INFO: task hung in tty_open
14 views
Skip to first unread message
syzbot
Apr 10, 2019, 8:00:20 PM4/10/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 47350a9f ANDROID: x86_64_cuttlefish_defconfig: Enable lz4 ..
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=143fd7bc400000
kernel config: https://syzkaller.appspot.com/x/.config?x=10d236078f3378a3
dashboard link: https://syzkaller.appspot.com/bug?extid=c92f07625ea966921a63
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14587892400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=162ae12e400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+c92f07...@syzkaller.appspotmail.com
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
INFO: task init:6134 blocked for more than 140 seconds.
Not tainted 4.14.67+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D27408 6134 1 0x00000000
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
chrdev_open+0x20d/0x570 fs/char_dev.c:417
do_dentry_open+0x426/0xda0 fs/open.c:764
vfs_open+0x11c/0x210 fs/open.c:878
do_last fs/namei.c:3408 [inline]
path_openat+0x4eb/0x23a0 fs/namei.c:3550
do_filp_open+0x197/0x270 fs/namei.c:3584
do_sys_open+0x2ef/0x580 fs/open.c:1071
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7ff75bd98120
RSP: 002b:00007fff296e9968 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000cf28e0 RCX: 00007ff75bd98120
RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8
RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001
R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902
R13: 0000000000000102 R14: 00007fff296e9ae0 R15: 0000000000cf28e8
INFO: task init:6150 blocked for more than 140 seconds.
Not tainted 4.14.67+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D29352 6150 1 0x00000000
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
chrdev_open+0x20d/0x570 fs/char_dev.c:417
do_dentry_open+0x426/0xda0 fs/open.c:764
vfs_open+0x11c/0x210 fs/open.c:878
do_last fs/namei.c:3408 [inline]
path_openat+0x4eb/0x23a0 fs/namei.c:3550
do_filp_open+0x197/0x270 fs/namei.c:3584
do_sys_open+0x2ef/0x580 fs/open.c:1071
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7ff75bd98120
RSP: 002b:00007fff296e9968 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000cf2a80 RCX: 00007ff75bd98120
RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8
RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001
R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902
R13: 0000000000000102 R14: 00007fff296e9ae0 R15: 0000000000cf2a88
INFO: task init:6157 blocked for more than 140 seconds.
Not tainted 4.14.67+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D29352 6157 1 0x00000000
Call Trace:
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
chrdev_open+0x20d/0x570 fs/char_dev.c:417
do_dentry_open+0x426/0xda0 fs/open.c:764
vfs_open+0x11c/0x210 fs/open.c:878
do_last fs/namei.c:3408 [inline]
path_openat+0x4eb/0x23a0 fs/namei.c:3550
do_filp_open+0x197/0x270 fs/namei.c:3584
do_sys_open+0x2ef/0x580 fs/open.c:1071
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7ff75bd98120
RSP: 002b:00007fff296e9968 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000cf2740 RCX: 00007ff75bd98120
RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8
RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001
R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902
R13: 0000000000000102 R14: 00007fff296e9ae0 R15: 0000000000cf2748
INFO: task init:6159 blocked for more than 140 seconds.
Not tainted 4.14.67+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D29352 6159 1 0x00000000
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
chrdev_open+0x20d/0x570 fs/char_dev.c:417
do_dentry_open+0x426/0xda0 fs/open.c:764
vfs_open+0x11c/0x210 fs/open.c:878
do_last fs/namei.c:3408 [inline]
path_openat+0x4eb/0x23a0 fs/namei.c:3550
do_filp_open+0x197/0x270 fs/namei.c:3584
do_sys_open+0x2ef/0x580 fs/open.c:1071
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7ff75bd98120
RSP: 002b:00007fff296e9968 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000cf2810 RCX: 00007ff75bd98120
RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8
RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001
R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902
R13: 0000000000000102 R14: 00007fff296e9ae0 R15: 0000000000cf2818
INFO: task init:19114 blocked for more than 140 seconds.
Not tainted 4.14.67+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D28840 19114 1 0x00000000
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
chrdev_open+0x20d/0x570 fs/char_dev.c:417
do_dentry_open+0x426/0xda0 fs/open.c:764
vfs_open+0x11c/0x210 fs/open.c:878
do_last fs/namei.c:3408 [inline]
path_openat+0x4eb/0x23a0 fs/namei.c:3550
do_filp_open+0x197/0x270 fs/namei.c:3584
do_sys_open+0x2ef/0x580 fs/open.c:1071
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7ff75bd98120
RSP: 002b:00007fff296e9968 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000cf2670 RCX: 00007ff75bd98120
RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8
RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001
R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902
R13: 0000000000000102 R14: 00007fff296e9ae0 R15: 0000000000cf2678
Showing all locks held in the system:
1 lock held by khungtaskd/23:
#0: (tasklist_lock){.+.+}, at: [<ffffffff93001847>]
debug_show_all_locks+0x74/0x20f kernel/locking/lockdep.c:4541
1 lock held by rsyslogd/1854:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff933bcab2>]
__fdget_pos+0xa2/0xc0 fs/file.c:768
2 locks held by getty/1950:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff93b1c500>]
tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff93b17a7f>]
n_tty_read+0x1ff/0x15e0 drivers/tty/n_tty.c:2142
1 lock held by init/6134:
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open_by_driver
drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open+0x3a8/0x980
drivers/tty/tty_io.c:2006
1 lock held by init/6150:
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open_by_driver
drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open+0x3a8/0x980
drivers/tty/tty_io.c:2006
1 lock held by init/6157:
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open_by_driver
drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open+0x3a8/0x980
drivers/tty/tty_io.c:2006
1 lock held by init/6159:
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open_by_driver
drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open+0x3a8/0x980
drivers/tty/tty_io.c:2006
1 lock held by init/19114:
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open_by_driver
drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open+0x3a8/0x980
drivers/tty/tty_io.c:2006
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.67+ #1
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x11b lib/dump_stack.c:53
nmi_cpu_backtrace.cold.0+0x18/0x8e lib/nmi_backtrace.c:103
nmi_trigger_cpumask_backtrace+0x121/0x146 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
watchdog+0x574/0xa70 kernel/hung_task.c:252
kthread+0x348/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 27488 Comm: syz-executor714 Not tainted 4.14.67+ #1
task: ffff8801d45f0000 task.stack: ffff8801c3530000
RIP: 0010:__read_once_size include/linux/compiler.h:183 [inline]
RIP: 0010:compound_head include/linux/page-flags.h:147 [inline]
RIP: 0010:PageSwapBacked include/linux/page-flags.h:288 [inline]
RIP: 0010:PageSwapCache include/linux/page-flags.h:333 [inline]
RIP: 0010:free_swap_cache mm/swap_state.c:293 [inline]
RIP: 0010:free_pages_and_swap_cache+0x78/0x1d0 mm/swap_state.c:321
RSP: 0018:ffff8801c3537850 EFLAGS: 00000246
RAX: 1ffffd4000e8a81c RBX: ffffea00074540c0 RCX: ffff8801be6c7010
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff967ce3a0
RBP: ffff8801be6c7050 R08: 1ffff10039d2fe00 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffffea00074540e0 R14: ffff8801be6c74d8 R15: ffffea000743a0c0
FS: 00007f240ed3b700(0000) GS:ffff8801dbb00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004cc890 CR3: 0000000126c22003 CR4: 00000000001606a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
tlb_flush_mmu_free+0x9c/0x130 mm/memory.c:260
tlb_flush_mmu mm/memory.c:269 [inline]
arch_tlb_finish_mmu+0xa6/0x160 mm/memory.c:284
tlb_finish_mmu+0x77/0xc0 mm/memory.c:427
exit_mmap+0x219/0x420 mm/mmap.c:3070
__mmput kernel/fork.c:929 [inline]
mmput+0xc8/0x350 kernel/fork.c:950
exit_mm kernel/exit.c:544 [inline]
do_exit+0x83b/0x2800 kernel/exit.c:852
do_group_exit+0x100/0x2e0 kernel/exit.c:968
get_signal+0x4e5/0x1470 kernel/signal.c:2348
do_signal+0x8f/0x1660 arch/x86/kernel/signal.c:809
exit_to_usermode_loop+0x116/0x150 arch/x86/entry/common.c:159
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:267 [inline]
do_syscall_64+0x35d/0x4b0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x446459
RSP: 002b:00007f240ed3ada8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000001 RBX: 00000000006dbc38 RCX: 0000000000446459
RDX: 0000000000446459 RSI: 0000000000000001 RDI: 00000000006dbc3c
RBP: 00000000006dbc30 R08: 0000000000000000 R09: 0000000000000000
R10: 00007f240ed3b700 R11: 0000000000000246 R12: 00000000006dbc3c
R13: 00007fffc1c29eaf R14: 00007f240ed3b9c0 R15: 0000000000000001
Code: 89 e8 48 c1 e8 03 42 80 3c 20 00 0f 85 26 01 00 00 48 8b 5d 00 4c 8d
6b 20 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 0f 85 26 01 00 00 <48> 8b 53 20
49 89 df f6 c2 01 0f 85 b5 00 00 00 e8 73 79 e0 ff
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 47350a9f ANDROID: x86_64_cuttlefish_defconfig: Enable lz4 ..
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=143fd7bc400000
kernel config: https://syzkaller.appspot.com/x/.config?x=10d236078f3378a3
dashboard link: https://syzkaller.appspot.com/bug?extid=c92f07625ea966921a63
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14587892400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=162ae12e400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+c92f07...@syzkaller.appspotmail.com
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
INFO: task init:6134 blocked for more than 140 seconds.
Not tainted 4.14.67+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D27408 6134 1 0x00000000
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
chrdev_open+0x20d/0x570 fs/char_dev.c:417
do_dentry_open+0x426/0xda0 fs/open.c:764
vfs_open+0x11c/0x210 fs/open.c:878
do_last fs/namei.c:3408 [inline]
path_openat+0x4eb/0x23a0 fs/namei.c:3550
do_filp_open+0x197/0x270 fs/namei.c:3584
do_sys_open+0x2ef/0x580 fs/open.c:1071
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7ff75bd98120
RSP: 002b:00007fff296e9968 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000cf28e0 RCX: 00007ff75bd98120
RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8
RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001
R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902
R13: 0000000000000102 R14: 00007fff296e9ae0 R15: 0000000000cf28e8
INFO: task init:6150 blocked for more than 140 seconds.
Not tainted 4.14.67+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D29352 6150 1 0x00000000
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
chrdev_open+0x20d/0x570 fs/char_dev.c:417
do_dentry_open+0x426/0xda0 fs/open.c:764
vfs_open+0x11c/0x210 fs/open.c:878
do_last fs/namei.c:3408 [inline]
path_openat+0x4eb/0x23a0 fs/namei.c:3550
do_filp_open+0x197/0x270 fs/namei.c:3584
do_sys_open+0x2ef/0x580 fs/open.c:1071
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7ff75bd98120
RSP: 002b:00007fff296e9968 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000cf2a80 RCX: 00007ff75bd98120
RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8
RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001
R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902
R13: 0000000000000102 R14: 00007fff296e9ae0 R15: 0000000000cf2a88
INFO: task init:6157 blocked for more than 140 seconds.
Not tainted 4.14.67+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D29352 6157 1 0x00000000
Call Trace:
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
chrdev_open+0x20d/0x570 fs/char_dev.c:417
do_dentry_open+0x426/0xda0 fs/open.c:764
vfs_open+0x11c/0x210 fs/open.c:878
do_last fs/namei.c:3408 [inline]
path_openat+0x4eb/0x23a0 fs/namei.c:3550
do_filp_open+0x197/0x270 fs/namei.c:3584
do_sys_open+0x2ef/0x580 fs/open.c:1071
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7ff75bd98120
RSP: 002b:00007fff296e9968 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000cf2740 RCX: 00007ff75bd98120
RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8
RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001
R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902
R13: 0000000000000102 R14: 00007fff296e9ae0 R15: 0000000000cf2748
INFO: task init:6159 blocked for more than 140 seconds.
Not tainted 4.14.67+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D29352 6159 1 0x00000000
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
chrdev_open+0x20d/0x570 fs/char_dev.c:417
do_dentry_open+0x426/0xda0 fs/open.c:764
vfs_open+0x11c/0x210 fs/open.c:878
do_last fs/namei.c:3408 [inline]
path_openat+0x4eb/0x23a0 fs/namei.c:3550
do_filp_open+0x197/0x270 fs/namei.c:3584
do_sys_open+0x2ef/0x580 fs/open.c:1071
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7ff75bd98120
RSP: 002b:00007fff296e9968 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000cf2810 RCX: 00007ff75bd98120
RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8
RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001
R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902
R13: 0000000000000102 R14: 00007fff296e9ae0 R15: 0000000000cf2818
INFO: task init:19114 blocked for more than 140 seconds.
Not tainted 4.14.67+ #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D28840 19114 1 0x00000000
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
chrdev_open+0x20d/0x570 fs/char_dev.c:417
do_dentry_open+0x426/0xda0 fs/open.c:764
vfs_open+0x11c/0x210 fs/open.c:878
do_last fs/namei.c:3408 [inline]
path_openat+0x4eb/0x23a0 fs/namei.c:3550
do_filp_open+0x197/0x270 fs/namei.c:3584
do_sys_open+0x2ef/0x580 fs/open.c:1071
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7ff75bd98120
RSP: 002b:00007fff296e9968 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000cf2670 RCX: 00007ff75bd98120
RDX: 0000000000000010 RSI: 0000000000000902 RDI: 00000000004072c8
RBP: 0000000000000000 R08: 0000000000407370 R09: 0000000000000001
R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000902
R13: 0000000000000102 R14: 00007fff296e9ae0 R15: 0000000000cf2678
Showing all locks held in the system:
1 lock held by khungtaskd/23:
#0: (tasklist_lock){.+.+}, at: [<ffffffff93001847>]
debug_show_all_locks+0x74/0x20f kernel/locking/lockdep.c:4541
1 lock held by rsyslogd/1854:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff933bcab2>]
__fdget_pos+0xa2/0xc0 fs/file.c:768
2 locks held by getty/1950:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff93b1c500>]
tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff93b17a7f>]
n_tty_read+0x1ff/0x15e0 drivers/tty/n_tty.c:2142
1 lock held by init/6134:
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open_by_driver
drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open+0x3a8/0x980
drivers/tty/tty_io.c:2006
1 lock held by init/6150:
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open_by_driver
drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open+0x3a8/0x980
drivers/tty/tty_io.c:2006
1 lock held by init/6157:
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open_by_driver
drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open+0x3a8/0x980
drivers/tty/tty_io.c:2006
1 lock held by init/6159:
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open_by_driver
drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open+0x3a8/0x980
drivers/tty/tty_io.c:2006
1 lock held by init/19114:
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open_by_driver
drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff93b0bef8>] tty_open+0x3a8/0x980
drivers/tty/tty_io.c:2006
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.67+ #1
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x11b lib/dump_stack.c:53
nmi_cpu_backtrace.cold.0+0x18/0x8e lib/nmi_backtrace.c:103
nmi_trigger_cpumask_backtrace+0x121/0x146 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
watchdog+0x574/0xa70 kernel/hung_task.c:252
kthread+0x348/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 27488 Comm: syz-executor714 Not tainted 4.14.67+ #1
task: ffff8801d45f0000 task.stack: ffff8801c3530000
RIP: 0010:__read_once_size include/linux/compiler.h:183 [inline]
RIP: 0010:compound_head include/linux/page-flags.h:147 [inline]
RIP: 0010:PageSwapBacked include/linux/page-flags.h:288 [inline]
RIP: 0010:PageSwapCache include/linux/page-flags.h:333 [inline]
RIP: 0010:free_swap_cache mm/swap_state.c:293 [inline]
RIP: 0010:free_pages_and_swap_cache+0x78/0x1d0 mm/swap_state.c:321
RSP: 0018:ffff8801c3537850 EFLAGS: 00000246
RAX: 1ffffd4000e8a81c RBX: ffffea00074540c0 RCX: ffff8801be6c7010
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff967ce3a0
RBP: ffff8801be6c7050 R08: 1ffff10039d2fe00 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffffea00074540e0 R14: ffff8801be6c74d8 R15: ffffea000743a0c0
FS: 00007f240ed3b700(0000) GS:ffff8801dbb00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004cc890 CR3: 0000000126c22003 CR4: 00000000001606a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
tlb_flush_mmu_free+0x9c/0x130 mm/memory.c:260
tlb_flush_mmu mm/memory.c:269 [inline]
arch_tlb_finish_mmu+0xa6/0x160 mm/memory.c:284
tlb_finish_mmu+0x77/0xc0 mm/memory.c:427
exit_mmap+0x219/0x420 mm/mmap.c:3070
__mmput kernel/fork.c:929 [inline]
mmput+0xc8/0x350 kernel/fork.c:950
exit_mm kernel/exit.c:544 [inline]
do_exit+0x83b/0x2800 kernel/exit.c:852
do_group_exit+0x100/0x2e0 kernel/exit.c:968
get_signal+0x4e5/0x1470 kernel/signal.c:2348
do_signal+0x8f/0x1660 arch/x86/kernel/signal.c:809
exit_to_usermode_loop+0x116/0x150 arch/x86/entry/common.c:159
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:267 [inline]
do_syscall_64+0x35d/0x4b0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x446459
RSP: 002b:00007f240ed3ada8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000001 RBX: 00000000006dbc38 RCX: 0000000000446459
RDX: 0000000000446459 RSI: 0000000000000001 RDI: 00000000006dbc3c
RBP: 00000000006dbc30 R08: 0000000000000000 R09: 0000000000000000
R10: 00007f240ed3b700 R11: 0000000000000246 R12: 00000000006dbc3c
R13: 00007fffc1c29eaf R14: 00007f240ed3b9c0 R15: 0000000000000001
Code: 89 e8 48 c1 e8 03 42 80 3c 20 00 0f 85 26 01 00 00 48 8b 5d 00 4c 8d
6b 20 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 0f 85 26 01 00 00 <48> 8b 53 20
49 89 df f6 c2 01 0f 85 b5 00 00 00 e8 73 79 e0 ff
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Apr 11, 2019, 8:00:50 PM4/11/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: e1a8babe Merge 4.9.167 into android-4.9
syzbot found the following crash on:
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=10c7fb3f200000
kernel config: https://syzkaller.appspot.com/x/.config?x=5d1829a097d47f24
dashboard link: https://syzkaller.appspot.com/bug?extid=3bad0c0af157db31f3d9
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10a3273f200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=162a1f07200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Free swap = 0kB
Total swap = 0kB
1965979 pages RAM
0 pages HighMem/MovableOnly
313622 pages reserved
INFO: task init:9183 blocked for more than 140 seconds.
Not tainted 4.9.167+ #36
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D
29304 9183 1 0x00000000
init D
ffff8801d46dbc80 ffff8801db621000 ffff8801ca60af80 ffff8801db621018
ffff8801c6a2f758 ffffffff827ffcae ffff8801950388c8 ffff8801950388a0
00ff8801950388d0 ffff8801db6218f0 1ffff10038d45edaCall Trace:
[<00000000bc0fa030>] schedule+0x92/0x1c0 kernel/sched/core.c:3546
[<000000003edf5cbf>] schedule_preempt_disabled+0x13/0x20
kernel/sched/core.c:3579
[<000000000d4ce28a>] __mutex_lock_common kernel/locking/mutex.c:582
[inline]
[<000000000d4ce28a>] mutex_lock_nested+0x38d/0x920
kernel/locking/mutex.c:621
[<000000009e9c7885>] tty_open_by_driver drivers/tty/tty_io.c:2060 [inline]
[<000000009e9c7885>] tty_open+0x3f9/0xe10 drivers/tty/tty_io.c:2138
[<00000000030b51c8>] chrdev_open+0x230/0x630 fs/char_dev.c:392
[<0000000047bffff8>] do_dentry_open+0x422/0xd20 fs/open.c:772
[<0000000096b1c8a5>] vfs_open+0x105/0x230 fs/open.c:885
[<0000000059ca6079>] do_last fs/namei.c:3457 [inline]
[<0000000059ca6079>] path_openat+0xbf5/0x2f60 fs/namei.c:3581
[<000000008b57adb4>] do_filp_open+0x1a1/0x280 fs/namei.c:3615
[<00000000ffa86512>] do_sys_open+0x2f0/0x610 fs/open.c:1078
[<000000004a176cda>] SYSC_open fs/open.c:1096 [inline]
[<000000004a176cda>] SyS_open+0x2d/0x40 fs/open.c:1091
[<00000000f883c885>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
[<000000008f866c4f>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Showing all locks held in the system:
#0:
(rcu_read_lock){......}, at: [<0000000058466345>]
check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
(rcu_read_lock){......}, at: [<0000000058466345>] watchdog+0x13c/0xae0
kernel/hung_task.c:239
(tasklist_lock){.+.+..}, at: [<000000007ada717b>]
debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4339
#0:
(&f->f_pos_lock){+.+.+.}, at: [<000000006d1e7963>] __fdget_pos+0xa8/0xd0
fs/file.c:781
#0:
(&tty->ldisc_sem){++++++}, at: [<00000000a9827e68>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377
(&ldata->atomic_read_lock){+.+.+.}, at: [<00000000c1138183>]
n_tty_read+0x1fe/0x1820 drivers/tty/n_tty.c:2156
#0:
(tty_mutex){+.+.+.}, at: [<000000009e9c7885>] tty_open_by_driver
drivers/tty/tty_io.c:2060 [inline]
(tty_mutex){+.+.+.}, at: [<000000009e9c7885>] tty_open+0x3f9/0xe10
drivers/tty/tty_io.c:2138
#0:
(tty_mutex){+.+.+.}, at: [<000000009e9c7885>] tty_open_by_driver
drivers/tty/tty_io.c:2060 [inline]
(tty_mutex){+.+.+.}, at: [<000000009e9c7885>] tty_open+0x3f9/0xe10
drivers/tty/tty_io.c:2138
#0:
(tty_mutex){+.+.+.}, at: [<000000009e9c7885>] tty_open_by_driver
drivers/tty/tty_io.c:2060 [inline]
(tty_mutex){+.+.+.}, at: [<000000009e9c7885>] tty_open+0x3f9/0xe10
drivers/tty/tty_io.c:2138
#0:
(tty_mutex){+.+.+.}, at: [<000000009e9c7885>] tty_open_by_driver
drivers/tty/tty_io.c:2060 [inline]
(tty_mutex){+.+.+.}, at: [<000000009e9c7885>] tty_open+0x3f9/0xe10
drivers/tty/tty_io.c:2138
#0:
(tty_mutex){+.+.+.}, at: [<000000009e9c7885>] tty_open_by_driver
drivers/tty/tty_io.c:2060 [inline]
(tty_mutex){+.+.+.}, at: [<000000009e9c7885>] tty_open+0x3f9/0xe10
drivers/tty/tty_io.c:2138
#0:
(tty_mutex){+.+.+.}, at: [<000000009e9c7885>] tty_open_by_driver
drivers/tty/tty_io.c:2060 [inline]
(tty_mutex){+.+.+.}, at: [<000000009e9c7885>] tty_open+0x3f9/0xe10
drivers/tty/tty_io.c:2138
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.167+ #36
ffff8801d98d7cc8
ffffffff81b4f011 0000000000000001 0000000000000000 0000000000000001
ffffffff81097401 dffffc0000000000 ffff8801d98d7d00 ffffffff81b5a2cc
0000000000000001 0000000000000000 0000000000000001Call Trace:
[<000000005fbf833f>] __dump_stack lib/dump_stack.c:15 [inline]
[<000000005fbf833f>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<00000000b3da2183>] nmi_cpu_backtrace.cold+0x47/0x87
lib/nmi_backtrace.c:99
[<000000006e144349>] nmi_trigger_cpumask_backtrace+0x124/0x155
lib/nmi_backtrace.c:60
[<00000000052875be>] arch_trigger_cpumask_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:37
[<00000000d5bf3e66>] trigger_all_cpu_backtrace include/linux/nmi.h:58
[inline]
[<00000000d5bf3e66>] check_hung_task kernel/hung_task.c:125 [inline]
[<00000000d5bf3e66>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<00000000d5bf3e66>] watchdog+0x661/0xae0 kernel/hung_task.c:239
[<00000000634f23ee>] kthread+0x278/0x310 kernel/kthread.c:211
[<00000000efe527d6>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 4572 Comm: syz-executor626 Not tainted 4.9.167+ #36
task: 0000000011595520 task.stack: 00000000091047be
RIP: 0010:[<ffffffff812990f1>] c [<00000000f2a044f1>] hash_futex+0x1/0x210
kernel/futex.c:392
RSP: 0018:ffff8801800efac8 EFLAGS: 00000293
RAX: ffff8801ad998000 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8129d510 RDI: ffff8801800efb50
RBP: ffff8801800efbd8 R08: 0000000000000000 R09: 0000000000000000
R10: 1ffff1003001dff9 R11: 0000000000000000 R12: 00000000006dbc28
R13: 0000000000000000 R14: 0000000000000000 R15: 00000000ffffffff
FS: 0000000001d98880(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004b4fa0 CR3: 000000018e1ff000 CR4: 00000000001606b0
Stack:
ffff8801800efbd8 c ffffffff8129d51c c 0000000000000000 c 0000000000000000 c
00000000ffffffff c 004468d900000000 c 1ffff1003001df62 c 00000000ffffffff c
ffff8801d9c46bc0 c 0000000041b58ab3 c ffffffff82e2ca80 c ffffffff8129d410 c
Call Trace:
[<0000000044bc775c>] do_futex+0x2bf/0x1a70 kernel/futex.c:3281
[<0000000033d9f767>] SYSC_futex kernel/futex.c:3337 [inline]
[<0000000033d9f767>] SyS_futex+0x253/0x360 kernel/futex.c:3305
[<00000000f883c885>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
[<000000008f866c4f>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: c48 c83 cfb c20 c0f c85 c59 cff cff cff ce8 c2b c3d c08
c00 c31 cc0 c48 c83 cc4 c08 c5b c41 c5c c41 c5d c41 c5e c41
c5f c5d cc3 ce8 c05 cf8 c25 c00 ce9 c73 cff cff cff c55
c<48> c89 ce5 c41 c56 c41 c55 c41 c54 c53 c48 c89 cfb c48
c83 cec c10 ce8 cf9 c3c c08 c
syzbot
Apr 12, 2019, 8:00:33 PM4/12/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 62872f95 Merge 4.4.174 into android-4.4
syzbot found the following crash on:
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=15b86ddf200000
kernel config: https://syzkaller.appspot.com/x/.config?x=47bc4dd423780c4a
dashboard link: https://syzkaller.appspot.com/bug?extid=276c7ff54020cae8b8af
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=111a6fa3200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12c72b4d200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
binder: 24289:24290 got reply transaction with no transaction stack
binder: 24289:24290 transaction failed 29201/-71, size 0-0 line 2922
binder: 24291:24292 IncRefs 0 refcount change on invalid ref 0 ret -22
binder: 24291:24292 got reply transaction with no transaction stack
binder: 24291:24292 transaction failed 29201/-71, size 0-0 line 2922
INFO: task init:24191 blocked for more than 140 seconds.
Not tainted 4.4.174+ #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
init D ffff88015942f718 29280 24191 1 0x00000000
ffff88015942f718 ffff880164b7df00 4315e1e6f41c9427 ffff880164b7df00
0000000000000000 ffff880164b7e700 ffff8801db61f180 ffff8801db61f1a8
ffff8801db61e898 ffff880159435f00 ffff880164b7df00 ffffed002b285001
Call Trace:
[<ffffffff82709b79>] schedule+0x99/0x1d0 kernel/sched/core.c:3355
[<ffffffff8270a333>] schedule_preempt_disabled+0x13/0x20
kernel/sched/core.c:3388
[<ffffffff8270c492>] __mutex_lock_common kernel/locking/mutex.c:582
[inline]
[<ffffffff8270c492>] mutex_lock_nested+0x3c2/0xb80
kernel/locking/mutex.c:621
[<ffffffff81c8b2aa>] tty_open+0x56a/0xf50 drivers/tty/tty_io.c:2067
[<ffffffff814a3ec0>] chrdev_open+0x230/0x630 fs/char_dev.c:388
[<ffffffff8149154f>] do_dentry_open+0x38f/0xbd0 fs/open.c:749
[<ffffffff81494d3b>] vfs_open+0x10b/0x210 fs/open.c:862
[<ffffffff814c5ddf>] do_last fs/namei.c:3269 [inline]
[<ffffffff814c5ddf>] path_openat+0x136f/0x4470 fs/namei.c:3406
[<ffffffff814ccab1>] do_filp_open+0x1a1/0x270 fs/namei.c:3440
[<ffffffff81495668>] do_sys_open+0x2f8/0x600 fs/open.c:1038
[<ffffffff8149599d>] SYSC_open fs/open.c:1056 [inline]
[<ffffffff8149599d>] SyS_open+0x2d/0x40 fs/open.c:1051
[<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
1 lock held by init/24191:
#0: (tty_mutex){+.+.+.}, at: [<ffffffff81c8b2aa>] tty_open+0x56a/0xf50
drivers/tty/tty_io.c:2067
Sending NMI to all CPUs:
NMI backtrace for cpu 0
CPU: 0 PID: 20 Comm: khungtaskd Not tainted 4.4.174+ #4
task: ffff8801da6c2f80 task.stack: ffff8800001c8000
RIP: 0010:[<ffffffff8109b617>] [<ffffffff8109b617>] _flat_send_IPI_mask
arch/x86/kernel/apic/apic_flat_64.c:62 [inline]
RIP: 0010:[<ffffffff8109b617>] [<ffffffff8109b617>]
flat_send_IPI_mask+0xf7/0x1b0 arch/x86/kernel/apic/apic_flat_64.c:69
RSP: 0018:ffff8800001cfc88 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000c00 RCX: 0000000000000000
RDX: 0000000000000c00 RSI: 0000000000000000 RDI: ffffffffff5fc300
RBP: ffff8800001cfcb8 R08: 0000000000000018 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000246
R13: 0000000003000000 R14: ffffffff82e5f2e0 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff9a7651d0 CR3: 00000000b46d2000 CR4: 00000000001606b0
Stack:
0000000000000001 ffffffff82e5f2e0 ffffffff831a6ac0 fffffbfff0634c34
000000000001b6c0 0000000000000008 ffff8800001cfcd8 ffffffff81092bee
0000000000000008 ffffffff82924260 ffff8800001cfd30 ffffffff81ab8252
Call Trace:
[<ffffffff81092bee>] nmi_raise_cpu_backtrace+0x5e/0x80
arch/x86/kernel/apic/hw_nmi.c:33
[<ffffffff81ab8252>] nmi_trigger_all_cpu_backtrace.cold+0xa1/0xae
lib/nmi_backtrace.c:85
[<ffffffff81092ca4>] arch_trigger_all_cpu_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:38
[<ffffffff813b4762>] trigger_all_cpu_backtrace include/linux/nmi.h:44
[inline]
[<ffffffff813b4762>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff813b4762>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff813b4762>] watchdog.cold+0xd3/0xee kernel/hung_task.c:238
[<ffffffff811342c3>] kthread+0x273/0x310 kernel/kthread.c:211
[<ffffffff82718fc5>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:537
Code: 00 c3 5f ff 80 e6 10 75 e1 41 c1 e5 18 44 89 2c 25 10 c3 5f ff 44 89
fa 09 da 80 cf 04 41 83 ff 02 0f 44 d3 89 14 25 00 c3 5f ff <41> f7 c4 00
02 00 00 75 1e 4c 89 e7 57 9d 0f 1f 44 00 00 e8 f1
NMI backtrace for cpu 1
CPU: 1 PID: 60 Comm: kworker/u4:1 Not tainted 4.4.174+ #4
Workqueue: binder binder_deferred_func
task: ffff8801d8c3c740 task.stack: ffff8801d8d10000
RIP: 0010:[<ffffffff813095f1>] [<ffffffff813095f1>]
__sanitizer_cov_trace_pc+0x1/0x50 kernel/kcov.c:93
RSP: 0018:ffff8801d8d17670 EFLAGS: 00000002
RAX: 0000000000000002 RBX: ffffffff8496e4e0 RCX: 0000000000000000
RDX: 0000000000000004 RSI: ffffffff81b0abec RDI: 0000000000000001
RBP: ffff8801d8d176c0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: ffffffff83fdf1b2 R12: 0000000000002709
R13: 0000000000000020 R14: fffffbfff092dce3 R15: fffffbfff092dca5
FS: 0000000000000000(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200000c8 CR3: 00000000b9f55000 CR4: 00000000001606b0
Stack:
ffff8801d8d176c0 ffffffff81cc4604 ffffed003b1a2eee ffffffff8496e528
ffffffff8496e71a ffffffff83fdf1a3 ffffffff8496e4e0 0000000000000069
dffffc0000000000 0000000000000069 ffff8801d8d176e0 ffffffff81cc4790
Call Trace:
[<ffffffff81cc4790>] serial8250_console_putchar+0x20/0x60
drivers/tty/serial/8250/8250_port.c:2806
[<ffffffff81caf7c6>] uart_console_write+0x56/0xe0
drivers/tty/serial/serial_core.c:1789
[<ffffffff81cce12b>] serial8250_console_write+0x2fb/0x870
drivers/tty/serial/8250/8250_port.c:2872
[<ffffffff81cbd84f>] univ8250_console_write+0x5f/0x70
drivers/tty/serial/8250/8250_core.c:594
[<ffffffff8121c8ff>] call_console_drivers.constprop.0+0x1ef/0x3f0
kernel/printk/printk.c:1468
[<ffffffff8121fe02>] console_unlock kernel/printk/printk.c:2335 [inline]
[<ffffffff8121fe02>] console_unlock+0x602/0xa10 kernel/printk/printk.c:2242
[<ffffffff812205c2>] vprintk_emit+0x3b2/0x820 kernel/printk/printk.c:1837
[<ffffffff81220a58>] vprintk+0x28/0x30 kernel/printk/printk.c:1848
[<ffffffff813afd6f>] printk+0xc2/0xf5 kernel/printk/printk.c:1927
[<ffffffff82166c3d>] binder_release_work.cold+0x78/0x9d
drivers/android/binder.c:4386
[<ffffffff8213c992>] binder_thread_release+0x422/0x520
drivers/android/binder.c:4577
[<ffffffff8213cf12>] binder_deferred_release drivers/android/binder.c:5183
[inline]
[<ffffffff8213cf12>] binder_deferred_func+0x482/0xdd0
drivers/android/binder.c:5266
[<ffffffff81122c25>] process_one_work+0x825/0x1720 kernel/workqueue.c:2064
[<ffffffff81124004>] worker_thread+0x4e4/0xf50 kernel/workqueue.c:2196
[<ffffffff811342c3>] kthread+0x273/0x310 kernel/kthread.c:211
[<ffffffff82718fc5>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:537
Code: e8 f5 b8 17 00 48 8b 55 c8 e9 d2 fe ff ff 48 89 df e8 e4 b8 17 00 e9
ac fe ff ff 4c 89 f7 e8 d7 b8 17 00 e9 42 fe ff ff 66 90 55 <48> 89 e5 48
8b 75 08 65 48 8b 04 25 80 67 01 00 65 8b 15 08 d1
Reply all
Reply to author
Forward
0 new messages