syzbot

 sign-in | mailing list | source | docs
🐞 Open [976] 🐞 Fixed [3872] 🐞 Invalid [8354] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

INFO: task hung in sync_inodes_sb (4)

Status: upstream: reported C repro on 2020/11/21 04:55
Reported-by: syzbot+7d50f1e54a12ba3aeae2@syzkaller.appspotmail.com
First crash: 591d, last: 80d

Cause bisection: introduced by (bisect log) :
commit c68df2e7be0c1238ea3c281fd744a204ef3b15a0
Author: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Date: Thu Sep 15 13:30:02 2016 +0000

  mac80211: allow using AP_LINK_PS with mac80211-generated TIM IE

Crash: general protection fault in batadv_iv_ogm_queue_add (log)
Repro: C syz .config

Fix bisection: the fix commit could be any of (bisect log):
  34816d20f173 Merge tag 'gfs2-v5.10-rc5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2
  f55966571d5e Merge tag 'drm-next-2021-07-08-1' of git://anongit.freedesktop.org/drm/drm
similar bugs (8):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in sync_inodes_sb (2) 4 1166d 1183d 0/22 auto-closed as invalid on 2019/10/19 16:22
upstream INFO: task hung in sync_inodes_sb (3) C done 6 909d 917d 16/22 fixed on 2020/02/14 01:19
upstream INFO: task hung in sync_inodes_sb 58 1263d 1502d 0/22 closed as dup on 2018/09/08 15:37
linux-4.14 INFO: task hung in sync_inodes_sb 1 879d 879d 0/1 auto-closed as invalid on 2020/06/02 17:26
android-49 INFO: task hung in sync_inodes_sb 11 1403d 1482d 0/3 auto-closed as invalid on 2019/02/24 06:19
android-49 INFO: task hung in sync_inodes_sb (2) 2 992d 1154d 0/3 auto-closed as invalid on 2020/02/10 00:14
linux-4.14 INFO: task hung in sync_inodes_sb (2) C 6 13d 539d 0/1 upstream: reported C repro on 2021/01/07 19:48
linux-4.19 INFO: task hung in sync_inodes_sb C error 4 208d 630d 0/1 upstream: reported C repro on 2020/10/09 07:19
Patch testing requests:
Created Duration User Patch Repo Result
2021/04/20 03:11 11m ducheng2@gmail.com upstream report log

Sample crash report:
INFO: task syz-executor266:8455 blocked for more than 143 seconds.
      Not tainted 5.10.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor266 state:D stack:27448 pid: 8455 ppid:  8449 flags:0x00004000
Call Trace:
 context_switch kernel/sched/core.c:3779 [inline]
 __schedule+0x893/0x2130 kernel/sched/core.c:4528
 schedule+0xcf/0x270 kernel/sched/core.c:4606
 wb_wait_for_completion+0x17b/0x230 fs/fs-writeback.c:209
 sync_inodes_sb+0x1a6/0x9d0 fs/fs-writeback.c:2559
 __sync_filesystem fs/sync.c:34 [inline]
 sync_filesystem fs/sync.c:67 [inline]
 sync_filesystem+0x15c/0x260 fs/sync.c:48
 generic_shutdown_super+0x70/0x370 fs/super.c:448
 kill_block_super+0x97/0xf0 fs/super.c:1446
 deactivate_locked_super+0x94/0x160 fs/super.c:335
 deactivate_super+0xad/0xd0 fs/super.c:366
 cleanup_mnt+0x3a3/0x530 fs/namespace.c:1118
 task_work_run+0xdd/0x190 kernel/task_work.c:151
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
 exit_to_user_mode_prepare+0x17e/0x1a0 kernel/entry/common.c:191
 syscall_exit_to_user_mode+0x38/0x260 kernel/entry/common.c:266
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x448617
RSP: 002b:00007ffe69ca89e8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007ffe69ca9b60 RCX: 0000000000448617
RDX: 0000000000400bb0 RSI: 0000000000000002 RDI: 00007ffe69ca8a90
RBP: 00000000000cd1c7 R08: 0000000000000000 R09: 0000000000000009
R10: 0000000000000005 R11: 0000000000000206 R12: 00007ffe69ca9b00
R13: 0000000000742880 R14: 0000000000000000 R15: 0000000000000000

Showing all locks held in the system:
2 locks held by kworker/u4:0/8:
 #0: ffff88814155c138 ((wq_completion)writeback){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88814155c138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
 #0: ffff88814155c138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff88814155c138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
 #0: ffff88814155c138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff88814155c138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 kernel/workqueue.c:2243
 #1: ffffc90000cd7da8 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 kernel/workqueue.c:2247
1 lock held by khungtaskd/1640:
 #0: ffffffff8b3378e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6254
2 locks held by syz-executor266/8455:
 #0: ffff88802f44a0e0 (&type->s_umount_key#48){+.+.}-{3:3}, at: deactivate_super+0xa5/0xd0 fs/super.c:365
 #1: ffff888018e5a708 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:344 [inline]
 #1: ffff888018e5a708 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: sync_inodes_sb+0x18c/0x9d0 fs/fs-writeback.c:2557

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1640 Comm: khungtaskd Not tainted 5.10.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105
 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline]
 watchdog+0xd43/0xfa0 kernel/hung_task.c:294
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline]
NMI backtrace for cpu 1 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline]
NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]
NMI backtrace for cpu 1 skipped: idling at acpi_idle_do_entry+0x1c9/0x250 drivers/acpi/processor_idle.c:517

Crashes (6):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2020/12/04 02:11 upstream 34816d20f173 e6b0d314 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/11/17 04:47 linux-next 034307507118 1bf9a662 .config log report syz C
ci-upstream-kasan-gce-selinux-root 2022/04/12 16:55 upstream ce522ba9ef7e af01ee7d .config log report info INFO: task hung in sync_inodes_sb
ci-upstream-kasan-gce-smack-root 2021/11/18 02:00 upstream ee1703cda8dc cafff8b6 .config log report info INFO: task hung in sync_inodes_sb
ci-upstream-kasan-gce-selinux-root 2021/02/06 20:50 upstream 1e0d27fce010 0655e081 .config log report info INFO: task hung in sync_inodes_sb
ci-upstream-linux-next-kasan-gce-root 2021/08/01 21:48 linux-next 8d4b477da1a8 6c236867 .config log report info INFO: task hung in sync_inodes_sb