INFO: task hung in fuse_simple

INFO: task hung in fuse_simple_request
Status: upstream: reported on 2020/12/13 21:13
Reported-by: syzbot+46fe899420456e014d6b@syzkaller.appspotmail.com
First crash: 194d, last: 9d13h

Sample crash report:

INFO: task syz-executor.3:21059 blocked for more than 143 seconds.
      Not tainted 5.11.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.3  state:D stack:28960 pid:21059 ppid:  8639 flags:0x00004004
Call Trace:
 context_switch kernel/sched/core.c:4324 [inline]
 __schedule+0x90c/0x21a0 kernel/sched/core.c:5075
 schedule+0xcf/0x270 kernel/sched/core.c:5154
 request_wait_answer+0x4a4/0x850 fs/fuse/dev.c:411
 __fuse_request_send fs/fuse/dev.c:430 [inline]
 fuse_simple_request+0x58a/0xd10 fs/fuse/dev.c:515
 fuse_lookup_name+0x280/0x630 fs/fuse/dir.c:428
 fuse_lookup.part.0+0xdf/0x390 fs/fuse/dir.c:469
 fuse_lookup+0x70/0x90 fs/fuse/dir.c:465
 __lookup_hash+0x117/0x180 fs/namei.c:1527
 filename_create+0x186/0x490 fs/namei.c:3597
 user_path_create fs/namei.c:3654 [inline]
 do_mkdirat+0xa0/0x310 fs/namei.c:3832
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x465ef9
RSP: 002b:00007fd234dc6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465ef9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020002380
RBP: 00000000004bcd1c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 0000000000a9fb1f R14: 00007fd234dc6300 R15: 0000000000022000
INFO: task syz-executor.3:21073 blocked for more than 143 seconds.
      Not tainted 5.11.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.3  state:D stack:28504 pid:21073 ppid:  8639 flags:0x00004004
Call Trace:
 context_switch kernel/sched/core.c:4324 [inline]
 __schedule+0x90c/0x21a0 kernel/sched/core.c:5075
 schedule+0xcf/0x270 kernel/sched/core.c:5154
 request_wait_answer+0x4a4/0x850 fs/fuse/dev.c:411
 __fuse_request_send fs/fuse/dev.c:430 [inline]
 fuse_simple_request+0x58a/0xd10 fs/fuse/dev.c:515
 fuse_lookup_name+0x280/0x630 fs/fuse/dir.c:428
 fuse_lookup.part.0+0xdf/0x390 fs/fuse/dir.c:469
 fuse_lookup+0x70/0x90 fs/fuse/dir.c:465
 __lookup_hash+0x117/0x180 fs/namei.c:1527
 filename_create+0x186/0x490 fs/namei.c:3597
 user_path_create fs/namei.c:3654 [inline]
 do_mkdirat+0xa0/0x310 fs/namei.c:3832
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x465ef9
RSP: 002b:00007fd234dc6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465ef9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020002380
RBP: 00000000004bcd1c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 0000000000a9fb1f R14: 00007fd234dc6300 R15: 0000000000022000
INFO: task syz-executor.3:21092 blocked for more than 143 seconds.
      Not tainted 5.11.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.3  state:D stack:29016 pid:21092 ppid:  8639 flags:0x00004004
Call Trace:
 context_switch kernel/sched/core.c:4324 [inline]
 __schedule+0x90c/0x21a0 kernel/sched/core.c:5075
 schedule+0xcf/0x270 kernel/sched/core.c:5154
 request_wait_answer+0x4a4/0x850 fs/fuse/dev.c:411
 __fuse_request_send fs/fuse/dev.c:430 [inline]
 fuse_simple_request+0x58a/0xd10 fs/fuse/dev.c:515
 fuse_lookup_name+0x280/0x630 fs/fuse/dir.c:428
 fuse_lookup.part.0+0xdf/0x390 fs/fuse/dir.c:469
 fuse_lookup+0x70/0x90 fs/fuse/dir.c:465
 __lookup_hash+0x117/0x180 fs/namei.c:1527
 filename_create+0x186/0x490 fs/namei.c:3597
 user_path_create fs/namei.c:3654 [inline]
 do_mkdirat+0xa0/0x310 fs/namei.c:3832
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x465ef9
RSP: 002b:00007fd234dc6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465ef9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020002380
RBP: 00000000004bcd1c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 0000000000a9fb1f R14: 00007fd234dc6300 R15: 0000000000022000

Showing all locks held in the system:
1 lock held by khungtaskd/1664:
 #0: ffffffff8bf743a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6327
1 lock held by in:imklog/8086:
 #0: ffff88801d3ab770 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:961
2 locks held by agetty/8166:
 #0: ffff88801b299098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:266
 #1: ffffc90000fac2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xd5b/0x12f0 drivers/tty/n_tty.c:2178
2 locks held by agetty/8242:
 #0: ffff888021f53098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:266
 #1: ffffc90000f6c2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xd5b/0x12f0 drivers/tty/n_tty.c:2178
3 locks held by syz-executor.3/21059:
 #0: ffff888025d82460 (sb_writers#14){.+.+}-{0:0}, at: filename_create+0x104/0x490 fs/namei.c:3591
 #1: ffff88802ff5cb90 (&type->i_mutex_dir_key#8/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:810 [inline]
 #1: ffff88802ff5cb90 (&type->i_mutex_dir_key#8/1){+.+.}-{3:3}, at: filename_create+0x15a/0x490 fs/namei.c:3596
 #2: ffff88802ff5cf68 (&fi->mutex){+.+.}-{3:3}, at: fuse_lock_inode+0xce/0x100 fs/fuse/inode.c:428
3 locks held by syz-executor.3/21073:
 #0: ffff88805ac3a460 (sb_writers#14){.+.+}-{0:0}, at: filename_create+0x104/0x490 fs/namei.c:3591
 #1: ffff88802ffad250 (&type->i_mutex_dir_key#8/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:810 [inline]
 #1: ffff88802ffad250 (&type->i_mutex_dir_key#8/1){+.+.}-{3:3}, at: filename_create+0x15a/0x490 fs/namei.c:3596
 #2: ffff88802ffad628 (&fi->mutex){+.+.}-{3:3}, at: fuse_lock_inode+0xce/0x100 fs/fuse/inode.c:428
3 locks held by syz-executor.3/21092:
 #0: ffff888019722460 (sb_writers#14){.+.+}-{0:0}, at: filename_create+0x104/0x490 fs/namei.c:3591
 #1: ffff88802ff58150 (&type->i_mutex_dir_key#8/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:810 [inline]
 #1: ffff88802ff58150 (&type->i_mutex_dir_key#8/1){+.+.}-{3:3}, at: filename_create+0x15a/0x490 fs/namei.c:3596
 #2: ffff88802ff58528 (&fi->mutex){+.+.}-{3:3}, at: fuse_lock_inode+0xce/0x100 fs/fuse/inode.c:428

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1664 Comm: khungtaskd Not tainted 5.11.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0xfa/0x151 lib/dump_stack.c:120
 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105
 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline]
 watchdog+0xd48/0xfb0 kernel/hung_task.c:294
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 4815 Comm: systemd-journal Not tainted 5.11.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__orc_find+0xa8/0xf0 arch/x86/kernel/unwind_orc.c:60
Code: 75 48 48 63 03 48 01 d8 48 39 c1 73 b0 4c 8d 63 fc 49 39 ec 73 b3 4d 29 ee 49 c1 fe 02 4b 8d 04 76 48 8d 04 46 48 83 c4 10 5b <5d> 41 5c 41 5d 41 5e 41 5f c3 48 83 c4 10 31 c0 5b 5d 41 5c 41 5d
RSP: 0018:ffffc900015df5b0 EFLAGS: 00000282
RAX: ffffffff8e496d22 RBX: 1ffff920002bbec4 RCX: ffffffff81c268e7
RDX: 0000000000000000 RSI: ffffffff8e496cfe RDI: ffffffff8dda4a64
RBP: ffffffff8dda4a80 R08: ffffffff8e496d28 R09: ffffffff8e496cfe
R10: 0000000000084087 R11: 000000000002cf0d R12: ffffffff8dda4a7c
R13: ffffffff8dda4a64 R14: 0000000000000006 R15: dffffc0000000000
FS:  00007fe37f1d08c0(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe37c724008 CR3: 000000001239b000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 orc_find arch/x86/kernel/unwind_orc.c:173 [inline]
 unwind_next_frame+0x342/0x2000 arch/x86/kernel/unwind_orc.c:443
 arch_stack_walk+0x7d/0xe0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121
 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:400 [inline]
 ____kasan_kmalloc.constprop.0+0x82/0xa0 mm/kasan/common.c:428
 kasan_slab_alloc include/linux/kasan.h:208 [inline]
 slab_post_alloc_hook mm/slab.h:516 [inline]
 slab_alloc_node mm/slub.c:2895 [inline]
 slab_alloc mm/slub.c:2903 [inline]
 kmem_cache_alloc+0x1c6/0x440 mm/slub.c:2908
 kmem_cache_zalloc include/linux/slab.h:674 [inline]
 lsm_file_alloc security/security.c:569 [inline]
 security_file_alloc+0x34/0x170 security/security.c:1470
 __alloc_file+0xd8/0x280 fs/file_table.c:106
 alloc_empty_file+0x6d/0x170 fs/file_table.c:150
 path_openat+0xe3/0x27e0 fs/namei.c:3484
 do_filp_open+0x17e/0x3c0 fs/namei.c:3525
 do_sys_openat2+0x16d/0x420 fs/open.c:1187
 do_sys_open fs/open.c:1203 [inline]
 __do_sys_open fs/open.c:1211 [inline]
 __se_sys_open fs/open.c:1207 [inline]
 __x64_sys_open+0x119/0x1c0 fs/open.c:1207
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fe37e75f840
Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
RSP: 002b:00007ffeddb67208 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007ffeddb67510 RCX: 00007fe37e75f840
RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 00005555725d7070
RBP: 000000000000000d R08: 00000000000001e0 R09: 00000000ffffffff
R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00005555725c9040 R14: 00007ffeddb674d0 R15: 00005555725d6e90

Crashes (38):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Title
ci-upstream-kasan-gce	2021/02/26 09:00	upstream	2c87f7a3	76f7fc95	.config	log	report	info	INFO: task hung in fuse_simple_request
ci-upstream-kasan-gce-root	2021/02/02 05:34	upstream	88bb507a	e6b95f32	.config	log	report	info	INFO: task hung in fuse_simple_request
ci-upstream-kasan-gce-root	2021/01/30 23:40	upstream	8c947645	fc9fd31e	.config	log	report	info	INFO: task hung in fuse_simple_request
ci-upstream-kasan-gce-root	2021/01/27 08:35	upstream	2ab38c17	55a7d4df	.config	log	report	info	INFO: task hung in fuse_simple_request
ci-upstream-kasan-gce-root	2021/01/23 23:00	upstream	e1ae4b0b	52e37319	.config	log	report	info	INFO: task hung in fuse_simple_request
ci-upstream-kasan-gce-root	2021/01/23 08:34	upstream	fe75a218	52e37319	.config	log	report	info	INFO: task hung in fuse_simple_request
ci-upstream-kasan-gce	2020/12/13 05:19	upstream	7b1b868e	bca53db9	.config	log	report	info
ci-upstream-kasan-gce-root	2020/12/11 06:20	upstream	33dc9614	f900b48c	.config	log	report	info
ci-upstream-kasan-gce-root	2020/12/09 20:53	upstream	a68a0262	c090b4da	.config	log	report	info
ci-upstream-kasan-gce-root	2020/12/04 19:35	upstream	e87297fa	20366b87	.config	log	report	info
ci-upstream-kasan-gce-root	2020/12/03 11:10	upstream	34816d20	e6b0d314	.config	log	report	info
ci-upstream-kasan-gce-root	2020/12/01 03:12	upstream	b6505459	b3a34598	.config	log	report	info
ci-upstream-kasan-gce-root	2020/11/28 09:41	upstream	c84e1efa	486f93ef	.config	log	report	info
ci-upstream-kasan-gce	2020/11/26 13:15	upstream	fa02fcd9	1d2b823e	.config	log	report	info
ci-upstream-kasan-gce-root	2020/11/13 16:22	upstream	585e5b17	e1140d25	.config	log	report	info
ci-upstream-kasan-gce	2020/11/03 18:38	upstream	b7cbaf59	cba33199	.config	log	report	info
ci-upstream-kasan-gce-root	2020/10/23 19:47	upstream	0adc313c	2bb6666c	.config	log	report	info
ci-upstream-kasan-gce-root	2020/10/17 04:31	upstream	071a0578	6e262c73	.config	log	report	info
ci-upstream-kasan-gce-selinux-root	2020/10/08 08:17	upstream	c85fb28b	1880b4a9	.config	log	report	info
ci-upstream-kasan-gce-selinux-root	2020/10/06 11:56	upstream	7575fdda	1880b4a9	.config	log	report	info
ci-upstream-kasan-gce-selinux-root	2020/10/04 16:20	upstream	22fbc037	5ef9c291	.config	log	report	info
ci-upstream-kasan-gce	2020/10/04 11:33	upstream	22fbc037	5ef9c291	.config	log	report	info
ci-upstream-kasan-gce-selinux-root	2020/10/03 10:14	upstream	d3d45f82	2653fa43	.config	log	report	info
ci-upstream-kasan-gce	2020/09/30 14:45	upstream	02de58b2	8516f6d3	.config	log	report	info
ci-upstream-kasan-gce	2020/09/28 05:48	upstream	16bc1d54	5dd8aee8	.config	log	report	info
ci-upstream-kasan-gce	2020/09/25 20:10	upstream	171d4ff7	4a006f63	.config	log	report	info
ci-upstream-kasan-gce-selinux-root	2020/09/25 04:47	upstream	171d4ff7	54289b08	.config	log	report	info
ci-upstream-kasan-gce-root	2020/09/24 04:39	upstream	c9c9e6a4	54289b08	.config	log	report	info
ci-upstream-kasan-gce-selinux-root	2020/09/10 22:22	upstream	7fe10096	409809d8	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/09/01 22:58	upstream	b765a32a	abf9ba4f	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/08/31 17:17	upstream	f75aef39	d5a3ae1f	.config	log	report
ci-upstream-kasan-gce-root	2020/08/31 02:40	upstream	dcc5c6f0	d5a3ae1f	.config	log	report
ci-upstream-kasan-gce	2020/08/28 23:31	upstream	96d454cd	d5a3ae1f	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/08/28 19:03	upstream	15bc20c6	d5a3ae1f	.config	log	report
ci-upstream-kasan-gce	2020/08/25 21:24	upstream	abb3438d	344da168	.config	log	report
ci-upstream-kasan-gce	2020/08/25 14:33	upstream	6a9dc5fd	344da168	.config	log	report
ci-upstream-kasan-gce-386	2020/11/16 11:23	upstream	09162bc3	1bf9a662	.config	log	report	info
ci-upstream-kasan-gce-386	2020/10/07 09:20	upstream	c85fb28b	1880b4a9	.config	log	report	info