syzbot

 sign-in | mailing list | source | docs
🐞 Open [98]
🐞 Fixed [6]
🐞 Invalid [37]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap
💬 Send us feedback

INFO: task hung in scsi_host_dev_release

Status: auto-obsoleted due to no activity on 2025/12/02 22:05
Reported-by: syzbot+f81dae4e6dd5ab7c8b9f@syzkaller.appspotmail.com
First crash: 154d, last: 96d
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in scsi_host_dev_release scsi 1 1 395d 395d 0/29 auto-obsoleted due to no activity on 2025/02/06 21:36
upstream INFO: task hung in scsi_host_dev_release (2) kernel 1 1 270d 270d 0/29 auto-obsoleted due to no activity on 2025/06/11 22:31

Sample crash report:
INFO: task kworker/1:0:31 blocked for more than 123 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:0     state:D stack:0     pid:31    tgid:31    ppid:2      flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5945 [inline]
 __schedule+0x1322/0x1df0 kernel/sched/core.c:7791
 __schedule_loop kernel/sched/core.c:7872 [inline]
 schedule+0xc6/0x240 kernel/sched/core.c:7887
 schedule_timeout+0xb2/0x3a0 kernel/time/timer.c:2595
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common+0x359/0x630 kernel/sched/completion.c:127
 wait_for_completion+0x1c/0x40 kernel/sched/completion.c:148
 rcu_barrier+0x415/0x530 kernel/rcu/tree.c:4657
 scsi_host_dev_release+0xae/0x2f0 drivers/scsi/hosts.c:344
 device_release+0xab/0x1e0 drivers/base/core.c:-1
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1aa/0x2a0 lib/kobject.c:737
 put_device+0x23/0x40 drivers/base/core.c:3800
 scsi_host_put+0x20/0x30 drivers/scsi/hosts.c:625
 release_everything+0x1f8/0x210 drivers/usb/storage/usb.c:971
 usb_stor_probe2+0x2ff/0xbd0 drivers/usb/storage/usb.c:1168
 datafab_probe+0x189/0x1f0 drivers/usb/storage/datafab.c:739
 usb_probe_interface+0x696/0xc00 drivers/usb/core/driver.c:403
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x2d3/0x890 drivers/base/dd.c:657
 __driver_probe_device+0x198/0x280 drivers/base/dd.c:799
 driver_probe_device+0x54/0x3f0 drivers/base/dd.c:829
 __device_attach_driver+0x2f1/0x4b0 drivers/base/dd.c:957
 bus_for_each_drv+0x260/0x2f0 drivers/base/bus.c:459
 __device_attach+0x2bd/0x3a0 drivers/base/dd.c:1029
 device_initial_probe+0x1e/0x30 drivers/base/dd.c:1078
 bus_probe_device+0x18b/0x270 drivers/base/bus.c:534
 device_add+0x80c/0xc00 drivers/base/core.c:3692
 usb_set_configuration+0x1ad4/0x20b0 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0x95/0x160 drivers/usb/core/generic.c:254
 usb_probe_device+0x1d4/0x380 drivers/usb/core/driver.c:298
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x2d3/0x890 drivers/base/dd.c:657
 __driver_probe_device+0x198/0x280 drivers/base/dd.c:799
 driver_probe_device+0x54/0x3f0 drivers/base/dd.c:829
 __device_attach_driver+0x2f1/0x4b0 drivers/base/dd.c:957
 bus_for_each_drv+0x260/0x2f0 drivers/base/bus.c:459
 __device_attach+0x2bd/0x3a0 drivers/base/dd.c:1029
 device_initial_probe+0x1e/0x30 drivers/base/dd.c:1078
 bus_probe_device+0x18b/0x270 drivers/base/bus.c:534
 device_add+0x80c/0xc00 drivers/base/core.c:3692
 usb_new_device+0x9ed/0x1590 drivers/usb/core/hub.c:2690
 hub_port_connect drivers/usb/core/hub.c:5561 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5701 [inline]
 port_event drivers/usb/core/hub.c:5865 [inline]
 hub_event+0x2c81/0x4270 drivers/usb/core/hub.c:5947
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x7d5/0x1020 kernel/workqueue.c:3319
 worker_thread+0xc58/0x1250 kernel/workqueue.c:3400
 kthread+0x2c7/0x370 kernel/kthread.c:389
 ret_from_fork+0x64/0xa0 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: task syz.5.4056:12611 blocked for more than 127 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.4056      state:D stack:0     pid:12611 tgid:12610 ppid:11372  flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5945 [inline]
 __schedule+0x1322/0x1df0 kernel/sched/core.c:7791
 __schedule_loop kernel/sched/core.c:7872 [inline]
 schedule+0xc6/0x240 kernel/sched/core.c:7887
 schedule_timeout+0xb2/0x3a0 kernel/time/timer.c:2595
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common+0x359/0x630 kernel/sched/completion.c:127
 wait_for_completion+0x1c/0x40 kernel/sched/completion.c:148
 exit_aio+0x2df/0x3b0 fs/aio.c:927
 __mmput+0x30/0x320 kernel/fork.c:1346
 mmput+0x55/0x170 kernel/fork.c:1372
 exit_mm kernel/exit.c:574 [inline]
 do_exit+0x918/0x2630 kernel/exit.c:940
 do_group_exit+0x22a/0x300 kernel/exit.c:1095
 get_signal+0x139d/0x14f0 kernel/signal.c:2933
 arch_do_signal_or_restart+0x96/0x720 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x58/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x64/0xf0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f645fb8ebe9
RSP: 002b:00007f645e5e30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000001 RBX: 00007f645fdc5fa8 RCX: 00007f645fb8ebe9
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f645fdc5fac
RBP: 00007f645fdc5fa0 R08: 7fffffffffffffff R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007f645fdc6038 R14: 00007ffdd37f74f0 R15: 00007ffdd37f75d8
 </TASK>
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 37 Comm: khungtaskd Not tainted syzkaller #0 6e508aa732f414f9d300b832ff15c50b3cf7cfdc
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 __dump_stack+0x21/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0x10c/0x190 lib/dump_stack.c:120
 dump_stack+0x19/0x20 lib/dump_stack.c:129
 nmi_cpu_backtrace+0x2bf/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x142/0x2c0 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:41
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:267 [inline]
 watchdog+0xd8f/0xed0 kernel/hung_task.c:423
 kthread+0x2c7/0x370 kernel/kthread.c:389
 ret_from_fork+0x64/0xa0 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 12701 Comm: syz-executor Not tainted syzkaller #0 6e508aa732f414f9d300b832ff15c50b3cf7cfdc
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:rol32 include/linux/bitops.h:127 [inline]
RIP: 0010:jhash2 include/linux/jhash.h:129 [inline]
RIP: 0010:hash_stack lib/stackdepot.c:514 [inline]
RIP: 0010:stack_depot_save_flags+0xad/0x800 lib/stackdepot.c:614
Code: 44 29 e1 31 cf 41 01 c4 29 f8 41 89 f8 41 c1 c0 06 41 31 c0 44 01 e7 45 89 c1 41 c1 c1 08 45 29 c4 45 31 e1 41 01 f8 44 29 cf <44> 89 c9 c1 c1 10 31 f9 45 01 c1 89 c8 c1 c0 13 41 29 c8 44 31 c0
RSP: 0018:ffffc90004b76f20 EFLAGS: 00000282
RAX: 000000006afbabcb RBX: 0000000000002800 RCX: 00000000efa722f3
RDX: ffffc90004b77028 RSI: 000000000000000e RDI: 00000000898b9f73
RBP: ffffc90004b76f80 R08: 00000000d733f19e R09: 000000006391bf83
R10: 0000000000000010 R11: ffffffff81744330 R12: 0000000075031769
R13: 1ffff9200096edf8 R14: ffffc90004b76fe0 R15: 1ffff110262e4ca0
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2db17f84c0 CR3: 0000000107b8a000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 stack_depot_save+0x12/0x20 lib/stackdepot.c:686
 save_stack+0x106/0x1f0 mm/page_owner.c:175
 __reset_page_owner+0x79/0x450 mm/page_owner.c:315
 reset_page_owner include/linux/page_owner.h:28 [inline]
 free_pages_prepare mm/page_alloc.c:1352 [inline]
 free_unref_folios+0xcfe/0x1680 mm/page_alloc.c:2901
 folios_put_refs+0x4c9/0x5c0 mm/swap.c:1038
 free_pages_and_swap_cache+0x272/0x460 mm/swap_state.c:333
 __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline]
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]
 tlb_flush_mmu+0x7ce/0xaf0 mm/mmu_gather.c:373
 tlb_finish_mmu+0xcf/0x1d0 mm/mmu_gather.c:465
 exit_mmap+0x405/0xb60 mm/mmap.c:1976
 __mmput+0x93/0x320 kernel/fork.c:1349
 mmput+0x55/0x170 kernel/fork.c:1372
 exec_mmap+0x37c/0x420 fs/exec.c:1020
 begin_new_exec+0x11f0/0x1ee0 fs/exec.c:1287
 load_elf_binary+0x806/0x2b40 fs/binfmt_elf.c:994
 search_binary_handler fs/exec.c:1790 [inline]
 exec_binprm fs/exec.c:1832 [inline]
 bprm_execve+0x6e9/0x1380 fs/exec.c:1884
 do_execveat_common+0x929/0xa80 fs/exec.c:1989
 do_execve fs/exec.c:2063 [inline]
 __do_sys_execve fs/exec.c:2139 [inline]
 __se_sys_execve fs/exec.c:2134 [inline]
 __x64_sys_execve+0x96/0xb0 fs/exec.c:2134
 x64_sys_call+0x12c4/0x2ee0 arch/x86/include/generated/asm/syscalls_64.h:60
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x58/0xf0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f1378dc22b7
Code: Unable to access opcode bytes at 0x7f1378dc228d.
RSP: 002b:00007f1379bb6df8 EFLAGS: 00000206 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00007fffdedb7ef2 RCX: 00007f1378dc22b7
RDX: 00007fffdedb63f0 RSI: 00007fffdedb6630 RDI: 00007fffdedb7ef2
RBP: 00007f1379bb6e70 R08: 00007f1379bb6f20 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000206 R12: 00007fffdedb6630
R13: 00007fffdedb63f0 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
net_ratelimit: 154839 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:a6:9f:f2:60:31:19, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:a6:9f:f2:60:31:19, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/03 22:04 android16-6.12 53e4390f692f 96a211bc .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-12-rust INFO: task hung in scsi_host_dev_release
2025/07/07 02:51 android16-6.12 e2bf362ee23b 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-12-rust INFO: task hung in scsi_host_dev_release
* Struck through repros no longer work on HEAD.