syzbot


INFO: task hung in process_one_work

Status: auto-closed as invalid on 2019/02/22 10:22
Subsystems: trace
[Documentation on labels]
Reported-by: syzbot+420725283c35bab21df3@syzkaller.appspotmail.com
First crash: 2240d, last: 2240d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in process_one_work (4) net syz error error 49 89d 1376d 0/26 upstream: reported syz repro on 2020/08/21 00:08
upstream INFO: task hung in process_one_work (3) net 1 1641d 1640d 0/26 closed as invalid on 2019/11/30 16:54
upstream INFO: task hung in process_one_work (2) bpf net 1 1805d 1805d 0/26 auto-closed as invalid on 2019/10/25 10:51

Sample crash report:
INFO: task kworker/1:1:24 blocked for more than 120 seconds.
      Not tainted 4.16.0+ #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:1     D17720    24      2 0x80000000
Workqueue: rcu_gp wait_rcu_exp_gp
Call Trace:
 context_switch kernel/sched/core.c:2848 [inline]
 __schedule+0x807/0x1e40 kernel/sched/core.c:3490
 schedule+0xef/0x430 kernel/sched/core.c:3549
 schedule_timeout+0x138/0x240 kernel/time/timer.c:1801
 synchronize_sched_expedited_wait kernel/rcu/tree_exp.h:470 [inline]
 rcu_exp_wait_wake+0x254/0x9c0 kernel/rcu/tree_exp.h:538
 rcu_exp_sel_wait_wake kernel/rcu/tree_exp.h:582 [inline]
 wait_rcu_exp_gp+0x83/0xc0 kernel/rcu/tree_exp.h:593
 process_one_work+0xc1e/0x1b50 kernel/workqueue.c:2145
 worker_thread+0x1cc/0x1440 kernel/workqueue.c:2279
 kthread+0x345/0x410 kernel/kthread.c:238
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:411

Showing all locks held in the system:
2 locks held by kworker/1:1/24:
 #0: 000000001f589a36 ((wq_completion)"rcu_gp"){+.+.}, at: __write_once_size include/linux/compiler.h:215 [inline]
 #0: 000000001f589a36 ((wq_completion)"rcu_gp"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: 000000001f589a36 ((wq_completion)"rcu_gp"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline]
 #0: 000000001f589a36 ((wq_completion)"rcu_gp"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:57 [inline]
 #0: 000000001f589a36 ((wq_completion)"rcu_gp"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: 000000001f589a36 ((wq_completion)"rcu_gp"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: 000000001f589a36 ((wq_completion)"rcu_gp"){+.+.}, at: process_one_work+0xaef/0x1b50 kernel/workqueue.c:2116
 #1: 000000001fad37d8 ((work_completion)(&rew.rew_work)){+.+.}, at: process_one_work+0xb46/0x1b50 kernel/workqueue.c:2120
2 locks held by khungtaskd/882:
 #0: 00000000d896c8ef (rcu_read_lock){....}, at: check_hung_uninterruptible_tasks kernel/hung_task.c:175 [inline]
 #0: 00000000d896c8ef (rcu_read_lock){....}, at: watchdog+0x1ff/0xf60 kernel/hung_task.c:249
 #1: 000000009f6927ee (tasklist_lock){.+.+}, at: debug_show_all_locks+0xde/0x34a kernel/locking/lockdep.c:4470
2 locks held by kworker/1:2/1966:
 #0: 00000000d9d41f77 ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:215 [inline]
 #0: 00000000d9d41f77 ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: 00000000d9d41f77 ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline]
 #0: 00000000d9d41f77 ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:57 [inline]
 #0: 00000000d9d41f77 ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: 00000000d9d41f77 ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: 00000000d9d41f77 ((wq_completion)"events"){+.+.}, at: process_one_work+0xaef/0x1b50 kernel/workqueue.c:2116
 #1: 000000007a5d1eee (xfrm_state_gc_work){+.+.}, at: process_one_work+0xb46/0x1b50 kernel/workqueue.c:2120
2 locks held by getty/4439:
 #0: 000000004102fa04 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 000000008d75739c (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131
2 locks held by getty/4440:
 #0: 000000001677a6f2 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 0000000029959bd0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131
2 locks held by getty/4441:
 #0: 00000000c78fba81 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 00000000158b1163 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131
2 locks held by getty/4442:
 #0: 00000000fb857431 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 00000000a0739b7f (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131
2 locks held by getty/4443:
 #0: 00000000291be71a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 000000008358d71d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131
2 locks held by getty/4444:
 #0: 00000000f846223a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 00000000906269a3 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131
2 locks held by getty/4445:
 #0: 0000000061a26828 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 00000000a8b4af8c (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131
1 lock held by syz-executor0/19397:
 #0: 000000000387c4ce (event_mutex){+.+.}, at: perf_trace_destroy+0x28/0x100 kernel/trace/trace_event_perf.c:235
1 lock held by syz-executor3/19378:
 #0: 000000000387c4ce (event_mutex){+.+.}, at: perf_trace_destroy+0x28/0x100 kernel/trace/trace_event_perf.c:235
2 locks held by syz-executor7/19387:
 #0: 00000000f6414d6b (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74
 #1: 00000000c4a2a02b (rcu_sched_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:281 [inline]
 #1: 00000000c4a2a02b (rcu_sched_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited.constprop.73+0x9dd/0xad0 kernel/rcu/tree_exp.h:616
3 locks held by syz-executor1/19393:
 #0: 00000000dde0e35a (&sig->cred_guard_mutex){+.+.}, at: SYSC_perf_event_open+0x129f/0x2fa0 kernel/events/core.c:10457
 #1: 000000005f6011dd (&pmus_srcu){....}, at: perf_event_alloc.part.91+0x103c/0x30a0 kernel/events/core.c:10018
 #2: 000000000387c4ce (event_mutex){+.+.}, at: perf_trace_init+0x50/0x250 kernel/trace/trace_event_perf.c:217
1 lock held by syz-executor4/19392:
 #0: 000000000387c4ce (event_mutex){+.+.}, at: perf_trace_destroy+0x28/0x100 kernel/trace/trace_event_perf.c:235
3 locks held by syz-executor2/19395:
 #0: 00000000bc21136e (&sig->cred_guard_mutex){+.+.}, at: SYSC_perf_event_open+0x129f/0x2fa0 kernel/events/core.c:10457
 #1: 000000005f6011dd (&pmus_srcu){....}, at: perf_event_alloc.part.91+0x103c/0x30a0 kernel/events/core.c:10018
 #2: 000000000387c4ce (event_mutex){+.+.}, at: perf_trace_init+0x50/0x250 kernel/trace/trace_event_perf.c:217

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 882 Comm: khungtaskd Not tainted 4.16.0+ #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1b9/0x294 lib/dump_stack.c:113
 nmi_cpu_backtrace.cold.4+0x19/0xce lib/nmi_backtrace.c:103
 nmi_trigger_cpumask_backtrace+0x151/0x192 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
 check_hung_task kernel/hung_task.c:132 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:190 [inline]
 watchdog+0xc10/0xf60 kernel/hung_task.c:249
 kthread+0x345/0x410 kernel/kthread.c:238
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:411
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 19357 Comm: syz-executor6 Not tainted 4.16.0+ #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__lock_acquire+0x72/0x5130 kernel/locking/lockdep.c:3290
RSP: 0018:ffff8801b4eb6fe0 EFLAGS: 00000082
RAX: ffffed00369d6e10 RBX: 1ffff100369d6e79 RCX: 0000000000000002
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffffffff892f3238
RBP: ffff8801b4eb7370 R08: 0000000000000001 R09: 0000000000000001
R10: ffff88018f73a380 R11: ffff88018f73a380 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000002 R15: ffffffff892f3238
FS:  00007fe50231b700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004cc720 CR3: 00000001c4583000 CR4: 00000000001406f0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 lock_acquire+0x1dc/0x520 kernel/locking/lockdep.c:3920
 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline]
 _raw_read_lock+0x2d/0x40 kernel/locking/spinlock.c:216
 snd_pcm_stream_lock+0xaf/0xe0 sound/core/pcm_native.c:116
 snd_pcm_stream_lock_irq+0x7d/0xf0 sound/core/pcm_native.c:152
 __snd_pcm_lib_xfer+0x345/0x1d10 sound/core/pcm_lib.c:2162
 snd_pcm_oss_write3+0xe9/0x220 sound/core/oss/pcm_oss.c:1236
 io_playback_transfer+0x274/0x310 sound/core/oss/io.c:47
 snd_pcm_plug_write_transfer+0x36c/0x470 sound/core/oss/pcm_plugin.c:619
 snd_pcm_oss_write2+0x25c/0x460 sound/core/oss/pcm_oss.c:1365
 snd_pcm_oss_write1 sound/core/oss/pcm_oss.c:1431 [inline]
 snd_pcm_oss_write+0x55f/0xa20 sound/core/oss/pcm_oss.c:2774
 do_loop_readv_writev fs/read_write.c:703 [inline]
 do_iter_write+0x491/0x5f0 fs/read_write.c:961
 vfs_writev+0x1c7/0x330 fs/read_write.c:1004
 do_writev+0x112/0x2f0 fs/read_write.c:1039
 SYSC_writev fs/read_write.c:1112 [inline]
 SyS_writev+0x27/0x30 fs/read_write.c:1109
 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x455259
RSP: 002b:00007fe50231ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 00007fe50231b6d4 RCX: 0000000000455259
RDX: 0000000000000007 RSI: 0000000020000580 RDI: 0000000000000014
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000006cd R14: 00000000006fd3d8 R15: 0000000000000000
Code: b3 8a b5 41 48 c7 84 24 a8 00 00 00 38 82 78 88 48 c1 e8 03 48 89 84 24 98 00 00 00 48 01 d0 48 c7 84 24 b0 00 00 00 90 d2 5a 81 <c7> 00 f1 f1 f1 f1 c7 40 04 04 f2 f2 f2 c7 40 08 f2 f2 f2 f2 c7 

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/04/09 07:53 upstream 3fd14cdcc05a 77bd5117 .config console log report ci-upstream-kasan-gce
* Struck through repros no longer work on HEAD.