Re: INFO: task hung in vfat_lookup

[Tetsuo Handa]

On 2018/09/05 20:19, syzbot wrote:
> Hello,
> 
> syzbot found the following crash on:
> 
> HEAD commit:    420f51f4ab6b Merge tag 'arm64-fixes' of git://git.kernel.o..
> git tree:   upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=11296c9240
> kernel config:  https://syzkaller.appspot.com/x/.config?x=531a917630d2a492
> dashboard link: https://syzkaller.appspot.com/bug?extid=72000baa7858f1703b04
> compiler:   gcc (GCC) 8.0.1 20180413 (experimental)
> 
> Unfortunately, I don't have any reproducer for this crash yet.

A report for linux-next contains

"getblk(): executed=9 bh_count=0 bh_state=0"

lines. Therefore,

#syz dup: INFO: task hung in generic_file_write_iter

Re: INFO: task hung in vfat_lookup

[Tetsuo Handa]

On 2018/09/05 20:19, syzbot wrote:
> Hello,
> 
> syzbot found the following crash on:
> 
> HEAD commit:    420f51f4ab6b Merge tag 'arm64-fixes' of git://git.kernel.o..
> git tree:   upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=11296c9240
> kernel config:  https://syzkaller.appspot.com/x/.config?x=531a917630d2a492
> dashboard link: https://syzkaller.appspot.com/bug?extid=72000baa7858f1703b04
> compiler:   gcc (GCC) 8.0.1 20180413 (experimental)
> 
> Unfortunately, I don't have any reproducer for this crash yet.

A report for linux-next contains

"getblk(): executed=9 bh_count=0 bh_state=0"

lines. Therefore,

#syz dup: INFO: task hung in generic_file_write_iter

INFO: task hung in vfat_lookup

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit:420f51f4ab6b Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:   upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11296c9240
kernel config:  https://syzkaller.appspot.com/x/.config?x=531a917630d2a492
dashboard link: https://syzkaller.appspot.com/bug?extid=72000baa7858f1703b04
compiler:   gcc (GCC) 8.0.1 20180413 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+72000baa7858f1703...@syzkaller.appspotmail.com

INFO: task syz-executor0:4634 blocked for more than 140 seconds.
  Not tainted 4.19.0-rc1+ #217
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0   D21248  4634  1 0x0004
Call Trace:
 context_switch kernel/sched/core.c:2825 [inline]
 __schedule+0x87c/0x1df0 kernel/sched/core.c:3473
 schedule+0xfb/0x450 kernel/sched/core.c:3517
 schedule_preempt_disabled+0x10/0x20 kernel/sched/core.c:3575
 __mutex_lock_common kernel/locking/mutex.c:1003 [inline]
 __mutex_lock+0xbf9/0x1700 kernel/locking/mutex.c:1073
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088
 vfat_lookup+0xf1/0x640 fs/fat/namei_vfat.c:709
 __lookup_slow+0x2b5/0x540 fs/namei.c:1671
 lookup_slow+0x57/0x80 fs/namei.c:1688
 walk_component+0x94a/0x2630 fs/namei.c:1810
 link_path_walk.part.40+0xa6e/0x1540 fs/namei.c:2141
 link_path_walk fs/namei.c:2072 [inline]
 path_openat+0x268/0x5340 fs/namei.c:3533
 do_filp_open+0x255/0x380 fs/namei.c:3564
 do_sys_open+0x584/0x720 fs/open.c:1063
 __do_sys_open fs/open.c:1081 [inline]
 __se_sys_open fs/open.c:1076 [inline]
 __x64_sys_open+0x7e/0xc0 fs/open.c:1076
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4551a0
Code: 44 24 10 48 8b 4c 24 08 48 8b 54 24 70 48 39 d0 0f 85 69 01 00 00 48  
8b 9c 24 10 01 00 00 48 89 1c 24 48 89 54 24 08 48 89 4c <24> 10 48 89 44  
24 18 e8 74 6d 00 00 0f b6 44 24 20 84 c0 0f 84 3c

RSP: 002b:7ffd57125ec0 EFLAGS: 0206 ORIG_RAX: 0002
RAX: ffda RBX:  RCX: 004551a0
RDX:  RSI: 00090800 RDI: 004c1e40
RBP: 01b6 R08: 0001 R09: 01523940
R10:  R11: 0206 R12: 0003
R13: 00051351 R14: 003a R15: badc0ffeebadface
INFO: task syz-executor0:8851 blocked for more than 140 seconds.
  Not tainted 4.19.0-rc1+ #217
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0   D23808  8851   4634 0x0004
Call Trace:
 context_switch kernel/sched/core.c:2825 [inline]
 __schedule+0x87c/0x1df0 kernel/sched/core.c:3473
 schedule+0xfb/0x450 kernel/sched/core.c:3517
 d_wait_lookup fs/dcache.c:2428 [inline]
 d_alloc_parallel+0x1456/0x1eb0 fs/dcache.c:2510
 __lookup_slow+0x1e6/0x540 fs/namei.c:1654
 lookup_slow+0x57/0x80 fs/namei.c:1688
 walk_component+0x94a/0x2630 fs/namei.c:1810
 link_path_walk.part.40+0xa6e/0x1540 fs/namei.c:2141
 link_path_walk fs/namei.c:2072 [inline]
 path_openat+0x268/0x5340 fs/namei.c:3533
 do_filp_open+0x255/0x380 fs/namei.c:3564
 do_sys_open+0x584/0x720 fs/open.c:1063
 __do_sys_open fs/open.c:1081 [inline]
 __se_sys_open fs/open.c:1076 [inline]
 __x64_sys_open+0x7e/0xc0 fs/open.c:1076
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x410dd1
Code: 00 00 00 00 00 00 00 48 c7 84 24 90 00 00 00 00 00 00 00 48 8d 05 0f  
5e 04 00 48 89 44 24 78 48 8d 44 24 50 48 89 84 24 80 00 <00> 00 48 8d 84  
24 a8 00 00 00 48 89 84 24 88 00 00 00 0f b6 84 24

RSP: 002b:7f0a65bafbb0 EFLAGS: 0293 ORIG_RAX: 0002
RAX: ffda RBX: 7f0a65bb06d4 RCX: 00410dd1
RDX: 7f0a65bafbe2 RSI: 0002 RDI: 7f0a65bafbd0
RBP: 00930140 R08:  R09: 0012
R10: 0007 R11: 0293 R12: 
R13: 004d72c0 R14: 004ca44c R15: 0001

Showing all locks held in the system:
1 lock held by khungtaskd/792:
 #0: d6534971 (rcu_read_lock){}, at:  
debug_show_all_locks+0xd0/0x428 kernel/locking/lockdep.c:4436

1 lock held by rsyslogd/4498:
2 locks held by getty/4588:
 #0: 1a00424d (>ldisc_sem){}, at:  
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
 #1: 64c91a05 (>atomic_read_lock){+.+.}, at:  
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140

2 locks held by getty/4589:
 #0: 44cc0e87 (>ldisc_sem){}, at:  
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
 #1: 31085714 (>atomic_read_lock){+.+.}, at:  
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140

2 locks held by getty/4590:
 #0: a90082dc (>ldisc_sem){}, at:  
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
 #1: dcf02824 

INFO: task hung in vfat_lookup

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit:420f51f4ab6b Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:   upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11296c9240
kernel config:  https://syzkaller.appspot.com/x/.config?x=531a917630d2a492
dashboard link: https://syzkaller.appspot.com/bug?extid=72000baa7858f1703b04
compiler:   gcc (GCC) 8.0.1 20180413 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+72000baa7858f1703...@syzkaller.appspotmail.com

INFO: task syz-executor0:4634 blocked for more than 140 seconds.
  Not tainted 4.19.0-rc1+ #217
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0   D21248  4634  1 0x0004
Call Trace:
 context_switch kernel/sched/core.c:2825 [inline]
 __schedule+0x87c/0x1df0 kernel/sched/core.c:3473
 schedule+0xfb/0x450 kernel/sched/core.c:3517
 schedule_preempt_disabled+0x10/0x20 kernel/sched/core.c:3575
 __mutex_lock_common kernel/locking/mutex.c:1003 [inline]
 __mutex_lock+0xbf9/0x1700 kernel/locking/mutex.c:1073
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088
 vfat_lookup+0xf1/0x640 fs/fat/namei_vfat.c:709
 __lookup_slow+0x2b5/0x540 fs/namei.c:1671
 lookup_slow+0x57/0x80 fs/namei.c:1688
 walk_component+0x94a/0x2630 fs/namei.c:1810
 link_path_walk.part.40+0xa6e/0x1540 fs/namei.c:2141
 link_path_walk fs/namei.c:2072 [inline]
 path_openat+0x268/0x5340 fs/namei.c:3533
 do_filp_open+0x255/0x380 fs/namei.c:3564
 do_sys_open+0x584/0x720 fs/open.c:1063
 __do_sys_open fs/open.c:1081 [inline]
 __se_sys_open fs/open.c:1076 [inline]
 __x64_sys_open+0x7e/0xc0 fs/open.c:1076
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4551a0
Code: 44 24 10 48 8b 4c 24 08 48 8b 54 24 70 48 39 d0 0f 85 69 01 00 00 48  
8b 9c 24 10 01 00 00 48 89 1c 24 48 89 54 24 08 48 89 4c <24> 10 48 89 44  
24 18 e8 74 6d 00 00 0f b6 44 24 20 84 c0 0f 84 3c

RSP: 002b:7ffd57125ec0 EFLAGS: 0206 ORIG_RAX: 0002
RAX: ffda RBX:  RCX: 004551a0
RDX:  RSI: 00090800 RDI: 004c1e40
RBP: 01b6 R08: 0001 R09: 01523940
R10:  R11: 0206 R12: 0003
R13: 00051351 R14: 003a R15: badc0ffeebadface
INFO: task syz-executor0:8851 blocked for more than 140 seconds.
  Not tainted 4.19.0-rc1+ #217
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0   D23808  8851   4634 0x0004
Call Trace:
 context_switch kernel/sched/core.c:2825 [inline]
 __schedule+0x87c/0x1df0 kernel/sched/core.c:3473
 schedule+0xfb/0x450 kernel/sched/core.c:3517
 d_wait_lookup fs/dcache.c:2428 [inline]
 d_alloc_parallel+0x1456/0x1eb0 fs/dcache.c:2510
 __lookup_slow+0x1e6/0x540 fs/namei.c:1654
 lookup_slow+0x57/0x80 fs/namei.c:1688
 walk_component+0x94a/0x2630 fs/namei.c:1810
 link_path_walk.part.40+0xa6e/0x1540 fs/namei.c:2141
 link_path_walk fs/namei.c:2072 [inline]
 path_openat+0x268/0x5340 fs/namei.c:3533
 do_filp_open+0x255/0x380 fs/namei.c:3564
 do_sys_open+0x584/0x720 fs/open.c:1063
 __do_sys_open fs/open.c:1081 [inline]
 __se_sys_open fs/open.c:1076 [inline]
 __x64_sys_open+0x7e/0xc0 fs/open.c:1076
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x410dd1
Code: 00 00 00 00 00 00 00 48 c7 84 24 90 00 00 00 00 00 00 00 48 8d 05 0f  
5e 04 00 48 89 44 24 78 48 8d 44 24 50 48 89 84 24 80 00 <00> 00 48 8d 84  
24 a8 00 00 00 48 89 84 24 88 00 00 00 0f b6 84 24

RSP: 002b:7f0a65bafbb0 EFLAGS: 0293 ORIG_RAX: 0002
RAX: ffda RBX: 7f0a65bb06d4 RCX: 00410dd1
RDX: 7f0a65bafbe2 RSI: 0002 RDI: 7f0a65bafbd0
RBP: 00930140 R08:  R09: 0012
R10: 0007 R11: 0293 R12: 
R13: 004d72c0 R14: 004ca44c R15: 0001

Showing all locks held in the system:
1 lock held by khungtaskd/792:
 #0: d6534971 (rcu_read_lock){}, at:  
debug_show_all_locks+0xd0/0x428 kernel/locking/lockdep.c:4436

1 lock held by rsyslogd/4498:
2 locks held by getty/4588:
 #0: 1a00424d (>ldisc_sem){}, at:  
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
 #1: 64c91a05 (>atomic_read_lock){+.+.}, at:  
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140

2 locks held by getty/4589:
 #0: 44cc0e87 (>ldisc_sem){}, at:  
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
 #1: 31085714 (>atomic_read_lock){+.+.}, at:  
n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140

2 locks held by getty/4590:
 #0: a90082dc (>ldisc_sem){}, at:  
ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:353
 #1: dcf02824