INFO: task hung in bt_get
15 views
Skip to first unread message
syzbot
Apr 11, 2019, 8:00:47 PM4/11/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: e1815b3e ANDROID: sdcardfs: fix potential crash when reser..
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=16754d08400000
kernel config: https://syzkaller.appspot.com/x/.config?x=12491c13dbc6d8
dashboard link: https://syzkaller.appspot.com/bug?extid=ac53a66d8056a344e08d
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1510b1ff800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1561807f800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ac53a6...@syzkaller.appspotmail.com
INFO: task loop0:3912 blocked for more than 120 seconds.
Not tainted 4.9.109-ge1815b3 #52
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
loop0 D27080 3912 2 0x00000000
ffff8801d4ce8000 ffff8801d6eb7480 ffff8801d6eb7480 ffff8801d4cec800
ffff8801db321c18 ffff8801d5376df0 ffffffff839e8a8d 0000000041b58ab3
ffffffff843c2288 ffffffff81236160 0000000000000000 ffff8801db3224e8
Call Trace:
[<ffffffff839ea08f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3557
[<ffffffff839f64a1>] schedule_timeout+0x861/0xf70 kernel/time/timer.c:1768
[<ffffffff839e826a>] io_schedule_timeout+0x1ba/0x390
kernel/sched/core.c:5180
[<ffffffff81e51f0c>] io_schedule include/linux/sched.h:460 [inline]
[<ffffffff81e51f0c>] bt_get.isra.8+0x27c/0x780 block/blk-mq-tag.c:141
[<ffffffff81e52e1c>] __blk_mq_get_tag block/blk-mq-tag.c:163 [inline]
[<ffffffff81e52e1c>] blk_mq_get_tag+0xac/0x220 block/blk-mq-tag.c:192
[<ffffffff81e4254a>] __blk_mq_alloc_request+0x2a/0xaa0 block/blk-mq.c:196
[<ffffffff81e4494b>] blk_mq_map_request.isra.38+0x3ab/0x900
block/blk-mq.c:1207
[<ffffffff81e4cd96>] blk_sq_make_request+0x1d6/0x1220 block/blk-mq.c:1374
[<ffffffff81e1fcce>] generic_make_request+0x20e/0x9b0 block/blk-core.c:2055
[<ffffffff81e20520>] submit_bio+0xb0/0x460 block/blk-core.c:2126
[<ffffffff8164390a>] dio_bio_submit fs/direct-io.c:420 [inline]
[<ffffffff8164390a>] do_blockdev_direct_IO+0x35da/0x5a80
fs/direct-io.c:1301
[<ffffffff81645e55>] __blockdev_direct_IO+0xa5/0xd0 fs/direct-io.c:1360
[<ffffffff8162fa00>] blkdev_direct_IO+0xa0/0xd0 fs/block_dev.c:183
[<ffffffff8143e740>] generic_file_read_iter+0x660/0x1a90 mm/filemap.c:1951
[<ffffffff81632605>] blkdev_read_iter+0x105/0x170 fs/block_dev.c:1738
[<ffffffff825cdf13>] lo_rw_aio+0x6b3/0x8a0 drivers/block/loop.c:506
[<ffffffff825ce4d7>] do_req_filebacked drivers/block/loop.c:543 [inline]
[<ffffffff825ce4d7>] loop_handle_cmd drivers/block/loop.c:1698 [inline]
[<ffffffff825ce4d7>] loop_queue_work+0x3d7/0x2320 drivers/block/loop.c:1710
[<ffffffff8119d429>] kthread_worker_fn+0x249/0x6b0 kernel/kthread.c:627
[<ffffffff8119d04d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff839f9b5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Showing all locks held in the system:
2 locks held by khungtaskd/519:
#0: (rcu_read_lock){......}, at: [<ffffffff8136662c>]
check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff8136662c>]
watchdog+0x11c/0xa20 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<ffffffff81425cb7>]
debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/3775:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff839f7b32>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff8211fce2>]
n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2133
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 519 Comm: khungtaskd Not tainted 4.9.109-ge1815b3 #52
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801d84dfd08 ffffffff81eb3e29 0000000000000000 0000000000000000
0000000000000000 0000000000000001 ffffffff810b9580 ffff8801d84dfd40
ffffffff81ebf127 0000000000000000 0000000000000000 0000000000000003
Call Trace:
[<ffffffff81eb3e29>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81eb3e29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81ebf127>] nmi_cpu_backtrace.cold.2+0x48/0x87
lib/nmi_backtrace.c:99
[<ffffffff81ebf0ba>] nmi_trigger_cpumask_backtrace+0x12a/0x14f
lib/nmi_backtrace.c:60
[<ffffffff810b9684>] arch_trigger_cpumask_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:37
[<ffffffff81366bc4>] trigger_all_cpu_backtrace include/linux/nmi.h:58
[inline]
[<ffffffff81366bc4>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff81366bc4>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff81366bc4>] watchdog+0x6b4/0xa20 kernel/hung_task.c:239
[<ffffffff8119d04d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff839f9b5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 3909 Comm: sshd Not tainted 4.9.109-ge1815b3 #52
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8801d4cec800 task.stack: ffff8801d50b8000
RIP: 0010:[<ffffffff839f9f78>] c [<ffffffff839f9f78>]
irq_entries_start+0x408/0x690 arch/x86/entry/entry_64.S:395
RSP: 0018:ffff8801d50bf438 EFLAGS: 00000082
RAX: 0000000000000007 RBX: 0000000000000282 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000282
RBP: ffff8801d50bf470 R08: 0000000000000092 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801db31c900
R13: 74732d0064687373 R14: 006d6561642d706f R15: ffff8801d50bf5d8
FS: 00007ff6b27fd7c0(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f79ea486000 CR3: 00000001d7b1c000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffffffff839f908f c 0000000000000010 c 0000000000000282 c ffff8801d50bf460 c
0000000000000018 c ffff8801db31c900 c ffff8801db31c9c0 c ffff8801d50bf598 c
ffffffff812a3400 c ffff8801d50bf490 c 1ffff1003aa17e9a c 00000000000000c0 c
Call Trace:
[<ffffffff812a3400>] unlock_hrtimer_base kernel/time/hrtimer.c:803 [inline]
[<ffffffff812a3400>] hrtimer_start_range_ns+0x670/0x1380
kernel/time/hrtimer.c:1010
[<ffffffff839f75f3>] hrtimer_start_expires include/linux/hrtimer.h:407
[inline]
[<ffffffff839f75f3>] schedule_hrtimeout_range_clock+0x163/0x330
kernel/time/hrtimer.c:1732
[<ffffffff839f77ea>] schedule_hrtimeout_range+0x2a/0x40
kernel/time/hrtimer.c:1776
[<ffffffff815b5aff>] poll_schedule_timeout+0x10f/0x200 fs/select.c:242
[<ffffffff815b761f>] do_select+0x100f/0x13b0 fs/select.c:534
[<ffffffff815b7eac>] core_sys_select+0x4ec/0x750 fs/select.c:611
[<ffffffff815b8268>] SYSC_select fs/select.c:652 [inline]
[<ffffffff815b8268>] SyS_select+0x158/0x1e0 fs/select.c:634
[<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
[<ffffffff839f9993>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: c00 c00 c90 c6a ce3 ce9 ca9 c02 c00 c00 c90 c6a ce2 ce9
ca1 c02 c00 c00 c90 c6a ce1 ce9 c99 c02 c00 c00 c90 c6a ce0
ce9 c91 c02 c00 c00 c90 c6a cdf ce9 c89 c02 c00 c00 c90
c<6a> cde ce9 c81 c02 c00 c00 c90 c6a cdd ce9 c79 c02 c00
c00 c90 c6a cdc ce9 c71 c02 c
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: e1815b3e ANDROID: sdcardfs: fix potential crash when reser..
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=16754d08400000
kernel config: https://syzkaller.appspot.com/x/.config?x=12491c13dbc6d8
dashboard link: https://syzkaller.appspot.com/bug?extid=ac53a66d8056a344e08d
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1510b1ff800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1561807f800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ac53a6...@syzkaller.appspotmail.com
INFO: task loop0:3912 blocked for more than 120 seconds.
Not tainted 4.9.109-ge1815b3 #52
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
loop0 D27080 3912 2 0x00000000
ffff8801d4ce8000 ffff8801d6eb7480 ffff8801d6eb7480 ffff8801d4cec800
ffff8801db321c18 ffff8801d5376df0 ffffffff839e8a8d 0000000041b58ab3
ffffffff843c2288 ffffffff81236160 0000000000000000 ffff8801db3224e8
Call Trace:
[<ffffffff839ea08f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3557
[<ffffffff839f64a1>] schedule_timeout+0x861/0xf70 kernel/time/timer.c:1768
[<ffffffff839e826a>] io_schedule_timeout+0x1ba/0x390
kernel/sched/core.c:5180
[<ffffffff81e51f0c>] io_schedule include/linux/sched.h:460 [inline]
[<ffffffff81e51f0c>] bt_get.isra.8+0x27c/0x780 block/blk-mq-tag.c:141
[<ffffffff81e52e1c>] __blk_mq_get_tag block/blk-mq-tag.c:163 [inline]
[<ffffffff81e52e1c>] blk_mq_get_tag+0xac/0x220 block/blk-mq-tag.c:192
[<ffffffff81e4254a>] __blk_mq_alloc_request+0x2a/0xaa0 block/blk-mq.c:196
[<ffffffff81e4494b>] blk_mq_map_request.isra.38+0x3ab/0x900
block/blk-mq.c:1207
[<ffffffff81e4cd96>] blk_sq_make_request+0x1d6/0x1220 block/blk-mq.c:1374
[<ffffffff81e1fcce>] generic_make_request+0x20e/0x9b0 block/blk-core.c:2055
[<ffffffff81e20520>] submit_bio+0xb0/0x460 block/blk-core.c:2126
[<ffffffff8164390a>] dio_bio_submit fs/direct-io.c:420 [inline]
[<ffffffff8164390a>] do_blockdev_direct_IO+0x35da/0x5a80
fs/direct-io.c:1301
[<ffffffff81645e55>] __blockdev_direct_IO+0xa5/0xd0 fs/direct-io.c:1360
[<ffffffff8162fa00>] blkdev_direct_IO+0xa0/0xd0 fs/block_dev.c:183
[<ffffffff8143e740>] generic_file_read_iter+0x660/0x1a90 mm/filemap.c:1951
[<ffffffff81632605>] blkdev_read_iter+0x105/0x170 fs/block_dev.c:1738
[<ffffffff825cdf13>] lo_rw_aio+0x6b3/0x8a0 drivers/block/loop.c:506
[<ffffffff825ce4d7>] do_req_filebacked drivers/block/loop.c:543 [inline]
[<ffffffff825ce4d7>] loop_handle_cmd drivers/block/loop.c:1698 [inline]
[<ffffffff825ce4d7>] loop_queue_work+0x3d7/0x2320 drivers/block/loop.c:1710
[<ffffffff8119d429>] kthread_worker_fn+0x249/0x6b0 kernel/kthread.c:627
[<ffffffff8119d04d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff839f9b5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Showing all locks held in the system:
2 locks held by khungtaskd/519:
#0: (rcu_read_lock){......}, at: [<ffffffff8136662c>]
check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
#0: (rcu_read_lock){......}, at: [<ffffffff8136662c>]
watchdog+0x11c/0xa20 kernel/hung_task.c:239
#1: (tasklist_lock){.+.+..}, at: [<ffffffff81425cb7>]
debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
2 locks held by getty/3775:
#0: (&tty->ldisc_sem){++++++}, at: [<ffffffff839f7b32>]
ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
#1: (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff8211fce2>]
n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2133
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 519 Comm: khungtaskd Not tainted 4.9.109-ge1815b3 #52
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801d84dfd08 ffffffff81eb3e29 0000000000000000 0000000000000000
0000000000000000 0000000000000001 ffffffff810b9580 ffff8801d84dfd40
ffffffff81ebf127 0000000000000000 0000000000000000 0000000000000003
Call Trace:
[<ffffffff81eb3e29>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81eb3e29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81ebf127>] nmi_cpu_backtrace.cold.2+0x48/0x87
lib/nmi_backtrace.c:99
[<ffffffff81ebf0ba>] nmi_trigger_cpumask_backtrace+0x12a/0x14f
lib/nmi_backtrace.c:60
[<ffffffff810b9684>] arch_trigger_cpumask_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:37
[<ffffffff81366bc4>] trigger_all_cpu_backtrace include/linux/nmi.h:58
[inline]
[<ffffffff81366bc4>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff81366bc4>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff81366bc4>] watchdog+0x6b4/0xa20 kernel/hung_task.c:239
[<ffffffff8119d04d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff839f9b5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 3909 Comm: sshd Not tainted 4.9.109-ge1815b3 #52
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8801d4cec800 task.stack: ffff8801d50b8000
RIP: 0010:[<ffffffff839f9f78>] c [<ffffffff839f9f78>]
irq_entries_start+0x408/0x690 arch/x86/entry/entry_64.S:395
RSP: 0018:ffff8801d50bf438 EFLAGS: 00000082
RAX: 0000000000000007 RBX: 0000000000000282 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000282
RBP: ffff8801d50bf470 R08: 0000000000000092 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801db31c900
R13: 74732d0064687373 R14: 006d6561642d706f R15: ffff8801d50bf5d8
FS: 00007ff6b27fd7c0(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f79ea486000 CR3: 00000001d7b1c000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffffffff839f908f c 0000000000000010 c 0000000000000282 c ffff8801d50bf460 c
0000000000000018 c ffff8801db31c900 c ffff8801db31c9c0 c ffff8801d50bf598 c
ffffffff812a3400 c ffff8801d50bf490 c 1ffff1003aa17e9a c 00000000000000c0 c
Call Trace:
[<ffffffff812a3400>] unlock_hrtimer_base kernel/time/hrtimer.c:803 [inline]
[<ffffffff812a3400>] hrtimer_start_range_ns+0x670/0x1380
kernel/time/hrtimer.c:1010
[<ffffffff839f75f3>] hrtimer_start_expires include/linux/hrtimer.h:407
[inline]
[<ffffffff839f75f3>] schedule_hrtimeout_range_clock+0x163/0x330
kernel/time/hrtimer.c:1732
[<ffffffff839f77ea>] schedule_hrtimeout_range+0x2a/0x40
kernel/time/hrtimer.c:1776
[<ffffffff815b5aff>] poll_schedule_timeout+0x10f/0x200 fs/select.c:242
[<ffffffff815b761f>] do_select+0x100f/0x13b0 fs/select.c:534
[<ffffffff815b7eac>] core_sys_select+0x4ec/0x750 fs/select.c:611
[<ffffffff815b8268>] SYSC_select fs/select.c:652 [inline]
[<ffffffff815b8268>] SyS_select+0x158/0x1e0 fs/select.c:634
[<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
[<ffffffff839f9993>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: c00 c00 c90 c6a ce3 ce9 ca9 c02 c00 c00 c90 c6a ce2 ce9
ca1 c02 c00 c00 c90 c6a ce1 ce9 c99 c02 c00 c00 c90 c6a ce0
ce9 c91 c02 c00 c00 c90 c6a cdf ce9 c89 c02 c00 c00 c90
c<6a> cde ce9 c81 c02 c00 c00 c90 c6a cdd ce9 c79 c02 c00
c00 c90 c6a cdc ce9 c71 c02 c
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Apr 12, 2019, 8:00:34 PM4/12/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 226f96b0 ANDROID: sdcardfs: fix potential crash when reser..
syzbot found the following crash on:
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=110b9ff8400000
kernel config: https://syzkaller.appspot.com/x/.config?x=9015d1e2403e29b6
dashboard link: https://syzkaller.appspot.com/bug?extid=f142e7b75b927c0cf3dd
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1209ed08400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1153acd4400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
INFO: task loop0:3957 blocked for more than 120 seconds.
Not tainted 4.4.138-g226f96b #63
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
loop0 D ffff8801d6d5ed40 26880 3957 2 0x00000000
ffff8801d6d5ed40 0000000000000003 ffff8800bbb94800 ffffffff838c3329
ffff8801d6d5ee00 ffff8801db31fdb8 ffff8801db31fde0 ffff8801db31f4d8
ffff8801db31f4c0 ffff8801d7ca9800 ffff8800bbb94800 ffff8801d6d5f610
Call Trace:
[<ffffffff838b46ea>] schedule+0x7a/0x1b0 kernel/sched/core.c:3359
[<ffffffff838bfb01>] schedule_timeout+0x481/0x8b0 kernel/time/timer.c:1515
[<ffffffff838b25aa>] io_schedule_timeout+0x1ba/0x390
kernel/sched/core.c:4941
[<ffffffff81db234f>] io_schedule include/linux/sched.h:447 [inline]
[<ffffffff81db234f>] bt_get+0x2af/0x760 block/blk-mq-tag.c:301
[<ffffffff81db3645>] __blk_mq_get_tag block/blk-mq-tag.c:325 [inline]
[<ffffffff81db3645>] blk_mq_get_tag+0x1f5/0x360 block/blk-mq-tag.c:353
[<ffffffff81da3307>] __blk_mq_alloc_request+0x27/0xa40 block/blk-mq.c:215
[<ffffffff81da94b2>] blk_mq_map_request.isra.42+0x732/0xe00
block/blk-mq.c:1190
[<ffffffff81dad52d>] blk_sq_make_request+0x1ad/0xe60 block/blk-mq.c:1361
[<ffffffff81d7f541>] generic_make_request+0x211/0x9b0 block/blk-core.c:2081
[<ffffffff81d7fdbf>] submit_bio+0xdf/0x3b0 block/blk-core.c:2154
[<ffffffff815e1aab>] dio_bio_submit fs/direct-io.c:409 [inline]
[<ffffffff815e1aab>] do_blockdev_direct_IO+0x5aab/0x82f0
fs/direct-io.c:1283
[<ffffffff815e439e>] __blockdev_direct_IO+0xae/0xe0 fs/direct-io.c:1342
[<ffffffff815d1182>] blkdev_direct_IO+0xb2/0xe0 fs/block_dev.c:167
[<ffffffff8142417c>] generic_file_read_iter+0x35c/0x11a0 mm/filemap.c:1799
[<ffffffff815d3e85>] blkdev_read_iter+0x105/0x170 fs/block_dev.c:1679
[<ffffffff8251e221>] lo_rw_aio+0x481/0x870 drivers/block/loop.c:506
[<ffffffff82520477>] lo_rw_simple drivers/block/loop.c:520 [inline]
[<ffffffff82520477>] do_req_filebacked drivers/block/loop.c:558 [inline]
[<ffffffff82520477>] loop_handle_cmd drivers/block/loop.c:1705 [inline]
[<ffffffff82520477>] loop_queue_work+0x12b7/0x1620
drivers/block/loop.c:1717
[<ffffffff81190c73>] kthread_worker_fn+0x1c3/0x610 kernel/kthread.c:602
[<ffffffff81190958>] kthread+0x268/0x300 kernel/kthread.c:211
[<ffffffff838c2b55>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:510
no locks held by loop0/3957.
Sending NMI to all CPUs:
NMI backtrace for cpu 0
CPU: 0 PID: 3956 Comm: syz-executor795 Not tainted 4.4.138-g226f96b #63
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8800bbb91800 task.stack: ffff8800b9ac0000
Google 01/01/2011
RIP: 0010:[<ffffffff813514b1>] [<ffffffff813514b1>]
__sanitizer_cov_trace_pc+0x1/0x50 kernel/kcov.c:93
RSP: 0018:ffff8800b9ac7610 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000200000
RDX: 0000000000000004 RSI: 1ffff10017358ec9 RDI: 0000000000000001
RBP: ffff8800b9ac76f0 R08: 0000000000000000 R09: ffff8800b9ac7748
R10: 0000000000000000 R11: ffff8800bbb91800 R12: ffff8800b9ac7748
R13: 0000000000200000 R14: 0000000000000001 R15: 0000000000000001
FS: 00000000006e2880(0063) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555c4b6ae000 CR3: 00000000bab33000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffff8800b9ac76f0 ffffffff81c55d5a ffff8800bbb92150 ffff8800bbb920e0
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
1ffff10000000000 1ffff10017358ec9 0004000000200000 0000000041b58ab3
ffffffff842041ad ffffffff81c55cc0 ffff8800bbb920f8 ffffffff85389fa0
Call Trace:
[<ffffffff81c659f6>] cred_has_capability+0x126/0x2a0
security/selinux/hooks.c:1576
[<ffffffff81c65bb9>] selinux_vm_enough_memory+0x49/0x60
security/selinux/hooks.c:2146
[<ffffffff81c4af97>] security_vm_enough_memory_mm+0x77/0xb0
security/security.c:230
[<ffffffff81465099>] shmem_acct_block mm/shmem.c:179 [inline]
[<ffffffff81465099>] shmem_getpage_gfp+0x9a9/0x1250 mm/shmem.c:1178
[<ffffffff81465a27>] shmem_getpage mm/shmem.c:130 [inline]
[<ffffffff81465a27>] shmem_write_begin+0xe7/0x190 mm/shmem.c:1507
[<ffffffff8141de3f>] generic_perform_write+0x32f/0x540 mm/filemap.c:2578
[<ffffffff81423292>] __generic_file_write_iter+0x362/0x550
mm/filemap.c:2703
[<ffffffff8142376d>] generic_file_write_iter+0x2ed/0x710 mm/filemap.c:2731
[<ffffffff8151d8fc>] do_iter_readv_writev+0x13c/0x1e0 fs/read_write.c:664
[<ffffffff8151f020>] do_readv_writev+0x2e0/0x6e0 fs/read_write.c:808
[<ffffffff8151f54b>] vfs_writev+0x7b/0xb0 fs/read_write.c:847
[<ffffffff81521f4a>] SYSC_pwritev fs/read_write.c:936 [inline]
[<ffffffff81521f4a>] SyS_pwritev+0x18a/0x230 fs/read_write.c:922
[<ffffffff838c2725>] entry_SYSCALL_64_fastpath+0x22/0x9e
Code: ff e8 24 84 1a 00 eb 85 4c 89 e7 e8 7a 83 1a 00 eb b7 e8 13 84 1a 00
eb 89 4c 89 e7 e8 69 83 1a 00 e9 14 ff ff ff 0f 1f 40 00 55 <48> 89 e5 65
48 8b 04 25 00 67 01 00 65 8b 15 cc 51 cc 7e 81 e2
NMI backtrace for cpu 1
CPU: 1 PID: 491 Comm: khungtaskd Not tainted 4.4.138-g226f96b #63
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8801d8dde000 task.stack: ffff8801d8df8000
Google 01/01/2011
RIP: 0010:[<ffffffff810bfb26>] [<ffffffff810bfb26>] native_apic_mem_write
arch/x86/include/asm/apic.h:94 [inline]
RIP: 0010:[<ffffffff810bfb26>] [<ffffffff810bfb26>]
__default_send_IPI_dest_field arch/x86/include/asm/ipi.h:119 [inline]
RIP: 0010:[<ffffffff810bfb26>] [<ffffffff810bfb26>] _flat_send_IPI_mask
arch/x86/kernel/apic/apic_flat_64.c:61 [inline]
RIP: 0010:[<ffffffff810bfb26>] [<ffffffff810bfb26>]
flat_send_IPI_mask+0xf6/0x1a0 arch/x86/kernel/apic/apic_flat_64.c:69
RSP: 0018:ffff8801d8dffcc8 EFLAGS: 00000046
RAX: 0000000003000000 RBX: 0000000000000c00 RCX: 0000000000000000
RDX: 0000000000000c00 RSI: 0000000000000000 RDI: ffffffffff5fb300
RBP: ffff8801d8dffcf0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000246
R13: 0000000000000003 R14: 0000000000000002 R15: ffffffff8446f6a0
FS: 0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc8febb28b CR3: 00000000b35cf000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffffffff8446f6a0 ffffffff84a18ee0 0000000000000007 fffffbfff0942c8c
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
0000000000000040 ffff8801d8dffd10 ffffffff810b5ae1 ffffffff83c0b460
0000000000000003 ffff8801d8dffd68 ffffffff81e19d83 ffff8800bbb94800
Call Trace:
[<ffffffff810b5ae1>] nmi_raise_cpu_backtrace+0x61/0x80
arch/x86/kernel/apic/hw_nmi.c:33
[<ffffffff81e19d83>] nmi_trigger_all_cpu_backtrace.cold.4+0x70/0xad
lib/nmi_backtrace.c:85
[<ffffffff810b5b84>] arch_trigger_all_cpu_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:38
[<ffffffff8141a459>] trigger_all_cpu_backtrace include/linux/nmi.h:44
[inline]
[<ffffffff8141a459>] check_hung_task kernel/hung_task.c:125 [inline]
[<ffffffff8141a459>] check_hung_uninterruptible_tasks
kernel/hung_task.c:182 [inline]
[<ffffffff8141a459>] watchdog.cold.1+0xd3/0xee kernel/hung_task.c:238
[<ffffffff81190958>] kthread+0x268/0x300 kernel/kthread.c:211
[<ffffffff838c2b55>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:510
Code: b3 5f ff f6 c4 10 75 e2 44 89 e8 c1 e0 18 89 04 25 10 b3 5f ff 44 89
f2 09 da 80 cf 04 41 83 fe 02 0f 44 d3 89 14 25 00 b3 5f ff <41> f7 c4 00
02 00 00 75 1a 4c 89 e7 57 9d 0f 1f 44 00 00 e8 02
Reply all
Reply to author
Forward
0 new messages