syzbot


INFO: task hung in blkdev_reread_part

Status: upstream: reported C repro on 2019/04/11 11:39
Reported-by: syzbot+c14eb8e64a2a458891ee@syzkaller.appspotmail.com
First crash: 1220d, last: 14d

Fix bisection: failed (bisect log)
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-414 INFO: task hung in blkdev_reread_part C 538 991d 1221d 0/1 public: reported C repro on 2019/04/10 16:04
android-49 INFO: task hung in blkdev_reread_part syz 380 998d 1217d 0/3 public: reported syz repro on 2019/04/14 09:28
android-44 INFO: task hung in blkdev_reread_part syz 25 1015d 1218d 0/2 public: reported syz repro on 2019/04/14 00:02
upstream INFO: task hung in blkdev_reread_part 4 1597d 1708d 0/23 closed as dup on 2017/12/12 16:29

Sample crash report:
audit: type=1400 audit(1594549589.153:8): avc:  denied  { execmem } for  pid=6349 comm="syz-executor335" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
INFO: task syz-executor335:6357 blocked for more than 140 seconds.
      Not tainted 4.14.184-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor335 D28832  6357   6355 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2808 [inline]
 __schedule+0x8a6/0x1d70 kernel/sched/core.c:3384
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x5f0/0x1430 kernel/locking/mutex.c:893
 blkdev_reread_part+0x1b/0x40 block/ioctl.c:192
 loop_reread_partitions+0x72/0x80 drivers/block/loop.c:624
 loop_clr_fd+0x828/0xac0 drivers/block/loop.c:1078
 lo_ioctl+0x89c/0x1c00 drivers/block/loop.c:1424
 __blkdev_driver_ioctl block/ioctl.c:297 [inline]
 blkdev_ioctl+0x91d/0x17c0 block/ioctl.c:594
 block_ioctl+0xd9/0x120 fs/block_dev.c:1881
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x4415a7
RSP: 002b:00007ffdcd66f898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004415a7
RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000005
RBP: 0000000000000004 R08: 0000000000000000 R09: 000000000000000c
R10: 0000000000000064 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor335:6383 blocked for more than 140 seconds.
      Not tainted 4.14.184-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor335 D28928  6383   6353 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2808 [inline]
 __schedule+0x8a6/0x1d70 kernel/sched/core.c:3384
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x5f0/0x1430 kernel/locking/mutex.c:893
 loop_control_ioctl+0x15b/0x2d0 drivers/block/loop.c:2007
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x441699
RSP: 002b:00007ffdcd66fad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441699
RDX: 0000000000000005 RSI: 0000000000004c81 RDI: 0000000000000003
RBP: 00000000000f7d6e R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000402330
R13: 00000000004023c0 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor335:6385 blocked for more than 140 seconds.
      Not tainted 4.14.184-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor335 D28928  6385   6354 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2808 [inline]
 __schedule+0x8a6/0x1d70 kernel/sched/core.c:3384
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x5f0/0x1430 kernel/locking/mutex.c:893
 loop_control_ioctl+0x61/0x2d0 drivers/block/loop.c:1993
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x441699
RSP: 002b:00007ffdcd66fad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441699
RDX: 0000000000000000 RSI: 0000000000004c82 RDI: 0000000000000003
RBP: 00000000000f7e7f R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402330
R13: 00000000004023c0 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor335:6386 blocked for more than 140 seconds.
      Not tainted 4.14.184-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor335 D28928  6386   6350 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2808 [inline]
 __schedule+0x8a6/0x1d70 kernel/sched/core.c:3384
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x5f0/0x1430 kernel/locking/mutex.c:893
 loop_control_ioctl+0x61/0x2d0 drivers/block/loop.c:1993
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x441699
RSP: 002b:00007ffdcd66fad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441699
RDX: 0000000000000000 RSI: 0000000000004c82 RDI: 0000000000000003
RBP: 00000000000f7e7f R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402330
R13: 00000000004023c0 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor335:6387 blocked for more than 140 seconds.
      Not tainted 4.14.184-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor335 D28928  6387   6351 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2808 [inline]
 __schedule+0x8a6/0x1d70 kernel/sched/core.c:3384
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x5f0/0x1430 kernel/locking/mutex.c:893
 loop_control_ioctl+0x61/0x2d0 drivers/block/loop.c:1993
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x441699
RSP: 002b:00007ffdcd66fad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441699
RDX: 0000000000000000 RSI: 0000000000004c82 RDI: 0000000000000003
RBP: 00000000000f7eea R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402330
R13: 00000000004023c0 R14: 0000000000000000 R15: 0000000000000000
INFO: task systemd-udevd:6389 blocked for more than 140 seconds.
      Not tainted 4.14.184-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
systemd-udevd   D28752  6389   3643 0x00000104
Call Trace:
 context_switch kernel/sched/core.c:2808 [inline]
 __schedule+0x8a6/0x1d70 kernel/sched/core.c:3384
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x5f0/0x1430 kernel/locking/mutex.c:893
 lo_open+0x19/0xb0 drivers/block/loop.c:1634
 __blkdev_get+0xa70/0x10c0 fs/block_dev.c:1537
 blkdev_get+0x84/0x8a0 fs/block_dev.c:1612
 blkdev_open+0x1cc/0x250 fs/block_dev.c:1770
 do_dentry_open+0x44b/0xec0 fs/open.c:777
 vfs_open+0x105/0x220 fs/open.c:888
 do_last fs/namei.c:3428 [inline]
 path_openat+0xb68/0x2aa0 fs/namei.c:3569
 do_filp_open+0x18e/0x250 fs/namei.c:3603
 do_sys_open+0x292/0x3e0 fs/open.c:1081
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f82e9f34840
RSP: 002b:00007fff8c468558 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 000055a1c9d032f0 RCX: 00007f82e9f34840
RDX: 000055a1c8fc1fe3 RSI: 00000000000a0800 RDI: 000055a1c9d05040
RBP: 00007fff8c4686d0 R08: 000055a1c8fc1670 R09: 0000000000000010
R10: 000055a1c8fc1d0c R11: 0000000000000246 R12: 00007fff8c468620
R13: 000055a1c9cfc800 R14: 0000000000000003 R15: 000000000000000e
INFO: task syz-executor335:6395 blocked for more than 140 seconds.
      Not tainted 4.14.184-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor335 D28832  6395   6352 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2808 [inline]
 __schedule+0x8a6/0x1d70 kernel/sched/core.c:3384
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x5f0/0x1430 kernel/locking/mutex.c:893
 loop_control_ioctl+0x61/0x2d0 drivers/block/loop.c:1993
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x441699
RSP: 002b:00007ffdcd66fad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441699
RDX: 0000000000000000 RSI: 0000000000004c82 RDI: 0000000000000003
RBP: 00000000000f7ff3 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402330
R13: 00000000004023c0 R14: 0000000000000000 R15: 0000000000000000

Showing all locks held in the system:
1 lock held by khungtaskd/1057:
 #0:  (tasklist_lock){.+.+}, at: [<ffffffff8146c8d0>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
2 locks held by syz-executor335/6357:
 #0:  (&lo->lo_ctl_mutex/1){+.+.}, at: [<ffffffff839db197>] lo_ioctl+0x87/0x1c00 drivers/block/loop.c:1414
 #1:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff82f040fb>] blkdev_reread_part+0x1b/0x40 block/ioctl.c:192
2 locks held by syz-executor335/6383:
 #0:  (loop_index_mutex){+.+.}, at: [<ffffffff839de2d1>] loop_control_ioctl+0x61/0x2d0 drivers/block/loop.c:1993
 #1:  (&lo->lo_ctl_mutex){+.+.}, at: [<ffffffff839de3cb>] loop_control_ioctl+0x15b/0x2d0 drivers/block/loop.c:2007
1 lock held by syz-executor335/6385:
 #0:  (loop_index_mutex){+.+.}, at: [<ffffffff839de2d1>] loop_control_ioctl+0x61/0x2d0 drivers/block/loop.c:1993
1 lock held by syz-executor335/6386:
 #0:  (loop_index_mutex){+.+.}, at: [<ffffffff839de2d1>] loop_control_ioctl+0x61/0x2d0 drivers/block/loop.c:1993
1 lock held by syz-executor335/6387:
 #0:  (loop_index_mutex){+.+.}, at: [<ffffffff839de2d1>] loop_control_ioctl+0x61/0x2d0 drivers/block/loop.c:1993
2 locks held by systemd-udevd/6389:
 #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff81981122>] __blkdev_get+0x192/0x10c0 fs/block_dev.c:1457
 #1:  (loop_index_mutex){+.+.}, at: [<ffffffff839d6709>] lo_open+0x19/0xb0 drivers/block/loop.c:1634
1 lock held by syz-executor335/6395:
 #0:  (loop_index_mutex){+.+.}, at: [<ffffffff839de2d1>] loop_control_ioctl+0x61/0x2d0 drivers/block/loop.c:1993

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1057 Comm: khungtaskd Not tainted 4.14.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x13a/0x17f lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
 watchdog+0x5e2/0xb80 kernel/hung_task.c:274
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at pc 0xffffffff863e461e

Crashes (38):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2020/07/12 10:32 linux-4.14.y b850307b279c 115e1930 .config log report syz C
ci2-linux-4-14 2019/10/05 18:23 linux-4.14.y db1892238c55 f3f7d9c8 .config log report syz C
ci2-linux-4-14 2022/07/30 16:44 linux-4.14.y b641242202ed fef302b1 .config log report info INFO: task hung in blkdev_reread_part
ci2-linux-4-14 2022/03/24 04:18 linux-4.14.y 004bfaafc45c 5ff41e94 .config log report info INFO: task hung in blkdev_reread_part
ci2-linux-4-14 2021/05/13 14:37 linux-4.14.y 7d7d1c0ab3eb ecb594cb .config log report info INFO: task hung in blkdev_reread_part
ci2-linux-4-14 2021/04/24 16:33 linux-4.14.y cf256fbcbe34 17f0b706 .config log report info INFO: task hung in blkdev_reread_part
ci2-linux-4-14 2021/04/11 09:18 linux-4.14.y 958e517f4e16 6a81331a .config log report info INFO: task hung in blkdev_reread_part
ci2-linux-4-14 2021/03/24 18:14 linux-4.14.y 670d6552eda8 607e3baf .config log report info INFO: task hung in blkdev_reread_part
ci2-linux-4-14 2021/01/22 10:22 linux-4.14.y 2762b48e9611 d4f4eca5 .config log report info INFO: task hung in blkdev_reread_part
ci2-linux-4-14 2020/12/26 23:25 linux-4.14.y 3f2ecb86cb90 821e0b09 .config log report info
ci2-linux-4-14 2020/10/05 15:03 linux-4.14.y cbfa1702aaf6 1880b4a9 .config log report info
ci2-linux-4-14 2020/08/29 10:34 linux-4.14.y d7e78d08fa77 d5a3ae1f .config log report
ci2-linux-4-14 2020/07/25 01:08 linux-4.14.y 69b94dd6dcd1 0a13649c .config log report
ci2-linux-4-14 2020/06/30 23:25 linux-4.14.y b850307b279c c0383ebe .config log report
ci2-linux-4-14 2020/03/27 14:01 linux-4.14.y 01364dad1d45 831e9a81 .config log report
ci2-linux-4-14 2020/03/04 19:44 linux-4.14.y 78d697fc93f9 712198ac .config log report
ci2-linux-4-14 2019/11/24 03:18 linux-4.14.y f56f3d0e65ad 598ca6c8 .config log report
ci2-linux-4-14 2019/10/10 21:28 linux-4.14.y 42327896f194 1a3bad90 .config log report
ci2-linux-4-14 2019/09/23 02:50 linux-4.14.y f6e27dbb1afa d96e88f3 .config log report
ci2-linux-4-14 2019/07/29 18:34 linux-4.14.y ff33472c282e f67095ee .config log report
ci2-linux-4-14 2019/07/22 18:51 linux-4.14.y ff33472c282e 55e0c077 .config log report
ci2-linux-4-14 2019/07/18 16:19 linux-4.14.y aea8526edf59 7bb222f7 .config log report
ci2-linux-4-14 2019/06/26 14:02 linux-4.14.y bc2bccef19ee 4d342240 .config log report
ci2-linux-4-14 2019/05/02 01:05 linux-4.14.y fa5941f45d7e 7516d9fa .config log report
ci2-linux-4-14 2019/05/01 15:09 linux-4.14.y fa5941f45d7e 618456b4 .config log report
ci2-linux-4-14 2019/04/28 22:08 linux-4.14.y fa5941f45d7e b617407b .config log report
ci2-linux-4-14 2019/04/28 19:54 linux-4.14.y fa5941f45d7e b617407b .config log report
ci2-linux-4-14 2019/04/28 03:38 linux-4.14.y fa5941f45d7e b617407b .config log report
ci2-linux-4-14 2019/04/26 01:00 linux-4.14.y 68d7a45eec10 f46aabc8 .config log report
ci2-linux-4-14 2019/04/25 22:57 linux-4.14.y 68d7a45eec10 f46aabc8 .config log report
ci2-linux-4-14 2019/04/22 17:01 linux-4.14.y 68d7a45eec10 0a77c33c .config log report
ci2-linux-4-14 2019/04/19 10:46 linux-4.14.y 58b454ebf81e b0e8efcb .config log report
ci2-linux-4-14 2019/04/17 10:44 linux-4.14.y 58b454ebf81e b0e8efcb .config log report
ci2-linux-4-14 2019/04/15 09:20 linux-4.14.y 1ec8f1f0bffe 505ab413 .config log report
ci2-linux-4-14 2019/04/15 04:10 linux-4.14.y 1ec8f1f0bffe 505ab413 .config log report
ci2-linux-4-14 2019/04/13 11:37 linux-4.14.y 1ec8f1f0bffe c402d8f1 .config log report
ci2-linux-4-14 2019/04/11 12:29 linux-4.14.y 1ec8f1f0bffe e955ac50 .config log report
ci2-linux-4-14 2019/04/11 10:38 linux-4.14.y 1ec8f1f0bffe e955ac50 .config log report