syzbot

 sign-in | mailing list | source | docs
🐞 Open [106] 🐞 Fixed [1] 🐞 Invalid [166] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: task hung in grab_super (2)

Status: auto-closed as invalid on 2019/11/15 12:55
Reported-by: syzbot+8a497943f38daf6bd197@syzkaller.appspotmail.com
First crash: 1623d, last: 1601d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-414 INFO: task hung in grab_super 4 1862d 1700d 0/1 auto-closed as invalid on 2019/04/28 15:34
linux-4.14 INFO: task hung in grab_super C error 241 375d 1691d 0/1 upstream: reported C repro on 2019/04/19 12:37
android-49 INFO: task hung in grab_super 1 1940d 1940d 0/3 auto-closed as invalid on 2019/02/22 13:19
upstream INFO: task hung in grab_super udf C 209 317d 1966d 0/25 closed as dup on 2018/07/18 11:42
linux-4.19 INFO: task hung in grab_super vfs udf C error 249 299d 1692d 0/1 upstream: reported C repro on 2019/04/18 03:33
upstream INFO: task hung in grab_super (2) fs 1 181d 181d 0/25 auto-obsoleted due to no activity on 2023/09/05 02:19
android-49 INFO: task hung in grab_super (2) 1 1568d 1567d 0/3 auto-closed as invalid on 2019/12/19 00:51

Sample crash report:
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
INFO: task syz-executor.4:26839 blocked for more than 140 seconds.
      Not tainted 4.14.133+ #17
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.4  D28616 26839  16347 0x00000004
Call Trace:
 schedule+0x92/0x1c0 /kernel/sched/core.c:3498
 __rwsem_down_write_failed_common /kernel/locking/rwsem-xadd.c:588 [inline]
 rwsem_down_write_failed+0x3ee/0x7c0 /kernel/locking/rwsem-xadd.c:617
 call_rwsem_down_write_failed+0x13/0x20 /arch/x86/lib/rwsem.S:105
 __down_write /./arch/x86/include/asm/rwsem.h:126 [inline]
 down_write+0x4f/0x90 /kernel/locking/rwsem.c:56
 grab_super+0x55/0x150 /fs/super.c:373
 sget_userns+0x2c5/0xc60 /fs/super.c:504
 sget+0xd1/0x110 /fs/super.c:572
 mount_bdev+0xcd/0x360 /fs/super.c:1122
 mount_fs+0x277/0x312 /fs/super.c:1255
 vfs_kern_mount.part.0+0xc7/0x4a0 /fs/namespace.c:1056
 vfs_kern_mount /fs/namespace.c:1038 [inline]
 do_new_mount /fs/namespace.c:2573 [inline]
 do_mount+0x3f6/0x26a0 /fs/namespace.c:2903
 SYSC_mount /fs/namespace.c:3119 [inline]
 SyS_mount+0xa8/0x120 /fs/namespace.c:3096
 do_syscall_64+0x19b/0x520 /arch/x86/entry/common.c:292

Showing all locks held in the system:
1 lock held by khungtaskd/23:
 #0:  (tasklist_lock){.+.?}, at: [<00000000fb7658da>] debug_show_all_locks+0x7c/0x21a /kernel/locking/lockdep.c:4541
2 locks held by getty/1755:
 #0:  (&tty->ldisc_sem){++++}, at: [<0000000015020729>] tty_ldisc_ref_wait+0x22/0x80 /drivers/tty/tty_ldisc.c:284
 #1:  (&ldata->atomic_read_lock){+.+.}, at: [<0000000095bb5929>] n_tty_read+0x1f7/0x1700 /drivers/tty/n_tty.c:2156
2 locks held by syz-executor.4/26839:
 #0:  (&bdev->bd_fsfreeze_mutex){+.+.}, at: [<00000000e989afd8>] mount_bdev+0x71/0x360 /fs/super.c:1116
 #1:  (&type->s_umount_key#34){++++}, at: [<000000001e168c27>] grab_super+0x55/0x150 /fs/super.c:373

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 23 Comm: khungtaskd Not tainted 4.14.133+ #17
Call Trace:
 __dump_stack /lib/dump_stack.c:17 [inline]
 dump_stack+0xca/0x134 /lib/dump_stack.c:53
 nmi_cpu_backtrace.cold+0x47/0x86 /lib/nmi_backtrace.c:101
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 1625 Comm: rs:main Q:Reg Not tainted 4.14.133+ #17
task: 00000000767cf26c task.stack: 00000000e0098fd6
RIP: 0010:submit_bh_wbc.isra.0+0x1c6/0x600 /fs/buffer.c:3134
RSP: 0018:ffff8881d443f878 EFLAGS: 00000246
RAX: ffff8881d9eb85c0 RBX: ffff8881d5758c78 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 1ffff1103b3d70d4 RDI: ffff8881d9eb86a0
RBP: ffff888168634d00 R08: ffffffffa2dfc312 R09: ffffed102d0c69ac
R10: ffffed102d0c69ab R11: ffff888168634d5f R12: 0000000000000800
R13: 0000000000000001 R14: 0000000000000000 R15: ffff8881d5758c98
FS:  00007f4d0f62a700(0000) GS:ffff8881dba00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c83d000 CR3: 00000001d612c005 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 submit_bh /fs/buffer.c:3158 [inline]
 __sync_dirty_buffer+0xda/0x1e0 /fs/buffer.c:3244
 ext4_write_inode+0x3bd/0x450 /fs/ext4/inode.c:5303
 write_inode /fs/fs-writeback.c:1218 [inline]
 __writeback_single_inode+0x87c/0x10a0 /fs/fs-writeback.c:1417
 writeback_single_inode+0x1ff/0x370 /fs/fs-writeback.c:1471
 sync_inode /fs/fs-writeback.c:2499 [inline]
 sync_inode_metadata+0xb8/0xf0 /fs/fs-writeback.c:2519
 __generic_file_fsync+0x121/0x190 /fs/libfs.c:988
 ext4_sync_file+0x3ac/0x1250 /fs/ext4/fsync.c:120
 vfs_fsync_range+0x106/0x260 /fs/sync.c:196
 generic_write_sync /./include/linux/fs.h:2697 [inline]
 ext4_file_write_iter+0x83c/0xd60 /fs/ext4/file.c:275
 call_write_iter /./include/linux/fs.h:1788 [inline]
 new_sync_write /fs/read_write.c:471 [inline]
 __vfs_write+0x401/0x5a0 /fs/read_write.c:484
 vfs_write+0x17f/0x4d0 /fs/read_write.c:546
 SYSC_write /fs/read_write.c:594 [inline]
 SyS_write+0x102/0x250 /fs/read_write.c:586
 do_syscall_64+0x19b/0x520 /arch/x86/entry/common.c:292
Code: 03 80 3c 01 00 0f 85 1e 04 00 00 48 b9 00 00 00 00 00 fc ff df 48 8b 43 30 48 8d b8 e0 00 00 00 48 89 fe 48 c1 ee 03 80 3c 0e 00 <0f> 85 c2 03 00 00 48 8b 80 e0 00 00 00 48 39 c2 74 66 e8 73 11

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/07/18 12:55 android-4.14 269f182fac0b 7bb222f7 .config console log report ci-android-414-kasan-gce-root
2019/06/26 18:07 android-4.14 93c338c2e7ba 7509bf36 .config console log report ci-android-414-kasan-gce-root
* Struck through repros no longer work on HEAD.