[v5.15] INFO: task hung in __netlink_dump_start
2 views
Skip to first unread message
syzbot
Feb 17, 2024, 10:22:26 PMFeb 17
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 6139f2a02fe0 Linux 5.15.148
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15c1f43c180000
kernel config: https://syzkaller.appspot.com/x/.config?x=c170eb20d8be8542
dashboard link: https://syzkaller.appspot.com/bug?extid=070a3f54367800fa9f28
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2ac68f24aed3/disk-6139f2a0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e8982a3768c5/vmlinux-6139f2a0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/eb272dd019ce/bzImage-6139f2a0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+070a3f...@syzkaller.appspotmail.com
INFO: task dhcpcd:3176 blocked for more than 143 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:dhcpcd state:D stack:20512 pid: 3176 ppid: 3175 flags:0x00004002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
__netlink_dump_start+0x12e/0x6f0 net/netlink/af_netlink.c:2348
netlink_dump_start include/linux/netlink.h:258 [inline]
rtnetlink_rcv_msg+0xbfe/0xee0 net/core/rtnetlink.c:5593
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2505
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1924
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
__sys_sendto+0x564/0x720 net/socket.c:2058
__do_sys_sendto net/socket.c:2070 [inline]
__se_sys_sendto net/socket.c:2066 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2066
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f12c486aad7
RSP: 002b:00007ffdaefe4df8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007ffdaefe5f20 RCX: 00007f12c486aad7
RDX: 0000000000000014 RSI: 00007ffdaefe5e40 RDI: 0000000000000005
RBP: 00007ffdaefe5eb0 R08: 00007ffdaefe5e24 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000012
R13: 00007ffdaefe5e24 R14: 00007ffdaefe5e40 R15: 0000000000000105
</TASK>
INFO: task kworker/0:20:12597 blocked for more than 143 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:20 state:D stack:24736 pid:12597 ppid: 2 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
addrconf_dad_work+0xcc/0x1720 net/ipv6/addrconf.c:4096
process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
kthread+0x3f6/0x4f0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
</TASK>
INFO: task kworker/0:21:12607 blocked for more than 143 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:21 state:D stack:25144 pid:12607 ppid: 2 flags:0x00004000
Workqueue: events switchdev_deferred_process_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:74
process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
kthread+0x3f6/0x4f0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
</TASK>
INFO: task kworker/0:22:12609 blocked for more than 144 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:22 state:D stack:25176 pid:12609 ppid: 2 flags:0x00004000
Workqueue: events linkwatch_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
linkwatch_event+0xa/0x50 net/core/link_watch.c:251
process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
kthread+0x3f6/0x4f0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
</TASK>
INFO: task kworker/1:16:13613 blocked for more than 144 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:16 state:D stack:25688 pid:13613 ppid: 2 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
addrconf_dad_work+0xcc/0x1720 net/ipv6/addrconf.c:4096
process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
kthread+0x3f6/0x4f0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
</TASK>
INFO: task syz-executor.0:26542 blocked for more than 144 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0 state:D stack:21016 pid:26542 ppid: 1 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
rtnl_lock net/core/rtnetlink.c:72 [inline]
rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2505
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1924
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
__sys_sendto+0x564/0x720 net/socket.c:2058
__do_sys_sendto net/socket.c:2070 [inline]
__se_sys_sendto net/socket.c:2066 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2066
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f0d03fdda9c
RSP: 002b:00007ffe249abba0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f0d04c32620 RCX: 00007f0d03fdda9c
RDX: 0000000000000040 RSI: 00007f0d04c32670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffe249abbf4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f0d04c32670 R15: 0000000000000000
</TASK>
INFO: task syz-executor.2:26548 blocked for more than 144 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2 state:D stack:21624 pid:26548 ppid: 1 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
devlink_nl_port_fill+0x2ab/0x930 net/core/devlink.c:995
devlink_nl_cmd_port_get_dumpit+0x312/0x5d0 net/core/devlink.c:1276
genl_lock_dumpit+0x69/0x90 net/netlink/genetlink.c:615
netlink_dump+0x606/0xc40 net/netlink/af_netlink.c:2279
__netlink_dump_start+0x52f/0x6f0 net/netlink/af_netlink.c:2384
genl_family_rcv_msg_dumpit net/netlink/genetlink.c:678 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:772 [inline]
genl_rcv_msg+0xb8f/0x14a0 net/netlink/genetlink.c:792
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2505
genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1924
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
__sys_sendto+0x564/0x720 net/socket.c:2058
__do_sys_sendto net/socket.c:2070 [inline]
__se_sys_sendto net/socket.c:2066 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2066
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f01993d4a9c
RSP: 002b:00007ffd15bb7630 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f019a029620 RCX: 00007f01993d4a9c
RDX: 0000000000000034 RSI: 00007f019a029670 RDI: 0000000000000005
RBP: 0000000000000000 R08: 00007ffd15bb7684 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005
R13: 00007ffd15bb76f8 R14: 00007f019a029670 R15: 0000000000000000
</TASK>
INFO: task syz-executor.1:26550 blocked for more than 145 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1 state:D stack:21016 pid:26550 ppid: 1 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
rtnl_lock net/core/rtnetlink.c:72 [inline]
rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2505
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1924
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
__sys_sendto+0x564/0x720 net/socket.c:2058
__do_sys_sendto net/socket.c:2070 [inline]
__se_sys_sendto net/socket.c:2066 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2066
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f9e2a1c6a9c
RSP: 002b:00007fff1d5d3eb0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f9e2ae1b620 RCX: 00007f9e2a1c6a9c
RDX: 0000000000000028 RSI: 00007f9e2ae1b670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007fff1d5d3f04 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f9e2ae1b670 R15: 0000000000000000
</TASK>
INFO: task syz-executor.3:26552 blocked for more than 145 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.3 state:D stack:20736 pid:26552 ppid: 1 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
rtnl_lock net/core/rtnetlink.c:72 [inline]
rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2505
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1924
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
__sys_sendto+0x564/0x720 net/socket.c:2058
__do_sys_sendto net/socket.c:2070 [inline]
__se_sys_sendto net/socket.c:2066 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2066
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f513fb7aa9c
RSP: 002b:00007ffd88a89ba0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f51407cf620 RCX: 00007f513fb7aa9c
RDX: 0000000000000020 RSI: 00007f51407cf670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffd88a89bf4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f51407cf670 R15: 0000000000000000
</TASK>
INFO: task syz-executor.4:26799 blocked for more than 145 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4 state:D stack:27520 pid:26799 ppid: 26438 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
__tun_chr_ioctl+0x460/0x2270 drivers/net/tun.c:3046
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f51d0092da9
RSP: 002b:00007f51ce6130c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f51d01c0f80 RCX: 00007f51d0092da9
RDX: 0000000020000000 RSI: 00000000400454ca RDI: 0000000000000003
RBP: 00007f51d00df47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f51d01c0f80 R15: 00007ffc33e46da8
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/27:
#0: ffffffff8c91f220 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
1 lock held by dhcpcd/3176:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: __netlink_dump_start+0x12e/0x6f0 net/netlink/af_netlink.c:2348
2 locks held by getty/3265:
#0: ffff88802466c098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252
#1: ffffc90002bab2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 drivers/tty/n_tty.c:2158
2 locks held by kworker/u4:5/3615:
#0: ffff8880b9b39718 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475
#1: ffff8880b9b27848 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x53d/0x810 kernel/sched/psi.c:891
5 locks held by kworker/u4:1/6802:
#0: ffff888011dcd138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
#1: ffffc90003c9fd20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
#2: ffffffff8d9cead0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60 net/core/net_namespace.c:558
#3: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock_unregistering net/core/dev.c:11576 [inline]
#3: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0x1ac/0x3f0 net/core/dev.c:11614
#4: ffffffff8c9236f0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x9c/0x4e0 kernel/rcu/tree.c:4039
3 locks held by kworker/0:20/12597:
#0: ffff888023942938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
#1: ffffc90003337d20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
#2: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x1720 net/ipv6/addrconf.c:4096
3 locks held by kworker/0:21/12607:
#0: ffff888011c70d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
#1: ffffc90003467d20 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
#2: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:74
3 locks held by kworker/0:22/12609:
#0: ffff888011c70d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
#1: ffffc90002ed7d20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
#2: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 net/core/link_watch.c:251
3 locks held by kworker/1:7/12857:
#0: ffff888011c71d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
#1: ffffc9000456fd20 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
#2: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x7f/0xb70 net/wireless/reg.c:2436
3 locks held by kworker/1:16/13613:
#0: ffff888023942938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
#1: ffffc90004637d20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
#2: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x1720 net/ipv6/addrconf.c:4096
1 lock held by syz-executor.0/26542:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
6 locks held by syz-executor.2/26548:
#0: ffffffff8da39f50 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 net/netlink/genetlink.c:802
#1: ffff88809d543690 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}, at: netlink_dump+0xd0/0xc40 net/netlink/af_netlink.c:2227
#2: ffffffff8da39e08 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline]
#2: ffffffff8da39e08 (genl_mutex){+.+.}-{3:3}, at: genl_lock_dumpit+0x47/0x90 net/netlink/genetlink.c:614
#3: ffffffff8d9ffca8 (devlink_mutex){+.+.}-{3:3}, at: devlink_nl_cmd_port_get_dumpit+0xb5/0x5d0 net/core/devlink.c:1262
#4: ffff88808e61f250 (&devlink->lock){+.+.}-{3:3}, at: devlink_nl_cmd_port_get_dumpit+0x200/0x5d0 net/core/devlink.c:1270
#5: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: devlink_nl_port_fill+0x2ab/0x930 net/core/devlink.c:995
1 lock held by syz-executor.1/26550:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.3/26552:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.4/26799:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x460/0x2270 drivers/net/tun.c:3046
1 lock held by syz-executor.4/26801:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.0/26806:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.1/26813:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.3/26815:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.2/26817:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.4/26820:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.0/26824:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.3/26830:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.2/26834:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.1/26835:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
nmi_cpu_backtrace+0x46a/0x4a0 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x181/0x2a0 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
watchdog+0xe72/0xeb0 kernel/hung_task.c:295
kthread+0x3f6/0x4f0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 3503 Comm: syz-fuzzer Not tainted 5.15.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
RIP: 0033:0x422683
Code: 4c 8b 44 24 20 48 89 c1 48 8b 44 24 60 48 85 c9 0f 84 e6 00 00 00 48 89 c3 48 89 c8 e8 e6 05 00 00 48 8b 5c 24 60 48 8b 4b 18 <48> 81 f9 d0 07 00 00 0f 8c ac 00 00 00 90 48 8d 35 c8 86 e0 01 f0
RSP: 002b:000000c000a83f18 EFLAGS: 00000202
RAX: 0000000000000028 RBX: 000000c000043240 RCX: 0000000000000798
RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000006
RBP: 000000c000a83f68 R08: 0000000000000028 R09: 0000000000000000
R10: 0000000000000080 R11: 0000000000000020 R12: 0000000000000008
R13: 00000000013504e0 R14: 000000c000431d40 R15: 0000000000000003
FS: 000000c000c70490 GS: 0000000000000000
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 6139f2a02fe0 Linux 5.15.148
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15c1f43c180000
kernel config: https://syzkaller.appspot.com/x/.config?x=c170eb20d8be8542
dashboard link: https://syzkaller.appspot.com/bug?extid=070a3f54367800fa9f28
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2ac68f24aed3/disk-6139f2a0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e8982a3768c5/vmlinux-6139f2a0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/eb272dd019ce/bzImage-6139f2a0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+070a3f...@syzkaller.appspotmail.com
INFO: task dhcpcd:3176 blocked for more than 143 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:dhcpcd state:D stack:20512 pid: 3176 ppid: 3175 flags:0x00004002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
__netlink_dump_start+0x12e/0x6f0 net/netlink/af_netlink.c:2348
netlink_dump_start include/linux/netlink.h:258 [inline]
rtnetlink_rcv_msg+0xbfe/0xee0 net/core/rtnetlink.c:5593
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2505
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1924
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
__sys_sendto+0x564/0x720 net/socket.c:2058
__do_sys_sendto net/socket.c:2070 [inline]
__se_sys_sendto net/socket.c:2066 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2066
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f12c486aad7
RSP: 002b:00007ffdaefe4df8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007ffdaefe5f20 RCX: 00007f12c486aad7
RDX: 0000000000000014 RSI: 00007ffdaefe5e40 RDI: 0000000000000005
RBP: 00007ffdaefe5eb0 R08: 00007ffdaefe5e24 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000012
R13: 00007ffdaefe5e24 R14: 00007ffdaefe5e40 R15: 0000000000000105
</TASK>
INFO: task kworker/0:20:12597 blocked for more than 143 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:20 state:D stack:24736 pid:12597 ppid: 2 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
addrconf_dad_work+0xcc/0x1720 net/ipv6/addrconf.c:4096
process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
kthread+0x3f6/0x4f0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
</TASK>
INFO: task kworker/0:21:12607 blocked for more than 143 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:21 state:D stack:25144 pid:12607 ppid: 2 flags:0x00004000
Workqueue: events switchdev_deferred_process_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:74
process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
kthread+0x3f6/0x4f0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
</TASK>
INFO: task kworker/0:22:12609 blocked for more than 144 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:22 state:D stack:25176 pid:12609 ppid: 2 flags:0x00004000
Workqueue: events linkwatch_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
linkwatch_event+0xa/0x50 net/core/link_watch.c:251
process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
kthread+0x3f6/0x4f0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
</TASK>
INFO: task kworker/1:16:13613 blocked for more than 144 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:16 state:D stack:25688 pid:13613 ppid: 2 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
addrconf_dad_work+0xcc/0x1720 net/ipv6/addrconf.c:4096
process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
kthread+0x3f6/0x4f0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
</TASK>
INFO: task syz-executor.0:26542 blocked for more than 144 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0 state:D stack:21016 pid:26542 ppid: 1 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
rtnl_lock net/core/rtnetlink.c:72 [inline]
rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2505
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1924
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
__sys_sendto+0x564/0x720 net/socket.c:2058
__do_sys_sendto net/socket.c:2070 [inline]
__se_sys_sendto net/socket.c:2066 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2066
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f0d03fdda9c
RSP: 002b:00007ffe249abba0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f0d04c32620 RCX: 00007f0d03fdda9c
RDX: 0000000000000040 RSI: 00007f0d04c32670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffe249abbf4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f0d04c32670 R15: 0000000000000000
</TASK>
INFO: task syz-executor.2:26548 blocked for more than 144 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2 state:D stack:21624 pid:26548 ppid: 1 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
devlink_nl_port_fill+0x2ab/0x930 net/core/devlink.c:995
devlink_nl_cmd_port_get_dumpit+0x312/0x5d0 net/core/devlink.c:1276
genl_lock_dumpit+0x69/0x90 net/netlink/genetlink.c:615
netlink_dump+0x606/0xc40 net/netlink/af_netlink.c:2279
__netlink_dump_start+0x52f/0x6f0 net/netlink/af_netlink.c:2384
genl_family_rcv_msg_dumpit net/netlink/genetlink.c:678 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:772 [inline]
genl_rcv_msg+0xb8f/0x14a0 net/netlink/genetlink.c:792
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2505
genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1924
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
__sys_sendto+0x564/0x720 net/socket.c:2058
__do_sys_sendto net/socket.c:2070 [inline]
__se_sys_sendto net/socket.c:2066 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2066
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f01993d4a9c
RSP: 002b:00007ffd15bb7630 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f019a029620 RCX: 00007f01993d4a9c
RDX: 0000000000000034 RSI: 00007f019a029670 RDI: 0000000000000005
RBP: 0000000000000000 R08: 00007ffd15bb7684 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005
R13: 00007ffd15bb76f8 R14: 00007f019a029670 R15: 0000000000000000
</TASK>
INFO: task syz-executor.1:26550 blocked for more than 145 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1 state:D stack:21016 pid:26550 ppid: 1 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
rtnl_lock net/core/rtnetlink.c:72 [inline]
rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2505
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1924
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
__sys_sendto+0x564/0x720 net/socket.c:2058
__do_sys_sendto net/socket.c:2070 [inline]
__se_sys_sendto net/socket.c:2066 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2066
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f9e2a1c6a9c
RSP: 002b:00007fff1d5d3eb0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f9e2ae1b620 RCX: 00007f9e2a1c6a9c
RDX: 0000000000000028 RSI: 00007f9e2ae1b670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007fff1d5d3f04 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f9e2ae1b670 R15: 0000000000000000
</TASK>
INFO: task syz-executor.3:26552 blocked for more than 145 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.3 state:D stack:20736 pid:26552 ppid: 1 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
rtnl_lock net/core/rtnetlink.c:72 [inline]
rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2505
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1924
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
__sys_sendto+0x564/0x720 net/socket.c:2058
__do_sys_sendto net/socket.c:2070 [inline]
__se_sys_sendto net/socket.c:2066 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2066
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f513fb7aa9c
RSP: 002b:00007ffd88a89ba0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f51407cf620 RCX: 00007f513fb7aa9c
RDX: 0000000000000020 RSI: 00007f51407cf670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffd88a89bf4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f51407cf670 R15: 0000000000000000
</TASK>
INFO: task syz-executor.4:26799 blocked for more than 145 seconds.
Not tainted 5.15.148-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4 state:D stack:27520 pid:26799 ppid: 26438 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5030 [inline]
__schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
schedule+0x11b/0x1f0 kernel/sched/core.c:6459
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
__mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
__tun_chr_ioctl+0x460/0x2270 drivers/net/tun.c:3046
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f51d0092da9
RSP: 002b:00007f51ce6130c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f51d01c0f80 RCX: 00007f51d0092da9
RDX: 0000000020000000 RSI: 00000000400454ca RDI: 0000000000000003
RBP: 00007f51d00df47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f51d01c0f80 R15: 00007ffc33e46da8
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/27:
#0: ffffffff8c91f220 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
1 lock held by dhcpcd/3176:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: __netlink_dump_start+0x12e/0x6f0 net/netlink/af_netlink.c:2348
2 locks held by getty/3265:
#0: ffff88802466c098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252
#1: ffffc90002bab2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 drivers/tty/n_tty.c:2158
2 locks held by kworker/u4:5/3615:
#0: ffff8880b9b39718 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 kernel/sched/core.c:475
#1: ffff8880b9b27848 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x53d/0x810 kernel/sched/psi.c:891
5 locks held by kworker/u4:1/6802:
#0: ffff888011dcd138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
#1: ffffc90003c9fd20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
#2: ffffffff8d9cead0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60 net/core/net_namespace.c:558
#3: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock_unregistering net/core/dev.c:11576 [inline]
#3: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0x1ac/0x3f0 net/core/dev.c:11614
#4: ffffffff8c9236f0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x9c/0x4e0 kernel/rcu/tree.c:4039
3 locks held by kworker/0:20/12597:
#0: ffff888023942938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
#1: ffffc90003337d20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
#2: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x1720 net/ipv6/addrconf.c:4096
3 locks held by kworker/0:21/12607:
#0: ffff888011c70d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
#1: ffffc90003467d20 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
#2: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:74
3 locks held by kworker/0:22/12609:
#0: ffff888011c70d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
#1: ffffc90002ed7d20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
#2: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 net/core/link_watch.c:251
3 locks held by kworker/1:7/12857:
#0: ffff888011c71d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
#1: ffffc9000456fd20 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
#2: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x7f/0xb70 net/wireless/reg.c:2436
3 locks held by kworker/1:16/13613:
#0: ffff888023942938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
#1: ffffc90004637d20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
#2: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xcc/0x1720 net/ipv6/addrconf.c:4096
1 lock held by syz-executor.0/26542:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
6 locks held by syz-executor.2/26548:
#0: ffffffff8da39f50 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 net/netlink/genetlink.c:802
#1: ffff88809d543690 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}, at: netlink_dump+0xd0/0xc40 net/netlink/af_netlink.c:2227
#2: ffffffff8da39e08 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline]
#2: ffffffff8da39e08 (genl_mutex){+.+.}-{3:3}, at: genl_lock_dumpit+0x47/0x90 net/netlink/genetlink.c:614
#3: ffffffff8d9ffca8 (devlink_mutex){+.+.}-{3:3}, at: devlink_nl_cmd_port_get_dumpit+0xb5/0x5d0 net/core/devlink.c:1262
#4: ffff88808e61f250 (&devlink->lock){+.+.}-{3:3}, at: devlink_nl_cmd_port_get_dumpit+0x200/0x5d0 net/core/devlink.c:1270
#5: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: devlink_nl_port_fill+0x2ab/0x930 net/core/devlink.c:995
1 lock held by syz-executor.1/26550:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.3/26552:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.4/26799:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x460/0x2270 drivers/net/tun.c:3046
1 lock held by syz-executor.4/26801:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.0/26806:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.1/26813:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.3/26815:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.2/26817:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.4/26820:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.0/26824:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.3/26830:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.2/26834:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
1 lock held by syz-executor.1/26835:
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9da688 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5627
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
nmi_cpu_backtrace+0x46a/0x4a0 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x181/0x2a0 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
watchdog+0xe72/0xeb0 kernel/hung_task.c:295
kthread+0x3f6/0x4f0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 3503 Comm: syz-fuzzer Not tainted 5.15.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
RIP: 0033:0x422683
Code: 4c 8b 44 24 20 48 89 c1 48 8b 44 24 60 48 85 c9 0f 84 e6 00 00 00 48 89 c3 48 89 c8 e8 e6 05 00 00 48 8b 5c 24 60 48 8b 4b 18 <48> 81 f9 d0 07 00 00 0f 8c ac 00 00 00 90 48 8d 35 c8 86 e0 01 f0
RSP: 002b:000000c000a83f18 EFLAGS: 00000202
RAX: 0000000000000028 RBX: 000000c000043240 RCX: 0000000000000798
RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000006
RBP: 000000c000a83f68 R08: 0000000000000028 R09: 0000000000000000
R10: 0000000000000080 R11: 0000000000000020 R12: 0000000000000008
R13: 00000000013504e0 R14: 000000c000431d40 R15: 0000000000000003
FS: 000000c000c70490 GS: 0000000000000000
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages