syzbot

 sign-in | mailing list | source | docs
🐞 Open [712] 🐞 Fixed [297] 🐞 Invalid [838] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: task hung in kernfs_notify_workfn

Status: auto-closed as invalid on 2020/07/25 12:09
Reported-by: syzbot+07bcc35d5870b1f49136@syzkaller.appspotmail.com
First crash: 1485d, last: 1485d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in kernfs_notify_workfn (2) kernfs 1 1555d 1555d 0/26 auto-closed as invalid on 2020/04/16 13:34
upstream INFO: task hung in kernfs_notify_workfn kernfs 3 1723d 1727d 0/26 auto-closed as invalid on 2019/10/31 10:51

Sample crash report:
Node 0 DMA free:10316kB min:220kB low:272kB high:324kB active_anon:5500kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2533 2535 2535 2535
INFO: task kworker/1:0:19 blocked for more than 140 seconds.
      Not tainted 4.19.113-syzkaller #0
Node 0 DMA32 free:35856kB min:36064kB low:45080kB high:54096kB active_anon:1717248kB inactive_anon:1196kB active_file:20kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2597388kB mlocked:0kB kernel_stack:15968kB pagetables:20084kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:0     D25992    19      2 0x80000000
lowmem_reserve[]: 0 0 1 1 1
Node 0 Normal free:4kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:1908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
Workqueue: events kernfs_notify_workfn
lowmem_reserve[]: 0 0 0 0 0
Call Trace:
Node 1 Normal free:53572kB min:53796kB low:67244kB high:80692kB active_anon:3701684kB inactive_anon:4kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870168kB mlocked:0kB kernel_stack:4704kB pagetables:16560kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
 schedule+0x8d/0x1b0 kernel/sched/core.c:3559
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3617
 __mutex_lock_common kernel/locking/mutex.c:1002 [inline]
 __mutex_lock+0x726/0x1300 kernel/locking/mutex.c:1072
 kernfs_notify_workfn+0xed/0x440 fs/kernfs/file.c:886
 process_one_work+0x91f/0x1640 kernel/workqueue.c:2155
 worker_thread+0x96/0xe20 kernel/workqueue.c:2298
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 1*4kB (M) 1*8kB (U) 2*16kB (U) 1*32kB (U) 0*64kB 2*128kB (UM) 1*256kB (U) 1*512kB (M) 1*1024kB (U) 0*2048kB 2*4096kB (M) = 10316kB
Node 0 DMA32: 884*4kB (UME) 1263*8kB (UME) 168*16kB (UME) 91*32kB (UME) 10*64kB (UME) 5*128kB (UE) 2*256kB (UM) 1*512kB (M) 2*1024kB (ME) 2*2048kB (UM) 2*4096kB (M) = 35880kB
 kthread+0x34a/0x420 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Node 0 Normal: 1*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB

Showing all locks held in the system:
3 locks held by init/1:
Node 1 Normal: 161*4kB (UME) 34*8kB (UME) 13*16kB (UME) 19*32kB (UE) 10*64kB (UME) 6*128kB (U) 1*256kB (M) 12*512kB (UE) 11*1024kB (U) 6*2048kB (UM) 5*4096kB (UM) = 53572kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
 #0: 00000000e1344545 (&mm->mmap_sem){++++}, at: __do_page_fault+0x39b/0xdd0 arch/x86/mm/fault.c:1341
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
 #1: 00000000d5303e5b (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6364
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
 #2: 0000000084e8343b (fs_reclaim){+.+.}, at: fs_reclaim_acquire.part.0+0x0/0x30 include/linux/compiler.h:193
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
3 locks held by kworker/1:0/19:
606 total pagecache pages
 #0: 0000000008f2b5d2 ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:220 [inline]
 #0: 0000000008f2b5d2 ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: 0000000008f2b5d2 ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline]
 #0: 0000000008f2b5d2 ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline]
 #0: 0000000008f2b5d2 ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: 0000000008f2b5d2 ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: 0000000008f2b5d2 ((wq_completion)"events"){+.+.}, at: process_one_work+0x81a/0x1640 kernel/workqueue.c:2126
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
344636 pages reserved
 #1: 000000006b206d17 (kernfs_notify_work){+.+.}, at: process_one_work+0x84e/0x1640 kernel/workqueue.c:2130
0 pages cma reserved
Out of memory: Kill process 9287 (syz-executor.2) score 1005 or sacrifice child
Killed process 9287 (syz-executor.2) total-vm:74700kB, anon-rss:2192kB, file-rss:34816kB, shmem-rss:0kB
 #2: 000000001eda788a (kernfs_mutex){+.+.}, at: kernfs_notify_workfn+0xed/0x440 fs/kernfs/file.c:886
1 lock held by khungtaskd/1003:
 #0: 00000000c7e1688c (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4436
2 locks held by kswapd0/1464:
3 locks held by udevd/3772:
 #0: 00000000d51269d4 (&mm->mmap_sem){++++}, at: __do_page_fault+0x39b/0xdd0 arch/x86/mm/fault.c:1341
 #1: 00000000d5303e5b (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6364
 #2: 0000000084e8343b (fs_reclaim){+.+.}, at: fs_reclaim_acquire.part.0+0x0/0x30 include/linux/compiler.h:193
3 locks held by rsyslogd/8038:
 #0: 00000000561614ca (&mm->mmap_sem){++++}, at: __do_page_fault+0x39b/0xdd0 arch/x86/mm/fault.c:1341
 #1: 00000000d5303e5b (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6364
 #2: 0000000084e8343b (fs_reclaim){+.+.}, at: fs_reclaim_acquire.part.0+0x0/0x30 include/linux/compiler.h:193
3 locks held by cron/8081:
 #0: 00000000059e50b8 (&mm->mmap_sem){++++}, at: __do_page_fault+0x39b/0xdd0 arch/x86/mm/fault.c:1341
 #1: 00000000aadf91fd (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6364
 #2: 0000000084e8343b (fs_reclaim){+.+.}, at: fs_reclaim_acquire.part.0+0x0/0x30 include/linux/compiler.h:193
2 locks held by getty/8160:
 #0: 00000000a314d817 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
 #1: 00000000459fffcb (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x217/0x1a50 drivers/tty/n_tty.c:2154
2 locks held by getty/8161:
 #0: 000000009d3e2dfd (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
 #1: 0000000038879a8f (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x217/0x1a50 drivers/tty/n_tty.c:2154
2 locks held by getty/8162:
 #0: 00000000ce00880a (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
 #1: 0000000040669756 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x217/0x1a50 drivers/tty/n_tty.c:2154
2 locks held by getty/8163:
 #0: 000000005a9a5796 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
udevd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=-1000
 #1: 00000000198729ed (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x217/0x1a50 drivers/tty/n_tty.c:2154
2 locks held by getty/8164:
 #0: 00000000936a0ad7 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
 #1: 00000000cdcef176 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x217/0x1a50 drivers/tty/n_tty.c:2154
2 locks held by getty/8165:
udevd cpuset=/ mems_allowed=0-1
 #0: 0000000060a4da8a (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
CPU: 0 PID: 15462 Comm: udevd Not tainted 4.19.113-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 dump_header+0x159/0xa5e mm/oom_kill.c:441
 oom_kill_process.cold+0x10/0x6dc mm/oom_kill.c:954
 out_of_memory mm/oom_kill.c:1130 [inline]
 out_of_memory+0x349/0x1250 mm/oom_kill.c:1062
 __alloc_pages_may_oom mm/page_alloc.c:3551 [inline]
 __alloc_pages_slowpath+0x1f84/0x26a0 mm/page_alloc.c:4253
 __alloc_pages_nodemask+0x5b6/0x6a0 mm/page_alloc.c:4417
 alloc_pages_current+0xff/0x200 mm/mempolicy.c:2197
 alloc_pages include/linux/gfp.h:532 [inline]
 __page_cache_alloc mm/filemap.c:969 [inline]
 __page_cache_alloc+0x2ba/0x450 mm/filemap.c:954
 #1: 000000008fdd9c2a (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x217/0x1a50 drivers/tty/n_tty.c:2154
 page_cache_read mm/filemap.c:2408 [inline]
 filemap_fault+0xf42/0x1e20 mm/filemap.c:2592
2 locks held by getty/8166:
 #0: 0000000030fdccea (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
 #1: 000000001abd5f48 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x217/0x1a50 drivers/tty/n_tty.c:2154
 ext4_filemap_fault+0x84/0xb0 fs/ext4/inode.c:6365
 __do_fault+0x10d/0x470 mm/memory.c:3269
 do_read_fault mm/memory.c:3681 [inline]
 do_fault mm/memory.c:3810 [inline]
 handle_pte_fault mm/memory.c:4041 [inline]
 __handle_mm_fault+0x2ae7/0x3b60 mm/memory.c:4165
 handle_mm_fault+0x1a5/0x670 mm/memory.c:4202
 __do_page_fault+0x5ed/0xdd0 arch/x86/mm/fault.c:1412
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1204
RIP: 0033:0x7f61b30e5943
Code: Bad RIP value.
RSP: 002b:00007ffe9881c6a8 EFLAGS: 00010246
3 locks held by udevd/8172:
RAX: 0000000000000000 RBX: 0000000001aea030 RCX: 00007f61b30e5943
RDX: 0000000000000004 RSI: 00007ffe9881c770 RDI: 0000000000000007
RBP: 0000000000625500 R08: 00007ffe9886f000 R09: 00000099ea6008ca
R10: 000000000000eb2a R11: 0000000000000246 R12: 0000000001b77f70
R13: 00007ffe9881d7c7 R14: 0000000000000005 R15: 0000000001aea030
 #0: 00000000894b73b0 (&type->i_mutex_dir_key#5){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
 #0: 00000000894b73b0 (&type->i_mutex_dir_key#5){++++}, at: lookup_slow+0x43/0x70 fs/namei.c:1688
Mem-Info:
active_anon:1356311 inactive_anon:300 isolated_anon:0
 active_file:53 inactive_file:96 isolated_file:17
 unevictable:0 dirty:0 writeback:0 unstable:0
 slab_reclaimable:15383 slab_unreclaimable:114971
 mapped:52337 shmem:369 pagetables:9139 bounce:0
 free:24981 free_pcp:62 free_cma:0
 #1: 000000001eda788a (kernfs_mutex){+.+.}, at: kernfs_iop_lookup+0x4a/0x230 fs/kernfs/dir.c:1080
Node 0 active_anon:1723572kB inactive_anon:1196kB active_file:164kB inactive_file:284kB unevictable:0kB isolated(anon):0kB isolated(file):208kB mapped:209344kB dirty:0kB writeback:0kB shmem:1452kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 512000kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
 #2: 0000000084e8343b (fs_reclaim){+.+.}, at: fs_reclaim_acquire.part.0+0x0/0x30 include/linux/compiler.h:193
3 locks held by syz-fuzzer/8185:
 #0: 000000007b8076f3 (&mm->mmap_sem){++++}, at: __do_page_fault+0x39b/0xdd0 arch/x86/mm/fault.c:1341
 #1: 0000000002eaeafc (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6364
 #2: 0000000084e8343b (fs_reclaim){+.+.}, at: fs_reclaim_acquire.part.0+0x0/0x30 include/linux/compiler.h:193
3 locks held by syz-fuzzer/8186:
 #0: 000000007b8076f3 (&mm->mmap_sem){++++}, at: __do_page_fault+0x39b/0xdd0 arch/x86/mm/fault.c:1341
 #1: 0000000002eaeafc (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6364
 #2: 0000000084e8343b (fs_reclaim){+.+.}, at: fs_reclaim_acquire.part.0+0x0/0x30 include/linux/compiler.h:193
Node 1 active_anon:3701680kB inactive_anon:4kB active_file:28kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:24kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
Node 0 DMA free:10316kB min:220kB low:272kB high:324kB active_anon:5500kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
3 locks held by syz-fuzzer/8193:
 #0: 000000007b8076f3 (&mm->mmap_sem){++++}, at: __do_page_fault+0x39b/0xdd0 arch/x86/mm/fault.c:1341
 #1: 0000000002eaeafc (&ei->i_mmap_sem){++++}, at: ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6364
lowmem_reserve[]: 0 2533 2535 2535 2535
 #2: 0000000084e8343b (fs_reclaim){+.+.}, at: fs_reclaim_acquire.part.0+0x0/0x30 include/linux/compiler.h:193
3 locks held by syz-fuzzer/8201:
Node 0 DMA32 free:35824kB min:36064kB low:45080kB high:54096kB active_anon:1718080kB inactive_anon:1196kB active_file:148kB inactive_file:412kB unevictable:0kB writepending:0kB present:3129332kB managed:2597388kB mlocked:0kB kernel_stack:15936kB pagetables:19996kB bounce:0kB free_pcp:796kB local_pcp:308kB free_cma:0kB
 #0: 000000007b8076f3 (&mm->mmap_sem){++++}, at: __do_page_fault+0x39b/0xdd0 arch/x86/mm/fault.c:1341
lowmem_reserve[]: 0 0 1 1 1
Node 0 Normal free:4kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:1908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/03/27 12:08 linux-4.19.y 54b4fa6d3955 9af8b4b3 .config console log report ci2-linux-4-19
* Struck through repros no longer work on HEAD.