syzbot


INFO: task hung in lo_ioctl

Status: fixed on 2019/03/06 07:43
Reported-by: syzbot+abdba5bc6de135d7622f00756da97998425b6de5@syzkaller.appspotmail.com
Fix commit: 04906b2f542c blockdev: Fix livelocks on loop device
First crash: 1820d, last: 1695d
duplicates (10):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
INFO: task hung in __blkdev_direct_IO_simple 365 1635d 1811d 0/24 closed as dup on 2017/12/12 16:44
INFO: task hung in write_cache_pages 65 1441d 1811d 0/24 closed as dup on 2017/12/12 16:30
INFO: task hung in iterate_bdevs 104 1691d 1811d 0/24 closed as dup on 2017/12/12 16:45
INFO: task hung in pagecache_get_page 144 1498d 1816d 0/24 closed as dup on 2017/12/12 16:52
INFO: task hung in truncate_inode_pages_range 151 1477d 1811d 0/24 closed as dup on 2017/12/12 16:49
INFO: task hung in submit_bio_wait 313 1761d 1811d 0/24 closed as dup on 2017/12/12 16:50
INFO: task hung in blkdev_issue_flush 12 1381d 1684d 0/24 closed as dup on 2019/02/16 05:19
INFO: task hung in blkdev_reread_part 4 1701d 1812d 0/24 closed as dup on 2017/12/12 16:29
INFO: task hung in blk_mq_freeze_queue_wait 608 1753d 1811d 0/24 closed as dup on 2017/12/12 16:51
INFO: task hung in wait_on_page_bit_common 800 1753d 1815d 0/24 closed as dup on 2017/12/12 16:52
similar bugs (6):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-414 INFO: task hung in lo_ioctl syz 498 1303d 1325d 0/1 public: reported syz repro on 2019/04/10 16:14
linux-4.14 INFO: task hung in lo_ioctl 127 638d 1324d 0/1 auto-closed as invalid on 2021/06/25 19:54
android-44 INFO: task hung in lo_ioctl C 469 1117d 1324d 0/2 public: reported C repro on 2019/04/12 00:00
android-49 INFO: task hung in lo_ioctl C 1828 1124d 1324d 0/3 public: reported C repro on 2019/04/12 00:00
upstream INFO: task hung in lo_ioctl (2) 3 370d 375d 0/24 closed as invalid on 2022/02/08 09:40
linux-4.14 INFO: task hung in lo_ioctl (2) 1 24d 24d 0/1 upstream: reported on 2022/11/01 22:16

Sample crash report:
buffer_io_error: 766 callbacks suppressed
Buffer I/O error on dev loop0, logical block 0, async page read
INFO: task syz-executor6:4522 blocked for more than 120 seconds.
      Not tainted 4.16.0+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor6   D21192  4522      1 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2848 [inline]
 __schedule+0x807/0x1e40 kernel/sched/core.c:3490
 schedule+0xef/0x430 kernel/sched/core.c:3549
 schedule_preempt_disabled+0x10/0x20 kernel/sched/core.c:3607
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0xe38/0x17f0 kernel/locking/mutex.c:893
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
 lo_ioctl+0x90/0x1e30 drivers/block/loop.c:1355
 __blkdev_driver_ioctl block/ioctl.c:303 [inline]
 blkdev_ioctl+0x9b6/0x2020 block/ioctl.c:601
 block_ioctl+0xee/0x130 fs/block_dev.c:1875
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684
 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701
 SYSC_ioctl fs/ioctl.c:708 [inline]
 SyS_ioctl+0x24/0x30 fs/ioctl.c:706
 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x455147
RSP: 002b:00007ffeede1ed28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000000000d0 RCX: 0000000000455147
RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000013
RBP: 0000000000000013 R08: 0000000000000000 R09: 000000000000000a
R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000013
R13: 0000000000000000 R14: 00000000006fe780 R15: 0000000000001380

Showing all locks held in the system:
2 locks held by khungtaskd/878:
 #0: 000000004296613b (rcu_read_lock){....}, at: check_hung_uninterruptible_tasks kernel/hung_task.c:175 [inline]
 #0: 000000004296613b (rcu_read_lock){....}, at: watchdog+0x1ff/0xf60 kernel/hung_task.c:249
 #1: 0000000003d91ba8 (tasklist_lock){.+.+}, at: debug_show_all_locks+0xde/0x34a kernel/locking/lockdep.c:4470
1 lock held by rsyslogd/4351:
 #0: 000000008aaf0349 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1a9/0x1e0 fs/file.c:766
2 locks held by getty/4441:
 #0: 00000000eae3a5d6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 0000000046e80cd5 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131
2 locks held by getty/4442:
 #0: 0000000044765a01 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 00000000ae1b3658 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131
2 locks held by getty/4443:
 #0: 000000006d10de68 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 00000000225b0f13 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131
2 locks held by getty/4444:
 #0: 00000000c53b5f74 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 0000000087e64c54 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131
2 locks held by getty/4445:
 #0: 00000000095fa70f (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 00000000e305f634 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131
2 locks held by getty/4446:
 #0: 000000008f9419f1 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 00000000647ffeac (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131
2 locks held by getty/4447:
 #0: 0000000055a000ee (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 0000000058acb58e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 drivers/tty/n_tty.c:2131
1 lock held by syz-executor6/4522:
 #0: 00000000771a1456 (&lo->lo_ctl_mutex/1){+.+.}, at: lo_ioctl+0x90/0x1e30 drivers/block/loop.c:1355
1 lock held by syz-executor7/14157:
 #0: 00000000771a1456 (&lo->lo_ctl_mutex/1){+.+.}, at: lo_ioctl+0x90/0x1e30 drivers/block/loop.c:1355
1 lock held by syz-executor7/14192:
 #0: 00000000771a1456 (&lo->lo_ctl_mutex/1){+.+.}, at: lo_ioctl+0x90/0x1e30 drivers/block/loop.c:1355

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 878 Comm: khungtaskd Not tainted 4.16.0+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b9/0x29f lib/dump_stack.c:53
 nmi_cpu_backtrace.cold.4+0x19/0xce lib/nmi_backtrace.c:103
 nmi_trigger_cpumask_backtrace+0x151/0x192 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
 check_hung_task kernel/hung_task.c:132 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:190 [inline]
 watchdog+0xc10/0xf60 kernel/hung_task.c:249
 kthread+0x345/0x410 kernel/kthread.c:238
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:411
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:54

Crashes (47):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2018/04/05 18:08 upstream 06dd3dfeea60 5e1ccffc .config log report
ci-upstream-kasan-gce-root 2018/04/04 06:03 upstream f2d285669aae 676bd07e .config log report
ci-upstream-kasan-gce 2018/04/03 13:50 upstream 642e7fd23353 676bd07e .config log report
ci-upstream-kasan-gce 2018/04/01 17:55 upstream 10b84daddbec dc889257 .config log report
ci-upstream-kasan-gce 2018/03/31 05:13 upstream 9dd2326890d8 8fbce0e4 .config log report
ci-upstream-kasan-gce 2018/03/30 07:58 upstream c2a9838452a4 d47f0ed6 .config log report
ci-upstream-kasan-gce 2018/03/27 14:04 upstream 3eb2ce825ea1 bf5e585c .config log report
ci-upstream-kasan-gce 2018/03/24 01:23 upstream 99fec39e7725 2e9d9054 .config log report
ci-upstream-kasan-gce 2018/02/06 01:20 upstream 2deb41b24532 a1bc9d40 .config log report
ci-upstream-kasan-gce 2018/01/19 02:17 upstream dda3e15231b3 161c1d64 .config log report
ci-upstream-kasan-gce 2018/01/01 13:25 upstream 30a7acd57389 00193447 .config log report
ci-upstream-kasan-gce 2017/12/14 21:59 upstream d455df0bcc00 ac20b98c .config log report
ci-upstream-kasan-gce 2017/12/09 06:10 upstream 3625de4b2872 5ad0ce95 .config log report
ci-upstream-kasan-gce 2017/12/06 16:46 upstream 328b4ed93b69 0796857b .config log report
ci-upstream-kasan-gce 2017/12/04 16:34 upstream ae64f9bd1d36 48359b97 .config log report
ci-upstream-kasan-gce 2017/12/02 05:52 upstream a0651c7fa2c0 48359b97 .config log report
ci-upstream-kasan-gce-386 2018/04/05 00:17 upstream f2d285669aae 676bd07e .config log report
ci-upstream-kasan-gce-386 2018/04/02 18:49 upstream 0adb32858b0b 676bd07e .config log report
ci-upstream-kasan-gce-386 2018/03/30 19:46 upstream 9dd2326890d8 8fbce0e4 .config log report
ci-upstream-kasan-gce-386 2018/03/30 11:59 upstream c2a9838452a4 d47f0ed6 .config log report
ci-upstream-kasan-gce-386 2018/03/26 04:17 upstream cb6416592bc2 e033c1f1 .config log report
ci-upstream-kasan-gce-386 2018/01/27 12:19 upstream c4e0ca7fa241 1d18b112 .config log report
ci-upstream-kasan-gce-386 2018/01/05 22:02 upstream 89876f275e8d 00193447 .config log report
ci-upstream-kasan-gce-386 2017/12/12 07:36 upstream a638349bf6c2 da131727 .config log report
ci-upstream-kasan-gce-386 2017/12/10 00:14 upstream 4ded3bec65a0 5ad0ce95 .config log report
ci-upstream-kasan-gce-386 2017/12/08 13:28 upstream 968edbd93c0c b0fa969c .config log report
ci-upstream-kasan-gce-386 2017/12/06 03:15 upstream 328b4ed93b69 0796857b .config log report
ci-upstream-mmots-kasan-gce 2018/01/18 21:28 mmots ce3c209f6733 161c1d64 .config log report
ci-upstream-mmots-kasan-gce 2018/01/16 04:03 mmots ce3c209f6733 e17f4a5d .config log report
ci-upstream-next-kasan-gce 2018/01/12 05:54 linux-next 3e53c7415294 9dc808a6 .config log report
ci-upstream-mmots-kasan-gce 2018/01/06 15:29 mmots 69eed2290e1d 053171ea .config log report
ci-upstream-next-kasan-gce 2018/01/05 08:58 linux-next 990b6a07d18c 00193447 .config log report
ci-upstream-mmots-kasan-gce 2017/12/28 15:05 mmots 37759fa6d0fa 7d240098 .config log report
ci-upstream-next-kasan-gce 2017/12/10 02:03 linux-next ad4dac17f9d5 5ad0ce95 .config log report
ci-upstream-next-kasan-gce 2017/12/07 20:40 linux-next e40fd8d6b4d9 5d643f8e .config log report
ci-upstream-next-kasan-gce 2017/12/06 05:03 linux-next d5c52866f560 0796857b .config log report
ci-upstream-next-kasan-gce 2017/12/04 16:34 linux-next 7cc61a0a562c 48359b97 .config log report
ci-upstream-next-kasan-gce 2017/12/03 06:28 linux-next fb20eb9d798d 16668351 .config log report
ci-upstream-mmots-kasan-gce 2017/12/02 23:49 mmots 4131d5166185 29b0fd90 .config log report
ci-upstream-mmots-kasan-gce 2017/12/02 18:28 mmots 4131d5166185 29b0fd90 .config log report
ci-upstream-next-kasan-gce 2017/12/02 17:40 linux-next fb20eb9d798d 16668351 .config log report
ci-upstream-next-kasan-gce 2017/12/02 17:01 linux-next fb20eb9d798d 16668351 .config log report
ci-upstream-next-kasan-gce 2017/12/02 14:07 linux-next fb20eb9d798d 16668351 .config log report
ci-upstream-next-kasan-gce 2017/12/02 02:57 linux-next fb20eb9d798d 16668351 .config log report
ci-upstream-mmots-kasan-gce 2017/12/02 01:45 mmots 4131d5166185 29b0fd90 .config log report
ci-upstream-mmots-kasan-gce 2017/12/02 00:31 mmots 4131d5166185 29b0fd90 .config log report
ci-upstream-next-kasan-gce 2017/12/01 09:06 linux-next fb20eb9d798d 16668351 .config log report
* Struck through repros no longer work on HEAD.