syzbot


INFO: task hung in do_exit

Status: upstream: reported syz repro on 2019/04/25 02:28
Reported-by: syzbot+a1ff69bef50a3e8133ee@syzkaller.appspotmail.com
First crash: 1776d, last: 761d
Fix bisection the fix commit could be any of (bisect log):
  ff33472c282e Linux 4.14.134
  4139fb08c05f Linux 4.14.187
  
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in do_exit syz done error 125 765d 1787d 0/26 closed as invalid on 2022/02/08 10:54
android-414 INFO: task hung in do_exit syz 19 1555d 1788d 0/1 public: reported syz repro on 2019/04/13 00:01
linux-4.19 INFO: task hung in do_exit C error 58 393d 1781d 0/1 upstream: reported C repro on 2019/04/19 20:32
upstream INFO: task can't die in show_free_areas serial C error 41 5d17h 770d 0/26 upstream: reported C repro on 2022/01/24 13:23
android-49 INFO: task hung in do_exit syz 18 1602d 1786d 0/3 public: reported syz repro on 2019/04/14 09:28
Last patch testing requests (10)
Created Duration User Patch Repo Result
2023/02/10 19:32 10m retest repro linux-4.14.y report log
2023/02/10 18:32 16m retest repro linux-4.14.y report log
2023/02/10 17:32 12m retest repro linux-4.14.y report log
2023/02/10 16:32 9m retest repro linux-4.14.y report log
2023/02/10 15:32 11m retest repro linux-4.14.y report log
2022/09/20 22:29 11m retest repro linux-4.14.y report log
2022/09/20 21:29 10m retest repro linux-4.14.y report log
2022/09/20 20:29 11m retest repro linux-4.14.y report log
2022/09/20 19:29 10m retest repro linux-4.14.y report log
2022/09/20 18:29 15m retest repro linux-4.14.y report log
Fix bisection attempts (7)
Created Duration User Patch Repo Result
2020/07/02 05:21 36m (2) bisect fix linux-4.14.y job log (2)
2020/06/02 03:39 36m bisect fix linux-4.14.y job log (0) log
2020/05/03 02:32 36m bisect fix linux-4.14.y job log (0) log
2020/04/02 23:02 36m bisect fix linux-4.14.y job log (0) log
2020/02/14 09:47 36m bisect fix linux-4.14.y job log (0) log
2020/01/15 09:09 37m bisect fix linux-4.14.y job log (0) log
2019/12/16 07:57 37m bisect fix linux-4.14.y job log (0) log

Sample crash report:
INFO: task syz-executor.1:7482 blocked for more than 140 seconds.
      Not tainted 4.14.134 #30
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1  D28528  7482   7076 0x80000000
Call Trace:
 context_switch kernel/sched/core.c:2807 [inline]
 __schedule+0x7b8/0x1cd0 kernel/sched/core.c:3383
 schedule+0x92/0x1c0 kernel/sched/core.c:3427
 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline]
 rwsem_down_read_failed+0x1f6/0x390 kernel/locking/rwsem-xadd.c:309
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:66 [inline]
 down_read+0x49/0xb0 kernel/locking/rwsem.c:26
 exit_mm kernel/exit.c:511 [inline]
 do_exit+0x3d2/0x2c10 kernel/exit.c:861
 do_group_exit+0x111/0x330 kernel/exit.c:977
 SYSC_exit_group kernel/exit.c:988 [inline]
 SyS_exit_group+0x1d/0x20 kernel/exit.c:986
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459829
RSP: 002b:00007fffbc72cb18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000000000000001e RCX: 0000000000459829
RDX: 0000000000413511 RSI: fffffffffffffff7 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffffffffffff R09: 00007fffbc72cb70
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
R13: 00007fffbc72cb70 R14: 0000000000000000 R15: 00007fffbc72cb80
INFO: task syz-executor.1:7488 blocked for more than 140 seconds.
      Not tainted 4.14.134 #30
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1  D29136  7488   7076 0x80000000
Call Trace:
 context_switch kernel/sched/core.c:2807 [inline]
 __schedule+0x7b8/0x1cd0 kernel/sched/core.c:3383
 schedule+0x92/0x1c0 kernel/sched/core.c:3427
 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline]
 rwsem_down_read_failed+0x1f6/0x390 kernel/locking/rwsem-xadd.c:309
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:66 [inline]
 down_read+0x49/0xb0 kernel/locking/rwsem.c:26
 exit_mm kernel/exit.c:511 [inline]
 do_exit+0x3d2/0x2c10 kernel/exit.c:861
 do_group_exit+0x111/0x330 kernel/exit.c:977
 get_signal+0x381/0x1cd0 kernel/signal.c:2409
 do_signal+0x86/0x19a0 arch/x86/kernel/signal.c:814
 exit_to_usermode_loop+0x15c/0x220 arch/x86/entry/common.c:160
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459829
RSP: 002b:00007f5d6fd90cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 000000000075bf28 RCX: 0000000000459829
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf28
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf2c
R13: 00007fffbc72c90f R14: 00007f5d6fd919c0 R15: 000000000075bf2c

Showing all locks held in the system:
1 lock held by khungtaskd/1014:
 #0:  (tasklist_lock){.+.+}, at: [<ffffffff81483258>] debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4541
2 locks held by getty/7021:
 #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b4663>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
 #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff831064f6>] n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7022:
 #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b4663>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
 #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff831064f6>] n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7023:
 #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b4663>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
 #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff831064f6>] n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7024:
 #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b4663>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
 #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff831064f6>] n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7025:
 #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b4663>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
 #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff831064f6>] n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7026:
 #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b4663>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
 #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff831064f6>] n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7027:
 #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861b4663>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
 #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff831064f6>] n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
1 lock held by syz-executor.1/7482:
 #0:  (&mm->mmap_sem){++++}, at: [<ffffffff81382862>] exit_mm kernel/exit.c:511 [inline]
 #0:  (&mm->mmap_sem){++++}, at: [<ffffffff81382862>] do_exit+0x3d2/0x2c10 kernel/exit.c:861
1 lock held by syz-executor.1/7488:
 #0:  (&mm->mmap_sem){++++}, at: [<ffffffff81382862>] exit_mm kernel/exit.c:511 [inline]
 #0:  (&mm->mmap_sem){++++}, at: [<ffffffff81382862>] do_exit+0x3d2/0x2c10 kernel/exit.c:861

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1014 Comm: khungtaskd Not tainted 4.14.134 #30
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x19c lib/dump_stack.c:53
 nmi_cpu_backtrace.cold+0x57/0x94 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x141/0x189 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
 watchdog+0x5e7/0xb90 kernel/hung_task.c:274
 kthread+0x319/0x430 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 7497 Comm: syz-executor.1 Not tainted 4.14.134 #30
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880927c4680 task.stack: ffff8880a0398000
RIP: 0010:hlock_class kernel/locking/lockdep.c:155 [inline]
RIP: 0010:mark_lock+0x78/0x1240 kernel/locking/lockdep.c:3164
RSP: 0018:ffff8880a039f7c8 EFLAGS: 00000046
RAX: 000000000000057e RBX: 0000000000000000 RCX: 1ffff110124f89e9
RDX: 0000000000000000 RSI: ffff8880927c4f28 RDI: ffff8880927c4680
RBP: ffff8880a039f810 R08: 0000000000000001 R09: ffff8880927c4f48
R10: ffff8880927c4f28 R11: ffff8880927c4680 R12: ffff8880927c4f28
R13: 0000000000000100 R14: 0000000000000008 R15: ffff8880927c4680
FS:  00007f5d6fd70700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000001626040 CR3: 00000000a6096000 CR4: 00000000001406f0
Call Trace:
 __lock_acquire+0x5f9/0x45e0 kernel/locking/lockdep.c:3448
 lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3991
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
 perf_mmap+0x50a/0x13f0 kernel/events/core.c:5411
 call_mmap include/linux/fs.h:1782 [inline]
 mmap_region+0x852/0x1030 mm/mmap.c:1723
 do_mmap+0x5b8/0xcd0 mm/mmap.c:1501
 do_mmap_pgoff include/linux/mm.h:2178 [inline]
 vm_mmap_pgoff+0x17a/0x1d0 mm/util.c:333
 SYSC_mmap_pgoff mm/mmap.c:1551 [inline]
 SyS_mmap_pgoff+0x3ca/0x520 mm/mmap.c:1509
 SYSC_mmap arch/x86/kernel/sys_x86_64.c:100 [inline]
 SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:91
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459829
RSP: 002b:00007f5d6fd6fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459829
RDX: 0000000003000001 RSI: 0000000000003000 RDI: 0000000020ffd000
RBP: 000000000075bfc8 R08: 0000000000000003 R09: 0000000000000000
R10: 0000000000001011 R11: 0000000000000246 R12: 00007f5d6fd706d4
R13: 00000000004c5d59 R14: 00000000004da6d0 R15: 00000000ffffffff
Code: 44 24 20 66 a9 ff 1f 74 7d 48 ba 00 00 00 00 00 fc ff df 4c 89 c9 48 c1 e9 03 0f b6 14 11 84 d2 74 09 80 fa 03 0f 8e de 06 00 00 <25> ff 1f 00 00 48 69 d8 50 01 00 00 48 81 eb 50 01 00 00 48 81 

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/07/27 23:55 linux-4.14.y ff33472c282e c85e1c5b .config console log report syz ci2-linux-4-14
2019/07/01 08:11 linux-4.14.y f4cc0ed9b2c7 699d6448 .config console log report syz ci2-linux-4-14
2019/06/26 04:55 linux-4.14.y bc2bccef19ee 0a8d1a96 .config console log report syz ci2-linux-4-14
2019/06/20 11:21 linux-4.14.y bb263a2a2d43 34bf9440 .config console log report syz ci2-linux-4-14
2019/04/25 01:28 linux-4.14.y 68d7a45eec10 8e3c52b1 .config console log report syz ci2-linux-4-14
2022/02/02 12:16 linux-4.14.y b86ee2b7ae42 4ebb2798 .config console log report info ci2-linux-4-14 INFO: task hung in do_exit
2020/08/08 23:58 linux-4.14.y 14b58326976d f721e4a0 .config console log report ci2-linux-4-14
2020/03/03 23:02 linux-4.14.y 78d697fc93f9 1f73b64b .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.