INFO: task hung in reiserfs_sync_fs
4 views
Skip to first unread message
syzbot
Dec 4, 2022, 8:39:36 PM12/4/22
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 179ef7fe8677 Linux 4.14.300
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1595856b880000
kernel config: https://syzkaller.appspot.com/x/.config?x=aa85f51ec321d5a9
dashboard link: https://syzkaller.appspot.com/bug?extid=04e4af550bd7aa9223e1
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1135aa4d880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15cefa4d880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d311ef57b59a/disk-179ef7fe.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/25bf5d729f69/vmlinux-179ef7fe.xz
kernel image: https://storage.googleapis.com/syzbot-assets/db9b96571e69/bzImage-179ef7fe.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/95b3dd1b2230/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+04e4af...@syzkaller.appspotmail.com
REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop2): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): checking transaction log (loop2)
INFO: task kworker/1:3:7808 blocked for more than 140 seconds.
Not tainted 4.14.300-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:3 D29072 7808 2 0x80000000
REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
Workqueue: events_long flush_old_commits
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
REISERFS (device loop4): using ordered data mode
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
reiserfs: using flush barriers
REISERFS (device loop2): Using r5 hash to sort names
REISERFS (device loop2): using 3.5.x disk format
REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
reiserfs_sync_fs+0x65/0xd0 fs/reiserfs/super.c:76
flush_old_commits+0xdd/0x1d0 fs/reiserfs/super.c:111
REISERFS (device loop4): checking transaction log (loop4)
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406
REISERFS (device loop4): Using r5 hash to sort names
INFO: task kworker/1:1:8191 blocked for more than 140 seconds.
REISERFS (device loop4): using 3.5.x disk format
Not tainted 4.14.300-syzkaller #0
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:1 D29288 8191 2 0x80000000
Workqueue: events_long flush_old_commits
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
reiserfs_sync_fs+0x65/0xd0 fs/reiserfs/super.c:76
flush_old_commits+0xdd/0x1d0 fs/reiserfs/super.c:111
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406
REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
INFO: task syz-executor417:15145 blocked for more than 140 seconds.
REISERFS (device loop3): using ordered data mode
Not tainted 4.14.300-syzkaller #0
reiserfs: using flush barriers
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor417 D25624 15145 7977 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
REISERFS (device loop3): checking transaction log (loop3)
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline]
rwsem_down_write_failed+0x343/0x6d0 kernel/locking/rwsem-xadd.c:617
call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x4f/0x90 kernel/locking/rwsem.c:56
inode_lock include/linux/fs.h:719 [inline]
reiserfs_sync_file+0x9b/0x2d0 fs/reiserfs/file.c:161
vfs_fsync_range+0x103/0x260 fs/sync.c:196
generic_write_sync include/linux/fs.h:2684 [inline]
generic_file_write_iter+0x410/0x650 mm/filemap.c:3212
call_write_iter include/linux/fs.h:1780 [inline]
do_iter_readv_writev+0x4cf/0x5f0 fs/read_write.c:675
do_iter_write+0x152/0x550 fs/read_write.c:954
vfs_iter_write+0x70/0xa0 fs/read_write.c:967
iter_file_splice_write+0x52b/0xa90 fs/splice.c:749
do_splice_from fs/splice.c:851 [inline]
direct_splice_actor+0x115/0x160 fs/splice.c:1018
REISERFS (device loop3): Using r5 hash to sort names
splice_direct_to_actor+0x27c/0x730 fs/splice.c:973
REISERFS (device loop3): using 3.5.x disk format
REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
do_splice_direct+0x164/0x210 fs/splice.c:1061
REISERFS (device loop5): using ordered data mode
do_sendfile+0x47f/0xb30 fs/read_write.c:1441
reiserfs: using flush barriers
SYSC_sendfile64 fs/read_write.c:1502 [inline]
SyS_sendfile64+0xff/0x110 fs/read_write.c:1488
REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop5): checking transaction log (loop5)
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
INFO: task syz-executor417:15178 blocked for more than 140 seconds.
Not tainted 4.14.300-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor417 D26416 15178 7977 0x80000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
reiserfs_get_block+0x1a1/0x36b0 fs/reiserfs/inode.c:688
REISERFS (device loop5): Using r5 hash to sort names
REISERFS (device loop5): using 3.5.x disk format
REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
do_mpage_readpage+0x615/0x1470 fs/mpage.c:211
mpage_readpages+0x2d6/0x5f0 fs/mpage.c:383
REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop2): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): checking transaction log (loop2)
read_pages mm/readahead.c:121 [inline]
__do_page_cache_readahead+0x522/0x940 mm/readahead.c:199
ra_submit mm/internal.h:66 [inline]
ondemand_readahead.isra.0+0x514/0xb60 mm/readahead.c:486
page_cache_sync_readahead mm/readahead.c:518 [inline]
page_cache_sync_readahead+0xa6/0xf0 mm/readahead.c:503
generic_file_buffered_read mm/filemap.c:2003 [inline]
generic_file_read_iter+0xfbc/0x21c0 mm/filemap.c:2273
call_read_iter include/linux/fs.h:1774 [inline]
new_sync_read fs/read_write.c:401 [inline]
__vfs_read+0x449/0x620 fs/read_write.c:413
REISERFS (device loop2): Using r5 hash to sort names
REISERFS (device loop2): using 3.5.x disk format
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
integrity_kernel_read+0x11b/0x1b0 security/integrity/iint.c:199
ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:381 [inline]
ima_calc_file_shash security/integrity/ima/ima_crypto.c:410 [inline]
ima_calc_file_hash+0x3ee/0x780 security/integrity/ima/ima_crypto.c:467
ima_collect_measurement+0x39d/0x430 security/integrity/ima/ima_api.c:227
process_measurement+0x78b/0xb20 security/integrity/ima/ima_main.c:264
do_last fs/namei.c:3435 [inline]
path_openat+0x10ad/0x2970 fs/namei.c:3571
do_filp_open+0x179/0x3c0 fs/namei.c:3605
do_sys_open+0x296/0x410 fs/open.c:1081
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
INFO: task syz-executor417:15183 blocked for more than 140 seconds.
Not tainted 4.14.300-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor417 D29936 15183 7977 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
io_schedule+0xb5/0x120 kernel/sched/core.c:5035
wait_on_page_bit_common mm/filemap.c:1025 [inline]
__lock_page+0x27b/0x380 mm/filemap.c:1197
lock_page include/linux/pagemap.h:480 [inline]
pagecache_get_page+0x479/0xab0 mm/filemap.c:1478
find_or_create_page include/linux/pagemap.h:326 [inline]
grab_cache_page include/linux/pagemap.h:384 [inline]
grab_tail_page fs/reiserfs/inode.c:2210 [inline]
reiserfs_truncate_file+0x5b2/0xdb0 fs/reiserfs/inode.c:2278
reiserfs_setattr+0xb2d/0xe00 fs/reiserfs/inode.c:3411
notify_change+0x56b/0xd10 fs/attr.c:315
do_truncate+0xff/0x1a0 fs/open.c:63
vfs_truncate+0x456/0x680 fs/open.c:120
do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143
do_sys_truncate fs/open.c:137 [inline]
SYSC_truncate fs/open.c:155 [inline]
SyS_truncate+0x23/0x40 fs/open.c:153
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
INFO: task syz-executor417:15368 blocked for more than 140 seconds.
Not tainted 4.14.300-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kauditd_printk_skb: 64 callbacks suppressed
audit: type=1804 audit(1670204237.077:4271): pid=24614 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor417" name="/root/syzkaller.Yt7dGq/306/file0/bus" dev="loop2" ino=2 res=1
syz-executor417 D25624 15368 7976 0x00000004
Call Trace:
REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
audit: type=1800 audit(1670204237.077:4272): pid=24614 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor417" name="bus" dev="loop2" ino=2 res=0
REISERFS (device loop4): using ordered data mode
reiserfs: using flush barriers
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline]
rwsem_down_write_failed+0x343/0x6d0 kernel/locking/rwsem-xadd.c:617
REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x4f/0x90 kernel/locking/rwsem.c:56
inode_lock include/linux/fs.h:719 [inline]
reiserfs_sync_file+0x9b/0x2d0 fs/reiserfs/file.c:161
vfs_fsync_range+0x103/0x260 fs/sync.c:196
generic_write_sync include/linux/fs.h:2684 [inline]
generic_file_write_iter+0x410/0x650 mm/filemap.c:3212
REISERFS (device loop4): checking transaction log (loop4)
call_write_iter include/linux/fs.h:1780 [inline]
do_iter_readv_writev+0x4cf/0x5f0 fs/read_write.c:675
do_iter_write+0x152/0x550 fs/read_write.c:954
vfs_iter_write+0x70/0xa0 fs/read_write.c:967
iter_file_splice_write+0x52b/0xa90 fs/splice.c:749
REISERFS (device loop4): Using r5 hash to sort names
do_splice_from fs/splice.c:851 [inline]
direct_splice_actor+0x115/0x160 fs/splice.c:1018
REISERFS (device loop4): using 3.5.x disk format
splice_direct_to_actor+0x27c/0x730 fs/splice.c:973
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
audit: type=1800 audit(1670204237.387:4273): pid=24619 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor417" name="bus" dev="loop4" ino=2 res=0
do_splice_direct+0x164/0x210 fs/splice.c:1061
REISERFS (device loop3): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop3): checking transaction log (loop3)
do_sendfile+0x47f/0xb30 fs/read_write.c:1441
SYSC_sendfile64 fs/read_write.c:1502 [inline]
SyS_sendfile64+0xff/0x110 fs/read_write.c:1488
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
REISERFS (device loop3): Using r5 hash to sort names
REISERFS (device loop3): using 3.5.x disk format
REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
INFO: task syz-executor417:15391 blocked for more than 140 seconds.
audit: type=1800 audit(1670204237.547:4274): pid=24627 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor417" name="bus" dev="loop3" ino=2 res=0
Not tainted 4.14.300-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor417 D26416 15391 7976 0x80000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
reiserfs_get_block+0x1a1/0x36b0 fs/reiserfs/inode.c:688
do_mpage_readpage+0x615/0x1470 fs/mpage.c:211
REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop5): using ordered data mode
mpage_readpages+0x2d6/0x5f0 fs/mpage.c:383
reiserfs: using flush barriers
audit: type=1804 audit(1670204237.807:4275): pid=24635 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor417" name="/root/syzkaller.h4TG3A/305/file0/bus" dev="loop4" ino=2 res=1
REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop2): using ordered data mode
audit: type=1800 audit(1670204237.807:4276): pid=24635 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor417" name="bus" dev="loop4" ino=2 res=0
reiserfs: using flush barriers
REISERFS (device loop5): checking transaction log (loop5)
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
read_pages mm/readahead.c:121 [inline]
__do_page_cache_readahead+0x522/0x940 mm/readahead.c:199
REISERFS (device loop2): checking transaction log (loop2)
ra_submit mm/internal.h:66 [inline]
ondemand_readahead.isra.0+0x514/0xb60 mm/readahead.c:486
page_cache_sync_readahead mm/readahead.c:518 [inline]
page_cache_sync_readahead+0xa6/0xf0 mm/readahead.c:503
generic_file_buffered_read mm/filemap.c:2003 [inline]
generic_file_read_iter+0xfbc/0x21c0 mm/filemap.c:2273
call_read_iter include/linux/fs.h:1774 [inline]
new_sync_read fs/read_write.c:401 [inline]
__vfs_read+0x449/0x620 fs/read_write.c:413
audit: type=1804 audit(1670204237.987:4277): pid=24639 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor417" name="/root/syzkaller.uzVbHx/307/file0/bus" dev="loop3" ino=2 res=1
integrity_kernel_read+0x11b/0x1b0 security/integrity/iint.c:199
REISERFS (device loop5): Using r5 hash to sort names
audit: type=1800 audit(1670204237.987:4278): pid=24639 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor417" name="bus" dev="loop3" ino=2 res=0
REISERFS (device loop5): using 3.5.x disk format
REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:381 [inline]
ima_calc_file_shash security/integrity/ima/ima_crypto.c:410 [inline]
ima_calc_file_hash+0x3ee/0x780 security/integrity/ima/ima_crypto.c:467
REISERFS (device loop2): Using r5 hash to sort names
ima_collect_measurement+0x39d/0x430 security/integrity/ima/ima_api.c:227
REISERFS (device loop2): using 3.5.x disk format
audit: type=1800 audit(1670204238.117:4279): pid=24647 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor417" name="bus" dev="loop5" ino=2 res=0
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
process_measurement+0x78b/0xb20 security/integrity/ima/ima_main.c:264
audit: type=1800 audit(1670204238.167:4280): pid=24648 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor417" name="bus" dev="loop2" ino=2 res=0
do_last fs/namei.c:3435 [inline]
path_openat+0x10ad/0x2970 fs/namei.c:3571
do_filp_open+0x179/0x3c0 fs/namei.c:3605
do_sys_open+0x296/0x410 fs/open.c:1081
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
INFO: task syz-executor417:15398 blocked for more than 140 seconds.
Not tainted 4.14.300-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor417 D29776 15398 7976 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
io_schedule+0xb5/0x120 kernel/sched/core.c:5035
wait_on_page_bit_common mm/filemap.c:1025 [inline]
__lock_page+0x27b/0x380 mm/filemap.c:1197
lock_page include/linux/pagemap.h:480 [inline]
pagecache_get_page+0x479/0xab0 mm/filemap.c:1478
find_or_create_page include/linux/pagemap.h:326 [inline]
grab_cache_page include/linux/pagemap.h:384 [inline]
grab_tail_page fs/reiserfs/inode.c:2210 [inline]
reiserfs_truncate_file+0x5b2/0xdb0 fs/reiserfs/inode.c:2278
reiserfs_setattr+0xb2d/0xe00 fs/reiserfs/inode.c:3411
notify_change+0x56b/0xd10 fs/attr.c:315
do_truncate+0xff/0x1a0 fs/open.c:63
vfs_truncate+0x456/0x680 fs/open.c:120
do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143
do_sys_truncate fs/open.c:137 [inline]
SYSC_truncate fs/open.c:155 [inline]
SyS_truncate+0x23/0x40 fs/open.c:153
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
Showing all locks held in the system:
1 lock held by khungtaskd/1532:
#0: (tasklist_lock){.+.+}, at: [<ffffffff87029eb9>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
1 lock held by in:imklog/7701:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff818d8b5b>] __fdget_pos+0x1fb/0x2b0 fs/file.c:819
4 locks held by kworker/1:3/7808:
#0: ("events_long"){+.+.}, at: [<ffffffff81365eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&(&sbi->old_work)->work)){+.+.}, at: [<ffffffff81365ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&type->s_umount_key#46){++++}, at: [<ffffffff81af37b7>] flush_old_commits+0x77/0x1d0 fs/reiserfs/super.c:97
#3: (&sbi->lock){+.+.}, at: [<ffffffff81b3f875>] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
1 lock held by syz-executor417/7979:
#0: (&type->s_umount_key#46){++++}, at: [<ffffffff81878187>] deactivate_super+0x77/0xa0 fs/super.c:349
4 locks held by kworker/1:1/8191:
#0: ("events_long"){+.+.}, at: [<ffffffff81365eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&(&sbi->old_work)->work)){+.+.}, at: [<ffffffff81365ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&type->s_umount_key#46){++++}, at: [<ffffffff81af37b7>] flush_old_commits+0x77/0x1d0 fs/reiserfs/super.c:97
#3: (&sbi->lock){+.+.}, at: [<ffffffff81b3f875>] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
2 locks held by syz-executor417/15145:
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] file_start_write include/linux/fs.h:2714 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] do_sendfile+0x84f/0xb30 fs/read_write.c:1440
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81adc81b>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81adc81b>] reiserfs_sync_file+0x9b/0x2d0 fs/reiserfs/file.c:161
2 locks held by syz-executor417/15178:
#0: (&iint->mutex){+.+.}, at: [<ffffffff82ef2da0>] process_measurement+0x270/0xb20 security/integrity/ima/ima_main.c:225
#1: (&sbi->lock){+.+.}, at: [<ffffffff81b3f875>] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
4 locks held by syz-executor417/15183:
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] do_truncate+0xf0/0x1a0 fs/open.c:61
#2: (&ei->tailpack){+.+.}, at: [<ffffffff81adc475>] reiserfs_setattr+0xaf5/0xe00 fs/reiserfs/inode.c:3409
#3: (&sbi->lock){+.+.}, at: [<ffffffff81b3f875>] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
2 locks held by syz-executor417/15368:
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] file_start_write include/linux/fs.h:2714 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] do_sendfile+0x84f/0xb30 fs/read_write.c:1440
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81adc81b>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81adc81b>] reiserfs_sync_file+0x9b/0x2d0 fs/reiserfs/file.c:161
2 locks held by syz-executor417/15391:
#0: (&iint->mutex){+.+.}, at: [<ffffffff82ef2da0>] process_measurement+0x270/0xb20 security/integrity/ima/ima_main.c:225
#1: (&sbi->lock){+.+.}, at: [<ffffffff81b3f875>] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
4 locks held by syz-executor417/15398:
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] do_truncate+0xf0/0x1a0 fs/open.c:61
#2: (&ei->tailpack){+.+.}, at: [<ffffffff81adc475>] reiserfs_setattr+0xaf5/0xe00 fs/reiserfs/inode.c:3409
#3: (&sbi->lock){+.+.}, at: [<ffffffff81b3f875>] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
2 locks held by syz-executor417/24647:
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] file_start_write include/linux/fs.h:2714 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] do_sendfile+0x84f/0xb30 fs/read_write.c:1440
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81693b39>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81693b39>] generic_file_write_iter+0x99/0x650 mm/filemap.c:3205
1 lock held by syz-executor417/24662:
#0: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff82ef35f8>] inode_lock include/linux/fs.h:719 [inline]
#0: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff82ef35f8>] process_measurement+0xac8/0xb20 security/integrity/ima/ima_main.c:206
2 locks held by syz-executor417/24664:
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] do_truncate+0xf0/0x1a0 fs/open.c:61
2 locks held by syz-executor417/24648:
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] file_start_write include/linux/fs.h:2714 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] do_sendfile+0x84f/0xb30 fs/read_write.c:1440
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81693b39>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81693b39>] generic_file_write_iter+0x99/0x650 mm/filemap.c:3205
1 lock held by syz-executor417/24663:
#0: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff82ef35f8>] inode_lock include/linux/fs.h:719 [inline]
#0: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff82ef35f8>] process_measurement+0xac8/0xb20 security/integrity/ima/ima_main.c:206
2 locks held by syz-executor417/24665:
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] do_truncate+0xf0/0x1a0 fs/open.c:61
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 1532 Comm: khungtaskd Not tainted 4.14.300-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5b9/0xb40 kernel/hung_task.c:274
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at pc 0xffffffff8724a73e
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 179ef7fe8677 Linux 4.14.300
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1595856b880000
kernel config: https://syzkaller.appspot.com/x/.config?x=aa85f51ec321d5a9
dashboard link: https://syzkaller.appspot.com/bug?extid=04e4af550bd7aa9223e1
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1135aa4d880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15cefa4d880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d311ef57b59a/disk-179ef7fe.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/25bf5d729f69/vmlinux-179ef7fe.xz
kernel image: https://storage.googleapis.com/syzbot-assets/db9b96571e69/bzImage-179ef7fe.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/95b3dd1b2230/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+04e4af...@syzkaller.appspotmail.com
REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop2): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): checking transaction log (loop2)
INFO: task kworker/1:3:7808 blocked for more than 140 seconds.
Not tainted 4.14.300-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:3 D29072 7808 2 0x80000000
REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
Workqueue: events_long flush_old_commits
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
REISERFS (device loop4): using ordered data mode
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
reiserfs: using flush barriers
REISERFS (device loop2): Using r5 hash to sort names
REISERFS (device loop2): using 3.5.x disk format
REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
reiserfs_sync_fs+0x65/0xd0 fs/reiserfs/super.c:76
flush_old_commits+0xdd/0x1d0 fs/reiserfs/super.c:111
REISERFS (device loop4): checking transaction log (loop4)
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406
REISERFS (device loop4): Using r5 hash to sort names
INFO: task kworker/1:1:8191 blocked for more than 140 seconds.
REISERFS (device loop4): using 3.5.x disk format
Not tainted 4.14.300-syzkaller #0
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:1 D29288 8191 2 0x80000000
Workqueue: events_long flush_old_commits
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
reiserfs_sync_fs+0x65/0xd0 fs/reiserfs/super.c:76
flush_old_commits+0xdd/0x1d0 fs/reiserfs/super.c:111
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406
REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
INFO: task syz-executor417:15145 blocked for more than 140 seconds.
REISERFS (device loop3): using ordered data mode
Not tainted 4.14.300-syzkaller #0
reiserfs: using flush barriers
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor417 D25624 15145 7977 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
REISERFS (device loop3): checking transaction log (loop3)
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline]
rwsem_down_write_failed+0x343/0x6d0 kernel/locking/rwsem-xadd.c:617
call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x4f/0x90 kernel/locking/rwsem.c:56
inode_lock include/linux/fs.h:719 [inline]
reiserfs_sync_file+0x9b/0x2d0 fs/reiserfs/file.c:161
vfs_fsync_range+0x103/0x260 fs/sync.c:196
generic_write_sync include/linux/fs.h:2684 [inline]
generic_file_write_iter+0x410/0x650 mm/filemap.c:3212
call_write_iter include/linux/fs.h:1780 [inline]
do_iter_readv_writev+0x4cf/0x5f0 fs/read_write.c:675
do_iter_write+0x152/0x550 fs/read_write.c:954
vfs_iter_write+0x70/0xa0 fs/read_write.c:967
iter_file_splice_write+0x52b/0xa90 fs/splice.c:749
do_splice_from fs/splice.c:851 [inline]
direct_splice_actor+0x115/0x160 fs/splice.c:1018
REISERFS (device loop3): Using r5 hash to sort names
splice_direct_to_actor+0x27c/0x730 fs/splice.c:973
REISERFS (device loop3): using 3.5.x disk format
REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
do_splice_direct+0x164/0x210 fs/splice.c:1061
REISERFS (device loop5): using ordered data mode
do_sendfile+0x47f/0xb30 fs/read_write.c:1441
reiserfs: using flush barriers
SYSC_sendfile64 fs/read_write.c:1502 [inline]
SyS_sendfile64+0xff/0x110 fs/read_write.c:1488
REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop5): checking transaction log (loop5)
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
INFO: task syz-executor417:15178 blocked for more than 140 seconds.
Not tainted 4.14.300-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor417 D26416 15178 7977 0x80000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
reiserfs_get_block+0x1a1/0x36b0 fs/reiserfs/inode.c:688
REISERFS (device loop5): Using r5 hash to sort names
REISERFS (device loop5): using 3.5.x disk format
REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
do_mpage_readpage+0x615/0x1470 fs/mpage.c:211
mpage_readpages+0x2d6/0x5f0 fs/mpage.c:383
REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop2): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): checking transaction log (loop2)
read_pages mm/readahead.c:121 [inline]
__do_page_cache_readahead+0x522/0x940 mm/readahead.c:199
ra_submit mm/internal.h:66 [inline]
ondemand_readahead.isra.0+0x514/0xb60 mm/readahead.c:486
page_cache_sync_readahead mm/readahead.c:518 [inline]
page_cache_sync_readahead+0xa6/0xf0 mm/readahead.c:503
generic_file_buffered_read mm/filemap.c:2003 [inline]
generic_file_read_iter+0xfbc/0x21c0 mm/filemap.c:2273
call_read_iter include/linux/fs.h:1774 [inline]
new_sync_read fs/read_write.c:401 [inline]
__vfs_read+0x449/0x620 fs/read_write.c:413
REISERFS (device loop2): Using r5 hash to sort names
REISERFS (device loop2): using 3.5.x disk format
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
integrity_kernel_read+0x11b/0x1b0 security/integrity/iint.c:199
ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:381 [inline]
ima_calc_file_shash security/integrity/ima/ima_crypto.c:410 [inline]
ima_calc_file_hash+0x3ee/0x780 security/integrity/ima/ima_crypto.c:467
ima_collect_measurement+0x39d/0x430 security/integrity/ima/ima_api.c:227
process_measurement+0x78b/0xb20 security/integrity/ima/ima_main.c:264
do_last fs/namei.c:3435 [inline]
path_openat+0x10ad/0x2970 fs/namei.c:3571
do_filp_open+0x179/0x3c0 fs/namei.c:3605
do_sys_open+0x296/0x410 fs/open.c:1081
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
INFO: task syz-executor417:15183 blocked for more than 140 seconds.
Not tainted 4.14.300-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor417 D29936 15183 7977 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
io_schedule+0xb5/0x120 kernel/sched/core.c:5035
wait_on_page_bit_common mm/filemap.c:1025 [inline]
__lock_page+0x27b/0x380 mm/filemap.c:1197
lock_page include/linux/pagemap.h:480 [inline]
pagecache_get_page+0x479/0xab0 mm/filemap.c:1478
find_or_create_page include/linux/pagemap.h:326 [inline]
grab_cache_page include/linux/pagemap.h:384 [inline]
grab_tail_page fs/reiserfs/inode.c:2210 [inline]
reiserfs_truncate_file+0x5b2/0xdb0 fs/reiserfs/inode.c:2278
reiserfs_setattr+0xb2d/0xe00 fs/reiserfs/inode.c:3411
notify_change+0x56b/0xd10 fs/attr.c:315
do_truncate+0xff/0x1a0 fs/open.c:63
vfs_truncate+0x456/0x680 fs/open.c:120
do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143
do_sys_truncate fs/open.c:137 [inline]
SYSC_truncate fs/open.c:155 [inline]
SyS_truncate+0x23/0x40 fs/open.c:153
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
INFO: task syz-executor417:15368 blocked for more than 140 seconds.
Not tainted 4.14.300-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kauditd_printk_skb: 64 callbacks suppressed
audit: type=1804 audit(1670204237.077:4271): pid=24614 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor417" name="/root/syzkaller.Yt7dGq/306/file0/bus" dev="loop2" ino=2 res=1
syz-executor417 D25624 15368 7976 0x00000004
Call Trace:
REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
audit: type=1800 audit(1670204237.077:4272): pid=24614 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor417" name="bus" dev="loop2" ino=2 res=0
REISERFS (device loop4): using ordered data mode
reiserfs: using flush barriers
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline]
rwsem_down_write_failed+0x343/0x6d0 kernel/locking/rwsem-xadd.c:617
REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x4f/0x90 kernel/locking/rwsem.c:56
inode_lock include/linux/fs.h:719 [inline]
reiserfs_sync_file+0x9b/0x2d0 fs/reiserfs/file.c:161
vfs_fsync_range+0x103/0x260 fs/sync.c:196
generic_write_sync include/linux/fs.h:2684 [inline]
generic_file_write_iter+0x410/0x650 mm/filemap.c:3212
REISERFS (device loop4): checking transaction log (loop4)
call_write_iter include/linux/fs.h:1780 [inline]
do_iter_readv_writev+0x4cf/0x5f0 fs/read_write.c:675
do_iter_write+0x152/0x550 fs/read_write.c:954
vfs_iter_write+0x70/0xa0 fs/read_write.c:967
iter_file_splice_write+0x52b/0xa90 fs/splice.c:749
REISERFS (device loop4): Using r5 hash to sort names
do_splice_from fs/splice.c:851 [inline]
direct_splice_actor+0x115/0x160 fs/splice.c:1018
REISERFS (device loop4): using 3.5.x disk format
splice_direct_to_actor+0x27c/0x730 fs/splice.c:973
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal
audit: type=1800 audit(1670204237.387:4273): pid=24619 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor417" name="bus" dev="loop4" ino=2 res=0
do_splice_direct+0x164/0x210 fs/splice.c:1061
REISERFS (device loop3): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop3): checking transaction log (loop3)
do_sendfile+0x47f/0xb30 fs/read_write.c:1441
SYSC_sendfile64 fs/read_write.c:1502 [inline]
SyS_sendfile64+0xff/0x110 fs/read_write.c:1488
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
REISERFS (device loop3): Using r5 hash to sort names
REISERFS (device loop3): using 3.5.x disk format
REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
INFO: task syz-executor417:15391 blocked for more than 140 seconds.
audit: type=1800 audit(1670204237.547:4274): pid=24627 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor417" name="bus" dev="loop3" ino=2 res=0
Not tainted 4.14.300-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor417 D26416 15391 7976 0x80000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
reiserfs_get_block+0x1a1/0x36b0 fs/reiserfs/inode.c:688
do_mpage_readpage+0x615/0x1470 fs/mpage.c:211
REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop5): using ordered data mode
mpage_readpages+0x2d6/0x5f0 fs/mpage.c:383
reiserfs: using flush barriers
audit: type=1804 audit(1670204237.807:4275): pid=24635 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor417" name="/root/syzkaller.h4TG3A/305/file0/bus" dev="loop4" ino=2 res=1
REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop2): using ordered data mode
audit: type=1800 audit(1670204237.807:4276): pid=24635 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor417" name="bus" dev="loop4" ino=2 res=0
reiserfs: using flush barriers
REISERFS (device loop5): checking transaction log (loop5)
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
read_pages mm/readahead.c:121 [inline]
__do_page_cache_readahead+0x522/0x940 mm/readahead.c:199
REISERFS (device loop2): checking transaction log (loop2)
ra_submit mm/internal.h:66 [inline]
ondemand_readahead.isra.0+0x514/0xb60 mm/readahead.c:486
page_cache_sync_readahead mm/readahead.c:518 [inline]
page_cache_sync_readahead+0xa6/0xf0 mm/readahead.c:503
generic_file_buffered_read mm/filemap.c:2003 [inline]
generic_file_read_iter+0xfbc/0x21c0 mm/filemap.c:2273
call_read_iter include/linux/fs.h:1774 [inline]
new_sync_read fs/read_write.c:401 [inline]
__vfs_read+0x449/0x620 fs/read_write.c:413
audit: type=1804 audit(1670204237.987:4277): pid=24639 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor417" name="/root/syzkaller.uzVbHx/307/file0/bus" dev="loop3" ino=2 res=1
integrity_kernel_read+0x11b/0x1b0 security/integrity/iint.c:199
REISERFS (device loop5): Using r5 hash to sort names
audit: type=1800 audit(1670204237.987:4278): pid=24639 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor417" name="bus" dev="loop3" ino=2 res=0
REISERFS (device loop5): using 3.5.x disk format
REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:381 [inline]
ima_calc_file_shash security/integrity/ima/ima_crypto.c:410 [inline]
ima_calc_file_hash+0x3ee/0x780 security/integrity/ima/ima_crypto.c:467
REISERFS (device loop2): Using r5 hash to sort names
ima_collect_measurement+0x39d/0x430 security/integrity/ima/ima_api.c:227
REISERFS (device loop2): using 3.5.x disk format
audit: type=1800 audit(1670204238.117:4279): pid=24647 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor417" name="bus" dev="loop5" ino=2 res=0
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
process_measurement+0x78b/0xb20 security/integrity/ima/ima_main.c:264
audit: type=1800 audit(1670204238.167:4280): pid=24648 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor417" name="bus" dev="loop2" ino=2 res=0
do_last fs/namei.c:3435 [inline]
path_openat+0x10ad/0x2970 fs/namei.c:3571
do_filp_open+0x179/0x3c0 fs/namei.c:3605
do_sys_open+0x296/0x410 fs/open.c:1081
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
INFO: task syz-executor417:15398 blocked for more than 140 seconds.
Not tainted 4.14.300-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor417 D29776 15398 7976 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
io_schedule+0xb5/0x120 kernel/sched/core.c:5035
wait_on_page_bit_common mm/filemap.c:1025 [inline]
__lock_page+0x27b/0x380 mm/filemap.c:1197
lock_page include/linux/pagemap.h:480 [inline]
pagecache_get_page+0x479/0xab0 mm/filemap.c:1478
find_or_create_page include/linux/pagemap.h:326 [inline]
grab_cache_page include/linux/pagemap.h:384 [inline]
grab_tail_page fs/reiserfs/inode.c:2210 [inline]
reiserfs_truncate_file+0x5b2/0xdb0 fs/reiserfs/inode.c:2278
reiserfs_setattr+0xb2d/0xe00 fs/reiserfs/inode.c:3411
notify_change+0x56b/0xd10 fs/attr.c:315
do_truncate+0xff/0x1a0 fs/open.c:63
vfs_truncate+0x456/0x680 fs/open.c:120
do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143
do_sys_truncate fs/open.c:137 [inline]
SYSC_truncate fs/open.c:155 [inline]
SyS_truncate+0x23/0x40 fs/open.c:153
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
Showing all locks held in the system:
1 lock held by khungtaskd/1532:
#0: (tasklist_lock){.+.+}, at: [<ffffffff87029eb9>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
1 lock held by in:imklog/7701:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff818d8b5b>] __fdget_pos+0x1fb/0x2b0 fs/file.c:819
4 locks held by kworker/1:3/7808:
#0: ("events_long"){+.+.}, at: [<ffffffff81365eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&(&sbi->old_work)->work)){+.+.}, at: [<ffffffff81365ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&type->s_umount_key#46){++++}, at: [<ffffffff81af37b7>] flush_old_commits+0x77/0x1d0 fs/reiserfs/super.c:97
#3: (&sbi->lock){+.+.}, at: [<ffffffff81b3f875>] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
1 lock held by syz-executor417/7979:
#0: (&type->s_umount_key#46){++++}, at: [<ffffffff81878187>] deactivate_super+0x77/0xa0 fs/super.c:349
4 locks held by kworker/1:1/8191:
#0: ("events_long"){+.+.}, at: [<ffffffff81365eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&(&sbi->old_work)->work)){+.+.}, at: [<ffffffff81365ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (&type->s_umount_key#46){++++}, at: [<ffffffff81af37b7>] flush_old_commits+0x77/0x1d0 fs/reiserfs/super.c:97
#3: (&sbi->lock){+.+.}, at: [<ffffffff81b3f875>] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
2 locks held by syz-executor417/15145:
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] file_start_write include/linux/fs.h:2714 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] do_sendfile+0x84f/0xb30 fs/read_write.c:1440
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81adc81b>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81adc81b>] reiserfs_sync_file+0x9b/0x2d0 fs/reiserfs/file.c:161
2 locks held by syz-executor417/15178:
#0: (&iint->mutex){+.+.}, at: [<ffffffff82ef2da0>] process_measurement+0x270/0xb20 security/integrity/ima/ima_main.c:225
#1: (&sbi->lock){+.+.}, at: [<ffffffff81b3f875>] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
4 locks held by syz-executor417/15183:
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] do_truncate+0xf0/0x1a0 fs/open.c:61
#2: (&ei->tailpack){+.+.}, at: [<ffffffff81adc475>] reiserfs_setattr+0xaf5/0xe00 fs/reiserfs/inode.c:3409
#3: (&sbi->lock){+.+.}, at: [<ffffffff81b3f875>] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
2 locks held by syz-executor417/15368:
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] file_start_write include/linux/fs.h:2714 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] do_sendfile+0x84f/0xb30 fs/read_write.c:1440
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81adc81b>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81adc81b>] reiserfs_sync_file+0x9b/0x2d0 fs/reiserfs/file.c:161
2 locks held by syz-executor417/15391:
#0: (&iint->mutex){+.+.}, at: [<ffffffff82ef2da0>] process_measurement+0x270/0xb20 security/integrity/ima/ima_main.c:225
#1: (&sbi->lock){+.+.}, at: [<ffffffff81b3f875>] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
4 locks held by syz-executor417/15398:
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] do_truncate+0xf0/0x1a0 fs/open.c:61
#2: (&ei->tailpack){+.+.}, at: [<ffffffff81adc475>] reiserfs_setattr+0xaf5/0xe00 fs/reiserfs/inode.c:3409
#3: (&sbi->lock){+.+.}, at: [<ffffffff81b3f875>] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
2 locks held by syz-executor417/24647:
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] file_start_write include/linux/fs.h:2714 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] do_sendfile+0x84f/0xb30 fs/read_write.c:1440
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81693b39>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81693b39>] generic_file_write_iter+0x99/0x650 mm/filemap.c:3205
1 lock held by syz-executor417/24662:
#0: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff82ef35f8>] inode_lock include/linux/fs.h:719 [inline]
#0: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff82ef35f8>] process_measurement+0xac8/0xb20 security/integrity/ima/ima_main.c:206
2 locks held by syz-executor417/24664:
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] do_truncate+0xf0/0x1a0 fs/open.c:61
2 locks held by syz-executor417/24648:
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] file_start_write include/linux/fs.h:2714 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff8187026f>] do_sendfile+0x84f/0xb30 fs/read_write.c:1440
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81693b39>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81693b39>] generic_file_write_iter+0x99/0x650 mm/filemap.c:3205
1 lock held by syz-executor417/24663:
#0: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff82ef35f8>] inode_lock include/linux/fs.h:719 [inline]
#0: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff82ef35f8>] process_measurement+0xac8/0xb20 security/integrity/ima/ima_main.c:206
2 locks held by syz-executor417/24665:
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff818e1bca>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff81867080>] do_truncate+0xf0/0x1a0 fs/open.c:61
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 1532 Comm: khungtaskd Not tainted 4.14.300-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5b9/0xb40 kernel/hung_task.c:274
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at pc 0xffffffff8724a73e
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages