syzbot


INFO: task hung in blkdev_put (2)

Status: auto-closed as invalid on 2020/03/14 12:22
Reported-by: syzbot+1e955704c9b10909e295@syzkaller.appspotmail.com
First crash: 1614d, last: 1595d
Similar bugs (14)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in blkdev_put (3) fs 1 1432d 1432d 0/26 auto-closed as invalid on 2020/06/25 13:28
linux-4.19 INFO: task hung in blkdev_put C error 31 579d 1343d 0/1 upstream: reported C repro on 2020/07/23 21:33
upstream INFO: task hung in blkdev_put udf 320 1873d 2300d 0/26 closed as dup on 2018/11/11 08:29
linux-4.14 INFO: task hung in blkdev_put 2 1657d 1806d 0/1 auto-closed as invalid on 2020/01/12 01:56
linux-5.15 INFO: task hung in blkdev_put origin:upstream C error 4 3d10h 279d 0/3 upstream: reported C repro on 2023/06/23 01:15
linux-4.14 INFO: task hung in blkdev_put (3) C error 16 527d 1305d 0/1 upstream: reported C repro on 2020/08/30 21:52
upstream INFO: task hung in blkdev_put (4) block C done 486 16d 1272d 0/26 upstream: reported C repro on 2020/10/03 13:09
android-49 INFO: task hung in blkdev_put 220 1793d 1810d 0/3 auto-closed as invalid on 2019/10/25 08:47
linux-4.14 INFO: task hung in blkdev_put (2) 2 1461d 1499d 0/1 auto-closed as invalid on 2020/07/26 14:38
android-414 INFO: task hung in blkdev_put 119 1579d 1811d 0/1 auto-closed as invalid on 2020/03/30 04:06
android-44 INFO: task hung in blkdev_put 26 1879d 1810d 0/2 auto-closed as invalid on 2019/08/03 02:42
android-44 INFO: task hung in blkdev_put (2) 3 1590d 1668d 0/2 auto-closed as invalid on 2020/03/18 19:27
linux-6.1 INFO: task hung in blkdev_put origin:upstream C 68 3d23h 338d 0/3 upstream: reported C repro on 2023/04/25 09:01
upstream INFO: task hung in blkdev_put (2) fs 2 1586d 1632d 0/26 auto-closed as invalid on 2020/02/22 04:07

Sample crash report:
INFO: task syz-executor.5:22961 blocked for more than 140 seconds.
      Not tainted 4.9.194+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5  D26632 22961   2115 0x00000006
 0000000000000087 ffff8801a27e17c0 0000000000000000 ffff8801db621000
 ffffffff83031180 ffff8801db621018 ffff8801ac3f7958 ffffffff8281af8e
 ffff8801a27e17c0 ffff8801ac3f78d0 00ffffff81bcd65c ffff8801db6218f0
Call Trace:
 [<0000000045fca52d>] schedule+0x92/0x1c0 kernel/sched/core.c:3546
 [<0000000074c82546>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3579
 [<0000000061fafdb8>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
 [<0000000061fafdb8>] mutex_lock_nested+0x38d/0x920 kernel/locking/mutex.c:621
 [<00000000e62d1293>] blkdev_put+0x2b/0x560 fs/block_dev.c:1629
 [<00000000fe9517f5>] blkdev_close+0x8b/0xb0 fs/block_dev.c:1678
 [<0000000059629bdc>] __fput+0x274/0x720 fs/file_table.c:208
 [<000000005468643f>] ____fput+0x16/0x20 fs/file_table.c:244
 [<000000003be114e0>] task_work_run+0x108/0x180 kernel/task_work.c:116
 [<000000000dee4604>] get_signal+0x1836/0x1cb0 kernel/signal.c:2206
 [<000000009f35422d>] do_signal+0x9c/0x1920 arch/x86/kernel/signal.c:812
 [<00000000a1aab763>] exit_to_usermode_loop+0x11c/0x160 arch/x86/entry/common.c:159
 [<000000005c0f7b09>] prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
 [<000000005c0f7b09>] syscall_return_slowpath arch/x86/entry/common.c:266 [inline]
 [<000000005c0f7b09>] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293
 [<000000002e6d5c0a>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

Showing all locks held in the system:
2 locks held by khungtaskd/24:
 #0:  (rcu_read_lock){......}, at: [<00000000f2e73365>] check_hung_uninterruptible_tasks kernel/hung_task.c:169 [inline]
 #0:  (rcu_read_lock){......}, at: [<00000000f2e73365>] watchdog+0x14b/0xaf0 kernel/hung_task.c:263
 #1:  (tasklist_lock){.+.+..}, at: [<000000002c72228b>] debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4336
1 lock held by rsyslogd/1893:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<00000000bb93fdb3>] __fdget_pos+0xa8/0xd0 fs/file.c:782
2 locks held by getty/2021:
 #0:  (&tty->ldisc_sem){++++++}, at: [<0000000036d41d31>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
 #1:  (&ldata->atomic_read_lock){+.+...}, at: [<00000000832b064f>] n_tty_read+0x1fe/0x1820 drivers/tty/n_tty.c:2156
1 lock held by syz-executor.5/22961:
 #0:  (&bdev->bd_mutex){+.+.+.}, at: [<00000000e62d1293>] blkdev_put+0x2b/0x560 fs/block_dev.c:1629
2 locks held by syz-executor.5/22979:
 #0:  (&bdev->bd_mutex){+.+.+.}, at: [<000000008bff7a6a>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273
 #1:  (loop_index_mutex){+.+.+.}, at: [<00000000c06d6ace>] lo_open+0x1d/0xb0 drivers/block/loop.c:1621
2 locks held by syz-executor.2/22969:
 #0:  (loop_index_mutex){+.+.+.}, at: [<000000005a83497e>] loop_control_ioctl+0x7a/0x320 drivers/block/loop.c:1973
 #1:  (&lo->lo_ctl_mutex#2){+.+.+.}, at: [<00000000f9841cda>] loop_control_ioctl+0x17f/0x320 drivers/block/loop.c:1987
2 locks held by syz-executor.2/22987:
 #0:  (&bdev->bd_mutex){+.+.+.}, at: [<0000000041acb8c0>] __blkdev_put+0xbb/0x840 fs/block_dev.c:1587
 #1:  (loop_index_mutex){+.+.+.}, at: [<00000000fc3f6f0a>] lo_release+0x20/0x1b0 drivers/block/loop.c:1663
1 lock held by syz-executor.4/23001:
 #0:  (&bdev->bd_mutex){+.+.+.}, at: [<000000008bff7a6a>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273
1 lock held by blkid/22981:
 #0:  (&bdev->bd_mutex){+.+.+.}, at: [<00000000e62d1293>] blkdev_put+0x2b/0x560 fs/block_dev.c:1629
2 locks held by syz-executor.3/22993:
 #0:  (&lo->lo_ctl_mutex/1){+.+.+.}, at: [<00000000c96860ae>] lo_ioctl+0x8e/0x1b10 drivers/block/loop.c:1404
 #1:  (&bdev->bd_mutex){+.+.+.}, at: [<0000000052d66166>] blkdev_reread_part+0x1f/0x40 block/ioctl.c:189
1 lock held by blkid/22997:
 #0:  (&bdev->bd_mutex){+.+.+.}, at: [<00000000e62d1293>] blkdev_put+0x2b/0x560 fs/block_dev.c:1629
2 locks held by blkid/22998:
 #0:  (&bdev->bd_mutex){+.+.+.}, at: [<000000008bff7a6a>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273
 #1:  (loop_index_mutex){+.+.+.}, at: [<00000000c06d6ace>] lo_open+0x1d/0xb0 drivers/block/loop.c:1621
2 locks held by blkid/23003:
 #0:  (&bdev->bd_mutex){+.+.+.}, at: [<000000008bff7a6a>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273
 #1:  (loop_index_mutex){+.+.+.}, at: [<00000000c06d6ace>] lo_open+0x1d/0xb0 drivers/block/loop.c:1621
1 lock held by syz-executor.1/23014:
 #0:  (&bdev->bd_mutex){+.+.+.}, at: [<000000008bff7a6a>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273
1 lock held by syz-executor.1/23015:
 #0:  (&bdev->bd_mutex){+.+.+.}, at: [<000000008bff7a6a>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.194+ #0
 ffff8801d98d7cc8 ffffffff81b67001 0000000000000001 0000000000000000
 0000000000000001 ffffffff81099d01 dffffc0000000000 ffff8801d98d7d00
 ffffffff81b7229c 0000000000000001 0000000000000000 0000000000000001
Call Trace:
 [<00000000691b1ef2>] __dump_stack lib/dump_stack.c:15 [inline]
 [<00000000691b1ef2>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<00000000ea30ebb6>] nmi_cpu_backtrace.cold+0x47/0x87 lib/nmi_backtrace.c:99
 [<00000000ac1a7dcf>] nmi_trigger_cpumask_backtrace+0x124/0x155 lib/nmi_backtrace.c:60
 [<000000004dcc15cb>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<0000000006b17b37>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<0000000006b17b37>] check_hung_task kernel/hung_task.c:126 [inline]
 [<0000000006b17b37>] check_hung_uninterruptible_tasks kernel/hung_task.c:183 [inline]
 [<0000000006b17b37>] watchdog+0x670/0xaf0 kernel/hung_task.c:263
 [<00000000fc215645>] kthread+0x278/0x310 kernel/kthread.c:211
 [<00000000b93d3b58>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at pc 0xffffffff8282a0e1

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/11/15 12:21 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 79248ee8 .config console log report ci-android-49-kasan-gce-root
2019/11/09 23:14 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 dc438b91 .config console log report ci-android-49-kasan-gce-root
2019/10/27 03:43 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 25bb509e .config console log report ci-android-49-kasan-gce-root
* Struck through repros no longer work on HEAD.