INFO: task hung in blkdev_issue_zeroout (2)
6 views
Skip to first unread message
syzbot
Nov 10, 2019, 4:50:09 AM11/10/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 81144e70 UPSTREAM: HID: steam: fix deadlock with input dev..
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=1586390ce00000
kernel config: https://syzkaller.appspot.com/x/.config?x=f4a4458fad5956b8
dashboard link: https://syzkaller.appspot.com/bug?extid=be1b506fa4221aa0cd95
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+be1b50...@syzkaller.appspotmail.com
audit: type=1400 audit(1573375740.930:26209): avc: denied { map } for
pid=1904 comm="getty" path="/etc/ld.so.cache" dev="sda1" ino=2503
scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0
tclass=file permissive=1
INFO: task syz-executor.2:1776 blocked for more than 140 seconds.
Not tainted 4.14.152+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D28144 1776 24419 0x00000004
Call Trace:
schedule+0x92/0x1c0 kernel/sched/core.c:3498
schedule_timeout+0x752/0xe90 kernel/time/timer.c:1723
io_schedule_timeout+0x26/0x80 kernel/sched/core.c:5091
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common_io.constprop.0+0x274/0x3b0 kernel/sched/completion.c:129
submit_bio_wait+0x107/0x170 block/bio.c:1016
blkdev_issue_zeroout+0x217/0x4c0 block/blk-lib.c:408
blkdev_fallocate+0x297/0x3b0 fs/block_dev.c:2017
vfs_fallocate+0x348/0x790 fs/open.c:328
SYSC_fallocate fs/open.c:351 [inline]
SyS_fallocate+0x4a/0x80 fs/open.c:345
do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a219
RSP: 002b:00007f22d606ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a219
RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000100000001 R11: 0000000000000246 R12: 00007f22d606f6d4
R13: 00000000004c0b96 R14: 00000000004d3700 R15: 00000000ffffffff
Showing all locks held in the system:
1 lock held by khungtaskd/23:
#0: (tasklist_lock){.+.+}, at: [<0000000057722d69>]
debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4544
2 locks held by getty/1762:
#0: (&tty->ldisc_sem){++++}, at: [<000000008069097f>]
tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (&ldata->atomic_read_lock){+.+.}, at: [<0000000095bf5b7e>]
n_tty_read+0x1f7/0x1700 drivers/tty/n_tty.c:2156
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 23 Comm: khungtaskd Not tainted 4.14.152+ #0
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xca/0x134 lib/dump_stack.c:53
nmi_cpu_backtrace.cold+0x47/0x86 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x119/0x147 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x629/0xbe0 kernel/hung_task.c:274
kthread+0x31f/0x430 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 26933 Comm: loop0 Not tainted 4.14.152+ #0
task: 00000000093985f5 task.stack: 000000001450a7ec
RIP: 0010:strlen+0x4d/0x90 lib/string.c:482
RSP: 0018:ffff8881940175e8 EFLAGS: 00000803
RAX: ffffffff9df2736e RBX: dffffc0000000000 RCX: ffffffff9df2736e
RDX: 1ffffffff3be4e6d RSI: ffffffff9fa237b0 RDI: ffffffff9df27360
RBP: ffffffff9df27360 R08: 0000000000000001 R09: fffffbfff3d06066
R10: fffffbfff3d06065 R11: ffffffff9e83032b R12: 1ffff11032802ec7
R13: 0000000000000000 R14: ffffffff9e4c0de0 R15: ffff8881940176b8
FS: 0000000000000000(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000013893e0 CR3: 000000011da26003 CR4: 00000000001606b0
DR0: 0000000020000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
trace_event_get_offsets_lock include/trace/events/lock.h:39 [inline]
perf_trace_lock+0xe1/0x4e0 include/trace/events/lock.h:39
trace_lock_release include/trace/events/lock.h:58 [inline]
lock_release+0x4e9/0x740 kernel/locking/lockdep.c:4012
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_unlock_irqrestore+0x1b/0x70 kernel/locking/spinlock.c:192
spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
avc_reclaim_node security/selinux/avc.c:539 [inline]
avc_alloc_node security/selinux/avc.c:557 [inline]
avc_alloc_node+0x2bb/0x3f0 security/selinux/avc.c:545
avc_insert security/selinux/avc.c:668 [inline]
avc_compute_av+0x17c/0x550 security/selinux/avc.c:974
avc_has_perm_noaudit security/selinux/avc.c:1110 [inline]
avc_has_perm+0x318/0x350 security/selinux/avc.c:1144
inode_has_perm security/selinux/hooks.c:1796 [inline]
file_has_perm+0x374/0x470 security/selinux/hooks.c:1886
selinux_revalidate_file_permission security/selinux/hooks.c:3466 [inline]
selinux_file_permission+0x304/0x440 security/selinux/hooks.c:3487
security_file_permission+0x7c/0x1e0 security/security.c:867
rw_verify_area+0xd9/0x290 fs/read_write.c:386
do_iter_write+0xd6/0x550 fs/read_write.c:953
vfs_iter_write+0x70/0xa0 fs/read_write.c:971
lo_write_bvec+0x127/0x340 drivers/block/loop.c:272
lo_write_simple drivers/block/loop.c:294 [inline]
do_req_filebacked drivers/block/loop.c:577 [inline]
loop_handle_cmd drivers/block/loop.c:1769 [inline]
loop_queue_work+0x461/0x1deb drivers/block/loop.c:1783
kthread_worker_fn+0x28f/0x6d0 kernel/kthread.c:642
kthread+0x31f/0x430 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:404
Code: e2 07 38 d0 7f 04 84 c0 75 48 80 7d 00 00 74 39 48 bb 00 00 00 00 00
fc ff df 48 89 e8 48 83 c0 01 48 89 c2 48 89 c1 48 c1 ea 03 <83> e1 07 0f
b6 14 1a 38 ca 7f 04 84 d2 75 1f 80 38 00 75 de 48
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 81144e70 UPSTREAM: HID: steam: fix deadlock with input dev..
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=1586390ce00000
kernel config: https://syzkaller.appspot.com/x/.config?x=f4a4458fad5956b8
dashboard link: https://syzkaller.appspot.com/bug?extid=be1b506fa4221aa0cd95
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+be1b50...@syzkaller.appspotmail.com
audit: type=1400 audit(1573375740.930:26209): avc: denied { map } for
pid=1904 comm="getty" path="/etc/ld.so.cache" dev="sda1" ino=2503
scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0
tclass=file permissive=1
INFO: task syz-executor.2:1776 blocked for more than 140 seconds.
Not tainted 4.14.152+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D28144 1776 24419 0x00000004
Call Trace:
schedule+0x92/0x1c0 kernel/sched/core.c:3498
schedule_timeout+0x752/0xe90 kernel/time/timer.c:1723
io_schedule_timeout+0x26/0x80 kernel/sched/core.c:5091
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common_io.constprop.0+0x274/0x3b0 kernel/sched/completion.c:129
submit_bio_wait+0x107/0x170 block/bio.c:1016
blkdev_issue_zeroout+0x217/0x4c0 block/blk-lib.c:408
blkdev_fallocate+0x297/0x3b0 fs/block_dev.c:2017
vfs_fallocate+0x348/0x790 fs/open.c:328
SYSC_fallocate fs/open.c:351 [inline]
SyS_fallocate+0x4a/0x80 fs/open.c:345
do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a219
RSP: 002b:00007f22d606ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a219
RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000100000001 R11: 0000000000000246 R12: 00007f22d606f6d4
R13: 00000000004c0b96 R14: 00000000004d3700 R15: 00000000ffffffff
Showing all locks held in the system:
1 lock held by khungtaskd/23:
#0: (tasklist_lock){.+.+}, at: [<0000000057722d69>]
debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4544
2 locks held by getty/1762:
#0: (&tty->ldisc_sem){++++}, at: [<000000008069097f>]
tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (&ldata->atomic_read_lock){+.+.}, at: [<0000000095bf5b7e>]
n_tty_read+0x1f7/0x1700 drivers/tty/n_tty.c:2156
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 23 Comm: khungtaskd Not tainted 4.14.152+ #0
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xca/0x134 lib/dump_stack.c:53
nmi_cpu_backtrace.cold+0x47/0x86 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x119/0x147 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x629/0xbe0 kernel/hung_task.c:274
kthread+0x31f/0x430 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 26933 Comm: loop0 Not tainted 4.14.152+ #0
task: 00000000093985f5 task.stack: 000000001450a7ec
RIP: 0010:strlen+0x4d/0x90 lib/string.c:482
RSP: 0018:ffff8881940175e8 EFLAGS: 00000803
RAX: ffffffff9df2736e RBX: dffffc0000000000 RCX: ffffffff9df2736e
RDX: 1ffffffff3be4e6d RSI: ffffffff9fa237b0 RDI: ffffffff9df27360
RBP: ffffffff9df27360 R08: 0000000000000001 R09: fffffbfff3d06066
R10: fffffbfff3d06065 R11: ffffffff9e83032b R12: 1ffff11032802ec7
R13: 0000000000000000 R14: ffffffff9e4c0de0 R15: ffff8881940176b8
FS: 0000000000000000(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000013893e0 CR3: 000000011da26003 CR4: 00000000001606b0
DR0: 0000000020000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
trace_event_get_offsets_lock include/trace/events/lock.h:39 [inline]
perf_trace_lock+0xe1/0x4e0 include/trace/events/lock.h:39
trace_lock_release include/trace/events/lock.h:58 [inline]
lock_release+0x4e9/0x740 kernel/locking/lockdep.c:4012
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_unlock_irqrestore+0x1b/0x70 kernel/locking/spinlock.c:192
spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
avc_reclaim_node security/selinux/avc.c:539 [inline]
avc_alloc_node security/selinux/avc.c:557 [inline]
avc_alloc_node+0x2bb/0x3f0 security/selinux/avc.c:545
avc_insert security/selinux/avc.c:668 [inline]
avc_compute_av+0x17c/0x550 security/selinux/avc.c:974
avc_has_perm_noaudit security/selinux/avc.c:1110 [inline]
avc_has_perm+0x318/0x350 security/selinux/avc.c:1144
inode_has_perm security/selinux/hooks.c:1796 [inline]
file_has_perm+0x374/0x470 security/selinux/hooks.c:1886
selinux_revalidate_file_permission security/selinux/hooks.c:3466 [inline]
selinux_file_permission+0x304/0x440 security/selinux/hooks.c:3487
security_file_permission+0x7c/0x1e0 security/security.c:867
rw_verify_area+0xd9/0x290 fs/read_write.c:386
do_iter_write+0xd6/0x550 fs/read_write.c:953
vfs_iter_write+0x70/0xa0 fs/read_write.c:971
lo_write_bvec+0x127/0x340 drivers/block/loop.c:272
lo_write_simple drivers/block/loop.c:294 [inline]
do_req_filebacked drivers/block/loop.c:577 [inline]
loop_handle_cmd drivers/block/loop.c:1769 [inline]
loop_queue_work+0x461/0x1deb drivers/block/loop.c:1783
kthread_worker_fn+0x28f/0x6d0 kernel/kthread.c:642
kthread+0x31f/0x430 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:404
Code: e2 07 38 d0 7f 04 84 c0 75 48 80 7d 00 00 74 39 48 bb 00 00 00 00 00
fc ff df 48 89 e8 48 83 c0 01 48 89 c2 48 89 c1 48 c1 ea 03 <83> e1 07 0f
b6 14 1a 38 ca 7f 04 84 d2 75 1f 80 38 00 75 de 48
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 9, 2020, 4:50:08 AM3/9/20
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages