INFO: task hung in packet_set_ring
5 views
Skip to first unread message
syzbot
Sep 10, 2018, 3:41:06 AM9/10/18
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 7a8c7f5c30f9 net: dsa: b53: Fix build with B53_SRAB enable..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=10085cd1400000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f59875069d721b6
dashboard link: https://syzkaller.appspot.com/bug?extid=25642136312e529d48c9
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [alexande...@intel.com da...@davemloft.net
edum...@google.com kees...@chromium.org ktk...@virtuozzo.com
linux-...@vger.kernel.org liron...@baidu.com magnus....@intel.com
mal...@google.com net...@vger.kernel.org vincent.w...@axis.com
wil...@google.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+256421...@syzkaller.appspotmail.com
EXT4-fs (sda1): resizing filesystem from 524032 to 524032 blocks
openvswitch: netlink: Message has 12 unknown bytes.
EXT4-fs (sda1): resizing filesystem from 524032 to 524032 blocks
INFO: task syz-executor2:23945 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #209
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor2 D23816 23945 5363 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x86c/0x1ed0 kernel/sched/core.c:3473
schedule+0xfe/0x460 kernel/sched/core.c:3517
exp_funnel_lock kernel/rcu/tree_exp.h:320 [inline]
_synchronize_rcu_expedited+0xc68/0xfd0 kernel/rcu/tree_exp.h:667
synchronize_rcu_expedited+0x35/0xb0 kernel/rcu/tree_exp.h:795
synchronize_net+0x3b/0x60 net/core/dev.c:9015
packet_set_ring+0x286/0x1da0 net/packet/af_packet.c:4336
packet_setsockopt+0x16ef/0x23b0 net/packet/af_packet.c:3646
__sys_setsockopt+0x1ba/0x3c0 net/socket.c:1900
__do_sys_setsockopt net/socket.c:1911 [inline]
__se_sys_setsockopt net/socket.c:1908 [inline]
__x64_sys_setsockopt+0xbe/0x150 net/socket.c:1908
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: Bad RIP value.
RSP: 002b:00007f0f8b711c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f0f8b7126d4 RCX: 0000000000457099
RDX: 000000000000000d RSI: 0000000000000107 RDI: 0000000000000006
RBP: 00000000009301e0 R08: 0000000000000717 R09: 0000000000000000
R10: 0000000020001000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d4ed8 R14: 00000000004c9283 R15: 0000000000000002
INFO: task syz-executor2:23952 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #209
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor2 D25632 23952 5363 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x86c/0x1ed0 kernel/sched/core.c:3473
schedule+0xfe/0x460 kernel/sched/core.c:3517
__lock_sock+0x1fb/0x350 net/core/sock.c:2312
lock_sock_nested+0xfe/0x120 net/core/sock.c:2834
lock_sock include/net/sock.h:1491 [inline]
packet_do_bind+0x9c/0xdb0 net/packet/af_packet.c:3044
packet_bind+0x15d/0x1b0 net/packet/af_packet.c:3165
__sys_bind+0x331/0x440 net/socket.c:1481
__do_sys_bind net/socket.c:1492 [inline]
__se_sys_bind net/socket.c:1490 [inline]
__x64_sys_bind+0x73/0xb0 net/socket.c:1490
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: 48 8b 54 24 38 48 8b 7c 24 48 eb 8d 48 8b 6c 24 50 48 83 c4 58 c3 48
89 04 24 48 89 5c 24 08 e8 fd a8 fb ff 48 8b 44 24 40 48 <8b> 4c 24 48 48
8b 54 24 38 4c 8b 54 24 18 e9 ee fe ff ff 48 89 74
RSP: 002b:00007f0f8b6f0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
RAX: ffffffffffffffda RBX: 00007f0f8b6f16d4 RCX: 0000000000457099
RDX: 0000000000000014 RSI: 0000000020000200 RDI: 0000000000000006
RBP: 0000000000930280 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004cb740 R14: 00000000004c316a R15: 0000000000000003
Showing all locks held in the system:
1 lock held by khungtaskd/984:
#0: 000000002e46c48c (rcu_read_lock){....}, at:
debug_show_all_locks+0xd0/0x424 kernel/locking/lockdep.c:4436
1 lock held by rsyslogd/5214:
#0: 00000000006f872b (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
fs/file.c:766
2 locks held by getty/5305:
#0: 000000004d5f310e (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000006bd8f0d8 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/5306:
#0: 0000000083d44ee1 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 0000000037826e21 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/5307:
#0: 00000000d17a2374 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000c91f4f6b (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/5308:
#0: 000000002faa7b77 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000b187444f (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/5309:
#0: 000000005b78bdb7 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000001f8efc2f (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/5310:
#0: 000000005e5d92ad (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 0000000005d8cff2 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/5311:
#0: 00000000050b1c60 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 0000000068bd9ec5 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
1 lock held by syz-executor2/23945:
#0: 00000000c05f9376 (sk_lock-AF_PACKET){+.+.}, at: lock_sock
include/net/sock.h:1491 [inline]
#0: 00000000c05f9376 (sk_lock-AF_PACKET){+.+.}, at:
packet_setsockopt+0x602/0x23b0 net/packet/af_packet.c:3629
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 984 Comm: khungtaskd Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
nmi_cpu_backtrace.cold.3+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1b3/0x1ed lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:144 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline]
watchdog+0xb3e/0x1050 kernel/hung_task.c:265
kthread+0x35a/0x420 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10
arch/x86/include/asm/irqflags.h:57
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 7a8c7f5c30f9 net: dsa: b53: Fix build with B53_SRAB enable..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=10085cd1400000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f59875069d721b6
dashboard link: https://syzkaller.appspot.com/bug?extid=25642136312e529d48c9
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [alexande...@intel.com da...@davemloft.net
edum...@google.com kees...@chromium.org ktk...@virtuozzo.com
linux-...@vger.kernel.org liron...@baidu.com magnus....@intel.com
mal...@google.com net...@vger.kernel.org vincent.w...@axis.com
wil...@google.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+256421...@syzkaller.appspotmail.com
EXT4-fs (sda1): resizing filesystem from 524032 to 524032 blocks
openvswitch: netlink: Message has 12 unknown bytes.
EXT4-fs (sda1): resizing filesystem from 524032 to 524032 blocks
INFO: task syz-executor2:23945 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #209
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor2 D23816 23945 5363 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x86c/0x1ed0 kernel/sched/core.c:3473
schedule+0xfe/0x460 kernel/sched/core.c:3517
exp_funnel_lock kernel/rcu/tree_exp.h:320 [inline]
_synchronize_rcu_expedited+0xc68/0xfd0 kernel/rcu/tree_exp.h:667
synchronize_rcu_expedited+0x35/0xb0 kernel/rcu/tree_exp.h:795
synchronize_net+0x3b/0x60 net/core/dev.c:9015
packet_set_ring+0x286/0x1da0 net/packet/af_packet.c:4336
packet_setsockopt+0x16ef/0x23b0 net/packet/af_packet.c:3646
__sys_setsockopt+0x1ba/0x3c0 net/socket.c:1900
__do_sys_setsockopt net/socket.c:1911 [inline]
__se_sys_setsockopt net/socket.c:1908 [inline]
__x64_sys_setsockopt+0xbe/0x150 net/socket.c:1908
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: Bad RIP value.
RSP: 002b:00007f0f8b711c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f0f8b7126d4 RCX: 0000000000457099
RDX: 000000000000000d RSI: 0000000000000107 RDI: 0000000000000006
RBP: 00000000009301e0 R08: 0000000000000717 R09: 0000000000000000
R10: 0000000020001000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d4ed8 R14: 00000000004c9283 R15: 0000000000000002
INFO: task syz-executor2:23952 blocked for more than 140 seconds.
Not tainted 4.19.0-rc2+ #209
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor2 D25632 23952 5363 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2825 [inline]
__schedule+0x86c/0x1ed0 kernel/sched/core.c:3473
schedule+0xfe/0x460 kernel/sched/core.c:3517
__lock_sock+0x1fb/0x350 net/core/sock.c:2312
lock_sock_nested+0xfe/0x120 net/core/sock.c:2834
lock_sock include/net/sock.h:1491 [inline]
packet_do_bind+0x9c/0xdb0 net/packet/af_packet.c:3044
packet_bind+0x15d/0x1b0 net/packet/af_packet.c:3165
__sys_bind+0x331/0x440 net/socket.c:1481
__do_sys_bind net/socket.c:1492 [inline]
__se_sys_bind net/socket.c:1490 [inline]
__x64_sys_bind+0x73/0xb0 net/socket.c:1490
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: 48 8b 54 24 38 48 8b 7c 24 48 eb 8d 48 8b 6c 24 50 48 83 c4 58 c3 48
89 04 24 48 89 5c 24 08 e8 fd a8 fb ff 48 8b 44 24 40 48 <8b> 4c 24 48 48
8b 54 24 38 4c 8b 54 24 18 e9 ee fe ff ff 48 89 74
RSP: 002b:00007f0f8b6f0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
RAX: ffffffffffffffda RBX: 00007f0f8b6f16d4 RCX: 0000000000457099
RDX: 0000000000000014 RSI: 0000000020000200 RDI: 0000000000000006
RBP: 0000000000930280 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004cb740 R14: 00000000004c316a R15: 0000000000000003
Showing all locks held in the system:
1 lock held by khungtaskd/984:
#0: 000000002e46c48c (rcu_read_lock){....}, at:
debug_show_all_locks+0xd0/0x424 kernel/locking/lockdep.c:4436
1 lock held by rsyslogd/5214:
#0: 00000000006f872b (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
fs/file.c:766
2 locks held by getty/5305:
#0: 000000004d5f310e (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000006bd8f0d8 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/5306:
#0: 0000000083d44ee1 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 0000000037826e21 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/5307:
#0: 00000000d17a2374 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000c91f4f6b (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/5308:
#0: 000000002faa7b77 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 00000000b187444f (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/5309:
#0: 000000005b78bdb7 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 000000001f8efc2f (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/5310:
#0: 000000005e5d92ad (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 0000000005d8cff2 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/5311:
#0: 00000000050b1c60 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
#1: 0000000068bd9ec5 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
1 lock held by syz-executor2/23945:
#0: 00000000c05f9376 (sk_lock-AF_PACKET){+.+.}, at: lock_sock
include/net/sock.h:1491 [inline]
#0: 00000000c05f9376 (sk_lock-AF_PACKET){+.+.}, at:
packet_setsockopt+0x602/0x23b0 net/packet/af_packet.c:3629
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 984 Comm: khungtaskd Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
nmi_cpu_backtrace.cold.3+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1b3/0x1ed lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:144 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline]
watchdog+0xb3e/0x1050 kernel/hung_task.c:265
kthread+0x35a/0x420 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10
arch/x86/include/asm/irqflags.h:57
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
Dmitry Vyukov
Oct 23, 2019, 3:23:12 AM10/23/19
to syzbot, 'Dmitry Vyukov' via syzkaller-upstream-moderation
After https://github.com/google/syzkaller/commit/37dc03de04826cc0d5d1e3699832b0a3113d40af
this should be re-detected as "task hung in synchronize_rcu"
#syz invalid
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/000000000000d77d7e05757f7a17%40google.com.
> For more options, visit https://groups.google.com/d/optout.
this should be re-detected as "task hung in synchronize_rcu"
#syz invalid
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/000000000000d77d7e05757f7a17%40google.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages