syzbot


INFO: task hung in sync_inodes_sb (2)

Status: auto-closed as invalid on 2020/02/10 00:14
Reported-by: syzbot+b414a372807528279215@syzkaller.appspotmail.com
First crash: 1811d, last: 1649d
Similar bugs (11)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 INFO: task hung in sync_inodes_sb origin:upstream missing-backport C error 66 10d 405d 0/3 upstream: reported C repro on 2023/03/10 02:13
upstream INFO: task hung in sync_inodes_sb (5) ext4 C error inconclusive 152 9h03m 275d 0/26 upstream: reported C repro on 2023/07/18 04:00
upstream INFO: task hung in sync_inodes_sb (2) fs 4 1822d 1840d 0/26 auto-closed as invalid on 2019/10/19 16:22
upstream INFO: task hung in sync_inodes_sb (3) fs mm C done 6 1566d 1574d 15/26 fixed on 2020/02/14 01:19
upstream INFO: task hung in sync_inodes_sb fs 58 1920d 2158d 0/26 closed as dup on 2018/09/08 15:37
linux-4.14 INFO: task hung in sync_inodes_sb 1 1535d 1535d 0/1 auto-closed as invalid on 2020/06/02 17:26
android-49 INFO: task hung in sync_inodes_sb 11 2060d 2139d 0/3 auto-closed as invalid on 2019/02/24 06:19
upstream INFO: task hung in sync_inodes_sb (4) nilfs C done inconclusive 345 289d 1244d 23/26 fixed on 2023/07/04 09:17
linux-6.1 INFO: task hung in sync_inodes_sb origin:upstream missing-backport C 53 7d11h 405d 0/3 upstream: reported C repro on 2023/03/10 02:07
linux-4.14 INFO: task hung in sync_inodes_sb (2) vfs C 11 428d 1196d 0/1 upstream: reported C repro on 2021/01/07 19:48
linux-4.19 INFO: task hung in sync_inodes_sb xfs C error 13 446d 1287d 0/1 upstream: reported C repro on 2020/10/09 07:19

Sample crash report:
INFO: task syz-executor.5:653 blocked for more than 140 seconds.
      Not tainted 4.9.141+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5  D29912   653  32729 0x00000004
 ffff8800a3518000 ffff8801ceaf3700 ffff88009bf35d80 ffff8801d1a4df00
 ffff8801db721018 ffff880189e97b48 ffffffff828075c2 0000000000000286
 0000000000000002 0000000041b58ab3 00ffffff82e2b9d2 ffff8801db7218f0
Call Trace:
 [<ffffffff82808aef>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
 [<ffffffff815a17c9>] wb_wait_for_completion+0x149/0x1b0 fs/fs-writeback.c:221
 [<ffffffff815a1f6b>] sync_inodes_sb+0x1ab/0x9d0 fs/fs-writeback.c:2412
 [<ffffffff815b1653>] sync_inodes_one_sb+0x43/0x60 fs/sync.c:73
 [<ffffffff81515040>] iterate_supers+0x130/0x260 fs/super.c:593
 [<ffffffff815b1f62>] sys_sync+0xa2/0x170 fs/sync.c:112
 [<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
 [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

Showing all locks held in the system:
2 locks held by khungtaskd/24:
 #0:  (rcu_read_lock){......}, at: [<ffffffff8131c0cc>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff8131c0cc>] watchdog+0x11c/0xa20 kernel/hung_task.c:239
 #1:  (tasklist_lock){.+.?..}, at: [<ffffffff813fe63f>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/2024:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff82815952>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff81d37362>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
4 locks held by kworker/u4:17/22231:
 #0:  ("writeback"){++++.+}, at: [<ffffffff81130f0c>] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
 #1:  ((&(&wb->dwork)->work)){+.+.+.}, at: [<ffffffff81130f44>] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
 #2:  (&type->s_umount_key#32){++++.+}, at: [<ffffffff815149f0>] trylock_super+0x20/0xf0 fs/super.c:393
 #3:  (&sbi->s_journal_flag_rwsem){.+.+.+}, at: [<ffffffff81433d3f>] do_writepages+0xef/0x1d0 mm/page-writeback.c:2331
1 lock held by syz-executor.5/653:
 #0:  (&type->s_umount_key#32){++++.+}, at: [<ffffffff81514ff1>] iterate_supers+0xe1/0x260 fs/super.c:591
1 lock held by syz-executor.5/654:
 #0:  (&type->s_umount_key#32){++++.+}, at: [<ffffffff81514ff1>] iterate_supers+0xe1/0x260 fs/super.c:591

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1
 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000000
 0000000000000000 0000000000000001 ffffffff810983b0 ffff8801d9907d40
 ffffffff81b4df89 0000000000000000 0000000000000000 0000000000000002
Call Trace:
 [<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81b4df89>] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99
 [<ffffffff81b4df1c>] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60
 [<ffffffff810984b4>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff8131c65d>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff8131c65d>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff8131c65d>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff8131c65d>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
 [<ffffffff81142c3d>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff82817a5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 20734 Comm: syz-executor.1 Not tainted 4.9.141+ #1
task: ffff88009aae97c0 task.stack: ffff88009a4b0000
RIP: 0010:[<ffffffff812073a0>] c [<ffffffff812073a0>] trace_hardirqs_on+0x0/0x10 kernel/locking/lockdep.c:2742
RSP: 0018:ffff88009a4b77d0  EFLAGS: 00000006
RAX: 00000000024080c0 RBX: ffff8801da4013c0 RCX: 000000000000000c
RDX: 00000000ffffffff RSI: 0000000000000000 RDI: ffff8801da4013c0
RBP: ffff88009a4b7820 R08: ffff88009aaea070 R09: 0000000000000001
R10: ffff8801ca191750 R11: 0000000000000001 R12: 00000000024080c0
R13: 00000000024000c0 R14: ffff8801db724670 R15: 0000000000000000
FS:  00007f4741b29700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000015f2308 CR3: 00000000aca63000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Stack:
 ffffffff814eb783c 000000000000000cc 024080c000000000c 0000000000000000c
 4a94b9a696c61ca1c 00000000ffffffffc 00000000024080c0c ffff8801da4013c0c
 ffff8801db724670c 0000000000000000c ffff88009a4b78f8c ffffffff814ed97dc
Call Trace:
 [<ffffffff814ed97d>] new_slab_objects mm/slub.c:2419 [inline]
 [<ffffffff814ed97d>] ___slab_alloc.constprop.33+0x2ed/0x470 mm/slub.c:2576
 [<ffffffff814edb50>] __slab_alloc.isra.25.constprop.32+0x50/0xa0 mm/slub.c:2618
 [<ffffffff814ee42e>] slab_alloc_node mm/slub.c:2681 [inline]
 [<ffffffff814ee42e>] slab_alloc mm/slub.c:2723 [inline]
 [<ffffffff814ee42e>] __kmalloc+0x26e/0x310 mm/slub.c:3737
 [<ffffffff815ae043>] kmalloc_array include/linux/slab.h:582 [inline]
 [<ffffffff815ae043>] kcalloc include/linux/slab.h:593 [inline]
 [<ffffffff815ae043>] iter_file_splice_write+0x143/0xb30 fs/splice.c:711
 [<ffffffff815a9ab8>] do_splice_from fs/splice.c:870 [inline]
 [<ffffffff815a9ab8>] direct_splice_actor+0x128/0x190 fs/splice.c:1037
 [<ffffffff815ab6c1>] splice_direct_to_actor+0x2c1/0x7e0 fs/splice.c:992
 [<ffffffff815abd83>] do_splice_direct+0x1a3/0x270 fs/splice.c:1080
 [<ffffffff8150d780>] do_sendfile+0x4f0/0xc30 fs/read_write.c:1393
 [<ffffffff8150f7f1>] SYSC_sendfile64 fs/read_write.c:1448 [inline]
 [<ffffffff8150f7f1>] SyS_sendfile64+0xd1/0x160 fs/read_write.c:1440
 [<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
 [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: cff cff ce8 c84 cbd c2e c00 ce9 c55 cfd cff cff ce8 cba cbc c2e c00 ceb cb3 ce8 cb3 cbc c2e c00 ce9 c3b cff cff cff ce8 ca9 cbc c2e c00 ce9 c43 cfe cff cff c0f c1f c40 c00 c<55> c48 c89 ce5 c48 c8b c7d c08 ce8 c63 cfa cff cff c5d cc3 c90 c55 c48 c89 ce5 c41 c

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/13 00:13 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 426631dd .config console log report ci-android-49-kasan-gce
2019/05/04 03:03 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 d28f4ce5 .config console log report ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.