syzbot


INFO: task hung in jbd2_journal_commit_transaction

Status: public: reported C repro on 2019/04/13 00:00
Reported-by: syzbot+2d9fd056695d29a86f66@syzkaller.appspotmail.com
First crash: 2190d, last: 2098d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in jbd2_journal_commit_transaction (2) ext4 1 1113d 1113d 0/26 auto-closed as invalid on 2021/06/09 10:13
android-49 INFO: task hung in jbd2_journal_commit_transaction 5 2006d 2151d 0/3 auto-closed as invalid on 2019/03/29 12:13
linux-6.1 INFO: task hung in jbd2_journal_commit_transaction 1 301d 301d 0/3 auto-obsoleted due to no activity on 2023/09/09 09:50
upstream INFO: task hung in jbd2_journal_commit_transaction (4) ext4 7 245d 393d 0/26 auto-obsoleted due to no activity on 2023/10/25 18:13
upstream INFO: task hung in jbd2_journal_commit_transaction (3) ext4 C error error 24 546d 831d 0/26 auto-obsoleted due to no activity on 2023/01/27 09:20
upstream INFO: task hung in jbd2_journal_commit_transaction ext4 C 52 1993d 2012d 0/26 closed as dup on 2018/10/02 14:53
android-414 INFO: task hung in jbd2_journal_commit_transaction C 31 1997d 1814d 0/1 public: reported C repro on 2019/04/11 00:00

Sample crash report:
binder: 31824:31824 transaction failed 29201/-22, size 0-0 line 3019
binder: 31825:31825 got transaction to invalid handle
binder: 31825:31825 transaction failed 29201/-22, size 0-0 line 3019
binder: 31826:31826 got transaction to invalid handle
binder: 31826:31826 transaction failed 29201/-22, size 0-0 line 3019
INFO: task jbd2/sda1-8:1907 blocked for more than 120 seconds.
      Not tainted 4.4.138-gcf21a9a #64
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
jbd2/sda1-8     D ffff8800b64af590 27104  1907      2 0x00000000
 ffff8800b64af590 0000000000000000 0000000000000000 0000000000000002
 0000000000000000 ffff8801db21fdb8 ffff8801db21fde0 ffff8801db21f4d8
 ffff8801db21f4c0 ffff8801bc586000 ffff8800b64e9800 0000000000000000
Call Trace:
 [<ffffffff838b46ea>] schedule+0x7a/0x1b0 kernel/sched/core.c:3359
 [<ffffffff838bfb01>] schedule_timeout+0x481/0x8b0 kernel/time/timer.c:1515
 [<ffffffff838b25aa>] io_schedule_timeout+0x1ba/0x390 kernel/sched/core.c:4941
 [<ffffffff838b593b>] io_schedule include/linux/sched.h:447 [inline]
 [<ffffffff838b593b>] bit_wait_io+0x1b/0xd0 kernel/sched/wait.c:595
 [<ffffffff838b50cd>] __wait_on_bit+0xbd/0x140 kernel/sched/wait.c:395
 [<ffffffff838b5238>] out_of_line_wait_on_bit+0xe8/0x120 kernel/sched/wait.c:408
 [<ffffffff815c572c>] wait_on_bit_io include/linux/wait.h:1015 [inline]
 [<ffffffff815c572c>] __wait_on_buffer+0x5c/0x70 fs/buffer.c:123
 [<ffffffff81824555>] wait_on_buffer include/linux/buffer_head.h:342 [inline]
 [<ffffffff81824555>] journal_wait_on_commit_record fs/jbd2/commit.c:178 [inline]
 [<ffffffff81824555>] jbd2_journal_commit_transaction+0x4725/0x65a0 fs/jbd2/commit.c:895
 [<ffffffff8183339a>] kjournald2+0x22a/0x830 fs/jbd2/journal.c:223
 [<ffffffff81190958>] kthread+0x268/0x300 kernel/kthread.c:211
 [<ffffffff838c2b55>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:510
no locks held by jbd2/sda1-8/1907.
Sending NMI to all CPUs:
NMI backtrace for cpu 0
CPU: 0 PID: 491 Comm: khungtaskd Not tainted 4.4.138-gcf21a9a #64
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801d8da8000 task.stack: ffff8801d8d60000
RIP: 0010:[<ffffffff810bfb26>]  [<ffffffff810bfb26>] native_apic_mem_write arch/x86/include/asm/apic.h:94 [inline]
RIP: 0010:[<ffffffff810bfb26>]  [<ffffffff810bfb26>] __default_send_IPI_dest_field arch/x86/include/asm/ipi.h:119 [inline]
RIP: 0010:[<ffffffff810bfb26>]  [<ffffffff810bfb26>] _flat_send_IPI_mask arch/x86/kernel/apic/apic_flat_64.c:61 [inline]
RIP: 0010:[<ffffffff810bfb26>]  [<ffffffff810bfb26>] flat_send_IPI_mask+0xf6/0x1a0 arch/x86/kernel/apic/apic_flat_64.c:69
RSP: 0018:ffff8801d8d67cc8  EFLAGS: 00000046
RAX: 0000000003000000 RBX: 0000000000000c00 RCX: 0000000000000000
RDX: 0000000000000c00 RSI: 0000000000000000 RDI: ffffffffff5fb300
RBP: ffff8801d8d67cf0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000246
R13: 0000000000000003 R14: 0000000000000002 R15: ffffffff8446f6a0
FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006cf090 CR3: 0000000148891000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff8446f6a0 ffffffff84a18ee0 0000000000000007 fffffbfff0942c8c
 0000000000000040 ffff8801d8d67d10 ffffffff810b5ae1 ffffffff83c0b460
 0000000000000003 ffff8801d8d67d68 ffffffff81e19d83 ffff8800b64e9800
Call Trace:
 [<ffffffff810b5ae1>] nmi_raise_cpu_backtrace+0x61/0x80 arch/x86/kernel/apic/hw_nmi.c:33
 [<ffffffff81e19d83>] nmi_trigger_all_cpu_backtrace.cold.4+0x70/0xad lib/nmi_backtrace.c:85
 [<ffffffff810b5b84>] arch_trigger_all_cpu_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 [<ffffffff8141a459>] trigger_all_cpu_backtrace include/linux/nmi.h:44 [inline]
 [<ffffffff8141a459>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff8141a459>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff8141a459>] watchdog.cold.1+0xd3/0xee kernel/hung_task.c:238
 [<ffffffff81190958>] kthread+0x268/0x300 kernel/kthread.c:211
 [<ffffffff838c2b55>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:510
Code: b3 5f ff f6 c4 10 75 e2 44 89 e8 c1 e0 18 89 04 25 10 b3 5f ff 44 89 f2 09 da 80 cf 04 41 83 fe 02 0f 44 d3 89 14 25 00 b3 5f ff <41> f7 c4 00 02 00 00 75 1a 4c 89 e7 57 9d 0f 1f 44 00 00 e8 02 
NMI backtrace for cpu 1
CPU: 1 PID: 19 Comm: kworker/u4:1 Not tainted 4.4.138-gcf21a9a #64
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: binder binder_deferred_func
task: ffff8801d9b88000 task.stack: ffff8801d9b90000
RIP: 0010:[<ffffffff82083f3b>]  [<ffffffff82083f3b>] inb arch/x86/include/asm/io.h:316 [inline]
RIP: 0010:[<ffffffff82083f3b>]  [<ffffffff82083f3b>] io_serial_in+0x6b/0x90 drivers/tty/serial/8250/8250_port.c:398
RSP: 0018:ffff8801d9b976b8  EFLAGS: 00000002
RAX: dffffc0000000000 RBX: 00000000000003fd RCX: 0000000000000000
RDX: 00000000000003fd RSI: ffffffff82083ee1 RDI: ffffffff862aa4b8
RBP: ffff8801d9b976c8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: ffffffff858ed132 R12: ffffffff862aa480
R13: 0000000000000020 R14: fffffbfff0c554d7 R15: fffffbfff0c55499
FS:  0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006cf090 CR3: 000000000440c000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff862aa480 0000000000002709 ffff8801d9b97718 ffffffff82085a9f
 ffffffff81e37855 ffffffff862aa4c8 ffffffff862aa6ba ffffffff862aa480
 0000000000000032 ffffffff82085bf0 dffffc0000000000 0000000000000032
Call Trace:
 [<ffffffff82085a9f>] serial_in drivers/tty/serial/8250/8250.h:97 [inline]
 [<ffffffff82085a9f>] wait_for_xmitr+0x8f/0x1e0 drivers/tty/serial/8250/8250_port.c:1717
 [<ffffffff82085c0f>] serial8250_console_putchar+0x1f/0x60 drivers/tty/serial/8250/8250_port.c:2806
 [<ffffffff820700a9>] uart_console_write+0x59/0xf0 drivers/tty/serial/serial_core.c:1789
 [<ffffffff82090269>] serial8250_console_write+0x539/0x830 drivers/tty/serial/8250/8250_port.c:2872
 [<ffffffff8207ec4f>] univ8250_console_write+0x5f/0x70 drivers/tty/serial/8250/8250_core.c:594
 [<ffffffff81259f1f>] call_console_drivers.constprop.28+0x1ef/0x3f0 kernel/printk/printk.c:1463
 [<ffffffff8125cbf5>] console_unlock+0x605/0xa10 kernel/printk/printk.c:2330
 [<ffffffff8125d51e>] vprintk_emit+0x51e/0x840 kernel/printk/printk.c:1832
 [<ffffffff8125d868>] vprintk+0x28/0x30 kernel/printk/printk.c:1843
 [<ffffffff8125d88d>] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1844
 [<ffffffff81415328>] printk+0xaf/0xd7 kernel/printk/printk.c:1922
 [<ffffffff82dcd626>] binder_release_work.cold.73+0x79/0x9b drivers/android/binder.c:4387
 [<ffffffff82d67ac2>] binder_thread_release+0x422/0x520 drivers/android/binder.c:4578
 [<ffffffff82d67fe7>] binder_deferred_release drivers/android/binder.c:5119 [inline]
 [<ffffffff82d67fe7>] binder_deferred_func+0x427/0xc00 drivers/android/binder.c:5191
 [<ffffffff81181f4f>] process_one_work+0x7df/0x1600 kernel/workqueue.c:2064
 [<ffffffff81182e49>] worker_thread+0xd9/0xfc0 kernel/workqueue.c:2196
 [<ffffffff81190958>] kthread+0x268/0x300 kernel/kthread.c:211
 [<ffffffff838c2b55>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:510
Code: 24 c1 00 00 00 49 8d 7c 24 38 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 d3 e3 80 3c 02 00 75 17 41 03 5c 24 38 89 da ec <5b> 0f b6 c0 41 5c 5d c3 e8 68 58 47 ff eb c2 e8 c1 58 47 ff eb 

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/06/30 05:23 https://android.googlesource.com/kernel/common android-4.4 cf21a9ac5ee4 dba0b50e .config console log report syz C ci-android-44-kasan-gce
2018/06/30 05:28 https://android.googlesource.com/kernel/common android-4.4 cf21a9ac5ee4 dba0b50e .config console log report syz C ci-android-44-kasan-gce-386
2018/06/06 15:47 https://android.googlesource.com/kernel/common android-4.4 98b6097d0f14 41f9540d .config console log report syz C ci-android-44-kasan-gce-386
2018/05/05 09:07 https://android.googlesource.com/kernel/common android-4.4 31f312b49b72 9ce14f4b .config console log report syz C ci-android-44-kasan-gce-386
2018/03/30 07:12 https://android.googlesource.com/kernel/common android-4.4 38f41ec1cb31 d47f0ed6 .config console log report ci-android-44-kasan-gce
2018/05/28 21:13 https://android.googlesource.com/kernel/common android-4.4 3f51ea2db97d f48c20b8 .config console log report ci-android-44-kasan-gce-386
* Struck through repros no longer work on HEAD.