syzbot


INFO: task hung in grab_super (2)

Status: auto-closed as invalid on 2019/12/19 00:51
Reported-by: syzbot+b68e61faa9f0da982e56@syzkaller.appspotmail.com
First crash: 1702d, last: 1702d
Similar bugs (9)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-414 INFO: task hung in grab_super 4 1997d 1835d 0/1 auto-closed as invalid on 2019/04/28 15:34
linux-4.14 INFO: task hung in grab_super C error 241 510d 1826d 0/1 upstream: reported C repro on 2019/04/19 12:37
android-414 INFO: task hung in grab_super (2) 2 1736d 1758d 0/1 auto-closed as invalid on 2019/11/15 12:55
android-49 INFO: task hung in grab_super 1 2075d 2075d 0/3 auto-closed as invalid on 2019/02/22 13:19
linux-5.15 INFO: task hung in grab_super 1 17d 17d 0/3 upstream: reported on 2024/04/01 06:22
upstream INFO: task hung in grab_super udf C 209 452d 2101d 0/26 closed as dup on 2018/07/18 11:42
linux-6.1 INFO: task hung in grab_super 1 12d 12d 0/3 upstream: reported on 2024/04/06 01:06
linux-4.19 INFO: task hung in grab_super vfs udf C error 249 433d 1827d 0/1 upstream: reported C repro on 2019/04/18 03:33
upstream INFO: task hung in grab_super (2) fs 1 316d 316d 0/26 auto-obsoleted due to no activity on 2023/09/05 02:19

Sample crash report:
INFO: task syz-executor.2:7404 blocked for more than 140 seconds.
      Not tainted 4.9.189+ #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2  D28424  7404   7391 0x00000004
 0000000000000087 ffff8801104a97c0 ffff8801c6e9dd80 ffff8801db621000
 ffff8801d1188000 ffff8801db621018 ffff8801a31b7950 ffffffff82818d1e
 ffff8801a31b78b8 1ffffffff063fba8 0000000000000000 ffff8801db6218f0
Call Trace:
 [<00000000e4cac64a>] schedule+0x92/0x1c0 kernel/sched/core.c:3546
 [<00000000b2a2c9fe>] __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:549 [inline]
 [<00000000b2a2c9fe>] rwsem_down_write_failed+0x3a3/0x750 kernel/locking/rwsem-xadd.c:578
 [<0000000067146471>] call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:105
 [<00000000848a4d27>] __down_write arch/x86/include/asm/rwsem.h:125 [inline]
 [<00000000848a4d27>] down_write+0x5c/0xa0 kernel/locking/rwsem.c:54
 [<0000000023f8875d>] grab_super+0x5e/0x150 fs/super.c:374
 [<000000005f7997e9>] sget_userns+0x2b3/0xc50 fs/super.c:501
 [<000000001b3d174c>] sget+0xd6/0x120 fs/super.c:569
 [<0000000007d8e926>] mount_bdev+0xd5/0x360 fs/super.c:1083
 [<00000000687c9994>] ext4_mount+0x35/0x40 fs/ext4/super.c:5627
 [<0000000016d920d0>] mount_fs+0x27c/0x380 fs/super.c:1216
 [<00000000ff24937e>] vfs_kern_mount.part.0+0xcd/0x4c0 fs/namespace.c:1000
 [<000000006c92b620>] vfs_kern_mount fs/namespace.c:982 [inline]
 [<000000006c92b620>] do_new_mount fs/namespace.c:2549 [inline]
 [<000000006c92b620>] do_mount+0x3c4/0x2970 fs/namespace.c:2871
 [<0000000087b08cab>] SYSC_mount fs/namespace.c:3087 [inline]
 [<0000000087b08cab>] SyS_mount+0xab/0x120 fs/namespace.c:3064
 [<000000006b15ae48>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
 [<00000000d766638e>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

Showing all locks held in the system:
2 locks held by khungtaskd/24:
 #0:  (rcu_read_lock){......}, at: [<000000003c7e7d35>] check_hung_uninterruptible_tasks kernel/hung_task.c:169 [inline]
 #0:  (rcu_read_lock){......}, at: [<000000003c7e7d35>] watchdog+0x14b/0xaf0 kernel/hung_task.c:263
 #1:  (tasklist_lock){.+.+..}, at: [<000000007280c08f>] debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4336
1 lock held by rsyslogd/1895:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<000000002f59267f>] __fdget_pos+0xa8/0xd0 fs/file.c:782
2 locks held by getty/2022:
 #0:  (&tty->ldisc_sem){++++++}, at: [<00000000d0ea184c>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
 #1:  (&ldata->atomic_read_lock){+.+...}, at: [<00000000670c3b61>] n_tty_read+0x1fe/0x1820 drivers/tty/n_tty.c:2156
2 locks held by syz-executor.2/7404:
 #0:  (&bdev->bd_fsfreeze_mutex){+.+.+.}, at: [<00000000c88c1729>] mount_bdev+0x76/0x360 fs/super.c:1077
 #1:  (&type->s_umount_key#32){++++++}, at: [<0000000023f8875d>] grab_super+0x5e/0x150 fs/super.c:374

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.189+ #3
 ffff8801d98d7cc8 ffffffff81b65c01 0000000000000001 0000000000000000
 0000000000000001 ffffffff81099a01 dffffc0000000000 ffff8801d98d7d00
 ffffffff81b70e9c 0000000000000001 0000000000000000 0000000000000001
Call Trace:
 [<00000000acc1100f>] __dump_stack lib/dump_stack.c:15 [inline]
 [<00000000acc1100f>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<00000000f46eb175>] nmi_cpu_backtrace.cold+0x47/0x87 lib/nmi_backtrace.c:99
 [<00000000d3b54162>] nmi_trigger_cpumask_backtrace+0x124/0x155 lib/nmi_backtrace.c:60
 [<000000005ddba64f>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<00000000f44a4a89>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<00000000f44a4a89>] check_hung_task kernel/hung_task.c:126 [inline]
 [<00000000f44a4a89>] check_hung_uninterruptible_tasks kernel/hung_task.c:183 [inline]
 [<00000000f44a4a89>] watchdog+0x670/0xaf0 kernel/hung_task.c:263
 [<00000000ef350e2e>] kthread+0x278/0x310 kernel/kthread.c:211
 [<00000000b9337a7a>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 7391 Comm: syz-executor.2 Not tainted 4.9.189+ #3
task: 00000000c2ca1424 task.stack: 0000000091e32808
RIP: 0010:[<ffffffff81bcc43c>] c [<00000000a1f96c12>] debug_smp_processor_id+0x1c/0x20 lib/smp_processor_id.c:57
RSP: 0018:ffff8801c7d8f648  EFLAGS: 00000092
RAX: 0000000000000000 RBX: 000060fe24614888 RCX: ffffc90001776000
RDX: 0000000000040000 RSI: ffffffff81bcc25c RDI: ffffffff82b45240
RBP: ffff8801c7d8f648 R08: 0000000000000002 R09: 0000000000000000
R10: 0000000000000000 R11: ffffffff81204b70 R12: ffffffff830c31e0
R13: ffffffff830d5a20 R14: ffff8801c7d8f720 R15: 0000000000000000
FS:  00007fd495aa1700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000015b4000 CR3: 000000010aec2000 CR4: 00000000001606b0
DR0: 0000000020000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Stack:
 ffff8801c7d8f748c ffffffff81204c92c ffff8801a98f8000c ffff8801c7d8f800c
 ffffffff8120d360c 00000002812050a0c 000e001800000000c ffffffff830d5a38c
 ffffffff0000000dc 1ffff10038fb1ed4c 1ffff10038fb1ee3c 0000000041b58ab3c
Call Trace:
 [<00000000cf8f0112>] perf_trace_lock_acquire+0x122/0x530 include/trace/events/lock.h:12
 [<000000002e3e53df>] trace_lock_acquire include/trace/events/lock.h:12 [inline]
 [<000000002e3e53df>] lock_acquire+0x29a/0x3d0 kernel/locking/lockdep.c:3755
 [<000000007ad53fbb>] rcu_lock_acquire include/linux/rcupdate.h:491 [inline]
 [<000000007ad53fbb>] rcu_read_lock include/linux/rcupdate.h:873 [inline]
 [<000000007ad53fbb>] find_get_entry+0x4a/0x510 mm/filemap.c:1217
 [<000000006feaaa9a>] pagecache_get_page+0x4a/0x740 mm/filemap.c:1331
 [<0000000032f5a99e>] find_get_page_flags include/linux/pagemap.h:265 [inline]
 [<0000000032f5a99e>] __find_get_block_slow+0xc2/0x370 fs/buffer.c:213
 [<00000000fd642cb9>] __find_get_block+0x299/0x4c0 fs/buffer.c:1361
 [<000000006067962b>] __getblk_slow fs/buffer.c:1102 [inline]
 [<000000006067962b>] __getblk_gfp+0x182/0x700 fs/buffer.c:1387
 [<000000006960ddac>] __bread_gfp+0x2e/0x1f0 fs/buffer.c:1421
 [<00000000dae8661d>] sb_bread_unmovable include/linux/buffer_head.h:306 [inline]
 [<00000000dae8661d>] ext4_fill_super+0x55c/0xb7a0 fs/ext4/super.c:3444
 [<00000000ea2c0d35>] mount_bdev+0x2b8/0x360 fs/super.c:1110
 [<00000000687c9994>] ext4_mount+0x35/0x40 fs/ext4/super.c:5627
 [<0000000016d920d0>] mount_fs+0x27c/0x380 fs/super.c:1216
 [<00000000ff24937e>] vfs_kern_mount.part.0+0xcd/0x4c0 fs/namespace.c:1000
 [<000000006c92b620>] vfs_kern_mount fs/namespace.c:982 [inline]
 [<000000006c92b620>] do_new_mount fs/namespace.c:2549 [inline]
 [<000000006c92b620>] do_mount+0x3c4/0x2970 fs/namespace.c:2871
 [<0000000087b08cab>] SYSC_mount fs/namespace.c:3087 [inline]
 [<0000000087b08cab>] SyS_mount+0xab/0x120 fs/namespace.c:3064
 [<000000006b15ae48>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
 [<00000000d766638e>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: c9b c20 c93 cff c4c c8b c45 cd0 ce9 cac cfe cff cff c66 c90 c55 c48 c89 ce5 ce8 c47 c5f c75 cff c48 cc7 cc6 c00 c52 cb4 c82 c48 cc7 cc7 c40 c52 cb4 c82 ce8 ce4 cfd cff cff c<5d> cc3 c66 c90 c55 c48 c89 ce5 c41 c54 c49 c89 cfc ce8 c22 c5f c75 cff c4c c89 ce6 c

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/08/21 00:50 https://android.googlesource.com/kernel/common android-4.9 9e50cb052183 cfc9868f .config console log report ci-android-49-kasan-gce-root
* Struck through repros no longer work on HEAD.