CUSE: info not properly terminated INFO: task syz-executor.3:27917 blocked for more than 140 seconds. kobject: 'batman_adv' (0000000084671c40): kobject_add_internal: parent: 'veth778', set: '' Not tainted 4.19.86-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D26496 27917 3018 0x00000004 kobject: 'veth779' (00000000922e7f71): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'veth779' (00000000922e7f71): kobject_uevent_env kobject: 'veth779' (00000000922e7f71): fill_kobj_path: path = '/devices/virtual/net/veth779' kobject: 'queues' (0000000096c1282e): kobject_add_internal: parent: 'veth779', set: '' kobject: 'loop0' (000000008cea8b64): kobject_uevent_env Call Trace: kobject: 'queues' (0000000096c1282e): kobject_uevent_env kobject: 'loop0' (000000008cea8b64): fill_kobj_path: path = '/devices/virtual/block/loop0' context_switch kernel/sched/core.c:2826 [inline] __schedule+0x866/0x1dc0 kernel/sched/core.c:3515 kobject: 'queues' (0000000096c1282e): kobject_uevent_env: filter function caused the event to drop! kobject: 'loop5' (00000000682c6065): kobject_uevent_env schedule+0x92/0x1c0 kernel/sched/core.c:3559 request_wait_answer+0x42f/0x7c0 fs/fuse/dev.c:485 kobject: 'loop5' (00000000682c6065): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'rx-0' (00000000451d4d47): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'loop3' (000000008a6a4bdb): kobject_uevent_env __fuse_request_send+0x128/0x1d0 fs/fuse/dev.c:505 kobject: 'loop3' (000000008a6a4bdb): fill_kobj_path: path = '/devices/virtual/block/loop3' fuse_request_send+0x60/0xa0 fs/fuse/dev.c:518 fuse_simple_request+0x2f6/0x720 fs/fuse/dev.c:576 kobject: 'rx-0' (00000000451d4d47): kobject_uevent_env fuse_lookup_name+0x275/0x670 fs/fuse/dir.c:323 kobject: 'loop2' (0000000007c517fb): kobject_uevent_env kobject: 'rx-0' (00000000451d4d47): fill_kobj_path: path = '/devices/virtual/net/veth779/queues/rx-0' kobject: 'loop2' (0000000007c517fb): fill_kobj_path: path = '/devices/virtual/block/loop2' fuse_lookup+0xeb/0x3e0 fs/fuse/dir.c:361 kobject: 'loop5' (00000000682c6065): kobject_uevent_env CUSE: info not properly terminated kobject: 'tx-0' (000000003ca7c734): kobject_add_internal: parent: 'queues', set: 'queues' __lookup_slow+0x279/0x500 fs/namei.c:1671 kobject: 'loop5' (00000000682c6065): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'tx-0' (000000003ca7c734): kobject_uevent_env kobject: 'tx-0' (000000003ca7c734): fill_kobj_path: path = '/devices/virtual/net/veth779/queues/tx-0' kobject: 'batman_adv' (00000000ff1c828f): kobject_add_internal: parent: 'veth779', set: '' lookup_slow+0x58/0x80 fs/namei.c:1688 walk_component+0x747/0x2000 fs/namei.c:1810 lookup_last fs/namei.c:2273 [inline] path_lookupat.isra.0+0x1f5/0x8d0 fs/namei.c:2318 filename_lookup+0x1b0/0x410 fs/namei.c:2348 kobject: 'loop4' (00000000f2b6036b): kobject_uevent_env kobject: 'loop4' (00000000f2b6036b): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop0' (000000008cea8b64): kobject_uevent_env kobject: 'loop0' (000000008cea8b64): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'loop2' (0000000007c517fb): kobject_uevent_env user_path_at_empty+0x43/0x50 fs/namei.c:2608 user_path_at include/linux/namei.h:57 [inline] path_setxattr+0xae/0x1b0 fs/xattr.c:464 CUSE: info not properly terminated kobject: 'loop2' (0000000007c517fb): fill_kobj_path: path = '/devices/virtual/block/loop2' CUSE: info not properly terminated kobject: 'loop5' (00000000682c6065): kobject_uevent_env kobject: 'loop5' (00000000682c6065): fill_kobj_path: path = '/devices/virtual/block/loop5' __do_sys_setxattr fs/xattr.c:484 [inline] __se_sys_setxattr fs/xattr.c:480 [inline] __x64_sys_setxattr+0xc4/0x150 fs/xattr.c:480 kobject: 'loop4' (00000000f2b6036b): kobject_uevent_env do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 kobject: 'loop4' (00000000f2b6036b): fill_kobj_path: path = '/devices/virtual/block/loop4' entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a679 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f5bd19c4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a679 kobject: 'loop0' (000000008cea8b64): kobject_uevent_env kobject: 'loop0' (000000008cea8b64): fill_kobj_path: path = '/devices/virtual/block/loop0' RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 kobject: 'loop3' (000000008a6a4bdb): kobject_uevent_env RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 kobject: 'loop3' (000000008a6a4bdb): fill_kobj_path: path = '/devices/virtual/block/loop3' R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5bd19c56d4 R13: 00000000004d28f8 R14: 00000000004e1bb0 R15: 00000000ffffffff Showing all locks held in the system: kobject: 'veth780' (00000000bef78b11): kobject_add_internal: parent: 'net', set: 'devices' 1 lock held by khungtaskd/1040: #0: 00000000e051ea98 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:4438 3 locks held by rs:main Q:Reg/7447: #0: 000000000e4c6353 (&rq->lock){-.-.}, at: rq_lock kernel/sched/sched.h:1817 [inline] #0: 000000000e4c6353 (&rq->lock){-.-.}, at: __schedule+0x1f8/0x1dc0 kernel/sched/core.c:3453 #1: 00000000e051ea98 (rcu_read_lock){....}, at: trace_sched_stat_runtime include/trace/events/sched.h:428 [inline] #1: 00000000e051ea98 (rcu_read_lock){....}, at: update_curr+0x2cc/0x8a0 kernel/sched/fair.c:828 #2: 00000000e051ea98 (rcu_read_lock){....}, at: fast_dput fs/dcache.c:714 [inline] #2: 00000000e051ea98 (rcu_read_lock){....}, at: dput+0x38/0x670 fs/dcache.c:833 kobject: 'veth780' (00000000bef78b11): kobject_uevent_env selinux_nlmsg_perm: 2 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29713 sclass=netlink_route_socket pig=15888 comm=syz-executor.1 kobject: 'veth780' (00000000bef78b11): fill_kobj_path: path = '/devices/virtual/net/veth780' 2 locks held by getty/7573: #0: 00000000b5b1453c (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362 kobject: 'queues' (00000000c610f404): kobject_add_internal: parent: 'veth780', set: '' #1: 000000003099fbff (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154 kobject: 'queues' (00000000c610f404): kobject_uevent_env 2 locks held by getty/7574: kobject: 'queues' (00000000c610f404): kobject_uevent_env: filter function caused the event to drop! #0: 00000000a403fb67 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362 kobject: 'rx-0' (000000001f0ccb27): kobject_add_internal: parent: 'queues', set: 'queues' #1: 0000000095091981 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154 kobject: 'rx-0' (000000001f0ccb27): kobject_uevent_env 2 locks held by getty/7575: #0: 00000000454d5cc9 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362 #1: 000000007d4bc953 (&ldata->atomic_read_lock kobject: 'rx-0' (000000001f0ccb27): fill_kobj_path: path = '/devices/virtual/net/veth780/queues/rx-0' ){+.+.} kobject: 'tx-0' (00000000a818e52f): kobject_add_internal: parent: 'queues', set: 'queues' , at: n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154 2 locks held by getty/7576: kobject: 'tx-0' (00000000a818e52f): kobject_uevent_env #0: kobject: 'tx-0' (00000000a818e52f): fill_kobj_path: path = '/devices/virtual/net/veth780/queues/tx-0' 000000002ceb9200 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362 #1: kobject: 'batman_adv' (000000002f40ce9f): kobject_add_internal: parent: 'veth780', set: '' 00000000fc3aed8c kobject: 'veth781' (0000000081158395): kobject_add_internal: parent: 'net', set: 'devices' ( kobject: 'veth781' (0000000081158395): kobject_uevent_env &ldata->atomic_read_lock kobject: 'veth781' (0000000081158395): fill_kobj_path: path = '/devices/virtual/net/veth781' ){+.+.}, at: n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154 kobject: 'queues' (0000000024426ba2): kobject_add_internal: parent: 'veth781', set: '' 2 locks held by getty/7577: #0: 00000000dd165ed5 (&tty->ldisc_sem kobject: 'queues' (0000000024426ba2): kobject_uevent_env ){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362 #1: 0000000014509aa7 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154 2 locks held by getty/7578: kobject: 'queues' (0000000024426ba2): kobject_uevent_env: filter function caused the event to drop! #0: kobject: 'rx-0' (00000000ba65e49b): kobject_add_internal: parent: 'queues', set: 'queues' 000000003d9fc148 kobject: 'rx-0' (00000000ba65e49b): kobject_uevent_env ( kobject: 'rx-0' (00000000ba65e49b): fill_kobj_path: path = '/devices/virtual/net/veth781/queues/rx-0' &tty->ldisc_sem kobject: 'tx-0' (00000000370aaf44): kobject_add_internal: parent: 'queues', set: 'queues' ){++++} kobject: 'tx-0' (00000000370aaf44): kobject_uevent_env , at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362 kobject: 'tx-0' (00000000370aaf44): fill_kobj_path: path = '/devices/virtual/net/veth781/queues/tx-0' #1: 000000005d639430 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154 kobject: 'batman_adv' (00000000bafb442f): kobject_add_internal: parent: 'veth781', set: '' 2 locks held by getty/7579: #0: 0000000062caa8ea (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:362 #1: 0000000024fd08b0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154 2 locks held by kworker/1:1/2732: #0: 000000008563046e ((wq_completion)"rcu_gp"){+.+.}, at: __write_once_size include/linux/compiler.h:220 [inline] #0: 000000008563046e ((wq_completion)"rcu_gp"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 000000008563046e ((wq_completion)"rcu_gp"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 000000008563046e ((wq_completion)"rcu_gp"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 000000008563046e ((wq_completion)"rcu_gp"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 000000008563046e ((wq_completion)"rcu_gp"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 000000008563046e ((wq_completion)"rcu_gp"){+.+.}, at: process_one_work+0x87e/0x1750 kernel/workqueue.c:2124 #1: 000000005d02b82a ((work_completion)(&rew.rew_work)){+.+.}, at: process_one_work+0x8b4/0x1750 kernel/workqueue.c:2128 2 locks held by syz-executor.3/27917: #0: 00000000d901bebc (&type->i_mutex_dir_key#8){.+.+}, at: inode_lock_shared include/linux/fs.h:757 [inline] #0: 00000000d901bebc (&type->i_mutex_dir_key#8){.+.+}, at: lookup_slow+0x4a/0x80 fs/namei.c:1687 #1: 000000007c9384a5 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xba/0xf0 fs/fuse/inode.c:365 2 locks held by syz-executor.1/15808: #0: 00000000f9c55a42 (&sb->s_type->i_mutex_key#11){+.+.}, at: inode_lock include/linux/fs.h:747 [inline] #0: 00000000f9c55a42 (&sb->s_type->i_mutex_key#11){+.+.}, at: __sock_release+0x89/0x2a0 net/socket.c:578 #1: 00000000b8786cdf (rcu_preempt_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:297 [inline] #1: 00000000b8786cdf (rcu_preempt_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited+0x59e/0x7f0 kernel/rcu/tree_exp.h:667 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1040 Comm: khungtaskd Not tainted 4.19.86-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x63/0xa4 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1b0/0x1f8 lib/nmi_backtrace.c:62 kobject: 'loop1' (00000000bc2238d3): kobject_uevent_env arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x9df/0xee0 kernel/hung_task.c:287 kthread+0x354/0x420 kernel/kthread.c:246 kobject: 'loop1' (00000000bc2238d3): fill_kobj_path: path = '/devices/virtual/block/loop1' ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 7617 Comm: syz-executor.1 Not tainted 4.19.86-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:compound_head include/linux/page-flags.h:144 [inline] RIP: 0010:get_page+0x36/0x100 include/linux/mm.h:919 Code: e8 0f 1d d7 ff 49 8d 7c 24 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 c1 00 00 00 4d 8b 6c 24 08 <31> ff 4c 89 eb 83 e3 01 48 89 de e8 7a 1e d7 ff 48 85 db 0f 85 8b RSP: 0018:ffff8880a58d79c0 EFLAGS: 00000246 RAX: dffffc0000000000 RBX: ffffea000240c000 RCX: 0000000000000000 RDX: 1ffffd4000481801 RSI: ffffffff81940261 RDI: ffffea000240c008 RBP: ffff8880a58d79d8 R08: ffff8880a5322140 R09: ffffed1011adefe5 R10: ffffed1011adefe4 R11: ffff88808d6f7f23 R12: ffffea000240c000 R13: dead000000000100 R14: 0000000000000000 R15: 0000000000000028 FS: 0000000001279940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020001b00 CR3: 0000000085a96000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: copy_one_pte mm/memory.c:1040 [inline] copy_pte_range mm/memory.c:1102 [inline] copy_pmd_range mm/memory.c:1153 [inline] copy_pud_range mm/memory.c:1187 [inline] copy_p4d_range mm/memory.c:1209 [inline] copy_page_range+0xc95/0x1f90 mm/memory.c:1271 dup_mmap kernel/fork.c:544 [inline] dup_mm kernel/fork.c:1283 [inline] copy_mm kernel/fork.c:1339 [inline] copy_process.part.0+0x543d/0x7a30 kernel/fork.c:1892 copy_process kernel/fork.c:1689 [inline] _do_fork+0x257/0xfd0 kernel/fork.c:2202 __do_sys_clone kernel/fork.c:2309 [inline] __se_sys_clone kernel/fork.c:2303 [inline] __x64_sys_clone+0xbf/0x150 kernel/fork.c:2303 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458c4a Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 RSP: 002b:00007ffe17fcda80 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007ffe17fcda80 RCX: 0000000000458c4a RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 00007ffe17fcdac0 R08: 0000000000000001 R09: 0000000001279940 R10: 0000000001279c10 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe17fcdb10 CUSE: info not properly terminated