INFO: task hung in add_transaction_credits

31 views

Skip to first unread message

syzbot

unread,

Apr 10, 2019, 12:14:07 PM4/10/19

to syzkaller-a...@googlegroups.com

Hello,

syzbot found the following crash on:

HEAD commit: ff9973a5 ANDROID: arm64: kbuild: only specify code model w..
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=174c5db9400000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b3b342f97278cde
dashboard link: https://syzkaller.appspot.com/bug?extid=74c697eb23e42789cc2c
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11f1b67e400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1734ece6400000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+74c697...@syzkaller.appspotmail.com

random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1538547110.178:7): avc: denied { map } for
pid=1827 comm="syz-executor844" path="/root/syz-executor844264495"
dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
INFO: task kworker/u4:1:64 blocked for more than 140 seconds.
Not tainted 4.14.73+ #14
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:1 D24960 64 2 0x80000000
Workqueue: writeback wb_workfn (flush-8:0)
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
wait_transaction_locked+0x1a1/0x220 fs/jbd2/transaction.c:164
add_transaction_credits+0x403/0x970 fs/jbd2/transaction.c:192
start_this_handle+0x368/0xfc0 fs/jbd2/transaction.c:362
jbd2__journal_start+0x30a/0x8b0 fs/jbd2/transaction.c:444
__ext4_journal_start_sb+0x109/0x460 fs/ext4/ext4_jbd2.c:81
__ext4_journal_start fs/ext4/ext4_jbd2.h:314 [inline]
ext4_writepages+0x105e/0x3040 fs/ext4/inode.c:2867
do_writepages+0xe0/0x270 mm/page-writeback.c:2341
__writeback_single_inode+0xd8/0x1020 fs/fs-writeback.c:1320
writeback_sb_inodes+0x468/0xcd0 fs/fs-writeback.c:1584
__writeback_inodes_wb+0xf8/0x1e0 fs/fs-writeback.c:1653
wb_writeback+0x4ee/0xb90 fs/fs-writeback.c:1762
wb_check_old_data_flush fs/fs-writeback.c:1875 [inline]
wb_do_writeback fs/fs-writeback.c:1899 [inline]
wb_workfn+0x85d/0xe00 fs/fs-writeback.c:1928
process_one_work+0x86e/0x15c0 kernel/workqueue.c:2114
worker_thread+0xdc/0x1000 kernel/workqueue.c:2248
kthread+0x348/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
INFO: task jbd2/sda1-8:75 blocked for more than 140 seconds.
Not tainted 4.14.73+ #14
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
jbd2/sda1-8 D27520 75 2 0x80000000
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
jbd2_journal_commit_transaction+0x724/0x648c fs/jbd2/commit.c:437
kjournald2+0x244/0x820 fs/jbd2/journal.c:233
kthread+0x348/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
INFO: task restorecond:1710 blocked for more than 140 seconds.
Not tainted 4.14.73+ #14
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
restorecond D28128 1710 1 0x00000000
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:565 [inline]
rwsem_down_write_failed+0x390/0x730 kernel/locking/rwsem-xadd.c:594
call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x4f/0x90 kernel/locking/rwsem.c:56
inode_lock include/linux/fs.h:713 [inline]
vfs_setxattr+0x89/0xe0 fs/xattr.c:219
setxattr+0x1c6/0x2b0 fs/xattr.c:453
path_setxattr+0x13c/0x160 fs/xattr.c:472
SYSC_lsetxattr fs/xattr.c:494 [inline]
SyS_lsetxattr+0x33/0x40 fs/xattr.c:490
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7f63ba69dffa
RSP: 002b:00007ffcbb815a48 EFLAGS: 00000206 ORIG_RAX: 00000000000000bd
RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f63ba69dffa
RDX: 000056033fa6daf0 RSI: 00007f63bb0c9f69 RDI: 000056033f6d52e0
RBP: 000056033f6d52e0 R08: 0000000000000000 R09: 73753a725f746365
R10: 0000000000000025 R11: 0000000000000206 R12: 000056033f6d6520
R13: 000056033f6d63f0 R14: 00007ffcbb815a90 R15: 0000000000000000
INFO: task init:1828 blocked for more than 140 seconds.
Not tainted 4.14.73+ #14
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D28760 1828 1 0x00000000
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
wait_transaction_locked+0x1a1/0x220 fs/jbd2/transaction.c:164
add_transaction_credits+0x403/0x970 fs/jbd2/transaction.c:192
start_this_handle+0x368/0xfc0 fs/jbd2/transaction.c:362
jbd2__journal_start+0x30a/0x8b0 fs/jbd2/transaction.c:444
__ext4_journal_start_sb+0x109/0x460 fs/ext4/ext4_jbd2.c:81
__ext4_journal_start fs/ext4/ext4_jbd2.h:314 [inline]
ext4_dirty_inode+0x4f/0xa0 fs/ext4/inode.c:5938
__mark_inode_dirty+0x108/0x1060 fs/fs-writeback.c:2097
generic_update_time+0x1a5/0x270 fs/inode.c:1650
update_time fs/inode.c:1666 [inline]
file_update_time+0x262/0x390 fs/inode.c:1877
__generic_file_write_iter+0x1bc/0x540 mm/filemap.c:3112
ext4_file_write_iter+0x4f6/0xe20 fs/ext4/file.c:264
call_write_iter include/linux/fs.h:1782 [inline]
new_sync_write fs/read_write.c:471 [inline]
__vfs_write+0x417/0x5c0 fs/read_write.c:484
vfs_write+0x17f/0x4d0 fs/read_write.c:546
SYSC_write fs/read_write.c:593 [inline]
SyS_write+0xc2/0x1a0 fs/read_write.c:585
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7fd2f185f370
RSP: 002b:00007ffdb47fcd18 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fd2f185f370
RDX: 0000000000000180 RSI: 00007ffdb47fd070 RDI: 0000000000000004
RBP: 0000000000000004 R08: 00007ffdb47fce70 R09: 0000000080000000
R10: 0000000000000008 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00007ffdb47fd070 R14: 0000000000011880 R15: 00007ffdb47fcd30

Showing all locks held in the system:
1 lock held by khungtaskd/23:
#0: (tasklist_lock){.+.+}, at: [<ffffffff96601ef7>]
debug_show_all_locks+0x74/0x20f kernel/locking/lockdep.c:4541
4 locks held by kworker/u4:1/64:
#0: ("writeback"){+.+.}, at: [<ffffffff965275d7>]
process_one_work+0x787/0x15c0 kernel/workqueue.c:2085
#1: ((&(&wb->dwork)->work)){+.+.}, at: [<ffffffff9652760f>]
process_one_work+0x7bf/0x15c0 kernel/workqueue.c:2089
#2: (&type->s_umount_key#34){++++}, at: [<ffffffff96962aba>]
trylock_super+0x1a/0xe0 fs/super.c:402
#3: (&sbi->s_journal_flag_rwsem){.+.+}, at: [<ffffffff96853910>]
do_writepages+0xe0/0x270 mm/page-writeback.c:2341
3 locks held by rs:main Q:Reg/1628:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff969bd322>]
__fdget_pos+0xa2/0xc0 fs/file.c:768
#1: (sb_writers#4){.+.+}, at: [<ffffffff9695bc17>] file_start_write
include/linux/fs.h:2722 [inline]
#1: (sb_writers#4){.+.+}, at: [<ffffffff9695bc17>] vfs_write+0x3d7/0x4d0
fs/read_write.c:545
#2: (&sb->s_type->i_mutex_key#9){+.+.}, at: [<ffffffff96b15149>]
inode_trylock include/linux/fs.h:733 [inline]
#2: (&sb->s_type->i_mutex_key#9){+.+.}, at: [<ffffffff96b15149>]
ext4_file_write_iter+0x1b9/0xe20 fs/ext4/file.c:230
2 locks held by restorecond/1710:
#0: (sb_writers#4){.+.+}, at: [<ffffffff969c55aa>] sb_start_write
include/linux/fs.h:1543 [inline]
#0: (sb_writers#4){.+.+}, at: [<ffffffff969c55aa>]
mnt_want_write+0x3a/0xa0 fs/namespace.c:387
#1: (&sb->s_type->i_mutex_key#9){+.+.}, at: [<ffffffff969d6339>]
inode_lock include/linux/fs.h:713 [inline]
#1: (&sb->s_type->i_mutex_key#9){+.+.}, at: [<ffffffff969d6339>]
vfs_setxattr+0x89/0xe0 fs/xattr.c:219
2 locks held by getty/1758:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff9712ec80>]
tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff9712a1ff>]
n_tty_read+0x1ff/0x15e0 drivers/tty/n_tty.c:2142
2 locks held by init/1828:
#0: (sb_writers#4){.+.+}, at: [<ffffffff9695bc17>] file_start_write
include/linux/fs.h:2722 [inline]
#0: (sb_writers#4){.+.+}, at: [<ffffffff9695bc17>] vfs_write+0x3d7/0x4d0
fs/read_write.c:545
#1: (&sb->s_type->i_mutex_key#9){+.+.}, at: [<ffffffff96b15149>]
inode_trylock include/linux/fs.h:733 [inline]
#1: (&sb->s_type->i_mutex_key#9){+.+.}, at: [<ffffffff96b15149>]
ext4_file_write_iter+0x1b9/0xe20 fs/ext4/file.c:230

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 23 Comm: khungtaskd Not tainted 4.14.73+ #14
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x11b lib/dump_stack.c:53
nmi_cpu_backtrace.cold.0+0x47/0x85 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x121/0x146 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
watchdog+0x574/0xa70 kernel/hung_task.c:252
kthread+0x348/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 1827 Comm: syz-executor844 Not tainted 4.14.73+ #14
task: ffff8801ce3f4680 task.stack: ffff8801ce060000
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:23 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x15/0x60 kernel/kcov.c:65
RSP: 0018:ffff8801ce067678 EFLAGS: 00000282
RAX: ffff8801ce3f4680 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000080000000 RSI: 000000005636b642 RDI: ffff8801c3861032
RBP: 0000000000000001 R08: 00000000e0dc696d R09: 0000000000000000
R10: ffff8801ce3f4fa0 R11: 0000000000000001 R12: ffff8801ce0678f8
R13: ffff8801c3861030 R14: 0000000000000000 R15: ffff8801d0629810
FS: 0000000000e18880(0000) GS:ffff8801dba00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd2f186b330 CR3: 00000001ce230001 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ext4_ext_binsearch fs/ext4/extents.c:819 [inline]
ext4_find_extent+0x49b/0x980 fs/ext4/extents.c:938
get_ext_path fs/ext4/move_extent.c:39 [inline]
mext_check_coverage.constprop.2+0x234/0x3c0 fs/ext4/move_extent.c:106
move_extent_per_page fs/ext4/move_extent.c:333 [inline]
ext4_move_extents+0x17dc/0x2a10 fs/ext4/move_extent.c:681
ext4_ioctl+0x275c/0x35e0 fs/ext4/ioctl.c:765
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x1a0/0x1030 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7e/0xb0 fs/ioctl.c:692
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x440169
RSP: 002b:00007ffe7b446ba8 EFLAGS: 00000217 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440169
RDX: 0000000020000040 RSI: 00000000c028660f RDI: 0000000000000003
RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 00000000004002c8 R11: 0000000000000217 R12: 00000000004019f0
R13: 0000000000401a80 R14: 0000000000000000 R15: 0000000000000000
Code: 21 00 e9 2c fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65
48 8b 04 25 c0 de 01 00 48 85 c0 74 1a 65 8b 15 7b 24 91 69 <81> e2 00 01
1f 00 75 0b 8b 90 a8 11 00 00 83 fa 01 74 01 c3 48

---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

syzbot

unread,

Apr 13, 2019, 8:00:36 PM4/13/19

to syzkaller-a...@googlegroups.com

Hello,

syzbot found the following crash on:

HEAD commit: 36daaf70 UPSTREAM: arm64/syscalls: Move address limit chec..
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=13d9eb11400000
kernel config: https://syzkaller.appspot.com/x/.config?x=d7c5ad58842f6a84
dashboard link: https://syzkaller.appspot.com/bug?extid=a75cd3eb7b315ccc2b5d

compiler: gcc (GCC) 8.0.1 20180413 (experimental)

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1407ec7e400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11033c7e400000

IMPORTANT: if you fix the bug, please add the following tag to the commit:

Reported-by: syzbot+a75cd3...@syzkaller.appspotmail.com

INFO: task kworker/u4:0:6 blocked for more than 140 seconds.
Not tainted 4.9.128+ #42

"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

kworker/u4:0 D24632 6 2 0x80000000

Workqueue: writeback wb_workfn (flush-8:0)

ffff8801da678000 0000000000000000 ffff8801d4c60580 ffff8801da6b2f80
ffff8801db721018 ffff8801da687130 ffffffff827e7bc2 ffff8801da678000
0000000000000000 0000000000000000 0000000000000000 ffff8801db7218f0
Call Trace:
[<ffffffff827e90ef>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
[<ffffffff817e4b65>] wait_transaction_locked+0x1a5/0x230
fs/jbd2/transaction.c:163
[<ffffffff817e5038>] add_transaction_credits+0x408/0x980
fs/jbd2/transaction.c:191
[<ffffffff817e59f0>] start_this_handle+0x340/0xe40
fs/jbd2/transaction.c:361
[<ffffffff817e78a6>] jbd2__journal_start+0x306/0x8b0
fs/jbd2/transaction.c:457
[<ffffffff8178d38c>] __ext4_journal_start_sb+0x10c/0x460
fs/ext4/ext4_jbd2.c:76
[<ffffffff816d5335>] __ext4_journal_start fs/ext4/ext4_jbd2.h:318 [inline]
[<ffffffff816d5335>] ext4_writepages+0xe75/0x2e00 fs/ext4/inode.c:2767
[<ffffffff8143384f>] do_writepages+0xef/0x1d0 mm/page-writeback.c:2331
[<ffffffff8159e6b9>] __writeback_single_inode+0xd9/0x1020
fs/fs-writeback.c:1320
[<ffffffff8159faac>] writeback_sb_inodes+0x4ac/0xe70 fs/fs-writeback.c:1584
[<ffffffff815a056b>] __writeback_inodes_wb+0xfb/0x1e0
fs/fs-writeback.c:1653
[<ffffffff815a0b62>] wb_writeback+0x512/0xbd0 fs/fs-writeback.c:1762
[<ffffffff815a42dc>] wb_check_old_data_flush fs/fs-writeback.c:1877
[inline]
[<ffffffff815a42dc>] wb_do_writeback fs/fs-writeback.c:1901 [inline]
[<ffffffff815a42dc>] wb_workfn+0x8bc/0xe90 fs/fs-writeback.c:1930
[<ffffffff81130bb1>] process_one_work+0x831/0x1530 kernel/workqueue.c:2092
[<ffffffff81131986>] worker_thread+0xd6/0x1140 kernel/workqueue.c:2226
[<ffffffff8114272d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff827f801c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373

Showing all locks held in the system:

4 locks held by kworker/u4:0/6:
#0: ("writeback"){.+.+.+}, at: [<ffffffff81130abc>]
process_one_work+0x73c/0x1530 kernel/workqueue.c:2085
#1: ((&(&wb->dwork)->work)){+.+.+.}, at: [<ffffffff81130af4>]
process_one_work+0x774/0x1530 kernel/workqueue.c:2089
#2: (&type->s_umount_key#32){++++.+}, at: [<ffffffff81514650>]
trylock_super+0x20/0xf0 fs/super.c:393
#3: (&sbi->s_journal_flag_rwsem){.+.+.+}, at: [<ffffffff8143384f>]
do_writepages+0xef/0x1d0 mm/page-writeback.c:2331
2 locks held by khungtaskd/24:
#0: (rcu_read_lock){......}, at: [<ffffffff8131b80c>]
check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff8131b80c>]
watchdog+0x11c/0xa20 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<ffffffff813fded4>]
debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
3 locks held by rs:main Q:Reg/1887:
#0: (&f->f_pos_lock){+.+.+.}, at: [<ffffffff8156c8dc>]
__fdget_pos+0xac/0xd0 fs/file.c:781
#1: (sb_writers#4){.+.+.+}, at: [<ffffffff8150aa5b>] file_start_write
include/linux/fs.h:2640 [inline]
#1: (sb_writers#4){.+.+.+}, at: [<ffffffff8150aa5b>]
vfs_write+0x3eb/0x520 fs/read_write.c:556
#2: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<ffffffff816b2832>]
inode_lock include/linux/fs.h:766 [inline]
#2: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<ffffffff816b2832>]
ext4_file_write_iter+0x122/0xd70 fs/ext4/file.c:100
2 locks held by getty/2017:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff827f5f12>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff81d1fc82>]
n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
2 locks held by init/2148:
#0: (sb_writers#4){.+.+.+}, at: [<ffffffff8150aa5b>] file_start_write
include/linux/fs.h:2640 [inline]
#0: (sb_writers#4){.+.+.+}, at: [<ffffffff8150aa5b>]
vfs_write+0x3eb/0x520 fs/read_write.c:556
#1: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<ffffffff816b2832>]
inode_lock include/linux/fs.h:766 [inline]
#1: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [<ffffffff816b2832>]
ext4_file_write_iter+0x122/0xd70 fs/ext4/file.c:100

=============================================

NMI backtrace for cpu 1

CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.128+ #42
ffff8801d9907d08 ffffffff81b2b9e9 0000000000000000 0000000000000001
0000000000000001 0000000000000001 ffffffff81098180 ffff8801d9907d40
ffffffff81b36af9 0000000000000001 0000000000000000 0000000000000003
Call Trace:
[<ffffffff81b2b9e9>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81b2b9e9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81b36af9>] nmi_cpu_backtrace.cold.0+0x48/0x87
lib/nmi_backtrace.c:99
[<ffffffff81b36a8c>] nmi_trigger_cpumask_backtrace+0x12c/0x151
lib/nmi_backtrace.c:60
[<ffffffff81098284>] arch_trigger_cpumask_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:37
[<ffffffff8131bd9d>] trigger_all_cpu_backtrace include/linux/nmi.h:58
[inline]
[<ffffffff8131bd9d>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff8131bd9d>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff8131bd9d>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
[<ffffffff8114272d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff827f801c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373

Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0

CPU: 0 PID: 2146 Comm: syz-executor541 Not tainted 4.9.128+ #42
task: ffff8801cc0a97c0 task.stack: ffff8801cb308000
RIP: 0010:[<ffffffff817732b3>] c [<ffffffff817732b3>]
ext4_find_extent+0x43/0x940 fs/ext4/extents.c:875
RSP: 0018:ffff8801cb30f640 EFLAGS: 00000a03
RAX: dffffc0000000000 RBX: ffff8801cbf1eac0 RCX: 0000000040000000
RDX: 1ffff100397e3d1a RSI: ffffffff8177329e RDI: ffff8801cbf1e8d6
RBP: ffff8801cb30f6a0 R08: 000000000000000c R09: ffff8801cb30f390
R10: ffffed0039661e65 R11: ffff8801cb30f32f R12: 00000000c37f30da
R13: ffff8801cb30f8f8 R14: ffff8801cbf1e8d0 R15: 0000000000008002
FS: 00000000008fe880(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000

CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: 0000000020000080 CR3: 00000001cb069000 CR4: 00000000001606b0

DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Stack:
ffffed0039661e65 c ffff8801cb30f6f8 c ffff8801cbf1eac0 c c37f30da40000000 c
ffff8801cf481400 c ffff8801cb30f6a0 c ffffffff81772b9e c ffff8801cf481400 c
00000000c37f30da c ffff8801cb30f8f8 c ffff8801cbf1eac0 c 0000000000008002 c
Call Trace:
[<ffffffff817b9526>] get_ext_path fs/ext4/move_extent.c:39 [inline]
[<ffffffff817b9526>] mext_check_coverage.constprop.2+0x256/0x400
fs/ext4/move_extent.c:106
[<ffffffff817baf3b>] move_extent_per_page fs/ext4/move_extent.c:333
[inline]
[<ffffffff817baf3b>] ext4_move_extents+0x17bb/0x2a50
fs/ext4/move_extent.c:681
[<ffffffff816ed29c>] ext4_ioctl+0x27fc/0x3620 fs/ext4/ioctl.c:594
[<ffffffff81546a4c>] vfs_ioctl fs/ioctl.c:43 [inline]
[<ffffffff81546a4c>] file_ioctl fs/ioctl.c:493 [inline]
[<ffffffff81546a4c>] do_vfs_ioctl+0x1ac/0x11a0 fs/ioctl.c:677
[<ffffffff81547acf>] SYSC_ioctl fs/ioctl.c:694 [inline]
[<ffffffff81547acf>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
[<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
[<ffffffff827f7e53>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: c83 cec c38 c48 c89 c7d cb0 c48 c89 c55 ca8 c89 c75 cbc
c89 c4d cb8 ce8 c02 c7f cba cff c49 c8d c7e c06 c48 cb8 c00
c00 c00 c00 c00 cfc cff cdf c48 c89 cfa c48 cc1 cea c03
c<0f> cb6 c14 c02 c48 c89 cf8 c83 ce0 c07 c83 cc0 c01 c38
cd0 c7c c08 c84 cd2 c0f c85 c

Reply all

Reply to author

Forward

0 new messages