Re: [syzbot] [net?] INFO: task hung in switchdev_deferred_process_work (3)

From: syzbot
Date: Sun Oct 06 2024 - 17:38:40 EST


syzbot has found a reproducer for the following issue on:

HEAD commit: 8f602276d390 Merge tag 'bcachefs-2024-10-05' of git://evil..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14199b80580000
kernel config: https://syzkaller.appspot.com/x/.config?x=ba92623fdea824c9
dashboard link: https://syzkaller.appspot.com/bug?extid=d6bbe0f5705cb8a5aa2b
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10ea8327980000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/147c6aceaf24/disk-8f602276.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a61d9ce38120/vmlinux-8f602276.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4ffc70f580e6/bzImage-8f602276.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d6bbe0f5705cb8a5aa2b@xxxxxxxxxxxxxxxxxxxxxxxxx

INFO: task kworker/0:0:8 blocked for more than 150 seconds.
Not tainted 6.12.0-rc1-syzkaller-00349-g8f602276d390 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:0 state:D stack:21392 pid:8 tgid:8 ppid:2 flags:0x00004000
Workqueue: events switchdev_deferred_process_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x1895/0x4b30 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752
switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/u8:0:11 blocked for more than 154 seconds.
Not tainted 6.12.0-rc1-syzkaller-00349-g8f602276d390 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:0 state:D stack:17144 pid:11 tgid:11 ppid:2 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x1895/0x4b30 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752
addrconf_dad_work+0xd0/0x16f0 net/ipv6/addrconf.c:4196
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/u8:5:928 blocked for more than 155 seconds.
Not tainted 6.12.0-rc1-syzkaller-00349-g8f602276d390 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:5 state:D stack:22352 pid:928 tgid:928 ppid:2 flags:0x00004000
Workqueue: events_unbound linkwatch_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x1895/0x4b30 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752
linkwatch_event+0xe/0x60 net/core/link_watch.c:276
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task syz-executor:5329 blocked for more than 156 seconds.
Not tainted 6.12.0-rc1-syzkaller-00349-g8f602276d390 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:21728 pid:5329 tgid:5329 ppid:5324 flags:0x00004002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x1895/0x4b30 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752
nsim_destroy+0x71/0x5c0 drivers/net/netdevsim/netdev.c:773
__nsim_dev_port_del+0x14b/0x1b0 drivers/net/netdevsim/dev.c:1425
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1437 [inline]
nsim_dev_reload_destroy+0x28a/0x490 drivers/net/netdevsim/dev.c:1658
nsim_drv_remove+0x58/0x160 drivers/net/netdevsim/dev.c:1673
device_remove drivers/base/dd.c:567 [inline]
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x4a9/0x7c0 drivers/base/dd.c:1296
bus_remove_device+0x34f/0x420 drivers/base/bus.c:576
device_del+0x57a/0x9b0 drivers/base/core.c:3864
device_unregister+0x20/0xc0 drivers/base/core.c:3905
nsim_bus_dev_del drivers/net/netdevsim/bus.c:462 [inline]
del_device_store+0x363/0x480 drivers/net/netdevsim/bus.c:226
kernfs_fop_write_iter+0x3a0/0x500 fs/kernfs/file.c:334
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0xa6d/0xc90 fs/read_write.c:683
ksys_write+0x183/0x2b0 fs/read_write.c:736
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdc0217cadf
RSP: 002b:00007fdc0245f220 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fdc0217cadf
RDX: 0000000000000001 RSI: 00007fdc0245f270 RDI: 0000000000000005
RBP: 00007fdc021f13ae R08: 0000000000000000 R09: 00007fdc0245f077
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 00007fdc0245f270 R14: 00007fdc02e64620 R15: 0000000000000003
</TASK>
INFO: task syz-executor:5341 blocked for more than 159 seconds.
Not tainted 6.12.0-rc1-syzkaller-00349-g8f602276d390 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:19824 pid:5341 tgid:5341 ppid:1 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x1895/0x4b30 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752
del_device_store+0xfc/0x480 drivers/net/netdevsim/bus.c:216
kernfs_fop_write_iter+0x3a0/0x500 fs/kernfs/file.c:334
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0xa6d/0xc90 fs/read_write.c:683
ksys_write+0x183/0x2b0 fs/read_write.c:736
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fba4d57cadf
RSP: 002b:00007fba4d85f220 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fba4d57cadf
RDX: 0000000000000001 RSI: 00007fba4d85f270 RDI: 0000000000000005
RBP: 00007fba4d5f13ae R08: 0000000000000000 R09: 00007fba4d85f077
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 00007fba4d85f270 R14: 00007fba4e264620 R15: 0000000000000003
</TASK>
INFO: task syz-executor:5344 blocked for more than 160 seconds.
Not tainted 6.12.0-rc1-syzkaller-00349-g8f602276d390 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:20912 pid:5344 tgid:5344 ppid:5330 flags:0x00000000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x1895/0x4b30 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752
del_device_store+0xfc/0x480 drivers/net/netdevsim/bus.c:216
kernfs_fop_write_iter+0x3a0/0x500 fs/kernfs/file.c:334
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0xa6d/0xc90 fs/read_write.c:683
ksys_write+0x183/0x2b0 fs/read_write.c:736
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4619b7cadf
RSP: 002b:00007f4619e5f220 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f4619b7cadf
RDX: 0000000000000001 RSI: 00007f4619e5f270 RDI: 0000000000000005
RBP: 00007f4619bf13ae R08: 0000000000000000 R09: 00007f4619e5f077
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 00007f4619e5f270 R14: 00007f461a864620 R15: 0000000000000003
</TASK>


---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.