syzbot

 sign-in | mailing list | source | docs
🐞 Open [96]
🐞 Fixed [6]
🐞 Invalid [2]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap
💬 Send us feedback

INFO: task hung in nmi_cpu_backtrace

Status: premoderation: reported on 2025/07/28 05:35
Reported-by: syzbot+84f0be7c2107fef842bb@syzkaller.appspotmail.com
First crash: 32d, last: 32d
Similar bugs (6)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in nmi_cpu_backtrace fs 1 7 2612d 2610d 0/29 auto-closed as invalid on 2019/02/22 10:26
upstream INFO: task hung in nmi_cpu_backtrace (3) block serial 1 3 374d 390d 0/29 auto-obsoleted due to no activity on 2024/11/17 17:25
android-49 INFO: task hung in nmi_cpu_backtrace 1 3 2580d 2756d 0/3 auto-closed as invalid on 2019/02/22 13:59
upstream INFO: task hung in nmi_cpu_backtrace (2) serial 1 1 689d 689d 0/29 auto-obsoleted due to no activity on 2024/01/08 02:36
upstream INFO: task hung in nmi_cpu_backtrace (4) nfs 1 5 125d 230d 0/29 auto-obsoleted due to no activity on 2025/07/25 14:14
linux-4.14 INFO: task hung in nmi_cpu_backtrace 1 1 2065d 2065d 0/1 auto-closed as invalid on 2020/05/02 01:19

Sample crash report:
INFO: task syz.1.276:1150 blocked for more than 125 seconds.
      Not tainted 6.12.38-syzkaller-ge9bbc29c066a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 37 Comm: khungtaskd Not tainted 6.12.38-syzkaller-ge9bbc29c066a #0 23782410f292bc05d82a7d68d5e797d6f188417b
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 __dump_stack+0x21/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0x10c/0x190 lib/dump_stack.c:120
 dump_stack+0x19/0x20 lib/dump_stack.c:129
 nmi_cpu_backtrace+0x2bf/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x142/0x2c0 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:41
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:267 [inline]
 watchdog+0xd8f/0xed0 kernel/hung_task.c:423
 kthread+0x2ca/0x370 kernel/kthread.c:389
 ret_from_fork+0x67/0xa0 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 848 Comm: syz.1.168 Not tainted 6.12.38-syzkaller-ge9bbc29c066a #0 23782410f292bc05d82a7d68d5e797d6f188417b
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:arch_stack_walk+0xfc/0x170 arch/x86/kernel/stacktrace.c:-1
Code: 74 0a 49 8b 8c 24 98 0d 00 00 eb 03 48 89 e9 48 8d bd 78 ff ff ff 4c 89 e6 4c 89 fa e8 4d 98 06 00 83 bd 78 ff ff ff 00 74 46 <4c> 8d bd 78 ff ff ff 4c 89 ff e8 05 88 06 00 48 85 c0 74 32 48 89
RSP: 0018:ffffc90000006c88 EFLAGS: 00000202
RAX: ffffc90000006d10 RBX: ffffc90000006d40 RCX: 1ffff92000000d98
RDX: ffffc90000006d18 RSI: 1ffff92000000d92 RDI: ffffc90000006ce0
RBP: ffffc90000006d10 R08: ffffc90000006c00 R09: 0000000000000000
R10: ffffc90000006c88 R11: fffff52000000d9d R12: ffff888136b1df00
R13: 1ffff92000000dbc R14: ffffffff817429f0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff38d28ecc CR3: 0000000114c76000 CR4: 00000000003526b0
Call Trace:
 <IRQ>
 stack_trace_save+0x9d/0xe0 kernel/stacktrace.c:122
 save_stack+0xf8/0x1f0 mm/page_owner.c:174
 __set_page_owner+0x8e/0x5d0 mm/page_owner.c:338
 set_page_owner include/linux/page_owner.h:35 [inline]
 post_alloc_hook+0x3b9/0x3f0 mm/page_alloc.c:1791
 prep_new_page+0x1c/0x120 mm/page_alloc.c:1799
 get_page_from_freelist+0x46bb/0x4750 mm/page_alloc.c:3850
 __alloc_pages_noprof+0x30d/0x6c0 mm/page_alloc.c:5191
 alloc_slab_page+0x6b/0x1f0 mm/slub.c:-1
 allocate_slab+0x69/0x440 mm/slub.c:2659
 new_slab mm/slub.c:2713 [inline]
 ___slab_alloc+0x59a/0x8b0 mm/slub.c:3901
 __slab_alloc mm/slub.c:3991 [inline]
 __slab_alloc_node mm/slub.c:4044 [inline]
 slab_alloc_node mm/slub.c:4205 [inline]
 kmem_cache_alloc_noprof+0x202/0x3a0 mm/slub.c:4226
 skb_clone+0x229/0x460 net/core/skbuff.c:2082
 deliver_clone net/bridge/br_forward.c:125 [inline]
 br_flood+0x661/0x730 net/bridge/br_forward.c:245
 br_handle_frame_finish+0x12bb/0x1720 net/bridge/br_input.c:215
 nf_hook_bridge_pre net/bridge/br_input.c:301 [inline]
 br_handle_frame+0x5a6/0xba0 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xf48/0x3940 net/core/dev.c:5651
 __netif_receive_skb_one_core net/core/dev.c:5755 [inline]
 __netif_receive_skb net/core/dev.c:5870 [inline]
 process_backlog+0x3e5/0xae0 net/core/dev.c:6206
 __napi_poll+0xd0/0x610 net/core/dev.c:6857
 napi_poll net/core/dev.c:6926 [inline]
 net_rx_action+0x584/0xce0 net/core/dev.c:7048
 handle_softirqs+0x1ab/0x630 kernel/softirq.c:621
 __do_softirq+0xf/0x16 kernel/softirq.c:659
 do_softirq+0xa6/0x100 kernel/softirq.c:503
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x74/0x80 kernel/softirq.c:430
 __raw_write_unlock_bh include/linux/rwlock_api_smp.h:281 [inline]
 _raw_write_unlock_bh+0x33/0x70 kernel/locking/spinlock.c:366
 sock_orphan include/net/sock.h:2061 [inline]
 sk_common_release+0x1a3/0x340 net/core/sock.c:3867
 raw_close+0x25/0x30 net/ipv4/raw.c:689
 inet_release+0x1b4/0x2c0 net/ipv4/af_inet.c:442
 __sock_release net/socket.c:659 [inline]
 sock_close+0xdd/0x280 net/socket.c:1427
 __fput+0x1fe/0xa00 fs/file_table.c:429
 ____fput+0x20/0x30 fs/file_table.c:457
 task_work_run+0x1e0/0x250 kernel/task_work.c:240
 exit_task_work include/linux/task_work.h:43 [inline]
 do_exit+0x9bc/0x2630 kernel/exit.c:953
 do_group_exit+0x22a/0x300 kernel/exit.c:1095
 get_signal+0x139d/0x14f0 kernel/signal.c:2933
 arch_do_signal_or_restart+0x96/0x720 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x58/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x64/0xf0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f27ccdc1265
Code: Unable to access opcode bytes at 0x7f27ccdc123b.
RSP: 002b:00007f27ccbc9f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: fffffffffffffdfc RBX: 00007f27ccfb6080 RCX: 00007f27ccdc1265
RDX: 00007f27ccbc9fc0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f27cce10d69 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f27ccfb6080 R15: 00007ffe8fbc2238
 </TASK>
net_ratelimit: 137272 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8e:c9:78:1b:79:d9, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8e:c9:78:1b:79:d9, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
net_ratelimit: 149712 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8e:c9:78:1b:79:d9, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8e:c9:78:1b:79:d9, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8e:c9:78:1b:79:d9, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/28 05:34 android16-6.12 e9bbc29c066a fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-12-rust INFO: task hung in nmi_cpu_backtrace
* Struck through repros no longer work on HEAD.