syzbot


INFO: task hung in smc_pnet_net_init (2)

Status: auto-closed as invalid on 2022/09/26 13:30
Subsystems: net s390
[Documentation on labels]
First crash: 681d, last: 639d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in smc_pnet_net_init (4) net s390 1 163d 163d 0/26 auto-obsoleted due to no activity on 2023/12/17 07:01
upstream INFO: task hung in smc_pnet_net_init net s390 12 783d 929d 0/26 closed as invalid on 2022/02/07 19:09
upstream INFO: task hung in smc_pnet_net_init (3) net s390 2 260d 266d 0/26 closed as invalid on 2023/09/07 14:36

Sample crash report:
INFO: task syz-executor.5:30113 blocked for more than 143 seconds.
      Not tainted 5.18.0-rc7-syzkaller-00006-g210e04ff7681 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.5  state:D stack:27312 pid:30113 ppid:  3643 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5073 [inline]
 __schedule+0xa9a/0x4cc0 kernel/sched/core.c:6388
 schedule+0xd2/0x1f0 kernel/sched/core.c:6460
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6519
 __mutex_lock_common kernel/locking/mutex.c:673 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:733
 smc_pnet_create_pnetids_list net/smc/smc_pnet.c:803 [inline]
 smc_pnet_net_init+0x214/0x460 net/smc/smc_pnet.c:872
 smc_net_init+0x31/0x40 net/smc/af_smc.c:3252
 ops_init+0xaf/0x470 net/core/net_namespace.c:134
 setup_net+0x5d1/0xc50 net/core/net_namespace.c:325
 copy_net_ns+0x318/0x760 net/core/net_namespace.c:471
 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110
 copy_namespaces+0x391/0x450 kernel/nsproxy.c:178
 copy_process+0x2f79/0x6fe0 kernel/fork.c:2237
 kernel_clone+0xe7/0xab0 kernel/fork.c:2639
 __do_sys_clone+0xc8/0x110 kernel/fork.c:2756
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f723a8890e9
RSP: 002b:00007f723ba60118 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007f723a99bf60 RCX: 00007f723a8890e9
RDX: 0000000000000000 RSI: 00000000200002e0 RDI: 0000000044000000
RBP: 00007f723a8e308d R08: 0000000020000440 R09: 0000000020000440
R10: 00000000200003c0 R11: 0000000000000206 R12: 0000000000000000
R13: 00007f723aecfb1f R14: 00007f723ba60300 R15: 0000000000022000
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/28:
 #0: ffffffff8bd820e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6467
2 locks held by getty/3274:
 #0: ffff88814c340098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:244
 #1: ffffc90002ce62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xcea/0x1230 drivers/tty/n_tty.c:2075
3 locks held by kworker/0:4/3671:
 #0: ffff888010c65d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888010c65d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888010c65d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888010c65d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff888010c65d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff888010c65d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
 #1: ffffc9000412fda8 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
 #2: ffffffff8d571b28 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x83/0xe20 net/wireless/reg.c:2457
3 locks held by kworker/0:12/25712:
 #0: ffff88814bef3d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88814bef3d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff88814bef3d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff88814bef3d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff88814bef3d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff88814bef3d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
 #1: ffffc90015207da8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
 #2: ffffffff8d571b28 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xe/0x20 net/ipv6/addrconf.c:4603
3 locks held by kworker/1:7/25772:
 #0: ffff88814bef3d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88814bef3d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff88814bef3d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff88814bef3d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff88814bef3d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff88814bef3d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
 #1: ffffc90015dd7da8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
 #2: ffffffff8d571b28 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xe/0x20 net/ipv6/addrconf.c:4603
3 locks held by kworker/u4:6/28600:
1 lock held by syz-executor.3/30100:
2 locks held by syz-executor.5/30113:
 #0: ffffffff8d55e490 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2f5/0x760 net/core/net_namespace.c:467
 #1: ffffffff8d571b28 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:803 [inline]
 #1: ffffffff8d571b28 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x214/0x460 net/smc/smc_pnet.c:872

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 28 Comm: khungtaskd Not tainted 5.18.0-rc7-syzkaller-00006-g210e04ff7681 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x1e6/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
 watchdog+0xc1d/0xf50 kernel/hung_task.c:369
 kthread+0x2e9/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 28600 Comm: kworker/u4:6 Not tainted 5.18.0-rc7-syzkaller-00006-g210e04ff7681 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4727 [inline]
RIP: 0010:__lock_acquire+0x654/0x56c0 kernel/locking/lockdep.c:4979
Code: ff df 48 c1 e8 03 4c 8b 74 24 28 4c 01 f8 48 89 44 24 60 eb 66 48 8d 04 5b 48 c1 e0 06 48 05 20 ed 06 90 48 8d b8 b8 00 00 00 <48> 89 fa 48 c1 ea 03 42 0f b6 14 3a 84 d2 74 06 0f 8e 7e 2c 00 00
RSP: 0018:ffffc9001432f9b8 EFLAGS: 00000082
RAX: ffffffff900c54e0 RBX: 0000000000000735 RCX: ffffffff815d5092
RDX: fffffbfff200dd3d RSI: 0000000000000008 RDI: ffffffff900c5598
RBP: 0000000000000004 R08: 0000000000000000 R09: ffffffff9006e9e7
R10: fffffbfff200dd3c R11: 0000000000000001 R12: 0000000000000001
R13: ffff88801dd15880 R14: ffff88801dd162e0 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000562b348fa600 CR3: 000000000ba8e000 CR4: 00000000003506f0
Call Trace:
 <TASK>
 lock_acquire kernel/locking/lockdep.c:5641 [inline]
 lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
 _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:178
 spin_lock_bh include/linux/spinlock.h:354 [inline]
 batadv_nc_purge_paths+0xdf/0x3a0 net/batman-adv/network-coding.c:442
 batadv_nc_worker+0x930/0xfa0 net/batman-adv/network-coding.c:722
 process_one_work+0x996/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e9/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	df 48 c1             	fisttps -0x3f(%rax)
   3:	e8 03 4c 8b 74       	callq  0x748b4c0b
   8:	24 28                	and    $0x28,%al
   a:	4c 01 f8             	add    %r15,%rax
   d:	48 89 44 24 60       	mov    %rax,0x60(%rsp)
  12:	eb 66                	jmp    0x7a
  14:	48 8d 04 5b          	lea    (%rbx,%rbx,2),%rax
  18:	48 c1 e0 06          	shl    $0x6,%rax
  1c:	48 05 20 ed 06 90    	add    $0xffffffff9006ed20,%rax
  22:	48 8d b8 b8 00 00 00 	lea    0xb8(%rax),%rdi
* 29:	48 89 fa             	mov    %rdi,%rdx <-- trapping instruction
  2c:	48 c1 ea 03          	shr    $0x3,%rdx
  30:	42 0f b6 14 3a       	movzbl (%rdx,%r15,1),%edx
  35:	84 d2                	test   %dl,%dl
  37:	74 06                	je     0x3f
  39:	0f 8e 7e 2c 00 00    	jle    0x2cbd

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/05/18 01:58 upstream 210e04ff7681 744a39e2 .config console log report info ci-upstream-kasan-gce INFO: task hung in smc_pnet_net_init
2022/06/28 13:29 net-old 3b0dc529f56b ef82eb2c .config console log report info ci-upstream-net-this-kasan-gce INFO: task hung in smc_pnet_net_init
* Struck through repros no longer work on HEAD.