syzbot

 sign-in | mailing list | source | docs
🐞 Open [1118] 🐞 Fixed [4192] 🐞 Invalid [9322] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

INFO: task hung in corrupted (2)

Status: upstream: reported C repro on 2020/06/01 11:30
Reported-by: syzbot+6921abfb75d6fc79c0eb@syzkaller.appspotmail.com
First crash: 916d, last: 485d

Cause bisection: introduced by (bisect log) :
commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10
Author: Andrey Konovalov <andreyknvl@google.com>
Date: Mon Feb 24 16:13:03 2020 +0000

  usb: gadget: add raw-gadget interface

Crash: INFO: task hung in fsnotify_mark_destroy_workfn (log)
Repro: C syz .config

Fix bisection: the fix commit could be any of (bisect log):
  3dd0130f2430 Merge branch 'akpm' (patches from Andrew)
  9e9fb7655ed5 Merge tag 'net-next-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in corrupted syz 1 1586d 1586d 0/24 closed as invalid on 2018/07/29 11:55
android-44 INFO: task hung in corrupted syz 1 1308d 1308d 0/2 public: reported syz repro on 2019/05/02 02:15
linux-4.19 INFO: task hung in corrupted syz error 2 342d 351d 0/1 upstream: reported syz repro on 2021/12/14 06:15
Patch testing requests:
Created Duration User Patch Repo Result
2022/10/01 15:30 16m upstream OK log
2022/10/01 13:30 17m upstream OK log
2022/10/01 12:30 16m upstream OK log
2022/10/01 10:30 14m upstream report log
2022/10/01 08:30 19m upstream OK log
2022/10/01 05:30 19m upstream OK log
2022/10/01 03:30 20m upstream OK log
2022/10/01 01:30 16m upstream OK log
2022/09/30 22:30 14m upstream report log
2022/09/30 18:30 19m upstream OK log
2022/09/30 14:30 14m upstream report log
2022/09/30 11:30 17m upstream report log
2022/09/30 09:30 17m upstream report log
2022/09/30 07:30 14m upstream report log
2022/09/30 04:30 14m upstream report log

Sample crash report:
INFO: task syz-executor931:6845 blocked for more than 143 seconds.
      Not tainted 5.9.0-rc8-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor931 state:D stack:28128 pid: 6845 ppid:  6839 flags:0x00004000
Call Trace:
 context_switch kernel/sched/core.c:3778 [inline]
 __schedule+0x9b9/0xd20 kernel/sched/core.c:4527

Showing all locks held in the system:
2 locks held by kworker/u4:0/7:
 #0: ffff88821ae2d138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x6f4/0xfc0 kernel/workqueue.c:2242
 #1: ffffc90000cdfd80 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x733/0xfc0 kernel/workqueue.c:2244
1 lock held by khungtaskd/1178:
 #0: ffffffff896fe550 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 arch/x86/pci/mmconfig_64.c:151
1 lock held by in:imklog/6529:
 #0: ffff8880a9243630 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x253/0x2f0 fs/file.c:930
2 locks held by syz-executor931/6845:
 #0: ffff8880939060e0 (&type->s_umount_key#49){+.+.}-{3:3}, at: deactivate_super+0x96/0xd0 fs/super.c:365
 #1: ffff8880a12aa730 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:344 [inline]
 #1: ffff8880a12aa730 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: sync_inodes_sb+0x1d3/0x9b0 fs/fs-writeback.c:2556

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1178 Comm: khungtaskd Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d6/0x29e lib/dump_stack.c:118
 nmi_cpu_backtrace+0x9f/0x180 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x16a/0x280 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline]
 watchdog+0xd65/0xdb0 kernel/hung_task.c:295
 kthread+0x37e/0x3a0 drivers/block/aoe/aoecmd.c:1234
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 6850 Comm: segctord Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:arch_test_and_set_bit arch/x86/include/asm/bitops.h:138 [inline]
RIP: 0010:arch_test_and_set_bit_lock arch/x86/include/asm/bitops.h:144 [inline]
RIP: 0010:test_and_set_bit_lock include/asm-generic/bitops/instrumented-lock.h:56 [inline]
RIP: 0010:trylock_page include/linux/pagemap.h:539 [inline]
RIP: 0010:lock_page include/linux/pagemap.h:548 [inline]
RIP: 0010:pagecache_get_page+0x123/0xe50 mm/filemap.c:1780
Code: 01 31 ff e8 9f 76 dd ff 48 89 e8 48 83 e0 01 0f 85 d2 01 00 00 48 89 df be 08 00 00 00 e8 b5 26 1d 00 31 f6 f0 48 0f ba 2b 00 <0f> 92 c3 40 0f 92 c6 31 ff e8 8f 74 dd ff 84 db 0f 85 8c 00 00 00
RSP: 0018:ffffc90005327730 EFLAGS: 00000246
RAX: 0000000000000001 RBX: ffffea0002573240 RCX: ffffffff81978c1b
RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffea0002573240
RBP: ffffea0002349008 R08: dffffc0000000000 R09: fffff940004ae649
R10: fffff940004ae649 R11: 0000000000000000 R12: 1ffffd40004ae649
R13: ffffea0002573248 R14: dffffc0000000000 R15: 0000000000000007
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4286aaa000 CR3: 0000000093ca3000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 find_or_create_page include/linux/pagemap.h:349 [inline]
 grab_cache_page include/linux/pagemap.h:425 [inline]
 nilfs_grab_buffer+0x87/0x680 fs/nilfs2/page.c:57
 nilfs_mdt_submit_block+0x81/0x6b0 fs/nilfs2/mdt.c:121
 nilfs_mdt_read_block+0x46/0x3e0 fs/nilfs2/mdt.c:175
 nilfs_mdt_get_block+0x3f/0xa0 fs/nilfs2/mdt.c:250
 nilfs_sufile_get_segment_usage_block fs/nilfs2/sufile.c:92 [inline]
 nilfs_sufile_set_segment_usage+0xdb/0x520 fs/nilfs2/sufile.c:525
 nilfs_cancel_segusage fs/nilfs2/segment.c:1456 [inline]
 nilfs_segctor_abort_construction+0x786/0xde0 fs/nilfs2/segment.c:1797
 nilfs_segctor_do_construct+0x714b/0x78a0 fs/nilfs2/segment.c:2105
 nilfs_segctor_construct+0x14b/0x940 fs/nilfs2/segment.c:2377
 nilfs_segctor_thread_construct fs/nilfs2/segment.c:2485 [inline]
 nilfs_segctor_thread+0x457/0x1040 fs/nilfs2/segment.c:2568
 kthread+0x37e/0x3a0 drivers/block/aoe/aoecmd.c:1234
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Crashes (15):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2020/10/12 11:14 upstream 3dd0130f2430 4a77ae0b .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/09/06 09:09 upstream 9322c47b21b9 abf9ba4f .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/09/03 01:32 upstream 9c7d619be5a0 abf9ba4f .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/09/01 12:31 upstream b51594df17d0 d5a3ae1f .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/08/30 20:51 upstream 1127b219ce94 d5a3ae1f .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/08/24 04:33 upstream cb95712138ec cef5ae68 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/05/28 11:24 upstream b0c3ba31be3e 142a0957 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/08/29 19:09 upstream 4d41ead6ead9 d5a3ae1f .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/08/11 05:15 upstream fc80c51fd4b2 7adc7b65 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/08/09 13:45 upstream 06a81c1c7db9 f721e4a0 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/07/05 06:18 upstream 7cc2a8ea1048 51095195 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/07/05 02:27 upstream 7cc2a8ea1048 51095195 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/09/04 08:49 upstream e28f0104343d abf9ba4f .config log report syz
ci-upstream-kasan-gce-smack-root 2020/07/26 21:34 upstream 04300d66f0a0 51265195 .config log report syz
ci-upstream-kasan-gce-smack-root 2020/07/15 17:38 upstream e9919e11e219 f3bec699 .config log report syz
* Struck through repros no longer work on HEAD.