syzbot

 sign-in | mailing list | source | docs
🐞 Open [196] 🐞 Fixed [42] 🐞 Invalid [470] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: task hung in __bread_gfp

Status: auto-closed as invalid on 2019/02/22 14:34
First crash: 2003d, last: 1990d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in __bread_gfp (3) fs 1 691d 691d 0/25 auto-closed as invalid on 2022/02/04 04:37
upstream INFO: task hung in __bread_gfp exfat 4 1909d 2004d 0/25 auto-closed as invalid on 2019/02/22 10:29
upstream INFO: task hung in __bread_gfp (2) jfs 5 1225d 1232d 0/25 auto-closed as invalid on 2020/07/20 01:01
upstream INFO: task hung in __bread_gfp (4) reiserfs C error 3 216d 277d 0/25 auto-obsoleted due to no activity on 2023/07/25 23:59

Sample crash report:
BTRFS: device fsid ecf6f2a3-2997-48ae-b81e-1b00920efd9a devid 0 transid 0 /dev/loop1
INFO: task syz-executor1:25709 blocked for more than 120 seconds.
      Not tainted 4.9.94-g8683408 #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor1   D26808 25709   3696 0x20020004
 ffff8801d5661800 ffff8801c60daa00 ffff8801a3c29f80 ffff8801a1439800
 ffff8801db321b98 ffff8801d3537070 ffffffff838c040d 0000000041b58ab3
 ffffffff841a49d8 ffffffff81234350 0000000000000001 ffff8801db322468
Call Trace:
 [<ffffffff838c1a0f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3557
 [<ffffffff838cde21>] schedule_timeout+0x861/0xf70 kernel/time/timer.c:1768
 [<ffffffff838bfbea>] io_schedule_timeout+0x1ba/0x390 kernel/sched/core.c:5180
 [<ffffffff838c2e59>] io_schedule include/linux/sched.h:460 [inline]
 [<ffffffff838c2e59>] bit_wait_io+0x19/0xa0 kernel/sched/wait.c:582
 [<ffffffff838c25a3>] __wait_on_bit+0x93/0x120 kernel/sched/wait.c:383
 [<ffffffff838c28d8>] out_of_line_wait_on_bit+0xe8/0x120 kernel/sched/wait.c:396
 [<ffffffff816263e1>] wait_on_bit_io include/linux/wait.h:1070 [inline]
 [<ffffffff816263e1>] __wait_on_buffer fs/buffer.c:124 [inline]
 [<ffffffff816263e1>] wait_on_buffer include/linux/buffer_head.h:347 [inline]
 [<ffffffff816263e1>] __bread_slow fs/buffer.c:1229 [inline]
 [<ffffffff816263e1>] __bread_gfp+0x221/0x270 fs/buffer.c:1423
 [<ffffffff819f8c11>] __bread include/linux/buffer_head.h:389 [inline]
 [<ffffffff819f8c11>] btrfs_read_dev_one_super+0xa1/0x270 fs/btrfs/disk-io.c:3359
 [<ffffffff819f8e4c>] btrfs_read_dev_super.part.52+0x6c/0xd0 fs/btrfs/disk-io.c:3394
 [<ffffffff819f8ec5>] btrfs_read_dev_super+0x15/0x20 fs/btrfs/disk-io.c:3380
 [<ffffffff81a8855e>] btrfs_get_bdev_and_sb+0xde/0x2e0 fs/btrfs/volumes.c:304
 [<ffffffff81a8891a>] __btrfs_open_devices+0x1ba/0xab0 fs/btrfs/volumes.c:986
 [<ffffffff81a8e9e2>] btrfs_open_devices+0xa2/0xb0 fs/btrfs/volumes.c:1059
 [<ffffffff81981865>] btrfs_mount+0xe45/0x2bc0 fs/btrfs/super.c:1603
 [<ffffffff8157b99c>] mount_fs+0x28c/0x370 fs/super.c:1206
 [<ffffffff815daf41>] vfs_kern_mount.part.29+0xd1/0x3d0 fs/namespace.c:991
 [<ffffffff815db280>] vfs_kern_mount+0x40/0x60 fs/namespace.c:973
 [<ffffffff81980e2b>] mount_subvol fs/btrfs/super.c:1395 [inline]
 [<ffffffff81980e2b>] btrfs_mount+0x40b/0x2bc0 fs/btrfs/super.c:1566
 [<ffffffff8157b99c>] mount_fs+0x28c/0x370 fs/super.c:1206
 [<ffffffff815daf41>] vfs_kern_mount.part.29+0xd1/0x3d0 fs/namespace.c:991
 [<ffffffff815e2869>] vfs_kern_mount fs/namespace.c:973 [inline]
 [<ffffffff815e2869>] do_new_mount fs/namespace.c:2512 [inline]
 [<ffffffff815e2869>] do_mount+0x3c9/0x2740 fs/namespace.c:2834
 [<ffffffff8168196c>] C_SYSC_mount fs/compat.c:810 [inline]
 [<ffffffff8168196c>] compat_SyS_mount+0x4fc/0xff0 fs/compat.c:775
 [<ffffffff81006da7>] do_syscall_32_irqs_on arch/x86/entry/common.c:325 [inline]
 [<ffffffff81006da7>] do_fast_syscall_32+0x2f7/0x870 arch/x86/entry/common.c:387
 [<ffffffff838d2a10>] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137

Showing all locks held in the system:
2 locks held by khungtaskd/515:
 #0:  (rcu_read_lock){......}, at: [<ffffffff813646bc>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff813646bc>] watchdog+0x11c/0xa20 kernel/hung_task.c:239
 #1:  (tasklist_lock){.+.+..}, at: [<ffffffff81423bb0>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
1 lock held by rsyslogd/3514:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<ffffffff815d565c>] __fdget_pos+0xac/0xd0 fs/file.c:781
2 locks held by getty/3610:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff838cf4b2>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+.+.}, at: [<ffffffff82007082>] n_tty_read+0x202/0x16b0 drivers/tty/n_tty.c:2133
1 lock held by syz-executor1/25709:
 #0:  (uuid_mutex){+.+.+.}, at: [<ffffffff81a8e967>] btrfs_open_devices+0x27/0xb0 fs/btrfs/volumes.c:1054

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 515 Comm: khungtaskd Not tainted 4.9.94-g8683408 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801d973fd08 ffffffff81d9b509 0000000000000000 0000000000000001
 0000000000000001 0000000000000001 ffffffff810b7d60 ffff8801d973fd40
 ffffffff81da6837 0000000000000001 0000000000000000 0000000000000002
Call Trace:
 [<ffffffff81d9b509>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d9b509>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81da6837>] nmi_cpu_backtrace.cold.2+0x48/0x87 lib/nmi_backtrace.c:99
 [<ffffffff81da67ca>] nmi_trigger_cpumask_backtrace+0x12a/0x14f lib/nmi_backtrace.c:60
 [<ffffffff810b7e64>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff81364c54>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff81364c54>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff81364c54>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff81364c54>] watchdog+0x6b4/0xa20 kernel/hung_task.c:239
 [<ffffffff8119ad2d>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff838d14dc>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.94-g8683408 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffffffff84429800 task.stack: ffffffff84400000
RIP: 0010:[<ffffffff8122ddfe>] c [<ffffffff8122ddfe>] match_held_lock+0x4e/0x570 kernel/locking/lockdep.c:3408
RSP: 0018:ffff8801db207bd0  EFLAGS: 00000083
RAX: dffffc0000000000 RBX: ffffffff84429800 RCX: 0000000000000000
RDX: ffffffff8442a0ea RSI: ffffffff844deea0 RDI: ffffffff8442a0ea
RBP: ffff8801db207c00 R08: 0000000000000001 R09: 000000000000000e
R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff0885418
R13: ffffffff8442a0c8 R14: ffffffff844deea0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007faac4ee7140 CR3: 00000001c9c14000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8801d45518a8c ffffffff84429800c fffffbfff0885418c ffffffff8442a0c8c
 ffffffff844deea0c 0000000000000000c ffff8801db207c40c ffffffff8122e3c2c
 ffffffff8442a0c0c 0000000000000046c ffffffff84429800c ffffffff844deea0c
Call Trace:
 <IRQ> d [<ffffffff8122e3c2>] __lock_is_held+0xa2/0xf0 kernel/locking/lockdep.c:3597
 [<ffffffff8122ebf4>] lock_is_held+0xb4/0x140 kernel/locking/lockdep.c:3794
 [<ffffffff8127a243>] rcu_read_lock_sched_held+0x103/0x120 kernel/rcu/update.c:112
 [<ffffffff811e7c81>] trace_sched_contrib_scale_f include/trace/events/sched.h:590 [inline]
 [<ffffffff811e7c81>] __update_load_avg kernel/sched/fair.c:2873 [inline]
 [<ffffffff811e7c81>] update_cfs_rq_load_avg+0xd41/0x1f10 kernel/sched/fair.c:3291
 [<ffffffff811f016a>] update_blocked_averages+0x26a/0x520 kernel/sched/fair.c:8201
 [<ffffffff81205884>] rebalance_domains+0xe4/0xbc0 kernel/sched/fair.c:10075
 [<ffffffff81206659>] run_rebalance_domains+0x2f9/0x510 kernel/sched/fair.c:10332
 [<ffffffff838d7efb>] __do_softirq+0x20b/0x937 kernel/softirq.c:284
 [<ffffffff81149037>] invoke_softirq kernel/softirq.c:364 [inline]
 [<ffffffff81149037>] irq_exit+0x147/0x190 kernel/softirq.c:405
 [<ffffffff838d5aa1>] smp_reschedule_interrupt+0x71/0x90 arch/x86/kernel/smp.c:270
 [<ffffffff838d3610>] reschedule_interrupt+0xa0/0xb0 arch/x86/entry/entry_64.S:671
 <EOI> d [<ffffffff838cff16>] ? native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:53
 [<ffffffff838cf555>] arch_safe_halt arch/x86/include/asm/paravirt.h:104 [inline]
 [<ffffffff838cf555>] default_idle+0x55/0x360 arch/x86/kernel/process.c:295
 [<ffffffff81069fa0>] arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:286
 [<ffffffff838d0375>] default_idle_call+0x45/0x60 kernel/sched/idle.c:97
 [<ffffffff81220e35>] cpuidle_idle_call kernel/sched/idle.c:155 [inline]
 [<ffffffff81220e35>] cpu_idle_loop kernel/sched/idle.c:248 [inline]
 [<ffffffff81220e35>] cpu_startup_entry+0x2b5/0x380 kernel/sched/idle.c:303
 [<ffffffff838bd1dc>] rest_init+0x183/0x189 init/main.c:409
 [<ffffffff84a73943>] start_kernel+0x67e/0x6b2 init/main.c:664
 [<ffffffff84a7229a>] x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:196
 [<ffffffff84a723db>] x86_64_start_kernel+0x13f/0x162 arch/x86/kernel/head64.c:177
Code: c03 c53 c48 c83 cec c08 c80 c3c c02 c00 c0f c85 c51 c04 c00 c00 c49 c39 c75 c10 c0f c84 cf5 c01 c00 c00 c49 c8d c7d c22 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c48 c89 cfa c<48> cc1 cea c03 c0f cb6 c14 c02 c48 c89 cf8 c83 ce0 c07 c83 cc0 c01 c38 cd0 c7c c08 c

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/04/17 09:58 https://android.googlesource.com/kernel/common android-4.9 8683408f8e81 b80fd3b5 .config console log report ci-android-49-kasan-gce-386
2018/04/04 01:51 https://android.googlesource.com/kernel/common android-4.9 13b40d327b49 676bd07e .config console log report ci-android-49-kasan-gce-386
* Struck through repros no longer work on HEAD.