syzbot

 sign-in | mailing list | source | docs
🐞 Open [941] 🐞 Fixed [4015] 🐞 Invalid [8872] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

INFO: task hung in nbd_ioctl (2)

Status: fixed on 2020/09/25 01:17
Reported-by: syzbot+e36f41d207137b5d12f7@syzkaller.appspotmail.com
Fix commit: 2a63866c8b51 tipc: fix shutdown() of connectionless socket
First crash: 1029d, last: 758d
similar bugs (6):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 INFO: task hung in nbd_ioctl C done 18 1003d 1077d 1/1 fixed on 2019/12/28 10:32
linux-4.14 INFO: task hung in nbd_ioctl (2) C done 16 750d 995d 1/1 fixed on 2020/10/21 11:01
upstream INFO: task hung in nbd_ioctl C done 71 1055d 1090d 14/24 fixed on 2019/11/06 12:39
linux-4.19 INFO: task hung in nbd_ioctl C error 74 82d 1079d 0/1 upstream: reported C repro on 2019/10/12 13:11
upstream INFO: task hung in nbd_ioctl (3) C done unreliable 22 20d 727d 0/24 upstream: reported C repro on 2020/09/28 07:17
linux-4.14 INFO: task hung in nbd_ioctl (3) C inconclusive 12 130d 681d 0/1 upstream: reported C repro on 2020/11/13 07:37

Sample crash report:
INFO: task syz-executor.2:10033 blocked for more than 143 seconds.
      Not tainted 5.9.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2  state:D stack:28360 pid:10033 ppid:  6875 flags:0x00004004
Call Trace:
 context_switch kernel/sched/core.c:3778 [inline]
 __schedule+0x8e5/0x21e0 kernel/sched/core.c:4527
 schedule+0xd0/0x2a0 kernel/sched/core.c:4602
 schedule_timeout+0x1d8/0x250 kernel/time/timer.c:1855
 do_wait_for_common kernel/sched/completion.c:85 [inline]
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x163/0x260 kernel/sched/completion.c:138
 flush_workqueue+0x3ff/0x13e0 kernel/workqueue.c:2832
 nbd_start_device_ioctl drivers/block/nbd.c:1330 [inline]
 __nbd_ioctl drivers/block/nbd.c:1405 [inline]
 nbd_ioctl+0x7ac/0xb77 drivers/block/nbd.c:1445
 __blkdev_driver_ioctl block/ioctl.c:224 [inline]
 blkdev_ioctl+0x28c/0x700 block/ioctl.c:620
 block_ioctl+0xf9/0x140 fs/block_dev.c:1871
 vfs_ioctl fs/ioctl.c:48 [inline]
 __do_sys_ioctl fs/ioctl.c:753 [inline]
 __se_sys_ioctl fs/ioctl.c:739 [inline]
 __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:739
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5b9
Code: Bad RIP value.
RSP: 002b:00007fea163e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000012880 RCX: 000000000045d5b9
RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003
RBP: 000000000118cf78 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c
R13: 00007ffdc4edcb0f R14: 00007fea163e59c0 R15: 000000000118cf4c

Showing all locks held in the system:
1 lock held by khungtaskd/1165:
 #0: ffffffff89bd6900 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:5825
1 lock held by in:imklog/6537:
 #0: ffff88809ebcdb30 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:930
1 lock held by systemd-udevd/9551:
2 locks held by kworker/u5:0/30326:
 #0: ffff88804cc54138 ((wq_completion)knbd2-recv){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88804cc54138 ((wq_completion)knbd2-recv){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
 #0: ffff88804cc54138 ((wq_completion)knbd2-recv){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff88804cc54138 ((wq_completion)knbd2-recv){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
 #0: ffff88804cc54138 ((wq_completion)knbd2-recv){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff88804cc54138 ((wq_completion)knbd2-recv){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 kernel/workqueue.c:2240
 #1: ffffc90015c3fda8 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 kernel/workqueue.c:2244

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1165 Comm: khungtaskd Not tainted 5.9.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1b3/0x223 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline]
 watchdog+0xd7d/0x1000 kernel/hung_task.c:295
 kthread+0x3b5/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 9551 Comm: systemd-udevd Not tainted 5.9.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:iterate_chain_key kernel/locking/lockdep.c:386 [inline]
RIP: 0010:__lock_acquire+0xc66/0x5640 kernel/locking/lockdep.c:4414
Code: f0 29 c7 89 c6 01 d0 48 8b 54 24 20 c1 c6 04 31 fe 48 c1 e6 20 48 09 c6 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df 0f b6 04 02 <48> 89 74 24 08 84 c0 74 08 3c 03 0f 8e 0b 3c 00 00 8b 45 20 25 00
RSP: 0018:ffffc90000007aa0 EFLAGS: 00000802
RAX: 0000000000000000 RBX: 00000000734ffe93 RCX: 000000008357d655
RDX: 1ffff1100904bd73 RSI: 86ffc811e6eccc48 RDI: 0000000091e6366e
RBP: ffff88804825eb78 R08: 0000000000000000 R09: ffffffff8c5f39e7
R10: fffffbfff18be73c R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: ffff88804825e240 R15: 0000000000000000
FS:  00007f92fd1c98c0(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000557ed0bba078 CR3: 000000008c556000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 lock_acquire+0x1f1/0xad0 kernel/locking/lockdep.c:5005
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:159
 debug_object_deactivate lib/debugobjects.c:710 [inline]
 debug_object_deactivate+0x101/0x300 lib/debugobjects.c:698
 debug_hrtimer_deactivate kernel/time/hrtimer.c:425 [inline]
 debug_deactivate kernel/time/hrtimer.c:486 [inline]
 __run_hrtimer kernel/time/hrtimer.c:1492 [inline]
 __hrtimer_run_queues+0x3cb/0xfc0 kernel/time/hrtimer.c:1588
 hrtimer_interrupt+0x32a/0x930 kernel/time/hrtimer.c:1650
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline]
 __sysvec_apic_timer_interrupt+0x142/0x5e0 arch/x86/kernel/apic/apic.c:1097
 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
 sysvec_apic_timer_interrupt+0xb2/0xf0 arch/x86/kernel/apic/apic.c:1091
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:770 [inline]
RIP: 0010:console_trylock_spinning kernel/printk/printk.c:1787 [inline]
RIP: 0010:vprintk_emit+0x64b/0x770 kernel/printk/printk.c:2028
Code: 48 b8 00 00 00 00 00 fc ff df 41 80 7c 05 00 00 0f 85 e8 00 00 00 48 83 3d 49 b5 58 08 00 74 6b e8 8a b8 16 00 48 89 df 57 9d <0f> 1f 44 00 00 e9 03 ff ff ff e8 76 b8 16 00 49 c1 ed 03 e8 9d 7f
RSP: 0018:ffffc90007207710 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000293 RCX: 0000000000000006
RDX: ffff88804825e240 RSI: ffffffff815d8686 RDI: 0000000000000293
RBP: ffffc90007207750 R08: 0000000000000001 R09: ffffffff8c5f3a2f
R10: fffffbfff18be745 R11: 0000000000000001 R12: 0000000000000025
R13: 1ffffffff136c779 R14: 0000000000000200 R15: 0000000000000000
 vprintk_func+0x8f/0x1a6 kernel/printk/printk_safe.c:393
 printk+0xba/0xed kernel/printk/printk.c:2078
 check_partition block/partitions/core.c:167 [inline]
 blk_add_partitions+0x5be/0xe10 block/partitions/core.c:698
 bdev_disk_changed+0x1ea/0x370 fs/block_dev.c:1416
 __blkdev_get+0xee4/0x1aa0 fs/block_dev.c:1559
 blkdev_get fs/block_dev.c:1639 [inline]
 blkdev_open+0x227/0x300 fs/block_dev.c:1753
 do_dentry_open+0x4b9/0x11b0 fs/open.c:817
 do_open fs/namei.c:3251 [inline]
 path_openat+0x1b9a/0x2730 fs/namei.c:3368
 do_filp_open+0x17e/0x3c0 fs/namei.c:3395
 do_sys_openat2+0x16d/0x420 fs/open.c:1168
 do_sys_open fs/open.c:1184 [inline]
 __do_sys_open fs/open.c:1192 [inline]
 __se_sys_open fs/open.c:1188 [inline]
 __x64_sys_open+0x119/0x1c0 fs/open.c:1188
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f92fc310840
Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
RSP: 002b:00007ffe74fe6f68 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000557ed0b7c8e0 RCX: 00007f92fc310840
RDX: 0000557ecfcedfe3 RSI: 00000000000a0800 RDI: 0000557ed0b761f0
RBP: 00007ffe74fe70e0 R08: 0000557ecfced670 R09: 0000000000000010
R10: 0000557ecfcedd0c R11: 0000000000000246 R12: 00007ffe74fe7030
R13: 0000557ed0b69690 R14: 0000000000000003 R15: 000000000000000e

Crashes (37):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2020/08/28 12:38 upstream 15bc20c6af4c 816e0689 .config log report
ci-upstream-kasan-gce-root 2020/08/01 06:40 upstream d8b9faec54ae d895b3be .config log report
ci-upstream-kasan-gce-root 2020/07/26 02:05 upstream 23ee3e4e5bd2 1f7cc1ca .config log report
ci-upstream-kasan-gce-selinux-root 2020/07/17 12:07 upstream f8456690ba8e 54b3c45e .config log report
ci-upstream-kasan-gce-root 2020/07/17 12:05 upstream f8456690ba8e 54b3c45e .config log report
ci-upstream-kasan-gce-root 2020/07/16 01:23 upstream e9919e11e219 f3bec699 .config log report
ci-upstream-kasan-gce-root 2020/06/25 09:47 upstream 7ae77150d94d 54566aff .config log report
ci-upstream-kasan-gce-selinux-root 2020/06/01 19:25 upstream 3d77e6a8804a a0331e89 .config log report
ci-upstream-kasan-gce-root 2020/05/31 17:26 upstream ffeb595d8481 a0331e89 .config log report
ci-upstream-kasan-gce-root 2020/05/26 01:33 upstream 9cb1fd0efd19 30927cd7 .config log report
ci-upstream-kasan-gce-selinux-root 2020/05/08 10:47 upstream 6e7f2eacf098 6c70a1c2 .config log report
ci-upstream-kasan-gce-selinux-root 2020/05/04 07:25 upstream 262f7a6b8317 58ae5e18 .config log report
ci-upstream-kasan-gce-selinux-root 2020/03/29 23:08 upstream e595dd94515e 05736b29 .config log report
ci-upstream-kasan-gce-root 2020/03/28 04:33 upstream 527630fbf4f1 831e9a81 .config log report
ci-upstream-kasan-gce-root 2020/03/10 15:59 upstream 30bb5572ce7a 35f53e45 .config log report
ci-upstream-kasan-gce-smack-root 2020/03/06 12:29 upstream 63623fd44972 c88c7b75 .config log report
ci-upstream-kasan-gce-root 2020/02/29 17:21 upstream f8788d86ab28 59b57593 .config log report
ci-upstream-kasan-gce-root 2020/02/29 10:55 upstream f8788d86ab28 59b57593 .config log report
ci-upstream-kasan-gce-smack-root 2020/02/28 22:40 upstream f8788d86ab28 59b57593 .config log report
ci-upstream-kasan-gce-root 2020/02/25 12:47 upstream f8788d86ab28 59b57593 .config log report
ci-upstream-kasan-gce-selinux-root 2020/02/17 21:56 upstream 11a48a5a18c6 2b411596 .config log report
ci-upstream-kasan-gce-root 2020/02/15 18:24 upstream 2019fc96af22 5d7b90f1 .config log report
ci-upstream-kasan-gce-smack-root 2020/02/05 04:33 upstream 33b40134e5cf 93e5e335 .config log report
ci-upstream-kasan-gce-selinux-root 2020/02/02 12:49 upstream 94f2630b1897 2274ad39 .config log report
ci-upstream-kasan-gce-selinux-root 2020/01/27 09:16 upstream a45ea48e2bcd dd56146d .config log report
ci-upstream-kasan-gce-smack-root 2020/01/22 15:58 upstream d96d875ef5dd 8eda0b95 .config log report
ci-upstream-kasan-gce-smack-root 2020/01/19 07:20 upstream 244dc2689085 bc8bc756 .config log report
ci-upstream-kasan-gce-root 2019/12/24 18:57 upstream 46cf053efec6 be5c2c81 .config log report
ci-upstream-kasan-gce-smack-root 2019/11/30 17:31 upstream 81b6b96475ac 3a75be00 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/07/03 08:37 linux-next aab2003999e7 bed10395 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/06/25 09:41 linux-next e7b08814b16b 54566aff .config log report
ci-upstream-linux-next-kasan-gce-root 2020/06/25 01:34 linux-next e7b08814b16b 54566aff .config log report
ci-upstream-linux-next-kasan-gce-root 2020/05/13 05:42 linux-next ac935d227366 a44eb8f7 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/03/23 09:25 linux-next 770fbb32d34e 78267cec .config log report
ci-upstream-linux-next-kasan-gce-root 2020/03/04 01:54 linux-next c99b17ac0399 c88c7b75 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/03/02 16:55 linux-next c99b17ac0399 c88c7b75 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/12/24 18:53 linux-next 7ddd09fc4b74 be5c2c81 .config log report
* Struck through repros no longer work on HEAD.