing list | source | docs
🐞 Open [992] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12528] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: task hung in register_netdevice_notifier (3)

Status: auto-obsoleted due to no activity on 2023/08/11 21:16
Subsystems: net
[Documentation on labels]
First crash: 423d, last: 350d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 INFO: task hung in register_netdevice_notifier 64 1070d 1828d 0/1 auto-closed as invalid on 2021/09/21 07:27
upstream INFO: task hung in register_netdevice_notifier (2) can wireless syz done 10555 1044d 1649d 20/26 fixed on 2021/11/10 00:50
upstream INFO: task hung in register_netdevice_notifier can 602 2206d 2219d 0/26 closed as invalid on 2018/05/03 10:15
upstream INFO: task can't die in register_netdevice_notifier can 94 1035d 1334d 0/26 auto-closed as invalid on 2021/08/27 02:37

Sample crash report:
INFO: task syz-executor.3:1859 blocked for more than 143 seconds.
      Not tainted 6.4.0-rc1-syzkaller-00138-gd4d58949a6ea #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.3  state:D stack:24424 pid:1859  ppid:1      flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5343 [inline]
 __schedule+0xc9a/0x5880 kernel/sched/core.c:6669
 schedule+0xde/0x1a0 kernel/sched/core.c:6745
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6804
 rwsem_down_write_slowpath+0x3e2/0x1220 kernel/locking/rwsem.c:1178
 __down_write_common kernel/locking/rwsem.c:1306 [inline]
 __down_write kernel/locking/rwsem.c:1315 [inline]
 down_write+0x1d2/0x200 kernel/locking/rwsem.c:1574
 register_netdevice_notifier+0x22/0x270 net/core/dev.c:1710
 devlink_alloc_ns+0x144/0xac0 net/devlink/core.c:208
 nsim_drv_probe+0xba/0x13d0 drivers/net/netdevsim/dev.c:1533
 call_driver_probe drivers/base/dd.c:579 [inline]
 really_probe+0x240/0xca0 drivers/base/dd.c:658
 __driver_probe_device+0x1df/0x4b0 drivers/base/dd.c:800
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830
 __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:958
 bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:457
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1030
 bus_probe_device+0x17c/0x1c0 drivers/base/bus.c:532
 device_add+0x112d/0x1a40 drivers/base/core.c:3625
 nsim_bus_dev_new drivers/net/netdevsim/bus.c:290 [inline]
 new_device_store+0x40e/0x690 drivers/net/netdevsim/bus.c:167
 bus_attr_store+0x76/0xa0 drivers/base/bus.c:170
 sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136
 kernfs_fop_write_iter+0x3f1/0x600 fs/kernfs/file.c:334
 call_write_iter include/linux/fs.h:1868 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x945/0xd50 fs/read_write.c:584
 ksys_write+0x12b/0x250 fs/read_write.c:637
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f9022c3deef
RSP: 002b:00007f9022ecf220 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f9022c3deef
RDX: 0000000000000003 RSI: 00007f9022ecf270 RDI: 0000000000000005
RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9022ecf1c0
R10: 0000000000000000 R11: 0000000000000293 R12: 00007f9022ce78da
R13: 00007f9022ecf270 R14: 0000000000000000 R15: 00007f9022ecf940
 </TASK>

Showing all locks held in the system:
1 lock held by rcu_tasks_kthre/13:
 #0: ffffffff8c798430 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 kernel/rcu/tasks.h:518
1 lock held by rcu_tasks_trace/14:
 #0: ffffffff8c798130 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 kernel/rcu/tasks.h:518
5 locks held by ksoftirqd/0/15:
1 lock held by khungtaskd/28:
 #0: ffffffff8c799040 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340 kernel/locking/lockdep.c:6545
2 locks held by getty/4758:
 #0: ffff888028a1f098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc900015802f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 drivers/tty/n_tty.c:2176
3 locks held by kworker/0:12/7023:
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1324 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:643 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:670 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 kernel/workqueue.c:2376
 #1: ffffc90015117db0 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 kernel/workqueue.c:2380
 #2: ffffffff8e114aa8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:75
3 locks held by kworker/u4:1/25840:
3 locks held by kworker/1:4/28762:
 #0: ffff888027ee8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888027ee8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888027ee8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1324 [inline]
 #0: ffff888027ee8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:643 [inline]
 #0: ffff888027ee8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:670 [inline]
 #0: ffff888027ee8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 kernel/workqueue.c:2376
 #1: ffffc9000b647db0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 kernel/workqueue.c:2380
 #2: ffffffff8e114aa8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4630
5 locks held by kworker/u4:3/30181:
 #0: ffff888014267938 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888014267938 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888014267938 ((wq_completion)netns){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1324 [inline]
 #0: ffff888014267938 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:643 [inline]
 #0: ffff888014267938 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:670 [inline]
 #0: ffff888014267938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 kernel/workqueue.c:2376
 #1: ffffc90005a07db0 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 kernel/workqueue.c:2380
 #2: ffffffff8e1010d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9f/0xb10 net/core/net_namespace.c:576
 #3: ffffffff8e114aa8 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0x92/0x5b0 net/core/dev.c:11377
 #4: ffffffff8c7a44b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:293 [inline]
 #4: ffffffff8c7a44b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x64a/0x770 kernel/rcu/tree_exp.h:992
2 locks held by kworker/1:11/32025:
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1324 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:643 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:670 [inline]
 #0: ffff888012472538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 kernel/workqueue.c:2376
 #1: ffffc90005cc7db0 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 kernel/workqueue.c:2380
3 locks held by kworker/0:9/32172:
 #0: ffff888027ee8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888027ee8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888027ee8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1324 [inline]
 #0: ffff888027ee8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:643 [inline]
 #0: ffff888027ee8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:670 [inline]
 #0: ffff888027ee8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 kernel/workqueue.c:2376
 #1: ffffc9000777fdb0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 kernel/workqueue.c:2380
 #2: ffffffff8e114aa8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4630
3 locks held by kworker/0:13/32178:
3 locks held by kworker/0:0/1844:
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1324 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:643 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:670 [inline]
 #0: ffff888012470d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 kernel/workqueue.c:2376
 #1: ffffc90003a7fdb0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 kernel/workqueue.c:2380
 #2: ffffffff8e114aa8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xf/0x70 net/core/link_watch.c:277
6 locks held by syz-executor.3/1859:
 #0: ffff88802cdfe460 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:637
 #1: ffff8880486ed088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x285/0x600 fs/kernfs/file.c:325
 #2: ffff888141321008 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2a9/0x600 fs/kernfs/file.c:326
 #3: ffffffff8d7f98a8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x170/0x690 drivers/net/netdevsim/bus.c:160
 #4: ffff88802568e0e8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline]
 #4: ffff88802568e0e8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x76/0x4b0 drivers/base/dd.c:1005
 #5: ffffffff8e1010d0 (pernet_ops_rwsem){++++}-{3:3}, at: register_netdevice_notifier+0x22/0x270 net/core/dev.c:1710
1 lock held by syz-executor.3/2179:
 #0: ffffffff8e1010d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4cb/0x8e0 net/core/net_namespace.c:487

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.4.0-rc1-syzkaller-00138-gd4d58949a6ea #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x29c/0x350 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x2a4/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
 watchdog+0xe16/0x1090 kernel/hung_task.c:379
 kthread+0x344/0x440 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 25839 Comm: kworker/u4:0 Not tainted 6.4.0-rc1-syzkaller-00138-gd4d58949a6ea #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Workqueue: bat_events batadv_nc_worker
RIP: 0010:__lock_acquire+0x92f/0x5df0 kernel/locking/lockdep.c:5047
Code: 45 85 c0 0f 84 db 05 00 00 49 8d 85 b8 0a 00 00 48 89 c2 48 89 44 24 70 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 <0f> 85 66 3f 00 00 8b 7c 24 18 4d 8b bd b8 0a 00 00 85 ff 0f 84 32
RSP: 0018:ffffc9000eb9f9b0 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: 00000000000006c9 RCX: ffffffff81658ca7
RDX: 1ffff1100297f8c7 RSI: 0000000000000008 RDI: ffffffff91527dd8
RBP: 0000000000000006 R08: 0000000000000000 R09: ffffffff91527ddf
R10: fffffbfff22a4fbb R11: 0000000000000000 R12: ffff888014bfc698
R13: ffff888014bfbb80 R14: 0000000000000001 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055c955aefa68 CR3: 000000007ead4000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 000000000000003b DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 lock_acquire kernel/locking/lockdep.c:5691 [inline]
 lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
 _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
 spin_lock_bh include/linux/spinlock.h:355 [inline]
 batadv_nc_purge_paths+0xdf/0x3c0 net/batman-adv/network-coding.c:442
 batadv_nc_worker+0x931/0xfe0 net/batman-adv/network-coding.c:722
 process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405
 worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552
 kthread+0x344/0x440 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
net_ratelimit: 13447 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)

Crashes (11):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/05/13 21:10 upstream d4d58949a6ea 2b9ba477 .config console log report info ci-upstream-kasan-gce INFO: task hung in register_netdevice_notifier
2023/04/12 09:08 upstream e62252bc55b6 1a1596b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce INFO: task hung in register_netdevice_notifier
2023/03/18 12:29 upstream 478a351ce0d6 7939252e .config console log report info ci-upstream-kasan-gce INFO: task hung in register_netdevice_notifier
2023/03/06 09:52 upstream f915322fe014 f8902b57 .config console log report info ci-upstream-kasan-gce-selinux-root INFO: task hung in register_netdevice_notifier
2023/03/01 15:41 upstream c0927a7a5391 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root INFO: task hung in register_netdevice_notifier
2023/04/24 10:43 upstream 457391b03803 c778c7f4 .config console log report info ci-upstream-kasan-gce-386 INFO: task hung in register_netdevice_notifier
2023/03/25 03:52 net f33642224e38 fbf0499a .config console log report info ci-upstream-net-this-kasan-gce INFO: task hung in register_netdevice_notifier
2023/03/22 01:32 net 032a954061af 8b4eb097 .config console log report info ci-upstream-net-this-kasan-gce INFO: task hung in register_netdevice_notifier
2023/04/21 08:57 net-next e315e7b83a22 2b32bd34 .config console log report info ci-upstream-net-kasan-gce INFO: task hung in register_netdevice_notifier
2023/04/19 14:50 net-next dce46f1b0cab 94b4184e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce INFO: task hung in register_netdevice_notifier
2023/04/11 13:48 net-next 9bc11460bea7 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce INFO: task hung in register_netdevice_notifier
* Struck through repros no longer work on HEAD.