syzbot

 sign-in | mailing list | source | docs
🐞 Open [196] 🐞 Fixed [42] 🐞 Invalid [470] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: task hung in ip6_tnl_exit_net

Status: auto-closed as invalid on 2019/05/06 17:26
Reported-by: syzbot+c714aa9679c9687ae558@syzkaller.appspotmail.com
First crash: 1994d, last: 1994d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-414 INFO: task hung in ip6_tnl_exit_net 1 2040d 2040d 0/1 auto-closed as invalid on 2019/03/21 18:51
android-49 INFO: task hung in ip6_tnl_exit_net (2) 1 1791d 1791d 0/3 auto-closed as invalid on 2019/10/25 08:40

Sample crash report:
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
INFO: task kworker/u4:1:11010 blocked for more than 140 seconds.
      Not tainted 4.9.135+ #63
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:1    D25648 11010      2 0x90000000
Workqueue: netns cleanup_net
 ffff8801c6740000 0000000000000000 ffff8801d1768580 ffff8801da5faf80
 ffff8801db621018 ffff8801a36c78a8 ffffffff82806912 0000000000000003
 ffff8801c67408b0
 ffffed0038ce8115 00ff8801c6740000 ffff8801db6218f0Call Trace:
 [<ffffffff82807e3f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
 [<ffffffff828087c3>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3586
 [<ffffffff8280a83d>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
 [<ffffffff8280a83d>] mutex_lock_nested+0x38d/0x900 kernel/locking/mutex.c:621
 [<ffffffff82340e77>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
 [<ffffffff827adb2e>] ip6_tnl_exit_net+0x7e/0x5b0 net/ipv6/ip6_tunnel.c:2238
 [<ffffffff822e3a10>] ops_exit_list.isra.0+0xb0/0x160 net/core/net_namespace.c:136
 [<ffffffff822e6772>] cleanup_net+0x3f2/0x8b0 net/core/net_namespace.c:473
 [<ffffffff81130d61>] process_one_work+0x831/0x1530 kernel/workqueue.c:2092
 [<ffffffff81131b36>] worker_thread+0xd6/0x1140 kernel/workqueue.c:2226
 [<ffffffff811428dd>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff82816d5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373

Showing all locks held in the system:
2 locks held by khungtaskd/24:
 #0: 
 (rcu_read_lock){......}, at: [<ffffffff8131bb4c>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 (rcu_read_lock){......}, at: [<ffffffff8131bb4c>] watchdog+0x11c/0xa20 kernel/hung_task.c:239
 (tasklist_lock){.+.?..}, at: [<ffffffff813fe314>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
 #0: 
 (&f->f_pos_lock){+.+.+.}, at: [<ffffffff8156cc6c>] __fdget_pos+0xac/0xd0 fs/file.c:781
 #0: 
 (&tty->ldisc_sem){++++++}, at: [<ffffffff82814c62>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff81d36fc2>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
 #0: 
 (rtnl_mutex){+.+.+.}, at: [<ffffffff82340e77>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
 #0: 
 ("%s""netns"){.+.+.+}, at: [<ffffffff81130c6c>] process_one_work+0x73c/0x1530 kernel/workqueue.c:2085
 (net_cleanup_work){+.+.+.}, at: [<ffffffff81130ca4>] process_one_work+0x774/0x1530 kernel/workqueue.c:2089
 (net_mutex){+.+.+.}, at: [<ffffffff822e64bf>] cleanup_net+0x13f/0x8b0 net/core/net_namespace.c:439
 (rtnl_mutex){+.+.+.}, at: [<ffffffff82340e77>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
 #0: 
 ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff81130c6c>] process_one_work+0x73c/0x1530 kernel/workqueue.c:2085
 ((addr_chk_work).work){+.+...}, at: [<ffffffff81130ca4>] process_one_work+0x774/0x1530 kernel/workqueue.c:2089
 (rtnl_mutex){+.+.+.}, at: [<ffffffff82340e77>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.135+ #63
 ffff8801d9907d08
 ffffffff81b42b89 0000000000000000 0000000000000001 0000000000000001
 0000000000000001 ffffffff81098330 ffff8801d9907d40 ffffffff81b4dc99
 0000000000000001 0000000000000000 0000000000000003Call Trace:
 [<ffffffff81b42b89>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42b89>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81b4dc99>] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99
 [<ffffffff81b4dc2c>] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60
 [<ffffffff81098434>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff8131c0dd>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff8131c0dd>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff8131c0dd>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff8131c0dd>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
 [<ffffffff811428dd>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff82816d5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 921 Comm: syz-executor2 Not tainted 4.9.135+ #63
task: ffff8801a78197c0 task.stack: ffff880164b18000
RIP: 0010:[<ffffffff81005d7f>] c [<ffffffff81005d7f>] arch_local_save_flags arch/x86/include/asm/paravirt.h:763 [inline]
RIP: 0010:[<ffffffff81005d7f>] c [<ffffffff81005d7f>] prepare_exit_to_usermode arch/x86/entry/common.c:186 [inline]
RIP: 0010:[<ffffffff81005d7f>] c [<ffffffff81005d7f>] syscall_return_slowpath arch/x86/entry/common.c:263 [inline]
RIP: 0010:[<ffffffff81005d7f>] c [<ffffffff81005d7f>] do_syscall_32_irqs_on arch/x86/entry/common.c:334 [inline]
RIP: 0010:[<ffffffff81005d7f>] c [<ffffffff81005d7f>] do_int80_syscall_32+0x2df/0x580 arch/x86/entry/common.c:342
RSP: 0000:ffff880164b1ff00  EFLAGS: 00000093
RAX: 0000000000000093 RBX: ffff880164b1ff58 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81005d7d RDI: ffff8801a781a034
RBP: ffff880164b1ff48 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801a78197c0
R13: ffff880164b1ffd0 R14: ffff8801a78197c0 R15: 0000000000000000
FS:  00007f53dec82700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000001164358 CR3: 000000018949a000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Stack:
 0000000000000000c 0000000000000000c 0000000000000000c 0000000000000000c
 00000000ffffffdac 0000000000000000c 0000000000000000c 0000000000000000c
 0000000000000000c 0000000000000000c ffffffff82818254c 00000000ffffffffc
Call Trace:
 [<ffffffff82818254>] entry_INT80_compat+0x74/0xa0 arch/x86/entry/entry_64_compat.S:371
Code: cff c7f c00 c00 c49 c39 c85 c20 c13 c00 c00 c0f c85 c48 c01 c00 c00 ce8 c76 c57 c31 c00 c65 c48 c8b c04 c25 c00 c7e c01 c00 cf0 c80 c60 c03 c7f ce8 c63 c57 c31 c00 c9c c58 c<0f> c1f c44 c00 c00 cf6 cc4 c02 c0f c85 cac c00 c00 c00 ce8 c4e c57 c31 c00 ce8 c19 c

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/11/07 17:25 https://android.googlesource.com/kernel/common android-4.9 80af43361004 e85d2a61 .config console log report ci-android-49-kasan-gce-root
* Struck through repros no longer work on HEAD.