syzbot


INFO: task hung in fuse_launder_page

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+bea44a5189836d956894@syzkaller.appspotmail.com
Fix commit: 76224355db75 fuse: truncate pagecache on atomic_o_trunc
First crash: 546d, last: 546d

Cause bisection: introduced by (bisect log) [no-op commit]:
commit 8b160b18e3bde4563209b4b35597998a059f272b
Author: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Date: Thu Sep 12 22:19:22 2019 +0000

  staging: rtl8723bs: replace __inline by inline

Crash: general protection fault in batadv_iv_ogm_queue_add (log)
Repro: C syz .config
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 INFO: task hung in fuse_launder_page C error 59 13d 638d 0/1 upstream: reported C repro on 2021/05/09 12:49
linux-4.14 INFO: task hung in fuse_launder_page C 45 10d 644d 0/1 upstream: reported C repro on 2021/05/03 09:31
Last patch testing requests:
Created Duration User Patch Repo Result
2021/08/17 14:41 22m miklos@szeredi.hu patch upstream OK

Sample crash report:
INFO: task syz-executor276:8433 blocked for more than 143 seconds.
      Not tainted 5.14.0-rc5-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor276 state:D stack:27736 pid: 8433 ppid:  8430 flags:0x00004004
Call Trace:
 context_switch kernel/sched/core.c:4681 [inline]
 __schedule+0x93a/0x26f0 kernel/sched/core.c:5938
 schedule+0xd3/0x270 kernel/sched/core.c:6017
 fuse_wait_on_page_writeback fs/fuse/file.c:452 [inline]
 fuse_wait_on_page_writeback+0x120/0x170 fs/fuse/file.c:448
 fuse_launder_page fs/fuse/file.c:2316 [inline]
 fuse_launder_page+0xe9/0x130 fs/fuse/file.c:2306
 do_launder_page mm/truncate.c:595 [inline]
 invalidate_inode_pages2_range+0x994/0xf80 mm/truncate.c:661
 fuse_finish_open+0x2d9/0x560 fs/fuse/file.c:202
 fuse_open_common+0x2f9/0x4c0 fs/fuse/file.c:254
 do_dentry_open+0x4c8/0x11d0 fs/open.c:826
 do_open fs/namei.c:3374 [inline]
 path_openat+0x1c23/0x27f0 fs/namei.c:3507
 do_filp_open+0x1aa/0x400 fs/namei.c:3534
 do_sys_openat2+0x16d/0x420 fs/open.c:1204
 do_sys_open fs/open.c:1220 [inline]
 __do_sys_creat fs/open.c:1294 [inline]
 __se_sys_creat fs/open.c:1288 [inline]
 __x64_sys_creat+0xc9/0x120 fs/open.c:1288
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x446409
RSP: 002b:00007f0e6a9f92f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00000000004d34f0 RCX: 0000000000446409
RDX: 0000000000446409 RSI: 0000000000000000 RDI: 0000000020000280
RBP: 00000000004a3164 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
R13: 000000000049f158 R14: 00000000004a1160 R15: 00000000004d34f8

Showing all locks held in the system:
1 lock held by khungtaskd/1584:
 #0: ffffffff8b97c1c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446
2 locks held by syz-executor276/8433:
 #0: ffff888015e38460 (sb_writers#11){.+.+}-{0:0}, at: do_open fs/namei.c:3367 [inline]
 #0: ffff888015e38460 (sb_writers#11){.+.+}-{0:0}, at: path_openat+0x1aee/0x27f0 fs/namei.c:3507
 #1: ffff8880397d0150 (&sb->s_type->i_mutex_key#17){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:774 [inline]
 #1: ffff8880397d0150 (&sb->s_type->i_mutex_key#17){+.+.}-{3:3}, at: fuse_open_common+0x366/0x4c0 fs/fuse/file.c:241

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1584 Comm: khungtaskd Not tainted 5.14.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:105
 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105
 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
 watchdog+0xd0a/0xfc0 kernel/hung_task.c:295
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
NMI backtrace for cpu 0 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
NMI backtrace for cpu 0 skipped: idling at acpi_safe_halt drivers/acpi/processor_idle.c:109 [inline]
NMI backtrace for cpu 0 skipped: idling at acpi_idle_do_entry+0x1c6/0x250 drivers/acpi/processor_idle.c:553

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kasan-gce-root 2021/08/09 13:09 upstream 36a21d51725a 6972b106 .config console log report syz C INFO: task hung in fuse_launder_page
* Struck through repros no longer work on HEAD.