INFO: task hung in fuse_lookup
13 views
Skip to first unread message
syzbot
May 1, 2019, 8:17:08 PM5/1/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: fa5941f4 Linux 4.14.114
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=130f87cca00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d7780000df8e070e
dashboard link: https://syzkaller.appspot.com/bug?extid=326114f5560676d6b49b
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+326114...@syzkaller.appspotmail.com
INFO: task syz-executor.3:7123 blocked for more than 140 seconds.
Not tainted 4.14.114 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3 D24992 7123 1 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2807 [inline]
__schedule+0x7be/0x1cf0 kernel/sched/core.c:3383
schedule+0x92/0x1c0 kernel/sched/core.c:3427
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3485
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
fuse_lock_inode+0xbc/0xf0 fs/fuse/inode.c:365
fuse_lookup+0x7a/0x380 fs/fuse/dir.c:360
lookup_slow+0x22c/0x440 fs/namei.c:1695
walk_component+0x69d/0x1d00 fs/namei.c:1824
link_path_walk+0x81f/0x10b0 fs/namei.c:2153
path_mountpoint+0xac/0x1970 fs/namei.c:2717
filename_mountpoint+0x16c/0x320 fs/namei.c:2744
user_path_mountpoint_at+0x3a/0x50 fs/namei.c:2774
SYSC_umount fs/namespace.c:1730 [inline]
SyS_umount+0x10c/0x380 fs/namespace.c:1714
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45b7f7
RSP: 002b:00007ffefcd08618 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
RAX: ffffffffffffffda RBX: 00000000000bf120 RCX: 000000000045b7f7
RDX: 00000000004032d0 RSI: 0000000000000002 RDI: 00007ffefcd086c0
RBP: 0000000000000c9d R08: 0000000000000000 R09: 0000000000000011
R10: 000000000000000a R11: 0000000000000202 R12: 00007ffefcd09750
R13: 0000000001b1f940 R14: 0000000000000000 R15: 00007ffefcd09750
Showing all locks held in the system:
1 lock held by khungtaskd/1008:
#0: (tasklist_lock){.+.+}, at: [<ffffffff81487148>]
debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4541
1 lock held by rsyslogd/6952:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff81942e9b>]
__fdget_pos+0xab/0xd0 fs/file.c:769
2 locks held by getty/7074:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7075:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7076:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7077:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7078:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7079:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7080:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by syz-executor.3/7123:
#0: (&type->i_mutex_dir_key#7){++++}, at: [<ffffffff818fbd08>]
inode_lock_shared include/linux/fs.h:725 [inline]
#0: (&type->i_mutex_dir_key#7){++++}, at: [<ffffffff818fbd08>]
lookup_slow+0x138/0x440 fs/namei.c:1673
#1: (&fi->mutex){+.+.}, at: [<ffffffff8219e0cc>]
fuse_lock_inode+0xbc/0xf0 fs/fuse/inode.c:365
2 locks held by syz-executor.3/31936:
#0: (&type->i_mutex_dir_key#7){++++}, at: [<ffffffff818fbd08>]
inode_lock_shared include/linux/fs.h:725 [inline]
#0: (&type->i_mutex_dir_key#7){++++}, at: [<ffffffff818fbd08>]
lookup_slow+0x138/0x440 fs/namei.c:1673
#1: (&fi->mutex){+.+.}, at: [<ffffffff8219e0cc>]
fuse_lock_inode+0xbc/0xf0 fs/fuse/inode.c:365
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 1008 Comm: khungtaskd Not tainted 4.14.114 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x19c lib/dump_stack.c:53
nmi_cpu_backtrace.cold+0x57/0x94 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x141/0x189 lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5e7/0xb90 kernel/hung_task.c:274
kthread+0x31c/0x430 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 2245 Comm: kworker/u4:4 Not tainted 4.14.114 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
task: ffff8880a1e48680 task.stack: ffff8880a1e50000
RIP: 0010:check_preemption_disabled+0x44/0x250 lib/smp_processor_id.c:53
RSP: 0018:ffff8880a1e57c90 EFLAGS: 00000286
RAX: 0000000000000001 RBX: ffff88809f9a6c40 RCX: 1ffffffff0f56424
RDX: 0000000000000000 RSI: ffffffff869d1e40 RDI: ffffffff869d1e80
RBP: ffff8880a1e57cb0 R08: 0000000000000000 R09: ffff8880a1e48f70
R10: ffff8880a1e48f50 R11: ffff8880a1e48680 R12: 0000000000000001
R13: ffffffff869d1e40 R14: ffffffff869d1e80 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd133feb140 CR3: 00000000a5209000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
debug_smp_processor_id+0x1c/0x20 lib/smp_processor_id.c:57
rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:360 [inline]
rcu_is_watching+0x15/0xb0 kernel/rcu/tree.c:1130
rcu_read_unlock include/linux/rcupdate.h:683 [inline]
batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:420 [inline]
batadv_nc_worker+0x40a/0x6d0 net/batman-adv/network-coding.c:726
process_one_work+0x868/0x1610 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x31c/0x430 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Code: a6 84 fe 65 44 8b 25 0c 3f 29 7d 65 8b 05 a5 ab 29 7d a9 ff ff ff 7f
74 1c e8 79 a6 84 fe e8 74 a6 84 fe 44 89 e0 48 83 c4 08 5b <41> 5c 41 5d
41 5e 41 5f 5d c3 e8 5d a6 84 fe 48 c7 c0 60 4b 71
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: fa5941f4 Linux 4.14.114
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=130f87cca00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d7780000df8e070e
dashboard link: https://syzkaller.appspot.com/bug?extid=326114f5560676d6b49b
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+326114...@syzkaller.appspotmail.com
INFO: task syz-executor.3:7123 blocked for more than 140 seconds.
Not tainted 4.14.114 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3 D24992 7123 1 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2807 [inline]
__schedule+0x7be/0x1cf0 kernel/sched/core.c:3383
schedule+0x92/0x1c0 kernel/sched/core.c:3427
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3485
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
fuse_lock_inode+0xbc/0xf0 fs/fuse/inode.c:365
fuse_lookup+0x7a/0x380 fs/fuse/dir.c:360
lookup_slow+0x22c/0x440 fs/namei.c:1695
walk_component+0x69d/0x1d00 fs/namei.c:1824
link_path_walk+0x81f/0x10b0 fs/namei.c:2153
path_mountpoint+0xac/0x1970 fs/namei.c:2717
filename_mountpoint+0x16c/0x320 fs/namei.c:2744
user_path_mountpoint_at+0x3a/0x50 fs/namei.c:2774
SYSC_umount fs/namespace.c:1730 [inline]
SyS_umount+0x10c/0x380 fs/namespace.c:1714
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45b7f7
RSP: 002b:00007ffefcd08618 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
RAX: ffffffffffffffda RBX: 00000000000bf120 RCX: 000000000045b7f7
RDX: 00000000004032d0 RSI: 0000000000000002 RDI: 00007ffefcd086c0
RBP: 0000000000000c9d R08: 0000000000000000 R09: 0000000000000011
R10: 000000000000000a R11: 0000000000000202 R12: 00007ffefcd09750
R13: 0000000001b1f940 R14: 0000000000000000 R15: 00007ffefcd09750
Showing all locks held in the system:
1 lock held by khungtaskd/1008:
#0: (tasklist_lock){.+.+}, at: [<ffffffff81487148>]
debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4541
1 lock held by rsyslogd/6952:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff81942e9b>]
__fdget_pos+0xab/0xd0 fs/file.c:769
2 locks held by getty/7074:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7075:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7076:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7077:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7078:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7079:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by getty/7080:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff861af743>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff8310d3c6>]
n_tty_read+0x1e6/0x17b0 drivers/tty/n_tty.c:2156
2 locks held by syz-executor.3/7123:
#0: (&type->i_mutex_dir_key#7){++++}, at: [<ffffffff818fbd08>]
inode_lock_shared include/linux/fs.h:725 [inline]
#0: (&type->i_mutex_dir_key#7){++++}, at: [<ffffffff818fbd08>]
lookup_slow+0x138/0x440 fs/namei.c:1673
#1: (&fi->mutex){+.+.}, at: [<ffffffff8219e0cc>]
fuse_lock_inode+0xbc/0xf0 fs/fuse/inode.c:365
2 locks held by syz-executor.3/31936:
#0: (&type->i_mutex_dir_key#7){++++}, at: [<ffffffff818fbd08>]
inode_lock_shared include/linux/fs.h:725 [inline]
#0: (&type->i_mutex_dir_key#7){++++}, at: [<ffffffff818fbd08>]
lookup_slow+0x138/0x440 fs/namei.c:1673
#1: (&fi->mutex){+.+.}, at: [<ffffffff8219e0cc>]
fuse_lock_inode+0xbc/0xf0 fs/fuse/inode.c:365
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 1008 Comm: khungtaskd Not tainted 4.14.114 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x19c lib/dump_stack.c:53
nmi_cpu_backtrace.cold+0x57/0x94 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x141/0x189 lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5e7/0xb90 kernel/hung_task.c:274
kthread+0x31c/0x430 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 2245 Comm: kworker/u4:4 Not tainted 4.14.114 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
task: ffff8880a1e48680 task.stack: ffff8880a1e50000
RIP: 0010:check_preemption_disabled+0x44/0x250 lib/smp_processor_id.c:53
RSP: 0018:ffff8880a1e57c90 EFLAGS: 00000286
RAX: 0000000000000001 RBX: ffff88809f9a6c40 RCX: 1ffffffff0f56424
RDX: 0000000000000000 RSI: ffffffff869d1e40 RDI: ffffffff869d1e80
RBP: ffff8880a1e57cb0 R08: 0000000000000000 R09: ffff8880a1e48f70
R10: ffff8880a1e48f50 R11: ffff8880a1e48680 R12: 0000000000000001
R13: ffffffff869d1e40 R14: ffffffff869d1e80 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd133feb140 CR3: 00000000a5209000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
debug_smp_processor_id+0x1c/0x20 lib/smp_processor_id.c:57
rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:360 [inline]
rcu_is_watching+0x15/0xb0 kernel/rcu/tree.c:1130
rcu_read_unlock include/linux/rcupdate.h:683 [inline]
batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:420 [inline]
batadv_nc_worker+0x40a/0x6d0 net/batman-adv/network-coding.c:726
process_one_work+0x868/0x1610 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x31c/0x430 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Code: a6 84 fe 65 44 8b 25 0c 3f 29 7d 65 8b 05 a5 ab 29 7d a9 ff ff ff 7f
74 1c e8 79 a6 84 fe e8 74 a6 84 fe 44 89 e0 48 83 c4 08 5b <41> 5c 41 5d
41 5e 41 5f 5d c3 e8 5d a6 84 fe 48 c7 c0 60 4b 71
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jan 29, 2020, 4:30:08 PM1/29/20
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages