syzbot


INFO: task hung in write_cache_pages

Status: closed as dup on 2017/12/12 16:30
Reported-by: syzbot+476e4a33b7cd414ba53c50de78387d312de05502@syzkaller.appspotmail.com
First crash: 1887d, last: 1507d
Duplicate of (1):
Title Repro Cause bisect Fix bisect Count Last Reported
INFO: task hung in lo_ioctl 47 1761d 1878d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-44 INFO: task hung in write_cache_pages 10 1740d 1795d 0/2 auto-closed as invalid on 2019/02/22 13:49
android-49 INFO: task hung in write_cache_pages syz 17 1747d 1388d 0/3 public: reported syz repro on 2019/04/14 09:28

Sample crash report:
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
INFO: task kworker/u4:2:32 blocked for more than 140 seconds.
b_state=0x00000029, b_size=512
      Not tainted 4.20.0-rc6+ #374
device loop0 blocksize: 4096
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
kworker/u4:2    D13960    32      2 0x80000000
Workqueue: writeback wb_workfn (flush-7:0)
b_state=0x00000029, b_size=512
Call Trace:
device loop0 blocksize: 4096
 context_switch kernel/sched/core.c:2831 [inline]
 __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
 schedule+0xfe/0x460 kernel/sched/core.c:3516
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
 io_schedule+0x1c/0x70 kernel/sched/core.c:5137
b_state=0x00000029, b_size=512
 wait_on_page_bit_common+0x75b/0x13d0 mm/filemap.c:1088
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
 __lock_page+0x112/0x170 mm/filemap.c:1267
 lock_page include/linux/pagemap.h:483 [inline]
 write_cache_pages+0xe60/0x1e20 mm/page-writeback.c:2197
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
 mpage_writepages+0x14c/0x320 fs/mpage.c:730
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
 fat_writepages+0x24/0x30 fs/fat/inode.c:198
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
 do_writepages+0x9a/0x1a0 mm/page-writeback.c:2328
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
 __writeback_single_inode+0x20a/0x1660 fs/fs-writeback.c:1316
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
 writeback_sb_inodes+0x71f/0x1210 fs/fs-writeback.c:1580
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
 __writeback_inodes_wb+0x1b9/0x340 fs/fs-writeback.c:1649
 wb_writeback+0xa73/0xfc0 fs/fs-writeback.c:1758
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
 wb_check_background_flush fs/fs-writeback.c:1826 [inline]
 wb_do_writeback fs/fs-writeback.c:1914 [inline]
 wb_workfn+0xd65/0x1790 fs/fs-writeback.c:1942
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
 process_one_work+0xc90/0x1c40 kernel/workqueue.c:2153
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
 worker_thread+0x17f/0x1390 kernel/workqueue.c:2296
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
 kthread+0x35a/0x440 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
INFO: task syz-executor0:6277 blocked for more than 140 seconds.
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
      Not tainted 4.20.0-rc6+ #374
__find_get_block_slow() failed. block=1, b_blocknr=8
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0   D23848  6277   5992 0x80000004
Call Trace:
 context_switch kernel/sched/core.c:2831 [inline]
 __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
 schedule+0xfe/0x460 kernel/sched/core.c:3516
b_state=0x00000029, b_size=512
 __rwsem_down_write_failed_common+0xc9a/0x15e0 kernel/locking/rwsem-xadd.c:577
device loop0 blocksize: 4096
 rwsem_down_write_failed+0xe/0x10 kernel/locking/rwsem-xadd.c:606
__find_get_block_slow() failed. block=1, b_blocknr=8
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0xa5/0x130 kernel/locking/rwsem.c:72
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
 inode_lock include/linux/fs.h:757 [inline]
 generic_file_write_iter+0xe4/0x6b0 mm/filemap.c:3290
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
 call_write_iter include/linux/fs.h:1857 [inline]
 new_sync_write fs/read_write.c:474 [inline]
 __vfs_write+0x6b8/0x9f0 fs/read_write.c:487
 __kernel_write+0x10c/0x370 fs/read_write.c:506
 write_pipe_buf+0x180/0x240 fs/splice.c:797
 splice_from_pipe_feed fs/splice.c:503 [inline]
 __splice_from_pipe+0x38b/0x7c0 fs/splice.c:627
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
 splice_from_pipe+0x1ec/0x340 fs/splice.c:662
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
 default_file_splice_write+0x3c/0x90 fs/splice.c:809
 do_splice_from fs/splice.c:851 [inline]
 direct_splice_actor+0x128/0x190 fs/splice.c:1023
device loop0 blocksize: 4096
 splice_direct_to_actor+0x3ad/0x9d0 fs/splice.c:978
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
 do_splice_direct+0x2d4/0x420 fs/splice.c:1066
device loop0 blocksize: 4096
 do_sendfile+0x62a/0xe20 fs/read_write.c:1439
__find_get_block_slow() failed. block=1, b_blocknr=8
 __do_sys_sendfile64 fs/read_write.c:1494 [inline]
 __se_sys_sendfile64 fs/read_write.c:1486 [inline]
 __x64_sys_sendfile64+0x15d/0x250 fs/read_write.c:1486
b_state=0x00000029, b_size=512
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
device loop0 blocksize: 4096
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457669
Code: Bad RIP value.
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
RSP: 002b:00007f4944dd1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
b_state=0x00000029, b_size=512
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457669
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000004
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
RBP: 000000000072c180 R08: 0000000000000000 R09: 0000000000000000
__find_get_block_slow() failed. block=1, b_blocknr=8
R10: 00008080fffffffe R11: 0000000000000246 R12: 00007f4944dd26d4
b_state=0x00000029, b_size=512
R13: 00000000004c3e0b R14: 00000000004d6c20 R15: 00000000ffffffff
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
INFO: task syz-executor0:6282 blocked for more than 140 seconds.
b_state=0x00000029, b_size=512
      Not tainted 4.20.0-rc6+ #374
device loop0 blocksize: 4096
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
__find_get_block_slow() failed. block=1, b_blocknr=8
syz-executor0   D24648  6282   5992 0x00000004
b_state=0x00000029, b_size=512
Call Trace:
 context_switch kernel/sched/core.c:2831 [inline]
 __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
 schedule+0xfe/0x460 kernel/sched/core.c:3516
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
 __rwsem_down_write_failed_common+0xc9a/0x15e0 kernel/locking/rwsem-xadd.c:577
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
 rwsem_down_write_failed+0xe/0x10 kernel/locking/rwsem-xadd.c:606
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0xa5/0x130 kernel/locking/rwsem.c:72
 inode_lock include/linux/fs.h:757 [inline]
 do_last fs/namei.c:3321 [inline]
 path_openat+0x15c4/0x5150 fs/namei.c:3534
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
 do_filp_open+0x255/0x380 fs/namei.c:3564
 do_sys_open+0x568/0x700 fs/open.c:1063
b_state=0x00000029, b_size=512
 ksys_open include/linux/syscalls.h:1279 [inline]
 __do_sys_creat fs/open.c:1121 [inline]
 __se_sys_creat fs/open.c:1119 [inline]
 __x64_sys_creat+0x61/0x80 fs/open.c:1119
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
device loop0 blocksize: 4096
__find_get_block_slow() failed. block=1, b_blocknr=8
b_state=0x00000029, b_size=512
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
device loop0 blocksize: 4096
RIP: 0033:0x457669
Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f4944d8fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
__find_get_block_slow() failed. block=1, b_blocknr=8
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000457669
RDX: 0000000000000000 RSI: 0000000000000041 RDI: 0000000020000400
RBP: 000000000072c2c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4944d906d4
b_state=0x00000029, b_size=512
R13: 00000000004bdd13 R14: 00000000004cd7b8 R15: 00000000ffffffff

Showing all locks held in the system:
3 locks held by kworker/u4:2/32:
 #0: 00000000767f1282 ((wq_completion)"writeback"){+.+.}, at: __write_once_size include/linux/compiler.h:209 [inline]
 #0: 00000000767f1282 ((wq_completion)"writeback"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: 00000000767f1282 ((wq_completion)"writeback"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline]
 #0: 00000000767f1282 ((wq_completion)"writeback"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline]
 #0: 00000000767f1282 ((wq_completion)"writeback"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: 00000000767f1282 ((wq_completion)"writeback"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: 00000000767f1282 ((wq_completion)"writeback"){+.+.}, at: process_one_work+0xb43/0x1c40 kernel/workqueue.c:2124
device loop0 blocksize: 4096
 #1: 000000009f05f2f7 ((work_completion)(&(&wb->dwork)->work)){+.+.}, at: process_one_work+0xb9a/0x1c40 kernel/workqueue.c:2128
__find_get_block_slow() failed. block=1, b_blocknr=8
 #2: 00000000d6d4ddaa (&type->s_umount_key#75){++++}, at: trylock_super+0x22/0x110 fs/super.c:412
1 lock held by khungtaskd/1019:
 #0: 00000000e73990c3 (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424 kernel/locking/lockdep.c:4379
1 lock held by rsyslogd/5862:
b_state=0x00000029, b_size=512
2 locks held by getty/5952:
 #0: 000000001cad3760 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
 #1: 000000005fd7b0c8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
device loop0 blocksize: 4096
2 locks held by getty/5953:
 #0: 000000004ac34466 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
 #1: 00000000707dd2fa (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
__find_get_block_slow() failed. block=1, b_blocknr=8
2 locks held by getty/5954:
 #0: 000000004a728cc5 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
 #1: 0000000094234402 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/5955:
 #0: 0000000054ada829 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
 #1: 00000000b6cbe01d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/5956:
 #0: 00000000e960b42e (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
 #1: 00000000500d303d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/5957:
 #0: 000000000cbc07e7 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
 #1: 00000000991893ef (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/5958:
b_state=0x00000029, b_size=512
 #0: 000000004ea8e12c (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
device loop0 blocksize: 4096
 #1: 000000003b8cc258 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
5 locks held by syz-executor0/6228:
2 locks held by syz-executor0/6243:
2 locks held by syz-executor0/6277:
 #0: 00000000f6beaf57 (sb_writers#19){.+.+}, at: file_start_write include/linux/fs.h:2810 [inline]
 #0: 00000000f6beaf57 (sb_writers#19){.+.+}, at: do_sendfile+0xac0/0xe20 fs/read_write.c:1438
 #1: 0000000004a073d5 (&sb->s_type->i_mutex_key#27){++++}, at: inode_lock include/linux/fs.h:757 [inline]
 #1: 0000000004a073d5 (&sb->s_type->i_mutex_key#27){++++}, at: generic_file_write_iter+0xe4/0x6b0 mm/filemap.c:3290
__find_get_block_slow() failed. block=1, b_blocknr=8
1 lock held by syz-executor0/6282:
 #0: 000000000527c03d (&sb->s_type->i_mutex_key#27){++++}, at: inode_lock include/linux/fs.h:757 [inline]
 #0: 000000000527c03d (&sb->s_type->i_mutex_key#27){++++}, at: do_last fs/namei.c:3321 [inline]
 #0: 000000000527c03d (&sb->s_type->i_mutex_key#27){++++}, at: path_openat+0x15c4/0x5150 fs/namei.c:3534

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1019 Comm: khungtaskd Not tainted 4.20.0-rc6+ #374
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x244/0x39d lib/dump_stack.c:113
b_state=0x00000029, b_size=512
 nmi_cpu_backtrace.cold.2+0x5c/0xa1 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1e8/0x22a lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline]
 watchdog+0xb51/0x1060 kernel/hung_task.c:289
 kthread+0x35a/0x440 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 6228 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #374
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.846 msecs
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:lock_is_held_type+0xef/0x210 kernel/locking/lockdep.c:3881
Code: 1f 44 00 00 65 4c 8b 24 25 40 ee 01 00 49 8d bc 24 7c 08 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 <48> 89 fa 83 e2 07 83 c2 03 38 c2 7c 08 84 c0 0f 85 cb 00 00 00 41
RSP: 0018:ffff8881dae07010 EFLAGS: 00000803
RAX: 0000000000000000 RBX: 0000000000000086 RCX: 0000000000000000
RDX: 1ffff1102f66e197 RSI: 00000000ffffffff RDI: ffff88817b370cbc
RBP: ffff8881dae07030 R08: ffff88817b370440 R09: ffffed103b5c5b5f
R10: ffffed103b5c5b5f R11: ffff8881dae2dafb R12: ffff88817b370440
R13: ffffffff8959bec0 R14: ffff8881dae25dc0 R15: dffffc0000000000
FS:  00007f4944e56700(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000045763f CR3: 000000017ef7b000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 lock_is_held include/linux/lockdep.h:339 [inline]
 rcu_read_lock_sched_held+0x14f/0x180 kernel/rcu/update.c:117
 trace_hrtimer_expire_entry include/trace/events/timer.h:228 [inline]
 __run_hrtimer kernel/time/hrtimer.c:1397 [inline]
 __hrtimer_run_queues+0xde7/0x10d0 kernel/time/hrtimer.c:1460
 hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1518
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1034 [inline]
 smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1059
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:761 [inline]
RIP: 0010:load_balance+0x1d01/0x39a0 kernel/sched/fair.c:8748
Code: 89 49 8b 86 20 fd ff ff 48 c1 ea 03 42 80 3c 2a 00 0f 85 4a 15 00 00 48 83 3d 0a 27 f6 07 00 0f 84 c8 00 00 00 48 89 c7 57 9d <0f> 1f 44 00 00 e9 72 f8 ff ff 48 8b 85 d0 fc ff ff be ff ff ff ff
RSP: 0018:ffff8881dae075b0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000286 RBX: ffff8881dae2cc80 RCX: 1ffff1102f66e1b0
RDX: 1ffffffff12a401e RSI: ffff88817b370d88 RDI: 0000000000000286
RBP: ffff8881dae079a8 R08: ffff88817b370d80 R09: 0000000000000002
R10: 0000000000000000 R11: ffff88817b370440 R12: ffff8881dae07720
R13: dffffc0000000000 R14: ffff8881dae07980 R15: ffff8881c39ce240
 rebalance_domains+0x845/0xdc0 kernel/sched/fair.c:9109
 run_rebalance_domains+0x38d/0x500 kernel/sched/fair.c:9731
 __do_softirq+0x308/0xb7e kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x17f/0x1c0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x1cb/0x760 arch/x86/kernel/apic/apic.c:1061
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:761 [inline]
RIP: 0010:console_trylock_spinning kernel/printk/printk.c:1688 [inline]
RIP: 0010:vprintk_emit+0x87d/0x990 kernel/printk/printk.c:1921
Code: 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 de 00 00 00 48 83 3d 33 44 ec 07 00 74 34 e8 ac c7 19 00 48 8b bd 90 fe ff ff 57 9d <0f> 1f 44 00 00 e9 aa fe ff ff e8 94 c7 19 00 0f 0b e8 8d c7 19 00
RSP: 0018:ffff888180516730 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000040000 RBX: 1ffff110300a2cec RCX: ffffc90005dd6000
RDX: 0000000000040000 RSI: ffffffff8165bcc4 RDI: 0000000000000246
RBP: ffff8881805168a8 R08: ffff88817b370d80 R09: 0000000000000006
R10: 0000000000000000 R11: ffff88817b370440 R12: 0000000000000200
R13: 0000000000000000 R14: ffffed10300a2d00 R15: ffff888180516880
 vprintk_default+0x28/0x30 kernel/printk/printk.c:1964
 vprintk_func+0x7e/0x181 kernel/printk/printk_safe.c:398
 printk+0xa7/0xcf kernel/printk/printk.c:1997
 __find_get_block_slow fs/buffer.c:235 [inline]
 __find_get_block.cold.57+0x85/0xff fs/buffer.c:1294
 __getblk_slow fs/buffer.c:1039 [inline]
 __getblk_gfp+0x2b3/0xd50 fs/buffer.c:1320
 __bread_gfp+0x2d/0x310 fs/buffer.c:1354
 sb_bread include/linux/buffer_head.h:307 [inline]
 fat_ent_bread+0x173/0x290 fs/fat/fatent.c:107
 fat_ent_read_block fs/fat/fatent.c:442 [inline]
 fat_alloc_clusters+0x8db/0x16f0 fs/fat/fatent.c:490
 fat_add_cluster+0x84/0x160 fs/fat/inode.c:101
 __fat_get_block fs/fat/inode.c:148 [inline]
 fat_get_block+0x385/0xb30 fs/fat/inode.c:183
 __block_write_begin_int+0x5ef/0x1d90 fs/buffer.c:1966
 __block_write_begin fs/buffer.c:2016 [inline]
 block_write_begin+0xda/0x370 fs/buffer.c:2075
 cont_wr
Lost 47 message(s)!

Crashes (65):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kasan-gce-root 2018/12/16 07:53 upstream 6531e115b7ab def91db3 .config console log report
ci-upstream-kasan-gce 2018/04/09 04:53 upstream 3fd14cdcc05a 77bd5117 .config console log report
ci-upstream-kasan-gce 2018/04/06 20:41 upstream 38c23685b273 4f1152d4 .config console log report
ci-upstream-kasan-gce 2018/04/06 13:06 upstream 38c23685b273 4f1152d4 .config console log report
ci-upstream-kasan-gce 2018/04/05 03:32 upstream 3e968c9f1401 676bd07e .config console log report
ci-upstream-kasan-gce 2018/04/04 21:19 upstream 17dec0a94915 676bd07e .config console log report
ci-upstream-kasan-gce-root 2018/04/04 17:07 upstream 17dec0a94915 676bd07e .config console log report
ci-upstream-kasan-gce-root 2018/04/04 14:08 upstream 17dec0a94915 676bd07e .config console log report
ci-upstream-kasan-gce-root 2018/04/04 08:54 upstream f2d285669aae 676bd07e .config console log report
ci-upstream-kasan-gce 2018/04/04 05:12 upstream f2d285669aae 676bd07e .config console log report
ci-upstream-kasan-gce 2018/04/03 22:07 upstream f2d285669aae 676bd07e .config console log report
ci-upstream-kasan-gce 2018/04/03 01:31 upstream 86bbbebac193 676bd07e .config console log report
ci-upstream-kasan-gce 2018/04/02 23:03 upstream 86bbbebac193 676bd07e .config console log report
ci-upstream-kasan-gce 2018/04/02 10:53 upstream 0adb32858b0b dc889257 .config console log report
ci-upstream-kasan-gce 2018/04/02 09:15 upstream 0adb32858b0b dc889257 .config console log report
ci-upstream-kasan-gce 2018/04/01 20:48 upstream 10b84daddbec dc889257 .config console log report
ci-upstream-kasan-gce 2018/04/01 07:43 upstream 10b84daddbec 0174c6c8 .config console log report
ci-upstream-kasan-gce 2018/04/01 05:59 upstream 10b84daddbec 0174c6c8 .config console log report
ci-upstream-kasan-gce 2018/03/30 16:21 upstream c2a9838452a4 d47f0ed6 .config console log report
ci-upstream-kasan-gce 2018/03/30 15:39 upstream c2a9838452a4 d47f0ed6 .config console log report
ci-upstream-kasan-gce 2018/03/30 15:30 upstream c2a9838452a4 d47f0ed6 .config console log report
ci-upstream-kasan-gce 2018/03/30 13:20 upstream c2a9838452a4 d47f0ed6 .config console log report
ci-upstream-kasan-gce-root 2018/03/29 23:06 upstream 0b412605ef5f d47f0ed6 .config console log report
ci-upstream-kasan-gce 2018/03/15 10:18 upstream 0aa3fdb8b3a6 08dacaa0 .config console log report
ci-upstream-kasan-gce 2018/03/03 03:10 upstream 0573fed92b67 2c6f473e .config console log report
ci-upstream-kasan-gce 2018/02/26 00:38 upstream 3664ce2d9309 9fe8aa42 .config console log report
ci-upstream-kasan-gce 2018/02/09 17:36 upstream f1517df8701c 9fb5ec43 .config console log report
ci-upstream-kasan-gce 2018/02/05 01:27 upstream 35277995e179 a1bc9d40 .config console log report
ci-upstream-kasan-gce 2018/02/04 04:17 upstream 23c35f48f5fb 632a8c2c .config console log report
ci-upstream-kasan-gce 2018/01/29 18:49 upstream d8a5b80568a9 08d47756 .config console log report
ci-upstream-kasan-gce 2018/01/25 01:39 upstream 5132ede0fe80 866f1102 .config console log report
ci-upstream-kasan-gce-386 2018/04/10 19:22 upstream f2d285669aae 8b8de427 .config console log report
ci-upstream-kasan-gce-386 2018/04/09 19:23 upstream f2d285669aae f13fb445 .config console log report
ci-upstream-kasan-gce-386 2018/04/09 16:08 upstream f2d285669aae f13fb445 .config console log report
ci-upstream-kasan-gce-386 2018/04/07 03:59 upstream f2d285669aae d613535f .config console log report
ci-upstream-kasan-gce-386 2018/04/07 02:54 upstream f2d285669aae d613535f .config console log report
ci-upstream-kasan-gce-386 2018/04/01 07:40 upstream 10b84daddbec 0174c6c8 .config console log report
ci-upstream-kasan-gce-386 2018/03/30 12:34 upstream c2a9838452a4 d47f0ed6 .config console log report
ci-upstream-kasan-gce-386 2018/03/19 06:38 upstream 9e1909b9da04 08dacaa0 .config console log report
ci-upstream-kasan-gce-386 2018/03/05 12:57 upstream 661e50bc8532 bbd5104f .config console log report
ci-upstream-kasan-gce-386 2018/01/20 17:46 upstream 8dd903d2cf7b fbbdcd92 .config console log report
ci-upstream-kasan-gce-386 2018/01/15 00:26 upstream 9443c168505d 66d492a6 .config console log report
ci-upstream-mmots-kasan-gce 2018/01/20 19:20 mmots 2734fabdcba4 fbbdcd92 .config console log report
ci-upstream-next-kasan-gce 2018/01/01 17:41 linux-next 0e08c463db38 00193447 .config console log report
* Struck through repros no longer work on HEAD.