syzbot

 sign-in | mailing list | source | docs
🐞 Open [196] 🐞 Fixed [42] 🐞 Invalid [470] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: rcu detected stall in ext4_filemap_fault

Status: public: reported C repro on 2019/09/11 03:52
Reported-by: syzbot+af44412a8698cd89ae93@syzkaller.appspotmail.com
First crash: 1687d, last: 1687d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 INFO: rcu detected stall in ext4_filemap_fault (3) 2 713d 743d 0/1 auto-obsoleted due to no activity on 2022/09/09 17:56
linux-4.19 INFO: rcu detected stall in ext4_filemap_fault (2) 1 1368d 1368d 0/1 auto-closed as invalid on 2020/11/23 02:32
upstream INFO: rcu detected stall in ext4_filemap_fault mm 109 1878d 2049d 0/26 closed as dup on 2019/01/02 16:36
android-414 INFO: rcu detected stall in ext4_filemap_fault 1 1948d 1841d 0/1 auto-closed as invalid on 2019/06/22 22:11
linux-4.19 INFO: rcu detected stall in ext4_filemap_fault 4 1557d 1707d 0/1 auto-closed as invalid on 2020/05/18 19:50
linux-4.14 INFO: rcu detected stall in ext4_filemap_fault 1 1611d 1611d 0/1 auto-closed as invalid on 2020/03/25 22:24
upstream INFO: rcu detected stall in ext4_filemap_fault (2) cgroups 1 1653d 1653d 0/26 auto-closed as invalid on 2020/01/13 18:23
android-414 INFO: rcu detected stall in ext4_filemap_fault (2) 2 1606d 1651d 0/1 auto-closed as invalid on 2020/03/30 02:23

Sample crash report:
   Free memory is 34416kB above reserved
lowmemorykiller: Killing 'syz-executor610' (9321) (tgid 9315), adj 1000,
   to free 12824kB on behalf of 'modprobe' (9200) because
   cache 2868kB is below limit 6144kB for oom_score_adj 0
   Free memory is -5776kB above reserved
INFO: rcu_preempt detected stalls on CPUs/tasks:
	Tasks blocked on level-0 rcu_node (CPUs 0-1): P1893
	(detected by 1, t=10502 jiffies, g=9653, c=9652, q=5239)
rsyslogd        R  running task    25928  1893      1 0x00000000
 ffff8801db707c60 ffffffff813fa6fd ffffffff813fa504 ffff8801d42317c0
 ffffffff830cd6c0 0000000000000096 ffff8801d4231ba0 dffffc0000000000
 ffff8801db707c98 ffffffff81404e39 00000000000025b4 0000000000001477
Call Trace:
 <IRQ> 
 [<ffffffff813fa6fd>] sched_show_task.cold.35+0x279/0x31f kernel/sched/core.c:5317
 [<ffffffff81404e39>] rcu_print_detail_task_stall_rnp+0xc2/0xfe kernel/rcu/tree_plugin.h:530
 [<ffffffff81405f5f>] rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:543 [inline]
 [<ffffffff81405f5f>] print_other_cpu_stall kernel/rcu/tree.c:1408 [inline]
 [<ffffffff81405f5f>] check_cpu_stall kernel/rcu/tree.c:1520 [inline]
 [<ffffffff81405f5f>] __rcu_pending kernel/rcu/tree.c:3487 [inline]
 [<ffffffff81405f5f>] rcu_pending kernel/rcu/tree.c:3551 [inline]
 [<ffffffff81405f5f>] rcu_check_callbacks.cold.69+0x757/0xd27 kernel/rcu/tree.c:2880
 [<ffffffff81267470>] update_process_times+0x30/0x70 kernel/time/timer.c:1629
 [<ffffffff8129641a>] tick_sched_handle.isra.5+0x4a/0xf0 kernel/time/tick-sched.c:151
 [<ffffffff81296536>] tick_sched_timer+0x76/0x130 kernel/time/tick-sched.c:1190
 [<ffffffff8126a197>] __run_hrtimer kernel/time/hrtimer.c:1255 [inline]
 [<ffffffff8126a197>] __hrtimer_run_queues+0x357/0xe30 kernel/time/hrtimer.c:1319
 [<ffffffff8126c681>] hrtimer_interrupt+0x1b1/0x430 kernel/time/hrtimer.c:1353
 [<ffffffff810912d4>] local_apic_timer_interrupt+0x74/0xa0 arch/x86/kernel/apic/apic.c:937
 [<ffffffff8281b76c>] smp_apic_timer_interrupt+0x7c/0xb0 arch/x86/kernel/apic/apic.c:961
 [<ffffffff8281902d>] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:648
 <EOI> 
 [<ffffffff812270c8>] vprintk_emit+0x448/0x790 kernel/printk/printk.c:1908
 [<ffffffff81227438>] vprintk+0x28/0x30 kernel/printk/printk.c:1918
 [<ffffffff8122745d>] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1919
 [<ffffffff81402f9f>] vprintk_func kernel/printk/internal.h:36 [inline]
 [<ffffffff81402f9f>] printk+0xaf/0xd7 kernel/printk/printk.c:1980
 [<ffffffff8222d9e8>] lowmem_scan.cold.1+0x1f9/0x35b drivers/staging/android/lowmemorykiller.c:177
 [<ffffffff81449cc6>] do_shrink_slab mm/vmscan.c:398 [inline]
 [<ffffffff81449cc6>] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501
 [<ffffffff814557fd>] shrink_slab mm/vmscan.c:465 [inline]
 [<ffffffff814557fd>] shrink_node+0x1ed/0x740 mm/vmscan.c:2602
 [<ffffffff814560c7>] shrink_zones mm/vmscan.c:2749 [inline]
 [<ffffffff814560c7>] do_try_to_free_pages mm/vmscan.c:2791 [inline]
 [<ffffffff814560c7>] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002
 [<ffffffff81428a01>] __perform_reclaim mm/page_alloc.c:3324 [inline]
 [<ffffffff81428a01>] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline]
 [<ffffffff81428a01>] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline]
 [<ffffffff81428a01>] __alloc_pages_nodemask+0x981/0x1bd0 mm/page_alloc.c:3862
 [<ffffffff8143564a>] __alloc_pages include/linux/gfp.h:433 [inline]
 [<ffffffff8143564a>] __alloc_pages_node include/linux/gfp.h:446 [inline]
 [<ffffffff8143564a>] alloc_pages_node include/linux/gfp.h:460 [inline]
 [<ffffffff8143564a>] __page_cache_alloc include/linux/pagemap.h:208 [inline]
 [<ffffffff8143564a>] __do_page_cache_readahead+0x21a/0x8b0 mm/readahead.c:183
 [<ffffffff81415534>] ra_submit mm/internal.h:59 [inline]
 [<ffffffff81415534>] do_sync_mmap_readahead mm/filemap.c:2066 [inline]
 [<ffffffff81415534>] filemap_fault+0x924/0x1110 mm/filemap.c:2143
 [<ffffffff816e7721>] ext4_filemap_fault+0x71/0xa0 fs/ext4/inode.c:5853
 [<ffffffff81492ef3>] __do_fault+0x223/0x500 mm/memory.c:2833
 [<ffffffff814a3696>] do_read_fault mm/memory.c:3180 [inline]
 [<ffffffff814a3696>] do_fault mm/memory.c:3315 [inline]
 [<ffffffff814a3696>] handle_pte_fault mm/memory.c:3516 [inline]
 [<ffffffff814a3696>] __handle_mm_fault mm/memory.c:3603 [inline]
 [<ffffffff814a3696>] handle_mm_fault+0x1326/0x2350 mm/memory.c:3640
 [<ffffffff810b2b33>] __do_page_fault+0x403/0xa60 arch/x86/mm/fault.c:1406
 [<ffffffff810b31e7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff828188b5>] page_fault+0x25/0x30 arch/x86/entry/entry_64.S:951
rsyslogd        R  running task    25928  1893      1 0x80000000
 ffff8801db707c60 ffffffff813fa6fd ffffffff813fa504 ffff8801d42317c0
 ffffffff830cd6c0 0000000000000096 ffff8801d4231ba0 dffffc0000000000
 ffff8801db707c98 ffffffff81404e39 ffffffff830cda40 0000000000001477
Call Trace:
 <IRQ> 
 [<ffffffff813fa6fd>] sched_show_task.cold.35+0x279/0x31f kernel/sched/core.c:5317
 [<ffffffff81404e39>] rcu_print_detail_task_stall_rnp+0xc2/0xfe kernel/rcu/tree_plugin.h:530
 [<ffffffff81405fb7>] rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:545 [inline]
 [<ffffffff81405fb7>] print_other_cpu_stall kernel/rcu/tree.c:1408 [inline]
 [<ffffffff81405fb7>] check_cpu_stall kernel/rcu/tree.c:1520 [inline]
 [<ffffffff81405fb7>] __rcu_pending kernel/rcu/tree.c:3487 [inline]
 [<ffffffff81405fb7>] rcu_pending kernel/rcu/tree.c:3551 [inline]
 [<ffffffff81405fb7>] rcu_check_callbacks.cold.69+0x7af/0xd27 kernel/rcu/tree.c:2880
 [<ffffffff81267470>] update_process_times+0x30/0x70 kernel/time/timer.c:1629
 [<ffffffff8129641a>] tick_sched_handle.isra.5+0x4a/0xf0 kernel/time/tick-sched.c:151
 [<ffffffff81296536>] tick_sched_timer+0x76/0x130 kernel/time/tick-sched.c:1190
 [<ffffffff8126a197>] __run_hrtimer kernel/time/hrtimer.c:1255 [inline]
 [<ffffffff8126a197>] __hrtimer_run_queues+0x357/0xe30 kernel/time/hrtimer.c:1319
 [<ffffffff8126c681>] hrtimer_interrupt+0x1b1/0x430 kernel/time/hrtimer.c:1353
 [<ffffffff810912d4>] local_apic_timer_interrupt+0x74/0xa0 arch/x86/kernel/apic/apic.c:937
 [<ffffffff8281b76c>] smp_apic_timer_interrupt+0x7c/0xb0 arch/x86/kernel/apic/apic.c:961
 [<ffffffff8281902d>] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:648
 <EOI> 
 [<ffffffff812270c8>] vprintk_emit+0x448/0x790 kernel/printk/printk.c:1908
 [<ffffffff81227438>] vprintk+0x28/0x30 kernel/printk/printk.c:1918
 [<ffffffff8122745d>] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1919
 [<ffffffff81402f9f>] vprintk_func kernel/printk/internal.h:36 [inline]
 [<ffffffff81402f9f>] printk+0xaf/0xd7 kernel/printk/printk.c:1980
 [<ffffffff8222d9e8>] lowmem_scan.cold.1+0x1f9/0x35b drivers/staging/android/lowmemorykiller.c:177
 [<ffffffff81449cc6>] do_shrink_slab mm/vmscan.c:398 [inline]
 [<ffffffff81449cc6>] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501
 [<ffffffff814557fd>] shrink_slab mm/vmscan.c:465 [inline]
 [<ffffffff814557fd>] shrink_node+0x1ed/0x740 mm/vmscan.c:2602
 [<ffffffff814560c7>] shrink_zones mm/vmscan.c:2749 [inline]
 [<ffffffff814560c7>] do_try_to_free_pages mm/vmscan.c:2791 [inline]
 [<ffffffff814560c7>] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002
 [<ffffffff81428a01>] __perform_reclaim mm/page_alloc.c:3324 [inline]
 [<ffffffff81428a01>] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline]
 [<ffffffff81428a01>] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline]
 [<ffffffff81428a01>] __alloc_pages_nodemask+0x981/0x1bd0 mm/page_alloc.c:3862
 [<ffffffff8143564a>] __alloc_pages include/linux/gfp.h:433 [inline]
 [<ffffffff8143564a>] __alloc_pages_node include/linux/gfp.h:446 [inline]
 [<ffffffff8143564a>] alloc_pages_node include/linux/gfp.h:460 [inline]
 [<ffffffff8143564a>] __page_cache_alloc include/linux/pagemap.h:208 [inline]
 [<ffffffff8143564a>] __do_page_cache_readahead+0x21a/0x8b0 mm/readahead.c:183
 [<ffffffff81415534>] ra_submit mm/internal.h:59 [inline]
 [<ffffffff81415534>] do_sync_mmap_readahead mm/filemap.c:2066 [inline]
 [<ffffffff81415534>] filemap_fault+0x924/0x1110 mm/filemap.c:2143
 [<ffffffff816e7721>] ext4_filemap_fault+0x71/0xa0 fs/ext4/inode.c:5853
 [<ffffffff81492ef3>] __do_fault+0x223/0x500 mm/memory.c:2833
 [<ffffffff814a3696>] do_read_fault mm/memory.c:3180 [inline]
 [<ffffffff814a3696>] do_fault mm/memory.c:3315 [inline]
 [<ffffffff814a3696>] handle_pte_fault mm/memory.c:3516 [inline]
 [<ffffffff814a3696>] __handle_mm_fault mm/memory.c:3603 [inline]
 [<ffffffff814a3696>] handle_mm_fault+0x1326/0x2350 mm/memory.c:3640
 [<ffffffff810b2b33>] __do_page_fault+0x403/0xa60 arch/x86/mm/fault.c:1406
 [<ffffffff810b31e7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
 [<ffffffff828188b5>] page_fault+0x25/0x30 arch/x86/entry/entry_64.S:951
lowmemorykiller: Killing 'syz-executor610' (10284) (tgid 10284), adj 1000,
   to free 10520kB on behalf of 'kswapd0' (33) because
   cache 4656kB is below limit 6144kB for oom_score_adj 0
   Free memory is -6756kB above reserved
lowmemorykiller: Killing 'syz-executor610' (10398) (tgid 10398), adj 1000,
   to free 10520kB on behalf of 'kswapd0' (33) because
   cache 4656kB is below limit 6144kB for oom_score_adj 0
   Free memory is -13364kB above reserved
lowmemorykiller: Killing 'syz-executor610' (9788) (tgid 9788), adj 1000,
   to free 9820kB on behalf of 'kswapd0' (33) because
   cache 4656kB is below limit 6144kB for oom_score_adj 0
   Free memory is -3864kB above reserved
lowmemorykiller: Killing 'syz-executor610' (9903) (tgid 9903), adj 1000,
   to free 9820kB on behalf of 'kswapd0' (33) because
   cache 4556kB is below limit 6144kB for oom_score_adj 0
   Free memory is -3940kB above reserved
lowmemorykiller: Killing 'syz-executor610' (10394) (tgid 10394), adj 1000,
   to free 9432kB on behalf of 'kswapd0' (33) because
   cache 4488kB is below limit 6144kB for oom_score_adj 0
   Free memory is 5108kB above reserved
lowmemorykiller: Killing 'syz-executor610' (10466) (tgid 10466), adj 1000,
   to free 9432kB on behalf of 'kswapd0' (33) because
   cache 4488kB is below limit 6144kB for oom_score_adj 0
   Free memory is 4584kB above reserved
lowmemorykiller: Killing 'syz-executor610' (10942) (tgid 10942), adj 1000,
   to free 9368kB on behalf of 'kswapd0' (33) because
   cache 4240kB is below limit 6144kB for oom_score_adj 0
   Free memory is 1980kB above reserved
lowmemorykiller: Killing 'syz-executor610' (11060) (tgid 11060), adj 1000,
   to free 9368kB on behalf of 'kswapd0' (33) because
   cache 3840kB is below limit 16384kB for oom_score_adj 6
   Free memory is 9920kB above reserved
lowmemorykiller: Killing 'syz-executor610' (12597) (tgid 12597), adj 1000,
   to free 9360kB on behalf of 'kswapd0' (33) because
   cache 3540kB is below limit 65536kB for oom_score_adj 12
   Free memory is 18744kB above reserved
lowmemorykiller: Killing 'syz-executor610' (20701) (tgid 20701), adj 1000,
   to free 9324kB on behalf of 'kswapd0' (33) because
   cache 3428kB is below limit 65536kB for oom_score_adj 12
   Free memory is 27844kB above reserved
lowmemorykiller: Killing 'syz-executor610' (20773) (tgid 20773), adj 1000,
   to free 9324kB on behalf of 'kswapd0' (33) because
   cache 3428kB is below limit 65536kB for oom_score_adj 12
   Free memory is 26108kB above reserved
lowmemorykiller: Killing 'syz-executor610' (11150) (tgid 11150), adj 1000,
   to free 13272kB on behalf of 'kswapd0' (33) because
   cache 3128kB is below limit 16384kB for oom_score_adj 6
   Free memory is 10412kB above reserved
lowmemorykiller: Killing 'syz-executor610' (11154) (tgid 11150), adj 1000,
   to free 14168kB on behalf of 'kswapd0' (33) because
   cache 3020kB is below limit 8192kB for oom_score_adj 1
   Free memory is 7156kB above reserved

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/09/11 02:51 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 a60cb4cd .config console log report syz C ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.