syzbot


INFO: task hung in process_echoes

Status: auto-closed as invalid on 2019/02/22 12:59
First crash: 2113d, last: 2113d

Sample crash report:
INFO: task kworker/u4:2:482 blocked for more than 140 seconds.
      Not tainted 4.9.111-g03c70fe #6
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:2    D25304   482      2 0x00000000
Workqueue: events_unbound flush_to_ldisc
 ffff8801d8406000 ffff8801bca1df80 ffff8801d946f9c0 ffff88019b8f8000
 ffff8801db221c18 ffff8801d8b8f8d8 ffffffff839e7ded ffff8801d84068c8
 ffffed003b080d18 ffff8801d8406000 00fffc0000000000 ffff8801db2224e8
Call Trace:
 [<ffffffff839e93ef>] schedule+0x7f/0x1b0 kernel/sched/core.c:3557
 [<ffffffff839e9d73>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3590
 [<ffffffff839ee1f6>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
 [<ffffffff839ee1f6>] mutex_lock_nested+0x326/0x870 kernel/locking/mutex.c:621
 [<ffffffff8211adb2>] process_echoes+0xa2/0x150 drivers/tty/n_tty.c:781
 [<ffffffff821242ef>] n_tty_receive_char_inline drivers/tty/n_tty.c:1382 [inline]
 [<ffffffff821242ef>] n_tty_receive_buf_standard drivers/tty/n_tty.c:1552 [inline]
 [<ffffffff821242ef>] __receive_buf drivers/tty/n_tty.c:1615 [inline]
 [<ffffffff821242ef>] n_tty_receive_buf_common+0x113f/0x2300 drivers/tty/n_tty.c:1711
 [<ffffffff821254e3>] n_tty_receive_buf2+0x33/0x40 drivers/tty/n_tty.c:1746
 [<ffffffff8212afdf>] tty_ldisc_receive_buf+0xaf/0x190 drivers/tty/tty_buffer.c:455
 [<ffffffff8212bfe3>] receive_buf drivers/tty/tty_buffer.c:474 [inline]
 [<ffffffff8212bfe3>] flush_to_ldisc+0x253/0x370 drivers/tty/tty_buffer.c:533
 [<ffffffff8118d131>] process_one_work+0x7e1/0x1500 kernel/workqueue.c:2092
 [<ffffffff8118df26>] worker_thread+0xd6/0x10a0 kernel/workqueue.c:2226
 [<ffffffff8119d05d>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff839f8e9c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373

Showing all locks held in the system:
6 locks held by kworker/u4:2/482:
 #0:  ("events_unbound"){.+.+.+}, at: [<ffffffff8118d03e>] work_static include/linux/workqueue.h:186 [inline]
 #0:  ("events_unbound"){.+.+.+}, at: [<ffffffff8118d03e>] set_work_data kernel/workqueue.c:617 [inline]
 #0:  ("events_unbound"){.+.+.+}, at: [<ffffffff8118d03e>] set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0:  ("events_unbound"){.+.+.+}, at: [<ffffffff8118d03e>] process_one_work+0x6ee/0x1500 kernel/workqueue.c:2085
 #1:  ((&buf->work)){+.+...}, at: [<ffffffff8118d078>] process_one_work+0x728/0x1500 kernel/workqueue.c:2089
 #2:  (&tty->ldisc_sem){++++++}, at: [<ffffffff821297b0>] tty_ldisc_ref+0x20/0x80 drivers/tty/tty_ldisc.c:296
 #3:  (&port->buf.lock/1){+.+...}, at: [<ffffffff8212be16>] flush_to_ldisc+0x86/0x370 drivers/tty/tty_buffer.c:505
 #4:  (&o_tty->termios_rwsem/1){++++..}, at: [<ffffffff8212323b>] n_tty_receive_buf_common+0x8b/0x2300 drivers/tty/n_tty.c:1674
 #5:  (&ldata->output_lock){+.+...}, at: [<ffffffff8211adb2>] process_echoes+0xa2/0x150 drivers/tty/n_tty.c:781
2 locks held by khungtaskd/519:
 #0:  (rcu_read_lock){......}, at: [<ffffffff813666fc>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff813666fc>] watchdog+0x11c/0xa20 kernel/hung_task.c:239
 #1:  (tasklist_lock){.+.+..}, at: [<ffffffff81425d87>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/3781:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff839f6e92>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff8211e602>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2133
4 locks held by syz-executor3/23163:
 #0:  (&tty->legacy_mutex){+.+.+.}, at: [<ffffffff8212ef5a>] tty_lock+0x6a/0xd0 drivers/tty/tty_mutex.c:18
 #1:  (&tty->legacy_mutex/1){+.+.+.}, at: [<ffffffff8212ef5a>] tty_lock+0x6a/0xd0 drivers/tty/tty_mutex.c:18
 #2:  (&tty->ldisc_sem){++++++}, at: [<ffffffff821297b0>] tty_ldisc_ref+0x20/0x80 drivers/tty/tty_ldisc.c:296
 #3:  (&o_tty->termios_rwsem/1){++++..}, at: [<ffffffff8211c351>] n_tty_flush_buffer+0x21/0x310 drivers/tty/n_tty.c:359

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 519 Comm: khungtaskd Not tainted 4.9.111-g03c70fe #6
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d8567d08 ffffffff81eb2729 0000000000000000 0000000000000001
 0000000000000001 0000000000000001 ffffffff810b9af0 ffff8801d8567d40
 ffffffff81ebda27 0000000000000001 0000000000000000 0000000000000002
Call Trace:
 [<ffffffff81eb2729>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81eb2729>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81ebda27>] nmi_cpu_backtrace.cold.2+0x48/0x87 lib/nmi_backtrace.c:99
 [<ffffffff81ebd9ba>] nmi_trigger_cpumask_backtrace+0x12a/0x14f lib/nmi_backtrace.c:60
 [<ffffffff810b9bf4>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff81366c94>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff81366c94>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff81366c94>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff81366c94>] watchdog+0x6b4/0xa20 kernel/hung_task.c:239
 [<ffffffff8119d05d>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff839f8e9c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 23168 Comm: syz-executor3 Not tainted 4.9.111-g03c70fe #6
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801d4cd8000 task.stack: ffff88019f110000
RIP: 0010:[<ffffffff8135ea3b>] c [<ffffffff8135ea3b>] __sanitizer_cov_trace_pc+0x2b/0x50 kernel/kcov.c:100
RSP: 0018:ffff88019f117970  EFLAGS: 00000246
RAX: ffff8801d4cd8000 RBX: ffffc900128c7000 RCX: 0000000000000000
RDX: 0000000000000002 RSI: ffffffff8211a498 RDI: ffffc900128c9110
RBP: ffff88019f117970 R08: ffff8801d4cd8938 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 00000006a7ac4eb1
R13: 00000000000000e1 R14: dffffc0000000000 R15: 00000006a7ac4eb1
FS:  00007fa424673700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdb98249f80 CR3: 00000001d37cf000 CR4: 00000000001606f0
DR0: 0000000020000180 DR1: 0000000020000180 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Stack:
 ffff88019f1179e8c ffffffff8211a498c ffff88019f1179c0c 0000000000000000c
 ffffc900128c9278c ffffed0039f8d3a5c ffff8801cfc69d2cc ffffc900128c7020c
 0000000000001f00c ffff8801cfc69980c ffffc900128c9300c ffffc900128c7000c
Call Trace:
 [<ffffffff8211a498>] __process_echoes+0x5b8/0x780 drivers/tty/n_tty.c:733
 [<ffffffff82123ee4>] flush_echoes drivers/tty/n_tty.c:801 [inline]
 [<ffffffff82123ee4>] __receive_buf drivers/tty/n_tty.c:1617 [inline]
 [<ffffffff82123ee4>] n_tty_receive_buf_common+0xd34/0x2300 drivers/tty/n_tty.c:1711
 [<ffffffff82125520>] n_tty_receive_buf+0x30/0x40 drivers/tty/n_tty.c:1740
 [<ffffffff8211593f>] tiocsti drivers/tty/tty_io.c:2314 [inline]
 [<ffffffff8211593f>] tty_ioctl+0xc8f/0x2270 drivers/tty/tty_io.c:2905
 [<ffffffff815b2c6c>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff815b2c6c>] file_ioctl fs/ioctl.c:493 [inline]
 [<ffffffff815b2c6c>] do_vfs_ioctl+0x1ac/0x11a0 fs/ioctl.c:677
 [<ffffffff815b3cef>] SYSC_ioctl fs/ioctl.c:694 [inline]
 [<ffffffff815b3cef>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
 [<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
 [<ffffffff839f8cd3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: c55 c48 c89 ce5 c65 c48 c8b c04 c25 cc0 c7d c01 c00 c65 c8b c15 c2c c93 ccb c7e c81 ce2 c00 c01 c1f c00 c48 c8b c75 c08 c75 c2b c8b c90 c80 c12 c00 c00 c83 cfa c02 c75 c20 c<48> c8b c88 c88 c12 c00 c00 c8b c80 c84 c12 c00 c00 c48 c8b c11 c48 c83 cc2 c01 c48 c

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/11 05:12 https://android.googlesource.com/kernel/common android-4.9 03c70feafdb2 2e0e3130 .config console log report ci-android-49-kasan-gce-root
* Struck through repros no longer work on HEAD.