INFO: task hung in d_alloc_parallel
14 views
Skip to first unread message
syzbot
May 1, 2020, 4:49:12 PM5/1/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 76567537 Linux 4.19.119
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11dc2f90100000
kernel config: https://syzkaller.appspot.com/x/.config?x=dd6adfe2dd5d771
dashboard link: https://syzkaller.appspot.com/bug?extid=a0d1743d239c1544a3f7
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=176bec4c100000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a0d174...@syzkaller.appspotmail.com
NOHZ: local_softirq_pending 08
INFO: task syz-executor.3:13911 blocked for more than 140 seconds.
Not tainted 4.19.119-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3 D28880 13911 6458 0x00000000
Call Trace:
schedule+0x8d/0x1b0 kernel/sched/core.c:3559
d_wait_lookup fs/dcache.c:2428 [inline]
d_alloc_parallel+0x1132/0x1ad0 fs/dcache.c:2510
lookup_open+0x4dc/0x19b0 fs/namei.c:3148
do_last fs/namei.c:3327 [inline]
path_openat+0x1d30/0x4200 fs/namei.c:3537
do_filp_open+0x1a1/0x280 fs/namei.c:3567
do_sys_open+0x3c0/0x500 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c829
Code: Bad RIP value.
RSP: 002b:00007f85b3abac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00000000004f6800 RCX: 000000000045c829
RDX: 0000000000000049 RSI: 00000000000a8482 RDI: 0000000020000000
RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000773 R14: 000000000052515f R15: 00007f85b3abb6d4
Showing all locks held in the system:
4 locks held by kworker/u4:4/323:
1 lock held by khungtaskd/1075:
#0: 00000000e76484a6 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4440
1 lock held by systemd-journal/3690:
#0: 000000008c2f66b9 (&rq->lock){-.-.}, at: rq_lock kernel/sched/sched.h:1823 [inline]
#0: 000000008c2f66b9 (&rq->lock){-.-.}, at: __schedule+0x1f8/0x1d80 kernel/sched/core.c:3453
1 lock held by in:imklog/6187:
#0: 000000006207f6e9 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xe3/0x100 fs/file.c:767
2 locks held by syz-executor.3/13873:
#0: 0000000030c99d3f (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 0000000030c99d3f (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 0000000030c99d3f (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#1: 000000005623833d (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
2 locks held by syz-executor.3/13911:
#0: 00000000cb303864 (sb_writers#16){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 00000000cb303864 (sb_writers#16){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
#1: 0000000030c99d3f (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#1: 0000000030c99d3f (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#1: 0000000030c99d3f (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
2 locks held by syz-executor.2/18480:
#0: 00000000415dfea4 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000415dfea4 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000415dfea4 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#1: 00000000ccfba7d0 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
2 locks held by syz-executor.2/18497:
#0: 000000004e1f6119 (sb_writers#16){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 000000004e1f6119 (sb_writers#16){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
#1: 00000000415dfea4 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#1: 00000000415dfea4 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#1: 00000000415dfea4 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
1 lock held by syz-executor.5/19520:
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline]
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: lock_mount+0x8a/0x2f0 fs/namespace.c:2039
2 locks held by syz-executor.5/19521:
#0: 000000008e745868 (sb_writers#16){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 000000008e745868 (sb_writers#16){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
#1: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#1: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#1: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
1 lock held by syz-executor.5/19526:
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
2 locks held by syz-executor.5/19502:
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#1: 00000000145bd8ed (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
1 lock held by syz-executor.0/19552:
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline]
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: lock_mount+0x8a/0x2f0 fs/namespace.c:2039
1 lock held by syz-executor.0/19557:
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
1 lock held by syz-executor.2/19554:
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline]
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: lock_mount+0x8a/0x2f0 fs/namespace.c:2039
2 locks held by syz-executor.2/19555:
#0: 00000000970ba634 (sb_writers#16){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 00000000970ba634 (sb_writers#16){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
#1: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#1: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#1: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
1 lock held by syz-executor.2/19564:
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
2 locks held by syz-executor.2/19518:
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#1: 000000003874a7d1 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
2 locks held by syz-executor.0/19523:
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#1: 00000000902da5fe (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
1 lock held by syz-executor.3/19566:
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline]
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: lock_mount+0x8a/0x2f0 fs/namespace.c:2039
1 lock held by syz-executor.3/19569:
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
2 locks held by syz-executor.3/19538:
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#1: 00000000d110ea06 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
1 lock held by syz-executor.1/19584:
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline]
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: lock_mount+0x8a/0x2f0 fs/namespace.c:2039
2 locks held by syz-executor.1/19585:
#0: 000000005f2008da (sb_writers#16){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 000000005f2008da (sb_writers#16){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
#1: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#1: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#1: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
1 lock held by syz-executor.1/19586:
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
2 locks held by syz-executor.1/19551:
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#1: 000000006cd8147e (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
3 locks held by syz-executor.4/19578:
#0: 00000000751d226a (sb_writers#16){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 00000000751d226a (sb_writers#16){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
#1: 00000000434ab6f2 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#1: 00000000434ab6f2 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#1: 00000000434ab6f2 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#2: 00000000d8f8ce20 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
2 locks held by syz-executor.4/19591:
#0: 000000008c2f66b9 (&rq->lock){-.-.}, at: rq_lock kernel/sched/sched.h:1823 [inline]
#0: 000000008c2f66b9 (&rq->lock){-.-.}, at: __schedule+0x1f8/0x1d80 kernel/sched/core.c:3453
#1: 00000000e76484a6 (rcu_read_lock){....}, at: trace_sched_stat_runtime include/trace/events/sched.h:428 [inline]
#1: 00000000e76484a6 (rcu_read_lock){....}, at: update_curr+0x2c3/0x870 kernel/sched/fair.c:857
1 lock held by syz-executor.4/19583:
#0: 00000000434ab6f2 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000434ab6f2 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000434ab6f2 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 1075 Comm: khungtaskd Not tainted 4.19.119-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1a6/0x1eb lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
watchdog+0x962/0xe40 kernel/hung_task.c:287
kthread+0x34a/0x420 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 323 Comm: kworker/u4:4 Not tainted 4.19.119-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
RIP: 0010:write_comp_data+0x1e/0x70 kernel/kcov.c:122
Code: 48 89 11 c3 0f 1f 84 00 00 00 00 00 65 4c 8b 04 25 40 ee 01 00 65 8b 05 f0 23 9a 7e a9 00 01 1f 00 75 51 41 8b 80 d8 12 00 00 <83> f8 03 75 45 49 8b 80 e0 12 00 00 45 8b 80 dc 12 00 00 4c 8b 08
RSP: 0018:ffff8880a9767b68 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff8357a833
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000005
RBP: ffffffff87cb0320 R08: ffff8880a97741c0 R09: ffffed1015cc4733
R10: ffffed1015cc4732 R11: ffff8880ae623993 R12: 0000000000000000
R13: ffffffff87cb02e0 R14: ffff8880a09b0dc0 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f93f737c9d0 CR3: 00000000a7ae5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
check_preemption_disabled+0x33/0x280 lib/smp_processor_id.c:15
rcu_dynticks_curr_cpu_in_eqs+0x12/0xa0 kernel/rcu/tree.c:348
rcu_is_watching+0xc/0x20 kernel/rcu/tree.c:1025
rcu_read_unlock include/linux/rcupdate.h:677 [inline]
batadv_iv_ogm_slide_own_bcast_window net/batman-adv/bat_iv_ogm.c:952 [inline]
batadv_iv_ogm_schedule_buff+0x9f7/0x1220 net/batman-adv/bat_iv_ogm.c:1006
batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:1050 [inline]
batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:1043 [inline]
batadv_iv_send_outstanding_bat_ogm_packet+0x5e0/0x7a0 net/batman-adv/bat_iv_ogm.c:1869
process_one_work+0x91f/0x1640 kernel/workqueue.c:2155
worker_thread+0x96/0xe20 kernel/workqueue.c:2298
kthread+0x34a/0x420 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 76567537 Linux 4.19.119
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11dc2f90100000
kernel config: https://syzkaller.appspot.com/x/.config?x=dd6adfe2dd5d771
dashboard link: https://syzkaller.appspot.com/bug?extid=a0d1743d239c1544a3f7
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=176bec4c100000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a0d174...@syzkaller.appspotmail.com
NOHZ: local_softirq_pending 08
INFO: task syz-executor.3:13911 blocked for more than 140 seconds.
Not tainted 4.19.119-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3 D28880 13911 6458 0x00000000
Call Trace:
schedule+0x8d/0x1b0 kernel/sched/core.c:3559
d_wait_lookup fs/dcache.c:2428 [inline]
d_alloc_parallel+0x1132/0x1ad0 fs/dcache.c:2510
lookup_open+0x4dc/0x19b0 fs/namei.c:3148
do_last fs/namei.c:3327 [inline]
path_openat+0x1d30/0x4200 fs/namei.c:3537
do_filp_open+0x1a1/0x280 fs/namei.c:3567
do_sys_open+0x3c0/0x500 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c829
Code: Bad RIP value.
RSP: 002b:00007f85b3abac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00000000004f6800 RCX: 000000000045c829
RDX: 0000000000000049 RSI: 00000000000a8482 RDI: 0000000020000000
RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000773 R14: 000000000052515f R15: 00007f85b3abb6d4
Showing all locks held in the system:
4 locks held by kworker/u4:4/323:
1 lock held by khungtaskd/1075:
#0: 00000000e76484a6 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4440
1 lock held by systemd-journal/3690:
#0: 000000008c2f66b9 (&rq->lock){-.-.}, at: rq_lock kernel/sched/sched.h:1823 [inline]
#0: 000000008c2f66b9 (&rq->lock){-.-.}, at: __schedule+0x1f8/0x1d80 kernel/sched/core.c:3453
1 lock held by in:imklog/6187:
#0: 000000006207f6e9 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xe3/0x100 fs/file.c:767
2 locks held by syz-executor.3/13873:
#0: 0000000030c99d3f (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 0000000030c99d3f (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 0000000030c99d3f (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#1: 000000005623833d (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
2 locks held by syz-executor.3/13911:
#0: 00000000cb303864 (sb_writers#16){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 00000000cb303864 (sb_writers#16){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
#1: 0000000030c99d3f (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#1: 0000000030c99d3f (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#1: 0000000030c99d3f (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
2 locks held by syz-executor.2/18480:
#0: 00000000415dfea4 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000415dfea4 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000415dfea4 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#1: 00000000ccfba7d0 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
2 locks held by syz-executor.2/18497:
#0: 000000004e1f6119 (sb_writers#16){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 000000004e1f6119 (sb_writers#16){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
#1: 00000000415dfea4 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#1: 00000000415dfea4 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#1: 00000000415dfea4 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
1 lock held by syz-executor.5/19520:
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline]
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: lock_mount+0x8a/0x2f0 fs/namespace.c:2039
2 locks held by syz-executor.5/19521:
#0: 000000008e745868 (sb_writers#16){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 000000008e745868 (sb_writers#16){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
#1: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#1: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#1: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
1 lock held by syz-executor.5/19526:
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
2 locks held by syz-executor.5/19502:
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000ddc81dae (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#1: 00000000145bd8ed (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
1 lock held by syz-executor.0/19552:
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline]
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: lock_mount+0x8a/0x2f0 fs/namespace.c:2039
1 lock held by syz-executor.0/19557:
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
1 lock held by syz-executor.2/19554:
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline]
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: lock_mount+0x8a/0x2f0 fs/namespace.c:2039
2 locks held by syz-executor.2/19555:
#0: 00000000970ba634 (sb_writers#16){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 00000000970ba634 (sb_writers#16){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
#1: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#1: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#1: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
1 lock held by syz-executor.2/19564:
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
2 locks held by syz-executor.2/19518:
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000e9b098a8 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#1: 000000003874a7d1 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
2 locks held by syz-executor.0/19523:
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 000000001a85fc12 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#1: 00000000902da5fe (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
1 lock held by syz-executor.3/19566:
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline]
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: lock_mount+0x8a/0x2f0 fs/namespace.c:2039
1 lock held by syz-executor.3/19569:
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
2 locks held by syz-executor.3/19538:
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 000000002330b0ca (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#1: 00000000d110ea06 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
1 lock held by syz-executor.1/19584:
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: inode_lock include/linux/fs.h:748 [inline]
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: lock_mount+0x8a/0x2f0 fs/namespace.c:2039
2 locks held by syz-executor.1/19585:
#0: 000000005f2008da (sb_writers#16){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 000000005f2008da (sb_writers#16){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
#1: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#1: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#1: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
1 lock held by syz-executor.1/19586:
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
2 locks held by syz-executor.1/19551:
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000e2fc445e (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#1: 000000006cd8147e (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
3 locks held by syz-executor.4/19578:
#0: 00000000751d226a (sb_writers#16){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 00000000751d226a (sb_writers#16){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
#1: 00000000434ab6f2 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#1: 00000000434ab6f2 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#1: 00000000434ab6f2 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
#2: 00000000d8f8ce20 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365
2 locks held by syz-executor.4/19591:
#0: 000000008c2f66b9 (&rq->lock){-.-.}, at: rq_lock kernel/sched/sched.h:1823 [inline]
#0: 000000008c2f66b9 (&rq->lock){-.-.}, at: __schedule+0x1f8/0x1d80 kernel/sched/core.c:3453
#1: 00000000e76484a6 (rcu_read_lock){....}, at: trace_sched_stat_runtime include/trace/events/sched.h:428 [inline]
#1: 00000000e76484a6 (rcu_read_lock){....}, at: update_curr+0x2c3/0x870 kernel/sched/fair.c:857
1 lock held by syz-executor.4/19583:
#0: 00000000434ab6f2 (&type->i_mutex_dir_key#8){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000434ab6f2 (&type->i_mutex_dir_key#8){++++}, at: do_last fs/namei.c:3326 [inline]
#0: 00000000434ab6f2 (&type->i_mutex_dir_key#8){++++}, at: path_openat+0x1d18/0x4200 fs/namei.c:3537
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 1075 Comm: khungtaskd Not tainted 4.19.119-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1a6/0x1eb lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
watchdog+0x962/0xe40 kernel/hung_task.c:287
kthread+0x34a/0x420 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 323 Comm: kworker/u4:4 Not tainted 4.19.119-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
RIP: 0010:write_comp_data+0x1e/0x70 kernel/kcov.c:122
Code: 48 89 11 c3 0f 1f 84 00 00 00 00 00 65 4c 8b 04 25 40 ee 01 00 65 8b 05 f0 23 9a 7e a9 00 01 1f 00 75 51 41 8b 80 d8 12 00 00 <83> f8 03 75 45 49 8b 80 e0 12 00 00 45 8b 80 dc 12 00 00 4c 8b 08
RSP: 0018:ffff8880a9767b68 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff8357a833
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000005
RBP: ffffffff87cb0320 R08: ffff8880a97741c0 R09: ffffed1015cc4733
R10: ffffed1015cc4732 R11: ffff8880ae623993 R12: 0000000000000000
R13: ffffffff87cb02e0 R14: ffff8880a09b0dc0 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f93f737c9d0 CR3: 00000000a7ae5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
check_preemption_disabled+0x33/0x280 lib/smp_processor_id.c:15
rcu_dynticks_curr_cpu_in_eqs+0x12/0xa0 kernel/rcu/tree.c:348
rcu_is_watching+0xc/0x20 kernel/rcu/tree.c:1025
rcu_read_unlock include/linux/rcupdate.h:677 [inline]
batadv_iv_ogm_slide_own_bcast_window net/batman-adv/bat_iv_ogm.c:952 [inline]
batadv_iv_ogm_schedule_buff+0x9f7/0x1220 net/batman-adv/bat_iv_ogm.c:1006
batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:1050 [inline]
batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:1043 [inline]
batadv_iv_send_outstanding_bat_ogm_packet+0x5e0/0x7a0 net/batman-adv/bat_iv_ogm.c:1869
process_one_work+0x91f/0x1640 kernel/workqueue.c:2155
worker_thread+0x96/0xe20 kernel/workqueue.c:2298
kthread+0x34a/0x420 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Aug 28, 2022, 10:35:29 PM8/28/22
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1577901b080000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=a0d1743d239c1544a3f7
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12ff1333080000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=169c59e7080000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a0d174...@syzkaller.appspotmail.com
loop5: rw=0, want=5150853156, limit=272
attempt to access beyond end of device
attempt to access beyond end of device
loop5: rw=0, want=1802385994, limit=272
loop2: rw=0, want=1802385994, limit=272
INFO: task syz-executor106:8134 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
d_wait_lookup fs/dcache.c:2430 [inline]
d_alloc_parallel+0x1292/0x19e0 fs/dcache.c:2512
__lookup_slow+0x18d/0x4a0 fs/namei.c:1655
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fcb80b98c29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcb80b242f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fcb80c1d4b0 RCX: 00007fcb80b98c29
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000000
RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 00007fcb80bea0c8
R13: 00000000200011c0 R14: 000000807fffffff R15: 00007fcb80c1d4b8
INFO: task syz-executor106:8138 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
d_wait_lookup fs/dcache.c:2430 [inline]
d_alloc_parallel+0x1292/0x19e0 fs/dcache.c:2512
__lookup_slow+0x18d/0x4a0 fs/namei.c:1655
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fcb80b98c29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcb80b242f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fcb80c1d4b0 RCX: 00007fcb80b98c29
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000000
RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 00007fcb80bea0c8
R13: 00000000200011c0 R14: 000000807fffffff R15: 00007fcb80c1d4b8
INFO: task syz-executor106:8136 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
d_wait_lookup fs/dcache.c:2430 [inline]
d_alloc_parallel+0x1292/0x19e0 fs/dcache.c:2512
__lookup_slow+0x18d/0x4a0 fs/namei.c:1655
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fcb80b98c29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcb80b242f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fcb80c1d4b0 RCX: 00007fcb80b98c29
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000000
RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 00007fcb80bea0c8
R13: 00000000200011c0 R14: 000000807fffffff R15: 00007fcb80c1d4b8
INFO: task syz-executor106:8140 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
d_wait_lookup fs/dcache.c:2430 [inline]
d_alloc_parallel+0x1292/0x19e0 fs/dcache.c:2512
__lookup_slow+0x18d/0x4a0 fs/namei.c:1655
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fcb80b98c29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcb80b242f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fcb80c1d4b0 RCX: 00007fcb80b98c29
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000000
RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 00007fcb80bea0c8
R13: 00000000200011c0 R14: 000000807fffffff R15: 00007fcb80c1d4b8
INFO: task syz-executor106:8142 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
d_wait_lookup fs/dcache.c:2430 [inline]
d_alloc_parallel+0x1292/0x19e0 fs/dcache.c:2512
__lookup_slow+0x18d/0x4a0 fs/namei.c:1655
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fcb80b98c29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcb80b242f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fcb80c1d4b0 RCX: 00007fcb80b98c29
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000000
RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 00007fcb80bea0c8
R13: 00000000200011c0 R14: 000000807fffffff R15: 00007fcb80c1d4b8
INFO: task syz-executor106:8151 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
d_wait_lookup fs/dcache.c:2430 [inline]
d_alloc_parallel+0x1292/0x19e0 fs/dcache.c:2512
__lookup_slow+0x18d/0x4a0 fs/namei.c:1655
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fcb80b98c29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcb80b242f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fcb80c1d4b0 RCX: 00007fcb80b98c29
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000000
RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 00007fcb80bea0c8
R13: 00000000200011c0 R14: 000000807fffffff R15: 00007fcb80c1d4b8
Showing all locks held in the system:
1 lock held by khungtaskd/1570:
#0: 000000009c8c953a (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441
1 lock held by kswapd0/1968:
1 lock held by kswapd1/1969:
1 lock held by in:imklog/7747:
#0: 000000008723a080 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767
1 lock held by syz-executor106/8111:
1 lock held by syz-executor106/8134:
#0: 00000000467baf6d (&type->i_mutex_dir_key#7){.+.+}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000467baf6d (&type->i_mutex_dir_key#7){.+.+}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000467baf6d (&type->i_mutex_dir_key#7){.+.+}, at: walk_component+0x798/0xda0 fs/namei.c:1811
2 locks held by syz-executor106/8119:
1 lock held by syz-executor106/8138:
#0: 00000000367b3ef2 (&type->i_mutex_dir_key#7){.+.+}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000367b3ef2 (&type->i_mutex_dir_key#7){.+.+}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000367b3ef2 (&type->i_mutex_dir_key#7){.+.+}, at: walk_component+0x798/0xda0 fs/namei.c:1811
2 locks held by syz-executor106/8112:
1 lock held by syz-executor106/8136:
#0: 00000000493ba0f7 (&type->i_mutex_dir_key#7){.+.+}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000493ba0f7 (&type->i_mutex_dir_key#7){.+.+}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000493ba0f7 (&type->i_mutex_dir_key#7){.+.+}, at: walk_component+0x798/0xda0 fs/namei.c:1811
1 lock held by syz-executor106/8120:
1 lock held by syz-executor106/8140:
#0: 0000000050970ca5 (&type->i_mutex_dir_key#7){.+.+}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 0000000050970ca5 (&type->i_mutex_dir_key#7){.+.+}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 0000000050970ca5 (&type->i_mutex_dir_key#7){.+.+}, at: walk_component+0x798/0xda0 fs/namei.c:1811
1 lock held by syz-executor106/8125:
1 lock held by syz-executor106/8142:
#0: 00000000e8b3b783 (&type->i_mutex_dir_key#7){.+.+}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000e8b3b783 (&type->i_mutex_dir_key#7){.+.+}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000e8b3b783 (&type->i_mutex_dir_key#7){.+.+}, at: walk_component+0x798/0xda0 fs/namei.c:1811
1 lock held by syz-executor106/8146:
1 lock held by syz-executor106/8151:
#0: 00000000ce5fd961 (&type->i_mutex_dir_key#7){.+.+}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000ce5fd961 (&type->i_mutex_dir_key#7){.+.+}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000ce5fd961 (&type->i_mutex_dir_key#7){.+.+}, at: walk_component+0x798/0xda0 fs/namei.c:1811
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 1570 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62
kthread+0x33f/0x460 kernel/kthread.c:259
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
RIP: 0010:deref_stack_reg+0xe/0x1d0 arch/x86/kernel/unwind_orc.c:330
Code: ff ff ff 4c 89 ef e8 21 e6 6e 00 0f b6 44 24 04 eb a0 66 2e 0f 1f 84 00 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 41 56 41 55 <49> 89 d5 41 54 49 89 fc 55 48 89 f5 53 48 83 ec 68 48 c7 44 24 08
RSP: 0018:ffff8880b0d7f168 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: 1ffff110161afe39 RCX: ffff8880b0d7f660
RDX: ffff8880b0d7f2f8 RSI: ffff8880b0d7f688 RDI: ffff8880b0d7f2b0
RBP: 0000000000000001 R08: ffffffff8b97baf4 R09: ffffffff8b97bacc
R10: ffff8880b0d7f30f R11: 0000000000074071 R12: ffff8880b0d7f2f8
R13: ffff8880b0d7f2e5 R14: ffff8880b0d7f2b0 R15: ffffffff8b97baf0
FS: 0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
__save_stack_trace+0x9f/0x190 arch/x86/kernel/stacktrace.c:44
save_stack mm/kasan/kasan.c:448 [inline]
set_track mm/kasan/kasan.c:460 [inline]
__kasan_slab_free+0x126/0x1f0 mm/kasan/kasan.c:521
__cache_free mm/slab.c:3503 [inline]
kmem_cache_free+0x7f/0x260 mm/slab.c:3765
free_buffer_head+0x4a/0xf0 fs/buffer.c:3387
try_to_free_buffers+0x38b/0x5d0 fs/buffer.c:3302
try_to_release_page+0x263/0x390 mm/filemap.c:3359
shrink_page_list+0x3abc/0x59d0 mm/vmscan.c:1413
shrink_inactive_list+0x4f4/0x1820 mm/vmscan.c:1950
shrink_list mm/vmscan.c:2254 [inline]
shrink_node_memcg+0x5b9/0x1450 mm/vmscan.c:2522
shrink_node.isra.0+0x25d/0x1300 mm/vmscan.c:2745
kswapd_shrink_node mm/vmscan.c:3467 [inline]
balance_pgdat mm/vmscan.c:3577 [inline]
kswapd+0xb8d/0x1840 mm/vmscan.c:3801
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1577901b080000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=a0d1743d239c1544a3f7
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12ff1333080000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=169c59e7080000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a0d174...@syzkaller.appspotmail.com
loop5: rw=0, want=5150853156, limit=272
attempt to access beyond end of device
attempt to access beyond end of device
loop5: rw=0, want=1802385994, limit=272
loop2: rw=0, want=1802385994, limit=272
INFO: task syz-executor106:8134 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor106 D28712 8134 8107 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
d_wait_lookup fs/dcache.c:2430 [inline]
d_alloc_parallel+0x1292/0x19e0 fs/dcache.c:2512
__lookup_slow+0x18d/0x4a0 fs/namei.c:1655
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fcb80b98c29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcb80b242f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fcb80c1d4b0 RCX: 00007fcb80b98c29
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000000
RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 00007fcb80bea0c8
R13: 00000000200011c0 R14: 000000807fffffff R15: 00007fcb80c1d4b8
INFO: task syz-executor106:8138 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor106 D28712 8138 8105 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
d_wait_lookup fs/dcache.c:2430 [inline]
d_alloc_parallel+0x1292/0x19e0 fs/dcache.c:2512
__lookup_slow+0x18d/0x4a0 fs/namei.c:1655
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fcb80b98c29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcb80b242f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fcb80c1d4b0 RCX: 00007fcb80b98c29
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000000
RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 00007fcb80bea0c8
R13: 00000000200011c0 R14: 000000807fffffff R15: 00007fcb80c1d4b8
INFO: task syz-executor106:8136 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor106 D28696 8136 8103 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
d_wait_lookup fs/dcache.c:2430 [inline]
d_alloc_parallel+0x1292/0x19e0 fs/dcache.c:2512
__lookup_slow+0x18d/0x4a0 fs/namei.c:1655
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fcb80b98c29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcb80b242f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fcb80c1d4b0 RCX: 00007fcb80b98c29
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000000
RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 00007fcb80bea0c8
R13: 00000000200011c0 R14: 000000807fffffff R15: 00007fcb80c1d4b8
INFO: task syz-executor106:8140 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor106 D27664 8140 8102 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
d_wait_lookup fs/dcache.c:2430 [inline]
d_alloc_parallel+0x1292/0x19e0 fs/dcache.c:2512
__lookup_slow+0x18d/0x4a0 fs/namei.c:1655
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fcb80b98c29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcb80b242f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fcb80c1d4b0 RCX: 00007fcb80b98c29
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000000
RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 00007fcb80bea0c8
R13: 00000000200011c0 R14: 000000807fffffff R15: 00007fcb80c1d4b8
INFO: task syz-executor106:8142 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor106 D28712 8142 8106 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
d_wait_lookup fs/dcache.c:2430 [inline]
d_alloc_parallel+0x1292/0x19e0 fs/dcache.c:2512
__lookup_slow+0x18d/0x4a0 fs/namei.c:1655
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fcb80b98c29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcb80b242f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fcb80c1d4b0 RCX: 00007fcb80b98c29
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000000
RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 00007fcb80bea0c8
R13: 00000000200011c0 R14: 000000807fffffff R15: 00007fcb80c1d4b8
INFO: task syz-executor106:8151 blocked for more than 140 seconds.
Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor106 D28712 8151 8104 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
d_wait_lookup fs/dcache.c:2430 [inline]
d_alloc_parallel+0x1292/0x19e0 fs/dcache.c:2512
__lookup_slow+0x18d/0x4a0 fs/namei.c:1655
lookup_slow fs/namei.c:1689 [inline]
walk_component+0x7ac/0xda0 fs/namei.c:1811
lookup_last fs/namei.c:2274 [inline]
path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
user_path include/linux/namei.h:62 [inline]
do_mount+0x147/0x2f50 fs/namespace.c:2762
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fcb80b98c29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcb80b242f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fcb80c1d4b0 RCX: 00007fcb80b98c29
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000000
RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 00007fcb80bea0c8
R13: 00000000200011c0 R14: 000000807fffffff R15: 00007fcb80c1d4b8
Showing all locks held in the system:
#0: 000000009c8c953a (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441
1 lock held by kswapd0/1968:
1 lock held by kswapd1/1969:
1 lock held by in:imklog/7747:
#0: 000000008723a080 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767
1 lock held by syz-executor106/8111:
1 lock held by syz-executor106/8134:
#0: 00000000467baf6d (&type->i_mutex_dir_key#7){.+.+}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000467baf6d (&type->i_mutex_dir_key#7){.+.+}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000467baf6d (&type->i_mutex_dir_key#7){.+.+}, at: walk_component+0x798/0xda0 fs/namei.c:1811
2 locks held by syz-executor106/8119:
1 lock held by syz-executor106/8138:
#0: 00000000367b3ef2 (&type->i_mutex_dir_key#7){.+.+}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000367b3ef2 (&type->i_mutex_dir_key#7){.+.+}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000367b3ef2 (&type->i_mutex_dir_key#7){.+.+}, at: walk_component+0x798/0xda0 fs/namei.c:1811
2 locks held by syz-executor106/8112:
1 lock held by syz-executor106/8136:
#0: 00000000493ba0f7 (&type->i_mutex_dir_key#7){.+.+}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000493ba0f7 (&type->i_mutex_dir_key#7){.+.+}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000493ba0f7 (&type->i_mutex_dir_key#7){.+.+}, at: walk_component+0x798/0xda0 fs/namei.c:1811
1 lock held by syz-executor106/8120:
1 lock held by syz-executor106/8140:
#0: 0000000050970ca5 (&type->i_mutex_dir_key#7){.+.+}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 0000000050970ca5 (&type->i_mutex_dir_key#7){.+.+}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 0000000050970ca5 (&type->i_mutex_dir_key#7){.+.+}, at: walk_component+0x798/0xda0 fs/namei.c:1811
1 lock held by syz-executor106/8125:
1 lock held by syz-executor106/8142:
#0: 00000000e8b3b783 (&type->i_mutex_dir_key#7){.+.+}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000e8b3b783 (&type->i_mutex_dir_key#7){.+.+}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000e8b3b783 (&type->i_mutex_dir_key#7){.+.+}, at: walk_component+0x798/0xda0 fs/namei.c:1811
1 lock held by syz-executor106/8146:
1 lock held by syz-executor106/8151:
#0: 00000000ce5fd961 (&type->i_mutex_dir_key#7){.+.+}, at: inode_lock_shared include/linux/fs.h:758 [inline]
#0: 00000000ce5fd961 (&type->i_mutex_dir_key#7){.+.+}, at: lookup_slow fs/namei.c:1688 [inline]
#0: 00000000ce5fd961 (&type->i_mutex_dir_key#7){.+.+}, at: walk_component+0x798/0xda0 fs/namei.c:1811
=============================================
NMI backtrace for cpu 1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
__dump_stack lib/dump_stack.c:77 [inline]
nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
watchdog+0x991/0xe60 kernel/hung_task.c:287
check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 1968 Comm: kswapd0 Not tainted 4.19.211-syzkaller #0
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
RIP: 0010:deref_stack_reg+0xe/0x1d0 arch/x86/kernel/unwind_orc.c:330
Code: ff ff ff 4c 89 ef e8 21 e6 6e 00 0f b6 44 24 04 eb a0 66 2e 0f 1f 84 00 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 41 56 41 55 <49> 89 d5 41 54 49 89 fc 55 48 89 f5 53 48 83 ec 68 48 c7 44 24 08
RSP: 0018:ffff8880b0d7f168 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: 1ffff110161afe39 RCX: ffff8880b0d7f660
RDX: ffff8880b0d7f2f8 RSI: ffff8880b0d7f688 RDI: ffff8880b0d7f2b0
RBP: 0000000000000001 R08: ffffffff8b97baf4 R09: ffffffff8b97bacc
R10: ffff8880b0d7f30f R11: 0000000000074071 R12: ffff8880b0d7f2f8
R13: ffff8880b0d7f2e5 R14: ffff8880b0d7f2b0 R15: ffffffff8b97baf0
FS: 0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd34d1d1000 CR3: 00000000a085a000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
unwind_next_frame+0x9fc/0x1400 arch/x86/kernel/unwind_orc.c:502
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__save_stack_trace+0x9f/0x190 arch/x86/kernel/stacktrace.c:44
save_stack mm/kasan/kasan.c:448 [inline]
set_track mm/kasan/kasan.c:460 [inline]
__kasan_slab_free+0x126/0x1f0 mm/kasan/kasan.c:521
__cache_free mm/slab.c:3503 [inline]
kmem_cache_free+0x7f/0x260 mm/slab.c:3765
free_buffer_head+0x4a/0xf0 fs/buffer.c:3387
try_to_free_buffers+0x38b/0x5d0 fs/buffer.c:3302
try_to_release_page+0x263/0x390 mm/filemap.c:3359
shrink_page_list+0x3abc/0x59d0 mm/vmscan.c:1413
shrink_inactive_list+0x4f4/0x1820 mm/vmscan.c:1950
shrink_list mm/vmscan.c:2254 [inline]
shrink_node_memcg+0x5b9/0x1450 mm/vmscan.c:2522
shrink_node.isra.0+0x25d/0x1300 mm/vmscan.c:2745
kswapd_shrink_node mm/vmscan.c:3467 [inline]
balance_pgdat mm/vmscan.c:3577 [inline]
kswapd+0xb8d/0x1840 mm/vmscan.c:3801
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Reply all
Reply to author
Forward
0 new messages