syzbot


INFO: task hung in cleanup_net (2)

Status: auto-closed as invalid on 2020/03/23 02:35
Reported-by: syzbot+3dfa0dfe30f65ae5adc3@syzkaller.appspotmail.com
First crash: 1608d, last: 1608d
Similar bugs (11)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in cleanup_net (2) net 2 1820d 1821d 0/26 closed as invalid on 2019/05/08 13:05
android-44 INFO: task hung in cleanup_net 10 1774d 1816d 0/2 auto-closed as invalid on 2019/10/25 08:38
upstream INFO: task hung in cleanup_net net 1 2325d 2313d 3/26 fixed on 2018/01/03 02:35
linux-4.19 INFO: task hung in cleanup_net 1 1439d 1439d 0/1 auto-closed as invalid on 2020/09/08 00:00
linux-4.14 INFO: task hung in cleanup_net C inconclusive 23 827d 1833d 0/1 upstream: reported C repro on 2019/04/13 10:16
upstream INFO: task hung in cleanup_net (3) net 1 1755d 1754d 0/26 auto-closed as invalid on 2019/10/25 14:21
android-49 INFO: task hung in cleanup_net 4 1824d 1832d 0/3 auto-closed as invalid on 2019/10/18 21:44
upstream INFO: task hung in cleanup_net (4) net 2 1338d 1343d 0/26 auto-closed as invalid on 2020/11/17 15:39
android-414 INFO: task hung in cleanup_net C 45 1692d 1835d 0/1 public: reported C repro on 2019/04/11 00:00
upstream INFO: task hung in cleanup_net (6) net 1 292d 292d 0/26 auto-obsoleted due to no activity on 2023/09/30 00:07
upstream INFO: task hung in cleanup_net (5) net 3 1065d 1111d 0/26 auto-closed as invalid on 2021/09/03 11:33

Sample crash report:
lowmemorykiller: Killing 'syz-executor.4' (26169) (tgid 26160), adj 1000,
   to free 51436kB on behalf of 'getty' (26093) because
   cache 252kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13160kB above reserved
INFO: task kworker/u4:4:2111 blocked for more than 140 seconds.
      Not tainted 4.9.141+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:4    D25720  2111      2 0x80000000
Workqueue: netns cleanup_net
 ffff8801d7868000 ffff88019a1ea100 ffff88019a1ea100 ffff8801853a4740
 ffff8801db621018 ffff8801d25c79c8 ffffffff828075c2 0000000000000002
 ffff8801d78688b0 ffffed003af0d115 00ff8801d7868000 ffff8801db6218f0
lowmemorykiller: Killing 'syz-executor.4' (26169) (tgid 26160), adj 1000,
   to free 51436kB on behalf of 'getty' (26094) because
   cache 252kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13160kB above reserved
Call Trace:
 [<ffffffff82808aef>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
 [<ffffffff828094a3>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3586
 [<ffffffff8280b51d>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
 [<ffffffff8280b51d>] mutex_lock_nested+0x38d/0x900 kernel/locking/mutex.c:621
 [<ffffffff822e681f>] cleanup_net+0x13f/0x8b0 net/core/net_namespace.c:439
lowmemorykiller: Killing 'syz-executor.4' (26169) (tgid 26160), adj 1000,
   to free 51436kB on behalf of 'syz-fuzzer' (2045) because
   cache 252kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13160kB above reserved
 [<ffffffff81131001>] process_one_work+0x831/0x15f0 kernel/workqueue.c:2092
 [<ffffffff81131e96>] worker_thread+0xd6/0x1140 kernel/workqueue.c:2226
 [<ffffffff81142c3d>] kthread+0x26d/0x300 kernel/kthread.c:211
lowmemorykiller: Killing 'syz-executor.4' (26169) (tgid 26160), adj 1000,
   to free 51436kB on behalf of 'cron' (1951) because
   cache 252kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13284kB above reserved
 [<ffffffff82817a5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373

Showing all locks held in the system:
2 locks held by khungtaskd/24:
 #0:  (rcu_read_lock){......}, at: [<ffffffff8131c0cc>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff8131c0cc>] watchdog+0x11c/0xa20 kernel/hung_task.c:239
 #1:  (tasklist_lock){.+.?..}, at: [<ffffffff813fe63f>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/2028:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff82815952>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+.+.}, at: [<ffffffff81d37362>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
3 locks held by kworker/u4:4/2111:
 #0:  ("%s""netns"){.+.+.+}, at: [<ffffffff81130f0c>] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
 #1:  (net_cleanup_work){+.+.+.}, at: [<ffffffff81130f44>] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
 #2:  (net_mutex){+.+.+.}, at: [<ffffffff822e681f>] cleanup_net+0x13f/0x8b0 net/core/net_namespace.c:439
3 locks held by kworker/0:7/20100:
 #0:  ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff81130f0c>] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
 #1:  ((addr_chk_work).work){+.+...}, at: [<ffffffff81130f44>] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
 #2:  (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70

=============================================

lowmemorykiller: Killing 'syz-executor.4' (26169) (tgid 26160), adj 1000,
   to free 51436kB on behalf of 'rs:main Q:Reg' (1897) because
   cache 252kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13284kB above reserved
lowmemorykiller: Killing 'syz-executor.4' (26169) (tgid 26160), adj 1000,
   to free 51436kB on behalf of 'getty' (26097) because
   cache 252kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13284kB above reserved
NMI backtrace for cpu 1
CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1
 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001
 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40
 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000002
Call Trace:
 [<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81b4df89>] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99
 [<ffffffff81b4df1c>] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60
 [<ffffffff810984b4>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff8131c65d>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff8131c65d>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff8131c65d>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff8131c65d>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
 [<ffffffff81142c3d>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff82817a5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 2094 Comm: syz-executor.4 Not tainted 4.9.141+ #1
task: ffff8801ced12f80 task.stack: ffff8801a7ee8000
RIP: 0010:[<ffffffff8131ba60>] c [<ffffffff8131ba60>] __sanitizer_cov_trace_pc+0x0/0x50 kernel/kcov.c:93
RSP: 0000:ffff8801a7eef368  EFLAGS: 00000246
RAX: 0000000000000007 RBX: ffff88010b4a97c0 RCX: 00000000000003e8
RDX: 0000000000000000 RSI: ffffffff821effa3 RDI: ffff88010b4a97e4
RBP: ffff8801a7eef410 R08: ffff8801ced138f0 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
R13: ffff88010b4a9bd8 R14: ffff88019d6397c0 R15: 0000000000000600
FS:  0000000001da4940(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000403200 CR3: 00000001a7eda000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Stack:
 ffffffff821effd7c ffffffff821efedec 0000000000000000c 0000000000000000c
 0000000000000246c ffff8801ced12f80c ffffffff830cc2e0c ffff8801a7eef4e8c
 fffffbfff0601200c 00003237a7eef3d8c ffff88019d639f80c 0000000003e80080c
Call Trace:
 [<ffffffff81449cc6>] do_shrink_slab mm/vmscan.c:398 [inline]
 [<ffffffff81449cc6>] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501
 [<ffffffff814557fd>] shrink_slab mm/vmscan.c:465 [inline]
 [<ffffffff814557fd>] shrink_node+0x1ed/0x740 mm/vmscan.c:2602
 [<ffffffff814560c7>] shrink_zones mm/vmscan.c:2749 [inline]
 [<ffffffff814560c7>] do_try_to_free_pages mm/vmscan.c:2791 [inline]
 [<ffffffff814560c7>] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002
 [<ffffffff81428a01>] __perform_reclaim mm/page_alloc.c:3324 [inline]
 [<ffffffff81428a01>] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline]
 [<ffffffff81428a01>] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline]
 [<ffffffff81428a01>] __alloc_pages_nodemask+0x981/0x1bd0 mm/page_alloc.c:3862
 [<ffffffff8143564a>] __alloc_pages include/linux/gfp.h:433 [inline]
 [<ffffffff8143564a>] __alloc_pages_node include/linux/gfp.h:446 [inline]
 [<ffffffff8143564a>] alloc_pages_node include/linux/gfp.h:460 [inline]
 [<ffffffff8143564a>] __page_cache_alloc include/linux/pagemap.h:208 [inline]
 [<ffffffff8143564a>] __do_page_cache_readahead+0x21a/0x8b0 mm/readahead.c:183
 [<ffffffff81415534>] ra_submit mm/internal.h:59 [inline]
 [<ffffffff81415534>] do_sync_mmap_readahead mm/filemap.c:2066 [inline]
 [<ffffffff81415534>] filemap_fault+0x924/0x1110 mm/filemap.c:2143
 [<ffffffff816e7721>] ext4_filemap_fault+0x71/0xa0 fs/ext4/inode.c:5853
 [<ffffffff81492ef3>] __do_fault+0x223/0x500 mm/memory.c:2833
 [<ffffffff814a3696>] do_read_fault mm/memory.c:3180 [inline]
 [<ffffffff814a3696>] do_fault mm/memory.c:3315 [inline]
 [<ffffffff814a3696>] handle_pte_fault mm/memory.c:3516 [inline]
 [<ffffffff814a3696>] __handle_mm_fault mm/memory.c:3603 [inline]
 [<ffffffff814a3696>] handle_mm_fault+0x1326/0x2350 mm/memory.c:3640
 [<ffffffff810b2b33>] __do_page_fault+0x403/0xa60 arch/x86/mm/fault.c:1406
 [<ffffffff810b31e7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff828188b5>] page_fault+0x25/0x30 arch/x86/entry/entry_64.S:951
Code: ce8 c26 c76 c1d c00 c48 c8b c75 cc8 ce9 cc3 cfe cff cff c4c c89 cff ce8 c15 c76 c1d c00 ce9 c9e cfe cff cff c4c c89 ce7 ce8 c08 c76 c1d c00 ce9 c23 cfe cff cff c0f c1f c00 c<55> c48 c89 ce5 c48 c8b c75 c08 c65 c48 c8b c04 c25 c00 c7e c01 c00 c65 c8b c15 c18 c
lowmemorykiller: Killing 'syz-executor.4' (26169) (tgid 26160), adj 1000,
   to free 51436kB on behalf of 'rsyslogd' (1899) because
   cache 252kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13284kB above reserved
lowmemorykiller: Killing 'syz-executor.4' (26169) (tgid 26160), adj 1000,
   to free 51436kB on behalf of 'syz-fuzzer' (2061) because
   cache 252kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13284kB above reserved
lowmemorykiller: Killing 'syz-executor.4' (26169) (tgid 26160), adj 1000,
   to free 51436kB on behalf of 'getty' (26094) because
   cache 252kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13408kB above reserved
lowmemorykiller: Killing 'syz-executor.4' (26169) (tgid 26160), adj 1000,
   to free 51436kB on behalf of 'getty' (26097) because
   cache 252kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13408kB above reserved
lowmemorykiller: Killing 'syz-executor.4' (26169) (tgid 26160), adj 1000,
   to free 51436kB on behalf of 'rsyslogd' (1899) because
   cache 256kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13408kB above reserved
lowmemorykiller: Killing 'syz-executor.4' (26169) (tgid 26160), adj 1000,
   to free 51436kB on behalf of 'udevd' (593) because
   cache 256kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13408kB above reserved
lowmemorykiller: Killing 'syz-executor.4' (26169) (tgid 26160), adj 1000,
   to free 51436kB on behalf of 'init' (1) because
   cache 256kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13408kB above reserved
lowmemorykiller: Killing 'syz-executor.4' (26169) (tgid 26160), adj 1000,
   to free 51436kB on behalf of 'rsyslogd' (1899) because
   cache 256kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13408kB above reserved

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/11/24 02:34 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 598ca6c8 .config console log report ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.