syzbot


INFO: task hung in __down

Status: public: reported C repro on 2019/04/13 00:00
Reported-by: syzbot+cc4775bb6257839f6d72@syzkaller.appspotmail.com
First crash: 2510d, last: 2388d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-44 INFO: task hung in __down C 1 2359d 2048d 0/2 public: reported C repro on 2019/04/14 00:00

Sample crash report:
Free swap  = 0kB
Total swap = 0kB
1965969 pages RAM
0 pages HighMem/MovableOnly
321064 pages reserved
INFO: task init:4044 blocked for more than 120 seconds.
      Not tainted 4.9.98-g9731a2d #22
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init            D
29000  4044      1 0x00000000
 ffff8801d48b9500 ffff8801d48b8540 ffff8801d4fb4800 ffff8801db221b98
 ffff8801d5da7570 ffffffff839e377d 0000000000000000 ffff8801d4fb08ea
 ffff8801d5da76d0 0000000000000046 ffff8801db222468Call Trace:
 [<ffffffff839e4d7f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3557
 [<ffffffff839f1191>] schedule_timeout+0x861/0xf70 kernel/time/timer.c:1768
 [<ffffffff839ed8ae>] __down_common kernel/locking/semaphore.c:221 [inline]
 [<ffffffff839ed8ae>] __down+0x12e/0x1f0 kernel/locking/semaphore.c:238
 [<ffffffff81229f1e>] down+0x5e/0x80 kernel/locking/semaphore.c:61
 [<ffffffff812587dc>] console_lock+0x2c/0x80 kernel/printk/printk.c:2212
 [<ffffffff8125e04c>] console_device+0x1c/0xc0 kernel/printk/printk.c:2549
 [<ffffffff82116f6a>] tty_lookup_driver drivers/tty/tty_io.c:2003 [inline]
 [<ffffffff82116f6a>] tty_open_by_driver drivers/tty/tty_io.c:2048 [inline]
 [<ffffffff82116f6a>] tty_open+0x71a/0xe20 drivers/tty/tty_io.c:2125
 [<ffffffff8157c55d>] chrdev_open+0x22d/0x4c0 fs/char_dev.c:392
 [<ffffffff81567443>] do_dentry_open+0x703/0xc80 fs/open.c:766
 [<ffffffff8156ac2c>] vfs_open+0x11c/0x210 fs/open.c:879
 [<ffffffff815a1d68>] do_last fs/namei.c:3410 [inline]
 [<ffffffff815a1d68>] path_openat+0x758/0x3590 fs/namei.c:3534
 [<ffffffff815a8e67>] do_filp_open+0x197/0x270 fs/namei.c:3568
 [<ffffffff8156b63d>] do_sys_open+0x30d/0x5c0 fs/open.c:1072
 [<ffffffff8156b91d>] SYSC_open fs/open.c:1090 [inline]
 [<ffffffff8156b91d>] SyS_open+0x2d/0x40 fs/open.c:1085
 [<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
 [<ffffffff839f4653>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

Showing all locks held in the system:
2 locks held by khungtaskd/519:
 #0: 
 (rcu_read_lock){......}, at: [<ffffffff813646ec>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 (rcu_read_lock){......}, at: [<ffffffff813646ec>] watchdog+0x11c/0xa20 kernel/hung_task.c:239
 (tasklist_lock){.+.+..}, at: [<ffffffff81423ba0>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
 #0: 
 (&f->f_pos_lock){+.+.+.}, at: [<ffffffff815d565c>] __fdget_pos+0xac/0xd0 fs/file.c:781
 #0: 
 (&tty->ldisc_sem){++++++}, at: [<ffffffff839f2822>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff8211cc12>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2133
 #0: 
 (tty_mutex){+.+.+.}, at: [<ffffffff82116cbc>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 (tty_mutex){+.+.+.}, at: [<ffffffff82116cbc>] tty_open+0x46c/0xe20 drivers/tty/tty_io.c:2125
 #0: 
 (tty_mutex){+.+.+.}, at: [<ffffffff82116cbc>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 (tty_mutex){+.+.+.}, at: [<ffffffff82116cbc>] tty_open+0x46c/0xe20 drivers/tty/tty_io.c:2125
 #0: 
 (tty_mutex){+.+.+.}, at: [<ffffffff82116cbc>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 (tty_mutex){+.+.+.}, at: [<ffffffff82116cbc>] tty_open+0x46c/0xe20 drivers/tty/tty_io.c:2125
 #0: 
 (tty_mutex){+.+.+.}, at: [<ffffffff82116cbc>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 (tty_mutex){+.+.+.}, at: [<ffffffff82116cbc>] tty_open+0x46c/0xe20 drivers/tty/tty_io.c:2125
 #0: 
 (tty_mutex){+.+.+.}, at: [<ffffffff82116cbc>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 (tty_mutex){+.+.+.}, at: [<ffffffff82116cbc>] tty_open+0x46c/0xe20 drivers/tty/tty_io.c:2125
 #0: 
 (tty_mutex){+.+.+.}, at: [<ffffffff82116cbc>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 (tty_mutex){+.+.+.}, at: [<ffffffff82116cbc>] tty_open+0x46c/0xe20 drivers/tty/tty_io.c:2125
=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 519 Comm: khungtaskd Not tainted 4.9.98-g9731a2d #22
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d8b17d08
 ffffffff81eb0ee9 0000000000000000 0000000000000001 0000000000000001
 0000000000000001 ffffffff810b7da0 ffff8801d8b17d40 ffffffff81ebc1e7
 0000000000000001 0000000000000000 0000000000000003Call Trace:
 [<ffffffff81eb0ee9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81eb0ee9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81ebc1e7>] nmi_cpu_backtrace.cold.2+0x48/0x87 lib/nmi_backtrace.c:99
 [<ffffffff81ebc17a>] nmi_trigger_cpumask_backtrace+0x12a/0x14f lib/nmi_backtrace.c:60
 [<ffffffff810b7ea4>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff81364c84>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff81364c84>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff81364c84>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff81364c84>] watchdog+0x6b4/0xa20 kernel/hung_task.c:239
 [<ffffffff8119ad5d>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff839f481c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 6908 Comm: syz-executor376 Not tainted 4.9.98-g9731a2d #22
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801cde1c800 task.stack: ffff8801c0950000
RIP: 0010:[<ffffffff81ee4fa9>] c [<ffffffff81ee4fa9>] memset_erms+0x9/0x10 arch/x86/lib/memset_64.S:64
RSP: 0018:ffff8801c09576f8  EFLAGS: 00010206
RAX: dffffc00000000ff RBX: 00000000001bcc00 RCX: 000000000001c880
RDX: 0000000000040000 RSI: 00000000000000ff RDI: ffffed00379a3780
RBP: ffff8801c0957700 R08: 1ffff10037980000 R09: ffffed0037980000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000009
R13: ffff8801bcc00000 R14: 0000000000000000 R15: ffffea0006f30000
FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020200000 CR3: 000000000461e000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff815388c9c ffff8801c0957790c ffffffff8144825cc 0000000000000046c
 0000000000000000c ffff8801cde1d0c0c ffff8801cde1d0c0c ffff8801cde1c800c
 ffffffff839f3d7ac 0000000000000286c 0000000000000000c ffff8801c0957c48c
Call Trace:
 [<ffffffff8144825c>] free_pages_prepare mm/page_alloc.c:1067 [inline]
 [<ffffffff8144825c>] __free_pages_ok+0x1ec/0x1610 mm/page_alloc.c:1263
 [<ffffffff814496de>] free_compound_page+0x5e/0x70 mm/page_alloc.c:594
 [<ffffffff8154f409>] free_transhuge_page+0x99/0xc0 mm/huge_memory.c:2228
 [<ffffffff81461a40>] __put_compound_page+0x80/0xc0 mm/swap.c:94
 [<ffffffff81463634>] release_pages+0x2f4/0x970 mm/swap.c:763
 [<ffffffff81506437>] free_pages_and_swap_cache+0x117/0x160 mm/swap_state.c:273
 [<ffffffff814bdbf4>] tlb_flush_mmu_free+0xb4/0x150 mm/memory.c:259
 [<ffffffff814c146d>] tlb_flush_mmu+0x1d/0x20 mm/memory.c:268
 [<ffffffff81546ce4>] tlb_remove_page_size include/asm-generic/tlb.h:154 [inline]
 [<ffffffff81546ce4>] tlb_remove_page include/asm-generic/tlb.h:172 [inline]
 [<ffffffff81546ce4>] zap_huge_pmd+0x404/0x860 mm/huge_memory.c:1424
 [<ffffffff814c628f>] zap_pmd_range mm/memory.c:1245 [inline]
 [<ffffffff814c628f>] zap_pud_range mm/memory.c:1279 [inline]
 [<ffffffff814c628f>] unmap_page_range+0x12af/0x1730 mm/memory.c:1300
 [<ffffffff814c6811>] unmap_single_vma+0x101/0x260 mm/memory.c:1345
 [<ffffffff814c7152>] unmap_vmas+0x102/0x1d0 mm/memory.c:1375
 [<ffffffff814df8b4>] exit_mmap+0x214/0x3f0 mm/mmap.c:2988
 [<ffffffff81129dd3>] __mmput kernel/fork.c:878 [inline]
 [<ffffffff81129dd3>] mmput+0xf3/0x2d0 kernel/fork.c:900
 [<ffffffff8113ebb6>] exit_mm kernel/exit.c:518 [inline]
 [<ffffffff8113ebb6>] do_exit+0x906/0x27c0 kernel/exit.c:824
 [<ffffffff81144d91>] do_group_exit+0x111/0x340 kernel/exit.c:941
 [<ffffffff81144fdd>] SYSC_exit_group kernel/exit.c:952 [inline]
 [<ffffffff81144fdd>] SyS_exit_group+0x1d/0x20 kernel/exit.c:950
 [<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
 [<ffffffff839f4653>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: c48 cc1 ce9 c03 c40 c0f cb6 cf6 c48 cb8 c01 c01 c01 c01 c01 c01 c01 c01 c48 c0f caf cc6 cf3 c48 cab c89 cd1 cf3 caa c4c c89 cc8 cc3 c90 c49 c89 cf9 c40 c88 cf0 c48 c89 cd1 c<f3> caa c4c c89 cc8 cc3 c90 c49 c89 cfa c40 c0f cb6 cce c48 cb8 c01 c01 c01 c01 c01 c

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/05/08 23:33 https://android.googlesource.com/kernel/common android-4.9 9731a2dab47e b88872ba .config console log report syz C ci-android-49-kasan-gce
2018/05/05 07:37 https://android.googlesource.com/kernel/common android-4.9 f5a861c30cb7 9ce14f4b .config console log report syz C ci-android-49-kasan-gce
2018/03/06 05:01 https://android.googlesource.com/kernel/common android-4.9 b324a701539e aef0b792 .config console log report syz C ci-android-49-kasan-gce
2018/01/07 19:02 https://android.googlesource.com/kernel/common android-4.9 5f5e5d4041e3 19c05fff .config console log report syz C ci-android-49-kasan-gce
2018/01/07 15:55 https://android.googlesource.com/kernel/common android-4.9 5f5e5d4041e3 19c05fff .config console log report syz C ci-android-49-kasan-gce
2018/04/17 23:22 https://android.googlesource.com/kernel/common android-4.9 8683408f8e81 b80fd3b5 .config console log report syz C ci-android-49-kasan-gce-386
2018/04/18 07:33 https://android.googlesource.com/kernel/common android-4.9 8683408f8e81 b80fd3b5 .config console log report syz ci-android-49-kasan-gce
2018/05/02 11:18 https://android.googlesource.com/kernel/common android-4.9 1321d4226176 d5b114b4 .config console log report ci-android-49-kasan-gce-root
2018/03/30 15:09 https://android.googlesource.com/kernel/common android-4.9 cc88c05eca31 d47f0ed6 .config console log report ci-android-49-kasan-gce
2018/03/29 22:08 https://android.googlesource.com/kernel/common android-4.9 bb94f9d8f542 d47f0ed6 .config console log report ci-android-49-kasan-gce-386
* Struck through repros no longer work on HEAD.