INFO: task hung in linkwatch_event
18 views
Skip to first unread message
syzbot
Apr 10, 2019, 12:14:07 PM4/10/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 7d2d5fc1 Merge 4.14.91 into android-4.14
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=13f839bf400000
kernel config: https://syzkaller.appspot.com/x/.config?x=c184a4faf24e0c0c
dashboard link: https://syzkaller.appspot.com/bug?extid=d5bfa41f359a671cd33d
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11214dfd400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1355b38f400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d5bfa4...@syzkaller.appspotmail.com
INFO: task kworker/0:1:22 blocked for more than 140 seconds.
Not tainted 4.14.91+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:1 D28656 22 2 0x80000000
Workqueue: events linkwatch_event
Call Trace:
schedule+0x92/0x1c0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x559/0x1430 kernel/locking/mutex.c:893
linkwatch_event+0xa/0x50 net/core/link_watch.c:236
process_one_work+0x7c6/0x14e0 kernel/workqueue.c:2114
worker_thread+0x5d7/0x1080 kernel/workqueue.c:2248
kthread+0x310/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Showing all locks held in the system:
3 locks held by kworker/0:1/22:
#0: ("events"){+.+.}, at: [<ffffffff86927d15>]
process_one_work+0x6e5/0x14e0 kernel/workqueue.c:2085
#1: ((linkwatch_work).work){+.+.}, at: [<ffffffff86927d4b>]
process_one_work+0x71b/0x14e0 kernel/workqueue.c:2089
#2: (rtnl_mutex){+.+.}, at: [<ffffffff87b5de1a>] linkwatch_event+0xa/0x50
net/core/link_watch.c:236
1 lock held by khungtaskd/23:
#0: (tasklist_lock){.+.+}, at: [<ffffffff869ff97c>]
debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4541
3 locks held by kworker/1:1/68:
#0: ("%s"("ipv6_addrconf")){+.+.}, at: [<ffffffff86927d15>]
process_one_work+0x6e5/0x14e0 kernel/workqueue.c:2085
#1: ((addr_chk_work).work){+.+.}, at: [<ffffffff86927d4b>]
process_one_work+0x71b/0x14e0 kernel/workqueue.c:2089
#2: (rtnl_mutex){+.+.}, at: [<ffffffff87eca22a>]
addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4430
2 locks held by getty/1746:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff87536982>]
tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:275
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff87531da7>]
n_tty_read+0x1f7/0x1700 drivers/tty/n_tty.c:2156
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.91+ #1
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
nmi_cpu_backtrace.cold+0x47/0x86 lib/nmi_backtrace.c:101
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at pc 0xffffffff8804e402
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 7d2d5fc1 Merge 4.14.91 into android-4.14
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=13f839bf400000
kernel config: https://syzkaller.appspot.com/x/.config?x=c184a4faf24e0c0c
dashboard link: https://syzkaller.appspot.com/bug?extid=d5bfa41f359a671cd33d
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11214dfd400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1355b38f400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d5bfa4...@syzkaller.appspotmail.com
INFO: task kworker/0:1:22 blocked for more than 140 seconds.
Not tainted 4.14.91+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:1 D28656 22 2 0x80000000
Workqueue: events linkwatch_event
Call Trace:
schedule+0x92/0x1c0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x559/0x1430 kernel/locking/mutex.c:893
linkwatch_event+0xa/0x50 net/core/link_watch.c:236
process_one_work+0x7c6/0x14e0 kernel/workqueue.c:2114
worker_thread+0x5d7/0x1080 kernel/workqueue.c:2248
kthread+0x310/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Showing all locks held in the system:
3 locks held by kworker/0:1/22:
#0: ("events"){+.+.}, at: [<ffffffff86927d15>]
process_one_work+0x6e5/0x14e0 kernel/workqueue.c:2085
#1: ((linkwatch_work).work){+.+.}, at: [<ffffffff86927d4b>]
process_one_work+0x71b/0x14e0 kernel/workqueue.c:2089
#2: (rtnl_mutex){+.+.}, at: [<ffffffff87b5de1a>] linkwatch_event+0xa/0x50
net/core/link_watch.c:236
1 lock held by khungtaskd/23:
#0: (tasklist_lock){.+.+}, at: [<ffffffff869ff97c>]
debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4541
3 locks held by kworker/1:1/68:
#0: ("%s"("ipv6_addrconf")){+.+.}, at: [<ffffffff86927d15>]
process_one_work+0x6e5/0x14e0 kernel/workqueue.c:2085
#1: ((addr_chk_work).work){+.+.}, at: [<ffffffff86927d4b>]
process_one_work+0x71b/0x14e0 kernel/workqueue.c:2089
#2: (rtnl_mutex){+.+.}, at: [<ffffffff87eca22a>]
addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4430
2 locks held by getty/1746:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff87536982>]
tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:275
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff87531da7>]
n_tty_read+0x1f7/0x1700 drivers/tty/n_tty.c:2156
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.91+ #1
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
nmi_cpu_backtrace.cold+0x47/0x86 lib/nmi_backtrace.c:101
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at pc 0xffffffff8804e402
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Apr 14, 2019, 5:30:13 AM4/14/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: dd1e37e6 Merge 4.9.90 into android-4.9
syzbot found the following crash on:
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=12e19ab3800000
kernel config: https://syzkaller.appspot.com/x/.config?x=1f6b066dbf285822
dashboard link: https://syzkaller.appspot.com/bug?extid=550ce8a24f7d69f3a2ba
compiler: gcc (GCC) 7.1.1 20170620
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=9615 comm=syz-executor5
INFO: task kworker/0:1:24 blocked for more than 120 seconds.
Not tainted 4.9.90-gdd1e37e #66
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:1 D26336 24 2 0x00000000
Workqueue: events linkwatch_event
ffff8801d94db000 0000000000000000 ffff8801c9f1ef40 ffff8801d4448000
ffff8801db221b98 ffff8801d9517ae8 ffffffff838a75cb 0000000000000002
ffff8801d444805c 00ff8801d94db000 ffff8801db222468 ffff8801db222490
Call Trace:
[<ffffffff838a8b6f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3551
[<ffffffff838a94f3>] schedule_preempt_disabled+0x13/0x20
kernel/sched/core.c:3584
[<ffffffff838ae292>] __mutex_lock_common kernel/locking/mutex.c:582
[inline]
[<ffffffff838ae292>] mutex_lock_nested+0x312/0x870
kernel/locking/mutex.c:621
[<ffffffff82f79737>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
[<ffffffff82f8fcde>] linkwatch_event+0xe/0x60 net/core/link_watch.c:236
[<ffffffff8118b030>] process_one_work+0x7e0/0x1610 kernel/workqueue.c:2092
[<ffffffff8118bf40>] worker_thread+0xe0/0x10d0 kernel/workqueue.c:2226
[<ffffffff8119bf4d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff838b865c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Showing all locks held in the system:
#0: ("events"){.+.+.+}, at: [<ffffffff8118af42>] work_static
include/linux/workqueue.h:186 [inline]
#0: ("events"){.+.+.+}, at: [<ffffffff8118af42>] set_work_data
kernel/workqueue.c:617 [inline]
#0: ("events"){.+.+.+}, at: [<ffffffff8118af42>]
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: ("events"){.+.+.+}, at: [<ffffffff8118af42>]
process_one_work+0x6f2/0x1610 kernel/workqueue.c:2085
#1: ((linkwatch_work).work){+.+...}, at: [<ffffffff8118af7c>]
process_one_work+0x72c/0x1610 kernel/workqueue.c:2089
#2: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f79737>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
2 locks held by khungtaskd/516:
#0: (rcu_read_lock){......}, at: [<ffffffff81372185>]
check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff81372185>]
watchdog+0x125/0xa70 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<ffffffff81236c50>]
debug_show_all_locks+0x70/0x280 kernel/locking/lockdep.c:4336
3 locks held by kworker/1:2/1821:
#0: ("events_power_efficient"){.+.+.+}, at: [<ffffffff8118af42>]
work_static include/linux/workqueue.h:186 [inline]
#0: ("events_power_efficient"){.+.+.+}, at: [<ffffffff8118af42>]
set_work_data kernel/workqueue.c:617 [inline]
#0: ("events_power_efficient"){.+.+.+}, at: [<ffffffff8118af42>]
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: ("events_power_efficient"){.+.+.+}, at: [<ffffffff8118af42>]
process_one_work+0x6f2/0x1610 kernel/workqueue.c:2085
#1: ((reg_check_chans).work){+.+...}, at: [<ffffffff8118af7c>]
process_one_work+0x72c/0x1610 kernel/workqueue.c:2089
#2: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f79737>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by rsyslogd/3654:
#0: (&f->f_pos_lock){+.+.+.}, at: [<ffffffff815d2f5f>]
__fdget_pos+0x9f/0xc0 fs/file.c:781
2 locks held by getty/3782:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff838b66a2>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&ldata->atomic_read_lock){+.+.+.}, at: [<ffffffff8200a6a4>]
n_tty_read+0x1f4/0x16c0 drivers/tty/n_tty.c:2133
3 locks held by kworker/0:3/9021:
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118af42>] work_static
include/linux/workqueue.h:186 [inline]
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118af42>]
set_work_data kernel/workqueue.c:617 [inline]
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118af42>]
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118af42>]
process_one_work+0x6f2/0x1610 kernel/workqueue.c:2085
#1: ((addr_chk_work).work){+.+...}, at: [<ffffffff8118af7c>]
process_one_work+0x72c/0x1610 kernel/workqueue.c:2089
#2: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f79737>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor2/9554:
#0: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831ad9c0>]
do_ip_vs_set_ctl+0x240/0xc00 net/netfilter/ipvs/ip_vs_ctl.c:2402
2 locks held by syz-executor2/9567:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f79737>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
#1: (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff831ae067>]
do_ip_vs_set_ctl+0x8e7/0xc00 net/netfilter/ipvs/ip_vs_ctl.c:2397
1 lock held by ipvs-b:5:0/9555:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f79737>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor5/9608:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f7e24b>] rtnl_lock
net/core/rtnetlink.c:70 [inline]
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f7e24b>]
rtnetlink_rcv+0x1b/0x40 net/core/rtnetlink.c:4064
1 lock held by syz-executor5/9615:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f7e24b>] rtnl_lock
net/core/rtnetlink.c:70 [inline]
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f7e24b>]
rtnetlink_rcv+0x1b/0x40 net/core/rtnetlink.c:4064
1 lock held by syz-executor0/9614:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f79737>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor0/9618:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff82f79737>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 516 Comm: khungtaskd Not tainted 4.9.90-gdd1e37e #66
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801d9167d00 ffffffff81d94ee9 0000000000000000 0000000000000001
0000000000000001 0000000000000001 ffffffff810bb920 ffff8801d9167d38
ffffffff81da000d 0000000000000001 0000000000000000 ffff8801d94db418
Call Trace:
[<ffffffff81d94ee9>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d94ee9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81da000d>] nmi_cpu_backtrace+0xfd/0x120 lib/nmi_backtrace.c:99
[<ffffffff81da0147>] nmi_trigger_cpumask_backtrace+0x117/0x190
lib/nmi_backtrace.c:60
[<ffffffff810bba14>] arch_trigger_cpumask_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:37
[<ffffffff81372750>] trigger_all_cpu_backtrace include/linux/nmi.h:58
[inline]
[<ffffffff81372750>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff81372750>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff81372750>] watchdog+0x6f0/0xa70 kernel/hung_task.c:239
[<ffffffff8119bf4d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff838b865c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at pc 0xffffffff838b7116
syzbot
Oct 25, 2019, 4:50:05 AM10/25/19
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages