syzbot

 sign-in | mailing list | source | docs
🐞 Open [1465]
Subsystems
🐞 Fixed [6819]
🐞 Invalid [17668]
Missing Backports [226]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

INFO: task hung in inet6_rtm_newaddr (2)

Status: upstream: reported C repro on 2025/05/06 14:06
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+101224300649c3eb8af4@syzkaller.appspotmail.com
First crash: 240d, last: 2d00h
Cause bisection: failed (error log, bisect log)
  
Fix bisection: the issue occurs on the latest tested release (bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [net?] INFO: task hung in inet6_rtm_newaddr (2) 0 (2) 2025/08/28 13:39
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in inet6_rtm_newaddr net 1 syz 5 305d 321d 0/29 closed as invalid on 2025/05/01 14:54
Last patch testing requests (8)
Created Duration User Patch Repo Result
2025/12/16 04:51 18m retest repro upstream report log
2025/12/09 16:07 19m retest repro upstream report log
2025/11/22 12:03 18m retest repro upstream report log
2025/10/07 04:30 18m retest repro upstream report log
2025/09/13 11:36 24m retest repro upstream report log
2025/09/13 11:33 18m retest repro upstream report log
2025/07/29 03:18 17m retest repro upstream report log
2025/05/20 02:58 17m retest repro upstream report log

Sample crash report:
INFO: task dhcpcd:5024 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:dhcpcd          state:D stack:20344 pid:5024  tgid:5024  ppid:5023   task_flags:0x400140 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x149b/0x4fd0 kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6960
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7017
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0x7e6/0x1350 kernel/locking/mutex.c:776
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 inet6_rtm_newaddr+0x5b7/0xd20 net/ipv6/addrconf.c:5027
 rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6958
 netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2550
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x82f/0x9e0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x21c/0x270 net/socket.c:742
 ____sys_sendmsg+0x505/0x820 net/socket.c:2592
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2646
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2683 [inline]
 __se_sys_sendmsg net/socket.c:2681 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2681
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7736d03407
RSP: 002b:00007ffc54731870 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f7736c79740 RCX: 00007f7736d03407
RDX: 0000000000000000 RSI: 00007ffc54745a50 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffc54755c80
R13: 00007f7736c796c8 R14: 0000000000000048 R15: 00007ffc54745a50
 </TASK>

Showing all locks held in the system:
4 locks held by kworker/0:1/10:
 #0: ffff88801a4c6548 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88801a4c6548 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
 #1: ffffc900001c7bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc900001c7bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
 #2: ffffffff8f313d48 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0xa1/0xf00 net/wireless/reg.c:2453
 #3: ffff888011210788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6363 [inline]
 #3: ffff888011210788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_leave_invalid_chans net/wireless/reg.c:2441 [inline]
 #3: ffff888011210788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x156/0xf00 net/wireless/reg.c:2456
3 locks held by kworker/u4:2/25:
1 lock held by khungtaskd/27:
 #0: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #0: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
2 locks held by kworker/u4:3/43:
4 locks held by kworker/u4:9/1090:
 #0: ffff88801b6f0948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88801b6f0948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
 #1: ffffc900032d7bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc900032d7bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
 #2: ffffffff8f306cb0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x7a0 net/core/net_namespace.c:670
 #3: ffffffff8f313d48 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x200 drivers/net/wireguard/device.c:419
4 locks held by kworker/u4:12/1813:
4 locks held by kworker/u4:13/2622:
3 locks held by kworker/u4:15/2976:
3 locks held by kworker/u4:19/3496:
3 locks held by kworker/u4:24/4477:
 #0: ffff8880406da948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff8880406da948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
 #1: ffffc9002053fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc9002053fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
 #2: ffffffff8f313d48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff8f313d48 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x112/0x14b0 net/ipv6/addrconf.c:4194
1 lock held by dhcpcd/5024:
 #0: ffffffff8f313d48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8f313d48 (rtnl_mutex){+.+.}-{4:4}, at: inet6_rtm_newaddr+0x5b7/0xd20 net/ipv6/addrconf.c:5027
2 locks held by getty/5118:
 #0: ffff8880441b40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000104e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x449/0x1460 drivers/tty/n_tty.c:2211
3 locks held by syz-execprog/5359:
3 locks held by kworker/0:9/5539:
4 locks held by kworker/0:11/5546:
 #0: ffff88801b373d48 ((wq_completion)wg-kex-wg2#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88801b373d48 ((wq_completion)wg-kex-wg2#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
 #1: ffffc90002a57bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc90002a57bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
 #2: ffff888036d21308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_response+0x1c7/0xab0 drivers/net/wireguard/noise.c:742
 #3: ffff88801fc3a918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:639
1 lock held by syz-executor/5571:
 #0: ffffffff8f313d48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8f313d48 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/5580:
 #0: ffffffff8f313d48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8f313d48 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/5586:
 #0: ffffffff8f313d48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8f313d48 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xf95/0xfe0 kernel/hung_task.c:515
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/30 08:51 upstream 8640b74557fc d1b870e1 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root INFO: task hung in inet6_rtm_newaddr
2025/08/28 13:39 upstream 07d9df80082b bee60a83 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root INFO: task hung in inet6_rtm_newaddr
2025/08/30 11:07 upstream fb679c832b64 807a3b61 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root INFO: task hung in inet6_rtm_newaddr
2025/12/21 06:11 upstream d8ba32c5a460 d1b870e1 .config console log report syz / log [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root INFO: task hung in inet6_rtm_newaddr
2025/11/25 16:00 upstream ac3fd01e4c1e bf6fe8fe .config console log report syz / log [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root INFO: task hung in inet6_rtm_newaddr
2025/05/06 02:28 upstream 01f95500a162 ae98e6b9 .config console log report syz / log [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root INFO: task hung in inet6_rtm_newaddr
2025/12/18 10:32 upstream ea1013c15392 d1b870e1 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto INFO: task hung in inet6_rtm_newaddr
2025/09/15 11:59 upstream f83ec76bf285 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root INFO: task hung in inet6_rtm_newaddr
2025/08/19 12:42 upstream be48bcf004f9 523f460e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root INFO: task hung in inet6_rtm_newaddr
2025/08/26 07:26 net-next 992e9f53a0db bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce INFO: task hung in inet6_rtm_newaddr
* Struck through repros no longer work on HEAD.