syzbot

 sign-in | mailing list | source | docs
🐞 Open [106]
🐞 Fixed [1]
🐞 Invalid [166]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: task hung in ext4_ioctl

Status: auto-closed as invalid on 2019/03/06 02:51
First crash: 2267d, last: 2267d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in ext4_ioctl ext4 1 171d 171d 0/28 auto-obsoleted due to no activity on 2024/08/02 09:16

Sample crash report:
audit: type=1400 audit(2000000318.031:48477): avc:  denied  { map } for  pid=6916 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
INFO: task syz-executor2:6872 blocked for more than 140 seconds.
      Not tainted 4.14.68+ #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor2   D28904  6872   2095 0x00000004
Call Trace:
 schedule+0x7f/0x1b0 kernel/sched/core.c:3490
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:565 [inline]
 rwsem_down_write_failed+0x390/0x730 kernel/locking/rwsem-xadd.c:594
 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:105
 __down_write arch/x86/include/asm/rwsem.h:126 [inline]
 down_write+0x4f/0x90 kernel/locking/rwsem.c:56
 inode_lock include/linux/fs.h:713 [inline]
 ext4_ioctl+0x106d/0x35e0 fs/ext4/ioctl.c:635
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x1a0/0x1030 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7e/0xb0 fs/ioctl.c:692
 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457099
RSP: 002b:00007f8a6af72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f8a6af736d4 RCX: 0000000000457099
RDX: 0000000020000080 RSI: 0000000040086602 RDI: 0000000000000003
RBP: 0000000000930280 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004cec98 R14: 00000000004c50de R15: 0000000000000003
INFO: task syz-executor2:6875 blocked for more than 140 seconds.
      Not tainted 4.14.68+ #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor2   D28248  6875   2095 0x00000004
Call Trace:
 schedule+0x7f/0x1b0 kernel/sched/core.c:3490
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:565 [inline]
 rwsem_down_write_failed+0x390/0x730 kernel/locking/rwsem-xadd.c:594
 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:105
 __down_write arch/x86/include/asm/rwsem.h:126 [inline]
 down_write+0x4f/0x90 kernel/locking/rwsem.c:56
 inode_lock include/linux/fs.h:713 [inline]
 ext4_punch_hole+0x125/0xfb0 fs/ext4/inode.c:4223
 ext4_fallocate+0x347/0x1c80 fs/ext4/extents.c:4942
 vfs_fallocate+0x346/0x700 fs/open.c:328
 SYSC_fallocate fs/open.c:351 [inline]
 SyS_fallocate+0x4b/0x80 fs/open.c:345
 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457099
RSP: 002b:00007f8a6af30c78 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f8a6af316d4 RCX: 0000000000457099
RDX: 000000000000e0ff RSI: 0000000000000003 RDI: 0000000000000003
RBP: 00000000009303c0 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000fff9 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004cbf08 R14: 00000000004c35e9 R15: 0000000000000005

Showing all locks held in the system:
1 lock held by khungtaskd/23:
 #0:  (tasklist_lock){.+.+}, at: [<ffffffff8ca019d7>] debug_show_all_locks+0x74/0x20f kernel/locking/lockdep.c:4541
2 locks held by getty/2004:
 #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff8d51c980>] tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275
 #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8d517eff>] n_tty_read+0x1ff/0x15e0 drivers/tty/n_tty.c:2142
3 locks held by syz-executor2/6870:
 #0:  (sb_writers#4){.+.+}, at: [<ffffffff8cdc4f8a>] sb_start_write include/linux/fs.h:1543 [inline]
 #0:  (sb_writers#4){.+.+}, at: [<ffffffff8cdc4f8a>] mnt_want_write+0x3a/0xa0 fs/namespace.c:387
 #1:  (&sb->s_type->i_mutex_key#10){++++}, at: [<ffffffff8cd5041d>] inode_lock include/linux/fs.h:713 [inline]
 #1:  (&sb->s_type->i_mutex_key#10){++++}, at: [<ffffffff8cd5041d>] do_truncate2+0xfd/0x1c0 fs/open.c:61
 #2:  (&ei->i_mmap_sem){++++}, at: [<ffffffff8cf5e3ec>] ext4_setattr+0x151c/0x2280 fs/ext4/inode.c:5511
2 locks held by syz-executor2/6872:
 #0:  (sb_writers#4){.+.+}, at: [<ffffffff8cdc518a>] sb_start_write include/linux/fs.h:1543 [inline]
 #0:  (sb_writers#4){.+.+}, at: [<ffffffff8cdc518a>] mnt_want_write_file+0xfa/0x300 fs/namespace.c:498
 #1:  (&sb->s_type->i_mutex_key#10){++++}, at: [<ffffffff8cf6332d>] inode_lock include/linux/fs.h:713 [inline]
 #1:  (&sb->s_type->i_mutex_key#10){++++}, at: [<ffffffff8cf6332d>] ext4_ioctl+0x106d/0x35e0 fs/ext4/ioctl.c:635
2 locks held by syz-executor2/6875:
 #0:  (sb_writers#4){.+.+}, at: [<ffffffff8cd4e4ed>] file_start_write include/linux/fs.h:2722 [inline]
 #0:  (sb_writers#4){.+.+}, at: [<ffffffff8cd4e4ed>] vfs_fallocate+0x4dd/0x700 fs/open.c:327
 #1:  (&sb->s_type->i_mutex_key#10){++++}, at: [<ffffffff8cf522a5>] inode_lock include/linux/fs.h:713 [inline]
 #1:  (&sb->s_type->i_mutex_key#10){++++}, at: [<ffffffff8cf522a5>] ext4_punch_hole+0x125/0xfb0 fs/ext4/inode.c:4223

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.68+ #4
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xb9/0x11b lib/dump_stack.c:53
 nmi_cpu_backtrace.cold.0+0x47/0x85 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x121/0x146 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
 watchdog+0x574/0xa70 kernel/hung_task.c:252
 kthread+0x348/0x420 kernel/kthread.c:232
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 6799 Comm: syz-executor6 Not tainted 4.14.68+ #4
task: ffff88019ff00000 task.stack: ffff880187968000
RIP: 0033:0x4023c4
RSP: 002b:00007f51f3ac8690 EFLAGS: 00000202
RAX: 000000006fd21e61 RBX: 0000000000000007 RCX: 0000000000457099
RDX: 0000000000000000 RSI: 00007f51f3ac86c0 RDI: 0000000000000007
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d7008 R14: 00000000004ca112 R15: 0000000000000000
FS:  00007f51f3ac9700(0000) GS:ffff8801dbb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000727ea0 CR3: 0000000170bce003 CR4: 00000000001606a0

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/09/07 02:47 android-4.14 b859aa7d7a0c e30d3b52 .config console log report ci-android-414-kasan-gce-root
* Struck through repros no longer work on HEAD.