syzbot

 sign-in | mailing list | source | docs
🐞 Open [196] 🐞 Fixed [42] 🐞 Invalid [470] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: task hung in tun_chr_close

Status: auto-closed as invalid on 2019/02/22 14:33
First crash: 2175d, last: 2175d
Similar bugs (11)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 INFO: task hung in tun_chr_close 1 39d 39d 0/3 upstream: reported on 2024/03/18 08:54
linux-4.19 INFO: task hung in tun_chr_close 1 1353d 1353d 0/1 auto-closed as invalid on 2020/12/09 18:55
upstream INFO: task hung in tun_chr_close (4) net syz unreliable error 14 895d 955d 0/26 auto-closed as invalid on 2022/09/18 21:51
upstream INFO: task hung in tun_chr_close net 5 1679d 2261d 0/26 closed as dup on 2018/02/16 08:24
linux-4.19 INFO: task hung in tun_chr_close (3) 1 630d 630d 0/1 auto-obsoleted due to no activity on 2022/12/03 04:48
upstream INFO: task hung in rtnetlink_rcv_msg net C inconclusive inconclusive 913 45d 1890d 0/26 upstream: reported C repro on 2019/02/22 17:00
linux-4.19 INFO: task hung in tun_chr_close (4) 3 436d 464d 0/1 upstream: reported on 2023/01/18 07:05
linux-4.19 INFO: task hung in tun_chr_close (2) 6 843d 937d 0/1 auto-closed as invalid on 2022/05/04 09:03
upstream INFO: task hung in tun_chr_close (3) net 1 1067d 1067d 0/26 auto-closed as invalid on 2021/08/23 13:06
android-44 INFO: task hung in tun_chr_close 1 2185d 2185d 0/2 auto-closed as invalid on 2019/02/22 15:23
upstream INFO: task hung in tun_chr_close (2) net 7 1175d 1397d 0/26 auto-closed as invalid on 2021/05/17 11:47

Sample crash report:
FAT-fs (loop4): Directory bread(block 113) failed
FAT-fs (loop4): Directory bread(block 114) failed
FAT-fs (loop4): Directory bread(block 112) failed
FAT-fs (loop4): Directory bread(block 113) failed
FAT-fs (loop4): Directory bread(block 114) failed
INFO: task syz-executor2:8748 blocked for more than 120 seconds.
      Not tainted 4.9.99-gc2f9bce #22
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor2   D27448  8748   8726 0x00000002
 ffff8801d5ef4800 ffff8801cc85f480 ffff8801c8922f40 ffff8801cc94b000
 ffff8801db321b98 ffff8801896b7ae8 ffffffff839e377d ffff8801d5ef50c8
 ffffed003abdea18 ffff8801d5ef4800 00fffc0000000000 ffff8801db322468
Call Trace:
 [<ffffffff839e4d7f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3557
 [<ffffffff839e5703>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3590
 [<ffffffff839e9b86>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
 [<ffffffff839e9b86>] mutex_lock_nested+0x326/0x870 kernel/locking/mutex.c:621
 [<ffffffff830b1837>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
 [<ffffffff82811507>] tun_detach drivers/net/tun.c:584 [inline]
 [<ffffffff82811507>] tun_chr_close+0x37/0x60 drivers/net/tun.c:2390
 [<ffffffff815759f3>] __fput+0x263/0x700 fs/file_table.c:208
 [<ffffffff81575f15>] ____fput+0x15/0x20 fs/file_table.c:244
 [<ffffffff8119603c>] task_work_run+0x10c/0x180 kernel/task_work.c:116
 [<ffffffff8113ec91>] exit_task_work include/linux/task_work.h:21 [inline]
 [<ffffffff8113ec91>] do_exit+0x9e1/0x27c0 kernel/exit.c:837
 [<ffffffff81144d91>] do_group_exit+0x111/0x340 kernel/exit.c:941
 [<ffffffff81144fdd>] SYSC_exit_group kernel/exit.c:952 [inline]
 [<ffffffff81144fdd>] SyS_exit_group+0x1d/0x20 kernel/exit.c:950
 [<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
 [<ffffffff839f4653>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

Showing all locks held in the system:
3 locks held by kworker/1:0/18:
 #0:  ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118ad3e>] work_static include/linux/workqueue.h:186 [inline]
 #0:  ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118ad3e>] set_work_data kernel/workqueue.c:617 [inline]
 #0:  ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118ad3e>] set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0:  ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff8118ad3e>] process_one_work+0x6ee/0x1500 kernel/workqueue.c:2085
 #1:  ((addr_chk_work).work){+.+...}, at: [<ffffffff8118ad78>] process_one_work+0x728/0x1500 kernel/workqueue.c:2089
 #2:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b1837>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
2 locks held by khungtaskd/519:
 #0:  (rcu_read_lock){......}, at: [<ffffffff813646ec>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff813646ec>] watchdog+0x11c/0xa20 kernel/hung_task.c:239
 #1:  (tasklist_lock){.+.+..}, at: [<ffffffff81423bc0>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
1 lock held by rsyslogd/3665:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<ffffffff815d567c>] __fdget_pos+0xac/0xd0 fs/file.c:781
2 locks held by getty/3761:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff839f2822>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+.+.}, at: [<ffffffff8211cc32>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2133
1 lock held by syz-executor2/8748:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b1837>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
2 locks held by syz-executor5/22723:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b1837>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
 #1:  (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff832df74d>] do_ip_vs_set_ctl+0x90d/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2397
1 lock held by syz-executor5/22741:
 #0:  (ipvs->sync_mutex){+.+.+.}, at: [<ffffffff832df485>] do_ip_vs_set_ctl+0x645/0xbd0 net/netfilter/ipvs/ip_vs_ctl.c:2402
1 lock held by syz-executor1/22754:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b635b>] rtnl_lock net/core/rtnetlink.c:70 [inline]
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b635b>] rtnetlink_rcv+0x1b/0x40 net/core/rtnetlink.c:4064
1 lock held by ipvs-b:7:0/22746:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b1837>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
1 lock held by syz-executor7/22774:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b635b>] rtnl_lock net/core/rtnetlink.c:70 [inline]
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b635b>] rtnetlink_rcv+0x1b/0x40 net/core/rtnetlink.c:4064
1 lock held by syz-executor7/22808:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b635b>] rtnl_lock net/core/rtnetlink.c:70 [inline]
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b635b>] rtnetlink_rcv+0x1b/0x40 net/core/rtnetlink.c:4064
2 locks held by syz-executor0/22795:
 #0:  (net_mutex){+.+.+.}, at: [<ffffffff83058fb5>] copy_net_ns+0x155/0x290 net/core/net_namespace.c:406
 #1:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b1837>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
1 lock held by syz-executor0/22819:
 #0:  (net_mutex){+.+.+.}, at: [<ffffffff83058fb5>] copy_net_ns+0x155/0x290 net/core/net_namespace.c:406
1 lock held by syz-executor3/22797:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b1837>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
1 lock held by syz-executor3/22816:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b1837>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
1 lock held by syz-executor3/22818:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b1837>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
1 lock held by syz-executor3/22820:
 #0:  (rtnl_mutex){+.+.+.}, at: [<ffffffff830b1837>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 519 Comm: khungtaskd Not tainted 4.9.99-gc2f9bce #22
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d863fd08 ffffffff81eb0f09 0000000000000000 0000000000000001
 0000000000000001 0000000000000001 ffffffff810b7da0 ffff8801d863fd40
 ffffffff81ebc207 0000000000000001 0000000000000000 0000000000000003
Call Trace:
 [<ffffffff81eb0f09>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81eb0f09>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81ebc207>] nmi_cpu_backtrace.cold.2+0x48/0x87 lib/nmi_backtrace.c:99
 [<ffffffff81ebc19a>] nmi_trigger_cpumask_backtrace+0x12a/0x14f lib/nmi_backtrace.c:60
 [<ffffffff810b7ea4>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff81364c84>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff81364c84>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff81364c84>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff81364c84>] watchdog+0x6b4/0xa20 kernel/hung_task.c:239
 [<ffffffff8119ad5d>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff839f481c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at pc 0xffffffff839f3286

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/05/12 23:59 https://android.googlesource.com/kernel/common android-4.9 c2f9bce9fee8 e726f42b .config console log report ci-android-49-kasan-gce-root
* Struck through repros no longer work on HEAD.