syzbot

 sign-in | mailing list | source | docs
🐞 Open [1495]
Subsystems
🐞 Fixed [6528]
🐞 Invalid [16630]
Missing Backports [205]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

INFO: task hung in vhost_dev_flush (2)

Status: auto-obsoleted due to no activity on 2025/08/08 17:17
Subsystems: kvm net virt
[Documentation on labels]
First crash: 106d, last: 106d
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in vhost_dev_flush virt kvm net 1 2 784d 812d 0/29 auto-obsoleted due to no activity on 2023/09/30 12:30

Sample crash report:
INFO: task syz.9.208:8077 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc5-syzkaller-gc32f8dc5aaf9 #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.9.208       state:D stack:0     pid:8077  tgid:8075  ppid:7416   task_flags:0x40044c flags:0x00000019
Call trace:
 __switch_to+0x414/0x834 arch/arm64/kernel/process.c:734 (T)
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x13b0/0x28d4 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xb4/0x230 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6917
 __mutex_lock_common+0xbd0/0x2190 kernel/locking/mutex.c:678
 __mutex_lock kernel/locking/mutex.c:746 [inline]
 mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:798
 vhost_worker_flush drivers/vhost/vhost.c:294 [inline]
 vhost_dev_flush+0x9c/0x124 drivers/vhost/vhost.c:305
 vhost_net_flush+0x34/0x16c drivers/vhost/net.c:1362
 vhost_net_release+0x70/0x30c drivers/vhost/net.c:1383
 __fput+0x340/0x75c fs/file_table.c:465
 ____fput+0x20/0x58 fs/file_table.c:493
 task_work_run+0x1dc/0x260 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x4e8/0x1998 kernel/exit.c:953
 do_group_exit+0x194/0x22c kernel/exit.c:1102
 get_signal+0x11dc/0x12f8 kernel/signal.c:3034
 do_signal+0x274/0x4438 arch/arm64/kernel/signal.c:1615
 do_notify_resume+0xac/0x1ec arch/arm64/kernel/entry-common.c:148
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_svc+0xb4/0x17c arch/arm64/kernel/entry-common.c:768
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600

Showing all locks held in the system:
1 lock held by kthreadd/2:
2 locks held by kworker/0:0/9:
3 locks held by kworker/u8:0/12:
3 locks held by kworker/u8:1/14:
2 locks held by kworker/1:0/24:
1 lock held by khungtaskd/32:
 #0: ffff80008f4f88a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 include/linux/rcupdate.h:330
3 locks held by kworker/u8:2/44:
4 locks held by kworker/u8:3/45:
3 locks held by kworker/u8:4/285:
3 locks held by kworker/u8:5/488:
4 locks held by kworker/u8:6/499:
 #0: ffff0000c0031948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x658/0x156c kernel/workqueue.c:3212
 #1: ffff80009c8a7bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x6ec/0x156c kernel/workqueue.c:3212
 #2: ffff80009247ace8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
 #3: ffff0000f28f0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6092 [inline]
 #3: ffff0000f28f0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_leave_invalid_chans net/wireless/reg.c:2471 [inline]
 #3: ffff0000f28f0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x11c/0xd88 net/wireless/reg.c:2486
3 locks held by kworker/u8:7/557:
3 locks held by kworker/u8:8/590:
2 locks held by kworker/u8:9/665:
2 locks held by kworker/u8:10/686:
3 locks held by kworker/u8:11/743:
3 locks held by kworker/u8:12/754:
4 locks held by kworker/0:2/1807:
2 locks held by kworker/1:2/2311:
3 locks held by kworker/R-ipv6_/4144:
 #0: ffff0000d2c1b948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x658/0x156c kernel/workqueue.c:3212
 #1: ffff80009ee87ba0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x6ec/0x156c kernel/workqueue.c:3212
 #2: ffff80009247ace8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
5 locks held by kworker/R-bat_e/4225:
1 lock held by klogd/6097:
2 locks held by udevd/6108:
4 locks held by kworker/0:3/6231:
 #0: ffff0000d8850d48 ((wq_completion)wg-kex-wg0#18){+.+.}-{0:0}, at: process_one_work+0x658/0x156c kernel/workqueue.c:3212
 #1: ffff8000a48c7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x6ec/0x156c kernel/workqueue.c:3212
 #2: ffff0000f3fb9308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x130/0x748 drivers/net/wireguard/noise.c:598
 #3: ffff0000f482c890 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x414/0x748 drivers/net/wireguard/noise.c:632
2 locks held by getty/6264:
 #0: ffff0000d30b90a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
 #1: ffff80009b5eb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x34c/0xfa0 drivers/tty/n_tty.c:2222
4 locks held by kworker/1:3/6539:
4 locks held by kworker/1:4/6540:
4 locks held by kworker/0:4/6541:
4 locks held by kworker/1:5/6542:
4 locks held by kworker/0:5/6547:
4 locks held by kworker/0:6/6558:
4 locks held by kworker/u8:13/7034:
3 locks held by syz-executor/7082:
1 lock held by kworker/R-wg-cr/7184:
 #0: ffff80008f3a0ee8 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x40/0x348 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/7185:
 #0: ffff80008f3a0ee8 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x40/0x348 kernel/workqueue.c:2678
4 locks held by syz-executor/7190:
3 locks held by syz-executor/7264:
3 locks held by kworker/u8:14/7301:
3 locks held by kworker/u8:15/7302:
1 lock held by kworker/R-wg-cr/7313:
 #0: ffff80008f3a0ee8 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x40/0x348 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/7314:
 #0: ffff80008f3a0ee8 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x40/0x348 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/7333:
 #0: ffff80008f3a0ee8 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x40/0x348 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/7339:
 #0: ffff80008f3a0ee8 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2736 [inline]
 #0: ffff80008f3a0ee8 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x86c/0xec8 kernel/workqueue.c:3529
4 locks held by kworker/1:6/7443:
5 locks held by syz-executor/7495:
1 lock held by kworker/R-wg-cr/7498:
 #0: ffff80008f3a0ee8 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x40/0x348 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/7499:
 #0: ffff80008f3a0ee8 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x40/0x348 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/7500:
1 lock held by kworker/R-wg-cr/7536:
 #0: ffff80008f3a0ee8 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x40/0x348 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/7537:
 #0: ffff80008f3a0ee8 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x40/0x348 kernel/workqueue.c:2678
1 lock held by kworker/R-wg-cr/7538:
 #0: ffff80008f3a0ee8 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x40/0x348 kernel/workqueue.c:2678
4 locks held by kworker/0:7/7558:
4 locks held by kworker/1:7/7572:
 #0: ffff0000d5722548 ((wq_completion)wg-kex-wg0#16){+.+.}-{0:0}, at: process_one_work+0x658/0x156c kernel/workqueue.c:3212
 #1: ffff80009ddf7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x6ec/0x156c kernel/workqueue.c:3212
 #2: ffff0000e19f5308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x130/0x748 drivers/net/wireguard/noise.c:598
 #3: ffff0000f4828d20 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x414/0x748 drivers/net/wireguard/noise.c:632
2 locks held by udevd/7723:
2 locks held by udevd/7727:
1 lock held by sed/8081:
3 locks held by kworker/u8:16/8086:
3 locks held by kworker/u8:17/8087:

=============================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/10 17:13 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c32f8dc5aaf9 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 INFO: task hung in vhost_dev_flush
* Struck through repros no longer work on HEAD.