From: syzbot <syzbot+2ba2d70f288cf61174e4@syzkaller.appspotmail.com>
To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
pabeni@redhat.com, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [net?] INFO: task hung in linkwatch_event (4)
Date: Thu, 19 Sep 2024 13:29:20 -0700 [thread overview]
Message-ID: <66ec89a0.050a0220.29194.0044.GAE@google.com> (raw)
In-Reply-To: <000000000000aefb4d061e34a346@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: 932d2d1fcb2b Merge tag 'dlm-6.12' of git://git.kernel.org/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=120d6607980000
kernel config: https://syzkaller.appspot.com/x/.config?x=c208b3605ba9ec44
dashboard link: https://syzkaller.appspot.com/bug?extid=2ba2d70f288cf61174e4
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1069b69f980000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-932d2d1f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fbcb7198214b/vmlinux-932d2d1f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/418eaebf4817/bzImage-932d2d1f.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2ba2d70f288cf61174e4@syzkaller.appspotmail.com
INFO: task kworker/u4:3:5245 blocked for more than 143 seconds.
Not tainted 6.11.0-syzkaller-05442-g932d2d1fcb2b #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:3 state:D stack:23120 pid:5245 tgid:5245 ppid:2 flags:0x00004000
Workqueue: events_unbound linkwatch_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5188 [inline]
__schedule+0x1800/0x4a60 kernel/sched/core.c:6529
__schedule_loop kernel/sched/core.c:6606 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6621
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6678
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a4/0xd70 kernel/locking/mutex.c:752
linkwatch_event+0xe/0x60 net/core/link_watch.c:276
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Showing all locks held in the system:
3 locks held by kworker/0:1/9:
#0: ffff88801ac75948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac75948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc900003b7d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc900003b7d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcc4d08 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 net/wireless/reg.c:2480
2 locks held by kworker/u4:0/11:
#0: ffff88801ac79148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac79148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc900003d7d00 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc900003d7d00 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
1 lock held by khungtaskd/25:
#0: ffffffff8e938b60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff8e938b60 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff8e938b60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6701
2 locks held by kworker/u4:10/2886:
2 locks held by dhcpcd/4810:
#0: ffff88801ca91c40 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:700 [inline]
#0: ffff88801ca91c40 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0 mm/memory.c:6015
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3898 [inline]
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3923 [inline]
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xcfb/0x2390 mm/page_alloc.c:4329
1 lock held by dhcpcd/4811:
#0: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3898 [inline]
#0: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3923 [inline]
#0: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xcfb/0x2390 mm/page_alloc.c:4329
2 locks held by getty/4894:
#0: ffff88801dfa10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc9000039b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 drivers/tty/n_tty.c:2211
2 locks held by syz-execprog/5124:
#0: ffff88803fe4bc40 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:700 [inline]
#0: ffff88803fe4bc40 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0 mm/memory.c:6015
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3898 [inline]
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3923 [inline]
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xcfb/0x2390 mm/page_alloc.c:4329
1 lock held by syz-executor/5122:
#0: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3898 [inline]
#0: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3923 [inline]
#0: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xcfb/0x2390 mm/page_alloc.c:4329
3 locks held by kworker/u4:1/5157:
#0: ffff888035d58948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff888035d58948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90002ddfd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90002ddfd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcc4d08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4736
3 locks held by kworker/u4:3/5245:
#0: ffff88801ac79148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac79148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc9000246fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc9000246fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcc4d08 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:276
2 locks held by kworker/u4:5/5250:
#0: ffff88801ac79148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac79148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc9000249fd00 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc9000249fd00 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
2 locks held by kworker/u4:7/5252:
#0: ffff88801fe3e998 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:560
#1: ffff88801fe28948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x441/0x770 kernel/sched/psi.c:989
2 locks held by syz-executor/5732:
#0: ffff888035e21070 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:700 [inline]
#0: ffff888035e21070 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0 mm/memory.c:6015
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3898 [inline]
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3923 [inline]
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xcfb/0x2390 mm/page_alloc.c:4329
2 locks held by udevd/5760:
#0: ffff8880119e8658 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:700 [inline]
#0: ffff8880119e8658 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0 mm/memory.c:6015
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3898 [inline]
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3923 [inline]
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xcfb/0x2390 mm/page_alloc.c:4329
8 locks held by syz-executor/5784:
#0: ffff88801ed72420 (sb_writers#8){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2930 [inline]
#0: ffff88801ed72420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90 fs/read_write.c:679
#1: ffff888046575888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500 fs/kernfs/file.c:325
#2: ffff8880354e4968 (kn->active#59){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f561ca8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890 drivers/net/netdevsim/bus.c:166
#4: ffff8880441160e8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1009 [inline]
#4: ffff8880441160e8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 drivers/base/dd.c:1004
#5: ffff888044110250 (&devlink->lock_key#23){+.+.}-{3:3}, at: nsim_drv_probe+0xcb/0xb80 drivers/net/netdevsim/dev.c:1534
#6: ffffffff8fcc4d08 (rtnl_mutex){+.+.}-{3:3}, at: nsim_init_netdevsim drivers/net/netdevsim/netdev.c:678 [inline]
#6: ffffffff8fcc4d08 (rtnl_mutex){+.+.}-{3:3}, at: nsim_create+0x408/0x890 drivers/net/netdevsim/netdev.c:750
#7: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3898 [inline]
#7: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3923 [inline]
#7: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xcfb/0x2390 mm/page_alloc.c:4329
2 locks held by udevd/5785:
#0: ffff8880122dd148 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:700 [inline]
#0: ffff8880122dd148 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0 mm/memory.c:6015
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3898 [inline]
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3923 [inline]
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xcfb/0x2390 mm/page_alloc.c:4329
2 locks held by udevd/5788:
#0: ffff888011dcd8e0 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:700 [inline]
#0: ffff888011dcd8e0 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0 mm/memory.c:6015
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3898 [inline]
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3923 [inline]
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xcfb/0x2390 mm/page_alloc.c:4329
1 lock held by modprobe/5813:
#0: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3898 [inline]
#0: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3923 [inline]
#0: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xcfb/0x2390 mm/page_alloc.c:4329
2 locks held by modprobe/5814:
#0: ffff88804c225df0 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:700 [inline]
#0: ffff88804c225df0 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0 mm/memory.c:6015
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3898 [inline]
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3923 [inline]
#1: ffffffff8ea300e0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath+0xcfb/0x2390 mm/page_alloc.c:4329
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 25 Comm: khungtaskd Not tainted 6.11.0-syzkaller-05442-g932d2d1fcb2b #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:93 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xff4/0x1040 kernel/hung_task.c:379
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
next prev parent reply other threads:[~2024-09-19 20:29 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-27 6:21 [syzbot] [net?] INFO: task hung in linkwatch_event (4) syzbot
2024-09-19 20:29 ` syzbot [this message]
2024-09-28 14:47 ` syzbot
2024-10-05 14:57 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=66ec89a0.050a0220.29194.0044.GAE@google.com \
--to=syzbot+2ba2d70f288cf61174e4@syzkaller.appspotmail.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.