INFO: task hung in do_ip_vs_set_ctl (2)
8 views
Skip to first unread message
syzbot
Apr 14, 2019, 4:51:25 AM4/14/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 8683408f Merge 4.9.94 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=10ebc2c7800000
kernel config: https://syzkaller.appspot.com/x/.config?x=d5173c3321ce4a3d
dashboard link: https://syzkaller.appspot.com/bug?extid=68e0cca85a9ff1a6a8a9
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12218f27800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12dd0b87800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+68e0cc...@syzkaller.appspotmail.com
IPVS: stopping backup sync thread 3879 ...
random: crng init done
INFO: task syzkaller584331:3857 blocked for more than 120 seconds.
Not tainted 4.9.94-g8683408 #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syzkaller584331 D29416 3857 3856 0x00000000
ffff8801d79a8000 0000000000000000 ffff8801d85724c0 ffff8801d7a4c800
ffff8801db221b98 ffff8801d79ef968 ffffffff838c040d ffff8801d79a88c8
ffffed003af35118 ffff8801d79a8000 00fffc0000000000 ffff8801db222468
Call Trace:
[<ffffffff838c1a0f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3557
[<ffffffff838c2393>] schedule_preempt_disabled+0x13/0x20
kernel/sched/core.c:3590
[<ffffffff838c6816>] __mutex_lock_common kernel/locking/mutex.c:582
[inline]
[<ffffffff838c6816>] mutex_lock_nested+0x326/0x870
kernel/locking/mutex.c:621
[<ffffffff831bc2c5>] do_ip_vs_set_ctl+0x645/0xbd0
net/netfilter/ipvs/ip_vs_ctl.c:2402
[<ffffffff830b7d1d>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
[<ffffffff830b7d1d>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114
[<ffffffff8322191a>] ip_setsockopt+0x9a/0xb0 net/ipv4/ip_sockglue.c:1249
[<ffffffff832417b8>] tcp_setsockopt+0x88/0xe0 net/ipv4/tcp.c:2755
[<ffffffff82ef675a>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706
[<ffffffff82ef3516>] SYSC_setsockopt net/socket.c:1772 [inline]
[<ffffffff82ef3516>] SyS_setsockopt+0x166/0x260 net/socket.c:1751
[<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
[<ffffffff838d1313>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Showing all locks held in the system:
3 locks held by kworker/1:1/24:
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118ad0e>] work_static
include/linux/workqueue.h:186 [inline]
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118ad0e>]
set_work_data kernel/workqueue.c:617 [inline]
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118ad0e>]
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118ad0e>]
process_one_work+0x6ee/0x1500 kernel/workqueue.c:2085
#1: ((addr_chk_work).work){+.+...}, at: [<ffffffff8118ad48>]
process_one_work+0x728/0x1500 kernel/workqueue.c:2089
#2: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f8e6a7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
2 locks held by khungtaskd/515:
#0: (rcu_read_lock){......}, at: [<ffffffff813646bc>]
check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff813646bc>]
watchdog+0x11c/0xa20 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<ffffffff81423bb0>]
debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/3744:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff838cf4b2>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff82007082>]
n_tty_read+0x202/0x16b0 drivers/tty/n_tty.c:2133
1 lock held by syzkaller584331/3857:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc2c5>]
do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
1 lock held by syzkaller584331/3858:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc2c5>]
do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
1 lock held by syzkaller584331/3859:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc2c5>]
do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
1 lock held by syzkaller584331/3860:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc2c5>]
do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
1 lock held by syzkaller584331/3861:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc2c5>]
do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
1 lock held by syzkaller584331/3862:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc2c5>]
do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
1 lock held by syzkaller584331/3863:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc2c5>]
do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
2 locks held by syzkaller584331/3864:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f8e6a7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
#1: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc58d>]
do_ip_vs_set_ctl+0x90d/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2397
1 lock held by ipvs-b:0:0/3879:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f8e6a7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 515 Comm: khungtaskd Not tainted 4.9.94-g8683408 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801d8677d08 ffffffff81d9b509 0000000000000000 0000000000000000
0000000000000000 0000000000000001 ffffffff810b7d60 ffff8801d8677d40
ffffffff81da6837 0000000000000000 0000000000000000 0000000000000002
Call Trace:
[<ffffffff81d9b509>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d9b509>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81da6837>] nmi_cpu_backtrace.cold.2+0x48/0x87
lib/nmi_backtrace.c:99
[<ffffffff81da67ca>] nmi_trigger_cpumask_backtrace+0x12a/0x14f
lib/nmi_backtrace.c:60
[<ffffffff810b7e64>] arch_trigger_cpumask_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:37
[<ffffffff81364c54>] trigger_all_cpu_backtrace include/linux/nmi.h:58
[inline]
[<ffffffff81364c54>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff81364c54>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff81364c54>] watchdog+0x6b4/0xa20 kernel/hung_task.c:239
[<ffffffff8119ad2d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff838d14dc>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at pc 0xffffffff838cff16
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 8683408f Merge 4.9.94 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=10ebc2c7800000
kernel config: https://syzkaller.appspot.com/x/.config?x=d5173c3321ce4a3d
dashboard link: https://syzkaller.appspot.com/bug?extid=68e0cca85a9ff1a6a8a9
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12218f27800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12dd0b87800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+68e0cc...@syzkaller.appspotmail.com
IPVS: stopping backup sync thread 3879 ...
random: crng init done
INFO: task syzkaller584331:3857 blocked for more than 120 seconds.
Not tainted 4.9.94-g8683408 #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syzkaller584331 D29416 3857 3856 0x00000000
ffff8801d79a8000 0000000000000000 ffff8801d85724c0 ffff8801d7a4c800
ffff8801db221b98 ffff8801d79ef968 ffffffff838c040d ffff8801d79a88c8
ffffed003af35118 ffff8801d79a8000 00fffc0000000000 ffff8801db222468
Call Trace:
[<ffffffff838c1a0f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3557
[<ffffffff838c2393>] schedule_preempt_disabled+0x13/0x20
kernel/sched/core.c:3590
[<ffffffff838c6816>] __mutex_lock_common kernel/locking/mutex.c:582
[inline]
[<ffffffff838c6816>] mutex_lock_nested+0x326/0x870
kernel/locking/mutex.c:621
[<ffffffff831bc2c5>] do_ip_vs_set_ctl+0x645/0xbd0
net/netfilter/ipvs/ip_vs_ctl.c:2402
[<ffffffff830b7d1d>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
[<ffffffff830b7d1d>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114
[<ffffffff8322191a>] ip_setsockopt+0x9a/0xb0 net/ipv4/ip_sockglue.c:1249
[<ffffffff832417b8>] tcp_setsockopt+0x88/0xe0 net/ipv4/tcp.c:2755
[<ffffffff82ef675a>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706
[<ffffffff82ef3516>] SYSC_setsockopt net/socket.c:1772 [inline]
[<ffffffff82ef3516>] SyS_setsockopt+0x166/0x260 net/socket.c:1751
[<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
[<ffffffff838d1313>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Showing all locks held in the system:
3 locks held by kworker/1:1/24:
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118ad0e>] work_static
include/linux/workqueue.h:186 [inline]
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118ad0e>]
set_work_data kernel/workqueue.c:617 [inline]
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118ad0e>]
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118ad0e>]
process_one_work+0x6ee/0x1500 kernel/workqueue.c:2085
#1: ((addr_chk_work).work){+.+...}, at: [<ffffffff8118ad48>]
process_one_work+0x728/0x1500 kernel/workqueue.c:2089
#2: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f8e6a7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
2 locks held by khungtaskd/515:
#0: (rcu_read_lock){......}, at: [<ffffffff813646bc>]
check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff813646bc>]
watchdog+0x11c/0xa20 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<ffffffff81423bb0>]
debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/3744:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff838cf4b2>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff82007082>]
n_tty_read+0x202/0x16b0 drivers/tty/n_tty.c:2133
1 lock held by syzkaller584331/3857:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc2c5>]
do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
1 lock held by syzkaller584331/3858:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc2c5>]
do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
1 lock held by syzkaller584331/3859:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc2c5>]
do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
1 lock held by syzkaller584331/3860:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc2c5>]
do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
1 lock held by syzkaller584331/3861:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc2c5>]
do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
1 lock held by syzkaller584331/3862:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc2c5>]
do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
1 lock held by syzkaller584331/3863:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc2c5>]
do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
2 locks held by syzkaller584331/3864:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f8e6a7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
#1: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831bc58d>]
do_ip_vs_set_ctl+0x90d/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2397
1 lock held by ipvs-b:0:0/3879:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f8e6a7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 515 Comm: khungtaskd Not tainted 4.9.94-g8683408 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801d8677d08 ffffffff81d9b509 0000000000000000 0000000000000000
0000000000000000 0000000000000001 ffffffff810b7d60 ffff8801d8677d40
ffffffff81da6837 0000000000000000 0000000000000000 0000000000000002
Call Trace:
[<ffffffff81d9b509>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d9b509>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81da6837>] nmi_cpu_backtrace.cold.2+0x48/0x87
lib/nmi_backtrace.c:99
[<ffffffff81da67ca>] nmi_trigger_cpumask_backtrace+0x12a/0x14f
lib/nmi_backtrace.c:60
[<ffffffff810b7e64>] arch_trigger_cpumask_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:37
[<ffffffff81364c54>] trigger_all_cpu_backtrace include/linux/nmi.h:58
[inline]
[<ffffffff81364c54>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff81364c54>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff81364c54>] watchdog+0x6b4/0xa20 kernel/hung_task.c:239
[<ffffffff8119ad2d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff838d14dc>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at pc 0xffffffff838cff16
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages