INFO: task hung in fib6_rules_net_exit
6 views
Skip to first unread message
syzbot
Apr 14, 2019, 5:30:25 AM4/14/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 4ba3f691 UPSTREAM: xfrm: fix ptr_ret.cocci warnings
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=11c352eb400000
kernel config: https://syzkaller.appspot.com/x/.config?x=13558268b29d9d4a
dashboard link: https://syzkaller.appspot.com/bug?extid=b60394aa23acd4b6efad
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b60394...@syzkaller.appspotmail.com
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29535
sclass=netlink_route_socket pig=16999 comm=syz-executor1
INFO: task kworker/u4:14:28354 blocked for more than 140 seconds.
Not tainted 4.9.135+ #61
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:14 D25312 28354 2 0x80000000
Workqueue: netns cleanup_net
ffff8801cf412f80 0000000000000000 ffff8801a322dd80 ffff8801da6b2f80
ffff8801db721018 ffff88019fb37958 ffffffff827fa982 0000000000000003
ffff8801cf413830 ffffed0039e82705 00ff8801cf412f80 ffff8801db7218f0
Call Trace:
[<ffffffff827fbeaf>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
[<ffffffff827fc833>] schedule_preempt_disabled+0x13/0x20
kernel/sched/core.c:3586
[<ffffffff827fe8ad>] __mutex_lock_common kernel/locking/mutex.c:582
[inline]
[<ffffffff827fe8ad>] mutex_lock_nested+0x38d/0x900
kernel/locking/mutex.c:621
[<ffffffff82334ee7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
[<ffffffff8275ca42>] fib6_rules_net_exit+0x12/0x50
net/ipv6/fib6_rules.c:318
[<ffffffff822d7a80>] ops_exit_list.isra.0+0xb0/0x160
net/core/net_namespace.c:136
[<ffffffff822da7e2>] cleanup_net+0x3f2/0x8b0 net/core/net_namespace.c:473
[<ffffffff81130d61>] process_one_work+0x831/0x1530 kernel/workqueue.c:2092
[<ffffffff81131b36>] worker_thread+0xd6/0x1140 kernel/workqueue.c:2226
[<ffffffff811428dd>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff8280addc>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Showing all locks held in the system:
2 locks held by khungtaskd/24:
#0: (rcu_read_lock){......}, at: [<ffffffff8131bb4c>]
check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff8131bb4c>]
watchdog+0x11c/0xa20 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<ffffffff813fe314>]
debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/2026:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff82808cd2>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff81d2b032>]
n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
4 locks held by kworker/u4:14/28354:
#0: ("%s""netns"){.+.+.+}, at: [<ffffffff81130c6c>]
process_one_work+0x73c/0x1530 kernel/workqueue.c:2085
#1: (net_cleanup_work){+.+.+.}, at: [<ffffffff81130ca4>]
process_one_work+0x774/0x1530 kernel/workqueue.c:2089
#2: (net_mutex){+.+.+.}, at: [<ffffffff822da52f>] cleanup_net+0x13f/0x8b0
net/core/net_namespace.c:439
#3: (rtnl_mutex){+.+.+.}, at: [<ffffffff82334ee7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor1/16999:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff8233e7fb>] rtnl_lock
net/core/rtnetlink.c:70 [inline]
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff8233e7fb>]
rtnetlink_rcv+0x1b/0x40 net/core/rtnetlink.c:4073
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.135+ #61
ffff8801d9907d08 ffffffff81b36bf9 0000000000000000 0000000000000000
0000000000000000 0000000000000001 ffffffff81098330 ffff8801d9907d40
ffffffff81b41d09 0000000000000000 0000000000000000 0000000000000003
Call Trace:
[<ffffffff81b36bf9>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81b36bf9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81b41d09>] nmi_cpu_backtrace.cold.0+0x48/0x87
lib/nmi_backtrace.c:99
[<ffffffff81b41c9c>] nmi_trigger_cpumask_backtrace+0x12c/0x151
lib/nmi_backtrace.c:60
[<ffffffff81098434>] arch_trigger_cpumask_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:37
[<ffffffff8131c0dd>] trigger_all_cpu_backtrace include/linux/nmi.h:58
[inline]
[<ffffffff8131c0dd>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff8131c0dd>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff8131c0dd>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
[<ffffffff811428dd>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff8280addc>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 16973 Comm: syz-executor4 Not tainted 4.9.135+ #61
task: ffff88019ed0c740 task.stack: ffff8801cad08000
RIP: 0010:[<ffffffff8280c260>] c [<ffffffff8280c260>]
entry_INT80_compat+0x0/0xa0 arch/x86/entry/entry_64_compat.S:289
RSP: 0000:ffff8801cad0ffd8 EFLAGS: 00000006
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000240
RBP: 000000000072c0e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 00007f59d930e6d4
R13: 00000000004c4af9 R14: 00000000004d8078 R15: 00000000ffffffff
FS: 00007f59d930e700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000b93000 CR3: 00000001a9e0f000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Stack:
0000000020000242 c 0000000000000033 c 0000000000000206 c 00007f59d930dc58 c
000000000000002b c
Call Trace:
Code: c4d c31 cd2 ceb c1a c0f c20 cd8 c65 c48 c0b c04 c25 c48
c80 c01 c00 c78 c08 c65 c88 c04 c25 c4f c80 c01 c00 c0f c22
cd8 c58 c48 c8b c64 c24 c20 c0f c01 cf8 c0f c07 c66 c90
c<66> c0f c1f c44 c00 c00 c0f c01 cf8 c0f c1f c00 ceb c21
c90 c90 c90 c90 c90 c90 c90 c
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 4ba3f691 UPSTREAM: xfrm: fix ptr_ret.cocci warnings
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=11c352eb400000
kernel config: https://syzkaller.appspot.com/x/.config?x=13558268b29d9d4a
dashboard link: https://syzkaller.appspot.com/bug?extid=b60394aa23acd4b6efad
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b60394...@syzkaller.appspotmail.com
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29535
sclass=netlink_route_socket pig=16999 comm=syz-executor1
INFO: task kworker/u4:14:28354 blocked for more than 140 seconds.
Not tainted 4.9.135+ #61
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:14 D25312 28354 2 0x80000000
Workqueue: netns cleanup_net
ffff8801cf412f80 0000000000000000 ffff8801a322dd80 ffff8801da6b2f80
ffff8801db721018 ffff88019fb37958 ffffffff827fa982 0000000000000003
ffff8801cf413830 ffffed0039e82705 00ff8801cf412f80 ffff8801db7218f0
Call Trace:
[<ffffffff827fbeaf>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
[<ffffffff827fc833>] schedule_preempt_disabled+0x13/0x20
kernel/sched/core.c:3586
[<ffffffff827fe8ad>] __mutex_lock_common kernel/locking/mutex.c:582
[inline]
[<ffffffff827fe8ad>] mutex_lock_nested+0x38d/0x900
kernel/locking/mutex.c:621
[<ffffffff82334ee7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
[<ffffffff8275ca42>] fib6_rules_net_exit+0x12/0x50
net/ipv6/fib6_rules.c:318
[<ffffffff822d7a80>] ops_exit_list.isra.0+0xb0/0x160
net/core/net_namespace.c:136
[<ffffffff822da7e2>] cleanup_net+0x3f2/0x8b0 net/core/net_namespace.c:473
[<ffffffff81130d61>] process_one_work+0x831/0x1530 kernel/workqueue.c:2092
[<ffffffff81131b36>] worker_thread+0xd6/0x1140 kernel/workqueue.c:2226
[<ffffffff811428dd>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff8280addc>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Showing all locks held in the system:
2 locks held by khungtaskd/24:
#0: (rcu_read_lock){......}, at: [<ffffffff8131bb4c>]
check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff8131bb4c>]
watchdog+0x11c/0xa20 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<ffffffff813fe314>]
debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/2026:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff82808cd2>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff81d2b032>]
n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
4 locks held by kworker/u4:14/28354:
#0: ("%s""netns"){.+.+.+}, at: [<ffffffff81130c6c>]
process_one_work+0x73c/0x1530 kernel/workqueue.c:2085
#1: (net_cleanup_work){+.+.+.}, at: [<ffffffff81130ca4>]
process_one_work+0x774/0x1530 kernel/workqueue.c:2089
#2: (net_mutex){+.+.+.}, at: [<ffffffff822da52f>] cleanup_net+0x13f/0x8b0
net/core/net_namespace.c:439
#3: (rtnl_mutex){+.+.+.}, at: [<ffffffff82334ee7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor1/16999:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff8233e7fb>] rtnl_lock
net/core/rtnetlink.c:70 [inline]
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff8233e7fb>]
rtnetlink_rcv+0x1b/0x40 net/core/rtnetlink.c:4073
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.135+ #61
ffff8801d9907d08 ffffffff81b36bf9 0000000000000000 0000000000000000
0000000000000000 0000000000000001 ffffffff81098330 ffff8801d9907d40
ffffffff81b41d09 0000000000000000 0000000000000000 0000000000000003
Call Trace:
[<ffffffff81b36bf9>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81b36bf9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81b41d09>] nmi_cpu_backtrace.cold.0+0x48/0x87
lib/nmi_backtrace.c:99
[<ffffffff81b41c9c>] nmi_trigger_cpumask_backtrace+0x12c/0x151
lib/nmi_backtrace.c:60
[<ffffffff81098434>] arch_trigger_cpumask_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:37
[<ffffffff8131c0dd>] trigger_all_cpu_backtrace include/linux/nmi.h:58
[inline]
[<ffffffff8131c0dd>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff8131c0dd>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff8131c0dd>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
[<ffffffff811428dd>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff8280addc>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 16973 Comm: syz-executor4 Not tainted 4.9.135+ #61
task: ffff88019ed0c740 task.stack: ffff8801cad08000
RIP: 0010:[<ffffffff8280c260>] c [<ffffffff8280c260>]
entry_INT80_compat+0x0/0xa0 arch/x86/entry/entry_64_compat.S:289
RSP: 0000:ffff8801cad0ffd8 EFLAGS: 00000006
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000240
RBP: 000000000072c0e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 00007f59d930e6d4
R13: 00000000004c4af9 R14: 00000000004d8078 R15: 00000000ffffffff
FS: 00007f59d930e700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000b93000 CR3: 00000001a9e0f000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Stack:
0000000020000242 c 0000000000000033 c 0000000000000206 c 00007f59d930dc58 c
000000000000002b c
Call Trace:
Code: c4d c31 cd2 ceb c1a c0f c20 cd8 c65 c48 c0b c04 c25 c48
c80 c01 c00 c78 c08 c65 c88 c04 c25 c4f c80 c01 c00 c0f c22
cd8 c58 c48 c8b c64 c24 c20 c0f c01 cf8 c0f c07 c66 c90
c<66> c0f c1f c44 c00 c00 c0f c01 cf8 c0f c1f c00 ceb c21
c90 c90 c90 c90 c90 c90 c90 c
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 28, 2019, 5:31:04 AM4/28/19
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages