INFO: task hung in namespace_unlock
24 views
Skip to first unread message
syzbot
Apr 10, 2019, 12:04:14 PM4/10/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 815e34f8 Merge 4.14.90 into android-4.14
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=121acf8b400000
kernel config: https://syzkaller.appspot.com/x/.config?x=608dc5a2664d6079
dashboard link: https://syzkaller.appspot.com/bug?extid=4dc16c98cfe818a2448e
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+4dc16c...@syzkaller.appspotmail.com
audit: type=1400 audit(2000000170.080:63768): avc: denied { search } for
pid=190 comm="udevd" name="/" dev="sysfs" ino=1
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:netcontrol_device_t:s0 tclass=dir permissive=1
audit: type=1400 audit(2000000170.110:63769): avc: denied { search } for
pid=28948 comm="udevd" name="/" dev="sysfs" ino=1
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:netcontrol_device_t:s0 tclass=dir permissive=1
INFO: task syz-executor2:1852 blocked for more than 140 seconds.
Not tainted 4.14.90+ #29
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor2 D27112 1852 1 0x00000004
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_timeout+0x710/0xe60 kernel/time/timer.c:1721
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common+0x3bc/0x4e0 kernel/sched/completion.c:123
__wait_rcu_gp+0x250/0x3a0 kernel/rcu/update.c:413
synchronize_rcu.part.43+0xd2/0xe0 kernel/rcu/tree_plugin.h:764
namespace_unlock+0xef/0x110 fs/namespace.c:1466
do_umount fs/namespace.c:1668 [inline]
SYSC_umount fs/namespace.c:1763 [inline]
SyS_umount+0x610/0xc90 fs/namespace.c:1732
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a407
RSP: 002b:00007ffd8cfc5b88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045a407
RDX: 0000000000402f40 RSI: 0000000000000002 RDI: 00007ffd8cfc5c30
RBP: 0000000000000f0d R08: 0000000000000000 R09: 000000000000000b
R10: 0000000000000005 R11: 0000000000000206 R12: 00007ffd8cfc6cc0
R13: 0000000000b3c940 R14: 0000000000000000 R15: 0000000000000002
INFO: task syz-executor1:19487 blocked for more than 140 seconds.
Not tainted 4.14.90+ #29
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor1 D26680 19487 1869 0x80000002
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
_rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3538
netdev_run_todo+0x112/0x750 net/core/dev.c:7893
tun_detach drivers/net/tun.c:587 [inline]
tun_chr_close+0x45/0x50 drivers/net/tun.c:2661
__fput+0x25e/0x6f0 fs/file_table.c:210
task_work_run+0x116/0x190 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0x8fb/0x28c0 kernel/exit.c:865
do_group_exit+0x100/0x2e0 kernel/exit.c:968
get_signal+0x4e5/0x1470 kernel/signal.c:2348
do_signal+0x8f/0x1660 arch/x86/kernel/signal.c:809
exit_to_usermode_loop+0x116/0x150 arch/x86/entry/common.c:159
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:267 [inline]
do_syscall_64+0x35d/0x4b0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4579b9
RSP: 002b:00007f2c01918c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000129
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004579b9
RDX: 0000000000000016 RSI: 0000000000000947 RDI: 0000000000000947
RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020000100 R11: 0000000000000246 R12: 00007f2c019196d4
R13: 00000000004c456d R14: 00000000004d7a40 R15: 00000000ffffffff
INFO: task kworker/u4:13:32739 blocked for more than 140 seconds.
Not tainted 4.14.90+ #29
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:13 D26552 32739 2 0x80000000
Workqueue: netns cleanup_net
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_timeout+0x710/0xe60 kernel/time/timer.c:1721
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common+0x3bc/0x4e0 kernel/sched/completion.c:123
_rcu_barrier+0x27b/0x3f0 kernel/rcu/tree.c:3603
netdev_run_todo+0x112/0x750 net/core/dev.c:7893
sit_exit_net+0x42f/0x600 net/ipv6/sit.c:1869
ops_exit_list.isra.3+0xa8/0x150 net/core/net_namespace.c:142
cleanup_net+0x3e9/0x880 net/core/net_namespace.c:483
process_one_work+0x86e/0x1670 kernel/workqueue.c:2114
worker_thread+0xdc/0x1000 kernel/workqueue.c:2248
kthread+0x348/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Showing all locks held in the system:
1 lock held by khungtaskd/23:
#0: (tasklist_lock){.+.+}, at: [<ffffffff9f804837>]
debug_show_all_locks+0x74/0x20f kernel/locking/lockdep.c:4541
2 locks held by getty/1758:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffffa0340c20>]
tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffffa033c07f>]
n_tty_read+0x1ff/0x1700 drivers/tty/n_tty.c:2156
3 locks held by kworker/0:2/2837:
#0: ("events"){+.+.}, at: [<ffffffff9f729534>]
process_one_work+0x784/0x1670 kernel/workqueue.c:2085
#1: ((&map->work)){+.+.}, at: [<ffffffff9f72956c>]
process_one_work+0x7bc/0x1670 kernel/workqueue.c:2089
#2: (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffff9f84ae9b>]
_rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3538
1 lock held by syz-executor1/19075:
#0: (&sb->s_type->i_mutex_key#8){+.+.}, at: [<ffffffffa08a79e4>]
inode_lock include/linux/fs.h:715 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.}, at: [<ffffffffa08a79e4>]
__sock_release+0x84/0x250 net/socket.c:601
1 lock held by syz-executor1/19487:
#0: (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffff9f84ae9b>]
_rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3538
4 locks held by kworker/u4:13/32739:
#0: ("%s""netns"){+.+.}, at: [<ffffffff9f729534>]
process_one_work+0x784/0x1670 kernel/workqueue.c:2085
#1: (net_cleanup_work){+.+.}, at: [<ffffffff9f72956c>]
process_one_work+0x7bc/0x1670 kernel/workqueue.c:2089
#2: (net_mutex){+.+.}, at: [<ffffffffa08f918c>] cleanup_net+0x14c/0x880
net/core/net_namespace.c:449
#3: (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffff9f84ae9b>]
_rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3538
2 locks held by kworker/0:4/2348:
#0: ("events"){+.+.}, at: [<ffffffff9f729534>]
process_one_work+0x784/0x1670 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+.}, at: [<ffffffff9f72956c>]
process_one_work+0x7bc/0x1670 kernel/workqueue.c:2089
2 locks held by kworker/0:5/2520:
#0: ("events"){+.+.}, at: [<ffffffff9f729534>]
process_one_work+0x784/0x1670 kernel/workqueue.c:2085
#1: (key_gc_work){+.+.}, at: [<ffffffff9f72956c>]
process_one_work+0x7bc/0x1670 kernel/workqueue.c:2089
3 locks held by kworker/0:6/2521:
#0: ("events"){+.+.}, at: [<ffffffff9f729534>]
process_one_work+0x784/0x1670 kernel/workqueue.c:2085
#1: ((&map->work)){+.+.}, at: [<ffffffff9f72956c>]
process_one_work+0x7bc/0x1670 kernel/workqueue.c:2089
#2: (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffff9f84ae9b>]
_rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3538
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.90+ #29
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x11b lib/dump_stack.c:53
nmi_cpu_backtrace.cold.0+0x47/0x85 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x121/0x146 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
watchdog+0x574/0xa70 kernel/hung_task.c:252
kthread+0x348/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 2413 Comm: syz-executor5 Not tainted 4.14.90+ #29
task: ffff8881987b0000 task.stack: ffff8881c8c20000
RIP: 0010:___bpf_prog_run+0xcf/0x5c70 kernel/bpf/core.c:885
RSP: 0018:ffff8881c8c27a40 EFLAGS: 00000246
RAX: ffffffff9f9a46c7 RBX: dffffc0000000000 RCX: 0000000000040000
RDX: 1ffffffff4292cd1 RSI: ffffc9000c782000 RDI: ffffffffa1496688
RBP: ffff8881c8c27b70 R08: 0000000000000000 R09: 0000000000000000
R10: 1ffff11039184f6f R11: 0000000000000001 R12: ffffffffa1496560
R13: 1ffff11039184f4f R14: ffffed1039184f74 R15: ffffc900002ea038
FS: 00007f26fbae4700(0000) GS:ffff8881dbb00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000240c000 CR3: 00000001d6728004 CR4: 00000000001606a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
Code: 7f 08 84 c0 0f 85 a0 3e 00 00 41 0f b6 07 48 8d 3c c5 60 65 49 a1 48
89 fa 48 c1 ea 03 80 3c 1a 00 0f 85 71 3e 00 00 49 8b 04 c4 <e9> ec 09 86
01 e8 e7 c2 f6 ff 48 c7 c6 e0 64 49 a1 48 c7 c7 20
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 815e34f8 Merge 4.14.90 into android-4.14
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=121acf8b400000
kernel config: https://syzkaller.appspot.com/x/.config?x=608dc5a2664d6079
dashboard link: https://syzkaller.appspot.com/bug?extid=4dc16c98cfe818a2448e
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+4dc16c...@syzkaller.appspotmail.com
audit: type=1400 audit(2000000170.080:63768): avc: denied { search } for
pid=190 comm="udevd" name="/" dev="sysfs" ino=1
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:netcontrol_device_t:s0 tclass=dir permissive=1
audit: type=1400 audit(2000000170.110:63769): avc: denied { search } for
pid=28948 comm="udevd" name="/" dev="sysfs" ino=1
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:netcontrol_device_t:s0 tclass=dir permissive=1
INFO: task syz-executor2:1852 blocked for more than 140 seconds.
Not tainted 4.14.90+ #29
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor2 D27112 1852 1 0x00000004
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_timeout+0x710/0xe60 kernel/time/timer.c:1721
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common+0x3bc/0x4e0 kernel/sched/completion.c:123
__wait_rcu_gp+0x250/0x3a0 kernel/rcu/update.c:413
synchronize_rcu.part.43+0xd2/0xe0 kernel/rcu/tree_plugin.h:764
namespace_unlock+0xef/0x110 fs/namespace.c:1466
do_umount fs/namespace.c:1668 [inline]
SYSC_umount fs/namespace.c:1763 [inline]
SyS_umount+0x610/0xc90 fs/namespace.c:1732
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a407
RSP: 002b:00007ffd8cfc5b88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045a407
RDX: 0000000000402f40 RSI: 0000000000000002 RDI: 00007ffd8cfc5c30
RBP: 0000000000000f0d R08: 0000000000000000 R09: 000000000000000b
R10: 0000000000000005 R11: 0000000000000206 R12: 00007ffd8cfc6cc0
R13: 0000000000b3c940 R14: 0000000000000000 R15: 0000000000000002
INFO: task syz-executor1:19487 blocked for more than 140 seconds.
Not tainted 4.14.90+ #29
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor1 D26680 19487 1869 0x80000002
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
_rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3538
netdev_run_todo+0x112/0x750 net/core/dev.c:7893
tun_detach drivers/net/tun.c:587 [inline]
tun_chr_close+0x45/0x50 drivers/net/tun.c:2661
__fput+0x25e/0x6f0 fs/file_table.c:210
task_work_run+0x116/0x190 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0x8fb/0x28c0 kernel/exit.c:865
do_group_exit+0x100/0x2e0 kernel/exit.c:968
get_signal+0x4e5/0x1470 kernel/signal.c:2348
do_signal+0x8f/0x1660 arch/x86/kernel/signal.c:809
exit_to_usermode_loop+0x116/0x150 arch/x86/entry/common.c:159
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:267 [inline]
do_syscall_64+0x35d/0x4b0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4579b9
RSP: 002b:00007f2c01918c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000129
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004579b9
RDX: 0000000000000016 RSI: 0000000000000947 RDI: 0000000000000947
RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020000100 R11: 0000000000000246 R12: 00007f2c019196d4
R13: 00000000004c456d R14: 00000000004d7a40 R15: 00000000ffffffff
INFO: task kworker/u4:13:32739 blocked for more than 140 seconds.
Not tainted 4.14.90+ #29
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:13 D26552 32739 2 0x80000000
Workqueue: netns cleanup_net
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_timeout+0x710/0xe60 kernel/time/timer.c:1721
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common+0x3bc/0x4e0 kernel/sched/completion.c:123
_rcu_barrier+0x27b/0x3f0 kernel/rcu/tree.c:3603
netdev_run_todo+0x112/0x750 net/core/dev.c:7893
sit_exit_net+0x42f/0x600 net/ipv6/sit.c:1869
ops_exit_list.isra.3+0xa8/0x150 net/core/net_namespace.c:142
cleanup_net+0x3e9/0x880 net/core/net_namespace.c:483
process_one_work+0x86e/0x1670 kernel/workqueue.c:2114
worker_thread+0xdc/0x1000 kernel/workqueue.c:2248
kthread+0x348/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Showing all locks held in the system:
1 lock held by khungtaskd/23:
#0: (tasklist_lock){.+.+}, at: [<ffffffff9f804837>]
debug_show_all_locks+0x74/0x20f kernel/locking/lockdep.c:4541
2 locks held by getty/1758:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffffa0340c20>]
tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffffa033c07f>]
n_tty_read+0x1ff/0x1700 drivers/tty/n_tty.c:2156
3 locks held by kworker/0:2/2837:
#0: ("events"){+.+.}, at: [<ffffffff9f729534>]
process_one_work+0x784/0x1670 kernel/workqueue.c:2085
#1: ((&map->work)){+.+.}, at: [<ffffffff9f72956c>]
process_one_work+0x7bc/0x1670 kernel/workqueue.c:2089
#2: (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffff9f84ae9b>]
_rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3538
1 lock held by syz-executor1/19075:
#0: (&sb->s_type->i_mutex_key#8){+.+.}, at: [<ffffffffa08a79e4>]
inode_lock include/linux/fs.h:715 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.}, at: [<ffffffffa08a79e4>]
__sock_release+0x84/0x250 net/socket.c:601
1 lock held by syz-executor1/19487:
#0: (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffff9f84ae9b>]
_rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3538
4 locks held by kworker/u4:13/32739:
#0: ("%s""netns"){+.+.}, at: [<ffffffff9f729534>]
process_one_work+0x784/0x1670 kernel/workqueue.c:2085
#1: (net_cleanup_work){+.+.}, at: [<ffffffff9f72956c>]
process_one_work+0x7bc/0x1670 kernel/workqueue.c:2089
#2: (net_mutex){+.+.}, at: [<ffffffffa08f918c>] cleanup_net+0x14c/0x880
net/core/net_namespace.c:449
#3: (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffff9f84ae9b>]
_rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3538
2 locks held by kworker/0:4/2348:
#0: ("events"){+.+.}, at: [<ffffffff9f729534>]
process_one_work+0x784/0x1670 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+.}, at: [<ffffffff9f72956c>]
process_one_work+0x7bc/0x1670 kernel/workqueue.c:2089
2 locks held by kworker/0:5/2520:
#0: ("events"){+.+.}, at: [<ffffffff9f729534>]
process_one_work+0x784/0x1670 kernel/workqueue.c:2085
#1: (key_gc_work){+.+.}, at: [<ffffffff9f72956c>]
process_one_work+0x7bc/0x1670 kernel/workqueue.c:2089
3 locks held by kworker/0:6/2521:
#0: ("events"){+.+.}, at: [<ffffffff9f729534>]
process_one_work+0x784/0x1670 kernel/workqueue.c:2085
#1: ((&map->work)){+.+.}, at: [<ffffffff9f72956c>]
process_one_work+0x7bc/0x1670 kernel/workqueue.c:2089
#2: (rcu_preempt_state.barrier_mutex){+.+.}, at: [<ffffffff9f84ae9b>]
_rcu_barrier+0x5b/0x3f0 kernel/rcu/tree.c:3538
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.90+ #29
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x11b lib/dump_stack.c:53
nmi_cpu_backtrace.cold.0+0x47/0x85 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x121/0x146 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
watchdog+0x574/0xa70 kernel/hung_task.c:252
kthread+0x348/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 2413 Comm: syz-executor5 Not tainted 4.14.90+ #29
task: ffff8881987b0000 task.stack: ffff8881c8c20000
RIP: 0010:___bpf_prog_run+0xcf/0x5c70 kernel/bpf/core.c:885
RSP: 0018:ffff8881c8c27a40 EFLAGS: 00000246
RAX: ffffffff9f9a46c7 RBX: dffffc0000000000 RCX: 0000000000040000
RDX: 1ffffffff4292cd1 RSI: ffffc9000c782000 RDI: ffffffffa1496688
RBP: ffff8881c8c27b70 R08: 0000000000000000 R09: 0000000000000000
R10: 1ffff11039184f6f R11: 0000000000000001 R12: ffffffffa1496560
R13: 1ffff11039184f4f R14: ffffed1039184f74 R15: ffffc900002ea038
FS: 00007f26fbae4700(0000) GS:ffff8881dbb00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000240c000 CR3: 00000001d6728004 CR4: 00000000001606a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
Code: 7f 08 84 c0 0f 85 a0 3e 00 00 41 0f b6 07 48 8d 3c c5 60 65 49 a1 48
89 fa 48 c1 ea 03 80 3c 1a 00 0f 85 71 3e 00 00 49 8b 04 c4 <e9> ec 09 86
01 e8 e7 c2 f6 ff 48 c7 c6 e0 64 49 a1 48 c7 c7 20
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 14, 2019, 5:33:11 AM4/14/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 8fe42840 Merge 4.9.141 into android-4.9
syzbot found the following crash on:
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=11da267f400000
kernel config: https://syzkaller.appspot.com/x/.config?x=22a5ba9f73b6da1d
dashboard link: https://syzkaller.appspot.com/bug?extid=50fb0a159636e2ec7686
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+50fb0a...@syzkaller.appspotmail.com
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Free memory is -13240kB above reserved
Out of memory: Kill process 1763 (syz-executor4) score 1004 or sacrifice
child
Killed process 1763 (syz-executor4) total-vm:70532kB, anon-rss:180kB,
file-rss:32640kB, shmem-rss:0kB
Out of memory: Kill process 25117 (syz-executor4) score 1004 or sacrifice
child
Killed process 25117 (syz-executor4) total-vm:70520kB, anon-rss:176kB,
file-rss:32640kB, shmem-rss:0kB
INFO: task syz-executor0:3320 blocked for more than 140 seconds.
Not tainted 4.9.141+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0 D28552 3320 2114 0x80000002
ffff8801c78bc740 0000000000000000 ffff8801c79e3700 ffff8801a98a8000
ffff8801db721018 ffff880199d17510 ffffffff828075c2 ffffffff83c27940
0000000041b58ab3 ffffffff82e33920 00ffffff83c7a7d0 ffff8801db7218f0
Call Trace:
[<ffffffff82808aef>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
[<ffffffff828142d5>] schedule_timeout+0x735/0xe20 kernel/time/timer.c:1771
[<ffffffff8280a63f>] do_wait_for_common kernel/sched/completion.c:75
[inline]
[<ffffffff8280a63f>] __wait_for_common kernel/sched/completion.c:93
[inline]
[<ffffffff8280a63f>] wait_for_common+0x3ef/0x5d0
kernel/sched/completion.c:101
[<ffffffff8280a838>] wait_for_completion+0x18/0x20
kernel/sched/completion.c:122
[<ffffffff81243b37>] __wait_rcu_gp+0x137/0x1b0 kernel/rcu/update.c:369
[<ffffffff8124c21a>] synchronize_rcu.part.55+0xfa/0x110
kernel/rcu/tree_plugin.h:684
[<ffffffff8124c257>] synchronize_rcu+0x27/0x90 kernel/rcu/tree_plugin.h:685
[<ffffffff8156fb0e>] namespace_unlock+0xfe/0x120 fs/namespace.c:1440
[<ffffffff81578c0b>] drop_collected_mounts+0x8b/0xa0 fs/namespace.c:1871
[<ffffffff8157e877>] put_mnt_ns+0x47/0x60 fs/namespace.c:3320
[<ffffffff81146ba4>] free_nsproxy+0x44/0x1d0 kernel/nsproxy.c:175
[<ffffffff81146f98>] switch_task_namespaces+0x98/0xb0 kernel/nsproxy.c:228
[<ffffffff81146fc7>] exit_task_namespaces+0x17/0x20 kernel/nsproxy.c:233
[<ffffffff810e6c48>] do_exit+0x788/0x2a50 kernel/exit.c:832
[<ffffffff810ed3a1>] do_group_exit+0x111/0x300 kernel/exit.c:937
[<ffffffff8110eb61>] get_signal+0x4e1/0x1460 kernel/signal.c:2321
[<ffffffff81052aa5>] do_signal+0x95/0x1b00 arch/x86/kernel/signal.c:807
[<ffffffff81003e2e>] exit_to_usermode_loop+0x10e/0x150
arch/x86/entry/common.c:158
[<ffffffff81005932>] prepare_exit_to_usermode arch/x86/entry/common.c:194
[inline]
[<ffffffff81005932>] syscall_return_slowpath arch/x86/entry/common.c:263
[inline]
[<ffffffff81005932>] do_syscall_64+0x3e2/0x550 arch/x86/entry/common.c:290
[<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Showing all locks held in the system:
#0: (rcu_read_lock){......}, at: [<ffffffff8131c0cc>]
check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff8131c0cc>]
watchdog+0x11c/0xa20 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<ffffffff813fe63f>]
debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
1 lock held by rsyslogd/1898:
#0: (&f->f_pos_lock){+.+.+.}, at: [<ffffffff8156cc7c>]
__fdget_pos+0xac/0xd0 fs/file.c:781
2 locks held by getty/2025:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff82815952>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff81d37362>]
n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
1 lock held by syz-executor0/2617:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor0/2653:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor0/2675:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor0/2701:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor0/2747:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor0/2769:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor0/2798:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor0/2831:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor0/2847:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor0/2925:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor1/2982:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor0/2981:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor1/2998:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor0/3048:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor0/3111:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/3252:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/3273:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/3309:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/3333:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/3375:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/3540:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
2 locks held by syz-executor0/3554:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
#1: (sk_lock-AF_PACKET){+.+.+.}, at: [<ffffffff827d136d>] lock_sock
include/net/sock.h:1404 [inline]
#1: (sk_lock-AF_PACKET){+.+.+.}, at: [<ffffffff827d136d>]
packet_release+0x4ad/0xb70 net/packet/af_packet.c:3029
1 lock held by syz-executor4/3570:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/3601:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/3660:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/3684:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/3859:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/3950:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/3986:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4025:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4053:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4120:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4182:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4203:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4264:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4293:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4351:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4374:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4431:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor0/4432:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4451:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4480:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4677:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4718:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor1/4744:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4771:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4791:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4820:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4843:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/4881:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/5177:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/5209:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/5266:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/5344:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/5414:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/5437:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/5470:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/5489:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor1/11082:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
2 locks held by syz-executor1/11401:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
#1: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor1/11871:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor4/16355:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor2/16487:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
2 locks held by syz-executor5/16854:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
#1: (rcu_preempt_state.exp_mutex){+.+...}, at: [<ffffffff8124a749>]
exp_funnel_lock kernel/rcu/tree_exp.h:256 [inline]
#1: (rcu_preempt_state.exp_mutex){+.+...}, at: [<ffffffff8124a749>]
_synchronize_rcu_expedited+0x339/0x840 kernel/rcu/tree_exp.h:569
1 lock held by syz-executor0/21491:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
1 lock held by syz-executor5/22016:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor5/22079:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor1/24312:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
1 lock held by syz-executor2/27846:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/2755:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
1 lock held by syz-executor4/5333:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor2/10009:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
1 lock held by syz-executor2/10015:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
1 lock held by syz-executor0/11636:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
1 lock held by syz-executor2/11713:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
1 lock held by syz-executor1/19404:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
2 locks held by kworker/0:3/20961:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
1 lock held by syz-executor2/27371:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor0/29653:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
2 locks held by kworker/1:3/29887:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
1 lock held by syz-executor5/30027:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/30504:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor0/31484:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
2 locks held by syz-executor0/5738:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
#1: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
2 locks held by kworker/0:1/6190:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:5/10416:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
1 lock held by syz-executor0/15199:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor2/15704:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
2 locks held by kworker/1:0/16643:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/1:2/16645:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
1 lock held by syz-executor2/18301:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
4 locks held by kworker/u4:19/19530:
#0: ("%s""netns"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: (net_cleanup_work){+.+.+.}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
#2: (net_mutex){+.+.+.}, at: [<ffffffff822e681f>] cleanup_net+0x13f/0x8b0
net/core/net_namespace.c:439
#3: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor2/20267:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
1 lock held by syz-executor2/20274:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
1 lock held by syz-executor3/22597:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
2 locks held by kworker/0:0/23675:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&rew.rew_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:2/24365:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
1 lock held by syz-executor1/24659:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
2 locks held by syz-executor3/26043:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
#1: (sk_lock-AF_PACKET){+.+.+.}, at: [<ffffffff827d136d>] lock_sock
include/net/sock.h:1404 [inline]
#1: (sk_lock-AF_PACKET){+.+.+.}, at: [<ffffffff827d136d>]
packet_release+0x4ad/0xb70 net/packet/af_packet.c:3029
2 locks held by kworker/1:1/26123:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: (binder_deferred_work){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:4/27483:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by syz-executor3/27841:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
#1: (rcu_preempt_state.exp_mutex){+.+...}, at: [<ffffffff8124a7b7>]
exp_funnel_lock kernel/rcu/tree_exp.h:289 [inline]
#1: (rcu_preempt_state.exp_mutex){+.+...}, at: [<ffffffff8124a7b7>]
_synchronize_rcu_expedited+0x3a7/0x840 kernel/rcu/tree_exp.h:569
1 lock held by syz-executor3/27857:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
2 locks held by kworker/1:4/30297:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
1 lock held by syz-executor1/2881:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor1/2913:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d276f9>] tty_release+0xb79/0xe90
drivers/tty/tty_io.c:1938
1 lock held by syz-executor4/5935:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
inode_lock include/linux/fs.h:766 [inline]
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<ffffffff8229bd8b>]
__sock_release+0x8b/0x260 net/socket.c:604
1 lock held by syz-executor0/6322:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor0/6344:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor0/6357:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
2 locks held by kworker/1:5/6383:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:6/6384:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/1:6/6385:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/1:7/6387:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:7/6392:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:8/6393:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:9/6395:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:10/6396:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/1:8/6401:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
3 locks held by kworker/1:9/6402:
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((addr_chk_work).work){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
#2: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by init/6403:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver
drivers/tty/tty_io.c:2052 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0
drivers/tty/tty_io.c:2130
1 lock held by init/6404:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver
drivers/tty/tty_io.c:2052 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0
drivers/tty/tty_io.c:2130
1 lock held by init/6405:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver
drivers/tty/tty_io.c:2052 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0
drivers/tty/tty_io.c:2130
1 lock held by init/6406:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver
drivers/tty/tty_io.c:2052 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0
drivers/tty/tty_io.c:2130
2 locks held by kworker/1:10/6407:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
1 lock held by init/6408:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver
drivers/tty/tty_io.c:2052 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0
drivers/tty/tty_io.c:2130
1 lock held by init/6409:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open_by_driver
drivers/tty/tty_io.c:2052 [inline]
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0
drivers/tty/tty_io.c:2130
2 locks held by kworker/0:11/6413:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:12/6414:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:13/6415:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/1:11/6416:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/1:12/6417:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/1:13/6419:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/1:14/6420:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:14/6421:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:15/6422:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:16/6424:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:17/6425:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:18/6426:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:19/6427:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:20/6428:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:21/6429:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:22/6430:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:23/6431:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:24/6432:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:25/6433:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:26/6434:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:27/6436:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/1:15/6437:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/1:16/6438:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/1:17/6439:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/1:19/6441:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&map->work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:28/6442:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
2 locks held by kworker/0:30/6444:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((&ns->proc_work)){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
=============================================
NMI backtrace for cpu 0
ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000000
0000000000000000 0000000000000001 ffffffff810983b0 ffff8801d9907d40
ffffffff81b4df89 0000000000000000 0000000000000000 0000000000000002
Call Trace:
[<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81b4df89>] nmi_cpu_backtrace.cold.0+0x48/0x87
lib/nmi_backtrace.c:99
[<ffffffff81b4df1c>] nmi_trigger_cpumask_backtrace+0x12c/0x151
lib/nmi_backtrace.c:60
[<ffffffff810984b4>] arch_trigger_cpumask_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:37
[<ffffffff8131c65d>] trigger_all_cpu_backtrace include/linux/nmi.h:58
[inline]
[<ffffffff8131c65d>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff8131c65d>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff8131c65d>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
[<ffffffff81142c3d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff82817a5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 33 Comm: kswapd0 Not tainted 4.9.141+ #1
NMI backtrace for cpu 1
task: ffff8801d99417c0 task.stack: ffff8801d8418000
RIP: 0010:[<ffffffff81205a50>] c [<ffffffff81205a50>] mark_lock+0x0/0x1290
kernel/locking/lockdep.c:3032
RSP: 0018:ffff8801d841f648 EFLAGS: 00000046
RAX: 0000000000000000 RBX: ffff8801d99420e8 RCX: ffff8801d9942109
RDX: 0000000000000008 RSI: ffff8801d99420e8 RDI: ffff8801d99417c0
RBP: ffff8801d841f800 R08: ffff8801d9942108 R09: 0000000000000001
R10: ffff8801d99417c0 R11: 1ffff1003b32841c R12: 0000000000000075
R13: 0000000000000003 R14: 0000000000000000 R15: ffff8801d994210a
FS: 0000000000000000(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000bd941a CR3: 00000001cff6a000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Stack:
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
ffffffff812079e2 c ffff8801d994205c c 0000000000000000 c ffff8801d841f820 c
ffffffff81207a04 c ffff8801d9942060 c ffff8801d99420e0 c ffffffff83c73d80 c
ffff8801d9942098 c 00000000000065b8 c ffff8801d99420d8 c ffff8801d9942060 c
Call Trace:
[<ffffffff8120c8d0>] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
[<ffffffff82816c26>] __raw_spin_lock include/linux/spinlock_api_smp.h:144
[inline]
[<ffffffff82816c26>] _raw_spin_lock+0x36/0x50 kernel/locking/spinlock.c:151
[<ffffffff8141a061>] spin_lock include/linux/spinlock.h:302 [inline]
[<ffffffff8141a061>] task_lock include/linux/sched.h:3257 [inline]
[<ffffffff8141a061>] find_lock_task_mm+0xf1/0x270 mm/oom_kill.c:115
[<ffffffff821effdf>] lowmem_scan+0x34f/0xaf0
drivers/staging/android/lowmemorykiller.c:134
[<ffffffff81449cc6>] do_shrink_slab mm/vmscan.c:398 [inline]
[<ffffffff81449cc6>] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501
[<ffffffff814557fd>] shrink_slab mm/vmscan.c:465 [inline]
[<ffffffff814557fd>] shrink_node+0x1ed/0x740 mm/vmscan.c:2602
[<ffffffff814570b9>] kswapd_shrink_node mm/vmscan.c:3202 [inline]
[<ffffffff814570b9>] balance_pgdat mm/vmscan.c:3319 [inline]
[<ffffffff814570b9>] kswapd+0x7e9/0x13b0 mm/vmscan.c:3512
[<ffffffff81142c3d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff82817a5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Code: c17 cf3 c03 c03 c85 cc0 c0f c84 c01 ca9 c1f c00 c48 c83
cc4 c40 c31 cc0 c5b c41 c5c c41 c5d c41 c5e c41 c5f c5d cc3
c4c c89 cff ce8 cf6 cd5 c2e c00 ceb cd7 c0f c1f c40 c00
c<55> c4c c8d c46 c20 c89 cd1 c48 cb8 c00 c00 c00 c00 c00
cfc cff cdf c48 c89 ce5 c41 c
syzbot
Jun 25, 2019, 11:51:04 PM6/25/19
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
syzbot
Dec 17, 2019, 1:15:05 AM12/17/19
to syzkaller-a...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages