syzbot


INFO: task hung in tls_sw_cancel_work_tx

Status: closed as dup on 2020/12/29 19:08
Reported-by: syzbot+ba431dd9afc3a918981a@syzkaller.appspotmail.com
First crash: 1077d, last: 4d10h

Cause bisection: introduced by (bisect log) :
commit f75f91574617a3c6fbc821c6b156f5777a59d0ed
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date: Tue May 15 14:31:49 2018 +0000

  drm/i915: Shrink search list for active timelines

Crash: kernel BUG at include/linux/scatterlist.h:LINE! (log)
Repro: C syz .config

Fix bisection: failed (bisect log)
Duplicate of (1):
Title Repro Cause bisect Fix bisect Count Last Reported
INFO: task hung in tls_sk_proto_close C done 772 2d15h 920d

Sample crash report:
INFO: task syz-executor690:10948 blocked for more than 143 seconds.
      Not tainted 5.6.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor690 D23784 10948  10947 0x00004000
Call Trace:
 context_switch kernel/sched/core.c:3386 [inline]
 __schedule+0x934/0x1f90 kernel/sched/core.c:4082
 schedule+0xdc/0x2b0 kernel/sched/core.c:4156
 schedule_timeout+0x717/0xc50 kernel/time/timer.c:1871
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common kernel/sched/completion.c:115 [inline]
 wait_for_completion+0x29c/0x440 kernel/sched/completion.c:136
 __flush_work+0x4fe/0xa50 kernel/workqueue.c:3041
 __cancel_work_timer+0x3d9/0x540 kernel/workqueue.c:3128
 cancel_delayed_work_sync+0x1b/0x20 kernel/workqueue.c:3260
 tls_sw_cancel_work_tx+0x68/0x80 net/tls/tls_sw.c:2096
 tls_sk_proto_close+0x4d2/0xb70 net/tls/tls_main.c:304
 inet_release+0xed/0x200 net/ipv4/af_inet.c:427
 inet6_release+0x53/0x80 net/ipv6/af_inet6.c:470
 __sock_release+0xce/0x280 net/socket.c:605
 sock_close+0x1e/0x30 net/socket.c:1283
 __fput+0x2ff/0x890 fs/file_table.c:280
 ____fput+0x16/0x20 fs/file_table.c:313
 task_work_run+0x145/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x316/0x380 arch/x86/entry/common.c:164
 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:278 [inline]
 do_syscall_64+0x676/0x790 arch/x86/entry/common.c:304
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x402ac0
Code: 89 c3 0f 1f 84 00 00 00 00 00 ba 01 00 00 00 48 89 ee bf ff ff ff ff e8 f6 f7 ff ff 85 c0 74 2a 83 3b 0a 74 25 48 8b 15 0e 5e <20> 00 48 85 d2 74 d9 3b 42 08 74 24 48 8b 92 c0 00 00 00 48 85 d2
RSP: 002b:00007ffd6e2a8358 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000402ac0
RDX: 00000000000000d8 RSI: 00000000200005c0 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000000d8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000403cf0 R14: 0000000000000000 R15: 0000000000000000

Showing all locks held in the system:
1 lock held by khungtaskd/1122:
 #0: ffffffff89bac240 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x279 kernel/locking/lockdep.c:5333
3 locks held by kworker/0:57/2881:
 #0: ffff8880aa426d28 ((wq_completion)events){+.+.}, at: __write_once_size include/linux/compiler.h:226 [inline]
 #0: ffff8880aa426d28 ((wq_completion)events){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8880aa426d28 ((wq_completion)events){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline]
 #0: ffff8880aa426d28 ((wq_completion)events){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline]
 #0: ffff8880aa426d28 ((wq_completion)events){+.+.}, at: set_work_data kernel/workqueue.c:615 [inline]
 #0: ffff8880aa426d28 ((wq_completion)events){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline]
 #0: ffff8880aa426d28 ((wq_completion)events){+.+.}, at: process_one_work+0x8dd/0x17a0 kernel/workqueue.c:2235
 #1: ffffc9000963fdc0 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}, at: process_one_work+0x917/0x17a0 kernel/workqueue.c:2239
 #2: ffff88809a2a74d0 (&ctx->tx_lock){+.+.}, at: tx_work_handler+0x12e/0x190 net/tls/tls_sw.c:2209
2 locks held by rsyslogd/10792:
 #0: ffff888092bfcba0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:821
 #1: ffffffff89ba1278 (log_wait.lock){-...}, at: is_bpf_text_address+0x0/0x160 kernel/bpf/core.c:692
2 locks held by getty/10914:
 #0: ffff888078d14090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005aeb2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/10915:
 #0: ffff88809c5df090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005b5b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/10916:
 #0: ffff888097895090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005abb2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/10917:
 #0: ffff88808d8ea090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005b4b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/10918:
 #0: ffff888092af3090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005b2b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/10919:
 #0: ffff888097fc6090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005b3b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/10920:
 #0: ffff8880a4098090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
 #1: ffffc90005a9b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
1 lock held by syz-executor690/10948:
 #0: ffff88809056c740 (&sb->s_type->i_mutex_key#12){+.+.}, at: inode_lock include/linux/fs.h:791 [inline]
 #0: ffff88809056c740 (&sb->s_type->i_mutex_key#12){+.+.}, at: __sock_release+0x89/0x280 net/socket.c:604

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1122 Comm: khungtaskd Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x70/0xb2 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x23b/0x28b lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline]
 watchdog+0xb11/0x10c0 kernel/hung_task.c:289
 kthread+0x361/0x430 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 2903 Comm: kworker/1:64 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events nsim_dev_trap_report_work
RIP: 0010:debug_check_no_locks_freed+0x12d/0x290 kernel/locking/lockdep.c:5290
Code: b9 00 00 00 00 00 fc ff df 48 8d 04 80 4d 8d 84 c5 d0 08 00 00 4c 8d 7b f0 48 89 d8 48 c1 e8 03 80 3c 08 00 0f 85 de 00 00 00 <48> 8b 13 48 8d 42 20 49 39 c4 73 55 4d 8d 34 34 4c 39 f2 73 4c e8
RSP: 0018:ffffc900096afba8 EFLAGS: 00000046
RAX: 1ffff11013d1d9a2 RBX: ffff88809e8ecd10 RCX: dffffc0000000000
RDX: ffff8880aa426d28 RSI: 00000000000000e0 RDI: ffff88809e8eccd0
RBP: ffffc900096afbe8 R08: ffff88809e8ecd88 R09: fffffbfff16a3385
R10: fffffbfff16a3384 R11: ffffffff8b519c27 R12: ffff888092ce3a00
R13: ffff88809e8ec440 R14: ffff888092ce3ae0 R15: ffff88809e8ecd00
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600400 CR3: 000000009c5f9000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 kmem_cache_free+0x68/0x320 mm/slab.c:3691
 kfree_skbmem net/core/skbuff.c:624 [inline]
 kfree_skbmem+0xfb/0x1c0 net/core/skbuff.c:618
 __kfree_skb net/core/skbuff.c:681 [inline]
 consume_skb net/core/skbuff.c:839 [inline]
 consume_skb+0x103/0x410 net/core/skbuff.c:833
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:390 [inline]
 nsim_dev_trap_report_work+0x7cb/0xaf0 drivers/net/netdevsim/dev.c:415
 process_one_work+0xa05/0x17a0 kernel/workqueue.c:2264
 worker_thread+0x98/0xe40 kernel/workqueue.c:2410
 kthread+0x361/0x430 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

Crashes (64):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2020/02/10 23:30 upstream bb6d3fb354c5 18847f55 .config log report syz C
ci-upstream-kasan-gce-root 2020/02/09 09:04 upstream d4f309ca4118 06150bf1 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/02/07 21:10 upstream 90568ecf5615 06150bf1 .config log report syz C
ci-upstream-gce-arm64 2022/10/01 20:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config log report info INFO: task hung in tls_sw_cancel_work_tx
ci-upstream-gce-arm64 2022/10/01 13:09 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config log report info INFO: task hung in tls_sw_cancel_work_tx
ci-upstream-gce-arm64 2022/09/24 15:27 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 0042f2b4 .config log report info INFO: task hung in tls_sw_cancel_work_tx
ci-upstream-gce-arm64 2022/08/25 12:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a41a877bc12d 514514f6 .config log report info INFO: task hung in tls_sw_cancel_work_tx
ci-upstream-gce-arm64 2022/08/25 03:25 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a41a877bc12d 514514f6 .config log report info INFO: task hung in tls_sw_cancel_work_tx
ci-upstream-gce-arm64 2022/08/23 19:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1c23f9e627a7 cea8b0f7 .config log report info INFO: task hung in tls_sw_cancel_work_tx
ci-upstream-kasan-gce-selinux-root 2019/11/29 20:36 upstream 81b6b96475ac d29b9e84 .config log report
ci-upstream-kasan-gce 2019/11/01 07:08 upstream e472c64aa4fa a41ca8fa .config log report
ci-upstream-kasan-gce-root 2019/10/31 18:09 upstream e472c64aa4fa a41ca8fa .config log report
ci-upstream-kasan-gce-smack-root 2019/10/31 18:03 upstream e472c64aa4fa a41ca8fa .config log report
ci-upstream-kasan-gce 2019/10/25 09:54 upstream 39a38bcba4ab d01bb02a .config log report
ci-upstream-net-this-kasan-gce 2020/03/05 08:21 net 3614d05b5e6b c88c7b75 .config log report
ci-upstream-net-this-kasan-gce 2020/03/04 14:37 net 3614d05b5e6b c88c7b75 .config log report
ci-upstream-net-this-kasan-gce 2020/03/04 10:19 net 3614d05b5e6b c88c7b75 .config log report
ci-upstream-net-this-kasan-gce 2020/03/03 22:02 net 3614d05b5e6b c88c7b75 .config log report
ci-upstream-net-this-kasan-gce 2020/02/28 12:07 net 6132c1d9033d 59b57593 .config log report
ci-upstream-net-this-kasan-gce 2020/02/26 11:42 net 6132c1d9033d 59b57593 .config log report
ci-upstream-net-this-kasan-gce 2020/02/21 12:11 net 0d5b8d705565 bd2a74a3 .config log report
ci-upstream-net-this-kasan-gce 2020/02/10 21:06 net 5391a87751a1 18847f55 .config log report
ci-upstream-net-this-kasan-gce 2020/01/27 02:14 net 2821e26f3a0a dd56146d .config log report
ci-upstream-net-this-kasan-gce 2020/01/22 20:09 net d0f418516022 8eda0b95 .config log report
ci-upstream-net-this-kasan-gce 2020/01/22 14:08 net d0f418516022 8eda0b95 .config log report
ci-upstream-net-this-kasan-gce 2019/11/19 18:51 net 1fc1657775dc 5bc70212 .config log report
ci-upstream-net-this-kasan-gce 2019/11/18 08:58 net 1d4c79ed324a d5696d51 .config log report
ci-upstream-net-this-kasan-gce 2019/11/04 16:55 net 1204c70d9dcb 18e12644 .config log report
ci-upstream-net-this-kasan-gce 2019/11/03 13:49 net 1204c70d9dcb c9610487 .config log report
ci-upstream-net-this-kasan-gce 2019/11/03 09:56 net 1204c70d9dcb a41ca8fa .config log report
ci-upstream-net-this-kasan-gce 2019/11/03 08:54 net 1204c70d9dcb a41ca8fa .config log report
ci-upstream-net-this-kasan-gce 2019/11/03 08:38 net 1204c70d9dcb a41ca8fa .config log report
ci-upstream-net-this-kasan-gce 2019/11/03 08:30 net 1204c70d9dcb a41ca8fa .config log report
ci-upstream-net-this-kasan-gce 2019/11/03 00:35 net 1204c70d9dcb a41ca8fa .config log report
ci-upstream-net-this-kasan-gce 2019/11/02 22:30 net 1204c70d9dcb a41ca8fa .config log report
ci-upstream-net-this-kasan-gce 2019/11/01 15:16 net 6d6f0383b697 a41ca8fa .config log report
ci-upstream-net-this-kasan-gce 2019/11/01 07:40 net 6d6f0383b697 a41ca8fa .config log report
ci-upstream-net-this-kasan-gce 2019/11/01 03:13 net 6d6f0383b697 a41ca8fa .config log report
ci-upstream-net-this-kasan-gce 2019/11/01 02:27 net 6d6f0383b697 a41ca8fa .config log report
ci-upstream-net-this-kasan-gce 2019/10/31 18:07 net 3da09663209d a41ca8fa .config log report
ci-upstream-net-kasan-gce 2020/03/03 23:40 net-next 3b3e808cd883 c88c7b75 .config log report
ci-upstream-net-kasan-gce 2020/03/02 17:59 net-next 3b3e808cd883 c88c7b75 .config log report
ci-upstream-net-kasan-gce 2020/03/01 11:25 net-next 3b3e808cd883 c88c7b75 .config log report
ci-upstream-net-kasan-gce 2020/02/26 15:24 net-next c3e042f54107 59b57593 .config log report
ci-upstream-net-kasan-gce 2020/02/22 20:18 net-next 732a0dee501f 2c36e7a7 .config log report
ci-upstream-net-kasan-gce 2020/02/22 10:23 net-next 5f9721a2d119 2ffa6679 .config log report
ci-upstream-net-kasan-gce 2020/02/18 20:13 net-next b182a66792fe 012fbc32 .config log report
ci-upstream-net-kasan-gce 2020/02/17 17:52 net-next ce7805513d90 2b411596 .config log report
ci-upstream-net-kasan-gce 2020/02/13 13:10 net-next fdfa3a6778b1 84f4fc8a .config log report
ci-upstream-net-kasan-gce 2020/02/11 11:17 net-next fdfa3a6778b1 084454ae .config log report
ci-upstream-net-kasan-gce 2020/02/04 09:08 net-next 9f68e3655aae 93e5e335 .config log report
ci-upstream-net-kasan-gce 2020/02/04 04:01 net-next 9f68e3655aae 93e5e335 .config log report
ci-upstream-net-kasan-gce 2020/01/30 22:28 net-next b3a608222336 5ed23f9a .config log report
ci-upstream-net-kasan-gce 2020/01/23 08:34 net-next c5d19a6ecfce 3334d684 .config log report
ci-upstream-net-kasan-gce 2020/01/22 19:44 net-next 4f2c17e0f332 8eda0b95 .config log report
ci-upstream-net-kasan-gce 2020/01/20 12:08 net-next b3f7e3f23a76 0342f8c7 .config log report
ci-upstream-net-kasan-gce 2019/11/28 00:20 net-next be2eca94d144 0d63f89c .config log report
ci-upstream-net-kasan-gce 2019/11/24 09:48 net-next 8dcdc9524cad 598ca6c8 .config log report
ci-upstream-net-kasan-gce 2019/11/17 22:49 net-next 19b7e21c55c8 d5696d51 .config log report
ci-upstream-net-kasan-gce 2019/10/31 23:36 net-next d86784fe9b03 a41ca8fa .config log report
ci-upstream-net-kasan-gce 2019/10/31 18:18 net-next d86784fe9b03 a41ca8fa .config log report
ci-upstream-net-kasan-gce 2019/10/24 15:07 net-next 8ef0c0409e6b d01bb02a .config log report
ci-upstream-linux-next-kasan-gce-root 2020/02/14 15:18 linux-next 9f01828e9e16 5d7b90f1 .config log report
* Struck through repros no longer work on HEAD.