Re: INFO: task hung in addrconf_verify_work (2)
On Sun, Oct 13, 2019 at 10:37 PM Eric Dumazet wrote: > Infinite loop because tcf_add_notify() returns -EAGAIN as the message can not > be delivered to the socket, > since its SO_RCVBUF has been set to 0. Interesting corner case... > > Perhaps we need this patch ? This patch looks reasonable to me, as the -EAGAIN here is mainly (if not totally) for the locking retry logic. Thanks.
Re: INFO: task hung in addrconf_verify_work (2)
On 10/13/19 9:42 PM, syzbot wrote:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: c208bdb9 tcp: improve recv_skip_hint for tcp_zerocopy_rece..
> git tree: net-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=15b6133b60
> kernel config: https://syzkaller.appspot.com/x/.config?x=d9be300620399522
> dashboard link: https://syzkaller.appspot.com/bug?extid=cf0adbb9c28c8866c788
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1548666f60
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11957d3b60
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+cf0adbb9c28c8866c...@syzkaller.appspotmail.com
>
> INFO: task kworker/0:2:2913 blocked for more than 143 seconds.
> Not tainted 5.4.0-rc1+ #0
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> kworker/0:2 D27000 2913 2 0x80004000
> Workqueue: ipv6_addrconf addrconf_verify_work
> Call Trace:
> context_switch kernel/sched/core.c:3384 [inline]
> __schedule+0x94f/0x1e70 kernel/sched/core.c:4069
> schedule+0xd9/0x260 kernel/sched/core.c:4136
> schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4195
> __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
> __mutex_lock+0x7b0/0x13c0 kernel/locking/mutex.c:1103
> mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
> rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
> addrconf_verify_work+0xe/0x20 net/ipv6/addrconf.c:4520
> process_one_work+0x9af/0x1740 kernel/workqueue.c:2269
> worker_thread+0x98/0xe40 kernel/workqueue.c:2415
> kthread+0x361/0x430 kernel/kthread.c:255
> ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
>
> Showing all locks held in the system:
> 1 lock held by khungtaskd/1054:
> #0: 88faae40 (rcu_read_lock){}, at:
> debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:5337
> 3 locks held by kworker/0:2/2913:
> #0: 888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at:
> __write_once_size include/linux/compiler.h:226 [inline]
> #0: 888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at:
> arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
> #0: 888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at: atomic64_set
> include/asm-generic/atomic-instrumented.h:855 [inline]
> #0: 888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at:
> atomic_long_set include/asm-generic/atomic-long.h:40 [inline]
> #0: 888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at: set_work_data
> kernel/workqueue.c:620 [inline]
> #0: 888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at:
> set_work_pool_and_clear_pending kernel/workqueue.c:647 [inline]
> #0: 888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at:
> process_one_work+0x88b/0x1740 kernel/workqueue.c:2240
> #1: 8880a05b7dc0 ((addr_chk_work).work){+.+.}, at:
> process_one_work+0x8c1/0x1740 kernel/workqueue.c:2244
> #2: 89993b20 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20
> net/core/rtnetlink.c:72
> 1 lock held by rsyslogd/8744:
> #0: 8880899fa120 (>f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110
> fs/file.c:801
> 2 locks held by getty/8833:
> #0: 888090baedd0 (>ldisc_sem){}, at: ldsem_down_read+0x33/0x40
> drivers/tty/tty_ldsem.c:340
> #1: c90005f292e0 (>atomic_read_lock){+.+.}, at:
> n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
> 2 locks held by getty/8834:
> #0: 88808d0f6dd0 (>ldisc_sem){}, at: ldsem_down_read+0x33/0x40
> drivers/tty/tty_ldsem.c:340
> #1: c90005f392e0 (>atomic_read_lock){+.+.}, at:
> n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
> 2 locks held by getty/8835:
> #0: 888090148e10 (>ldisc_sem){}, at: ldsem_down_read+0x33/0x40
> drivers/tty/tty_ldsem.c:340
> #1: c90005f252e0 (>atomic_read_lock){+.+.}, at:
> n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
> 2 locks held by getty/8836:
> #0: 8880a7ab3750 (>ldisc_sem){}, at: ldsem_down_read+0x33/0x40
> drivers/tty/tty_ldsem.c:340
> #1: c90005f412e0 (>atomic_read_lock){+.+.}, at:
> n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
> 2 locks held by getty/8837:
> #0: 8880a7accf10 (>ldisc_sem){}, at: ldsem_down_read+0x33/0x40
> drivers/tty/tty_ldsem.c:340
> #1: c90005f3d2e0 (>atomic_read_lock){+.+.}, at:
> n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
> 2 locks held by getty/8838:
> #0: 88808d0f7650 (>ldisc_sem){}, at: ldsem_down_read+0x33/0x40
> drivers/tty/tty_ldsem.c:340
> #1: c90005f352e0 (>atomic_read_lock){+.+.}, at:
> n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
> 2 locks held by getty/8839:
> #0: 88808d162bd0 (>ldisc_sem){}, at: ldsem_down_read+0x33/0x40
> drivers/tty/tty_ldsem.c:340
> #1: c90005f112e0 (>atomic_read_lock){+.+.}, at:
> n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
> 1 lock held by syz-executor910/8859:
>
>
INFO: task hung in addrconf_verify_work (2)
Hello,
syzbot found the following crash on:
HEAD commit:c208bdb9 tcp: improve recv_skip_hint for tcp_zerocopy_rece..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=15b6133b60
kernel config: https://syzkaller.appspot.com/x/.config?x=d9be300620399522
dashboard link: https://syzkaller.appspot.com/bug?extid=cf0adbb9c28c8866c788
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1548666f60
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11957d3b60
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cf0adbb9c28c8866c...@syzkaller.appspotmail.com
INFO: task kworker/0:2:2913 blocked for more than 143 seconds.
Not tainted 5.4.0-rc1+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:2 D27000 2913 2 0x80004000
Workqueue: ipv6_addrconf addrconf_verify_work
Call Trace:
context_switch kernel/sched/core.c:3384 [inline]
__schedule+0x94f/0x1e70 kernel/sched/core.c:4069
schedule+0xd9/0x260 kernel/sched/core.c:4136
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4195
__mutex_lock_common kernel/locking/mutex.c:1033 [inline]
__mutex_lock+0x7b0/0x13c0 kernel/locking/mutex.c:1103
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
addrconf_verify_work+0xe/0x20 net/ipv6/addrconf.c:4520
process_one_work+0x9af/0x1740 kernel/workqueue.c:2269
worker_thread+0x98/0xe40 kernel/workqueue.c:2415
kthread+0x361/0x430 kernel/kthread.c:255
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Showing all locks held in the system:
1 lock held by khungtaskd/1054:
#0: 88faae40 (rcu_read_lock){}, at:
debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:5337
3 locks held by kworker/0:2/2913:
#0: 888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at:
__write_once_size include/linux/compiler.h:226 [inline]
#0: 888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at:
atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline]
#0: 888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at:
atomic_long_set include/asm-generic/atomic-long.h:40 [inline]
#0: 888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at:
set_work_data kernel/workqueue.c:620 [inline]
#0: 888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:647 [inline]
#0: 888216019428 ((wq_completion)ipv6_addrconf){+.+.}, at:
process_one_work+0x88b/0x1740 kernel/workqueue.c:2240
#1: 8880a05b7dc0 ((addr_chk_work).work){+.+.}, at:
process_one_work+0x8c1/0x1740 kernel/workqueue.c:2244
#2: 89993b20 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20
net/core/rtnetlink.c:72
1 lock held by rsyslogd/8744:
#0: 8880899fa120 (>f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110
fs/file.c:801
2 locks held by getty/8833:
#0: 888090baedd0 (>ldisc_sem){}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
#1: c90005f292e0 (>atomic_read_lock){+.+.}, at:
n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/8834:
#0: 88808d0f6dd0 (>ldisc_sem){}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
#1: c90005f392e0 (>atomic_read_lock){+.+.}, at:
n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/8835:
#0: 888090148e10 (>ldisc_sem){}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
#1: c90005f252e0 (>atomic_read_lock){+.+.}, at:
n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/8836:
#0: 8880a7ab3750 (>ldisc_sem){}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
#1: c90005f412e0 (>atomic_read_lock){+.+.}, at:
n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/8837:
#0: 8880a7accf10 (>ldisc_sem){}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
#1: c90005f3d2e0 (>atomic_read_lock){+.+.}, at:
n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/8838:
#0: 88808d0f7650 (>ldisc_sem){}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
#1: c90005f352e0 (>atomic_read_lock){+.+.}, at:
n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
2 locks held by getty/8839:
#0: 88808d162bd0 (>ldisc_sem){}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
#1: c90005f112e0 (>atomic_read_lock){+.+.}, at:
n_tty_read+0x232/0x1c10 drivers/tty/n_tty.c:2156
1 lock held by syz-executor910/8859:
=
NMI backtrace for cpu 0
CPU: 0 PID: 1054 Comm: khungtaskd Not tainted 5.4.0-rc1+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google
