syzbot


INFO: task hung in i2c_transfer

Status: auto-closed as invalid on 2021/09/16 19:15
Subsystems: i2c
[Documentation on labels]
First crash: 1013d, last: 1013d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in i2c_transfer (3) i2c 9 341d 554d 0/26 auto-obsoleted due to no activity on 2023/07/20 22:15
upstream INFO: task hung in i2c_transfer (2) i2c 1 716d 716d 0/26 auto-closed as invalid on 2022/07/11 10:46

Sample crash report:
INFO: task syz-executor.1:4716 blocked for more than 430 seconds.
      Not tainted 5.12.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1  state:D stack:    0 pid: 4716 ppid:  3300 flags:0x00000001
Backtrace: 
[<8181f408>] (__schedule) from [<8182012c>] (schedule+0x5c/0x108 kernel/sched/core.c:5152)
 r10:ffffe000 r9:818254b8 r8:00000000 r7:00000002 r6:83539db0 r5:83538000
 r4:86c64100
[<818200d0>] (schedule) from [<818254cc>] (__rt_mutex_slowlock+0x68/0x114 kernel/locking/rtmutex.c:1176)
 r5:835ce854 r4:83538000
[<81825464>] (__rt_mutex_slowlock) from [<8182565c>] (rt_mutex_slowlock.constprop.0+0xe4/0x21c kernel/locking/rtmutex.c:1246)
 r10:83538000 r9:40000013 r8:83539db0 r7:00000000 r6:835ce854 r5:00000002
 r4:00000000 r3:83539db0
[<81825578>] (rt_mutex_slowlock.constprop.0) from [<81825888>] (rt_mutex_fastlock kernel/locking/rtmutex.c:1394 [inline])
[<81825578>] (rt_mutex_slowlock.constprop.0) from [<81825888>] (__rt_mutex_lock kernel/locking/rtmutex.c:1452 [inline])
[<81825578>] (rt_mutex_slowlock.constprop.0) from [<81825888>] (rt_mutex_lock_nested+0x64/0x6c kernel/locking/rtmutex.c:1464)
 r10:80f3c24c r9:83539f78 r8:8659a400 r7:00000000 r6:80f35a58 r5:00000000
 r4:835ce854
[<81825824>] (rt_mutex_lock_nested) from [<80f35a58>] (i2c_adapter_lock_bus+0x60/0xa4 drivers/i2c/i2c-core-base.c:780)
 r7:20000080 r6:83539e90 r5:835ce854 r4:00000000
[<80f359f8>] (i2c_adapter_lock_bus) from [<80f36df8>] (i2c_lock_bus include/linux/i2c.h:765 [inline])
[<80f359f8>] (i2c_adapter_lock_bus) from [<80f36df8>] (__i2c_lock_bus_helper drivers/i2c/i2c-core.h:44 [inline])
[<80f359f8>] (i2c_adapter_lock_bus) from [<80f36df8>] (i2c_transfer+0x94/0x134 drivers/i2c/i2c-core-base.c:2108)
 r5:00000001 r4:835ce840
[<80f36d64>] (i2c_transfer) from [<80f36ef0>] (i2c_transfer_buffer_flags+0x58/0x8c drivers/i2c/i2c-core-base.c:2140)
 r6:869a2a00 r5:86c19d00 r4:0000007c
[<80f36e98>] (i2c_transfer_buffer_flags) from [<80f3c29c>] (i2c_master_recv include/linux/i2c.h:75 [inline])
[<80f36e98>] (i2c_transfer_buffer_flags) from [<80f3c29c>] (i2cdev_read+0x50/0x108 drivers/i2c/i2c-dev.c:151)
 r4:0000007c
[<80f3c24c>] (i2cdev_read) from [<804da5ac>] (vfs_read+0xbc/0x33c fs/read_write.c:494)
 r9:83539f78 r8:20000080 r7:ffffe000 r6:869a2a00 r5:00000000 r4:0000007c
[<804da4f0>] (vfs_read) from [<804daeac>] (ksys_pread64 fs/read_write.c:686 [inline])
[<804da4f0>] (vfs_read) from [<804daeac>] (__do_sys_pread64 fs/read_write.c:696 [inline])
[<804da4f0>] (vfs_read) from [<804daeac>] (sys_pread64+0xa0/0xd0 fs/read_write.c:693)
 r10:000000b4 r9:83538000 r8:80200224 r7:0000007c r6:869a2a00 r5:20000080
 r4:869a2a01
[<804dae0c>] (sys_pread64) from [<80200060>] (ret_fast_syscall+0x0/0x2c arch/arm/mm/proc-v7.S:64)
Exception stack(0x83539fa8 to 0x83539ff0)
9fa0:                   00000000 00000000 00000003 20000080 0000007c 00000009
9fc0: 00000000 00000000 00000000 000000b4 7ebbe33a 76f8f6d0 7ebbe4ac 76f8f20c
9fe0: 76f8f048 76f8f038 00018d58 0004b620
 r7:000000b4 r6:00000000 r5:00000000 r4:00000000

Showing all locks held in the system:
1 lock held by khungtaskd/875:
 #0: 82b09c5c (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x34/0x1dc kernel/locking/lockdep.c:6329
2 locks held by syslogd/3052:
2 locks held by getty/3228:
 #0: 85675854 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x38/0x3c drivers/tty/tty_ldsem.c:340
 #1: e4570290 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x4a4/0x56c drivers/tty/n_tty.c:2178
1 lock held by syz-executor.1/4714:
1 lock held by syz-executor.1/4716:
 #0: 835ce898 (i2c_register_adapter){+.+.}-{0:0}, at: i2c_adapter_lock_bus+0x60/0xa4 drivers/i2c/i2c-core-base.c:780
1 lock held by syz-executor.1/4724:
 #0: 835ce898 (i2c_register_adapter){+.+.}-{0:0}, at: i2c_adapter_lock_bus+0x60/0xa4 drivers/i2c/i2c-core-base.c:780

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 875 Comm: khungtaskd Not tainted 5.12.0-rc3-syzkaller #0
Hardware name: ARM-Versatile Express
Backtrace: 
[<81802550>] (dump_backtrace) from [<818027c4>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:252)
 r7:00000000 r6:60070013 r5:00000000 r4:82b58344
[<818027ac>] (show_stack) from [<81809e98>] (__dump_stack lib/dump_stack.c:79 [inline])
[<818027ac>] (show_stack) from [<81809e98>] (dump_stack+0xb8/0xe8 lib/dump_stack.c:120)
[<81809de0>] (dump_stack) from [<80876540>] (nmi_cpu_backtrace+0xfc/0x160 lib/nmi_backtrace.c:105)
 r7:00000000 r6:80210934 r5:00000000 r4:00000000
[<80876444>] (nmi_cpu_backtrace) from [<808766e0>] (nmi_trigger_cpumask_backtrace+0x13c/0x224 lib/nmi_backtrace.c:62)
 r5:82a22c1c r4:00000000
[<808765a4>] (nmi_trigger_cpumask_backtrace) from [<80211dec>] (arch_trigger_cpumask_backtrace+0x18/0x1c arch/arm/kernel/smp.c:857)
 r9:82a225d8 r8:82a06d00 r7:00007f75 r6:82a30690 r5:00015d00 r4:82bfd475
[<80211dd4>] (arch_trigger_cpumask_backtrace) from [<8036625c>] (trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline])
[<80211dd4>] (arch_trigger_cpumask_backtrace) from [<8036625c>] (check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline])
[<80211dd4>] (arch_trigger_cpumask_backtrace) from [<8036625c>] (watchdog+0x6d0/0x88c kernel/hung_task.c:294)
[<80365b8c>] (watchdog) from [<80271d20>] (kthread+0x184/0x1a4 kernel/kthread.c:292)
 r10:834dfe2c r9:00000000 r8:80365b8c r7:00000000 r6:8376a000 r5:8371d900
 r4:834b7c80
[<80271b9c>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:158)
Exception stack(0x8376bfb0 to 0x8376bff8)
bfa0:                                     00000000 00000000 00000000 00000000
bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
bfe0: 00000000 00000000 00000000 00000000 00000013 00000000
 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:80271b9c
 r4:8371d900
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 3265 Comm: syz-fuzzer Not tainted 5.12.0-rc3-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at pagevec_lru_move_fn+0x0/0x25c mm/swap.c:205
LR is at lru_add_drain_cpu+0x1c8/0x2d4 mm/swap.c:629
pc : [<8043143c>]    lr : [<80435eb4>]    psr: 20000013
sp : 86757d10  ip : 86757d58  fp : 86757d54
r10: 106ee000  r9 : 106ee000  r8 : ffffe000
r7 : 83278fe8  r6 : 00000001  r5 : 82a22928  r4 : ddfe0ab0
r3 : 5b734000  r2 : 00000002  r1 : 80432e28  r0 : ddfe0a18
Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 86467d40  DAC: 00000000
CPU: 1 PID: 3265 Comm: syz-fuzzer Not tainted 5.12.0-rc3-syzkaller #0
Hardware name: ARM-Versatile Express
Backtrace: 
[<81802550>] (dump_backtrace) from [<818027c4>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:252)
 r7:00000080 r6:60000193 r5:00000000 r4:82b58344
[<818027ac>] (show_stack) from [<81809e98>] (__dump_stack lib/dump_stack.c:79 [inline])
[<818027ac>] (show_stack) from [<81809e98>] (dump_stack+0xb8/0xe8 lib/dump_stack.c:120)
[<81809de0>] (dump_stack) from [<802096bc>] (show_regs+0x14/0x18 arch/arm/kernel/process.c:191)
 r7:8340cd80 r6:00000001 r5:86757cc0 r4:00000001
[<802096a8>] (show_regs) from [<80876528>] (nmi_cpu_backtrace+0xe4/0x160 lib/nmi_backtrace.c:103)
[<80876444>] (nmi_cpu_backtrace) from [<80210e34>] (do_handle_IPI+0x4c/0x440 arch/arm/kernel/smp.c:672)
 r5:00000017 r4:00000007
[<80210de8>] (do_handle_IPI) from [<80211248>] (ipi_handler+0x20/0x28 arch/arm/kernel/smp.c:700)
 r9:86757cc0 r8:86757c28 r7:8340cd80 r6:82a22c34 r5:00000017 r4:8348a600
[<80211228>] (ipi_handler) from [<802df904>] (handle_percpu_devid_irq+0xa4/0x19c kernel/irq/chip.c:930)
[<802df860>] (handle_percpu_devid_irq) from [<802d8730>] (generic_handle_irq_desc include/linux/irqdesc.h:158 [inline])
[<802df860>] (handle_percpu_devid_irq) from [<802d8730>] (generic_handle_irq kernel/irq/irqdesc.c:652 [inline])
[<802df860>] (handle_percpu_devid_irq) from [<802d8730>] (__handle_domain_irq+0xb0/0x120 kernel/irq/irqdesc.c:689)
 r10:86757c58 r9:86757cc0 r8:00000001 r7:00000000 r6:828ad498 r5:00000000
 r4:828ad498 r3:00010001
[<802d8680>] (__handle_domain_irq) from [<8088af70>] (handle_domain_irq include/linux/irqdesc.h:176 [inline])
[<802d8680>] (__handle_domain_irq) from [<8088af70>] (gic_handle_irq+0x84/0xac drivers/irqchip/irq-gic.c:370)
 r10:106ee000 r9:40000193 r8:e000200c r7:828ad4bc r6:e0002000 r5:86757cc0
 r4:82a22c34
[<8088aeec>] (gic_handle_irq) from [<80200abc>] (__irq_svc+0x5c/0x94 arch/arm/kernel/entry-armv.S:205)
Exception stack(0x86757cc0 to 0x86757d08)
7cc0: ddfe0a18 80432e28 00000002 5b734000 ddfe0ab0 82a22928 00000001 83278fe8
7ce0: ffffe000 106ee000 106ee000 86757d54 86757d58 86757d10 80435eb4 8043143c
7d00: 20000013 ffffffff
 r9:86756000 r8:ffffe000 r7:86757cf4 r6:ffffffff r5:20000013 r4:8043143c
[<80435cec>] (lru_add_drain_cpu) from [<8043605c>] (lru_add_drain+0x9c/0x1c0 mm/swap.c:710)
 r10:106ee000 r9:106ee000 r8:ffffe000 r7:83278fe8 r6:82a22928 r5:ddfe0940
 r4:828ac940
[<80435fc0>] (lru_add_drain) from [<80498dc8>] (madvise_free_single_vma+0x84/0x2fc mm/madvise.c:726)
 r8:80200224 r7:000000dc r6:86757e2c r5:835d3180 r4:857f8478
[<80498d44>] (madvise_free_single_vma) from [<804992f0>] (madvise_dontneed_free mm/madvise.c:820 [inline])
[<80498d44>] (madvise_free_single_vma) from [<804992f0>] (madvise_vma mm/madvise.c:937 [inline])
[<80498d44>] (madvise_free_single_vma) from [<804992f0>] (do_madvise.part.0+0x2b0/0xebc mm/madvise.c:1133)
 r8:80200224 r7:000000dc r6:106ee000 r5:106ec000 r4:857f8478
[<80499040>] (do_madvise.part.0) from [<8049a3bc>] (do_madvise mm/madvise.c:1159 [inline])
[<80499040>] (do_madvise.part.0) from [<8049a3bc>] (__do_sys_madvise mm/madvise.c:1159 [inline])
[<80499040>] (do_madvise.part.0) from [<8049a3bc>] (sys_madvise+0x58/0x64 mm/madvise.c:1157)
 r10:000000dc r9:86756000 r8:80200224 r7:000000dc r6:00000001 r5:00002000
 r4:66c840e8
[<8049a364>] (sys_madvise) from [<80200060>] (ret_fast_syscall+0x0/0x2c arch/arm/mm/proc-v7.S:64)
Exception stack(0x86757fa8 to 0x86757ff0)
7fa0:                   66c840e8 00002000 106ec000 00002000 00000008 00000036
7fc0: 66c840e8 00002000 00000001 000000dc 66c840c0 00000001 02088c40 00000005
7fe0: 66c84080 020aff14 00026d90 0007c0a8

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/06/18 19:10 upstream bf152b0b41dc aba2b2fb .config console log report info ci-qemu2-arm32 INFO: task hung in i2c_transfer
* Struck through repros no longer work on HEAD.