syzbot


INFO: task hung in ext4_map_blocks

Status: public: reported C repro on 2019/04/14 08:51
Reported-by: syzbot+976f2bdea3f9cdcbc38b@syzkaller.appspotmail.com
First crash: 2172d, last: 2164d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-414 INFO: task hung in ext4_map_blocks 2 2028d 2004d 0/1 auto-closed as invalid on 2019/09/13 20:17
upstream INFO: task hung in ext4_map_blocks ext4 C 5 2171d 2169d 0/28 closed as dup on 2018/10/27 13:40

Sample crash report:
INFO: task kworker/u4:0:6 blocked for more than 140 seconds.
      Not tainted 4.9.135+ #59
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:0    D24840     6      2 0x80000000
Workqueue: writeback wb_workfn (flush-8:0)
 ffff8801da678000 0000000000000000 ffff8801d4c60580 ffff8801da6b2f80
 ffff8801db721018 ffff8801da687120 ffffffff827f3192 ffff8801da6870f8
 ffffffff81206ab7 0000000000000000 00ff8801da6788a8 ffff8801db7218f0
Call Trace:
 [<ffffffff827f46bf>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
 [<ffffffff827fe47a>] __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:526 [inline]
 [<ffffffff827fe47a>] rwsem_down_write_failed+0x39a/0x730 kernel/locking/rwsem-xadd.c:555
 [<ffffffff81b69177>] call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105
 [<ffffffff827fd2ac>] __down_write arch/x86/include/asm/rwsem.h:125 [inline]
 [<ffffffff827fd2ac>] down_write+0x5c/0xa0 kernel/locking/rwsem.c:54
 [<ffffffff816c8d63>] ext4_map_blocks+0x6d3/0x16d0 fs/ext4/inode.c:605
 [<ffffffff816d5ee1>] mpage_map_one_extent fs/ext4/inode.c:2387 [inline]
 [<ffffffff816d5ee1>] mpage_map_and_submit_extent fs/ext4/inode.c:2443 [inline]
 [<ffffffff816d5ee1>] ext4_writepages+0x1551/0x2e00 fs/ext4/inode.c:2783
 [<ffffffff81433c8f>] do_writepages+0xef/0x1d0 mm/page-writeback.c:2331
 [<ffffffff8159eaa9>] __writeback_single_inode+0xd9/0x1020 fs/fs-writeback.c:1320
 [<ffffffff8159fe9c>] writeback_sb_inodes+0x4ac/0xe70 fs/fs-writeback.c:1584
 [<ffffffff815a095b>] __writeback_inodes_wb+0xfb/0x1e0 fs/fs-writeback.c:1653
 [<ffffffff815a0f52>] wb_writeback+0x512/0xbd0 fs/fs-writeback.c:1762
 [<ffffffff815a46cc>] wb_check_old_data_flush fs/fs-writeback.c:1877 [inline]
 [<ffffffff815a46cc>] wb_do_writeback fs/fs-writeback.c:1901 [inline]
 [<ffffffff815a46cc>] wb_workfn+0x8bc/0xe90 fs/fs-writeback.c:1930
 [<ffffffff81130d61>] process_one_work+0x831/0x1530 kernel/workqueue.c:2092
 [<ffffffff81131b36>] worker_thread+0xd6/0x1140 kernel/workqueue.c:2226
 [<ffffffff811428dd>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff828035dc>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373

Showing all locks held in the system:
5 locks held by kworker/u4:0/6:
 #0:  ("writeback"){.+.+.+}, at: [<ffffffff81130c6c>] process_one_work+0x73c/0x1530 kernel/workqueue.c:2085
 #1:  ((&(&wb->dwork)->work)){+.+.+.}, at: [<ffffffff81130ca4>] process_one_work+0x774/0x1530 kernel/workqueue.c:2089
 #2:  (&type->s_umount_key#32){++++++}, at: [<ffffffff815149e0>] trylock_super+0x20/0xf0 fs/super.c:393
 #3:  (&sbi->s_journal_flag_rwsem){.+.+.+}, at: [<ffffffff81433c8f>] do_writepages+0xef/0x1d0 mm/page-writeback.c:2331
 #4:  (&ei->i_data_sem){++++..}, at: [<ffffffff816c8d63>] ext4_map_blocks+0x6d3/0x16d0 fs/ext4/inode.c:605
2 locks held by khungtaskd/24:
 #0:  (rcu_read_lock){......}, at: [<ffffffff8131bb4c>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff8131bb4c>] watchdog+0x11c/0xa20 kernel/hung_task.c:239
 #1:  (tasklist_lock){.+.+..}, at: [<ffffffff813fe314>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/2044:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff828014e2>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff81d2b032>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.135+ #59
 ffff8801d9907d08 ffffffff81b36bf9 0000000000000000 0000000000000001
 0000000000000001 0000000000000001 ffffffff81098330 ffff8801d9907d40
 ffffffff81b41d09 0000000000000001 0000000000000000 0000000000000003
Call Trace:
 [<ffffffff81b36bf9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b36bf9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81b41d09>] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99
 [<ffffffff81b41c9c>] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60
 [<ffffffff81098434>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff8131c0dd>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff8131c0dd>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff8131c0dd>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff8131c0dd>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
 [<ffffffff811428dd>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff828035dc>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 2173 Comm: syz-executor526 Not tainted 4.9.135+ #59
task: ffff8801c4988000 task.stack: ffff8801ca198000
RIP: 0010:[<ffffffff8131b4ed>] c [<ffffffff8131b4ed>] get_current arch/x86/include/asm/current.h:14 [inline]
RIP: 0010:[<ffffffff8131b4ed>] c [<ffffffff8131b4ed>] __sanitizer_cov_trace_pc+0xd/0x50 kernel/kcov.c:99
RSP: 0018:ffff8801ca19f6a0  EFLAGS: 00000287
RAX: ffff8801c4988000 RBX: ffff8801d9964000 RCX: 1ffff1003b32c800
RDX: 0000000000000000 RSI: ffffffff81774036 RDI: ffff8801c4001844
RBP: ffff8801ca19f6a0 R08: ffff8801c4988970 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 000000002a0de2f0
R13: ffff8801ca19f8f8 R14: ffff8801c4001a20 R15: 0000000000008010
FS:  00000000019a5880(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000247c308 CR3: 00000001ca684000 CR4: 00000000001606b0
Stack:
 ffff8801ca19f760c ffffffff817b9b37c 0000000000000000c 1ffff10039433edbc
 ffff8801c4001836c fffffff10719f708c ffff8801c4001830c 0000000041b58ab3c
 ffffffff82e42eafc ffffffff817b9a70c ffff8801c4001110c ffff8801d9964000c
Call Trace:
 [<ffffffff817b9b37>] ext_depth fs/ext4/ext4_extents.h:189 [inline]
 [<ffffffff817b9b37>] get_ext_path fs/ext4/move_extent.c:42 [inline]
 [<ffffffff817b9b37>] mext_check_coverage.constprop.2+0xc7/0x400 fs/ext4/move_extent.c:106
 [<ffffffff817bb6db>] move_extent_per_page fs/ext4/move_extent.c:333 [inline]
 [<ffffffff817bb6db>] ext4_move_extents+0x17bb/0x2a50 fs/ext4/move_extent.c:681
 [<ffffffff816ed76c>] ext4_ioctl+0x27fc/0x3620 fs/ext4/ioctl.c:594
 [<ffffffff81546ddc>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff81546ddc>] file_ioctl fs/ioctl.c:493 [inline]
 [<ffffffff81546ddc>] do_vfs_ioctl+0x1ac/0x11a0 fs/ioctl.c:677
 [<ffffffff81547e5f>] SYSC_ioctl fs/ioctl.c:694 [inline]
 [<ffffffff81547e5f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
 [<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
 [<ffffffff82803413>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: cff c4c c89 cff ce8 ce5 c7a c1d c00 ce9 c9e cfe cff cff c4c c89 ce7 ce8 cd8 c7a c1d c00 ce9 c23 cfe cff cff c0f c1f c00 c55 c48 c89 ce5 c65 c48 c8b c04 c25 c00 c7e c01 c00 c<65> c8b c15 c9c cc8 ccf c7e c81 ce2 c00 c01 c1f c00 c48 c8b c75 c08 c75 c2b c8b c90 c

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/10/24 16:58 https://android.googlesource.com/kernel/common android-4.9 b8bd066f13f4 a8292de9 .config console log report syz C ci-android-49-kasan-gce-root
2018/11/01 14:48 https://android.googlesource.com/kernel/common android-4.9 4ba3f69128be 1f38e9ae .config console log report ci-android-49-kasan-gce-root
2018/10/24 15:13 https://android.googlesource.com/kernel/common android-4.9 b8bd066f13f4 a8292de9 .config console log report ci-android-49-kasan-gce-root
* Struck through repros no longer work on HEAD.