syzbot


INFO: task hung in cfg80211_dfs_channels_update_work (2)

Status: auto-closed as invalid on 2022/05/15 07:22
Reported-by: syzbot+ae073377a78d5623bdca@syzkaller.appspotmail.com
First crash: 1058d, last: 1058d
Similar bugs (10)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in cfg80211_dfs_channels_update_work (4) wireless 1 895d 895d 0/28 auto-closed as invalid on 2022/09/24 17:02
upstream INFO: task hung in cfg80211_dfs_channels_update_work wireless 1 1534d 1534d 0/28 auto-closed as invalid on 2020/12/24 22:54
linux-5.15 INFO: task hung in cfg80211_dfs_channels_update_work 2 173d 197d 0/3 auto-obsoleted due to no activity on 2024/09/26 11:44
upstream INFO: task hung in cfg80211_dfs_channels_update_work (5) wireless 1 686d 686d 0/28 auto-obsoleted due to no activity on 2023/04/29 21:53
upstream INFO: task hung in cfg80211_dfs_channels_update_work (7) wireless 37 167d 171d 26/28 fixed on 2024/07/09 19:14
upstream INFO: task hung in cfg80211_dfs_channels_update_work (2) wireless 3 1383d 1439d 0/28 auto-closed as invalid on 2021/05/25 10:38
upstream INFO: task hung in cfg80211_dfs_channels_update_work (6) wireless 3 423d 568d 0/28 auto-obsoleted due to no activity on 2024/01/10 05:01
linux-4.19 INFO: task hung in cfg80211_dfs_channels_update_work 1 1184d 1184d 0/1 auto-closed as invalid on 2022/01/09 14:58
upstream INFO: task hung in cfg80211_dfs_channels_update_work (3) wireless 18 1075d 1288d 0/28 closed as invalid on 2022/02/07 19:19
upstream INFO: task hung in cfg80211_dfs_channels_update_work (8) wireless 87 9d08h 60d 0/28 upstream: reported on 2024/10/09 16:00

Sample crash report:
batman_adv: batadv0: Interface deactivated: gretap650
batman_adv: batadv0: Interface deactivated: gretap651
batman_adv: batadv0: Interface deactivated: gretap652
batman_adv: batadv0: Interface deactivated: gretap653
batman_adv: batadv0: Interface deactivated: gretap654
INFO: task kworker/u4:7:20463 blocked for more than 140 seconds.
      Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:7    D25536 20463      2 0x80000000
Workqueue: cfg80211 cfg80211_dfs_channels_update_work
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1016 [inline]
 __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078
 cfg80211_dfs_channels_update_work+0x98/0x5a0 net/wireless/mlme.c:777
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
INFO: task kworker/1:0:9636 blocked for more than 140 seconds.
      Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:0     D27016  9636      2 0x80000000
Workqueue: events switchdev_deferred_process_work
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1016 [inline]
 __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078
 switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:150
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
batman_adv: batadv0: Interface deactivated: gretap655
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
INFO: task kworker/1:3:23492 blocked for more than 140 seconds.
      Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:3     D27032 23492      2 0x80000000
Workqueue: events linkwatch_event
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619
 __mutex_lock_common kernel/locking/mutex.c:1016 [inline]
 __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078
 linkwatch_event+0xb/0x60 net/core/link_watch.c:236
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

Showing all locks held in the system:
1 lock held by khungtaskd/1571:
 #0: 000000001914357c (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441
4 locks held by kworker/u4:5/6805:
1 lock held by in:imklog/7770:
 #0: 00000000905a5570 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767
batman_adv: batadv0: Interface deactivated: gretap656
2 locks held by agetty/7818:
 #0: 0000000085a0db02 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
 #1: 000000000a0975b1 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x217/0x1950 drivers/tty/n_tty.c:2154
3 locks held by kworker/u4:7/20463:
 #0: 00000000b501892a ((wq_completion)"cfg80211"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 000000001b9b4cac ((work_completion)(&(&rdev->dfs_update_channels_wk)->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000002d4b4702 (rtnl_mutex){+.+.}, at: cfg80211_dfs_channels_update_work+0x98/0x5a0 net/wireless/mlme.c:777
3 locks held by kworker/1:0/9636:
 #0: 000000005d93094d ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 000000000b0eeaae (deferred_process_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000002d4b4702 (rtnl_mutex){+.+.}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:150
3 locks held by kworker/1:3/23492:
 #0: 000000005d93094d ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 00000000a029bb0a ((linkwatch_work).work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000002d4b4702 (rtnl_mutex){+.+.}, at: linkwatch_event+0xb/0x60 net/core/link_watch.c:236
2 locks held by syz-executor.0/19223:
 #0: 000000002d4b4702 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline]
 #0: 000000002d4b4702 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779
 #1: 000000008cde8d47 (rcu_preempt_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:297 [inline]
 #1: 000000008cde8d47 (rcu_preempt_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited+0x4dc/0x6f0 kernel/rcu/tree_exp.h:667
2 locks held by kworker/1:1/19338:
 #0: 0000000080891f2d ((wq_completion)"rcu_gp"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 000000004cf9e96c ((work_completion)(&rew.rew_work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
3 locks held by kworker/1:4/19339:
 #0: 00000000c7668a5f ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 0000000088b96b7b ((addr_chk_work).work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 000000002d4b4702 (rtnl_mutex){+.+.}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4476

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1571 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
 watchdog+0x991/0xe60 kernel/hung_task.c:287
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 6805 Comm: kworker/u4:5 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
RIP: 0010:__lock_acquire+0x25d/0x3ff0 kernel/locking/lockdep.c:3322
Code: 85 c0 0f 84 38 ff ff ff 48 8d b8 38 01 00 00 be 04 00 00 00 48 89 44 24 10 e8 bf 54 4d 00 48 8b 44 24 10 f0 ff 80 38 01 00 00 <49> 8d b5 80 08 00 00 48 ba 00 00 00 00 00 fc ff df 48 89 f1 48 89
RSP: 0018:ffff88809f4a7978 EFLAGS: 00000006
RAX: ffffffff8cd63090 RBX: 0000000000000000 RCX: ffffffff814afa31
RDX: fffffbfff19ac63a RSI: 0000000000000004 RDI: ffffffff8cd631c8
RBP: 0000000000000002 R08: 0000000000000001 R09: fffffbfff19ac639
R10: ffffffff8cd631cb R11: 0000000000000000 R12: 0000000000000000
R13: ffff88809f12c400 R14: ffffffff89f85fa0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc2bf8e4000 CR3: 0000000024713000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 rcu_lock_acquire include/linux/rcupdate.h:242 [inline]
 rcu_read_lock include/linux/rcupdate.h:627 [inline]
 batadv_iv_ogm_slide_own_bcast_window net/batman-adv/bat_iv_ogm.c:942 [inline]
 batadv_iv_ogm_schedule_buff+0x5bb/0x1340 net/batman-adv/bat_iv_ogm.c:1008
 batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:1052 [inline]
 batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:1045 [inline]
 batadv_iv_send_outstanding_bat_ogm_packet+0x68c/0x7a0 net/batman-adv/bat_iv_ogm.c:1871
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
----------------
Code disassembly (best guess):
   0:	85 c0                	test   %eax,%eax
   2:	0f 84 38 ff ff ff    	je     0xffffff40
   8:	48 8d b8 38 01 00 00 	lea    0x138(%rax),%rdi
   f:	be 04 00 00 00       	mov    $0x4,%esi
  14:	48 89 44 24 10       	mov    %rax,0x10(%rsp)
  19:	e8 bf 54 4d 00       	callq  0x4d54dd
  1e:	48 8b 44 24 10       	mov    0x10(%rsp),%rax
  23:	f0 ff 80 38 01 00 00 	lock incl 0x138(%rax)
* 2a:	49 8d b5 80 08 00 00 	lea    0x880(%r13),%rsi <-- trapping instruction
  31:	48 ba 00 00 00 00 00 	movabs $0xdffffc0000000000,%rdx
  38:	fc ff df
  3b:	48 89 f1             	mov    %rsi,%rcx
  3e:	48                   	rex.W
  3f:	89                   	.byte 0x89

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/01/15 07:21 linux-4.19.y 3f8a27f9e27b 723cfaf0 .config console log report info ci2-linux-4-19 INFO: task hung in cfg80211_dfs_channels_update_work
* Struck through repros no longer work on HEAD.