syzbot

 sign-in | mailing list | source | docs
🐞 Open [984] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12476] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: task hung in walk_component

Status: closed as invalid on 2018/09/05 12:51
Subsystems: fuse
[Documentation on labels]
First crash: 2107d, last: 2107d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 INFO: task hung in walk_component 1 1141d 1141d 0/1 auto-closed as invalid on 2021/07/04 02:47
upstream INFO: task hung in walk_component (5) fuse C inconclusive 31 4d19h 606d 0/26 upstream: reported C repro on 2022/08/22 12:38
upstream INFO: task hung in walk_component (3) fs 9 860d 1030d 0/26 closed as invalid on 2022/02/07 19:19
linux-4.19 INFO: task hung in walk_component (2) 2 929d 984d 0/1 auto-closed as invalid on 2022/01/31 04:51
upstream INFO: task hung in walk_component (2) fuse 31 1134d 1134d 20/26 fixed on 2021/04/09 19:46
upstream INFO: task hung in walk_component (4) fs 4 770d 793d 0/26 auto-closed as invalid on 2022/06/09 10:18
android-44 INFO: task hung in walk_component 1 1817d 1817d 0/2 auto-closed as invalid on 2019/10/25 08:50
linux-4.19 INFO: task hung in walk_component (3) f2fs C error 5 476d 625d 0/1 upstream: reported C repro on 2022/08/03 09:11

Sample crash report:
INFO: task syz-executor6:16774 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #26
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor6   D59320 16774   4621 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2857 [inline]
 __schedule+0x652/0x780 kernel/sched/core.c:3507
 schedule+0x1cc/0x300 kernel/sched/core.c:3551
 __rwsem_down_read_failed_common+0x5b7/0xba0 kernel/locking/rwsem-xadd.c:269
 rwsem_down_read_failed+0x2c/0x30 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 down_read+0x53/0x100 kernel/locking/rwsem.c:26
 inode_lock_shared include/linux/fs.h:725 [inline]
 lookup_slow fs/namei.c:1646 [inline]
 walk_component+0x309/0xbf0 fs/namei.c:1769
 lookup_last fs/namei.c:2237 [inline]
 path_lookupat+0x3c4/0x1180 fs/namei.c:2287
 filename_lookup+0x308/0xc00 fs/namei.c:2321
 user_path_at_empty+0x123/0x140 fs/namei.c:2584
 user_path_at include/linux/namei.h:57 [inline]
 vfs_statx fs/stat.c:185 [inline]
 vfs_lstat include/linux/fs.h:3106 [inline]
 __do_sys_newlstat fs/stat.c:350 [inline]
 __se_sys_newlstat+0xf0/0x370 fs/stat.c:344
 __x64_sys_newlstat+0x92/0xc0 fs/stat.c:344
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x455ab9
Code: e0 1f 48 89 04 24 e8 b6 6f fd ff e8 81 6a fd ff e8 5c 68 fd ff 48 8d 05 92 9a 48 00 48 89 04 24 48 c7 44 24 08 1d 00 00 00 e8 <13> 5e fd ff 0f 0b e8 8c 44 00 00 e9 07 f0 ff ff cc cc cc cc cc cc 
RSP: 002b:00007fdfc2fbcc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 00007fdfc2fbd6d4 RCX: 0000000000455ab9
RDX: 0000000000000000 RSI: 0000000020007740 RDI: 0000000020007700
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004c00fa R14: 00000000004cfbf8 R15: 0000000000000000
INFO: task syz-executor6:16816 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #26
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor6   D61640 16816   4621 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2857 [inline]
 __schedule+0x652/0x780 kernel/sched/core.c:3507
 schedule+0x1cc/0x300 kernel/sched/core.c:3551
 request_wait_answer fs/fuse/dev.c:463 [inline]
 __fuse_request_send+0x105a/0x1a90 fs/fuse/dev.c:483
 fuse_request_send fs/fuse/dev.c:496 [inline]
 fuse_simple_request+0x9cc/0xc10 fs/fuse/dev.c:554
 fuse_lookup_name+0x472/0xc80 fs/fuse/dir.c:323
 fuse_lookup+0x193/0x810 fs/fuse/dir.c:360
 __lookup_hash+0x26c/0x510 fs/namei.c:1505
 filename_create+0x322/0xbe0 fs/namei.c:3646
 user_path_create fs/namei.c:3703 [inline]
 do_mkdirat+0x120/0x690 fs/namei.c:3842
 __do_sys_mkdirat fs/namei.c:3861 [inline]
 __se_sys_mkdirat fs/namei.c:3859 [inline]
 __x64_sys_mkdirat+0xe1/0x120 fs/namei.c:3859
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x455ab9
Code: e0 1f 48 89 04 24 e8 b6 6f fd ff e8 81 6a fd ff e8 5c 68 fd ff 48 8d 05 92 9a 48 00 48 89 04 24 48 c7 44 24 08 1d 00 00 00 e8 <13> 5e fd ff 0f 0b e8 8c 44 00 00 e9 07 f0 ff ff cc cc cc cc cc cc 
RSP: 002b:00007fdfc2f9bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007fdfc2f9c6d4 RCX: 0000000000455ab9
RDX: 0000000000000000 RSI: 0000000020000500 RDI: ffffffffffffff9c
RBP: 000000000072bf48 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004c013c R14: 00000000004cfcb8 R15: 0000000000000001
INFO: task syz-executor6:16819 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #26
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor6   D62000 16819   4621 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2857 [inline]
 __schedule+0x652/0x780 kernel/sched/core.c:3507
 schedule+0x1cc/0x300 kernel/sched/core.c:3551
 __rwsem_down_read_failed_common+0x5b7/0xba0 kernel/locking/rwsem-xadd.c:269
 rwsem_down_read_failed+0x2c/0x30 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 down_read+0x53/0x100 kernel/locking/rwsem.c:26
 inode_lock_shared include/linux/fs.h:725 [inline]
 lookup_slow fs/namei.c:1646 [inline]
 walk_component+0x309/0xbf0 fs/namei.c:1769
 lookup_last fs/namei.c:2237 [inline]
 path_lookupat+0x3c4/0x1180 fs/namei.c:2287
 filename_lookup+0x308/0xc00 fs/namei.c:2321
 user_path_at_empty+0x123/0x140 fs/namei.c:2584
 user_path_at include/linux/namei.h:57 [inline]
 vfs_statx fs/stat.c:185 [inline]
 vfs_stat include/linux/fs.h:3101 [inline]
 __do_sys_newstat fs/stat.c:337 [inline]
 __se_sys_newstat+0xf3/0x390 fs/stat.c:333
 __x64_sys_newstat+0x92/0xc0 fs/stat.c:333
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x455ab9
Code: e0 1f 48 89 04 24 e8 b6 6f fd ff e8 81 6a fd ff e8 5c 68 fd ff 48 8d 05 92 9a 48 00 48 89 04 24 48 c7 44 24 08 1d 00 00 00 e8 <13> 5e fd ff 0f 0b e8 8c 44 00 00 e9 07 f0 ff ff cc cc cc cc cc cc 
RSP: 002b:00007fdfc2f59c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000004
RAX: ffffffffffffffda RBX: 00007fdfc2f5a6d4 RCX: 0000000000455ab9
RDX: 0000000000000000 RSI: 0000000020000700 RDI: 00000000200006c0
RBP: 000000000072c098 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d9b1b R14: 00000000004d39a8 R15: 0000000000000003
INFO: task syz-executor6:16821 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #26
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor6   D62000 16821   4621 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2857 [inline]
 __schedule+0x652/0x780 kernel/sched/core.c:3507
 schedule+0x1cc/0x300 kernel/sched/core.c:3551
 __rwsem_down_read_failed_common+0x5b7/0xba0 kernel/locking/rwsem-xadd.c:269
 rwsem_down_read_failed+0x2c/0x30 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 down_read+0x53/0x100 kernel/locking/rwsem.c:26
 inode_lock_shared include/linux/fs.h:725 [inline]
 lookup_slow fs/namei.c:1646 [inline]
 walk_component+0x309/0xbf0 fs/namei.c:1769
 lookup_last fs/namei.c:2237 [inline]
 path_lookupat+0x3c4/0x1180 fs/namei.c:2287
 filename_lookup+0x308/0xc00 fs/namei.c:2321
 user_path_at_empty+0x123/0x140 fs/namei.c:2584
 user_path_at include/linux/namei.h:57 [inline]
 vfs_statx fs/stat.c:185 [inline]
 vfs_lstat include/linux/fs.h:3106 [inline]
 __do_sys_newlstat fs/stat.c:350 [inline]
 __se_sys_newlstat+0xf0/0x370 fs/stat.c:344
 __x64_sys_newlstat+0x92/0xc0 fs/stat.c:344
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x455ab9
Code: e0 1f 48 89 04 24 e8 b6 6f fd ff e8 81 6a fd ff e8 5c 68 fd ff 48 8d 05 92 9a 48 00 48 89 04 24 48 c7 44 24 08 1d 00 00 00 e8 <13> 5e fd ff 0f 0b e8 8c 44 00 00 e9 07 f0 ff ff cc cc cc cc cc cc 
RSP: 002b:00007fdfc2f38c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 00007fdfc2f396d4 RCX: 0000000000455ab9
RDX: 0000000000000000 RSI: 0000000020000940 RDI: 0000000020000900
RBP: 000000000072c140 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004c00fa R14: 00000000004cfbf8 R15: 0000000000000004
INFO: task syz-executor6:16827 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #26
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor6   D61880 16827   4621 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2857 [inline]
 __schedule+0x652/0x780 kernel/sched/core.c:3507
 schedule+0x1cc/0x300 kernel/sched/core.c:3551
 request_wait_answer fs/fuse/dev.c:463 [inline]
 __fuse_request_send+0x105a/0x1a90 fs/fuse/dev.c:483
 fuse_request_send fs/fuse/dev.c:496 [inline]
 fuse_simple_request+0x9cc/0xc10 fs/fuse/dev.c:554
 fuse_do_getattr+0x43f/0x16f0 fs/fuse/dir.c:910
 fuse_update_get_attr fs/fuse/dir.c:942 [inline]
 fuse_getattr+0x582/0x8a0 fs/fuse/dir.c:1805
 vfs_getattr_nosec fs/stat.c:79 [inline]
 vfs_getattr+0x21f/0x9f0 fs/stat.c:116
 vfs_statx fs/stat.c:189 [inline]
 vfs_lstat include/linux/fs.h:3106 [inline]
 __do_sys_newlstat fs/stat.c:350 [inline]
 __se_sys_newlstat+0x17c/0x370 fs/stat.c:344
 __x64_sys_newlstat+0x92/0xc0 fs/stat.c:344
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x455ab9
Code: e0 1f 48 89 04 24 e8 b6 6f fd ff e8 81 6a fd ff e8 5c 68 fd ff 48 8d 05 92 9a 48 00 48 89 04 24 48 c7 44 24 08 1d 00 00 00 e8 <13> 5e fd ff 0f 0b e8 8c 44 00 00 e9 07 f0 ff ff cc cc cc cc cc cc 
RSP: 002b:00007fdfc2f17c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 00007fdfc2f186d4 RCX: 0000000000455ab9
RDX: 0000000000000000 RSI: 0000000020000a00 RDI: 00000000200009c0
RBP: 000000000072c1e8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004c00fa R14: 00000000004cfbf8 R15: 0000000000000005
INFO: task syz-executor6:16834 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #26
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor6   D62000 16834   4621 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2857 [inline]
 __schedule+0x652/0x780 kernel/sched/core.c:3507
 schedule+0x1cc/0x300 kernel/sched/core.c:3551
 __rwsem_down_read_failed_common+0x5b7/0xba0 kernel/locking/rwsem-xadd.c:269
 rwsem_down_read_failed+0x2c/0x30 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 down_read+0x53/0x100 kernel/locking/rwsem.c:26
 inode_lock_shared include/linux/fs.h:725 [inline]
 lookup_slow fs/namei.c:1646 [inline]
 walk_component+0x309/0xbf0 fs/namei.c:1769
 lookup_last fs/namei.c:2237 [inline]
 path_lookupat+0x3c4/0x1180 fs/namei.c:2287
 filename_lookup+0x308/0xc00 fs/namei.c:2321
 user_path_at_empty+0x123/0x140 fs/namei.c:2584
 user_path_at include/linux/namei.h:57 [inline]
 vfs_statx fs/stat.c:185 [inline]
 vfs_lstat include/linux/fs.h:3106 [inline]
 __do_sys_newlstat fs/stat.c:350 [inline]
 __se_sys_newlstat+0xf0/0x370 fs/stat.c:344
 __x64_sys_newlstat+0x92/0xc0 fs/stat.c:344
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x455ab9
Code: e0 1f 48 89 04 24 e8 b6 6f fd ff e8 81 6a fd ff e8 5c 68 fd ff 48 8d 05 92 9a 48 00 48 89 04 24 48 c7 44 24 08 1d 00 00 00 e8 <13> 5e fd ff 0f 0b e8 8c 44 00 00 e9 07 f0 ff ff cc cc cc cc cc cc 
RSP: 002b:00007fdfc2ef6c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 00007fdfc2ef76d4 RCX: 0000000000455ab9
RDX: 0000000000000000 RSI: 0000000020007b80 RDI: 0000000020007b40
RBP: 000000000072c290 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004c00fa R14: 00000000004cfbf8 R15: 0000000000000006
INFO: task syz-executor6:16849 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #26
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor6   D62000 16849   4621 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2857 [inline]
 __schedule+0x652/0x780 kernel/sched/core.c:3507
 schedule+0x1cc/0x300 kernel/sched/core.c:3551
 __rwsem_down_read_failed_common+0x5b7/0xba0 kernel/locking/rwsem-xadd.c:269
 rwsem_down_read_failed+0x2c/0x30 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 down_read+0x53/0x100 kernel/locking/rwsem.c:26
 inode_lock_shared include/linux/fs.h:725 [inline]
 lookup_slow fs/namei.c:1646 [inline]
 walk_component+0x309/0xbf0 fs/namei.c:1769
 lookup_last fs/namei.c:2237 [inline]
 path_lookupat+0x3c4/0x1180 fs/namei.c:2287
 filename_lookup+0x308/0xc00 fs/namei.c:2321
 user_path_at_empty+0x123/0x140 fs/namei.c:2584
 user_path_at include/linux/namei.h:57 [inline]
 vfs_statx fs/stat.c:185 [inline]
 vfs_lstat include/linux/fs.h:3106 [inline]
 __do_sys_newlstat fs/stat.c:350 [inline]
 __se_sys_newlstat+0xf0/0x370 fs/stat.c:344
 __x64_sys_newlstat+0x92/0xc0 fs/stat.c:344
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x455ab9
Code: e0 1f 48 89 04 24 e8 b6 6f fd ff e8 81 6a fd ff e8 5c 68 fd ff 48 8d 05 92 9a 48 00 48 89 04 24 48 c7 44 24 08 1d 00 00 00 e8 <13> 5e fd ff 0f 0b e8 8c 44 00 00 e9 07 f0 ff ff cc cc cc cc cc cc 
RSP: 002b:00007fdfc2eb4c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 00007fdfc2eb56d4 RCX: 0000000000455ab9
RDX: 0000000000000000 RSI: 0000000020008a00 RDI: 00000000200089c0
RBP: 000000000072c3e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004c00fa R14: 00000000004cfbf8 R15: 0000000000000008
INFO: task syz-executor6:16852 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #26
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor6   D61984 16852   4621 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2857 [inline]
 __schedule+0x652/0x780 kernel/sched/core.c:3507
 schedule+0x1cc/0x300 kernel/sched/core.c:3551
 __rwsem_down_read_failed_common+0x5b7/0xba0 kernel/locking/rwsem-xadd.c:269
 rwsem_down_read_failed+0x2c/0x30 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 down_read+0x53/0x100 kernel/locking/rwsem.c:26
 inode_lock_shared include/linux/fs.h:725 [inline]
 lookup_slow fs/namei.c:1646 [inline]
 walk_component+0x309/0xbf0 fs/namei.c:1769
 lookup_last fs/namei.c:2237 [inline]
 path_lookupat+0x3c4/0x1180 fs/namei.c:2287
 filename_lookup+0x308/0xc00 fs/namei.c:2321
 user_path_at_empty+0x123/0x140 fs/namei.c:2584
 user_path_at include/linux/namei.h:57 [inline]
 vfs_statx fs/stat.c:185 [inline]
 vfs_lstat include/linux/fs.h:3106 [inline]
 __do_sys_newlstat fs/stat.c:350 [inline]
 __se_sys_newlstat+0xf0/0x370 fs/stat.c:344
 __x64_sys_newlstat+0x92/0xc0 fs/stat.c:344
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x455ab9
Code: e0 1f 48 89 04 24 e8 b6 6f fd ff e8 81 6a fd ff e8 5c 68 fd ff 48 8d 05 92 9a 48 00 48 89 04 24 48 c7 44 24 08 1d 00 00 00 e8 <13> 5e fd ff 0f 0b e8 8c 44 00 00 e9 07 f0 ff ff cc cc cc cc cc cc 
RSP: 002b:00007fdfc2e93c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 00007fdfc2e946d4 RCX: 0000000000455ab9
RDX: 0000000000000000 RSI: 000000002000b900 RDI: 000000002000b8c0
RBP: 000000000072c488 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004c00fa R14: 00000000004cfbf8 R15: 0000000000000009
INFO: task syz-executor6:16859 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #26
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor6   D59320 16859   4621 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2857 [inline]
 __schedule+0x652/0x780 kernel/sched/core.c:3507
 schedule+0x1cc/0x300 kernel/sched/core.c:3551
 __rwsem_down_write_failed_common+0x807/0x1480 kernel/locking/rwsem-xadd.c:566
 rwsem_down_write_failed+0x2c/0x30 kernel/locking/rwsem-xadd.c:595
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x5e/0xc0 kernel/locking/rwsem.c:72
 inode_lock_nested include/linux/fs.h:750 [inline]
 filename_create+0x2c4/0xbe0 fs/namei.c:3645
 user_path_create fs/namei.c:3703 [inline]
 do_mkdirat+0x120/0x690 fs/namei.c:3842
 __do_sys_mkdirat fs/namei.c:3861 [inline]
 __se_sys_mkdirat fs/namei.c:3859 [inline]
 __x64_sys_mkdirat+0xe1/0x120 fs/namei.c:3859
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x455ab9
Code: e0 1f 48 89 04 24 e8 b6 6f fd ff e8 81 6a fd ff e8 5c 68 fd ff 48 8d 05 92 9a 48 00 48 89 04 24 48 c7 44 24 08 1d 00 00 00 e8 <13> 5e fd ff 0f 0b e8 8c 44 00 00 e9 07 f0 ff ff cc cc cc cc cc cc 
RSP: 002b:00007fdfc2e72c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007fdfc2e736d4 RCX: 0000000000455ab9
RDX: 0000000000000000 RSI: 0000000020000500 RDI: ffffffffffffff9c
RBP: 000000000072c530 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004c013c R14: 00000000004cfcb8 R15: 000000000000000a
INFO: task syz-executor6:16870 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #26
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor6   D62000 16870   4621 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2857 [inline]
 __schedule+0x652/0x780 kernel/sched/core.c:3507
 schedule+0x1cc/0x300 kernel/sched/core.c:3551
 __rwsem_down_read_failed_common+0x5b7/0xba0 kernel/locking/rwsem-xadd.c:269
 rwsem_down_read_failed+0x2c/0x30 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 down_read+0x53/0x100 kernel/locking/rwsem.c:26
 inode_lock_shared include/linux/fs.h:725 [inline]
 lookup_slow fs/namei.c:1646 [inline]
 walk_component+0x309/0xbf0 fs/namei.c:1769
 lookup_last fs/namei.c:2237 [inline]
 path_lookupat+0x3c4/0x1180 fs/namei.c:2287
 filename_lookup+0x308/0xc00 fs/namei.c:2321
 user_path_at_empty+0x123/0x140 fs/namei.c:2584
 user_path_at include/linux/namei.h:57 [inline]
 vfs_statx fs/stat.c:185 [inline]
 vfs_lstat include/linux/fs.h:3106 [inline]
 __do_sys_newlstat fs/stat.c:350 [inline]
 __se_sys_newlstat+0xf0/0x370 fs/stat.c:344
 __x64_sys_newlstat+0x92/0xc0 fs/stat.c:344
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x455ab9
Code: e0 1f 48 89 04 24 e8 b6 6f fd ff e8 81 6a fd ff e8 5c 68 fd ff 48 8d 05 92 9a 48 00 48 89 04 24 48 c7 44 24 08 1d 00 00 00 e8 <13> 5e fd ff 0f 0b e8 8c 44 00 00 e9 07 f0 ff ff cc cc cc cc cc cc 
RSP: 002b:00007fdfc2e51c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 00007fdfc2e526d4 RCX: 0000000000455ab9
RDX: 0000000000000000 RSI: 0000000020000940 RDI: 0000000020000900
RBP: 000000000072c5d8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004c00fa R14: 00000000004cfbf8 R15: 000000000000000b
NMI backtrace for cpu 1
CPU: 1 PID: 807 Comm: khungtaskd Not tainted 4.18.0-rc4+ #26
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x185/0x1e0 lib/dump_stack.c:113
 nmi_cpu_backtrace lib/nmi_backtrace.c:103 [inline]
 nmi_trigger_cpumask_backtrace+0x26f/0x4e0 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x2c/0x40 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace+0x2b/0x30 include/linux/nmi.h:138
 check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
 watchdog+0x1107/0x1130 kernel/hung_task.c:252
 kthread+0x473/0x4b0 kernel/kthread.c:247
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 1 to CPUs 0:
------------[ cut here ]------------
kernel BUG at mm/kmsan/kmsan_entry.c:81!
invalid opcode: 0000 [#1] SMP PTI
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.18.0-rc4+ #26
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:kmsan_nmi_enter+0x42/0x70 mm/kmsan/kmsan_entry.c:80
Code: 00 74 27 65 8b 04 25 80 90 03 00 83 c0 01 83 f8 08 7d 27 65 89 04 25 80 90 03 00 65 c6 04 25 15 6e 0b 00 ff c3 0f 0b 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e 
RSP: 0018:fffffe000000eea8 EFLAGS: 00010046
RAX: 0000000080000000 RBX: 0000000000000001 RCX: 00000000c0000101
RDX: 00000000ffff8802 RSI: ffffffff8a40136c RDI: ffff88021fc0ff6e
RBP: fffffe000000eef9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 00000001a48e8000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600400 CR3: 00000001a48e8000 CR4: 00000000001406f0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 </IRQ>
Modules linked in:
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace f59b563a0499eedc ]---
RIP: 0010:kmsan_nmi_enter+0x42/0x70 mm/kmsan/kmsan_entry.c:80
Code: 00 74 27 65 8b 04 25 80 90 03 00 83 c0 01 83 f8 08 7d 27 65 89 04 25 80 90 03 00 65 c6 04 25 15 6e 0b 00 ff c3 0f 0b 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e 
RSP: 0018:fffffe000000eea8 EFLAGS: 00010046
RAX: 0000000080000000 RBX: 0000000000000001 RCX: 00000000c0000101
RDX: 00000000ffff8802 RSI: ffffffff8a40136c RDI: ffff88021fc0ff6e
RBP: fffffe000000eef9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 00000001a48e8000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600400 CR3: 00000001a48e8000 CR4: 00000000001406f0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/13 16:39 https://github.com/google/kmsan.git master e74f81fe9c5d 92a49505 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.