Hello,
syzbot found the following crash on:
HEAD commit: d7e64f80 ANDROID: x86_64_cuttlefish_defconfig: Enable F2FS
git tree: android-4.9
console output:
https://syzkaller.appspot.com/x/log.txt?x=157bf1d7800000
kernel config:
https://syzkaller.appspot.com/x/.config?x=f99aced9dd6a7628
dashboard link:
https://syzkaller.appspot.com/bug?extid=aa596780bc201d212c59
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=119e76b7800000
C reproducer:
https://syzkaller.appspot.com/x/repro.c?x=176732f7800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+aa5967...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at kernel/sched/deadline.c:1068!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 22303 Comm: syz-executor377 Not tainted 4.9.105-gd7e64f8 #40
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8801d7d93000 task.stack: ffff8801d8ae0000
RIP: 0010:[<ffffffff8121c18f>] [<ffffffff8121c18f>] __enqueue_dl_entity
kernel/sched/deadline.c:987 [inline]
RIP: 0010:[<ffffffff8121c18f>] [<ffffffff8121c18f>] enqueue_dl_entity
kernel/sched/deadline.c:1039 [inline]
RIP: 0010:[<ffffffff8121c18f>] [<ffffffff8121c18f>]
enqueue_task_dl+0x31f/0x1f40 kernel/sched/deadline.c:1090
RSP: 0018:ffff8801d8ae7460 EFLAGS: 00010087
RAX: 0000000000000000 RBX: ffff8801d7d91800 RCX: 1ffff1003afb236d
RDX: 0000000000000000 RSI: ffff8801d7d91800 RDI: ffff8801d7d91b68
RBP: ffff8801d8ae74d0 R08: ffff88021fffd018 R09: 0000000000000008
R10: 0000000000000001 R11: 0000000000000078 R12: ffff8801db321c00
R13: ffff8801d7d91b10 R14: ffff8801db321c00 R15: 0000000000000000
FS: 00007f57a2366700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000044452a CR3: 00000001d3a6b000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
0000000000000002 ffff8801d8ae74a8 ffffffff81230712 ffff8801d7d938c0
0000000000000046 ffff8801d7d93000 ffff8801db321c18 ffff8801d7d91c18
ffff8801d7d91800 ffff8801d7d91800 ffff8801db321c00 0000000000000000
Call Trace:
[<ffffffff811ca9b3>] enqueue_task kernel/sched/core.c:774 [inline]
[<ffffffff811ca9b3>] activate_task+0x153/0x280 kernel/sched/core.c:790
[<ffffffff8121b1f4>] push_dl_task.part.36+0x2e4/0x430
kernel/sched/deadline.c:1638
[<ffffffff8121b386>] push_dl_task kernel/sched/deadline.c:1578 [inline]
[<ffffffff8121b386>] push_dl_tasks.part.37+0x46/0x60
kernel/sched/deadline.c:1654
[<ffffffff8121b3a9>] push_dl_tasks+0x9/0x10 kernel/sched/deadline.c:1652
[<ffffffff811abf85>] __balance_callback+0x95/0xe0 kernel/sched/core.c:2869
[<ffffffff839e9678>] balance_callback kernel/sched/core.c:2877 [inline]
[<ffffffff839e9678>] __schedule+0x10a8/0x1bd0 kernel/sched/core.c:3508
[<ffffffff839ea21f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3557
[<ffffffff839f3be0>] __rt_mutex_slowlock+0xb0/0x2d0
kernel/locking/rtmutex.c:1221
[<ffffffff839f3f97>] rt_mutex_slowlock+0x197/0x530
kernel/locking/rtmutex.c:1293
[<ffffffff839f435c>] rt_mutex_fastlock kernel/locking/rtmutex.c:1439
[inline]
[<ffffffff839f435c>] rt_mutex_lock+0x2c/0x30 kernel/locking/rtmutex.c:1499
[<ffffffff826a88dd>] process_notifier+0x9d/0x670
drivers/misc/uid_sys_stats.c:636
[<ffffffff811a1864>] notifier_call_chain+0xb4/0x1d0 kernel/notifier.c:93
[<ffffffff811a2dce>] __blocking_notifier_call_chain kernel/notifier.c:317
[inline]
[<ffffffff811a2dce>] blocking_notifier_call_chain+0x7e/0xa0
kernel/notifier.c:328
[<ffffffff8129186e>] profile_task_exit+0x1e/0x30 kernel/profile.c:140
[<ffffffff811404fe>] do_exit+0x9e/0x27c0 kernel/exit.c:740
[<ffffffff81146f41>] do_group_exit+0x111/0x340 kernel/exit.c:941
[<ffffffff81169d9f>] get_signal+0x4cf/0x1450 kernel/signal.c:2321
[<ffffffff810524d7>] do_signal+0x87/0x19f0 arch/x86/kernel/signal.c:807
[<ffffffff81005581>] exit_to_usermode_loop+0xe1/0x120
arch/x86/entry/common.c:157
[<ffffffff810064d4>] prepare_exit_to_usermode arch/x86/entry/common.c:191
[inline]
[<ffffffff810064d4>] syscall_return_slowpath arch/x86/entry/common.c:260
[inline]
[<ffffffff810064d4>] do_syscall_64+0x364/0x490 arch/x86/entry/common.c:287
[<ffffffff839f9b13>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: 48 c1 e8 03 80 3c 10 00 0f 85 c2 11 00 00 41 80 39 00 49 8b 47 48 0f
85 df 11 00 00 48 39 83 58 03 00 00 79 ad 49 8d 47 10 eb ae <0f> 0b 4c 8d
53 3c 48 c7 c6 00 1c 02 00 48 bf 00 00 00 00 00 fc
RIP [<ffffffff8121c18f>] __enqueue_dl_entity kernel/sched/deadline.c:987
[inline]
RIP [<ffffffff8121c18f>] enqueue_dl_entity kernel/sched/deadline.c:1039
[inline]
RIP [<ffffffff8121c18f>] enqueue_task_dl+0x31f/0x1f40
kernel/sched/deadline.c:1090
RSP <ffff8801d8ae7460>
---[ end trace 79a1e636767c50bb ]---
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches