INFO: task hung in ip6_tnl_exit_net (2)
9 views
Skip to first unread message
syzbot
May 29, 2019, 8:38:06 PM5/29/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 8fe42840 Merge 4.9.141 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=16f5f59aa00000
kernel config: https://syzkaller.appspot.com/x/.config?x=22a5ba9f73b6da1d
dashboard link: https://syzkaller.appspot.com/bug?extid=cec11327befdb50ce41c
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
userspace arch: i386
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cec113...@syzkaller.appspotmail.com
Free memory is -13496kB above reserved
lowmemorykiller: Killing 'syz-executor.5' (14517) (tgid 14513), adj 1000,
to free 45656kB on behalf of 'udevd' (13054) because
cache 948kB is below limit 6144kB for oom_score_adj 0
Free memory is -13496kB above reserved
INFO: task kworker/u4:3:2120 blocked for more than 140 seconds.
Not tainted 4.9.141+ #23
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:3 D25144 2120 2 0x80000000
Workqueue: netns cleanup_net
ffff8801d3cdaf80 0000000000000000 ffff8801cf9f5d80 ffff8801d8410000
ffff8801db621018 ffff8801c7e5f8a8 ffffffff828075c2 0000000000000003
ffff8801d3cdb830 ffffed003a79b705 00ff8801d3cdaf80 ffff8801db6218f0
Call Trace:
[<ffffffff82808aef>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
[<ffffffff828094a3>] schedule_preempt_disabled+0x13/0x20
kernel/sched/core.c:3586
[<ffffffff8280b51d>] __mutex_lock_common kernel/locking/mutex.c:582
[inline]
[<ffffffff8280b51d>] mutex_lock_nested+0x38d/0x900
kernel/locking/mutex.c:621
[<ffffffff823412d7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
[<ffffffff827ae60e>] ip6_tnl_exit_net+0x7e/0x5b0 net/ipv6/ip6_tunnel.c:2238
[<ffffffff822e3d70>] ops_exit_list.isra.0+0xb0/0x160
net/core/net_namespace.c:136
[<ffffffff822e6ad2>] cleanup_net+0x3f2/0x8b0 net/core/net_namespace.c:473
[<ffffffff81131001>] process_one_work+0x831/0x15f0 kernel/workqueue.c:2092
[<ffffffff81131e96>] worker_thread+0xd6/0x1140 kernel/workqueue.c:2226
[<ffffffff81142c3d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff82817a5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Showing all locks held in the system:
2 locks held by khungtaskd/24:
#0: (rcu_read_lock){......}, at: [<ffffffff8131c0cc>]
check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff8131c0cc>]
watchdog+0x11c/0xa20 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<ffffffff813fe63f>]
debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/2029:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff82815952>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&ldata->atomic_read_lock){+.+.+.}, at: [<ffffffff81d37362>]
n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
4 locks held by kworker/u4:3/2120:
#0: ("%s""netns"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: (net_cleanup_work){+.+.+.}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
#2: (net_mutex){+.+.+.}, at: [<ffffffff822e681f>] cleanup_net+0x13f/0x8b0
net/core/net_namespace.c:439
#3: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
3 locks held by kworker/0:2/2243:
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((addr_chk_work).work){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
#2: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
2 locks held by syz-executor.0/18810:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff82815952>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&tty->atomic_write_lock){+.+.+.}, at: [<ffffffff81d1f7e1>]
tty_write_lock+0x21/0x60 drivers/tty/tty_io.c:1107
2 locks held by syz-executor.4/20683:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff82815952>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&tty->atomic_write_lock){+.+.+.}, at: [<ffffffff81d1f7e1>]
tty_write_lock+0x21/0x60 drivers/tty/tty_io.c:1107
3 locks held by kworker/0:3/7403:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((linkwatch_work).work){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
#2: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor.1/14566:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor.1/14576:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by init/14595:
#0: (&type->i_mutex_dir_key#3){++++++}, at: [<ffffffff8152a634>]
inode_lock_shared include/linux/fs.h:776 [inline]
#0: (&type->i_mutex_dir_key#3){++++++}, at: [<ffffffff8152a634>]
lookup_slow+0x154/0x470 fs/namei.c:1645
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #23
ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000000
0000000000000000 0000000000000001 ffffffff810983b0 ffff8801d9907d40
ffffffff81b4df89 0000000000000000 0000000000000000 0000000000000003
Call Trace:
[<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81b4df89>] nmi_cpu_backtrace.cold.0+0x48/0x87
lib/nmi_backtrace.c:99
[<ffffffff81b4df1c>] nmi_trigger_cpumask_backtrace+0x12c/0x151
lib/nmi_backtrace.c:60
[<ffffffff810984b4>] arch_trigger_cpumask_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:37
[<ffffffff8131c65d>] trigger_all_cpu_backtrace include/linux/nmi.h:58
[inline]
[<ffffffff8131c65d>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff8131c65d>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff8131c65d>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
[<ffffffff81142c3d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff82817a5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 14596 Comm: init Not tainted 4.9.141+ #23
task: ffff880156618000 task.stack: ffff8800b73d8000
RIP: 0010:[<ffffffff81207798>] c [<ffffffff81207798>]
__lock_acquire+0x3e8/0x4a10 kernel/locking/lockdep.c:3290
RSP: 0000:ffff8800b73dea80 EFLAGS: 00000046
RAX: 0000000000000000 RBX: ffff880156618950 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880156618974
RBP: ffff8800b73dec30 R08: 0000000000000001 R09: 0000000000000000
R10: ffff880156618000 R11: 1ffff1002acc3129 R12: 0000000000000075
R13: 0000000000000004 R14: ffff88015661889c R15: 0000000000000000
FS: 00007f037f34b7a0(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0ada116f80 CR3: 00000000247ad000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffff88015661889c c 0000000000000000 c ffff8800b73dec50 c ffffffff81207a04 c
ffff8801566188a0 c ffff880156618948 c ffffffff83c73d80 c ffff880156618900 c
0000000000002b92 c ffff880156618940 c ffff8801566188a0 c ffff880156618948 c
Call Trace:
[<ffffffff8120c8d0>] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
[<ffffffff82816c26>] __raw_spin_lock include/linux/spinlock_api_smp.h:144
[inline]
[<ffffffff82816c26>] _raw_spin_lock+0x36/0x50 kernel/locking/spinlock.c:151
[<ffffffff8141a061>] spin_lock include/linux/spinlock.h:302 [inline]
[<ffffffff8141a061>] task_lock include/linux/sched.h:3257 [inline]
[<ffffffff8141a061>] find_lock_task_mm+0xf1/0x270 mm/oom_kill.c:115
[<ffffffff821effdf>] lowmem_scan+0x34f/0xaf0
drivers/staging/android/lowmemorykiller.c:134
[<ffffffff81449cc6>] do_shrink_slab mm/vmscan.c:398 [inline]
[<ffffffff81449cc6>] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501
[<ffffffff814557fd>] shrink_slab mm/vmscan.c:465 [inline]
[<ffffffff814557fd>] shrink_node+0x1ed/0x740 mm/vmscan.c:2602
[<ffffffff814560c7>] shrink_zones mm/vmscan.c:2749 [inline]
[<ffffffff814560c7>] do_try_to_free_pages mm/vmscan.c:2791 [inline]
[<ffffffff814560c7>] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002
[<ffffffff81428a01>] __perform_reclaim mm/page_alloc.c:3324 [inline]
[<ffffffff81428a01>] __alloc_pages_direct_reclaim mm/page_alloc.c:3345
[inline]
[<ffffffff81428a01>] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline]
[<ffffffff81428a01>] __alloc_pages_nodemask+0x981/0x1bd0
mm/page_alloc.c:3862
[<ffffffff8140c164>] __alloc_pages include/linux/gfp.h:433 [inline]
[<ffffffff8140c164>] __alloc_pages_node include/linux/gfp.h:446 [inline]
[<ffffffff8140c164>] alloc_pages_node include/linux/gfp.h:460 [inline]
[<ffffffff8140c164>] __page_cache_alloc include/linux/pagemap.h:208
[inline]
[<ffffffff8140c164>] pagecache_get_page+0x244/0x710 mm/filemap.c:1237
[<ffffffff815bda70>] find_or_create_page include/linux/pagemap.h:309
[inline]
[<ffffffff815bda70>] grow_dev_page fs/buffer.c:1005 [inline]
[<ffffffff815bda70>] grow_buffers fs/buffer.c:1078 [inline]
[<ffffffff815bda70>] __getblk_slow fs/buffer.c:1105 [inline]
[<ffffffff815bda70>] __getblk_gfp+0x240/0x700 fs/buffer.c:1386
[<ffffffff815c09d9>] __getblk include/linux/buffer_head.h:373 [inline]
[<ffffffff815c09d9>] __breadahead+0x79/0xf0 fs/buffer.c:1396
[<ffffffff816c2111>] sb_breadahead include/linux/buffer_head.h:312 [inline]
[<ffffffff816c2111>] __ext4_get_inode_loc+0x961/0xef0 fs/ext4/inode.c:4393
[<ffffffff816cd5d7>] ext4_iget+0x1d7/0x3740 fs/ext4/inode.c:4540
[<ffffffff816d0bc8>] ext4_iget_normal+0x88/0xd0 fs/ext4/inode.c:4777
[<ffffffff816f7c22>] ext4_lookup+0x2f2/0x5e0 fs/ext4/namei.c:1575
[<ffffffff8152a72a>] lookup_slow+0x24a/0x470 fs/namei.c:1668
[<ffffffff81539cf2>] walk_component+0x822/0xcf0 fs/namei.c:1784
[<ffffffff8153aa82>] link_path_walk+0x8c2/0x1230 fs/namei.c:2120
[<ffffffff8153b6e4>] path_lookupat.isra.10+0x1b4/0x410 fs/namei.c:2282
[<ffffffff8153f697>] filename_lookup.part.18+0x177/0x370 fs/namei.c:2317
[<ffffffff8153fa53>] filename_lookup fs/namei.c:2310 [inline]
[<ffffffff8153fa53>] user_path_at_empty+0x53/0x70 fs/namei.c:2578
[<ffffffff81504470>] user_path_at include/linux/namei.h:55 [inline]
[<ffffffff81504470>] SYSC_faccessat fs/open.c:395 [inline]
[<ffffffff81504470>] SyS_faccessat+0x240/0x6e0 fs/open.c:363
[<ffffffff81504932>] SYSC_access fs/open.c:443 [inline]
[<ffffffff81504932>] SyS_access+0x22/0x30 fs/open.c:441
[<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
[<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: c83 cc2 c03 c40 c38 cf2 c7c c09 c40 c84 cf6 c0f c85 ca5
c11 c00 c00 c41 c8b cb2 c9c c08 c00 c00 c48 c8d c7b c24 c31
cd2 c85 cf6 c44 c89 cfe c0f c95 cc2 cc1 ce6 c07 c01 cc2
c<0f> cb6 c43 c21 c83 ce2 c03 cc1 ce2 c05 c83 ce0 c1f c09
cd0 c89 cca c0f cb6 c4b c22 c
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 8fe42840 Merge 4.9.141 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=16f5f59aa00000
kernel config: https://syzkaller.appspot.com/x/.config?x=22a5ba9f73b6da1d
dashboard link: https://syzkaller.appspot.com/bug?extid=cec11327befdb50ce41c
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
userspace arch: i386
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cec113...@syzkaller.appspotmail.com
Free memory is -13496kB above reserved
lowmemorykiller: Killing 'syz-executor.5' (14517) (tgid 14513), adj 1000,
to free 45656kB on behalf of 'udevd' (13054) because
cache 948kB is below limit 6144kB for oom_score_adj 0
Free memory is -13496kB above reserved
INFO: task kworker/u4:3:2120 blocked for more than 140 seconds.
Not tainted 4.9.141+ #23
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:3 D25144 2120 2 0x80000000
Workqueue: netns cleanup_net
ffff8801d3cdaf80 0000000000000000 ffff8801cf9f5d80 ffff8801d8410000
ffff8801db621018 ffff8801c7e5f8a8 ffffffff828075c2 0000000000000003
ffff8801d3cdb830 ffffed003a79b705 00ff8801d3cdaf80 ffff8801db6218f0
Call Trace:
[<ffffffff82808aef>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
[<ffffffff828094a3>] schedule_preempt_disabled+0x13/0x20
kernel/sched/core.c:3586
[<ffffffff8280b51d>] __mutex_lock_common kernel/locking/mutex.c:582
[inline]
[<ffffffff8280b51d>] mutex_lock_nested+0x38d/0x900
kernel/locking/mutex.c:621
[<ffffffff823412d7>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70
[<ffffffff827ae60e>] ip6_tnl_exit_net+0x7e/0x5b0 net/ipv6/ip6_tunnel.c:2238
[<ffffffff822e3d70>] ops_exit_list.isra.0+0xb0/0x160
net/core/net_namespace.c:136
[<ffffffff822e6ad2>] cleanup_net+0x3f2/0x8b0 net/core/net_namespace.c:473
[<ffffffff81131001>] process_one_work+0x831/0x15f0 kernel/workqueue.c:2092
[<ffffffff81131e96>] worker_thread+0xd6/0x1140 kernel/workqueue.c:2226
[<ffffffff81142c3d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff82817a5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Showing all locks held in the system:
2 locks held by khungtaskd/24:
#0: (rcu_read_lock){......}, at: [<ffffffff8131c0cc>]
check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff8131c0cc>]
watchdog+0x11c/0xa20 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<ffffffff813fe63f>]
debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/2029:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff82815952>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&ldata->atomic_read_lock){+.+.+.}, at: [<ffffffff81d37362>]
n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
4 locks held by kworker/u4:3/2120:
#0: ("%s""netns"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: (net_cleanup_work){+.+.+.}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
#2: (net_mutex){+.+.+.}, at: [<ffffffff822e681f>] cleanup_net+0x13f/0x8b0
net/core/net_namespace.c:439
#3: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
3 locks held by kworker/0:2/2243:
#0: ("%s"("ipv6_addrconf")){.+.+..}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((addr_chk_work).work){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
#2: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
2 locks held by syz-executor.0/18810:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff82815952>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&tty->atomic_write_lock){+.+.+.}, at: [<ffffffff81d1f7e1>]
tty_write_lock+0x21/0x60 drivers/tty/tty_io.c:1107
2 locks held by syz-executor.4/20683:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff82815952>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&tty->atomic_write_lock){+.+.+.}, at: [<ffffffff81d1f7e1>]
tty_write_lock+0x21/0x60 drivers/tty/tty_io.c:1107
3 locks held by kworker/0:3/7403:
#0: ("events"){.+.+.+}, at: [<ffffffff81130f0c>]
process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085
#1: ((linkwatch_work).work){+.+...}, at: [<ffffffff81130f44>]
process_one_work+0x774/0x15f0 kernel/workqueue.c:2089
#2: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor.1/14566:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by syz-executor.1/14576:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff823412d7>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:70
1 lock held by init/14595:
#0: (&type->i_mutex_dir_key#3){++++++}, at: [<ffffffff8152a634>]
inode_lock_shared include/linux/fs.h:776 [inline]
#0: (&type->i_mutex_dir_key#3){++++++}, at: [<ffffffff8152a634>]
lookup_slow+0x154/0x470 fs/namei.c:1645
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #23
ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000000
0000000000000000 0000000000000001 ffffffff810983b0 ffff8801d9907d40
ffffffff81b4df89 0000000000000000 0000000000000000 0000000000000003
Call Trace:
[<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81b4df89>] nmi_cpu_backtrace.cold.0+0x48/0x87
lib/nmi_backtrace.c:99
[<ffffffff81b4df1c>] nmi_trigger_cpumask_backtrace+0x12c/0x151
lib/nmi_backtrace.c:60
[<ffffffff810984b4>] arch_trigger_cpumask_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:37
[<ffffffff8131c65d>] trigger_all_cpu_backtrace include/linux/nmi.h:58
[inline]
[<ffffffff8131c65d>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff8131c65d>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff8131c65d>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
[<ffffffff81142c3d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff82817a5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 14596 Comm: init Not tainted 4.9.141+ #23
task: ffff880156618000 task.stack: ffff8800b73d8000
RIP: 0010:[<ffffffff81207798>] c [<ffffffff81207798>]
__lock_acquire+0x3e8/0x4a10 kernel/locking/lockdep.c:3290
RSP: 0000:ffff8800b73dea80 EFLAGS: 00000046
RAX: 0000000000000000 RBX: ffff880156618950 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880156618974
RBP: ffff8800b73dec30 R08: 0000000000000001 R09: 0000000000000000
R10: ffff880156618000 R11: 1ffff1002acc3129 R12: 0000000000000075
R13: 0000000000000004 R14: ffff88015661889c R15: 0000000000000000
FS: 00007f037f34b7a0(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0ada116f80 CR3: 00000000247ad000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffff88015661889c c 0000000000000000 c ffff8800b73dec50 c ffffffff81207a04 c
ffff8801566188a0 c ffff880156618948 c ffffffff83c73d80 c ffff880156618900 c
0000000000002b92 c ffff880156618940 c ffff8801566188a0 c ffff880156618948 c
Call Trace:
[<ffffffff8120c8d0>] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
[<ffffffff82816c26>] __raw_spin_lock include/linux/spinlock_api_smp.h:144
[inline]
[<ffffffff82816c26>] _raw_spin_lock+0x36/0x50 kernel/locking/spinlock.c:151
[<ffffffff8141a061>] spin_lock include/linux/spinlock.h:302 [inline]
[<ffffffff8141a061>] task_lock include/linux/sched.h:3257 [inline]
[<ffffffff8141a061>] find_lock_task_mm+0xf1/0x270 mm/oom_kill.c:115
[<ffffffff821effdf>] lowmem_scan+0x34f/0xaf0
drivers/staging/android/lowmemorykiller.c:134
[<ffffffff81449cc6>] do_shrink_slab mm/vmscan.c:398 [inline]
[<ffffffff81449cc6>] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501
[<ffffffff814557fd>] shrink_slab mm/vmscan.c:465 [inline]
[<ffffffff814557fd>] shrink_node+0x1ed/0x740 mm/vmscan.c:2602
[<ffffffff814560c7>] shrink_zones mm/vmscan.c:2749 [inline]
[<ffffffff814560c7>] do_try_to_free_pages mm/vmscan.c:2791 [inline]
[<ffffffff814560c7>] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002
[<ffffffff81428a01>] __perform_reclaim mm/page_alloc.c:3324 [inline]
[<ffffffff81428a01>] __alloc_pages_direct_reclaim mm/page_alloc.c:3345
[inline]
[<ffffffff81428a01>] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline]
[<ffffffff81428a01>] __alloc_pages_nodemask+0x981/0x1bd0
mm/page_alloc.c:3862
[<ffffffff8140c164>] __alloc_pages include/linux/gfp.h:433 [inline]
[<ffffffff8140c164>] __alloc_pages_node include/linux/gfp.h:446 [inline]
[<ffffffff8140c164>] alloc_pages_node include/linux/gfp.h:460 [inline]
[<ffffffff8140c164>] __page_cache_alloc include/linux/pagemap.h:208
[inline]
[<ffffffff8140c164>] pagecache_get_page+0x244/0x710 mm/filemap.c:1237
[<ffffffff815bda70>] find_or_create_page include/linux/pagemap.h:309
[inline]
[<ffffffff815bda70>] grow_dev_page fs/buffer.c:1005 [inline]
[<ffffffff815bda70>] grow_buffers fs/buffer.c:1078 [inline]
[<ffffffff815bda70>] __getblk_slow fs/buffer.c:1105 [inline]
[<ffffffff815bda70>] __getblk_gfp+0x240/0x700 fs/buffer.c:1386
[<ffffffff815c09d9>] __getblk include/linux/buffer_head.h:373 [inline]
[<ffffffff815c09d9>] __breadahead+0x79/0xf0 fs/buffer.c:1396
[<ffffffff816c2111>] sb_breadahead include/linux/buffer_head.h:312 [inline]
[<ffffffff816c2111>] __ext4_get_inode_loc+0x961/0xef0 fs/ext4/inode.c:4393
[<ffffffff816cd5d7>] ext4_iget+0x1d7/0x3740 fs/ext4/inode.c:4540
[<ffffffff816d0bc8>] ext4_iget_normal+0x88/0xd0 fs/ext4/inode.c:4777
[<ffffffff816f7c22>] ext4_lookup+0x2f2/0x5e0 fs/ext4/namei.c:1575
[<ffffffff8152a72a>] lookup_slow+0x24a/0x470 fs/namei.c:1668
[<ffffffff81539cf2>] walk_component+0x822/0xcf0 fs/namei.c:1784
[<ffffffff8153aa82>] link_path_walk+0x8c2/0x1230 fs/namei.c:2120
[<ffffffff8153b6e4>] path_lookupat.isra.10+0x1b4/0x410 fs/namei.c:2282
[<ffffffff8153f697>] filename_lookup.part.18+0x177/0x370 fs/namei.c:2317
[<ffffffff8153fa53>] filename_lookup fs/namei.c:2310 [inline]
[<ffffffff8153fa53>] user_path_at_empty+0x53/0x70 fs/namei.c:2578
[<ffffffff81504470>] user_path_at include/linux/namei.h:55 [inline]
[<ffffffff81504470>] SYSC_faccessat fs/open.c:395 [inline]
[<ffffffff81504470>] SyS_faccessat+0x240/0x6e0 fs/open.c:363
[<ffffffff81504932>] SYSC_access fs/open.c:443 [inline]
[<ffffffff81504932>] SyS_access+0x22/0x30 fs/open.c:441
[<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
[<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: c83 cc2 c03 c40 c38 cf2 c7c c09 c40 c84 cf6 c0f c85 ca5
c11 c00 c00 c41 c8b cb2 c9c c08 c00 c00 c48 c8d c7b c24 c31
cd2 c85 cf6 c44 c89 cfe c0f c95 cc2 cc1 ce6 c07 c01 cc2
c<0f> cb6 c43 c21 c83 ce2 c03 cc1 ce2 c05 c83 ce0 c1f c09
cd0 c89 cca c0f cb6 c4b c22 c
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Oct 25, 2019, 4:40:06 AM10/25/19
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages