Re: [syzbot] [net?] INFO: task hung in new_device_store (5)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+05f9cecd28e356241aba@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, penguin-kernel@i-love.sakura.ne.jp,
	 syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [net?] INFO: task hung in new_device_store (5)
Date: Sun, 28 Dec 2025 23:02:01 -0800	[thread overview]
Message-ID: <69522769.a70a0220.c527.001b.GAE@google.com> (raw)
In-Reply-To: <380a0d7a-391e-4c9f-9211-f61d763f28de@I-love.SAKURA.ne.jp>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in rtnl_lock

INFO: task kworker/u8:5:363 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:5    state:D stack:0     pid:363   tgid:363   ppid:2      task_flags:0x4208060 flags:0x00000010
Workqueue: events_power_efficient crda_timeout_work
Call trace:
 __switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1250/0x2a7c kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0xb4/0x230 kernel/sched/core.c:6960
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
 __mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
 __mutex_lock kernel/locking/mutex.c:776 [inline]
 mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828
 rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
 crda_timeout_work+0x20/0x94 net/wireless/reg.c:541
 process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x958/0xed8 kernel/workqueue.c:3421
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
INFO: task kworker/u8:19:5598 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:19   state:D stack:0     pid:5598  tgid:5598  ppid:2      task_flags:0x4208060 flags:0x00000010
Workqueue: ipv6_addrconf addrconf_dad_work
Call trace:
 __switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1250/0x2a7c kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0xb4/0x230 kernel/sched/core.c:6960
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
 __mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
 __mutex_lock kernel/locking/mutex.c:776 [inline]
 mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828
 rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 addrconf_dad_work+0x100/0x10cc net/ipv6/addrconf.c:4194
 process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x958/0xed8 kernel/workqueue.c:3421
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
INFO: task syz-executor:7102 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:0     pid:7102  tgid:7102  ppid:7101   task_flags:0x400140 flags:0x00000010
Call trace:
 __switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1250/0x2a7c kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0xb4/0x230 kernel/sched/core.c:6960
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
 __mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
 __mutex_lock kernel/locking/mutex.c:776 [inline]
 mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828
 rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
 wiphy_register+0x172c/0x2460 net/wireless/core.c:1033
 ieee80211_register_hw+0x283c/0x337c net/mac80211/main.c:1590
 mac80211_hwsim_new_radio+0x257c/0x4434 drivers/net/wireless/virtual/mac80211_hwsim.c:5810
 hwsim_new_radio_nl+0xa68/0x1644 drivers/net/wireless/virtual/mac80211_hwsim.c:6504
 genl_family_rcv_msg_doit+0x1d8/0x2bc net/netlink/genetlink.c:1115
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0x450/0x624 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2550
 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 __sys_sendto+0x36c/0x4f4 net/socket.c:2206
 __do_sys_sendto net/socket.c:2213 [inline]
 __se_sys_sendto net/socket.c:2209 [inline]
 __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2209
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
INFO: task syz-executor:7105 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:0     pid:7105  tgid:7105  ppid:7097   task_flags:0x400140 flags:0x00000000
Call trace:
 __switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1250/0x2a7c kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0xb4/0x230 kernel/sched/core.c:6960
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
 __mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
 __mutex_lock kernel/locking/mutex.c:776 [inline]
 mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828
 rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
 nl80211_pre_doit+0x70/0x760 net/wireless/nl80211.c:17932
 genl_family_rcv_msg_doit+0x18c/0x2bc net/netlink/genetlink.c:1110
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0x450/0x624 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2550
 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 __sys_sendto+0x36c/0x4f4 net/socket.c:2206
 __do_sys_sendto net/socket.c:2213 [inline]
 __se_sys_sendto net/socket.c:2209 [inline]
 __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2209
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
INFO: task kworker/1:8:7515 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:8     state:D stack:0     pid:7515  tgid:7515  ppid:2      task_flags:0x4208060 flags:0x00000010
Workqueue: events reg_todo
Call trace:
 __switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1250/0x2a7c kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0xb4/0x230 kernel/sched/core.c:6960
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
 __mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
 __mutex_lock kernel/locking/mutex.c:776 [inline]
 mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828
 class_wiphy_constructor include/net/cfg80211.h:6363 [inline]
 reg_process_self_managed_hints+0x98/0x1dc net/wireless/reg.c:3179
 reg_todo+0x81c/0x98c net/wireless/reg.c:3192
 process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x958/0xed8 kernel/workqueue.c:3421
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844

Showing all locks held in the system:
3 locks held by kworker/u8:0/12:
1 lock held by khungtaskd/32:
 #0: ffff80008fa5b520 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 include/linux/rcupdate.h:330
3 locks held by kworker/u8:2/41:
3 locks held by kworker/u8:3/42:
 #0: ffff0000c0032148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231
 #1: ffff800097ff7be0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231
 #2: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
4 locks held by pr/ttyAMA-1/43:
4 locks held by kworker/u8:4/149:
3 locks held by kworker/u8:5/363:
 #0: ffff0000c0032148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231
 #1: ffff80009ca77be0 ((crda_timeout).work){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231
 #2: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
3 locks held by kworker/u8:6/525:
3 locks held by kworker/u8:8/2097:
3 locks held by kworker/u8:10/3199:
2 locks held by kworker/u8:14/4544:
3 locks held by kworker/u8:15/4865:
3 locks held by kworker/u8:16/5181:
3 locks held by kworker/u8:17/5476:
3 locks held by kworker/u8:18/5563:
3 locks held by kworker/u8:19/5598:
 #0: ffff0000d5ed3948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231
 #1: ffff80009c2b7be0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231
 #2: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
3 locks held by kworker/u8:20/5802:
3 locks held by kworker/u8:21/6142:
1 lock held by klogd/6200:
2 locks held by udevd/6211:
2 locks held by crond/6341:
2 locks held by getty/6353:
 #0: ffff0000d62830a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
 #1: ffff800099f1e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x34c/0xfc8 drivers/tty/n_tty.c:2211
2 locks held by kworker/1:6/6706:
2 locks held by udevd/7031:
1 lock held by syz-executor/7098:
1 lock held by syz-executor/7099:
 #0: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
1 lock held by syz-executor/7100:
 #0: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
3 locks held by syz-executor/7102:
 #0: ffff800092b49830 (cb_lock){++++}-{4:4}, at: genl_rcv+0x28/0x50 net/netlink/genetlink.c:1218
 #1: ffff800092b49648 (genl_mutex){+.+.}-{4:4}, at: genl_lock net/netlink/genetlink.c:35 [inline]
 #1: ffff800092b49648 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:60 [inline]
 #1: ffff800092b49648 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0xf4/0x624 net/netlink/genetlink.c:1209
 #2: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
2 locks held by syz-executor/7105:
 #0: ffff800092b49830 (cb_lock){++++}-{4:4}, at: genl_rcv+0x28/0x50 net/netlink/genetlink.c:1218
 #1: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
4 locks held by kworker/1:8/7515:
 #0: ffff0000c0029948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231
 #1: ffff80009ca57be0 (reg_work){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231
 #2: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
 #3: ffff0000db640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6363 [inline]
 #3: ffff0000db640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_process_self_managed_hints+0x98/0x1dc net/wireless/reg.c:3179
4 locks held by sed/7547:
1 lock held by syz-executor/7567:

=============================================



Tested on:

commit:         8f0b4cce Linux 6.19-rc1
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=139d3bb4580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8a8594efdc14f07a
dashboard link: https://syzkaller.appspot.com/bug?extid=05f9cecd28e356241aba
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
patch:          https://syzkaller.appspot.com/x/patch.diff?x=108ac12a580000

next prev parent reply	other threads:[~2025-12-29  7:02 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-26 17:58 [syzbot] [net?] INFO: task hung in new_device_store (5) syzbot
2024-09-26 20:14 ` Eric Dumazet
2024-09-27 11:04   ` Hillf Danton
2024-09-27 11:24     ` Eric Dumazet
2024-09-27 11:27       ` Eric Dumazet
2024-09-27 11:41       ` Hillf Danton
2024-09-27 11:54         ` Eric Dumazet
2024-09-28  0:06           ` Hillf Danton
2024-10-09  8:20 ` syzbot
2025-12-25 16:24 ` syzbot
2025-12-29  6:36   ` Tetsuo Handa
2025-12-29  7:02     ` syzbot [this message]
2025-12-29  9:36       ` Tetsuo Handa
2025-12-29 12:22         ` syzbot
2025-12-29 14:18           ` Tetsuo Handa
2025-12-29 15:10             ` syzbot
2025-12-30  1:29               ` Tetsuo Handa
2025-12-30  2:08                 ` syzbot
2025-12-30  3:07                   ` Tetsuo Handa
2025-12-30  3:33                     ` syzbot
2025-12-30  9:11                       ` Hillf Danton
2025-12-30  9:38                         ` syzbot
2025-12-30 13:24                       ` Tetsuo Handa
2025-12-30 14:18                         ` syzbot
2026-01-02 10:18                           ` Tetsuo Handa
2026-01-02 10:53                             ` syzbot
2026-01-03  9:59                               ` Tetsuo Handa
2026-01-03 11:24                                 ` syzbot
2026-01-03 14:07                                   ` Tetsuo Handa
2026-01-03 14:33                                     ` syzbot
2025-12-30  7:48   ` Tetsuo Handa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69522769.a70a0220.c527.001b.GAE@google.com \
    --to=syzbot+05f9cecd28e356241aba@syzkaller.appspotmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.