INFO: task hung (2)
7 views
Skip to first unread message
syzbot
Apr 11, 2019, 8:00:33 PM4/11/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 91549408
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=13d67aa9800000
kernel config: https://syzkaller.appspot.com/x/.config?x=4fadd453521adb
dashboard link: https://syzkaller.appspot.com/bug?extid=e8d7c6bf8d014e27fc10
compiler: gcc (GCC) 7.1.1 20170620
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=134ab319800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10638c59800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e8d7c6...@syzkaller.appspotmail.com
IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
INFO: task init:12200 blocked for more than 120 seconds.
Not tainted 4.9.76-g9154940 #20
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D27568 12200 1 0x00000000
ffff8801d8590000 ffff8801d7e8cfc0 ffff8801d84e8540 ffff8801d80ab000
ffff8801db321b98 ffff8801c5aef7c8 ffffffff8389f9fb 0000000000000000
0000000000000007
IPv6: Can't replace route, no match found
00ff8801d8590000 ffff8801db322468 ffff8801db322490
[<ffffffff838a0f9f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3550
[<ffffffff838a1923>] schedule_preempt_disabled+0x13/0x20
kernel/sched/core.c:3583
[<ffffffff838a6f32>] __mutex_lock_common kernel/locking/mutex.c:582
[inline]
[<ffffffff838a6f32>] mutex_lock_nested+0x312/0x870
kernel/locking/mutex.c:621
[<ffffffff82001707>] tty_open_by_driver drivers/tty/tty_io.c:2030 [inline]
[<ffffffff82001707>] tty_open+0x407/0xdf0 drivers/tty/tty_io.c:2108
[<ffffffff8157a9fb>] chrdev_open+0x22b/0x4c0 fs/char_dev.c:392
[<ffffffff81565aa7>] do_dentry_open+0x607/0xc60 fs/open.c:766
[<ffffffff81569555>] vfs_open+0x105/0x220 fs/open.c:879
[<ffffffff8159fcdc>] do_last fs/namei.c:3408 [inline]
[<ffffffff8159fcdc>] path_openat+0x5ac/0x2910 fs/namei.c:3531
[<ffffffff815a5837>] do_filp_open+0x197/0x290 fs/namei.c:3566
[<ffffffff8156a032>] do_sys_open+0x352/0x4c0 fs/open.c:1072
[<ffffffff8156a1cd>] SYSC_open fs/open.c:1090 [inline]
[<ffffffff8156a1cd>] SyS_open+0x2d/0x40 fs/open.c:1085
[<ffffffff838b0aa8>] entry_SYSCALL_64_fastpath+0x23/0xe2
Showing all locks held in the system:
2 locks held by khungtaskd/514:
#0: (rcu_read_lock){......}, at: [<ffffffff81371d35>]
check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff81371d35>]
watchdog+0x125/0xa70 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<ffffffff81236eb0>]
debug_show_all_locks+0x70/0x280 kernel/locking/lockdep.c:4336
1 lock held by rsyslogd/3200:
#0: (&f->f_pos_lock){+.+.+.}, at: [<ffffffff815d21af>]
__fdget_pos+0x9f/0xc0 fs/file.c:781
2 locks held by getty/3328:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff838aec72>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff82008494>]
n_tty_read+0x1f4/0x16c0 drivers/tty/n_tty.c:2133
1 lock held by init/12200:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver
drivers/tty/tty_io.c:2030 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0
drivers/tty/tty_io.c:2108
1 lock held by init/12201:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver
drivers/tty/tty_io.c:2030 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0
drivers/tty/tty_io.c:2108
1 lock held by init/12202:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver
drivers/tty/tty_io.c:2030 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0
drivers/tty/tty_io.c:2108
1 lock held by init/12204:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver
drivers/tty/tty_io.c:2030 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0
drivers/tty/tty_io.c:2108
1 lock held by init/12205:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver
drivers/tty/tty_io.c:2030 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0
drivers/tty/tty_io.c:2108
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 514 Comm: khungtaskd Not tainted 4.9.76-g9154940 #20
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801d926fd00 ffffffff81d93149 0000000000000000 0000000000000000
0000000000000000 0000000000000001 ffffffff810ba750 ffff8801d926fd38
ffffffff81d9e26d 0000000000000000 0000000000000000 ffff8801d8590418
Call Trace:
[<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81d9e26d>] nmi_cpu_backtrace+0xfd/0x120 lib/nmi_backtrace.c:99
[<ffffffff81d9e3a7>] nmi_trigger_cpumask_backtrace+0x117/0x190
lib/nmi_backtrace.c:60
[<ffffffff810ba844>] arch_trigger_cpumask_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:37
[<ffffffff81372300>] trigger_all_cpu_backtrace include/linux/nmi.h:58
[inline]
[<ffffffff81372300>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff81372300>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff81372300>] watchdog+0x6f0/0xa70 kernel/hung_task.c:239
[<ffffffff811996ad>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff838b0db6>] ret_from_fork+0x46/0x60 arch/x86/entry/entry_64.S:460
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 28011 Comm: syzkaller512129 Not tainted 4.9.76-g9154940 #20
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8801c65db000 task.stack: ffff8801c1fc8000
RIP: 0010:[<ffffffff81dc0399>] c [<ffffffff81dc0399>]
clear_page_c_e+0x9/0x10 arch/x86/lib/clear_page_64.S:54
RSP: 0018:ffff8801c1fcfc20 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 00000000071e8000 RCX: 0000000000000000
RDX: 1ffff10038cbb83d RSI: ffffffff844de0e0 RDI: ffff8801c7997000
RBP: ffff8801c1fcfc68 R08: 0000000000000000 R09: 0000000000025960
R10: ffffffffffffffe8 R11: 0000000000000000 R12: dffffc0000000000
R13: 00000000071e6580 R14: ffff880000000000 R15: ffff8801c65db000
FS: 0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:00000000089ea840
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000ffe854cc CR3: 00000001caa50000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffffffff814d4979 c ffffffff8124746d c ffffea0007613bc0 c ffffea0007613bc0 c
ffff8801c1fcfdc0 c ffffea00071e0000 c ffff8801c65673e0 c ffffea00071e0020 c
ffff8801c0d72a00 c ffff8801c1fcfcd8 c ffffffff81547ef2 c ffff8801c65db8b0 c
Call Trace:
[<ffffffff81547ef2>] __do_huge_pmd_anonymous_page mm/huge_memory.c:558
[inline]
[<ffffffff81547ef2>] do_huge_pmd_anonymous_page+0x6c2/0x10d0
mm/huge_memory.c:700
[<ffffffff814cee1b>] create_huge_pmd mm/memory.c:3403 [inline]
[<ffffffff814cee1b>] __handle_mm_fault mm/memory.c:3553 [inline]
[<ffffffff814cee1b>] handle_mm_fault+0x158b/0x2530 mm/memory.c:3614
[<ffffffff810dd632>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
[<ffffffff810dddd7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
[<ffffffff838b1dc8>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1038
Code: c89 c47 c18 c48 c89 c47 c20 c48 c89 c47 c28 c48 c89 c47
c30 c48 c89 c47 c38 c48 c8d c7f c40 c75 cd9 c90 cc3 c0f c1f
c80 c00 c00 c00 c00 cb9 c00 c10 c00 c00 c31 cc0 cf3 caa
c<c3> c90 c90 c90 c90 c90 c90 c55 c48 c89 ce5 c41 c57 c41
c56 c41 c55 c41 c54 c49 c89 c
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 91549408
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=13d67aa9800000
kernel config: https://syzkaller.appspot.com/x/.config?x=4fadd453521adb
dashboard link: https://syzkaller.appspot.com/bug?extid=e8d7c6bf8d014e27fc10
compiler: gcc (GCC) 7.1.1 20170620
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=134ab319800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10638c59800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e8d7c6...@syzkaller.appspotmail.com
IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
INFO: task init:12200 blocked for more than 120 seconds.
Not tainted 4.9.76-g9154940 #20
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D27568 12200 1 0x00000000
ffff8801d8590000 ffff8801d7e8cfc0 ffff8801d84e8540 ffff8801d80ab000
ffff8801db321b98 ffff8801c5aef7c8 ffffffff8389f9fb 0000000000000000
0000000000000007
IPv6: Can't replace route, no match found
00ff8801d8590000 ffff8801db322468 ffff8801db322490
[<ffffffff838a0f9f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3550
[<ffffffff838a1923>] schedule_preempt_disabled+0x13/0x20
kernel/sched/core.c:3583
[<ffffffff838a6f32>] __mutex_lock_common kernel/locking/mutex.c:582
[inline]
[<ffffffff838a6f32>] mutex_lock_nested+0x312/0x870
kernel/locking/mutex.c:621
[<ffffffff82001707>] tty_open_by_driver drivers/tty/tty_io.c:2030 [inline]
[<ffffffff82001707>] tty_open+0x407/0xdf0 drivers/tty/tty_io.c:2108
[<ffffffff8157a9fb>] chrdev_open+0x22b/0x4c0 fs/char_dev.c:392
[<ffffffff81565aa7>] do_dentry_open+0x607/0xc60 fs/open.c:766
[<ffffffff81569555>] vfs_open+0x105/0x220 fs/open.c:879
[<ffffffff8159fcdc>] do_last fs/namei.c:3408 [inline]
[<ffffffff8159fcdc>] path_openat+0x5ac/0x2910 fs/namei.c:3531
[<ffffffff815a5837>] do_filp_open+0x197/0x290 fs/namei.c:3566
[<ffffffff8156a032>] do_sys_open+0x352/0x4c0 fs/open.c:1072
[<ffffffff8156a1cd>] SYSC_open fs/open.c:1090 [inline]
[<ffffffff8156a1cd>] SyS_open+0x2d/0x40 fs/open.c:1085
[<ffffffff838b0aa8>] entry_SYSCALL_64_fastpath+0x23/0xe2
Showing all locks held in the system:
2 locks held by khungtaskd/514:
#0: (rcu_read_lock){......}, at: [<ffffffff81371d35>]
check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff81371d35>]
watchdog+0x125/0xa70 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<ffffffff81236eb0>]
debug_show_all_locks+0x70/0x280 kernel/locking/lockdep.c:4336
1 lock held by rsyslogd/3200:
#0: (&f->f_pos_lock){+.+.+.}, at: [<ffffffff815d21af>]
__fdget_pos+0x9f/0xc0 fs/file.c:781
2 locks held by getty/3328:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff838aec72>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff82008494>]
n_tty_read+0x1f4/0x16c0 drivers/tty/n_tty.c:2133
1 lock held by init/12200:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver
drivers/tty/tty_io.c:2030 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0
drivers/tty/tty_io.c:2108
1 lock held by init/12201:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver
drivers/tty/tty_io.c:2030 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0
drivers/tty/tty_io.c:2108
1 lock held by init/12202:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver
drivers/tty/tty_io.c:2030 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0
drivers/tty/tty_io.c:2108
1 lock held by init/12204:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver
drivers/tty/tty_io.c:2030 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0
drivers/tty/tty_io.c:2108
1 lock held by init/12205:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open_by_driver
drivers/tty/tty_io.c:2030 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff82001707>] tty_open+0x407/0xdf0
drivers/tty/tty_io.c:2108
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 514 Comm: khungtaskd Not tainted 4.9.76-g9154940 #20
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801d926fd00 ffffffff81d93149 0000000000000000 0000000000000000
0000000000000000 0000000000000001 ffffffff810ba750 ffff8801d926fd38
ffffffff81d9e26d 0000000000000000 0000000000000000 ffff8801d8590418
Call Trace:
[<ffffffff81d93149>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d93149>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81d9e26d>] nmi_cpu_backtrace+0xfd/0x120 lib/nmi_backtrace.c:99
[<ffffffff81d9e3a7>] nmi_trigger_cpumask_backtrace+0x117/0x190
lib/nmi_backtrace.c:60
[<ffffffff810ba844>] arch_trigger_cpumask_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:37
[<ffffffff81372300>] trigger_all_cpu_backtrace include/linux/nmi.h:58
[inline]
[<ffffffff81372300>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff81372300>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff81372300>] watchdog+0x6f0/0xa70 kernel/hung_task.c:239
[<ffffffff811996ad>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff838b0db6>] ret_from_fork+0x46/0x60 arch/x86/entry/entry_64.S:460
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 28011 Comm: syzkaller512129 Not tainted 4.9.76-g9154940 #20
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8801c65db000 task.stack: ffff8801c1fc8000
RIP: 0010:[<ffffffff81dc0399>] c [<ffffffff81dc0399>]
clear_page_c_e+0x9/0x10 arch/x86/lib/clear_page_64.S:54
RSP: 0018:ffff8801c1fcfc20 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 00000000071e8000 RCX: 0000000000000000
RDX: 1ffff10038cbb83d RSI: ffffffff844de0e0 RDI: ffff8801c7997000
RBP: ffff8801c1fcfc68 R08: 0000000000000000 R09: 0000000000025960
R10: ffffffffffffffe8 R11: 0000000000000000 R12: dffffc0000000000
R13: 00000000071e6580 R14: ffff880000000000 R15: ffff8801c65db000
FS: 0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:00000000089ea840
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000ffe854cc CR3: 00000001caa50000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffffffff814d4979 c ffffffff8124746d c ffffea0007613bc0 c ffffea0007613bc0 c
ffff8801c1fcfdc0 c ffffea00071e0000 c ffff8801c65673e0 c ffffea00071e0020 c
ffff8801c0d72a00 c ffff8801c1fcfcd8 c ffffffff81547ef2 c ffff8801c65db8b0 c
Call Trace:
[<ffffffff81547ef2>] __do_huge_pmd_anonymous_page mm/huge_memory.c:558
[inline]
[<ffffffff81547ef2>] do_huge_pmd_anonymous_page+0x6c2/0x10d0
mm/huge_memory.c:700
[<ffffffff814cee1b>] create_huge_pmd mm/memory.c:3403 [inline]
[<ffffffff814cee1b>] __handle_mm_fault mm/memory.c:3553 [inline]
[<ffffffff814cee1b>] handle_mm_fault+0x158b/0x2530 mm/memory.c:3614
[<ffffffff810dd632>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
[<ffffffff810dddd7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
[<ffffffff838b1dc8>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1038
Code: c89 c47 c18 c48 c89 c47 c20 c48 c89 c47 c28 c48 c89 c47
c30 c48 c89 c47 c38 c48 c8d c7f c40 c75 cd9 c90 cc3 c0f c1f
c80 c00 c00 c00 c00 cb9 c00 c10 c00 c00 c31 cc0 cf3 caa
c<c3> c90 c90 c90 c90 c90 c90 c55 c48 c89 ce5 c41 c57 c41
c56 c41 c55 c41 c54 c49 c89 c
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages