INFO: task hung in synchronize_rcu

87 views
Skip to first unread message

syzbot

unread,
Nov 6, 2019, 11:32:10 PM11/6/19
to syzkaller...@googlegroups.com
Hello,

syzbot found the following crash on:

HEAD commit: c9fda4f2 Linux 4.14.152
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1147982ce00000
kernel config: https://syzkaller.appspot.com/x/.config?x=8e71058946820493
dashboard link: https://syzkaller.appspot.com/bug?extid=e8737aa6afd0dfccf11d
compiler: gcc (GCC) 9.0.0 20181231 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e8737a...@syzkaller.appspotmail.com

INFO: task syz-executor.0:8460 blocked for more than 140 seconds.
Not tainted 4.14.152 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0 D27440 8460 30686 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2807 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3383
schedule+0x92/0x1c0 kernel/sched/core.c:3427
exp_funnel_lock kernel/rcu/tree_exp.h:295 [inline]
_synchronize_rcu_expedited+0x6ca/0x8b0 kernel/rcu/tree_exp.h:596
synchronize_rcu_expedited kernel/rcu/tree_exp.h:724 [inline]
synchronize_rcu_expedited+0x35/0xb0 kernel/rcu/tree_exp.h:713
synchronize_net+0x2f/0x50 net/core/dev.c:8222
__unregister_prot_hook+0x22e/0x2a0 net/packet/af_packet.c:382
packet_do_bind+0x5ec/0xb20 net/packet/af_packet.c:3150
packet_bind+0x138/0x190 net/packet/af_packet.c:3233
SYSC_bind+0x1d3/0x220 net/socket.c:1489
SyS_bind+0x24/0x30 net/socket.c:1475
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a219
RSP: 002b:00007ff6ffad7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
RDX: 0000000000000014 RSI: 0000000020000640 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff6ffad86d4
R13: 00000000004c0601 R14: 00000000004d2d58 R15: 00000000ffffffff

Showing all locks held in the system:
1 lock held by khungtaskd/1001:
#0: (tasklist_lock){.+.+}, at: [<ffffffff814875a8>]
debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4544
1 lock held by rsyslogd/6728:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff8194526b>]
__fdget_pos+0xab/0xd0 fs/file.c:769
2 locks held by getty/6850:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861c4153>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310f506>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/6851:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861c4153>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310f506>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/6852:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861c4153>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310f506>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/6853:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861c4153>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310f506>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/6854:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861c4153>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310f506>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/6855:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861c4153>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310f506>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/6856:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861c4153>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310f506>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
1 lock held by syz-executor.0/8460:
#0: (sk_lock-AF_PACKET){+.+.}, at: [<ffffffff8561e0e4>] lock_sock
include/net/sock.h:1462 [inline]
#0: (sk_lock-AF_PACKET){+.+.}, at: [<ffffffff8561e0e4>]
packet_do_bind+0x34/0xb20 net/packet/af_packet.c:3112

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1001 Comm: khungtaskd Not tainted 4.14.152 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x197 lib/dump_stack.c:53
nmi_cpu_backtrace.cold+0x57/0x94 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x141/0x189 lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5e7/0xb90 kernel/hung_task.c:274
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at pc 0xffffffff861c4c3e


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

syzbot

unread,
Nov 8, 2019, 4:27:09 PM11/8/19
to syzkaller...@googlegroups.com
Hello,

syzbot found the following crash on:

HEAD commit: 5ee93551 Linux 4.19.82
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17925552e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=c62a146039e23bc4
dashboard link: https://syzkaller.appspot.com/bug?extid=2911186fc91302d7feac
compiler: gcc (GCC) 9.0.0 20181231 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+291118...@syzkaller.appspotmail.com

INFO: task kworker/u4:6:12582 blocked for more than 140 seconds.
Not tainted 4.19.82 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:6 D25488 12582 2 0x80000000
Workqueue: events_unbound fsnotify_connector_destroy_workfn
Call Trace:
context_switch kernel/sched/core.c:2826 [inline]
__schedule+0x866/0x1dc0 kernel/sched/core.c:3515
schedule+0x92/0x1c0 kernel/sched/core.c:3559
schedule_timeout+0x8c8/0xfc0 kernel/time/timer.c:1782
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x29c/0x440 kernel/sched/completion.c:136
__synchronize_srcu+0x12e/0x210 kernel/rcu/srcutree.c:936
synchronize_srcu_expedited kernel/rcu/srcutree.c:961 [inline]
synchronize_srcu+0x239/0x3e8 kernel/rcu/srcutree.c:1012
fsnotify_connector_destroy_workfn+0x4e/0xa0 fs/notify/mark.c:174
process_one_work+0x989/0x1750 kernel/workqueue.c:2153
worker_thread+0x98/0xe40 kernel/workqueue.c:2296
kthread+0x354/0x420 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
INFO: task kworker/u4:7:22080 blocked for more than 140 seconds.
Not tainted 4.19.82 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:7 D25568 22080 2 0x80000000
Workqueue: events_unbound fsnotify_mark_destroy_workfn
Call Trace:
context_switch kernel/sched/core.c:2826 [inline]
__schedule+0x866/0x1dc0 kernel/sched/core.c:3515
schedule+0x92/0x1c0 kernel/sched/core.c:3559
schedule_timeout+0x8c8/0xfc0 kernel/time/timer.c:1782
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x29c/0x440 kernel/sched/completion.c:136
__synchronize_srcu+0x12e/0x210 kernel/rcu/srcutree.c:936
synchronize_srcu+0x2dc/0x3e8 kernel/rcu/srcutree.c:1014
fsnotify_mark_destroy_workfn+0x110/0x3b0 fs/notify/mark.c:795
process_one_work+0x989/0x1750 kernel/workqueue.c:2153
worker_thread+0x98/0xe40 kernel/workqueue.c:2296
kthread+0x354/0x420 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

Showing all locks held in the system:
4 locks held by kworker/0:1/14:
1 lock held by khungtaskd/1039:
#0: 00000000d1bbdbd9 (rcu_read_lock){....}, at:
debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:4438
1 lock held by rsyslogd/7636:
#0: 00000000e182c9ef (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110
fs/file.c:767
2 locks held by getty/7758:
#0: 000000003070272a (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362
#1: 000000007fb0d621 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154
2 locks held by getty/7759:
#0: 0000000086cefb9c (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362
#1: 000000001c9770fa (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154
2 locks held by getty/7760:
#0: 0000000062678517 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362
#1: 000000000a2dd56f (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154
2 locks held by getty/7761:
#0: 00000000e407d11d (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362
#1: 00000000f0c74f0b (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154
2 locks held by getty/7762:
#0: 000000000c6e39d7 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362
#1: 0000000030b4c587 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154
2 locks held by getty/7763:
#0: 0000000015ebb5d8 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362
#1: 00000000275b5e71 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154
2 locks held by getty/7764:
#0: 0000000019c2e6fc (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362
#1: 00000000f134879b (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154
2 locks held by kworker/u4:6/12582:
#0: 0000000080de34b8 ((wq_completion)"events_unbound"){+.+.}, at:
__write_once_size include/linux/compiler.h:220 [inline]
#0: 0000000080de34b8 ((wq_completion)"events_unbound"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 0000000080de34b8 ((wq_completion)"events_unbound"){+.+.}, at:
atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 0000000080de34b8 ((wq_completion)"events_unbound"){+.+.}, at:
atomic_long_set include/asm-generic/atomic-long.h:59 [inline]
#0: 0000000080de34b8 ((wq_completion)"events_unbound"){+.+.}, at:
set_work_data kernel/workqueue.c:617 [inline]
#0: 0000000080de34b8 ((wq_completion)"events_unbound"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 0000000080de34b8 ((wq_completion)"events_unbound"){+.+.}, at:
process_one_work+0x87e/0x1750 kernel/workqueue.c:2124
#1: 00000000af12d2b7 (connector_reaper_work){+.+.}, at:
process_one_work+0x8b4/0x1750 kernel/workqueue.c:2128
2 locks held by kworker/u4:7/22080:
#0: 0000000080de34b8 ((wq_completion)"events_unbound"){+.+.}, at:
__write_once_size include/linux/compiler.h:220 [inline]
#0: 0000000080de34b8 ((wq_completion)"events_unbound"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 0000000080de34b8 ((wq_completion)"events_unbound"){+.+.}, at:
atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 0000000080de34b8 ((wq_completion)"events_unbound"){+.+.}, at:
atomic_long_set include/asm-generic/atomic-long.h:59 [inline]
#0: 0000000080de34b8 ((wq_completion)"events_unbound"){+.+.}, at:
set_work_data kernel/workqueue.c:617 [inline]
#0: 0000000080de34b8 ((wq_completion)"events_unbound"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 0000000080de34b8 ((wq_completion)"events_unbound"){+.+.}, at:
process_one_work+0x87e/0x1750 kernel/workqueue.c:2124
#1: 00000000ea9fc45e ((reaper_work).work){+.+.}, at:
process_one_work+0x8b4/0x1750 kernel/workqueue.c:2128
1 lock held by syz-executor.4/6050:
#0: 0000000052b5b6d1 (&type->s_umount_key#58/1){+.+.}, at: alloc_super
fs/super.c:226 [inline]
#0: 0000000052b5b6d1 (&type->s_umount_key#58/1){+.+.}, at:
sget_userns+0x208/0xd30 fs/super.c:519

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1039 Comm: khungtaskd Not tainted 4.19.82 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
nmi_cpu_backtrace.cold+0x63/0xa4 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1b0/0x1f8 lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
watchdog+0x9df/0xee0 kernel/hung_task.c:287
kthread+0x354/0x420 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 4.19.82 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: events rtc_timer_do_work
RIP: 0010:lockdep_hardirqs_on+0x357/0x5d0 kernel/locking/lockdep.c:2868
Code: ba 00 00 00 00 00 fc ff df 48 89 c1 83 e0 07 48 c1 e9 03 0f b6 14 11
38 c2 7f 08 84 d2 0f 85 87 01 00 00 80 3d 41 9c ea 07 00 <0f> 85 ba 01 00
00 65 48 8b 1c 25 40 ee 01 00 48 8d bb 4c 08 00 00
RSP: 0018:ffff8880aa26fac0 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 1ffffffff12794a9
RDX: 0000000000000000 RSI: ffffffff817002be RDI: 0000000000000000
RBP: ffff8880aa26fad0 R08: ffff8880aa25e380 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff86f1a56b
R13: ffffffff84943916 R14: ffffffff86f1a56b R15: 2b5ed98f15250000
FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc0d6b3a28 CR3: 0000000087151000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
trace_hardirqs_on+0x67/0x220 kernel/trace/trace_preemptirq.c:30
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
_raw_spin_unlock_irqrestore+0x6b/0xe0 kernel/locking/spinlock.c:184
spin_unlock_irqrestore include/linux/spinlock.h:384 [inline]
rtc_handle_legacy_irq+0x76/0xd0 drivers/rtc/interface.c:608
rtc_uie_update_irq+0x20/0x30 drivers/rtc/interface.c:637
rtc_timer_do_work+0x2c8/0xef0 drivers/rtc/interface.c:918
process_one_work+0x989/0x1750 kernel/workqueue.c:2153
worker_thread+0x98/0xe40 kernel/workqueue.c:2296
kthread+0x354/0x420 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

syzbot

unread,
Jul 5, 2020, 6:11:25 PM7/5/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:

HEAD commit: b850307b Linux 4.14.184
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15011e7b100000
kernel config: https://syzkaller.appspot.com/x/.config?x=ddc0f08dd6b981c5
dashboard link: https://syzkaller.appspot.com/bug?extid=e8737aa6afd0dfccf11d
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=107ecfd3100000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e8737a...@syzkaller.appspotmail.com

NOHZ: local_softirq_pending 08
syz-executor.1 (6370) used greatest stack depth: 25472 bytes left
INFO: task kworker/u4:2:6332 blocked for more than 140 seconds.
Not tainted 4.14.184-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:2 D27168 6332 2 0x80000000
Workqueue: netns cleanup_net
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x8a6/0x1d70 kernel/sched/core.c:3384
schedule+0x8d/0x1b0 kernel/sched/core.c:3428
schedule_timeout+0x86c/0xe50 kernel/time/timer.c:1723
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common+0x272/0x430 kernel/sched/completion.c:123
__wait_rcu_gp+0x22f/0x2e0 kernel/rcu/update.c:413
synchronize_rcu.part.0+0x9b/0xa0 kernel/rcu/tree_plugin.h:764
cleanup_net+0x387/0x820 net/core/net_namespace.c:480
process_one_work+0x7c0/0x14c0 kernel/workqueue.c:2116
worker_thread+0x5d7/0x1080 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
INFO: task systemd-udevd:10304 blocked for more than 140 seconds.
Not tainted 4.14.184-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
systemd-udevd D28592 10304 1 0x80000106
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x8a6/0x1d70 kernel/sched/core.c:3384
schedule+0x8d/0x1b0 kernel/sched/core.c:3428
schedule_timeout+0x86c/0xe50 kernel/time/timer.c:1723
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common+0x272/0x430 kernel/sched/completion.c:123
__wait_rcu_gp+0x22f/0x2e0 kernel/rcu/update.c:413
synchronize_rcu.part.0+0x9b/0xa0 kernel/rcu/tree_plugin.h:764
namespace_unlock+0xcf/0xf0 fs/namespace.c:1448
put_mnt_ns fs/namespace.c:3322 [inline]
put_mnt_ns+0x42/0x60 fs/namespace.c:3318
free_nsproxy+0x40/0x1f0 kernel/nsproxy.c:176
switch_task_namespaces+0x8f/0xb0 kernel/nsproxy.c:229
do_exit+0x9f6/0x2ae0 kernel/exit.c:857
do_group_exit+0x100/0x2e0 kernel/exit.c:955
get_signal+0x385/0x1c90 kernel/signal.c:2423
do_signal+0x7c/0x15d0 arch/x86/kernel/signal.c:814
exit_to_usermode_loop+0x160/0x200 arch/x86/entry/common.c:160
prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f5b60660840
RSP: 002b:00007ffc5dfff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: 0000000000000007 RBX: 0000556ad9f0a750 RCX: 00007f5b60660840
RDX: 0000556ad9adafe3 RSI: 00000000000a0800 RDI: 0000556ad9f04ae0
RBP: 00007ffc5dfff240 R08: 0000556ad9ada670 R09: 0000000000000010
R10: 0000556ad9adad0c R11: 0000000000000246 R12: 00007ffc5dfff190
R13: 0000556ad9f0a540 R14: 0000000000000003 R15: 000000000000000e

Showing all locks held in the system:
1 lock held by khungtaskd/1057:
#0: (tasklist_lock){.+.+}, at: [<ffffffff8146c8d0>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
3 locks held by kworker/u4:2/6332:
#0: ("%s""netns"){+.+.}, at: [<ffffffff813af918>] process_one_work+0x6d8/0x14c0 kernel/workqueue.c:2087
#1: (net_cleanup_work){+.+.}, at: [<ffffffff813af94e>] process_one_work+0x70e/0x14c0 kernel/workqueue.c:2091
#2: (net_mutex){+.+.}, at: [<ffffffff84fc1d73>] cleanup_net+0x123/0x820 net/core/net_namespace.c:450

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1057 Comm: khungtaskd Not tainted 4.14.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x13a/0x17f lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5e2/0xb80 kernel/hung_task.c:274
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 10126 Comm: syz-executor.5 Not tainted 4.14.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888090818540 task.stack: ffff88807d450000
RIP: 0010:exact_copy_from_user fs/namespace.c:2738 [inline]
RIP: 0010:copy_mount_options+0x183/0x2e0 fs/namespace.c:2771
RSP: 0018:ffff88807d457e88 EFLAGS: 00000297
RAX: ffff888090818540 RBX: 00000000000005e4 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffff888090819998
RBP: ffff88808bce2b9c R08: 0000000000000001 R09: 0000000000000000
R10: ffff888090818dc8 R11: ffff888090818540 R12: ffff88808bce2180
R13: 0000000000001000 R14: ffff88808bce2b9c R15: 00007ffffffff000
FS: 00007f2ffc6fe700(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000151a74d3 CR3: 00000000a883a000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
SYSC_mount fs/namespace.c:3090 [inline]
SyS_mount+0x84/0x120 fs/namespace.c:3072
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45f57a
RSP: 002b:00007f2ffc6fda68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 000000000050a6c0 RCX: 000000000045f57a
RDX: 00007f2ffc6fdae0 RSI: 0000000000000000 RDI: 00007f2ffc6fdb00
RBP: 000000000078bf00 R08: 00007f2ffc6fdb40 R09: 00007f2ffc6fdae0
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000c3e R14: 00000000004ce90a R15: 00007f2ffc6fe6d4
Code: fc ff df 0f b6 04 08 38 d0 7f 08 84 c0 0f 85 1b 01 00 00 48 83 eb 01 44 88 7d ff 74 36 49 89 ee e8 d3 ec c7 ff 0f 1f 00 0f ae e8 <48> 8b 14 24 31 c0 48 29 da 44 8a 3a 0f 1f 00 85 c0 74 a5 e8 b5

syzbot

unread,
Aug 7, 2020, 4:43:20 PM8/7/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:

HEAD commit: 14b58326 Linux 4.14.193
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=118d73fa900000
kernel config: https://syzkaller.appspot.com/x/.config?x=68ef0287ccbc3b42
dashboard link: https://syzkaller.appspot.com/bug?extid=e8737aa6afd0dfccf11d
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16b04984900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1546e202900000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e8737a...@syzkaller.appspotmail.com

Bluetooth: hci0 command 0x0405 tx timeout
INFO: task kworker/u5:0:1202 blocked for more than 140 seconds.
Not tainted 4.14.193-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u5:0 D27944 1202 2 0x80000000
Workqueue: hci0 hci_rx_work
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3384
schedule+0x8d/0x1b0 kernel/sched/core.c:3428
schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1731
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common+0x272/0x430 kernel/sched/completion.c:123
__synchronize_srcu+0x10a/0x1d0 kernel/rcu/srcutree.c:898
debugfs_remove_recursive fs/debugfs/inode.c:744 [inline]
debugfs_remove_recursive+0x2e0/0x3b0 fs/debugfs/inode.c:686
hci_conn_cleanup+0x2d8/0x550 net/bluetooth/hci_conn.c:130
hci_conn_del+0x235/0x620 net/bluetooth/hci_conn.c:611
hci_phy_link_complete_evt.isra.0+0x4d0/0x6c0 net/bluetooth/hci_event.c:4355
hci_event_packet+0x2592/0x7c7a net/bluetooth/hci_event.c:5429
hci_rx_work+0x3e6/0x970 net/bluetooth/hci_core.c:4244
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
INFO: task syz-executor957:1920 blocked for more than 140 seconds.
Not tainted 4.14.193-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor957 D28912 1920 6378 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3384
schedule+0x8d/0x1b0 kernel/sched/core.c:3428
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
get_l2cap_conn+0xa3/0x430 net/bluetooth/6lowpan.c:1013
lowpan_control_write+0x135/0x490 net/bluetooth/6lowpan.c:1138
full_proxy_write+0xfb/0x1a0 fs/debugfs/file.c:163
__vfs_write+0xe4/0x630 fs/read_write.c:480
vfs_write+0x17f/0x4d0 fs/read_write.c:544
SYSC_write fs/read_write.c:590 [inline]
SyS_write+0xf2/0x210 fs/read_write.c:582
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x449039
RSP: 002b:00007f532dd45ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000006e5a08 RCX: 0000000000449039
RDX: 000000000000001b RSI: 00000000200004c0 RDI: 0000000000000003
RBP: 00000000006e5a00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e5a0c
R13: 00007ffdb6e44c4f R14: 00007f532dd469c0 R15: 20c49ba5e353f7cf

Showing all locks held in the system:
1 lock held by khungtaskd/1068:
#0: (tasklist_lock){.+.+}, at: [<ffffffff814778d4>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
3 locks held by kworker/u5:0/1202:
#0: ("%s"hdev->name#2){+.+.}, at: [<ffffffff813ba640>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087
#1: ((&hdev->rx_work)){+.+.}, at: [<ffffffff813ba676>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091
#2: (&hdev->lock){+.+.}, at: [<ffffffff85b17907>] hci_phy_link_complete_evt.isra.0+0x27/0x6c0 net/bluetooth/hci_event.c:4346
4 locks held by syz-executor957/1920:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff8193b2cb>] __fdget_pos+0x1fb/0x2b0 fs/file.c:769
#1: (sb_writers#15){.+.+}, at: [<ffffffff818d4d58>] file_start_write include/linux/fs.h:2708 [inline]
#1: (sb_writers#15){.+.+}, at: [<ffffffff818d4d58>] vfs_write+0x3d8/0x4d0 fs/read_write.c:543
#2: (debugfs_srcu){....}, at: [<ffffffff825eb785>] debugfs_real_fops include/linux/debugfs.h:62 [inline]
#2: (debugfs_srcu){....}, at: [<ffffffff825eb785>] full_proxy_write+0x65/0x1a0 fs/debugfs/file.c:163
#3: (&hdev->lock){+.+.}, at: [<ffffffff85beaae3>] get_l2cap_conn+0xa3/0x430 net/bluetooth/6lowpan.c:1013

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1068 Comm: khungtaskd Not tainted 4.14.193-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x13a/0x17f lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5b9/0xb40 kernel/hung_task.c:274
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 3647 Comm: systemd-journal Not tainted 4.14.193-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88809456e200 task.stack: ffff888094570000
RIP: 0010:unwind_next_frame+0xc73/0x17d0 arch/x86/kernel/unwind_orc.c:432
RSP: 0018:ffff888094577948 EFLAGS: 00000246
RAX: ffff888094577b20 RBX: 1ffff110128aef30 RCX: ffffffff88e97da0
RDX: ffff888094577b10 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffff88e97da4 R09: ffffffff88e97da5
R10: 0000000000008476 R11: 0000000000000001 R12: ffff888094577ad5
R13: ffff888094577ad8 R14: ffff888094577af0 R15: ffff888094577aa0
FS: 00007f04b0ddd8c0(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f04ae193008 CR3: 00000000948bb000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__unwind_start+0x58f/0x930 arch/x86/kernel/unwind_orc.c:590
unwind_start arch/x86/include/asm/unwind.h:60 [inline]
__save_stack_trace+0x63/0x160 arch/x86/kernel/stacktrace.c:43
save_stack mm/kasan/kasan.c:447 [inline]
set_track mm/kasan/kasan.c:459 [inline]
kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551
slab_post_alloc_hook mm/slab.h:442 [inline]
slab_alloc mm/slab.c:3390 [inline]
__do_kmalloc mm/slab.c:3718 [inline]
__kmalloc_track_caller+0x13f/0x400 mm/slab.c:3735
kmemdup+0x23/0x50 mm/util.c:118
kmemdup include/linux/string.h:445 [inline]
selinux_cred_prepare+0x44/0xa0 security/selinux/hooks.c:3849
security_prepare_creds+0x76/0xb0 security/security.c:1008
prepare_creds+0x2ef/0x490 kernel/cred.c:282
SYSC_faccessat fs/open.c:365 [inline]
SyS_faccessat+0x7b/0x680 fs/open.c:353
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f04b00999c7
RSP: 002b:00007ffed953f6b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000015
RAX: ffffffffffffffda RBX: 00007ffed95425d0 RCX: 00007f04b00999c7
RDX: 00007f04b0b0aa00 RSI: 0000000000000000 RDI: 0000558e87aba9a3
RBP: 00007ffed953f6f0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000069 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ffed95425d0 R15: 00007ffed953fbe0
Code: d0 0f 8f 90 fe ff ff 84 c0 0f 84 88 fe ff ff 4c 89 e7 48 89 4c 24 08 e8 4c 0f 5d 00 48 8b 4c 24 08 e9 71 fe ff ff 48 8b 44 24 58 <4c> 89 ff 4c 89 4c 24 30 48 8b 54 24 08 48 89 4c 24 28 4c 89 44

syzbot

unread,
Jul 18, 2022, 3:53:20 PM7/18/22
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:

HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=147e7ec2080000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=2911186fc91302d7feac
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1251178c080000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+291118...@syzkaller.appspotmail.com

audit: type=1800 audit(1658172245.694:341): pid=11056 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14348 res=0
audit: type=1800 audit(1658172247.014:342): pid=11067 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=14259 res=0
kauditd_printk_skb: 1 callbacks suppressed
audit: type=1800 audit(1658172252.704:344): pid=11084 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=14359 res=0
INFO: task kworker/u4:0:8161 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:0 D26184 8161 2 0x80000000
Workqueue: events_unbound fsnotify_connector_destroy_workfn
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
audit: type=1800 audit(1658172252.714:345): pid=11086 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=14360 res=0
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_timeout+0x92d/0xfe0 kernel/time/timer.c:1794
audit: type=1800 audit(1658172252.714:346): pid=11080 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=14361 res=0
audit: type=1800 audit(1658172252.714:347): pid=11082 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14362 res=0
audit: type=1800 audit(1658172252.714:348): pid=11083 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=14363 res=0
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common+0x29c/0x470 kernel/sched/completion.c:115
__synchronize_srcu+0x124/0x210 kernel/rcu/srcutree.c:936
fsnotify_connector_destroy_workfn+0x49/0xa0 fs/notify/mark.c:174
process_one_work+0x864/0x1570 kernel/workqueue.c:2153
worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
INFO: task kworker/u4:14:9857 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:14 D27112 9857 2 0x80000000
Workqueue: events_unbound fsnotify_mark_destroy_workfn
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_timeout+0x92d/0xfe0 kernel/time/timer.c:1794
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common+0x29c/0x470 kernel/sched/completion.c:115
__synchronize_srcu+0x124/0x210 kernel/rcu/srcutree.c:936
fsnotify_mark_destroy_workfn+0xfd/0x340 fs/notify/mark.c:795
process_one_work+0x864/0x1570 kernel/workqueue.c:2153
worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

Showing all locks held in the system:
1 lock held by khungtaskd/1570:
#0: 0000000076646a49 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441
1 lock held by systemd-udevd/4695:
1 lock held by in:imklog/7799:
2 locks held by kworker/1:0/8108:
3 locks held by kworker/0:0/8149:
2 locks held by kworker/u4:0/8161:
#0: 00000000e2997352 ((wq_completion)"events_unbound"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
#1: 0000000085e05b5b (connector_reaper_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
2 locks held by kworker/u4:1/8448:
2 locks held by kworker/u4:13/9794:
2 locks held by kworker/u4:14/9857:
#0: 00000000e2997352 ((wq_completion)"events_unbound"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
#1: 00000000e7c184d6 ((reaper_work).work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1570 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
watchdog+0x991/0xe60 kernel/hung_task.c:287
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 11085 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
RIP: 0010:_raw_spin_unlock_irqrestore+0x1/0xe0 kernel/locking/spinlock.c:183
Code: 89 fd be 01 00 00 00 48 8d 7f 18 e8 99 f9 31 f9 48 89 ef e8 91 90 32 f9 48 8b 7c 24 08 be 01 02 00 00 5d e9 e1 d0 1f f9 90 55 <48> 89 fd 48 83 c7 18 53 48 8b 54 24 10 48 89 f3 be 01 00 00 00 e8
RSP: 0018:ffff8880a2057798 EFLAGS: 00000092
RAX: ffff8880a312ea80 RBX: ffff88809dab40c0 RCX: ffff8880a2057938
RDX: 0000000000000000 RSI: 0000000000000286 RDI: ffff88809dab4260
RBP: dffffc0000000000 R08: ffff8880a2057928 R09: fffffffffffff000
R10: 0000000000000007 R11: 0000000000000000 R12: ffff8880a312ea80
R13: ffff8880a2057958 R14: ffff88809dab4260 R15: 0000000000000286
FS: 00007f0b06545700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0b06524718 CR3: 0000000092456000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
spin_unlock_irqrestore include/linux/spinlock.h:384 [inline]
__skb_try_recv_datagram+0x28e/0x440 net/core/datagram.c:272
unix_dgram_recvmsg+0x1a6/0xdb0 net/unix/af_unix.c:2145
___sys_recvmsg+0x255/0x570 net/socket.c:2389
__sys_recvmmsg+0x254/0x6d0 net/socket.c:2501
do_sys_recvmmsg+0x172/0x190 net/socket.c:2577
__do_sys_recvmmsg net/socket.c:2595 [inline]
__se_sys_recvmmsg net/socket.c:2591 [inline]
__x64_sys_recvmmsg+0xba/0x150 net/socket.c:2591
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f0b06df1199
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0b06545168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
RAX: ffffffffffffffda RBX: 00007f0b06f04030 RCX: 00007f0b06df1199
RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 00007f0b06e4b13b R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe0528102f R14: 00007f0b06545300 R15: 0000000000022000

syzbot

unread,
Sep 29, 2022, 5:18:42 AM9/29/22
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:

HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14aad4e0880000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=2911186fc91302d7feac
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1492ee4c880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15cf6bdf080000

Downloadable assets:
disk image: https://storage.googleapis.com/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/ea228ff02669/vmlinux-3f8a27f9.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+291118...@syzkaller.appspotmail.com

hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
INFO: task syz-executor305:8241 blocked for more than 140 seconds.
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
Not tainted 4.19.211-syzkaller #0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
syz-executor305 D28648 8241 8104 0x00000004
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
Call Trace:
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
exp_funnel_lock kernel/rcu/tree_exp.h:320 [inline]
_synchronize_rcu_expedited+0x60c/0x6f0 kernel/rcu/tree_exp.h:667
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
synchronize_rcu_bh_expedited include/linux/rcutree.h:71 [inline]
synchronize_rcu_bh+0xc1/0x160 kernel/rcu/tree.c:3193
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
vhost_net_release+0x13d/0x210 drivers/vhost/net.c:1178
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
__fput+0x2ce/0x890 fs/file_table.c:278
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
task_work_run+0x148/0x1c0 kernel/task_work.c:113
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RIP: 0033:0x7f0b55b9b793
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
Code: Bad RIP value.
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RSP: 002b:00007fff65c9ae98 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f0b55b9b793
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RDX: 0000000000000000 RSI: 0000000020001880 RDI: 0000000000000004
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
R10: 0000000004000004 R11: 0000000000000246 R12: 00007fff65c9aed0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
R13: 00007fff65c9aec0 R14: 00007fff65c9aeb0 R15: 0000000000000000
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
INFO: task syz-executor305:8242 blocked for more than 140 seconds.
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
Not tainted 4.19.211-syzkaller #0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
syz-executor305 D28648 8242 8107 0x00000004
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
Call Trace:
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
exp_funnel_lock kernel/rcu/tree_exp.h:320 [inline]
_synchronize_rcu_expedited+0x60c/0x6f0 kernel/rcu/tree_exp.h:667
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
synchronize_rcu_bh_expedited include/linux/rcutree.h:71 [inline]
synchronize_rcu_bh+0xc1/0x160 kernel/rcu/tree.c:3193
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
vhost_net_release+0x13d/0x210 drivers/vhost/net.c:1178
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
__fput+0x2ce/0x890 fs/file_table.c:278
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
task_work_run+0x148/0x1c0 kernel/task_work.c:113
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RIP: 0033:0x7f0b55b9b793
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
Code: Bad RIP value.
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RSP: 002b:00007fff65c9ae98 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f0b55b9b793
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RDX: 0000000000000000 RSI: 0000000020001880 RDI: 0000000000000004
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
R10: 0000000004000004 R11: 0000000000000246 R12: 00007fff65c9aed0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
R13: 00007fff65c9aec0 R14: 00007fff65c9aeb0 R15: 0000000000000000
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
INFO: task syz-executor305:8243 blocked for more than 140 seconds.
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
Not tainted 4.19.211-syzkaller #0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
syz-executor305 D28648 8243 8109 0x00000004
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
Call Trace:
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
exp_funnel_lock kernel/rcu/tree_exp.h:320 [inline]
_synchronize_rcu_expedited+0x60c/0x6f0 kernel/rcu/tree_exp.h:667
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
synchronize_rcu_bh_expedited include/linux/rcutree.h:71 [inline]
synchronize_rcu_bh+0xc1/0x160 kernel/rcu/tree.c:3193
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
vhost_net_release+0x13d/0x210 drivers/vhost/net.c:1178
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
__fput+0x2ce/0x890 fs/file_table.c:278
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
task_work_run+0x148/0x1c0 kernel/task_work.c:113
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RIP: 0033:0x7f0b55b9b793
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
Code: Bad RIP value.
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RSP: 002b:00007fff65c9ae98 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f0b55b9b793
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RDX: 0000000000000000 RSI: 0000000020001880 RDI: 0000000000000004
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
R10: 0000000004000004 R11: 0000000000000246 R12: 00007fff65c9aed0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
R13: 00007fff65c9aec0 R14: 00007fff65c9aeb0 R15: 0000000000000000
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0

Showing all locks held in the system:
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
1 lock held by khungtaskd/1570:
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
#0: 000000003458d367 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
6 locks held by kworker/1:2/3460:
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
1 lock held by in:imklog/7798:
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
1 lock held by syz-executor305/8231:
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
#0: 00000000dd4d0d64 (rcu_sched_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline]
#0: 00000000dd4d0d64 (rcu_sched_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited+0x256/0x6f0 kernel/rcu/tree_exp.h:667
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
1 lock held by syz-executor305/8264:
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
#0: 00000000dd4d0d64 (rcu_sched_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline]
#0: 00000000dd4d0d64 (rcu_sched_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited+0x256/0x6f0 kernel/rcu/tree_exp.h:667
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0

hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
=============================================

hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
NMI backtrace for cpu 0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
CPU: 0 PID: 1570 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
watchdog+0x991/0xe60 kernel/hung_task.c:287
kthread+0x33f/0x460 kernel/kthread.c:259
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
Sending NMI from CPU 0 to CPUs 1:
hid-generic 0009:0000:FFFFFFC0.0006: unknown main item tag 0x0
NMI backtrace for cpu 1
CPU: 1 PID: 3460 Comm: kworker/1:2 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Workqueue: events uhid_device_add_worker
RIP: 0010:number+0x46c/0xa90 lib/vsprintf.c:505
Code: e0 4c 89 e2 48 be 00 00 00 00 00 fc ff df 48 c1 e8 03 83 e2 07 0f b6 04 30 38 d0 7f 08 84 c0 0f 85 fe 05 00 00 41 c6 04 24 20 <e8> ef 80 72 f9 83 eb 01 31 ff 49 83 c4 01 89 de e8 4f 82 72 f9 83
RSP: 0018:ffff8880a9fd7000 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff87f00439
RDX: 0000000000000001 RSI: dffffc0000000000 RDI: 0000000000000005
RBP: 0000000000000002 R08: 0000000000000009 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: ffffffff8d202321
R13: 0000000000000003 R14: ffffffffffffffff R15: ffffffff8d202321
FS: 0000000000000000(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6a840051b8 CR3: 00000000a194c000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vsnprintf+0xf07/0x14f0 lib/vsprintf.c:2385
sprintf+0xc0/0x100 lib/vsprintf.c:2521
print_time kernel/printk/printk.c:1264 [inline]
print_prefix+0x265/0x3f0 kernel/printk/printk.c:1287
msg_print_text+0xcd/0x1c0 kernel/printk/printk.c:1314
console_unlock+0x321/0x1110 kernel/printk/printk.c:2434
vprintk_emit+0x2d1/0x740 kernel/printk/printk.c:1965
dev_vprintk_emit+0x2e3/0x640 drivers/base/core.c:3264
dev_printk_emit+0xbb/0xf0 drivers/base/core.c:3275
__dev_printk+0x108/0x260 drivers/base/core.c:3287
_dev_warn+0xd8/0x110 drivers/base/core.c:3331
hid_parser_main+0x65d/0xb60 drivers/hid/hid-core.c:629
hid_open_report+0x355/0x6e0 drivers/hid/hid-core.c:1089
hid_parse include/linux/hid.h:1032 [inline]
hid_generic_probe+0x4a/0x90 drivers/hid/hid-generic.c:66
hid_device_probe+0x29e/0x3d0 drivers/hid/hid-core.c:2105
really_probe+0x622/0xbd0 drivers/base/dd.c:506
driver_probe_device+0x218/0x340 drivers/base/dd.c:667
__device_attach_driver+0x29e/0x370 drivers/base/dd.c:754
bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:464
__device_attach+0x226/0x470 drivers/base/dd.c:822
bus_probe_device+0x1ea/0x2a0 drivers/base/bus.c:524
device_add+0xb37/0x16d0 drivers/base/core.c:2170
hid_add_device+0x344/0x9e0 drivers/hid/hid-core.c:2257
uhid_device_add_worker+0x3a/0x150 drivers/hid/uhid.c:65
Reply all
Reply to author
Forward
0 new messages