syzbot


INFO: task hung in mutex_lock_nested

Status: auto-closed as invalid on 2019/02/22 12:59
First crash: 2547d, last: 2541d

Sample crash report:
unregister_netdevice: waiting for lo to become free. Usage count = 4
INFO: task syz-executor0:8199 blocked for more than 120 seconds.
      Not tainted 4.9.67-gf26d3c7 #106
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0   D29392  8199      1 0x00000004
 ffff8801a8293000 0000000000000000 ffff8801aa754a80 ffff8801da29b000
 ffff8801db321418 ffff8801d5f1fc18 ffffffff838981cb 0000000000000000
 0000000000000007 00ff8801a8293000 ffff8801db321ce8 ffff8801db321d10
Call Trace:
 [<ffffffff8389976f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3550
 [<ffffffff8389a0f3>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3583
 [<ffffffff8389f702>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
 [<ffffffff8389f702>] mutex_lock_nested+0x312/0x870 kernel/locking/mutex.c:621
unregister_netdevice: waiting for lo to become free. Usage count = 4
 [<ffffffff82f14b05>] copy_net_ns+0x155/0x280 net/core/net_namespace.c:387
 [<ffffffff8119bb1f>] create_new_namespaces+0x37f/0x730 kernel/nsproxy.c:106
 [<ffffffff8119c4ae>] unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:205
 [<ffffffff8112e33d>] SYSC_unshare kernel/fork.c:2238 [inline]
 [<ffffffff8112e33d>] SyS_unshare+0x3dd/0x6f0 kernel/fork.c:2188
 [<ffffffff838a9985>] entry_SYSCALL_64_fastpath+0x23/0xc6

Showing all locks held in the system:
2 locks held by khungtaskd/514:
 #0:  (rcu_read_lock){......}, at: [<ffffffff8136fe05>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff8136fe05>] watchdog+0x125/0xa70 kernel/hung_task.c:239
 #1:  (tasklist_lock){.+.+..}, at: [<ffffffff812355d0>] debug_show_all_locks+0x70/0x280 kernel/locking/lockdep.c:4336
2 locks held by getty/3237:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff838a7b92>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+.+.}, at: [<ffffffff82001d24>] n_tty_read+0x1f4/0x16c0 drivers/tty/n_tty.c:2133
3 locks held by kworker/u4:9/6142:
 #0:  ("%s""netns"){.+.+.+}, at: [<ffffffff811876e9>] __write_once_size include/linux/compiler.h:272 [inline]
 #0:  ("%s""netns"){.+.+.+}, at: [<ffffffff811876e9>] atomic64_set arch/x86/include/asm/atomic64_64.h:33 [inline]
 #0:  ("%s""netns"){.+.+.+}, at: [<ffffffff811876e9>] atomic_long_set include/asm-generic/atomic-long.h:56 [inline]
 #0:  ("%s""netns"){.+.+.+}, at: [<ffffffff811876e9>] set_work_data kernel/workqueue.c:616 [inline]
 #0:  ("%s""netns"){.+.+.+}, at: [<ffffffff811876e9>] set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0:  ("%s""netns"){.+.+.+}, at: [<ffffffff811876e9>] process_one_work+0x6a9/0x15f0 kernel/workqueue.c:2083
 #1:  (net_cleanup_work){+.+.+.}, at: [<ffffffff8118771b>] process_one_work+0x6db/0x15f0 kernel/workqueue.c:2087
 #2:  (net_mutex){+.+.+.}, at: [<ffffffff82f144df>] cleanup_net+0x13f/0x610 net/core/net_namespace.c:420
1 lock held by syz-executor0/8199:
 #0:  (net_mutex){+.+.+.}, at: [<ffffffff82f14b05>] copy_net_ns+0x155/0x280 net/core/net_namespace.c:387

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 514 Comm: khungtaskd Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d897fd00 ffffffff81d906e9 0000000000000000 0000000000000000
 0000000000000000 0000000000000001 ffffffff810ba170 ffff8801d897fd38
 ffffffff81d9b80d 0000000000000000 0000000000000000 ffff8801a8293418
Call Trace:
 [<ffffffff81d906e9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d906e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81d9b80d>] nmi_cpu_backtrace+0xfd/0x120 lib/nmi_backtrace.c:99
 [<ffffffff81d9b947>] nmi_trigger_cpumask_backtrace+0x117/0x190 lib/nmi_backtrace.c:60
 [<ffffffff810ba264>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff813703d0>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff813703d0>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff813703d0>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff813703d0>] watchdog+0x6f0/0xa70 kernel/hung_task.c:239
 [<ffffffff811985ad>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff838a9c2a>] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 6142 Comm: kworker/u4:9 Not tainted 4.9.67-gf26d3c7 #106
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_netc
task: ffff8801ce60b000 task.stack: ffff8801d85a0000
RIP: 0010:[<ffffffff81239cb9>] c [<ffffffff81239cb9>] validate_chain kernel/locking/lockdep.c:2235 [inline]
RIP: 0010:[<ffffffff81239cb9>] c [<ffffffff81239cb9>] __lock_acquire+0x849/0x3640 kernel/locking/lockdep.c:3345
RSP: 0018:ffff8801d85a7010  EFLAGS: 00000046
RAX: dffffc0000000000 RBX: ffff8801ce60b978 RCX: 1ffff10039cc1733
RDX: 1ffffffff09a7f63 RSI: 000000008372c5cd RDI: ffffffff84d3fb18
RBP: ffff8801d85a71d0 R08: 1ffff10039cc172e R09: 0000000000000001
R10: 0000000000000000 R11: ffff8801ce60b000 R12: ffffffff84d3fb08
R13: 00000000bfb9ea4c R14: 689ca9db8372c5cd R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5c46a099b8 CR3: 00000001cf364000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8801d85a7080c ffff8801d85a7058c ffff8801da163da0c ffff8801da163e40c
 0000000041b58ab3c ffffffff841889ddc ffffffff811fc4c0c ffff8801d85a7088c
 0000000000004117c 0000000000002571c 0000000000002571c 0000000000000367c
Call Trace:
 [<ffffffff8123d4ee>] lock_acquire+0x12e/0x410 kernel/locking/lockdep.c:3756
 [<ffffffff838a97ee>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:112 [inline]
 [<ffffffff838a97ee>] _raw_spin_lock_irqsave+0x4e/0x70 kernel/locking/spinlock.c:159
 [<ffffffff812010d2>] load_balance+0x6d2/0x2e90 kernel/sched/fair.c:9421
 [<ffffffff81203fa1>] idle_balance kernel/sched/fair.c:9689 [inline]
 [<ffffffff81203fa1>] pick_next_task_fair+0x711/0x1fe0 kernel/sched/fair.c:7506
 [<ffffffff83897dd8>] pick_next_task kernel/sched/core.c:3355 [inline]
 [<ffffffff83897dd8>] __schedule+0x288/0x1ba0 kernel/sched/core.c:3477
 [<ffffffff8389976f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3550
 [<ffffffff838a59a3>] schedule_timeout+0x643/0x1220 kernel/time/timer.c:1770
 [<ffffffff8389c8ae>] do_wait_for_common kernel/sched/completion.c:75 [inline]
 [<ffffffff8389c8ae>] __wait_for_common kernel/sched/completion.c:93 [inline]
 [<ffffffff8389c8ae>] wait_for_common kernel/sched/completion.c:101 [inline]
 [<ffffffff8389c8ae>] wait_for_completion+0x20e/0x2e0 kernel/sched/completion.c:122
 [<ffffffff8128c179>] _rcu_barrier+0x249/0x330 kernel/rcu/tree.c:3701
 [<ffffffff8128c2b0>] rcu_barrier+0x10/0x20 kernel/rcu/tree_plugin.h:692
 [<ffffffff82f483e5>] netdev_wait_allrefs net/core/dev.c:7423 [inline]
 [<ffffffff82f483e5>] netdev_run_todo+0x2a5/0x6b0 net/core/dev.c:7511
 [<ffffffff82f6d44e>] rtnl_unlock+0xe/0x10 net/core/rtnetlink.c:104
 [<ffffffff82f2aaf8>] default_device_exit_batch+0x358/0x410 net/core/dev.c:8311
 [<ffffffff82f118f0>] ops_exit_list.isra.4+0x100/0x150 net/core/net_namespace.c:139
 [<ffffffff82f146bd>] cleanup_net+0x31d/0x610 net/core/net_namespace.c:454
 [<ffffffff811877cf>] process_one_work+0x78f/0x15f0 kernel/workqueue.c:2090
 [<ffffffff81188710>] worker_thread+0xe0/0x10d0 kernel/workqueue.c:2224
 [<ffffffff811985ad>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff838a9c2a>] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433
Code: c00 cfc cff cdf c48 cc1 cea c03 c0f cb6 c04 c02 c84 cc0 c74 c08 c3c c03 c0f c8e c8f c29 c00 c00 c8b c43 c20 c25 c00 c80 c04 c00 c3d c00 c00 c04 c00 c0f c84 cf0 c09 c00 c00 c<48> cc7 cc2 c00 c97 c64 c84 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c48 cc1 cea c03 c

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/12/07 03:21 https://android.googlesource.com/kernel/common android-4.9 f26d3c76d376 5d643f8e .config console log report ci-android-49-kasan-gce
2017/12/01 07:26 https://android.googlesource.com/kernel/common android-4.9 c1a286429a0e 16668351 .config console log report ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.