INFO: task hung in __flush_work
3 views
Skip to first unread message
syzbot
Aug 30, 2018, 1:40:03 AM8/30/18
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: b8dcdab36f53 Merge tag 'for-linus-20180825' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=125a020a400000
kernel config: https://syzkaller.appspot.com/x/.config?x=3b576e333ca31bb2
dashboard link: https://syzkaller.appspot.com/bug?extid=6cba6a8b362c20ae3436
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [asma...@codewreck.org da...@davemloft.net
eri...@gmail.com linux-...@vger.kernel.org lu...@ionkov.net
net...@vger.kernel.org v9fs-de...@lists.sourceforge.net]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6cba6a...@syzkaller.appspotmail.com
INFO: task syz-executor0:7393 blocked for more than 140 seconds.
Not tainted 4.18.0+ #208
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0 D23728 7393 4399 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x87c/0x1df0 kernel/sched/core.c:3473
schedule+0xfb/0x450 kernel/sched/core.c:3517
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136
__flush_work+0x59f/0x9c0 kernel/workqueue.c:2917
__cancel_work_timer+0x4c2/0x830 kernel/workqueue.c:3004
cancel_work_sync+0x17/0x20 kernel/workqueue.c:3040
p9_conn_destroy net/9p/trans_fd.c:865 [inline]
p9_fd_close+0x376/0x5c0 net/9p/trans_fd.c:891
p9_client_create+0xa41/0x159b net/9p/client.c:1065
v9fs_session_init+0x21a/0x1a80 fs/9p/v9fs.c:400
v9fs_mount+0x7c/0x900 fs/9p/vfs_super.c:135
mount_fs+0xae/0x328 fs/super.c:1280
vfs_kern_mount.part.33+0xdc/0x4e0 fs/namespace.c:987
vfs_kern_mount fs/namespace.c:977 [inline]
do_new_mount fs/namespace.c:2483 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2813
ksys_mount+0x12d/0x140 fs/namespace.c:3029
__do_sys_mount fs/namespace.c:3043 [inline]
__se_sys_mount fs/namespace.c:3040 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3040
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457089
Code: 08 e8 3b a9 fb ff 48 8b 44 24 20 48 8b 4c 24 18 48 8b 54 24 38 48 8b
7c 24 48 eb 8d 48 8b 6c 24 50 48 83 c4 58 c3 48 89 04 24 <48> 89 5c 24 08
e8 0d a9 fb ff 48 8b 44 24 40 48 8b 4c 24 48 48 8b
RSP: 002b:00007f5662279c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f566227a6d4 RCX: 0000000000457089
RDX: 0000000020000340 RSI: 0000000020000080 RDI: 0000000000000000
RBP: 0000000000930280 R08: 00000000200006c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d2768 R14: 00000000004c7be5 R15: 0000000000000003
Showing all locks held in the system:
1 lock held by khungtaskd/774:
#0: 00000000e0a5b303 (rcu_read_lock){....}, at:
debug_show_all_locks+0xd0/0x428 kernel/locking/lockdep.c:4436
2 locks held by kworker/0:3/2010:
#0: 0000000024682a47 ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:215 [inline]
#0: 0000000024682a47 ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 0000000024682a47 ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 0000000024682a47 ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 0000000024682a47 ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 0000000024682a47 ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 0000000024682a47 ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124
#1: 000000003e23254d ((work_completion)(&m->wq)){+.+.}, at:
process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128
1 lock held by rsyslogd/4262:
2 locks held by getty/4352:
#0: 00000000c913397e (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000009f4013f5 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4353:
#0: 000000004e7f9dc0 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000ee50b3eb (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4354:
#0: 000000001c70920b (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000008314f1ca (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4355:
#0: 0000000044da4696 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000b6b1447b (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4356:
#0: 000000006bfc54dc (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000002754691f (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4357:
#0: 00000000f3b871df (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000854ba3aa (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4358:
#0: 000000001d794eaf (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000009e6f2a1b (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 774 Comm: khungtaskd Not tainted 4.18.0+ #208
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
nmi_cpu_backtrace.cold.3+0x48/0x88 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x151/0x192 lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:144 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline]
watchdog+0xb39/0x1040 kernel/hung_task.c:265
kthread+0x35a/0x420 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
arch/x86/include/asm/irqflags.h:56
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: b8dcdab36f53 Merge tag 'for-linus-20180825' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=125a020a400000
kernel config: https://syzkaller.appspot.com/x/.config?x=3b576e333ca31bb2
dashboard link: https://syzkaller.appspot.com/bug?extid=6cba6a8b362c20ae3436
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [asma...@codewreck.org da...@davemloft.net
eri...@gmail.com linux-...@vger.kernel.org lu...@ionkov.net
net...@vger.kernel.org v9fs-de...@lists.sourceforge.net]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6cba6a...@syzkaller.appspotmail.com
INFO: task syz-executor0:7393 blocked for more than 140 seconds.
Not tainted 4.18.0+ #208
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0 D23728 7393 4399 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x87c/0x1df0 kernel/sched/core.c:3473
schedule+0xfb/0x450 kernel/sched/core.c:3517
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136
__flush_work+0x59f/0x9c0 kernel/workqueue.c:2917
__cancel_work_timer+0x4c2/0x830 kernel/workqueue.c:3004
cancel_work_sync+0x17/0x20 kernel/workqueue.c:3040
p9_conn_destroy net/9p/trans_fd.c:865 [inline]
p9_fd_close+0x376/0x5c0 net/9p/trans_fd.c:891
p9_client_create+0xa41/0x159b net/9p/client.c:1065
v9fs_session_init+0x21a/0x1a80 fs/9p/v9fs.c:400
v9fs_mount+0x7c/0x900 fs/9p/vfs_super.c:135
mount_fs+0xae/0x328 fs/super.c:1280
vfs_kern_mount.part.33+0xdc/0x4e0 fs/namespace.c:987
vfs_kern_mount fs/namespace.c:977 [inline]
do_new_mount fs/namespace.c:2483 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2813
ksys_mount+0x12d/0x140 fs/namespace.c:3029
__do_sys_mount fs/namespace.c:3043 [inline]
__se_sys_mount fs/namespace.c:3040 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3040
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457089
Code: 08 e8 3b a9 fb ff 48 8b 44 24 20 48 8b 4c 24 18 48 8b 54 24 38 48 8b
7c 24 48 eb 8d 48 8b 6c 24 50 48 83 c4 58 c3 48 89 04 24 <48> 89 5c 24 08
e8 0d a9 fb ff 48 8b 44 24 40 48 8b 4c 24 48 48 8b
RSP: 002b:00007f5662279c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f566227a6d4 RCX: 0000000000457089
RDX: 0000000020000340 RSI: 0000000020000080 RDI: 0000000000000000
RBP: 0000000000930280 R08: 00000000200006c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d2768 R14: 00000000004c7be5 R15: 0000000000000003
Showing all locks held in the system:
1 lock held by khungtaskd/774:
#0: 00000000e0a5b303 (rcu_read_lock){....}, at:
debug_show_all_locks+0xd0/0x428 kernel/locking/lockdep.c:4436
2 locks held by kworker/0:3/2010:
#0: 0000000024682a47 ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:215 [inline]
#0: 0000000024682a47 ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 0000000024682a47 ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 0000000024682a47 ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 0000000024682a47 ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 0000000024682a47 ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 0000000024682a47 ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124
#1: 000000003e23254d ((work_completion)(&m->wq)){+.+.}, at:
process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128
1 lock held by rsyslogd/4262:
2 locks held by getty/4352:
#0: 00000000c913397e (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000009f4013f5 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4353:
#0: 000000004e7f9dc0 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000ee50b3eb (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4354:
#0: 000000001c70920b (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000008314f1ca (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4355:
#0: 0000000044da4696 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000b6b1447b (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4356:
#0: 000000006bfc54dc (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000002754691f (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4357:
#0: 00000000f3b871df (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000854ba3aa (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4358:
#0: 000000001d794eaf (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000009e6f2a1b (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 774 Comm: khungtaskd Not tainted 4.18.0+ #208
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
nmi_cpu_backtrace.cold.3+0x48/0x88 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x151/0x192 lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:144 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline]
watchdog+0xb39/0x1040 kernel/hung_task.c:265
kthread+0x35a/0x420 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
arch/x86/include/asm/irqflags.h:56
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot
Sep 4, 2018, 7:12:03 AM9/4/18
to syzkaller-upst...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 60c1f89241d4 Merge tag 'dma-mapping-4.19-2' of git://git.i..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12a2f151400000
kernel config: https://syzkaller.appspot.com/x/.config?x=4c7e83258d6e0156
FS-Cache: O-key=[10] '34323935303732343136'
FS-Cache: N-cookie c=00000000e0fd2fe4 [p=0000000016d1a054 fl=2 nc=0 na=1]
FS-Cache: N-cookie d=00000000b8534715 n=00000000988344d0
FS-Cache: N-key=[10] '34323935303732343136'
INFO: task syz-executor4:6761 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #220
vfs_kern_mount.part.35+0xdc/0x4f0 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2457 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2787
ksys_mount+0x12d/0x140 fs/namespace.c:3003
__do_sys_mount fs/namespace.c:3017 [inline]
__se_sys_mount fs/namespace.c:3014 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3014
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: ff 48 89 f1 48 01 d9 48 39 f9 76 bb 48 01 df 48 01 de fd 48 89 d9 48
c1 e9 03 48 83 e3 07 48 83 ef 08 48 83 ee 08 f3 48 a5 fc <48> 83 c7 08 48
83 c6 08 48 29 df 48 29 de e9 13 ff ff ff 8a 06 8a
RSP: 002b:00007fc85cf84c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fc85cf856d4 RCX: 0000000000457099
INFO: task syz-executor7:6763 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #220
vfs_kern_mount.part.35+0xdc/0x4f0 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2457 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2787
ksys_mount+0x12d/0x140 fs/namespace.c:3003
__do_sys_mount fs/namespace.c:3017 [inline]
__se_sys_mount fs/namespace.c:3014 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3014
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: ff 48 89 f1 48 01 d9 48 39 f9 76 bb 48 01 df 48 01 de fd 48 89 d9 48
c1 e9 03 48 83 e3 07 48 83 ef 08 48 83 ee 08 f3 48 a5 fc <48> 83 c7 08 48
83 c6 08 48 29 df 48 29 de e9 13 ff ff ff 8a 06 8a
RSP: 002b:00007f8f5c943c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f8f5c9446d4 RCX: 0000000000457099
INFO: task syz-executor1:6767 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #220
vfs_kern_mount.part.35+0xdc/0x4f0 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2457 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2787
ksys_mount+0x12d/0x140 fs/namespace.c:3003
__do_sys_mount fs/namespace.c:3017 [inline]
__se_sys_mount fs/namespace.c:3014 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3014
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: ff 48 89 f1 48 01 d9 48 39 f9 76 bb 48 01 df 48 01 de fd 48 89 d9 48
c1 e9 03 48 83 e3 07 48 83 ef 08 48 83 ee 08 f3 48 a5 fc <48> 83 c7 08 48
83 c6 08 48 29 df 48 29 de e9 13 ff ff ff 8a 06 8a
RSP: 002b:00007effeff81c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007effeff826d4 RCX: 0000000000457099
INFO: task syz-executor0:6778 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #220
vfs_kern_mount.part.35+0xdc/0x4f0 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2457 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2787
ksys_mount+0x12d/0x140 fs/namespace.c:3003
__do_sys_mount fs/namespace.c:3017 [inline]
__se_sys_mount fs/namespace.c:3014 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3014
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: ff 48 89 f1 48 01 d9 48 39 f9 76 bb 48 01 df 48 01 de fd 48 89 d9 48
c1 e9 03 48 83 e3 07 48 83 ef 08 48 83 ee 08 f3 48 a5 fc <48> 83 c7 08 48
83 c6 08 48 29 df 48 29 de e9 13 ff ff ff 8a 06 8a
RSP: 002b:00007f0f1a501c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f0f1a5026d4 RCX: 0000000000457099
INFO: task syz-executor5:6786 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #220
vfs_kern_mount.part.35+0xdc/0x4f0 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2457 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2787
ksys_mount+0x12d/0x140 fs/namespace.c:3003
__do_sys_mount fs/namespace.c:3017 [inline]
__se_sys_mount fs/namespace.c:3014 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3014
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: ff 48 89 f1 48 01 d9 48 39 f9 76 bb 48 01 df 48 01 de fd 48 89 d9 48
c1 e9 03 48 83 e3 07 48 83 ef 08 48 83 ee 08 f3 48 a5 fc <48> 83 c7 08 48
83 c6 08 48 29 df 48 29 de e9 13 ff ff ff 8a 06 8a
RSP: 002b:00007f5ce1e47c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f5ce1e486d4 RCX: 0000000000457099
INFO: task syz-executor3:6796 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #220
vfs_kern_mount.part.35+0xdc/0x4f0 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2457 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2787
ksys_mount+0x12d/0x140 fs/namespace.c:3003
__do_sys_mount fs/namespace.c:3017 [inline]
__se_sys_mount fs/namespace.c:3014 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3014
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: ff 48 89 f1 48 01 d9 48 39 f9 76 bb 48 01 df 48 01 de fd 48 89 d9 48
c1 e9 03 48 83 e3 07 48 83 ef 08 48 83 ee 08 f3 48 a5 fc <48> 83 c7 08 48
83 c6 08 48 29 df 48 29 de e9 13 ff ff ff 8a 06 8a
RSP: 002b:00007fd9154a3c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fd9154a46d4 RCX: 0000000000457099
Showing all locks held in the system:
1 lock held by khungtaskd/792:
#0: 000000000e95ae68 (rcu_read_lock){....}, at:
debug_show_all_locks+0xd0/0x428 kernel/locking/lockdep.c:4436
2 locks held by kworker/1:2/2017:
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:215 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124
#1: 00000000e891bf2d ((work_completion)(&m->wq)){+.+.}, at:
process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128
1 lock held by rsyslogd/4534:
#0: 00000000a9629eb8 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
fs/file.c:766
2 locks held by getty/4624:
#0: 00000000ea90a35c (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000bd156fd4 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4625:
#0: 00000000169d0485 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000c4539382 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4626:
#0: 00000000a26a0a94 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000003ec956e0 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4627:
#0: 00000000dcbe9c13 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000001afea02f (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4628:
#0: 00000000d4a69f40 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000c3d9d403 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4629:
#0: 00000000c03b8a61 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000eb4a7587 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4630:
#0: 000000001dace414 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000ea0adf09 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by kworker/0:1/4958:
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:215 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124
#1: 000000008346206e ((work_completion)(&m->wq)){+.+.}, at:
process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128
2 locks held by kworker/1:0/4973:
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:215 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124
#1: 0000000065680b0e ((work_completion)(&m->wq)){+.+.}, at:
process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128
2 locks held by kworker/1:3/5135:
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:215 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124
#1: 00000000cf4ba585 ((work_completion)(&m->wq)){+.+.}, at:
process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128
2 locks held by kworker/1:4/6784:
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:215 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124
#1: 000000008563b2dd ((work_completion)(&m->wq)){+.+.}, at:
process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128
2 locks held by kworker/1:5/6792:
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:215 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124
#1: 000000002a8f7162 ((work_completion)(&m->wq)){+.+.}, at:
process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 792 Comm: khungtaskd Not tainted 4.19.0-rc2+ #220
Code: 66 2e 0f 1f 84 00 00 00 00 00 68 03 ff ff ff e8 56 f2 ff ff e8 d1 27
00 00 e9 4b f3 ff ff 66 90 66 2e 0f 1f 84 00 00 00 00 00 <68> 02 ff ff ff
e8 36 f2 ff ff e8 d1 21 00 00 e9 2b f3 ff ff 66 90
RSP: 0018:ffffffff88007b88 EFLAGS: 00000082
RAX: dffffc0000000000 RBX: 1ffffffff1000f7b RCX: 0000000000000000
RDX: 1ffffffff10237c8 RSI: 0000000000000001 RDI: ffffffff8811be40
RBP: ffffffff88007bb8 R08: ffffffff88075e00 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffffffff88007c78 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000e5a000 CR3: 00000001bbe81000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
default_idle+0xc2/0x410 arch/x86/kernel/process.c:498
arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:489
default_idle_call+0x6d/0x90 kernel/sched/idle.c:93
cpuidle_idle_call kernel/sched/idle.c:153 [inline]
do_idle+0x3aa/0x580 kernel/sched/idle.c:262
cpu_startup_entry+0x10c/0x120 kernel/sched/idle.c:368
rest_init+0xe1/0xe4 init/main.c:442
start_kernel+0x913/0x94e init/main.c:739
x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:452
x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:433
secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242
HEAD commit: 60c1f89241d4 Merge tag 'dma-mapping-4.19-2' of git://git.i..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12a2f151400000
kernel config: https://syzkaller.appspot.com/x/.config?x=4c7e83258d6e0156
dashboard link: https://syzkaller.appspot.com/bug?extid=6cba6a8b362c20ae3436
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11d12ffe400000
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [asma...@codewreck.org da...@davemloft.net
eri...@gmail.com linux-...@vger.kernel.org lu...@ionkov.net
net...@vger.kernel.org v9fs-de...@lists.sourceforge.net]
eri...@gmail.com linux-...@vger.kernel.org lu...@ionkov.net
net...@vger.kernel.org v9fs-de...@lists.sourceforge.net]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6cba6a...@syzkaller.appspotmail.com
FS-Cache: O-cookie d=00000000b8534715 n=000000008beef88a
Reported-by: syzbot+6cba6a...@syzkaller.appspotmail.com
FS-Cache: O-key=[10] '34323935303732343136'
FS-Cache: N-cookie c=00000000e0fd2fe4 [p=0000000016d1a054 fl=2 nc=0 na=1]
FS-Cache: N-cookie d=00000000b8534715 n=00000000988344d0
FS-Cache: N-key=[10] '34323935303732343136'
INFO: task syz-executor4:6761 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #220
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor4 D24208 6761 4671 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x87c/0x1df0 kernel/sched/core.c:3473
schedule+0xfb/0x450 kernel/sched/core.c:3517
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136
__flush_work+0x59f/0x9c0 kernel/workqueue.c:2917
__cancel_work_timer+0x4c2/0x830 kernel/workqueue.c:3004
cancel_work_sync+0x17/0x20 kernel/workqueue.c:3040
p9_conn_destroy net/9p/trans_fd.c:865 [inline]
p9_fd_close+0x376/0x5c0 net/9p/trans_fd.c:891
p9_client_create+0xa41/0x159b net/9p/client.c:1065
v9fs_session_init+0x21a/0x1a80 fs/9p/v9fs.c:400
v9fs_mount+0x7c/0x900 fs/9p/vfs_super.c:135
mount_fs+0xae/0x328 fs/super.c:1261
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x87c/0x1df0 kernel/sched/core.c:3473
schedule+0xfb/0x450 kernel/sched/core.c:3517
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136
__flush_work+0x59f/0x9c0 kernel/workqueue.c:2917
__cancel_work_timer+0x4c2/0x830 kernel/workqueue.c:3004
cancel_work_sync+0x17/0x20 kernel/workqueue.c:3040
p9_conn_destroy net/9p/trans_fd.c:865 [inline]
p9_fd_close+0x376/0x5c0 net/9p/trans_fd.c:891
p9_client_create+0xa41/0x159b net/9p/client.c:1065
v9fs_session_init+0x21a/0x1a80 fs/9p/v9fs.c:400
v9fs_mount+0x7c/0x900 fs/9p/vfs_super.c:135
vfs_kern_mount.part.35+0xdc/0x4f0 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2457 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2787
ksys_mount+0x12d/0x140 fs/namespace.c:3003
__do_sys_mount fs/namespace.c:3017 [inline]
__se_sys_mount fs/namespace.c:3014 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3014
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: ff 48 89 f1 48 01 d9 48 39 f9 76 bb 48 01 df 48 01 de fd 48 89 d9 48
c1 e9 03 48 83 e3 07 48 83 ef 08 48 83 ee 08 f3 48 a5 fc <48> 83 c7 08 48
83 c6 08 48 29 df 48 29 de e9 13 ff ff ff 8a 06 8a
RSP: 002b:00007fc85cf84c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fc85cf856d4 RCX: 0000000000457099
RDX: 0000000020000340 RSI: 0000000020000080 RDI: 0000000000000000
RBP: 0000000000930140 R08: 00000000200006c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d2ec8 R14: 00000000004c7f7e R15: 0000000000000001
INFO: task syz-executor7:6763 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #220
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor7 D24280 6763 4679 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x87c/0x1df0 kernel/sched/core.c:3473
schedule+0xfb/0x450 kernel/sched/core.c:3517
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136
__flush_work+0x59f/0x9c0 kernel/workqueue.c:2917
__cancel_work_timer+0x4c2/0x830 kernel/workqueue.c:3004
cancel_work_sync+0x17/0x20 kernel/workqueue.c:3040
p9_conn_destroy net/9p/trans_fd.c:865 [inline]
p9_fd_close+0x376/0x5c0 net/9p/trans_fd.c:891
p9_client_create+0xa41/0x159b net/9p/client.c:1065
v9fs_session_init+0x21a/0x1a80 fs/9p/v9fs.c:400
v9fs_mount+0x7c/0x900 fs/9p/vfs_super.c:135
mount_fs+0xae/0x328 fs/super.c:1261
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x87c/0x1df0 kernel/sched/core.c:3473
schedule+0xfb/0x450 kernel/sched/core.c:3517
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136
__flush_work+0x59f/0x9c0 kernel/workqueue.c:2917
__cancel_work_timer+0x4c2/0x830 kernel/workqueue.c:3004
cancel_work_sync+0x17/0x20 kernel/workqueue.c:3040
p9_conn_destroy net/9p/trans_fd.c:865 [inline]
p9_fd_close+0x376/0x5c0 net/9p/trans_fd.c:891
p9_client_create+0xa41/0x159b net/9p/client.c:1065
v9fs_session_init+0x21a/0x1a80 fs/9p/v9fs.c:400
v9fs_mount+0x7c/0x900 fs/9p/vfs_super.c:135
vfs_kern_mount.part.35+0xdc/0x4f0 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2457 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2787
ksys_mount+0x12d/0x140 fs/namespace.c:3003
__do_sys_mount fs/namespace.c:3017 [inline]
__se_sys_mount fs/namespace.c:3014 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3014
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: ff 48 89 f1 48 01 d9 48 39 f9 76 bb 48 01 df 48 01 de fd 48 89 d9 48
c1 e9 03 48 83 e3 07 48 83 ef 08 48 83 ee 08 f3 48 a5 fc <48> 83 c7 08 48
83 c6 08 48 29 df 48 29 de e9 13 ff ff ff 8a 06 8a
RSP: 002b:00007f8f5c943c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f8f5c9446d4 RCX: 0000000000457099
RDX: 0000000020000340 RSI: 0000000020000080 RDI: 0000000000000000
RBP: 0000000000930140 R08: 00000000200006c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d2ec8 R14: 00000000004c7f7e R15: 0000000000000001
INFO: task syz-executor1:6767 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #220
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor1 D23728 6767 4680 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x87c/0x1df0 kernel/sched/core.c:3473
schedule+0xfb/0x450 kernel/sched/core.c:3517
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136
__flush_work+0x59f/0x9c0 kernel/workqueue.c:2917
__cancel_work_timer+0x4c2/0x830 kernel/workqueue.c:3004
cancel_work_sync+0x17/0x20 kernel/workqueue.c:3040
p9_conn_destroy net/9p/trans_fd.c:865 [inline]
p9_fd_close+0x376/0x5c0 net/9p/trans_fd.c:891
p9_client_create+0xa41/0x159b net/9p/client.c:1065
v9fs_session_init+0x21a/0x1a80 fs/9p/v9fs.c:400
v9fs_mount+0x7c/0x900 fs/9p/vfs_super.c:135
mount_fs+0xae/0x328 fs/super.c:1261
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x87c/0x1df0 kernel/sched/core.c:3473
schedule+0xfb/0x450 kernel/sched/core.c:3517
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136
__flush_work+0x59f/0x9c0 kernel/workqueue.c:2917
__cancel_work_timer+0x4c2/0x830 kernel/workqueue.c:3004
cancel_work_sync+0x17/0x20 kernel/workqueue.c:3040
p9_conn_destroy net/9p/trans_fd.c:865 [inline]
p9_fd_close+0x376/0x5c0 net/9p/trans_fd.c:891
p9_client_create+0xa41/0x159b net/9p/client.c:1065
v9fs_session_init+0x21a/0x1a80 fs/9p/v9fs.c:400
v9fs_mount+0x7c/0x900 fs/9p/vfs_super.c:135
vfs_kern_mount.part.35+0xdc/0x4f0 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2457 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2787
ksys_mount+0x12d/0x140 fs/namespace.c:3003
__do_sys_mount fs/namespace.c:3017 [inline]
__se_sys_mount fs/namespace.c:3014 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3014
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: ff 48 89 f1 48 01 d9 48 39 f9 76 bb 48 01 df 48 01 de fd 48 89 d9 48
c1 e9 03 48 83 e3 07 48 83 ef 08 48 83 ee 08 f3 48 a5 fc <48> 83 c7 08 48
83 c6 08 48 29 df 48 29 de e9 13 ff ff ff 8a 06 8a
RSP: 002b:00007effeff81c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007effeff826d4 RCX: 0000000000457099
RDX: 0000000020000340 RSI: 0000000020000080 RDI: 0000000000000000
RBP: 0000000000930140 R08: 00000000200006c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d2ec8 R14: 00000000004c7f7e R15: 0000000000000001
INFO: task syz-executor0:6778 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #220
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0 D24208 6778 4672 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x87c/0x1df0 kernel/sched/core.c:3473
schedule+0xfb/0x450 kernel/sched/core.c:3517
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136
__flush_work+0x59f/0x9c0 kernel/workqueue.c:2917
__cancel_work_timer+0x4c2/0x830 kernel/workqueue.c:3004
cancel_work_sync+0x17/0x20 kernel/workqueue.c:3040
p9_conn_destroy net/9p/trans_fd.c:865 [inline]
p9_fd_close+0x376/0x5c0 net/9p/trans_fd.c:891
p9_client_create+0xa41/0x159b net/9p/client.c:1065
v9fs_session_init+0x21a/0x1a80 fs/9p/v9fs.c:400
v9fs_mount+0x7c/0x900 fs/9p/vfs_super.c:135
mount_fs+0xae/0x328 fs/super.c:1261
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x87c/0x1df0 kernel/sched/core.c:3473
schedule+0xfb/0x450 kernel/sched/core.c:3517
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136
__flush_work+0x59f/0x9c0 kernel/workqueue.c:2917
__cancel_work_timer+0x4c2/0x830 kernel/workqueue.c:3004
cancel_work_sync+0x17/0x20 kernel/workqueue.c:3040
p9_conn_destroy net/9p/trans_fd.c:865 [inline]
p9_fd_close+0x376/0x5c0 net/9p/trans_fd.c:891
p9_client_create+0xa41/0x159b net/9p/client.c:1065
v9fs_session_init+0x21a/0x1a80 fs/9p/v9fs.c:400
v9fs_mount+0x7c/0x900 fs/9p/vfs_super.c:135
vfs_kern_mount.part.35+0xdc/0x4f0 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2457 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2787
ksys_mount+0x12d/0x140 fs/namespace.c:3003
__do_sys_mount fs/namespace.c:3017 [inline]
__se_sys_mount fs/namespace.c:3014 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3014
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: ff 48 89 f1 48 01 d9 48 39 f9 76 bb 48 01 df 48 01 de fd 48 89 d9 48
c1 e9 03 48 83 e3 07 48 83 ef 08 48 83 ee 08 f3 48 a5 fc <48> 83 c7 08 48
83 c6 08 48 29 df 48 29 de e9 13 ff ff ff 8a 06 8a
RSP: 002b:00007f0f1a501c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f0f1a5026d4 RCX: 0000000000457099
RDX: 0000000020000340 RSI: 0000000020000080 RDI: 0000000000000000
RBP: 0000000000930140 R08: 00000000200006c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d2ec8 R14: 00000000004c7f7e R15: 0000000000000001
INFO: task syz-executor5:6786 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #220
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor5 D23728 6786 4676 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x87c/0x1df0 kernel/sched/core.c:3473
schedule+0xfb/0x450 kernel/sched/core.c:3517
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136
__flush_work+0x59f/0x9c0 kernel/workqueue.c:2917
__cancel_work_timer+0x4c2/0x830 kernel/workqueue.c:3004
cancel_work_sync+0x17/0x20 kernel/workqueue.c:3040
p9_conn_destroy net/9p/trans_fd.c:865 [inline]
p9_fd_close+0x376/0x5c0 net/9p/trans_fd.c:891
p9_client_create+0xa41/0x159b net/9p/client.c:1065
v9fs_session_init+0x21a/0x1a80 fs/9p/v9fs.c:400
v9fs_mount+0x7c/0x900 fs/9p/vfs_super.c:135
mount_fs+0xae/0x328 fs/super.c:1261
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x87c/0x1df0 kernel/sched/core.c:3473
schedule+0xfb/0x450 kernel/sched/core.c:3517
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136
__flush_work+0x59f/0x9c0 kernel/workqueue.c:2917
__cancel_work_timer+0x4c2/0x830 kernel/workqueue.c:3004
cancel_work_sync+0x17/0x20 kernel/workqueue.c:3040
p9_conn_destroy net/9p/trans_fd.c:865 [inline]
p9_fd_close+0x376/0x5c0 net/9p/trans_fd.c:891
p9_client_create+0xa41/0x159b net/9p/client.c:1065
v9fs_session_init+0x21a/0x1a80 fs/9p/v9fs.c:400
v9fs_mount+0x7c/0x900 fs/9p/vfs_super.c:135
vfs_kern_mount.part.35+0xdc/0x4f0 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2457 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2787
ksys_mount+0x12d/0x140 fs/namespace.c:3003
__do_sys_mount fs/namespace.c:3017 [inline]
__se_sys_mount fs/namespace.c:3014 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3014
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: ff 48 89 f1 48 01 d9 48 39 f9 76 bb 48 01 df 48 01 de fd 48 89 d9 48
c1 e9 03 48 83 e3 07 48 83 ef 08 48 83 ee 08 f3 48 a5 fc <48> 83 c7 08 48
83 c6 08 48 29 df 48 29 de e9 13 ff ff ff 8a 06 8a
RSP: 002b:00007f5ce1e47c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f5ce1e486d4 RCX: 0000000000457099
RDX: 0000000020000340 RSI: 0000000020000080 RDI: 0000000000000000
RBP: 0000000000930140 R08: 00000000200006c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d2ec8 R14: 00000000004c7f7e R15: 0000000000000001
INFO: task syz-executor3:6796 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #220
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor3 D24208 6796 4669 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x87c/0x1df0 kernel/sched/core.c:3473
schedule+0xfb/0x450 kernel/sched/core.c:3517
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136
__flush_work+0x59f/0x9c0 kernel/workqueue.c:2917
__cancel_work_timer+0x4c2/0x830 kernel/workqueue.c:3004
cancel_work_sync+0x17/0x20 kernel/workqueue.c:3040
p9_conn_destroy net/9p/trans_fd.c:865 [inline]
p9_fd_close+0x376/0x5c0 net/9p/trans_fd.c:891
p9_client_create+0xa41/0x159b net/9p/client.c:1065
v9fs_session_init+0x21a/0x1a80 fs/9p/v9fs.c:400
v9fs_mount+0x7c/0x900 fs/9p/vfs_super.c:135
mount_fs+0xae/0x328 fs/super.c:1261
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x87c/0x1df0 kernel/sched/core.c:3473
schedule+0xfb/0x450 kernel/sched/core.c:3517
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x430/0x8d0 kernel/sched/completion.c:136
__flush_work+0x59f/0x9c0 kernel/workqueue.c:2917
__cancel_work_timer+0x4c2/0x830 kernel/workqueue.c:3004
cancel_work_sync+0x17/0x20 kernel/workqueue.c:3040
p9_conn_destroy net/9p/trans_fd.c:865 [inline]
p9_fd_close+0x376/0x5c0 net/9p/trans_fd.c:891
p9_client_create+0xa41/0x159b net/9p/client.c:1065
v9fs_session_init+0x21a/0x1a80 fs/9p/v9fs.c:400
v9fs_mount+0x7c/0x900 fs/9p/vfs_super.c:135
vfs_kern_mount.part.35+0xdc/0x4f0 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2457 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2787
ksys_mount+0x12d/0x140 fs/namespace.c:3003
__do_sys_mount fs/namespace.c:3017 [inline]
__se_sys_mount fs/namespace.c:3014 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3014
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: ff 48 89 f1 48 01 d9 48 39 f9 76 bb 48 01 df 48 01 de fd 48 89 d9 48
c1 e9 03 48 83 e3 07 48 83 ef 08 48 83 ee 08 f3 48 a5 fc <48> 83 c7 08 48
83 c6 08 48 29 df 48 29 de e9 13 ff ff ff 8a 06 8a
RSP: 002b:00007fd9154a3c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fd9154a46d4 RCX: 0000000000457099
RDX: 0000000020000340 RSI: 0000000020000080 RDI: 0000000000000000
RBP: 0000000000930140 R08: 00000000200006c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d2ec8 R14: 00000000004c7f7e R15: 0000000000000001
Showing all locks held in the system:
#0: 000000000e95ae68 (rcu_read_lock){....}, at:
debug_show_all_locks+0xd0/0x428 kernel/locking/lockdep.c:4436
2 locks held by kworker/1:2/2017:
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:215 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124
#1: 00000000e891bf2d ((work_completion)(&m->wq)){+.+.}, at:
process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128
1 lock held by rsyslogd/4534:
#0: 00000000a9629eb8 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
fs/file.c:766
2 locks held by getty/4624:
#0: 00000000ea90a35c (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000bd156fd4 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4625:
#0: 00000000169d0485 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000c4539382 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4626:
#0: 00000000a26a0a94 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000003ec956e0 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4627:
#0: 00000000dcbe9c13 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000001afea02f (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4628:
#0: 00000000d4a69f40 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000c3d9d403 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4629:
#0: 00000000c03b8a61 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000eb4a7587 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4630:
#0: 000000001dace414 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000ea0adf09 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by kworker/0:1/4958:
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:215 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124
#1: 000000008346206e ((work_completion)(&m->wq)){+.+.}, at:
process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128
2 locks held by kworker/1:0/4973:
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:215 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124
#1: 0000000065680b0e ((work_completion)(&m->wq)){+.+.}, at:
process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128
2 locks held by kworker/1:3/5135:
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:215 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124
#1: 00000000cf4ba585 ((work_completion)(&m->wq)){+.+.}, at:
process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128
2 locks held by kworker/1:4/6784:
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:215 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124
#1: 000000008563b2dd ((work_completion)(&m->wq)){+.+.}, at:
process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128
2 locks held by kworker/1:5/6792:
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:215 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 00000000833bda7a ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb44/0x1aa0 kernel/workqueue.c:2124
#1: 000000002a8f7162 ((work_completion)(&m->wq)){+.+.}, at:
process_one_work+0xb9b/0x1aa0 kernel/workqueue.c:2128
=============================================
NMI backtrace for cpu 1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
nmi_cpu_backtrace.cold.3+0x48/0x88 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x151/0x192 lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:144 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline]
watchdog+0xb39/0x1040 kernel/hung_task.c:265
kthread+0x35a/0x420 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.0-rc2+ #220
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
nmi_cpu_backtrace.cold.3+0x48/0x88 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x151/0x192 lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:144 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline]
watchdog+0xb39/0x1040 kernel/hung_task.c:265
kthread+0x35a/0x420 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:reschedule_interrupt+0x0/0x20 arch/x86/entry/entry_64.S:887
Google 01/01/2011
Code: 66 2e 0f 1f 84 00 00 00 00 00 68 03 ff ff ff e8 56 f2 ff ff e8 d1 27
00 00 e9 4b f3 ff ff 66 90 66 2e 0f 1f 84 00 00 00 00 00 <68> 02 ff ff ff
e8 36 f2 ff ff e8 d1 21 00 00 e9 2b f3 ff ff 66 90
RSP: 0018:ffffffff88007b88 EFLAGS: 00000082
RAX: dffffc0000000000 RBX: 1ffffffff1000f7b RCX: 0000000000000000
RDX: 1ffffffff10237c8 RSI: 0000000000000001 RDI: ffffffff8811be40
RBP: ffffffff88007bb8 R08: ffffffff88075e00 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffffffff88007c78 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000e5a000 CR3: 00000001bbe81000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
default_idle+0xc2/0x410 arch/x86/kernel/process.c:498
arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:489
default_idle_call+0x6d/0x90 kernel/sched/idle.c:93
cpuidle_idle_call kernel/sched/idle.c:153 [inline]
do_idle+0x3aa/0x580 kernel/sched/idle.c:262
cpu_startup_entry+0x10c/0x120 kernel/sched/idle.c:368
rest_init+0xe1/0xe4 init/main.c:442
start_kernel+0x913/0x94e init/main.c:739
x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:452
x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:433
secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242
syzbot
Dec 25, 2018, 10:01:04 PM12/25/18
to syzkaller-upst...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 90cadbbf341d Merge git://git.kernel.org/pub/scm/linux/kern..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=10a565c7400000
kernel config: https://syzkaller.appspot.com/x/.config?x=9d41c8529d7e7362
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1222d29b400000
CC: [avi...@mellanox.com bor...@mellanox.com
dan...@iogearbox.net davej...@fb.com da...@davemloft.net
john.fa...@gmail.com linux-...@vger.kernel.org
net...@vger.kernel.org net...@vger.kernel.org]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6cba6a...@syzkaller.appspotmail.com
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending
cookies. Check SNMP counters.
INFO: task syz-executor925:7871 blocked for more than 140 seconds.
Not tainted 4.20.0-rc7+ #360
Call Trace:
context_switch kernel/sched/core.c:2831 [inline]
__schedule+0x86c/0x1ed0 kernel/sched/core.c:3472
schedule+0xfe/0x460 kernel/sched/core.c:3516
__flush_work+0x59c/0x9b0 kernel/workqueue.c:2917
__cancel_work_timer+0x4ba/0x820 kernel/workqueue.c:3004
cancel_delayed_work_sync+0x1a/0x20 kernel/workqueue.c:3136
tls_sw_free_resources_tx+0x1df/0xcf0 net/tls/tls_sw.c:1795
tls_sk_proto_close+0x602/0x750 net/tls/tls_main.c:280
inet_release+0x104/0x1f0 net/ipv4/af_inet.c:428
inet6_release+0x50/0x70 net/ipv6/af_inet6.c:458
__sock_release+0xd7/0x250 net/socket.c:579
sock_close+0x19/0x20 net/socket.c:1141
__fput+0x385/0xa30 fs/file_table.c:278
____fput+0x15/0x20 fs/file_table.c:309
task_work_run+0x1e8/0x2a0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166
prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x401010
Code: 01 f0 ff ff 0f 83 b0 0a 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f
44 00 00 83 3d bd 16 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff
ff 0f 83 84 0a 00 00 c3 48 83 ec 08 e8 3a 01 00 00
RSP: 002b:00007ffec7856f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000401010
RDX: 00000000e0ffffff RSI: 00000000200005c0 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401f20
R13: 0000000000401fb0 R14: 0000000000000000 R15: 0000000000000000
Showing all locks held in the system:
2 locks held by kworker/0:0/5:
#0: 000000006d11dec0 ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:218 [inline]
#0: 000000006d11dec0 ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 000000006d11dec0 ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 000000006d11dec0 ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 000000006d11dec0 ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 000000006d11dec0 ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 000000006d11dec0 ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb43/0x1c40 kernel/workqueue.c:2124
#1: 00000000ccfe6c9a
((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}, at:
process_one_work+0xb9a/0x1c40 kernel/workqueue.c:2128
1 lock held by khungtaskd/1014:
#0: 00000000153ed952 (rcu_read_lock){....}, at:
debug_show_all_locks+0xd0/0x424 kernel/locking/lockdep.c:4379
1 lock held by rsyslogd/7757:
#0: 0000000034b64696 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
fs/file.c:766
2 locks held by getty/7847:
#0: 00000000d063ffb7 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 0000000045d4d183 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/7848:
#0: 00000000dda11696 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000a02eb135 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/7849:
#0: 0000000013f4e4e1 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000f6bb4c99 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/7850:
#0: 00000000daef1117 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000229b8dfc (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/7851:
#0: 000000005093d448 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000bca705ed (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/7852:
#0: 000000000f124289 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000a9adbb34 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/7853:
#0: 0000000027476b58 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000007cc578ce (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by syz-executor925/7871:
#0: 00000000997b6df5 (&sb->s_type->i_mutex_key#11){+.+.}, at: inode_lock
include/linux/fs.h:757 [inline]
#0: 00000000997b6df5 (&sb->s_type->i_mutex_key#11){+.+.}, at:
__sock_release+0x8b/0x250 net/socket.c:578
#1: 00000000af711cb5 (sk_lock-AF_INET6){+.+.}, at: lock_sock
include/net/sock.h:1502 [inline]
#1: 00000000af711cb5 (sk_lock-AF_INET6){+.+.}, at:
wait_on_pending_writer+0x27c/0x5b0 net/tls/tls_main.c:89
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 1014 Comm: khungtaskd Not tainted 4.20.0-rc7+ #360
nmi_cpu_backtrace.cold.4+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1c2/0x22c lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline]
watchdog+0xb51/0x1060 kernel/hung_task.c:289
kthread+0x35a/0x440 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
HEAD commit: 90cadbbf341d Merge git://git.kernel.org/pub/scm/linux/kern..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=10a565c7400000
kernel config: https://syzkaller.appspot.com/x/.config?x=9d41c8529d7e7362
dashboard link: https://syzkaller.appspot.com/bug?extid=6cba6a8b362c20ae3436
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12a6629b400000
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1222d29b400000
CC: [avi...@mellanox.com bor...@mellanox.com
dan...@iogearbox.net davej...@fb.com da...@davemloft.net
john.fa...@gmail.com linux-...@vger.kernel.org
net...@vger.kernel.org net...@vger.kernel.org]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6cba6a...@syzkaller.appspotmail.com
cookies. Check SNMP counters.
INFO: task syz-executor925:7871 blocked for more than 140 seconds.
Not tainted 4.20.0-rc7+ #360
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor925 D19912 7871 7870 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2831 [inline]
__schedule+0x86c/0x1ed0 kernel/sched/core.c:3472
schedule+0xfe/0x460 kernel/sched/core.c:3516
schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
wait_for_completion+0x427/0x8a0 kernel/sched/completion.c:136
do_wait_for_common kernel/sched/completion.c:83 [inline]
__wait_for_common kernel/sched/completion.c:104 [inline]
wait_for_common kernel/sched/completion.c:115 [inline]
__flush_work+0x59c/0x9b0 kernel/workqueue.c:2917
__cancel_work_timer+0x4ba/0x820 kernel/workqueue.c:3004
cancel_delayed_work_sync+0x1a/0x20 kernel/workqueue.c:3136
tls_sw_free_resources_tx+0x1df/0xcf0 net/tls/tls_sw.c:1795
tls_sk_proto_close+0x602/0x750 net/tls/tls_main.c:280
inet_release+0x104/0x1f0 net/ipv4/af_inet.c:428
inet6_release+0x50/0x70 net/ipv6/af_inet6.c:458
__sock_release+0xd7/0x250 net/socket.c:579
sock_close+0x19/0x20 net/socket.c:1141
__fput+0x385/0xa30 fs/file_table.c:278
____fput+0x15/0x20 fs/file_table.c:309
task_work_run+0x1e8/0x2a0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166
prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x401010
Code: 01 f0 ff ff 0f 83 b0 0a 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f
44 00 00 83 3d bd 16 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff
ff 0f 83 84 0a 00 00 c3 48 83 ec 08 e8 3a 01 00 00
RSP: 002b:00007ffec7856f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000401010
RDX: 00000000e0ffffff RSI: 00000000200005c0 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401f20
R13: 0000000000401fb0 R14: 0000000000000000 R15: 0000000000000000
Showing all locks held in the system:
#0: 000000006d11dec0 ((wq_completion)"events"){+.+.}, at:
__write_once_size include/linux/compiler.h:218 [inline]
#0: 000000006d11dec0 ((wq_completion)"events"){+.+.}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 000000006d11dec0 ((wq_completion)"events"){+.+.}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:40 [inline]
#0: 000000006d11dec0 ((wq_completion)"events"){+.+.}, at: atomic_long_set
include/asm-generic/atomic-long.h:59 [inline]
#0: 000000006d11dec0 ((wq_completion)"events"){+.+.}, at: set_work_data
kernel/workqueue.c:617 [inline]
#0: 000000006d11dec0 ((wq_completion)"events"){+.+.}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 000000006d11dec0 ((wq_completion)"events"){+.+.}, at:
process_one_work+0xb43/0x1c40 kernel/workqueue.c:2124
#1: 00000000ccfe6c9a
((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}, at:
process_one_work+0xb9a/0x1c40 kernel/workqueue.c:2128
1 lock held by khungtaskd/1014:
#0: 00000000153ed952 (rcu_read_lock){....}, at:
debug_show_all_locks+0xd0/0x424 kernel/locking/lockdep.c:4379
1 lock held by rsyslogd/7757:
#0: 0000000034b64696 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
fs/file.c:766
2 locks held by getty/7847:
#0: 00000000d063ffb7 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 0000000045d4d183 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/7848:
#0: 00000000dda11696 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000a02eb135 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/7849:
#0: 0000000013f4e4e1 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000f6bb4c99 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/7850:
#0: 00000000daef1117 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000229b8dfc (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/7851:
#0: 000000005093d448 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000bca705ed (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/7852:
#0: 000000000f124289 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000a9adbb34 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/7853:
#0: 0000000027476b58 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000007cc578ce (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by syz-executor925/7871:
#0: 00000000997b6df5 (&sb->s_type->i_mutex_key#11){+.+.}, at: inode_lock
include/linux/fs.h:757 [inline]
#0: 00000000997b6df5 (&sb->s_type->i_mutex_key#11){+.+.}, at:
__sock_release+0x8b/0x250 net/socket.c:578
#1: 00000000af711cb5 (sk_lock-AF_INET6){+.+.}, at: lock_sock
include/net/sock.h:1502 [inline]
#1: 00000000af711cb5 (sk_lock-AF_INET6){+.+.}, at:
wait_on_pending_writer+0x27c/0x5b0 net/tls/tls_main.c:89
=============================================
NMI backtrace for cpu 1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1d3/0x2c6 lib/dump_stack.c:113
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
nmi_cpu_backtrace.cold.4+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1c2/0x22c lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline]
watchdog+0xb51/0x1060 kernel/hung_task.c:289
kthread+0x35a/0x440 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
arch/x86/include/asm/irqflags.h:57
NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
Dmitry Vyukov
Feb 16, 2019, 2:00:15 AM2/16/19
to syzbot, 'Dmitry Vyukov' via syzkaller-upstream-moderation
#syz upstream
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/0000000000005ca547057de40a8c%40google.com.
> For more options, visit https://groups.google.com/d/optout.
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/0000000000005ca547057de40a8c%40google.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages