INFO: task hung in __writeback_inodes_sb_nr
6 views
Skip to first unread message
syzbot
Apr 13, 2019, 8:02:28 PM4/13/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: e525d2cf ANDROID: modpost: add an exception for CFI stubs
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=1764ae7d400000
kernel config: https://syzkaller.appspot.com/x/.config?x=8635b07ba72cc81f
dashboard link: https://syzkaller.appspot.com/bug?extid=4a050bf97b11393d2648
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+4a050b...@syzkaller.appspotmail.com
audit: type=1400 audit(1544547248.466:67358): avc: denied { map } for
pid=8139 comm="getty" path="/sbin/getty" dev="sda1" ino=16170
scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0
tclass=file permissive=1
INFO: task syz-executor0:8061 blocked for more than 140 seconds.
Not tainted 4.14.87+ #21
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0 D29784 8061 1845 0x00000004
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
wb_wait_for_completion+0x12c/0x190 fs/fs-writeback.c:221
__writeback_inodes_sb_nr+0x1d4/0x280 fs/fs-writeback.c:2310
__sync_filesystem fs/sync.c:36 [inline]
sync_filesystem+0x8a/0x230 fs/sync.c:64
SYSC_syncfs fs/sync.c:166 [inline]
SyS_syncfs+0x88/0xe0 fs/sync.c:155
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457679
RSP: 002b:00007f2930fd8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000132
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457679
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2930fd96d4
R13: 00000000004c536f R14: 00000000004d9820 R15: 00000000ffffffff
Showing all locks held in the system:
1 lock held by khungtaskd/23:
#0: (tasklist_lock){.+.+}, at: [<ffffffffb8004947>]
debug_show_all_locks+0x74/0x20f kernel/locking/lockdep.c:4541
2 locks held by getty/1757:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffffb8b409b0>]
tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffffb8b3be0f>]
n_tty_read+0x1ff/0x1700 drivers/tty/n_tty.c:2156
3 locks held by kworker/u4:28/28501:
#0: ("writeback"){+.+.}, at: [<ffffffffb7f29534>]
process_one_work+0x784/0x1670 kernel/workqueue.c:2085
#1: ((&(&wb->dwork)->work)){+.+.}, at: [<ffffffffb7f2956c>]
process_one_work+0x7bc/0x1670 kernel/workqueue.c:2089
#2: (&type->s_umount_key#23){++++}, at: [<ffffffffb836629a>]
trylock_super+0x1a/0xe0 fs/super.c:402
1 lock held by syz-executor0/8061:
#0: (&type->s_umount_key#34){++++}, at: [<ffffffffb84037b0>] SYSC_syncfs
fs/sync.c:165 [inline]
#0: (&type->s_umount_key#34){++++}, at: [<ffffffffb84037b0>]
SyS_syncfs+0x80/0xe0 fs/sync.c:155
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 23 Comm: khungtaskd Not tainted 4.14.87+ #21
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x11b lib/dump_stack.c:53
nmi_cpu_backtrace.cold.0+0x47/0x85 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x121/0x146 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
watchdog+0x574/0xa70 kernel/hung_task.c:252
kthread+0x348/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 15831 Comm: loop0 Not tainted 4.14.87+ #21
task: ffff8881d07eaf00 task.stack: ffff8881c9d30000
RIP: 0010:strlen+0x54/0x90 lib/string.c:482
RSP: 0018:ffff8881c9d375d0 EFLAGS: 00000006
RAX: ffffffffb9d2a003 RBX: dffffc0000000000 RCX: 0000000000000003
RDX: 0000000000000000 RSI: ffffffffbb805c98 RDI: ffffffffb9d2a000
RBP: ffffffffb9d2a000 R08: 0000000000000001 R09: 0000000000000000
R10: ffff8881d07eb7a8 R11: 0000000000000001 R12: 1ffff110393a6ec4
R13: ffffffffba2c0000 R14: ffff8881c9d376c0 R15: ffffffffbb805c98
FS: 0000000000000000(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000157c3e0 CR3: 00000001bd826002 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
trace_event_get_offsets_lock include/trace/events/lock.h:39 [inline]
perf_trace_lock+0xdd/0x4c0 include/trace/events/lock.h:39
trace_lock_release include/trace/events/lock.h:58 [inline]
lock_release+0x4dc/0x720 kernel/locking/lockdep.c:4009
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_unlock_irqrestore+0x1b/0x70 kernel/locking/spinlock.c:192
spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
avc_reclaim_node security/selinux/avc.c:539 [inline]
avc_alloc_node+0x30f/0x3b0 security/selinux/avc.c:557
avc_insert security/selinux/avc.c:668 [inline]
avc_compute_av+0x175/0x570 security/selinux/avc.c:974
avc_has_perm_noaudit security/selinux/avc.c:1110 [inline]
avc_has_perm+0x34f/0x390 security/selinux/avc.c:1144
file_has_perm+0x179/0x360 security/selinux/hooks.c:1844
selinux_revalidate_file_permission security/selinux/hooks.c:3437 [inline]
selinux_file_permission+0x305/0x440 security/selinux/hooks.c:3458
security_file_permission+0x7c/0x1e0 security/security.c:867
rw_verify_area+0xd6/0x280 fs/read_write.c:386
do_iter_write+0xd9/0x530 fs/read_write.c:952
vfs_iter_write+0x70/0xa0 fs/read_write.c:970
lo_write_bvec+0x119/0x330 drivers/block/loop.c:272
lo_write_simple drivers/block/loop.c:294 [inline]
do_req_filebacked drivers/block/loop.c:577 [inline]
loop_handle_cmd drivers/block/loop.c:1737 [inline]
loop_queue_work+0xaaa/0x1e9a drivers/block/loop.c:1751
kthread_worker_fn+0x27e/0x6a0 kernel/kthread.c:642
kthread+0x348/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Code: c0 75 48 80 7d 00 00 74 39 48 bb 00 00 00 00 00 fc ff df 48 89 e8 48
83 c0 01 48 89 c2 48 89 c1 48 c1 ea 03 83 e1 07 0f b6 14 1a <38> ca 7f 04
84 d2 75 1f 80 38 00 75 de 48 83 c4 08 48 29 e8 5b
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: e525d2cf ANDROID: modpost: add an exception for CFI stubs
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=1764ae7d400000
kernel config: https://syzkaller.appspot.com/x/.config?x=8635b07ba72cc81f
dashboard link: https://syzkaller.appspot.com/bug?extid=4a050bf97b11393d2648
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+4a050b...@syzkaller.appspotmail.com
audit: type=1400 audit(1544547248.466:67358): avc: denied { map } for
pid=8139 comm="getty" path="/sbin/getty" dev="sda1" ino=16170
scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0
tclass=file permissive=1
INFO: task syz-executor0:8061 blocked for more than 140 seconds.
Not tainted 4.14.87+ #21
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0 D29784 8061 1845 0x00000004
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
wb_wait_for_completion+0x12c/0x190 fs/fs-writeback.c:221
__writeback_inodes_sb_nr+0x1d4/0x280 fs/fs-writeback.c:2310
__sync_filesystem fs/sync.c:36 [inline]
sync_filesystem+0x8a/0x230 fs/sync.c:64
SYSC_syncfs fs/sync.c:166 [inline]
SyS_syncfs+0x88/0xe0 fs/sync.c:155
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457679
RSP: 002b:00007f2930fd8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000132
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457679
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2930fd96d4
R13: 00000000004c536f R14: 00000000004d9820 R15: 00000000ffffffff
Showing all locks held in the system:
1 lock held by khungtaskd/23:
#0: (tasklist_lock){.+.+}, at: [<ffffffffb8004947>]
debug_show_all_locks+0x74/0x20f kernel/locking/lockdep.c:4541
2 locks held by getty/1757:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffffb8b409b0>]
tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffffb8b3be0f>]
n_tty_read+0x1ff/0x1700 drivers/tty/n_tty.c:2156
3 locks held by kworker/u4:28/28501:
#0: ("writeback"){+.+.}, at: [<ffffffffb7f29534>]
process_one_work+0x784/0x1670 kernel/workqueue.c:2085
#1: ((&(&wb->dwork)->work)){+.+.}, at: [<ffffffffb7f2956c>]
process_one_work+0x7bc/0x1670 kernel/workqueue.c:2089
#2: (&type->s_umount_key#23){++++}, at: [<ffffffffb836629a>]
trylock_super+0x1a/0xe0 fs/super.c:402
1 lock held by syz-executor0/8061:
#0: (&type->s_umount_key#34){++++}, at: [<ffffffffb84037b0>] SYSC_syncfs
fs/sync.c:165 [inline]
#0: (&type->s_umount_key#34){++++}, at: [<ffffffffb84037b0>]
SyS_syncfs+0x80/0xe0 fs/sync.c:155
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 23 Comm: khungtaskd Not tainted 4.14.87+ #21
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x11b lib/dump_stack.c:53
nmi_cpu_backtrace.cold.0+0x47/0x85 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x121/0x146 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
watchdog+0x574/0xa70 kernel/hung_task.c:252
kthread+0x348/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 15831 Comm: loop0 Not tainted 4.14.87+ #21
task: ffff8881d07eaf00 task.stack: ffff8881c9d30000
RIP: 0010:strlen+0x54/0x90 lib/string.c:482
RSP: 0018:ffff8881c9d375d0 EFLAGS: 00000006
RAX: ffffffffb9d2a003 RBX: dffffc0000000000 RCX: 0000000000000003
RDX: 0000000000000000 RSI: ffffffffbb805c98 RDI: ffffffffb9d2a000
RBP: ffffffffb9d2a000 R08: 0000000000000001 R09: 0000000000000000
R10: ffff8881d07eb7a8 R11: 0000000000000001 R12: 1ffff110393a6ec4
R13: ffffffffba2c0000 R14: ffff8881c9d376c0 R15: ffffffffbb805c98
FS: 0000000000000000(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000157c3e0 CR3: 00000001bd826002 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
trace_event_get_offsets_lock include/trace/events/lock.h:39 [inline]
perf_trace_lock+0xdd/0x4c0 include/trace/events/lock.h:39
trace_lock_release include/trace/events/lock.h:58 [inline]
lock_release+0x4dc/0x720 kernel/locking/lockdep.c:4009
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_unlock_irqrestore+0x1b/0x70 kernel/locking/spinlock.c:192
spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
avc_reclaim_node security/selinux/avc.c:539 [inline]
avc_alloc_node+0x30f/0x3b0 security/selinux/avc.c:557
avc_insert security/selinux/avc.c:668 [inline]
avc_compute_av+0x175/0x570 security/selinux/avc.c:974
avc_has_perm_noaudit security/selinux/avc.c:1110 [inline]
avc_has_perm+0x34f/0x390 security/selinux/avc.c:1144
file_has_perm+0x179/0x360 security/selinux/hooks.c:1844
selinux_revalidate_file_permission security/selinux/hooks.c:3437 [inline]
selinux_file_permission+0x305/0x440 security/selinux/hooks.c:3458
security_file_permission+0x7c/0x1e0 security/security.c:867
rw_verify_area+0xd6/0x280 fs/read_write.c:386
do_iter_write+0xd9/0x530 fs/read_write.c:952
vfs_iter_write+0x70/0xa0 fs/read_write.c:970
lo_write_bvec+0x119/0x330 drivers/block/loop.c:272
lo_write_simple drivers/block/loop.c:294 [inline]
do_req_filebacked drivers/block/loop.c:577 [inline]
loop_handle_cmd drivers/block/loop.c:1737 [inline]
loop_queue_work+0xaaa/0x1e9a drivers/block/loop.c:1751
kthread_worker_fn+0x27e/0x6a0 kernel/kthread.c:642
kthread+0x348/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Code: c0 75 48 80 7d 00 00 74 39 48 bb 00 00 00 00 00 fc ff df 48 89 e8 48
83 c0 01 48 89 c2 48 89 c1 48 c1 ea 03 83 e1 07 0f b6 14 1a <38> ca 7f 04
84 d2 75 1f 80 38 00 75 de 48 83 c4 08 48 29 e8 5b
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jun 9, 2019, 12:55:04 PM6/9/19
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages