Dear Linux Developer, Recently when using our tool to fuzz kernel, the following crash was triggered: HEAD commit: 64570fbc14f8 Linux 5.15-rc5 git tree: upstream compiler: gcc 8.0.1 console output: https://drive.google.com/file/d/1CZaZY-5qhU8R8Kx9yRxH3uk-Z-4Klr-H/view?usp=share_link kernel config: https://drive.google.com/file/d/1uDOeEYgJDcLiSOrx9W8v2bqZ6uOA_55t/view?usp=share_link Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: Wei Chen <harperchen1110@xxxxxxxxx> INFO: task syz-executor.0:21121 blocked for more than 143 seconds. Not tainted 5.15.0-rc5 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:13736 pid:21121 ppid: 20431 flags:0x00004004 Call Trace: __schedule+0x4a1/0x1720 schedule+0x36/0xe0 schedule_preempt_disabled+0xf/0x20 __mutex_lock+0x67a/0x9a0 ppp_ioctl+0x1247/0x1ee0 __x64_sys_ioctl+0xe8/0x140 do_syscall_64+0x34/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4692c9 RSP: 002b:00007f36d6808c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004692c9 RDX: 0000000020000040 RSI: 00000000c004743e RDI: 0000000000000004 RBP: 000000000119bfb0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bfac R13: 0000000000000000 R14: 000000000119bfa0 R15: 00007ffeb87bf8c0 Showing all locks held in the system: 1 lock held by khungtaskd/29: #0: ffffffff8641dee0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x15/0x17a 1 lock held by in:imklog/6162: #0: ffff88800f6a1af0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x92/0xa0 3 locks held by kworker/1:8/7427: #0: ffff8881070edb38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x327/0x9f0 #1: ffffc90005197e68 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x327/0x9f0 #2: ffffffff86897be8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 5 locks held by kworker/u4:4/2032: #0: ffff888100046938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x327/0x9f0 #1: ffffc900050cfe68 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x327/0x9f0 #2: ffffffff86893750 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x4f/0x540 #3: ffffffff86897be8 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0x81/0x1d0 #4: ffffffff864205b0 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x2b/0x280 3 locks held by kworker/0:54/20464: #0: ffff888009856738 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x327/0x9f0 #1: ffffc9000177be68 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x327/0x9f0 #2: ffffffff86897be8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xb/0x40 3 locks held by kworker/0:55/20465: #0: ffff888009856f38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x327/0x9f0 #1: ffffc9000178be68 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x327/0x9f0 #2: ffffffff86897be8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x37/0x7f0 3 locks held by kworker/0:144/20554: #0: ffff888009856738 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x327/0x9f0 #1: ffffc90002a73e68 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x327/0x9f0 #2: ffffffff86897be8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 2 locks held by syz-executor.0/21121: #0: ffffffff866c6ec8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x3c/0x1ee0 #1: ffffffff86897be8 (rtnl_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x1247/0x1ee0 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 29 Comm: khungtaskd Not tainted 5.15.0-rc5 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack_lvl+0xcd/0x134 nmi_cpu_backtrace.cold.8+0xf3/0x118 nmi_trigger_cpumask_backtrace+0x18f/0x1c0 watchdog+0x9a0/0xb10 kthread+0x1a6/0x1e0 ret_from_fork+0x1f/0x30 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 2988 Comm: systemd-journal Not tainted 5.15.0-rc5 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-48-gd9c812dda519-prebuilt.qemu.org 04/01/2014 RIP: 0033:0x7f9ecd0d80f4 Code: c0 0f 84 df 00 00 00 49 8d 2c 08 48 3b 6f 60 48 89 fb 77 42 8d 7e ff 48 8d 43 30 83 ff 07 bf 00 00 00 00 0f 43 f7 48 83 ec 08 <48> 8b bb 48 01 00 00 41 51 49 89 c9 50 89 f1 41 50 44 0f b6 c2 8b RSP: 002b:00007ffc82797cd8 EFLAGS: 00000216 RAX: 000056106a359cd0 RBX: 000056106a359ca0 RCX: 000000000024cc20 RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 RBP: 00000000002591a8 R08: 000000000000c588 R09: 00007ffc82797d20 R10: 00000000000a43ba R11: 00007f9ec8b7d760 R12: 0000000000000001 R13: 00007ffc82797d98 R14: 0000000000000006 R15: 00007ffc82797d20 FS: 00007f9ecd3e98c0 GS: 0000000000000000 Best, Wei
