INFO: task hung in do_syscall_64
5 views
Skip to first unread message
syzbot
Nov 17, 2020, 8:17:25 AM11/17/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 27ce4f2a Linux 4.14.206
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=104ce36e500000
kernel config: https://syzkaller.appspot.com/x/.config?x=32258a0e1fac372d
dashboard link: https://syzkaller.appspot.com/bug?extid=cb710adf8e3e3f4f5265
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cb710a...@syzkaller.appspotmail.com
__netdev_start_xmit include/linux/netdevice.h:4039 [inline]
netdev_start_xmit include/linux/netdevice.h:4048 [inline]
xmit_one net/core/dev.c:3005 [inline]
dev_hard_start_xmit+0x188/0x890 net/core/dev.c:3021
sch_direct_xmit+0x251/0x500 net/sched/sch_generic.c:186
__dev_xmit_skb net/core/dev.c:3214 [inline]
__dev_queue_xmit+0x1ab0/0x2480 net/core/dev.c:3489
INFO: task kworker/0:4:9248 blocked for more than 140 seconds.
Not tainted 4.14.206-syzkaller #0
neigh_hh_output include/net/neighbour.h:490 [inline]
neigh_output include/net/neighbour.h:498 [inline]
ip6_finish_output2+0xc6a/0x1f10 net/ipv6/ip6_output.c:120
ip6_fragment+0x2516/0x2f40 net/ipv6/ip6_output.c:745
ip6_finish_output+0x62e/0xaf0 net/ipv6/ip6_output.c:152
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:470 [inline]
ip6_local_out+0x93/0x170 net/ipv6/output_core.c:178
ip6_send_skb+0x9b/0x2f0 net/ipv6/ip6_output.c:1688
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
ip6_push_pending_frames+0xaf/0xd0 net/ipv6/ip6_output.c:1708
rawv6_push_pending_frames net/ipv6/raw.c:618 [inline]
rawv6_sendmsg+0x230b/0x2df0 net/ipv6/raw.c:959
kworker/0:4 D
inet_sendmsg+0x11a/0x4e0 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
sock_no_sendpage+0xe2/0x110 net/core/sock.c:2595
26224 9248 2 0x80000000
kernel_sendpage net/socket.c:3407 [inline]
sock_sendpage+0xdf/0x140 net/socket.c:871
Workqueue: usb_hub_wq hub_event
pipe_to_sendpage+0x226/0x2d0 fs/splice.c:451
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x326/0x7a0 fs/splice.c:626
splice_from_pipe fs/splice.c:661 [inline]
generic_splice_sendpage+0xc1/0x110 fs/splice.c:832
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0xd59/0x1380 fs/splice.c:1382
Call Trace:
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3384
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45deb9
RSP: 002b:00007fcda32d3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000035140 RCX: 000000000045deb9
RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007fcda32d3ca0 R08: 000000000004ffe0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000029
R13: 00007fffd0cb625f R14: 00007fcda32d49c0 R15: 000000000118bfd4
schedule+0x8d/0x1b0 kernel/sched/core.c:3428
usb_kill_urb.part.0+0x125/0x190 drivers/usb/core/urb.c:691
usb_kill_urb+0x7c/0x90 drivers/usb/core/urb.c:686
usb_start_wait_urb+0x209/0x440 drivers/usb/core/message.c:62
usb_internal_control_msg drivers/usb/core/message.c:100 [inline]
usb_control_msg+0x302/0x450 drivers/usb/core/message.c:151
usb_get_descriptor+0xc0/0x160 drivers/usb/core/message.c:652
usb_get_device_descriptor+0x71/0xd0 drivers/usb/core/message.c:924
hub_port_init+0x629/0x2970 drivers/usb/core/hub.c:4647
hub_port_connect drivers/usb/core/hub.c:4905 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5088 [inline]
port_event drivers/usb/core/hub.c:5194 [inline]
hub_event+0x1923/0x3dc0 drivers/usb/core/hub.c:5274
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Showing all locks held in the system:
1 lock held by khungtaskd/1531:
#0: (tasklist_lock){.+.+}, at: [<ffffffff81430c44>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
1 lock held by in:imklog/7673:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff818f8a3b>] __fdget_pos+0x1fb/0x2b0 fs/file.c:769
5 locks held by kworker/0:4/9248:
#0: ("usb_hub_wq"){+.+.}, at: [<ffffffff813735a0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087
#1: ((&hub->events)){+.+.}, at: [<ffffffff813735d6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091
#2: (&dev->mutex){....}, at: [<ffffffff8452ac98>] device_lock include/linux/device.h:1081 [inline]
#2: (&dev->mutex){....}, at: [<ffffffff8452ac98>] hub_event+0x108/0x3dc0 drivers/usb/core/hub.c:5220
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8452c49e>] usb_lock_port drivers/usb/core/hub.c:2934 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8452c49e>] hub_port_connect drivers/usb/core/hub.c:4904 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8452c49e>] hub_port_connect_change drivers/usb/core/hub.c:5088 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8452c49e>] port_event drivers/usb/core/hub.c:5194 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8452c49e>] hub_event+0x190e/0x3dc0 drivers/usb/core/hub.c:5274
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff845207db>] hub_port_init+0x15b/0x2970 drivers/usb/core/hub.c:4429
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 1531 Comm: khungtaskd Not tainted 4.14.206-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x13a/0x17f lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5b9/0xb40 kernel/hung_task.c:274
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 5 Comm: kworker/u4:0 Not tainted 4.14.206-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
task: ffff8880b5ff0140 task.stack: ffff8880b5ff8000
RIP: 0010:__lock_acquire+0x623/0x3f20 kernel/locking/lockdep.c:3468
RSP: 0018:ffff8880b5fffaa8 EFLAGS: 00000802
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff11016bfe147
RDX: 0000000000000004 RSI: ffff8880b5ff0a18 RDI: ffffffff8b9d0180
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000020012
R10: ffff8880b5ff0a18 R11: ffff8880b5ff0140 R12: ffff8880b5ff0a30
R13: 0000000000000012 R14: 0000000000000012 R15: ffffffff8beb2d40
FS: 0000000000000000(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9122ef0000 CR3: 00000000665a8000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
rcu_lock_acquire include/linux/rcupdate.h:242 [inline]
rcu_read_lock include/linux/rcupdate.h:629 [inline]
batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:416 [inline]
batadv_nc_worker+0x124/0xc50 net/batman-adv/network-coding.c:726
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: 34 e3 ff ff 4c 8b 5c 24 20 85 c0 4c 8b 54 24 28 0f 84 70 fb ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 fa 48 c1 ea 03 0f b6 14 02 <4c> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 8e 08 00 00
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 27ce4f2a Linux 4.14.206
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=104ce36e500000
kernel config: https://syzkaller.appspot.com/x/.config?x=32258a0e1fac372d
dashboard link: https://syzkaller.appspot.com/bug?extid=cb710adf8e3e3f4f5265
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cb710a...@syzkaller.appspotmail.com
__netdev_start_xmit include/linux/netdevice.h:4039 [inline]
netdev_start_xmit include/linux/netdevice.h:4048 [inline]
xmit_one net/core/dev.c:3005 [inline]
dev_hard_start_xmit+0x188/0x890 net/core/dev.c:3021
sch_direct_xmit+0x251/0x500 net/sched/sch_generic.c:186
__dev_xmit_skb net/core/dev.c:3214 [inline]
__dev_queue_xmit+0x1ab0/0x2480 net/core/dev.c:3489
INFO: task kworker/0:4:9248 blocked for more than 140 seconds.
Not tainted 4.14.206-syzkaller #0
neigh_hh_output include/net/neighbour.h:490 [inline]
neigh_output include/net/neighbour.h:498 [inline]
ip6_finish_output2+0xc6a/0x1f10 net/ipv6/ip6_output.c:120
ip6_fragment+0x2516/0x2f40 net/ipv6/ip6_output.c:745
ip6_finish_output+0x62e/0xaf0 net/ipv6/ip6_output.c:152
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:470 [inline]
ip6_local_out+0x93/0x170 net/ipv6/output_core.c:178
ip6_send_skb+0x9b/0x2f0 net/ipv6/ip6_output.c:1688
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
ip6_push_pending_frames+0xaf/0xd0 net/ipv6/ip6_output.c:1708
rawv6_push_pending_frames net/ipv6/raw.c:618 [inline]
rawv6_sendmsg+0x230b/0x2df0 net/ipv6/raw.c:959
kworker/0:4 D
inet_sendmsg+0x11a/0x4e0 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
sock_no_sendpage+0xe2/0x110 net/core/sock.c:2595
26224 9248 2 0x80000000
kernel_sendpage net/socket.c:3407 [inline]
sock_sendpage+0xdf/0x140 net/socket.c:871
Workqueue: usb_hub_wq hub_event
pipe_to_sendpage+0x226/0x2d0 fs/splice.c:451
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x326/0x7a0 fs/splice.c:626
splice_from_pipe fs/splice.c:661 [inline]
generic_splice_sendpage+0xc1/0x110 fs/splice.c:832
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0xd59/0x1380 fs/splice.c:1382
Call Trace:
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3384
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45deb9
RSP: 002b:00007fcda32d3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000035140 RCX: 000000000045deb9
RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007fcda32d3ca0 R08: 000000000004ffe0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000029
R13: 00007fffd0cb625f R14: 00007fcda32d49c0 R15: 000000000118bfd4
schedule+0x8d/0x1b0 kernel/sched/core.c:3428
usb_kill_urb.part.0+0x125/0x190 drivers/usb/core/urb.c:691
usb_kill_urb+0x7c/0x90 drivers/usb/core/urb.c:686
usb_start_wait_urb+0x209/0x440 drivers/usb/core/message.c:62
usb_internal_control_msg drivers/usb/core/message.c:100 [inline]
usb_control_msg+0x302/0x450 drivers/usb/core/message.c:151
usb_get_descriptor+0xc0/0x160 drivers/usb/core/message.c:652
usb_get_device_descriptor+0x71/0xd0 drivers/usb/core/message.c:924
hub_port_init+0x629/0x2970 drivers/usb/core/hub.c:4647
hub_port_connect drivers/usb/core/hub.c:4905 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5088 [inline]
port_event drivers/usb/core/hub.c:5194 [inline]
hub_event+0x1923/0x3dc0 drivers/usb/core/hub.c:5274
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Showing all locks held in the system:
1 lock held by khungtaskd/1531:
#0: (tasklist_lock){.+.+}, at: [<ffffffff81430c44>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
1 lock held by in:imklog/7673:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff818f8a3b>] __fdget_pos+0x1fb/0x2b0 fs/file.c:769
5 locks held by kworker/0:4/9248:
#0: ("usb_hub_wq"){+.+.}, at: [<ffffffff813735a0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087
#1: ((&hub->events)){+.+.}, at: [<ffffffff813735d6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091
#2: (&dev->mutex){....}, at: [<ffffffff8452ac98>] device_lock include/linux/device.h:1081 [inline]
#2: (&dev->mutex){....}, at: [<ffffffff8452ac98>] hub_event+0x108/0x3dc0 drivers/usb/core/hub.c:5220
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8452c49e>] usb_lock_port drivers/usb/core/hub.c:2934 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8452c49e>] hub_port_connect drivers/usb/core/hub.c:4904 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8452c49e>] hub_port_connect_change drivers/usb/core/hub.c:5088 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8452c49e>] port_event drivers/usb/core/hub.c:5194 [inline]
#3: (&port_dev->status_lock){+.+.}, at: [<ffffffff8452c49e>] hub_event+0x190e/0x3dc0 drivers/usb/core/hub.c:5274
#4: (hcd->address0_mutex){+.+.}, at: [<ffffffff845207db>] hub_port_init+0x15b/0x2970 drivers/usb/core/hub.c:4429
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 1531 Comm: khungtaskd Not tainted 4.14.206-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x13a/0x17f lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5b9/0xb40 kernel/hung_task.c:274
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 5 Comm: kworker/u4:0 Not tainted 4.14.206-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
task: ffff8880b5ff0140 task.stack: ffff8880b5ff8000
RIP: 0010:__lock_acquire+0x623/0x3f20 kernel/locking/lockdep.c:3468
RSP: 0018:ffff8880b5fffaa8 EFLAGS: 00000802
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff11016bfe147
RDX: 0000000000000004 RSI: ffff8880b5ff0a18 RDI: ffffffff8b9d0180
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000020012
R10: ffff8880b5ff0a18 R11: ffff8880b5ff0140 R12: ffff8880b5ff0a30
R13: 0000000000000012 R14: 0000000000000012 R15: ffffffff8beb2d40
FS: 0000000000000000(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9122ef0000 CR3: 00000000665a8000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
rcu_lock_acquire include/linux/rcupdate.h:242 [inline]
rcu_read_lock include/linux/rcupdate.h:629 [inline]
batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:416 [inline]
batadv_nc_worker+0x124/0xc50 net/batman-adv/network-coding.c:726
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: 34 e3 ff ff 4c 8b 5c 24 20 85 c0 4c 8b 54 24 28 0f 84 70 fb ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 fa 48 c1 ea 03 0f b6 14 02 <4c> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 8e 08 00 00
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 28, 2021, 5:23:13 PM4/28/21
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages