syzbot

 sign-in | mailing list | source | docs
🐞 Open [964] 🐞 Fixed [3807] 🐞 Invalid [8180] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

INFO: task hung in tls_sw_sendmsg (3)
Status: upstream: reported on 2022/04/25 07:30
Reported-by: syzbot+baad3750d52fcc56930b@syzkaller.appspotmail.com
First crash: 414d, last: 36d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in tls_sw_sendmsg (2) 3 624d 625d 0/22 auto-closed as invalid on 2020/12/09 14:32
upstream INFO: task hung in tls_sw_sendmsg 18 985d 1173d 0/22 closed as dup on 2019/08/19 21:10

Sample crash report:
INFO: task syz-executor.3:5663 blocked for more than 143 seconds.
      Not tainted 5.18.0-rc3-syzkaller-00016-gb253435746d9 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.3  state:D stack:28856 pid: 5663 ppid:  3623 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5073 [inline]
 __schedule+0x939/0xea0 kernel/sched/core.c:6388
 schedule+0xeb/0x1b0 kernel/sched/core.c:6460
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6519
 __mutex_lock_common+0xecf/0x26e0 kernel/locking/mutex.c:673
 __mutex_lock kernel/locking/mutex.c:733 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:785
 tls_sw_sendmsg+0x297/0x1830 net/tls/tls_sw.c:957
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 __sys_sendto+0x42e/0x5b0 net/socket.c:2040
 __do_sys_sendto net/socket.c:2052 [inline]
 __se_sys_sendto net/socket.c:2048 [inline]
 __x64_sys_sendto+0xda/0xf0 net/socket.c:2048
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fd7940890e9
RSP: 002b:00007fd79523f168 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fd79419c030 RCX: 00007fd7940890e9
RDX: feffffff00000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007fd7940e308d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffdf66ea5f R14: 00007fd79523f300 R15: 0000000000022000
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/28:
 #0: ffffffff8cb1ae60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
2 locks held by syslogd/2945:
 #0: ffff8880b9b39c18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x25/0x110 kernel/sched/core.c:554
 #1: ffff8880b9b277c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x567/0x820 kernel/sched/psi.c:889
2 locks held by getty/3270:
 #0: ffff88814c440098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:244
 #1: ffffc90002b832e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ad/0x1c90 drivers/tty/n_tty.c:2075
3 locks held by kworker/0:3/3316:
 #0: ffff888011464d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x796/0xd10 kernel/workqueue.c:2262
 #1: ffffc90002f9fd00 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0xd10 kernel/workqueue.c:2264
 #2: ffff88807cb9a0d8 (&ctx->tx_lock){+.+.}-{3:3}, at: tx_work_handler+0x111/0x150 net/tls/tls_sw.c:2300
5 locks held by kworker/u4:6/3749:
1 lock held by syz-executor.3/5663:
 #0: ffff88807cb9a0d8 (&ctx->tx_lock){+.+.}-{3:3}, at: tls_sw_sendmsg+0x297/0x1830 net/tls/tls_sw.c:957

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 28 Comm: khungtaskd Not tainted 5.18.0-rc3-syzkaller-00016-gb253435746d9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 nmi_cpu_backtrace+0x473/0x4a0 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x168/0x280 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
 watchdog+0xcf9/0xd40 kernel/hung_task.c:369
 kthread+0x266/0x300 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 45 Comm: kworker/u4:2 Not tainted 5.18.0-rc3-syzkaller-00016-gb253435746d9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy7 ieee80211_iface_work
RIP: 0010:preempt_count_add+0x4e/0x180 kernel/sched/core.c:5537
Code: e3 00 00 00 83 3d b1 70 5c 0f 00 75 07 65 8b 05 90 39 a7 7e 65 01 1d 89 39 a7 7e 48 c7 c0 a0 a6 b7 90 48 c1 e8 03 42 8a 04 38 <84> c0 0f 85 db 00 00 00 83 3d 83 70 5c 0f 00 75 11 65 8b 05 62 39
RSP: 0018:ffffc9000115f2e0 EFLAGS: 00000a06
RAX: 1ffffffff216f404 RBX: 0000000000000001 RCX: ffffffff90b7a603
RDX: dffffc0000000000 RSI: ffffffff81d6a418 RDI: 0000000000000001
RBP: 1ffff9200022be78 R08: 0000000000000002 R09: ffffc9000115f4b0
R10: fffff5200022be84 R11: 1ffff9200022be82 R12: ffffc9000115f798
R13: ffffc9000115f3c0 R14: ffffffff81d6a418 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c014c8aa20 CR3: 000000007e96d000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 unwind_next_frame+0xae/0x1dc0 arch/x86/kernel/unwind_orc.c:428
 arch_stack_walk+0x112/0x140 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x12d/0x1f0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4c/0x70 mm/kasan/common.c:45
 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:370
 ____kasan_slab_free+0xd8/0x110 mm/kasan/common.c:366
 kasan_slab_free include/linux/kasan.h:200 [inline]
 slab_free_hook mm/slub.c:1728 [inline]
 slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1754
 slab_free mm/slub.c:3510 [inline]
 kfree+0xc6/0x210 mm/slub.c:4552
 ieee80211_bss_info_update+0x96c/0xc30 net/mac80211/scan.c:232
 ieee80211_rx_bss_info net/mac80211/ibss.c:1119 [inline]
 ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1610 [inline]
 ieee80211_ibss_rx_queued_mgmt+0x1659/0x28c0 net/mac80211/ibss.c:1639
 ieee80211_iface_process_skb net/mac80211/iface.c:1527 [inline]
 ieee80211_iface_work+0x757/0xcd0 net/mac80211/iface.c:1581
 process_one_work+0x81c/0xd10 kernel/workqueue.c:2289
 worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
 kthread+0x266/0x300 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30
 </TASK>
----------------
Code disassembly (best guess):
   0:	e3 00                	jrcxz  0x2
   2:	00 00                	add    %al,(%rax)
   4:	83 3d b1 70 5c 0f 00 	cmpl   $0x0,0xf5c70b1(%rip)        # 0xf5c70bc
   b:	75 07                	jne    0x14
   d:	65 8b 05 90 39 a7 7e 	mov    %gs:0x7ea73990(%rip),%eax        # 0x7ea739a4
  14:	65 01 1d 89 39 a7 7e 	add    %ebx,%gs:0x7ea73989(%rip)        # 0x7ea739a4
  1b:	48 c7 c0 a0 a6 b7 90 	mov    $0xffffffff90b7a6a0,%rax
  22:	48 c1 e8 03          	shr    $0x3,%rax
  26:	42 8a 04 38          	mov    (%rax,%r15,1),%al
* 2a:	84 c0                	test   %al,%al <-- trapping instruction
  2c:	0f 85 db 00 00 00    	jne    0x10d
  32:	83 3d 83 70 5c 0f 00 	cmpl   $0x0,0xf5c7083(%rip)        # 0xf5c70bc
  39:	75 11                	jne    0x4c
  3b:	65                   	gs
  3c:	8b                   	.byte 0x8b
  3d:	05                   	.byte 0x5
  3e:	62                   	.byte 0x62
  3f:	39                   	.byte 0x39

Crashes (30):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2022/04/21 05:31 upstream b253435746d9 d4befee1 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-kasan-gce 2022/02/22 21:20 upstream 917bbdb107f8 6e821dbf .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-kasan-gce-smack-root 2022/02/16 11:15 upstream c5d9ae265b10 8b9ca619 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-kasan-gce 2022/02/06 19:59 upstream d8ad2ce873ab a7dab638 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-kasan-gce 2021/10/20 16:36 upstream d9abdee5fd5a 418a00eb .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-kasan-gce 2021/10/11 03:01 upstream efb52a7d9511 838e7e2c .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-kasan-gce 2021/08/25 12:23 upstream 6e764bcd1cf7 b599f2fc .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-kasan-gce-selinux-root 2021/08/16 04:35 upstream 7c60610d4767 2489ab88 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-kasan-gce-root 2021/07/02 01:55 upstream e058a84bfddc 658ebc66 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-kasan-gce-386 2022/04/21 07:22 upstream b253435746d9 d4befee1 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-kasan-gce-386 2021/07/02 02:23 upstream e04360a2ea01 658ebc66 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-this-kasan-gce 2022/03/26 13:40 net b50d3b46f842 89bc8608 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-this-kasan-gce 2022/01/22 02:05 net 67ab55956e64 214351e1 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-this-kasan-gce 2021/12/31 09:17 net 74c78b4291b4 36bd2e48 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-this-kasan-gce 2021/11/13 09:38 net 66f4beaa6c1d 83f5c9b5 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-this-kasan-gce 2021/11/04 23:43 net d00c8ee31729 4c1be0be .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-this-kasan-gce 2021/10/18 11:18 net fac3cb82a54a 0c5d9412 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-this-kasan-gce 2021/09/19 04:13 net 02319bf15acf 70b76c1d .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-this-kasan-gce 2021/07/06 05:34 net c6c205ed442e 55aa55c2 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-this-kasan-gce 2021/07/05 03:00 net dbe69e433722 55aa55c2 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-this-kasan-gce 2021/04/07 22:14 net 5219d6012d46 6a81331a .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-kasan-gce 2022/02/18 22:45 net-next 5a8fb33e5305 3cd800e4 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-kasan-gce 2021/11/30 02:00 net-next 2f7ed29f2c54 d0830353 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-kasan-gce 2021/11/14 20:11 net-next 1274a4eb318d 83f5c9b5 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-kasan-gce 2021/11/05 04:55 net-next cc0356d6a02e 4c1be0be .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-kasan-gce 2021/10/21 10:13 net-next 2641b62d2fab f111d03b .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-kasan-gce 2021/10/20 19:33 net-next 816219a86d21 418a00eb .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-kasan-gce 2021/08/28 20:16 net-next 49b99da2c9ce be2c130d .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-net-kasan-gce 2021/07/05 23:12 net-next 5e437416ff66 55aa55c2 .config log report info INFO: task hung in tls_sw_sendmsg
ci-upstream-linux-next-kasan-gce-root 2022/04/21 05:38 linux-next f1244c81da13 d4befee1 .config log report info INFO: task can't die in tls_sw_sendmsg