syzbot

 sign-in | mailing list | source | docs
🐞 Open [106]
🐞 Fixed [1]
🐞 Invalid [166]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
💬 Send us feedback

INFO: rcu detected stall in ext4_filemap_fault (2)

Status: auto-closed as invalid on 2020/03/30 02:23
Reported-by: syzbot+bdf4ed56b8884cda7be4@syzkaller.appspotmail.com
First crash: 1787d, last: 1743d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 INFO: rcu detected stall in ext4_filemap_fault (3) 2 849d 879d 0/1 auto-obsoleted due to no activity on 2022/09/09 17:56
linux-4.19 INFO: rcu detected stall in ext4_filemap_fault (2) 1 1504d 1504d 0/1 auto-closed as invalid on 2020/11/23 02:32
android-49 INFO: rcu detected stall in ext4_filemap_fault C 1 1823d 1823d 0/3 public: reported C repro on 2019/09/11 03:52
upstream INFO: rcu detected stall in ext4_filemap_fault mm 109 2015d 2185d 0/27 closed as dup on 2019/01/02 16:36
android-414 INFO: rcu detected stall in ext4_filemap_fault 1 2084d 1977d 0/1 auto-closed as invalid on 2019/06/22 22:11
linux-4.19 INFO: rcu detected stall in ext4_filemap_fault 4 1693d 1843d 0/1 auto-closed as invalid on 2020/05/18 19:50
linux-4.14 INFO: rcu detected stall in ext4_filemap_fault 1 1747d 1747d 0/1 auto-closed as invalid on 2020/03/25 22:24
upstream INFO: rcu detected stall in ext4_filemap_fault (2) cgroups 1 1789d 1789d 0/27 auto-closed as invalid on 2020/01/13 18:23

Sample crash report:
[ 4443]     0  4443    18246    10146      29       4        0          1000 syz-executor.1
[ 4468]     0  4468    18246    11795      32       4        0          1000 syz-executor.3
[ 4479]     0  4479    18246    10047      29       4        0          1000 syz-executor.1
[ 4532]     0  4532    18279    10228      29       4        0          1000 syz-executor.3
[ 4559]     0  4559    18279    11212      31       4        0          1000 syz-executor.1
INFO: rcu_preempt detected stalls on CPUs/tasks:
	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5008
	(detected by 1, t=10502 jiffies, g=37629, c=37628, q=4)
syz-executor.3  R  running task    26224  5008   5001 0x00000000
Call Trace:
 <IRQ>
 sched_show_task kernel/sched/core.c:5237 [inline]
 sched_show_task.cold+0x342/0x3c0 kernel/sched/core.c:5212
 rcu_print_detail_task_stall_rnp+0xbf/0xf8 kernel/rcu/tree_plugin.h:568
 rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:581 [inline]
 print_other_cpu_stall kernel/rcu/tree.c:1488 [inline]
 check_cpu_stall kernel/rcu/tree.c:1616 [inline]
 __rcu_pending kernel/rcu/tree.c:3390 [inline]
 rcu_pending kernel/rcu/tree.c:3452 [inline]
 rcu_check_callbacks.cold+0x7c2/0xdb2 kernel/rcu/tree.c:2792
 update_process_times+0x24/0x60 kernel/time/timer.c:1590
 tick_sched_handle.isra.0+0x73/0x150 kernel/time/tick-sched.c:161
 tick_sched_timer+0x7e/0x170 kernel/time/tick-sched.c:1321
 __run_hrtimer kernel/time/hrtimer.c:1259 [inline]
 __hrtimer_run_queues+0x28b/0xc40 kernel/time/hrtimer.c:1323
 hrtimer_interrupt+0x1bd/0x490 kernel/time/hrtimer.c:1357
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1075 [inline]
 smp_apic_timer_interrupt+0x147/0x650 arch/x86/kernel/apic/apic.c:1100
 apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:792
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline]
RIP: 0010:console_unlock+0x76a/0xc70 kernel/printk/printk.c:2405
RSP: 0000:ffff888130b3f640 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000007 RBX: 0000000000000200 RCX: 1ffff11038c9c11e
RDX: 0000000000000000 RSI: ffff8881c64e08d0 RDI: 0000000000000297
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffba1ab7f0
R13: ffffffffbcdda1e0 R14: dffffc0000000000 R15: 000000000000006b
 vprintk_emit+0x128/0x330 kernel/printk/printk.c:1923
 vprintk_func+0x58/0x152 kernel/printk/printk_safe.c:401
 printk+0xba/0xed kernel/printk/printk.c:1996
 dump_tasks mm/oom_kill.c:396 [inline]
 dump_header+0x7ab/0x848 mm/oom_kill.c:428
 oom_kill_process.cold+0x10/0xde6 mm/oom_kill.c:861
 out_of_memory mm/oom_kill.c:1084 [inline]
 out_of_memory+0x2d2/0xab0 mm/oom_kill.c:1023
 __alloc_pages_may_oom mm/page_alloc.c:3415 [inline]
 __alloc_pages_slowpath mm/page_alloc.c:4112 [inline]
 __alloc_pages_nodemask+0x1988/0x2370 mm/page_alloc.c:4277
 __alloc_pages include/linux/gfp.h:484 [inline]
 __alloc_pages_node include/linux/gfp.h:497 [inline]
 alloc_pages_node include/linux/gfp.h:511 [inline]
 __page_cache_alloc include/linux/pagemap.h:226 [inline]
 pagecache_get_page+0x246/0x7e0 mm/filemap.c:1517
 filemap_fault+0x8da/0x18a0 mm/filemap.c:2518
 ext4_filemap_fault+0x84/0xb0 fs/ext4/inode.c:6233
 __do_fault+0x100/0x380 mm/memory.c:3223
 do_read_fault mm/memory.c:3633 [inline]
 do_fault mm/memory.c:3759 [inline]
 handle_pte_fault mm/memory.c:3989 [inline]
 __handle_mm_fault+0x9bf/0x2700 mm/memory.c:4113
 handle_mm_fault+0x2f1/0x6da mm/memory.c:4150
 __do_page_fault+0x477/0xbb0 arch/x86/mm/fault.c:1420
 page_fault+0x42/0x50 arch/x86/entry/entry_64.S:1122
RIP: 4c0d71:0x4d3d88
RSP: 0005:000000000075c118 EFLAGS: 7fa6b85c56d4
syz-executor.3  R  running task    26224  5008   5001 0x00000000
Call Trace:
 <IRQ>
 sched_show_task kernel/sched/core.c:5237 [inline]
 sched_show_task.cold+0x342/0x3c0 kernel/sched/core.c:5212
 rcu_print_detail_task_stall_rnp+0xbf/0xf8 kernel/rcu/tree_plugin.h:568
 rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:583 [inline]
 print_other_cpu_stall kernel/rcu/tree.c:1488 [inline]
 check_cpu_stall kernel/rcu/tree.c:1616 [inline]
 __rcu_pending kernel/rcu/tree.c:3390 [inline]
 rcu_pending kernel/rcu/tree.c:3452 [inline]
 rcu_check_callbacks.cold+0x81a/0xdb2 kernel/rcu/tree.c:2792
 update_process_times+0x24/0x60 kernel/time/timer.c:1590
 tick_sched_handle.isra.0+0x73/0x150 kernel/time/tick-sched.c:161
 tick_sched_timer+0x7e/0x170 kernel/time/tick-sched.c:1321
 __run_hrtimer kernel/time/hrtimer.c:1259 [inline]
 __hrtimer_run_queues+0x28b/0xc40 kernel/time/hrtimer.c:1323
 hrtimer_interrupt+0x1bd/0x490 kernel/time/hrtimer.c:1357
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1075 [inline]
 smp_apic_timer_interrupt+0x147/0x650 arch/x86/kernel/apic/apic.c:1100
 apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:792
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline]
RIP: 0010:console_unlock+0x76a/0xc70 kernel/printk/printk.c:2405
RSP: 0000:ffff888130b3f640 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000007 RBX: 0000000000000200 RCX: 1ffff11038c9c11e
RDX: 0000000000000000 RSI: ffff8881c64e08d0 RDI: 0000000000000297
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffba1ab7f0
R13: ffffffffbcdda1e0 R14: dffffc0000000000 R15: 000000000000006b
 vprintk_emit+0x128/0x330 kernel/printk/printk.c:1923
 vprintk_func+0x58/0x152 kernel/printk/printk_safe.c:401
 printk+0xba/0xed kernel/printk/printk.c:1996
 dump_tasks mm/oom_kill.c:396 [inline]
 dump_header+0x7ab/0x848 mm/oom_kill.c:428
 oom_kill_process.cold+0x10/0xde6 mm/oom_kill.c:861
 out_of_memory mm/oom_kill.c:1084 [inline]
 out_of_memory+0x2d2/0xab0 mm/oom_kill.c:1023
 __alloc_pages_may_oom mm/page_alloc.c:3415 [inline]
 __alloc_pages_slowpath mm/page_alloc.c:4112 [inline]
 __alloc_pages_nodemask+0x1988/0x2370 mm/page_alloc.c:4277
 __alloc_pages include/linux/gfp.h:484 [inline]
 __alloc_pages_node include/linux/gfp.h:497 [inline]
 alloc_pages_node include/linux/gfp.h:511 [inline]
 __page_cache_alloc include/linux/pagemap.h:226 [inline]
 pagecache_get_page+0x246/0x7e0 mm/filemap.c:1517
 filemap_fault+0x8da/0x18a0 mm/filemap.c:2518
 ext4_filemap_fault+0x84/0xb0 fs/ext4/inode.c:6233
 __do_fault+0x100/0x380 mm/memory.c:3223
 do_read_fault mm/memory.c:3633 [inline]
 do_fault mm/memory.c:3759 [inline]
 handle_pte_fault mm/memory.c:3989 [inline]
 __handle_mm_fault+0x9bf/0x2700 mm/memory.c:4113
 handle_mm_fault+0x2f1/0x6da mm/memory.c:4150
 __do_page_fault+0x477/0xbb0 arch/x86/mm/fault.c:1420
 page_fault+0x42/0x50 arch/x86/entry/entry_64.S:1122
RIP: 4c0d71:0x4d3d88
RSP: 0005:000000000075c118 EFLAGS: 7fa6b85c56d4
[ 4560]     0  4560    18279    10952      30       4        0          1000 syz-executor.2
[ 4633]     0  4633    18246    12844      34       4        0          1000 syz-executor.1
[ 4688]     0  4688    18279    12844      33       4        0          1000 syz-executor.2
[ 4703]     0  4703    18246    11370      31       4        0          1000 syz-executor.4
[ 4720]     0  4720    18246    12329      33       4        0          1000 syz-executor.1
[ 4890]     0  4890     3649       42      13       3        0             0 getty
[ 4891]     0  4891     3649       42      14       3        0             0 getty
[ 4892]     0  4892     3649       41      13       3        0             0 getty
[ 4893]     0  4893     3649       43      13       3        0             0 getty
[ 4894]     0  4894     3649       42      13       3        0             0 getty
[ 4895]     0  4895     3649       40      12       3        0             0 getty
[ 4955]     0  4955    18312    10327      30       4        0          1000 syz-executor.3
[ 4967]     0  4967    18279     9999      28       4        0          1000 syz-executor.0
[ 4966]     0  4966    18279     9536      28       4        0          1000 syz-executor.1
[ 4968]     0  4968    18279    11378      32       4        0          1000 syz-executor.3
[ 4969]     0  4969    18279     8998      26       4        0          1000 syz-executor.5
[ 4970]     0  4970    18279    10480      29       4        0          1000 syz-executor.2
[ 4972]     0  4972    18246     9548      27       4        0          1000 syz-executor.4
[ 4981]     0  4981       95        1       2       2        0             0 modprobe
[ 4982]     0  4982       55        1       1       1        0             0 modprobe
[ 4984]     0  4984       95        1       2       2        0             0 modprobe
[ 5008]     0  5008    18279    11378      32       4        0          1000 syz-executor.3
[ 5010]     0  5010    18279     8998      26       4        0          1000 syz-executor.5
Out of memory: Kill process 8959 (syz-executor.3) score 1007 or sacrifice child
Killed process 8959 (syz-executor.3) total-vm:72984kB, anon-rss:16560kB, file-rss:34816kB, shmem-rss:0kB
audit: type=1400 audit(2000002429.030:110996): avc:  denied  { map } for  pid=4984 comm="modprobe" path="/etc/ld.so.cache" dev="sda1" ino=2503 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
audit: type=1400 audit(2000002429.120:110997): avc:  denied  { map } for  pid=4982 comm="modprobe" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
audit: type=1400 audit(2000002429.120:110998): avc:  denied  { map } for  pid=4982 comm="modprobe" path="/lib/x86_64-linux-gnu/ld-2.13.so" dev="sda1" ino=2668 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
audit: audit_backlog=65 > audit_backlog_limit=64
audit: audit_backlog=65 > audit_backlog_limit=64
audit: audit_backlog=65 > audit_backlog_limit=64
audit: audit_backlog=65 > audit_backlog_limit=64
audit: audit_lost=4738 audit_rate_limit=0 audit_backlog_limit=64
audit: audit_lost=4739 audit_rate_limit=0 audit_backlog_limit=64
audit: audit_backlog=65 > audit_backlog_limit=64

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/12/01 02:22 android-4.14 714ada7cabc7 a76bf83f .config console log report ci-android-414-kasan-gce-root
2019/10/17 17:27 android-4.14 248a268ad139 8c88c9c1 .config console log report ci-android-414-kasan-gce-root
* Struck through repros no longer work on HEAD.