INFO: task hung in lo_open
13 views
Skip to first unread message
syzbot
Dec 16, 2017, 1:07:03 PM12/16/17
to ax...@kernel.dk, ha...@suse.de, linux-...@vger.kernel.org, osa...@fb.com, sh...@fb.com, syzkall...@googlegroups.com, tom.l...@gmail.com
Hello,
syzkaller hit the following crash on
6084b576dca2e898f5c101baef151f7bfdbb606d
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
INFO: task syz-executor1:26825 blocked for more than 120 seconds.
Not tainted 4.15.0-rc3-next-20171214+ #67
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor1 D 0 26825 3396 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2800 [inline]
__schedule+0x30b/0xaf0 kernel/sched/core.c:3376
schedule+0x2e/0x90 kernel/sched/core.c:3435
schedule_preempt_disabled+0x10/0x20 kernel/sched/core.c:3493
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x466/0xa00 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
lo_open+0x1b/0x60 drivers/block/loop.c:1571
__blkdev_get+0x4cf/0x660 fs/block_dev.c:1516
blkdev_get+0x196/0x450 fs/block_dev.c:1591
blkdev_open+0xc0/0xf0 fs/block_dev.c:1749
do_dentry_open+0x282/0x410 fs/open.c:752
vfs_open+0x5d/0xb0 fs/open.c:866
do_last fs/namei.c:3397 [inline]
path_openat+0x24c/0x1050 fs/namei.c:3537
do_filp_open+0xaa/0x120 fs/namei.c:3572
do_sys_open+0x280/0x340 fs/open.c:1059
SYSC_open fs/open.c:1077 [inline]
SyS_open+0x2d/0x40 fs/open.c:1072
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x40cd71
RSP: 002b:00007f20b88e9780 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 000000000040cd71
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f20b88e9830
RBP: 0000000000000249 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000207d3000 R11: 0000000000000293 R12: 00000000006f1778
R13: 00000000ffffffff R14: 00007f20b88ea6d4 R15: 0000000000000000
Showing all locks held in the system:
2 locks held by khungtaskd/674:
#0: (rcu_read_lock){....}, at: [<00000000701aa11a>]
check_hung_uninterruptible_tasks kernel/hung_task.c:175 [inline]
#0: (rcu_read_lock){....}, at: [<00000000701aa11a>] watchdog+0xbf/0x750
kernel/hung_task.c:249
#1: (tasklist_lock){.+.+}, at: [<0000000048d3cb51>]
debug_show_all_locks+0x3d/0x1a0 kernel/locking/lockdep.c:4464
1 lock held by rsyslogd/3006:
#0: (&f->f_pos_lock){+.+.}, at: [<00000000dbf4b770>]
__fdget_pos+0x5b/0x70 fs/file.c:765
2 locks held by getty/3129:
#0: (&tty->ldisc_sem){++++}, at: [<0000000008b98074>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
#1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009833cefb>]
n_tty_read+0xce/0xa40 drivers/tty/n_tty.c:2131
2 locks held by getty/3130:
#0: (&tty->ldisc_sem){++++}, at: [<0000000008b98074>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
#1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009833cefb>]
n_tty_read+0xce/0xa40 drivers/tty/n_tty.c:2131
2 locks held by getty/3131:
#0: (&tty->ldisc_sem){++++}, at: [<0000000008b98074>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
#1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009833cefb>]
n_tty_read+0xce/0xa40 drivers/tty/n_tty.c:2131
2 locks held by getty/3132:
#0: (&tty->ldisc_sem){++++}, at: [<0000000008b98074>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
#1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009833cefb>]
n_tty_read+0xce/0xa40 drivers/tty/n_tty.c:2131
2 locks held by getty/3133:
#0: (&tty->ldisc_sem){++++}, at: [<0000000008b98074>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
#1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009833cefb>]
n_tty_read+0xce/0xa40 drivers/tty/n_tty.c:2131
2 locks held by getty/3134:
#0: (&tty->ldisc_sem){++++}, at: [<0000000008b98074>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
#1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009833cefb>]
n_tty_read+0xce/0xa40 drivers/tty/n_tty.c:2131
2 locks held by syz-executor1/26825:
#0: (&bdev->bd_mutex){+.+.}, at: [<00000000b651e965>]
__blkdev_get+0x80/0x660 fs/block_dev.c:1439
#1: (loop_index_mutex){+.+.}, at: [<00000000dc9a11e4>] lo_open+0x1b/0x60
drivers/block/loop.c:1571
2 locks held by syz-executor6/26830:
#0: (loop_index_mutex){+.+.}, at: [<00000000cf288d76>]
loop_control_ioctl+0x25/0x1a0 drivers/block/loop.c:1932
#1: (&lo->lo_ctl_mutex#2){+.+.}, at: [<0000000017c55903>]
loop_control_ioctl+0xe4/0x1a0 drivers/block/loop.c:1946
1 lock held by syz-executor6/26836:
#0: (loop_index_mutex){+.+.}, at: [<00000000cf288d76>]
loop_control_ioctl+0x25/0x1a0 drivers/block/loop.c:1932
1 lock held by syz-executor6/26861:
#0: (loop_index_mutex){+.+.}, at: [<00000000cf288d76>]
loop_control_ioctl+0x25/0x1a0 drivers/block/loop.c:1932
1 lock held by syz-executor6/26866:
#0: (loop_index_mutex){+.+.}, at: [<00000000cf288d76>]
loop_control_ioctl+0x25/0x1a0 drivers/block/loop.c:1932
2 locks held by syz-executor4/26838:
#0: (&lo->lo_ctl_mutex/1){+.+.}, at: [<0000000058c9fe8c>]
lo_ioctl+0x44/0xa40 drivers/block/loop.c:1355
#1: (&bdev->bd_mutex){+.+.}, at: [<00000000a14ac85a>]
blkdev_reread_part+0x1e/0x40 block/ioctl.c:192
1 lock held by syz-executor4/26853:
#0: (&bdev->bd_mutex){+.+.}, at: [<00000000b651e965>]
__blkdev_get+0x80/0x660 fs/block_dev.c:1439
1 lock held by syz-executor4/26858:
#0: (&lo->lo_ctl_mutex/1){+.+.}, at: [<0000000058c9fe8c>]
lo_ioctl+0x44/0xa40 drivers/block/loop.c:1355
1 lock held by syz-executor4/26863:
#0: (&lo->lo_ctl_mutex/1){+.+.}, at: [<0000000058c9fe8c>]
lo_ioctl+0x44/0xa40 drivers/block/loop.c:1355
1 lock held by syz-executor3/26839:
#0: (loop_index_mutex){+.+.}, at: [<00000000cf288d76>]
loop_control_ioctl+0x25/0x1a0 drivers/block/loop.c:1932
1 lock held by syz-executor3/26849:
#0: (loop_index_mutex){+.+.}, at: [<00000000cf288d76>]
loop_control_ioctl+0x25/0x1a0 drivers/block/loop.c:1932
1 lock held by syz-executor3/26860:
#0: (loop_index_mutex){+.+.}, at: [<00000000cf288d76>]
loop_control_ioctl+0x25/0x1a0 drivers/block/loop.c:1932
2 locks held by getty/26882:
#0: (&tty->ldisc_sem){++++}, at: [<0000000008b98074>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
#1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009833cefb>]
n_tty_read+0xce/0xa40 drivers/tty/n_tty.c:2131
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 674 Comm: khungtaskd Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xe9/0x14b lib/dump_stack.c:53
nmi_cpu_backtrace+0x149/0x150 lib/nmi_backtrace.c:103
nmi_trigger_cpumask_backtrace+0x101/0x150 lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
check_hung_task kernel/hung_task.c:132 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:190 [inline]
watchdog+0x562/0x750 kernel/hung_task.c:249
kthread+0x149/0x170 kernel/kthread.c:238
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
arch/x86/include/asm/irqflags.h:54
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is merged into any tree, reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
syzkaller hit the following crash on
6084b576dca2e898f5c101baef151f7bfdbb606d
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
INFO: task syz-executor1:26825 blocked for more than 120 seconds.
Not tainted 4.15.0-rc3-next-20171214+ #67
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor1 D 0 26825 3396 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2800 [inline]
__schedule+0x30b/0xaf0 kernel/sched/core.c:3376
schedule+0x2e/0x90 kernel/sched/core.c:3435
schedule_preempt_disabled+0x10/0x20 kernel/sched/core.c:3493
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x466/0xa00 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
lo_open+0x1b/0x60 drivers/block/loop.c:1571
__blkdev_get+0x4cf/0x660 fs/block_dev.c:1516
blkdev_get+0x196/0x450 fs/block_dev.c:1591
blkdev_open+0xc0/0xf0 fs/block_dev.c:1749
do_dentry_open+0x282/0x410 fs/open.c:752
vfs_open+0x5d/0xb0 fs/open.c:866
do_last fs/namei.c:3397 [inline]
path_openat+0x24c/0x1050 fs/namei.c:3537
do_filp_open+0xaa/0x120 fs/namei.c:3572
do_sys_open+0x280/0x340 fs/open.c:1059
SYSC_open fs/open.c:1077 [inline]
SyS_open+0x2d/0x40 fs/open.c:1072
entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x40cd71
RSP: 002b:00007f20b88e9780 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 000000000040cd71
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f20b88e9830
RBP: 0000000000000249 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000207d3000 R11: 0000000000000293 R12: 00000000006f1778
R13: 00000000ffffffff R14: 00007f20b88ea6d4 R15: 0000000000000000
Showing all locks held in the system:
2 locks held by khungtaskd/674:
#0: (rcu_read_lock){....}, at: [<00000000701aa11a>]
check_hung_uninterruptible_tasks kernel/hung_task.c:175 [inline]
#0: (rcu_read_lock){....}, at: [<00000000701aa11a>] watchdog+0xbf/0x750
kernel/hung_task.c:249
#1: (tasklist_lock){.+.+}, at: [<0000000048d3cb51>]
debug_show_all_locks+0x3d/0x1a0 kernel/locking/lockdep.c:4464
1 lock held by rsyslogd/3006:
#0: (&f->f_pos_lock){+.+.}, at: [<00000000dbf4b770>]
__fdget_pos+0x5b/0x70 fs/file.c:765
2 locks held by getty/3129:
#0: (&tty->ldisc_sem){++++}, at: [<0000000008b98074>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
#1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009833cefb>]
n_tty_read+0xce/0xa40 drivers/tty/n_tty.c:2131
2 locks held by getty/3130:
#0: (&tty->ldisc_sem){++++}, at: [<0000000008b98074>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
#1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009833cefb>]
n_tty_read+0xce/0xa40 drivers/tty/n_tty.c:2131
2 locks held by getty/3131:
#0: (&tty->ldisc_sem){++++}, at: [<0000000008b98074>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
#1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009833cefb>]
n_tty_read+0xce/0xa40 drivers/tty/n_tty.c:2131
2 locks held by getty/3132:
#0: (&tty->ldisc_sem){++++}, at: [<0000000008b98074>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
#1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009833cefb>]
n_tty_read+0xce/0xa40 drivers/tty/n_tty.c:2131
2 locks held by getty/3133:
#0: (&tty->ldisc_sem){++++}, at: [<0000000008b98074>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
#1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009833cefb>]
n_tty_read+0xce/0xa40 drivers/tty/n_tty.c:2131
2 locks held by getty/3134:
#0: (&tty->ldisc_sem){++++}, at: [<0000000008b98074>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
#1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009833cefb>]
n_tty_read+0xce/0xa40 drivers/tty/n_tty.c:2131
2 locks held by syz-executor1/26825:
#0: (&bdev->bd_mutex){+.+.}, at: [<00000000b651e965>]
__blkdev_get+0x80/0x660 fs/block_dev.c:1439
#1: (loop_index_mutex){+.+.}, at: [<00000000dc9a11e4>] lo_open+0x1b/0x60
drivers/block/loop.c:1571
2 locks held by syz-executor6/26830:
#0: (loop_index_mutex){+.+.}, at: [<00000000cf288d76>]
loop_control_ioctl+0x25/0x1a0 drivers/block/loop.c:1932
#1: (&lo->lo_ctl_mutex#2){+.+.}, at: [<0000000017c55903>]
loop_control_ioctl+0xe4/0x1a0 drivers/block/loop.c:1946
1 lock held by syz-executor6/26836:
#0: (loop_index_mutex){+.+.}, at: [<00000000cf288d76>]
loop_control_ioctl+0x25/0x1a0 drivers/block/loop.c:1932
1 lock held by syz-executor6/26861:
#0: (loop_index_mutex){+.+.}, at: [<00000000cf288d76>]
loop_control_ioctl+0x25/0x1a0 drivers/block/loop.c:1932
1 lock held by syz-executor6/26866:
#0: (loop_index_mutex){+.+.}, at: [<00000000cf288d76>]
loop_control_ioctl+0x25/0x1a0 drivers/block/loop.c:1932
2 locks held by syz-executor4/26838:
#0: (&lo->lo_ctl_mutex/1){+.+.}, at: [<0000000058c9fe8c>]
lo_ioctl+0x44/0xa40 drivers/block/loop.c:1355
#1: (&bdev->bd_mutex){+.+.}, at: [<00000000a14ac85a>]
blkdev_reread_part+0x1e/0x40 block/ioctl.c:192
1 lock held by syz-executor4/26853:
#0: (&bdev->bd_mutex){+.+.}, at: [<00000000b651e965>]
__blkdev_get+0x80/0x660 fs/block_dev.c:1439
1 lock held by syz-executor4/26858:
#0: (&lo->lo_ctl_mutex/1){+.+.}, at: [<0000000058c9fe8c>]
lo_ioctl+0x44/0xa40 drivers/block/loop.c:1355
1 lock held by syz-executor4/26863:
#0: (&lo->lo_ctl_mutex/1){+.+.}, at: [<0000000058c9fe8c>]
lo_ioctl+0x44/0xa40 drivers/block/loop.c:1355
1 lock held by syz-executor3/26839:
#0: (loop_index_mutex){+.+.}, at: [<00000000cf288d76>]
loop_control_ioctl+0x25/0x1a0 drivers/block/loop.c:1932
1 lock held by syz-executor3/26849:
#0: (loop_index_mutex){+.+.}, at: [<00000000cf288d76>]
loop_control_ioctl+0x25/0x1a0 drivers/block/loop.c:1932
1 lock held by syz-executor3/26860:
#0: (loop_index_mutex){+.+.}, at: [<00000000cf288d76>]
loop_control_ioctl+0x25/0x1a0 drivers/block/loop.c:1932
2 locks held by getty/26882:
#0: (&tty->ldisc_sem){++++}, at: [<0000000008b98074>]
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
#1: (&ldata->atomic_read_lock){+.+.}, at: [<000000009833cefb>]
n_tty_read+0xce/0xa40 drivers/tty/n_tty.c:2131
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 674 Comm: khungtaskd Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xe9/0x14b lib/dump_stack.c:53
nmi_cpu_backtrace+0x149/0x150 lib/nmi_backtrace.c:103
nmi_trigger_cpumask_backtrace+0x101/0x150 lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
check_hung_task kernel/hung_task.c:132 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:190 [inline]
watchdog+0x562/0x750 kernel/hung_task.c:249
kthread+0x149/0x170 kernel/kthread.c:238
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
arch/x86/include/asm/irqflags.h:54
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is merged into any tree, reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
Dmitry Vyukov
Feb 14, 2018, 9:52:00 AM2/14/18
to syzbot, syzkall...@googlegroups.com
old bug bankruptcy
#syz invalid
On Sat, Dec 16, 2017 at 7:07 PM, syzbot
<bot+44effc70e26d149b5c...@syzkaller.appspotmail.com>
wrote:
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/001a113f861ed3db37056078fb54%40google.com.
> For more options, visit https://groups.google.com/d/optout.
#syz invalid
On Sat, Dec 16, 2017 at 7:07 PM, syzbot
<bot+44effc70e26d149b5c...@syzkaller.appspotmail.com>
wrote:
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/001a113f861ed3db37056078fb54%40google.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages