| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <689c348c.050a0220.7f033.0141.GAE@google.com>
Date: Tue, 12 Aug 2025 23:45:32 -0700
From: syzbot <syzbot+6d10ecc8a97cc10639f9@...kaller.appspotmail.com>
To: andrew+netdev@...n.ch, davem@...emloft.net, edumazet@...gle.com,
hdanton@...a.com, kuba@...nel.org, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org, pabeni@...hat.com, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [net?] INFO: task hung in del_device_store
syzbot has found a reproducer for the following issue on:
HEAD commit: 8f5ae30d69d7 Linux 6.17-rc1
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=15704da2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=8c5ac3d8b8abfcb
dashboard link: https://syzkaller.appspot.com/bug?extid=6d10ecc8a97cc10639f9
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12702af0580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15816842580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/18a2e4bd0c4a/disk-8f5ae30d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3b5395881b25/vmlinux-8f5ae30d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e875f4e3b7ff/Image-8f5ae30d.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6d10ecc8a97cc10639f9@...kaller.appspotmail.com
INFO: task syz-executor:6692 blocked for more than 144 seconds.
Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:0 pid:6692 tgid:6692 ppid:1 task_flags:0x400140 flags:0x00000001
Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x13b0/0x2864 kernel/sched/core.c:6961
__schedule_loop kernel/sched/core.c:7043 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:7058
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7115
__mutex_lock_common+0xca0/0x24ac kernel/locking/mutex.c:676
__mutex_lock kernel/locking/mutex.c:760 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:812
del_device_store+0xd4/0x31c drivers/net/netdevsim/bus.c:234
bus_attr_store+0x80/0xa4 drivers/base/bus.c:172
sysfs_kf_write+0x1a8/0x23c fs/sysfs/file.c:145
kernfs_fop_write_iter+0x314/0x488 fs/kernfs/file.c:334
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x540/0xa3c fs/read_write.c:686
ksys_write+0x120/0x210 fs/read_write.c:738
__do_sys_write fs/read_write.c:749 [inline]
__se_sys_write fs/read_write.c:746 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:746
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
INFO: task syz-executor:6698 blocked for more than 144 seconds.
Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:0 pid:6698 tgid:6698 ppid:6696 task_flags:0x400140 flags:0x00800000
Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x13b0/0x2864 kernel/sched/core.c:6961
__schedule_loop kernel/sched/core.c:7043 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:7058
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7115
__mutex_lock_common+0xca0/0x24ac kernel/locking/mutex.c:676
__mutex_lock kernel/locking/mutex.c:760 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:812
device_lock include/linux/device.h:911 [inline]
device_del+0xa4/0x808 drivers/base/core.c:3840
device_unregister+0x2c/0xcc drivers/base/core.c:3919
nsim_bus_dev_del drivers/net/netdevsim/bus.c:483 [inline]
del_device_store+0x27c/0x31c drivers/net/netdevsim/bus.c:244
bus_attr_store+0x80/0xa4 drivers/base/bus.c:172
sysfs_kf_write+0x1a8/0x23c fs/sysfs/file.c:145
kernfs_fop_write_iter+0x314/0x488 fs/kernfs/file.c:334
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x540/0xa3c fs/read_write.c:686
ksys_write+0x120/0x210 fs/read_write.c:738
__do_sys_write fs/read_write.c:749 [inline]
__se_sys_write fs/read_write.c:746 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:746
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
INFO: task syz-executor:6701 blocked for more than 144 seconds.
Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:0 pid:6701 tgid:6701 ppid:6699 task_flags:0x400140 flags:0x00800000
Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x13b0/0x2864 kernel/sched/core.c:6961
__schedule_loop kernel/sched/core.c:7043 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:7058
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7115
__mutex_lock_common+0xca0/0x24ac kernel/locking/mutex.c:676
__mutex_lock kernel/locking/mutex.c:760 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:812
del_device_store+0xd4/0x31c drivers/net/netdevsim/bus.c:234
bus_attr_store+0x80/0xa4 drivers/base/bus.c:172
sysfs_kf_write+0x1a8/0x23c fs/sysfs/file.c:145
kernfs_fop_write_iter+0x314/0x488 fs/kernfs/file.c:334
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x540/0xa3c fs/read_write.c:686
ksys_write+0x120/0x210 fs/read_write.c:738
__do_sys_write fs/read_write.c:749 [inline]
__se_sys_write fs/read_write.c:746 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:746
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
INFO: task syz-executor:6706 blocked for more than 144 seconds.
Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:0 pid:6706 tgid:6706 ppid:6705 task_flags:0x400140 flags:0x00800000
Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x13b0/0x2864 kernel/sched/core.c:6961
__schedule_loop kernel/sched/core.c:7043 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:7058
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7115
__mutex_lock_common+0xca0/0x24ac kernel/locking/mutex.c:676
__mutex_lock kernel/locking/mutex.c:760 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:812
del_device_store+0xd4/0x31c drivers/net/netdevsim/bus.c:234
bus_attr_store+0x80/0xa4 drivers/base/bus.c:172
sysfs_kf_write+0x1a8/0x23c fs/sysfs/file.c:145
kernfs_fop_write_iter+0x314/0x488 fs/kernfs/file.c:334
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x540/0xa3c fs/read_write.c:686
ksys_write+0x120/0x210 fs/read_write.c:738
__do_sys_write fs/read_write.c:749 [inline]
__se_sys_write fs/read_write.c:746 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:746
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
Showing all locks held in the system:
1 lock held by khungtaskd/32:
#0: ffff80008f9a9060 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 include/linux/rcupdate.h:330
3 locks held by kworker/u8:2/41:
3 locks held by pr/ttyAMA-1/43:
2 locks held by kworker/u8:5/1987:
7 locks held by kworker/u8:7/2184:
5 locks held by kworker/u8:8/2656:
5 locks held by kworker/u8:9/4759:
1 lock held by klogd/6155:
3 locks held by udevd/6166:
1 lock held by dhcpcd/6220:
3 locks held by dhcpcd/6221:
2 locks held by getty/6308:
#0: ffff0000d73b90a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
#1: ffff80009bbbb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x34c/0xfa4 drivers/tty/n_tty.c:2222
4 locks held by syz-executor/6692:
#0: ffff0000d802a428 (sb_writers#6){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3107 [inline]
#0: ffff0000d802a428 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x24c/0xa3c fs/read_write.c:682
#1: ffff0000dc4fb888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1b4/0x488 fs/kernfs/file.c:325
#2: ffff0000c6c77e18 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x1d0/0x488 fs/kernfs/file.c:326
#3: ffff800091a98908 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd4/0x31c drivers/net/netdevsim/bus.c:234
5 locks held by kworker/0:4/6694:
5 locks held by syz-executor/6698:
#0: ffff0000d802a428 (sb_writers#6){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3107 [inline]
#0: ffff0000d802a428 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x24c/0xa3c fs/read_write.c:682
#1: ffff0000d9789088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1b4/0x488 fs/kernfs/file.c:325
#2: ffff0000c6c77e18 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x1d0/0x488 fs/kernfs/file.c:326
#3: ffff800091a98908 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd4/0x31c drivers/net/netdevsim/bus.c:234
#4: ffff0000de8af0e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:911 [inline]
#4: ffff0000de8af0e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa4/0x808 drivers/base/core.c:3840
4 locks held by syz-executor/6701:
#0: ffff0000d802a428 (sb_writers#6){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3107 [inline]
#0: ffff0000d802a428 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x24c/0xa3c fs/read_write.c:682
#1: ffff0000c6553088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1b4/0x488 fs/kernfs/file.c:325
#2: ffff0000c6c77e18 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x1d0/0x488 fs/kernfs/file.c:326
#3: ffff800091a98908 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd4/0x31c drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/6706:
#0: ffff0000d802a428 (sb_writers#6){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:3107 [inline]
#0: ffff0000d802a428 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x24c/0xa3c fs/read_write.c:682
#1: ffff0000d7a2c488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1b4/0x488 fs/kernfs/file.c:325
#2: ffff0000c6c77e18 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x1d0/0x488 fs/kernfs/file.c:326
#3: ffff800091a98908 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd4/0x31c drivers/net/netdevsim/bus.c:234
3 locks held by syz-executor/6770:
3 locks held by kworker/u8:12/6772:
2 locks held by syz-executor/6776:
=============================================
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Powered by blists - more mailing lists