syzbot

 sign-in | mailing list | source | docs
🐞 Open [984] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: task hung in __ia32_sys_io_destroy

Status: auto-closed as invalid on 2019/10/05 10:28
Subsystems: fs
[Documentation on labels]
First crash: 1882d, last: 1838d

Sample crash report:
INFO: task syz-executor.3:15305 blocked for more than 143 seconds.
      Not tainted 5.1.0-rc4+ #57
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D27896 15305   8218 0x20020004
Call Trace:
 context_switch kernel/sched/core.c:2877 [inline]
 __schedule+0x817/0x1cc0 kernel/sched/core.c:3518
 schedule+0x92/0x180 kernel/sched/core.c:3562
 schedule_timeout+0x8ca/0xfd0 kernel/time/timer.c:1779
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common kernel/sched/completion.c:115 [inline]
 wait_for_completion+0x29c/0x440 kernel/sched/completion.c:136
 __do_sys_io_destroy fs/aio.c:1405 [inline]
 __se_sys_io_destroy fs/aio.c:1383 [inline]
 __ia32_sys_io_destroy+0x373/0x420 fs/aio.c:1383
 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline]
 do_fast_syscall_32+0x281/0xc98 arch/x86/entry/common.c:397
 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7f2a869
Code: Bad RIP value.
RSP: 002b:00000000f5d260cc EFLAGS: 00000296 ORIG_RAX: 00000000000000f6
RAX: ffffffffffffffda RBX: 00000000f5d05000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Showing all locks held in the system:
1 lock held by khungtaskd/1038:
 #0: 0000000099f67b8a (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:5061
1 lock held by rsyslogd/8084:
 #0: 000000007117a20c (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:801
2 locks held by getty/8175:
 #0: 00000000d3978d58 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 000000002d05bced (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156
2 locks held by getty/8176:
 #0: 000000008f48983e (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 00000000cadd8e62 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156
2 locks held by getty/8177:
 #0: 000000002aef514a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 000000009b84e305 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156
2 locks held by getty/8178:
 #0: 00000000439b7172 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 00000000b2db2c8b (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156
2 locks held by getty/8179:
 #0: 00000000e921f2ce (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 00000000b972993b (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156
2 locks held by getty/8180:
 #0: 0000000097f7bb15 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 000000009e100cab (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156
2 locks held by getty/8181:
 #0: 00000000ad5fc3bc (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 0000000056212dfd (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156
2 locks held by syz-executor.0/26644:
 #0: 00000000bda4ce89 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 00000000d879f1ad (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1038 Comm: khungtaskd Not tainted 5.1.0-rc4+ #57
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 nmi_cpu_backtrace.cold+0x63/0xa4 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1be/0x236 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline]
 watchdog+0x9b7/0xec0 kernel/hung_task.c:288
 kthread+0x357/0x430 kernel/kthread.c:253
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 1 to CPUs 0:

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/04/08 10:27 upstream fcf88917dd43 c34fde03 .config console log report ci-upstream-kasan-gce-386
2019/04/07 22:04 upstream 3b0468914708 c34fde03 .config console log report ci-upstream-kasan-gce-386
2019/04/07 09:48 upstream faac51ddac45 c34fde03 .config console log report ci-upstream-kasan-gce-386
2019/04/06 20:47 upstream f654f0fc0bd3 c34fde03 .config console log report ci-upstream-kasan-gce-386
2019/04/02 05:27 upstream 5e7a8ca31926 a9ca43d4 .config console log report ci-upstream-kasan-gce-386
2019/03/23 02:49 upstream fd1f297b794c 3361bde5 .config console log report ci-upstream-kasan-gce-386
2019/03/15 22:10 upstream f261c4e529da bab43553 .config console log report ci-upstream-kasan-gce-386
2019/02/22 15:14 upstream 8a61716ff2ab 6a5fcca4 .config console log report ci-upstream-kasan-gce-386
* Struck through repros no longer work on HEAD.