INFO: task hung in addrconf_dad_work
8 views
Skip to first unread message
syzbot
Jun 9, 2019, 6:49:07 PM6/9/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 225970c2 Merge 4.14.124 into android-4.14
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=1595bb2ea00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fa49f5528e613545
dashboard link: https://syzkaller.appspot.com/bug?extid=c6ed648d5b2a167f7864
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+c6ed64...@syzkaller.appspotmail.com
[17100] 0 17100 6022 836 16 3 0
-1000 udevd
[17101] 0 17101 6022 836 16 3 0
-1000 udevd
[17102] 0 17102 6022 836 16 3 0
-1000 udevd
[17103] 0 17103 6022 836 16 3 0
-1000 udevd
[17104] 0 17104 6022 836 16 3 0
-1000 udevd
INFO: task kworker/0:2:19748 blocked for more than 140 seconds.
Not tainted 4.14.124+ #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:2 D29416 19748 2 0x80000000
[17105] 0 17105 6023 825 16 3 0
-1000 udevd
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
[17106] 0 17106 6022 836 16 3 0
-1000 udevd
[17107] 0 17107 11804 9777 30 3 0
-1000 blkid
[17108] 0 17108 11278 9241 29 3 0
-1000 blkid
[17109] 0 17109 11400 9381 29 3 0
-1000 blkid
schedule+0x92/0x1c0 kernel/sched/core.c:3498
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3556
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x559/0x1430 kernel/locking/mutex.c:893
[17110] 0 17110 11110 9044 28 3 0
-1000 blkid
[17111] 0 17111 11730 9704 29 3 0
-1000 blkid
[17112] 0 17112 10718 8649 28 3 0
-1000 blkid
[17113] 0 17113 11120 9046 27 3 0
-1000 blkid
addrconf_dad_work+0xa6/0x1170 net/ipv6/addrconf.c:3936
[17114] 0 17114 10052 7991 26 3 0
-1000 blkid
[17116] 0 17116 11446 9379 30 3 0
-1000 blkid
process_one_work+0x7c6/0x1510 kernel/workqueue.c:2134
worker_thread+0x5d7/0x1080 kernel/workqueue.c:2271
kthread+0x310/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:404
INFO: task syz-executor.2:17183 blocked for more than 140 seconds.
Not tainted 4.14.124+ #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D27872 17183 2855 0x00000004
Call Trace:
[17117] 0 17117 6022 837 16 3 0
-1000 udevd
[17118] 0 17118 6022 837 16 3 0
-1000 udevd
[17119] 0 17119 6022 837 16 3 0
-1000 udevd
[17120] 0 17120 6022 837 16 3 0
-1000 udevd
[17121] 0 17121 10686 8650 28 3 0
-1000 blkid
[17122] 0 17122 6022 837 16 3 0
-1000 udevd
[17123] 0 17123 6022 837 16 3 0
-1000 udevd
[17124] 0 17124 6022 837 16 3 0
-1000 udevd
[17125] 0 17125 6022 857 16 3 0
-1000 udevd
[17126] 0 17126 6022 837 16 3 0
-1000 udevd
schedule+0x92/0x1c0 kernel/sched/core.c:3498
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3556
[17127] 0 17127 10144 8121 27 3 0
-1000 blkid
[17128] 0 17128 10758 8715 28 3 0
-1000 blkid
[17129] 0 17129 11636 9577 30 3 0
-1000 blkid
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x559/0x1430 kernel/locking/mutex.c:893
[17130] 0 17130 11048 8980 30 3 0
-1000 blkid
[17131] 0 17131 11254 9176 28 3 0
-1000 blkid
[17132] 0 17132 6022 837 16 3 0
-1000 udevd
[17133] 0 17133 10714 8648 27 3 0
-1000 blkid
[17134] 0 17134 6022 837 16 3 0
-1000 udevd
dev_ioctl+0x531/0xdf0 net/core/dev_ioctl.c:421
[17135] 0 17135 6022 837 16 3 0
-1000 udevd
[17136] 0 17136 6022 838 16 3 0
-1000 udevd
[17137] 0 17137 11668 9640 30 3 0
-1000 blkid
[17138] 0 17138 11272 9244 29 4 0
-1000 blkid
[17139] 0 17139 11024 8978 28 3 0
-1000 blkid
[17140] 0 17140 11362 9314 29 3 0
-1000 blkid
[17141] 0 17141 10778 8714 28 3 0
-1000 blkid
[17142] 0 17142 11962 9908 30 3 0
-1000 blkid
[17143] 0 17143 6022 838 16 3 0
-1000 udevd
[17144] 0 17144 6022 838 16 3 0
-1000 udevd
sock_do_ioctl+0x92/0xb0 net/socket.c:981
sock_ioctl+0x253/0x440 net/socket.c:1071
[17145] 0 17145 12604 10568 31 3 0
-1000 blkid
[17146] 0 17146 6022 858 16 3 0
-1000 udevd
[17147] 0 17147 6023 826 16 3 0
-1000 udevd
[17148] 0 17148 6022 838 16 3 0
-1000 udevd
[17149] 0 17149 6022 838 16 3 0
-1000 udevd
[17150] 0 17150 6022 838 16 3 0
-1000 udevd
[17151] 0 17151 6022 838 16 3 0
-1000 udevd
[17152] 0 17152 11080 9043 29 3 0
-1000 blkid
[17153] 0 17153 11160 9111 29 3 0
-1000 blkid
[17154] 0 17154 10938 8918 28 3 0
-1000 blkid
[17155] 0 17155 11298 9244 29 3 0
-1000 blkid
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0xabe/0x1040 fs/ioctl.c:684
[17156] 0 17156 11484 9445 28 3 0
-1000 blkid
[17157] 0 17157 6022 838 16 3 0
-1000 udevd
[17158] 0 17158 6022 858 16 3 0
-1000 udevd
[17159] 0 17159 6022 838 16 3 0
-1000 udevd
[17160] 0 17160 6022 839 16 3 0
-1000 udevd
[17161] 0 17161 10860 8782 29 3 0
-1000 blkid
[17162] 0 17162 6022 839 16 3 0
-1000 udevd
[17163] 0 17163 10424 8383 27 3 0
-1000 blkid
[17164] 0 17164 10082 8063 25 3 0
-1000 blkid
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x19b/0x510 arch/x86/entry/common.c:292
[17165] 0 17165 9570 7529 26 3 0
-1000 blkid
[17166] 0 17166 11002 8978 29 3 0
-1000 blkid
[17167] 0 17167 11214 9179 28 3 0
-1000 blkid
[17168] 0 17168 6022 839 16 3 0
-1000 udevd
[17169] 0 17169 6022 859 16 3 0
-1000 udevd
Showing all locks held in the system:
[17170] 0 17170 6022 859 16 3 0
-1000 udevd
1 lock held by init/1:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by khungtaskd/23:
#0: (tasklist_lock){.+.+}, at: [<00000000b9210739>]
debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4541
[17171] 0 17171 6022 839 16 3 0
-1000 udevd
3 locks held by udevd/191:
#0: (&dup_mmap_sem){.+.+}, at: [<000000001161c81c>] dup_mmap
kernel/fork.c:609 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<000000001161c81c>] dup_mm
kernel/fork.c:1211 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<000000001161c81c>] copy_mm
kernel/fork.c:1266 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<000000001161c81c>]
copy_process.part.0+0x39db/0x65d0 kernel/fork.c:1789
#1: (&mm->mmap_sem){++++}, at: [<000000003af2c211>] dup_mmap
kernel/fork.c:610 [inline]
#1: (&mm->mmap_sem){++++}, at: [<000000003af2c211>] dup_mm
kernel/fork.c:1211 [inline]
#1: (&mm->mmap_sem){++++}, at: [<000000003af2c211>] copy_mm
kernel/fork.c:1266 [inline]
#1: (&mm->mmap_sem){++++}, at: [<000000003af2c211>]
copy_process.part.0+0x39f7/0x65d0 kernel/fork.c:1789
#2: (&mm->mmap_sem/1){+.+.}, at: [<0000000027d80e62>] dup_mmap
kernel/fork.c:619 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<0000000027d80e62>] dup_mm
kernel/fork.c:1211 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<0000000027d80e62>] copy_mm
kernel/fork.c:1266 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<0000000027d80e62>]
copy_process.part.0+0x3a3f/0x65d0 kernel/fork.c:1789
[17172] 0 17172 6022 859 16 3 0
-1000 udevd
1 lock held by rsyslogd/1632:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
[17173] 0 17173 6022 839 16 3 0
-1000 udevd
[17174] 0 17174 10126 8059 26 3 0
-1000 blkid
[17183] 0 17175 18211 8957 26 4 0
1000 syz-executor.2
[17179] 0 17179 9892 7862 26 3 0
-1000 blkid
[17181] 0 17181 6022 839 16 3 0
-1000 udevd
[17184] 0 17184 6022 839 16 3 0
-1000 udevd
[17185] 0 17185 6022 839 16 3 0
-1000 udevd
[17187] 0 17187 9672 7597 26 3 0
-1000 blkid
[17188] 0 17188 9322 7267 25 3 0
-1000 blkid
[17189] 0 17189 9696 7661 26 3 0
-1000 blkid
[17192] 0 17192 9572 7533 26 3 0
-1000 blkid
[17195] 0 17195 9086 7009 25 3 0
-1000 blkid
[17196] 0 17196 6022 840 16 3 0
-1000 udevd
[17197] 0 17197 9502 7464 26 3 0
-1000 blkid
[17198] 0 17198 10034 7991 26 3 0
-1000 blkid
[17199] 0 17199 8964 6936 25 3 0
-1000 blkid
[17200] 0 17200 6022 860 16 3 0
-1000 udevd
[17201] 0 17201 6023 828 16 3 0
-1000 udevd
[17202] 0 17202 6022 840 16 3 0
-1000 udevd
[17203] 0 17203 6022 840 16 3 0
-1000 udevd
[17204] 0 17204 6022 840 16 3 0
-1000 udevd
[17205] 0 17205 9284 7202 25 3 0
-1000 blkid
[17206] 0 17206 9184 7134 24 3 0
-1000 blkid
[17207] 0 17207 8924 6870 23 3 0
-1000 blkid
[17208] 0 17208 6023 828 16 3 0
-1000 udevd
[17209] 0 17209 6022 840 16 3 0
-1000 udevd
1 lock held by rsyslogd/1633:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
2 locks held by getty/1761:
#0: (&tty->ldisc_sem){++++}, at: [<0000000060b5c123>]
tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000b42905b4>]
n_tty_read+0x1f7/0x1700 drivers/tty/n_tty.c:2156
1 lock held by syz-fuzzer/1792:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by syz-fuzzer/1793:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
3 locks held by kworker/0:2/19748:
#0: ("%s"("ipv6_addrconf")
[17210] 0 17210 6022 840 16 3 0
-1000 udevd
){+.+.}
[17211] 0 17211 8844 6806 25 3 0
-1000 blkid
, at: [<000000008f95bea0>] process_one_work+0x6e5/0x1510
kernel/workqueue.c:2105
[17212] 0 17212 8706 6671 24 3 0
-1000 blkid
#1: ((&(&ifa->dad_work)->work)){+.+.}, at: [<0000000020860813>]
process_one_work+0x71b/0x1510 kernel/workqueue.c:2109
#2:
[17213] 0 17213 7998 5948 22 3 0
-1000 blkid
(
[17215] 0 17215 8536 6473 24 3 0
-1000 blkid
rtnl_mutex){+.+.}
[17218] 0 17217 18244 8979 25 4 0
0 syz-executor.1
, at: [<00000000b47b599f>] addrconf_dad_work+0xa6/0x1170
net/ipv6/addrconf.c:3936
4 locks held by kworker/u4:23/20436:
[17219] 0 17219 6022 840 16 3 0
-1000 udevd
#0: ("%s""netns"){+.+.}, at: [<000000008f95bea0>]
process_one_work+0x6e5/0x1510 kernel/workqueue.c:2105
#1: (net_cleanup_work){+.+.}, at: [<0000000020860813>]
process_one_work+0x71b/0x1510 kernel/workqueue.c:2109
#2: (net_mutex){+.+.}, at: [<0000000043cd6e66>] cleanup_net+0x136/0x860
net/core/net_namespace.c:450
#3: (rtnl_mutex){+.+.}, at: [<00000000e2d3b8ba>] raw_close+0xe/0x30
net/ipv4/raw.c:699
1 lock held by syz-executor.3/16858:
#0: (rtnl_mutex){+.+.}, at: [<0000000087d521ef>]
netdev_run_todo+0x1f9/0x740 net/core/dev.c:7906
2 locks held by syz-executor.3/16861:
#0: (rtnl_mutex){+.+.}, at: [<00000000dc87ed98>] rtnl_lock
net/core/rtnetlink.c:72 [inline]
#0: (rtnl_mutex){+.+.}, at: [<00000000dc87ed98>]
rtnetlink_rcv_msg+0x330/0xb40 net/core/rtnetlink.c:4280
#1: (kernfs_mutex){+.+.}, at: [<00000000111cbc6a>]
kernfs_remove+0x17/0x30 fs/kernfs/dir.c:1328
1 lock held by udevd/16950:
[17220] 0 17220 8550 6476 23 3 0
-1000 blkid
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17000:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17003:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17004:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17005:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17006:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
[17221] 0 17221 8874 6807 24 3 0
-1000 blkid
1 lock held by blkid/17007:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17008:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17009:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17011:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17012:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17013:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17014:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17016:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17017:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17018:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17019:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17021:
#0: (&mm->mmap_sem
[17222] 0 17222 6022 840 16 3 0
-1000 udevd
){++++}
[17223] 0 17223 6022 840 16 3 0
-1000 udevd
, at: [<00000000d973725f>] __do_page_fault+0x271/0xb80
arch/x86/mm/fault.c:1352
[17226] 0 17226 8678 6606 23 3 0
-1000 blkid
1 lock held by blkid/17022:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17023:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17024:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17025:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17026:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17027:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17028:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17029:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17030:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17031:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17032:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17033:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17034:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17035:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17036:
#0: (
[17229] 0 17229 6022 841 16 3 0
-1000 udevd
&mm->mmap_sem
[17230] 0 17230 8426 6408 23 3 0
-1000 blkid
){++++}
[17233] 0 17233 6022 861 16 3 0
-1000 udevd
, at: [<00000000d973725f>] __do_page_fault+0x271/0xb80
arch/x86/mm/fault.c:1352
1 lock held by blkid/17037:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
[17234] 0 17234 6022 841 16 3 0
-1000 udevd
1 lock held by blkid/17038:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17039:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by syz-executor.2/17183:
#0: (rtnl_mutex){+.+.}, at: [<0000000040cd6823>] dev_ioctl+0x531/0xdf0
net/core/dev_ioctl.c:421
1 lock held by syz-executor.1/17218:
#0: (rtnl_mutex){+.+.}, at: [<0000000040cd6823>] dev_ioctl+0x531/0xdf0
net/core/dev_ioctl.c:421
1 lock held by syz-executor.1/17224:
#0: (rtnl_mutex){+.+.}, at: [<0000000040cd6823>] dev_ioctl+0x531/0xdf0
net/core/dev_ioctl.c:421
1 lock held by udevd/17219:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17220:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17221:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17222:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
[17235] 0 17235 6022 841 16 3 0
-1000 udevd
1 lock held by udevd/17223:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17226:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17229:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17230:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17252:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17345:
#0: (kernfs_mutex){+.+.}, at: [<000000002cd124e3>]
kernfs_iop_permission+0x4e/0x90 fs/kernfs/inode.c:301
1 lock held by udevd/17346:
#0: (kernfs_mutex){+.+.}, at: [<000000002cd124e3>]
kernfs_iop_permission+0x4e/0x90 fs/kernfs/inode.c:301
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.124+ #3
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
nmi_cpu_backtrace.cold+0x47/0x86 lib/nmi_backtrace.c:101
[17236] 0 17236 6022 857 16 3 0
-1000 udevd
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 17330 Comm: blkid Not tainted 4.14.124+ #3
task: 00000000d5c54985 task.stack: 000000004e4ea3cb
RIP: 0010:hlock_class kernel/locking/lockdep.c:148 [inline]
RIP: 0010:lookup_chain_cache_add kernel/locking/lockdep.c:2376 [inline]
RIP: 0010:validate_chain kernel/locking/lockdep.c:2431 [inline]
RIP: 0010:__lock_acquire+0xb15/0x3fa0 kernel/locking/lockdep.c:3487
RSP: 0000:ffff88803b4df1c0 EFLAGS: 00000806
RAX: 0000000000000000 RBX: 0000000063d5b496 RCX: 00000000717820f4
RDX: 1ffff110342f83ff RSI: ffff8881a17c1fd8 RDI: 0000000000000000
RBP: ffff88803b4df380 R08: 0000000000000001 R09: 00000000000c0191
R10: ffff8881a17c1fd8 R11: 0000000000000000 R12: ffff8881a17c1ff0
R13: 00000000a5791f71 R14: 4c236992094ed407 R15: ffff8881a17c1780
FS: 00007f8757f8e740(0000) GS:ffff8881dbb00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8c5a594000 CR3: 00000000264f8003 CR4: 00000000001606a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
Code: 3b 91 00 00 66 83 40 22 10 41 bb 01 00 00 00 e9 e0 fd ff ff 48 b8 00
00 00 00 00 fc ff df 48 8b 54 24 68 48 c1 ea 03 0f b6 04 02 <84> c0 74 28
3c 01 7f 24 48 8b 7c 24 68 44 89 5c 24 58 4c 89 94
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 225970c2 Merge 4.14.124 into android-4.14
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=1595bb2ea00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fa49f5528e613545
dashboard link: https://syzkaller.appspot.com/bug?extid=c6ed648d5b2a167f7864
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+c6ed64...@syzkaller.appspotmail.com
[17100] 0 17100 6022 836 16 3 0
-1000 udevd
[17101] 0 17101 6022 836 16 3 0
-1000 udevd
[17102] 0 17102 6022 836 16 3 0
-1000 udevd
[17103] 0 17103 6022 836 16 3 0
-1000 udevd
[17104] 0 17104 6022 836 16 3 0
-1000 udevd
INFO: task kworker/0:2:19748 blocked for more than 140 seconds.
Not tainted 4.14.124+ #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:2 D29416 19748 2 0x80000000
[17105] 0 17105 6023 825 16 3 0
-1000 udevd
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
[17106] 0 17106 6022 836 16 3 0
-1000 udevd
[17107] 0 17107 11804 9777 30 3 0
-1000 blkid
[17108] 0 17108 11278 9241 29 3 0
-1000 blkid
[17109] 0 17109 11400 9381 29 3 0
-1000 blkid
schedule+0x92/0x1c0 kernel/sched/core.c:3498
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3556
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x559/0x1430 kernel/locking/mutex.c:893
[17110] 0 17110 11110 9044 28 3 0
-1000 blkid
[17111] 0 17111 11730 9704 29 3 0
-1000 blkid
[17112] 0 17112 10718 8649 28 3 0
-1000 blkid
[17113] 0 17113 11120 9046 27 3 0
-1000 blkid
addrconf_dad_work+0xa6/0x1170 net/ipv6/addrconf.c:3936
[17114] 0 17114 10052 7991 26 3 0
-1000 blkid
[17116] 0 17116 11446 9379 30 3 0
-1000 blkid
process_one_work+0x7c6/0x1510 kernel/workqueue.c:2134
worker_thread+0x5d7/0x1080 kernel/workqueue.c:2271
kthread+0x310/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:404
INFO: task syz-executor.2:17183 blocked for more than 140 seconds.
Not tainted 4.14.124+ #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D27872 17183 2855 0x00000004
Call Trace:
[17117] 0 17117 6022 837 16 3 0
-1000 udevd
[17118] 0 17118 6022 837 16 3 0
-1000 udevd
[17119] 0 17119 6022 837 16 3 0
-1000 udevd
[17120] 0 17120 6022 837 16 3 0
-1000 udevd
[17121] 0 17121 10686 8650 28 3 0
-1000 blkid
[17122] 0 17122 6022 837 16 3 0
-1000 udevd
[17123] 0 17123 6022 837 16 3 0
-1000 udevd
[17124] 0 17124 6022 837 16 3 0
-1000 udevd
[17125] 0 17125 6022 857 16 3 0
-1000 udevd
[17126] 0 17126 6022 837 16 3 0
-1000 udevd
schedule+0x92/0x1c0 kernel/sched/core.c:3498
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3556
[17127] 0 17127 10144 8121 27 3 0
-1000 blkid
[17128] 0 17128 10758 8715 28 3 0
-1000 blkid
[17129] 0 17129 11636 9577 30 3 0
-1000 blkid
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x559/0x1430 kernel/locking/mutex.c:893
[17130] 0 17130 11048 8980 30 3 0
-1000 blkid
[17131] 0 17131 11254 9176 28 3 0
-1000 blkid
[17132] 0 17132 6022 837 16 3 0
-1000 udevd
[17133] 0 17133 10714 8648 27 3 0
-1000 blkid
[17134] 0 17134 6022 837 16 3 0
-1000 udevd
dev_ioctl+0x531/0xdf0 net/core/dev_ioctl.c:421
[17135] 0 17135 6022 837 16 3 0
-1000 udevd
[17136] 0 17136 6022 838 16 3 0
-1000 udevd
[17137] 0 17137 11668 9640 30 3 0
-1000 blkid
[17138] 0 17138 11272 9244 29 4 0
-1000 blkid
[17139] 0 17139 11024 8978 28 3 0
-1000 blkid
[17140] 0 17140 11362 9314 29 3 0
-1000 blkid
[17141] 0 17141 10778 8714 28 3 0
-1000 blkid
[17142] 0 17142 11962 9908 30 3 0
-1000 blkid
[17143] 0 17143 6022 838 16 3 0
-1000 udevd
[17144] 0 17144 6022 838 16 3 0
-1000 udevd
sock_do_ioctl+0x92/0xb0 net/socket.c:981
sock_ioctl+0x253/0x440 net/socket.c:1071
[17145] 0 17145 12604 10568 31 3 0
-1000 blkid
[17146] 0 17146 6022 858 16 3 0
-1000 udevd
[17147] 0 17147 6023 826 16 3 0
-1000 udevd
[17148] 0 17148 6022 838 16 3 0
-1000 udevd
[17149] 0 17149 6022 838 16 3 0
-1000 udevd
[17150] 0 17150 6022 838 16 3 0
-1000 udevd
[17151] 0 17151 6022 838 16 3 0
-1000 udevd
[17152] 0 17152 11080 9043 29 3 0
-1000 blkid
[17153] 0 17153 11160 9111 29 3 0
-1000 blkid
[17154] 0 17154 10938 8918 28 3 0
-1000 blkid
[17155] 0 17155 11298 9244 29 3 0
-1000 blkid
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0xabe/0x1040 fs/ioctl.c:684
[17156] 0 17156 11484 9445 28 3 0
-1000 blkid
[17157] 0 17157 6022 838 16 3 0
-1000 udevd
[17158] 0 17158 6022 858 16 3 0
-1000 udevd
[17159] 0 17159 6022 838 16 3 0
-1000 udevd
[17160] 0 17160 6022 839 16 3 0
-1000 udevd
[17161] 0 17161 10860 8782 29 3 0
-1000 blkid
[17162] 0 17162 6022 839 16 3 0
-1000 udevd
[17163] 0 17163 10424 8383 27 3 0
-1000 blkid
[17164] 0 17164 10082 8063 25 3 0
-1000 blkid
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x19b/0x510 arch/x86/entry/common.c:292
[17165] 0 17165 9570 7529 26 3 0
-1000 blkid
[17166] 0 17166 11002 8978 29 3 0
-1000 blkid
[17167] 0 17167 11214 9179 28 3 0
-1000 blkid
[17168] 0 17168 6022 839 16 3 0
-1000 udevd
[17169] 0 17169 6022 859 16 3 0
-1000 udevd
Showing all locks held in the system:
[17170] 0 17170 6022 859 16 3 0
-1000 udevd
1 lock held by init/1:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by khungtaskd/23:
#0: (tasklist_lock){.+.+}, at: [<00000000b9210739>]
debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4541
[17171] 0 17171 6022 839 16 3 0
-1000 udevd
3 locks held by udevd/191:
#0: (&dup_mmap_sem){.+.+}, at: [<000000001161c81c>] dup_mmap
kernel/fork.c:609 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<000000001161c81c>] dup_mm
kernel/fork.c:1211 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<000000001161c81c>] copy_mm
kernel/fork.c:1266 [inline]
#0: (&dup_mmap_sem){.+.+}, at: [<000000001161c81c>]
copy_process.part.0+0x39db/0x65d0 kernel/fork.c:1789
#1: (&mm->mmap_sem){++++}, at: [<000000003af2c211>] dup_mmap
kernel/fork.c:610 [inline]
#1: (&mm->mmap_sem){++++}, at: [<000000003af2c211>] dup_mm
kernel/fork.c:1211 [inline]
#1: (&mm->mmap_sem){++++}, at: [<000000003af2c211>] copy_mm
kernel/fork.c:1266 [inline]
#1: (&mm->mmap_sem){++++}, at: [<000000003af2c211>]
copy_process.part.0+0x39f7/0x65d0 kernel/fork.c:1789
#2: (&mm->mmap_sem/1){+.+.}, at: [<0000000027d80e62>] dup_mmap
kernel/fork.c:619 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<0000000027d80e62>] dup_mm
kernel/fork.c:1211 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<0000000027d80e62>] copy_mm
kernel/fork.c:1266 [inline]
#2: (&mm->mmap_sem/1){+.+.}, at: [<0000000027d80e62>]
copy_process.part.0+0x3a3f/0x65d0 kernel/fork.c:1789
[17172] 0 17172 6022 859 16 3 0
-1000 udevd
1 lock held by rsyslogd/1632:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
[17173] 0 17173 6022 839 16 3 0
-1000 udevd
[17174] 0 17174 10126 8059 26 3 0
-1000 blkid
[17183] 0 17175 18211 8957 26 4 0
1000 syz-executor.2
[17179] 0 17179 9892 7862 26 3 0
-1000 blkid
[17181] 0 17181 6022 839 16 3 0
-1000 udevd
[17184] 0 17184 6022 839 16 3 0
-1000 udevd
[17185] 0 17185 6022 839 16 3 0
-1000 udevd
[17187] 0 17187 9672 7597 26 3 0
-1000 blkid
[17188] 0 17188 9322 7267 25 3 0
-1000 blkid
[17189] 0 17189 9696 7661 26 3 0
-1000 blkid
[17192] 0 17192 9572 7533 26 3 0
-1000 blkid
[17195] 0 17195 9086 7009 25 3 0
-1000 blkid
[17196] 0 17196 6022 840 16 3 0
-1000 udevd
[17197] 0 17197 9502 7464 26 3 0
-1000 blkid
[17198] 0 17198 10034 7991 26 3 0
-1000 blkid
[17199] 0 17199 8964 6936 25 3 0
-1000 blkid
[17200] 0 17200 6022 860 16 3 0
-1000 udevd
[17201] 0 17201 6023 828 16 3 0
-1000 udevd
[17202] 0 17202 6022 840 16 3 0
-1000 udevd
[17203] 0 17203 6022 840 16 3 0
-1000 udevd
[17204] 0 17204 6022 840 16 3 0
-1000 udevd
[17205] 0 17205 9284 7202 25 3 0
-1000 blkid
[17206] 0 17206 9184 7134 24 3 0
-1000 blkid
[17207] 0 17207 8924 6870 23 3 0
-1000 blkid
[17208] 0 17208 6023 828 16 3 0
-1000 udevd
[17209] 0 17209 6022 840 16 3 0
-1000 udevd
1 lock held by rsyslogd/1633:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
2 locks held by getty/1761:
#0: (&tty->ldisc_sem){++++}, at: [<0000000060b5c123>]
tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000b42905b4>]
n_tty_read+0x1f7/0x1700 drivers/tty/n_tty.c:2156
1 lock held by syz-fuzzer/1792:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by syz-fuzzer/1793:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
3 locks held by kworker/0:2/19748:
#0: ("%s"("ipv6_addrconf")
[17210] 0 17210 6022 840 16 3 0
-1000 udevd
){+.+.}
[17211] 0 17211 8844 6806 25 3 0
-1000 blkid
, at: [<000000008f95bea0>] process_one_work+0x6e5/0x1510
kernel/workqueue.c:2105
[17212] 0 17212 8706 6671 24 3 0
-1000 blkid
#1: ((&(&ifa->dad_work)->work)){+.+.}, at: [<0000000020860813>]
process_one_work+0x71b/0x1510 kernel/workqueue.c:2109
#2:
[17213] 0 17213 7998 5948 22 3 0
-1000 blkid
(
[17215] 0 17215 8536 6473 24 3 0
-1000 blkid
rtnl_mutex){+.+.}
[17218] 0 17217 18244 8979 25 4 0
0 syz-executor.1
, at: [<00000000b47b599f>] addrconf_dad_work+0xa6/0x1170
net/ipv6/addrconf.c:3936
4 locks held by kworker/u4:23/20436:
[17219] 0 17219 6022 840 16 3 0
-1000 udevd
#0: ("%s""netns"){+.+.}, at: [<000000008f95bea0>]
process_one_work+0x6e5/0x1510 kernel/workqueue.c:2105
#1: (net_cleanup_work){+.+.}, at: [<0000000020860813>]
process_one_work+0x71b/0x1510 kernel/workqueue.c:2109
#2: (net_mutex){+.+.}, at: [<0000000043cd6e66>] cleanup_net+0x136/0x860
net/core/net_namespace.c:450
#3: (rtnl_mutex){+.+.}, at: [<00000000e2d3b8ba>] raw_close+0xe/0x30
net/ipv4/raw.c:699
1 lock held by syz-executor.3/16858:
#0: (rtnl_mutex){+.+.}, at: [<0000000087d521ef>]
netdev_run_todo+0x1f9/0x740 net/core/dev.c:7906
2 locks held by syz-executor.3/16861:
#0: (rtnl_mutex){+.+.}, at: [<00000000dc87ed98>] rtnl_lock
net/core/rtnetlink.c:72 [inline]
#0: (rtnl_mutex){+.+.}, at: [<00000000dc87ed98>]
rtnetlink_rcv_msg+0x330/0xb40 net/core/rtnetlink.c:4280
#1: (kernfs_mutex){+.+.}, at: [<00000000111cbc6a>]
kernfs_remove+0x17/0x30 fs/kernfs/dir.c:1328
1 lock held by udevd/16950:
[17220] 0 17220 8550 6476 23 3 0
-1000 blkid
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17000:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17003:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17004:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17005:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17006:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
[17221] 0 17221 8874 6807 24 3 0
-1000 blkid
1 lock held by blkid/17007:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17008:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17009:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17011:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17012:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17013:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17014:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17016:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17017:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17018:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17019:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17021:
#0: (&mm->mmap_sem
[17222] 0 17222 6022 840 16 3 0
-1000 udevd
){++++}
[17223] 0 17223 6022 840 16 3 0
-1000 udevd
, at: [<00000000d973725f>] __do_page_fault+0x271/0xb80
arch/x86/mm/fault.c:1352
[17226] 0 17226 8678 6606 23 3 0
-1000 blkid
1 lock held by blkid/17022:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17023:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17024:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17025:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17026:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17027:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17028:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17029:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by udevd/17030:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17031:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17032:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17033:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17034:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17035:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17036:
#0: (
[17229] 0 17229 6022 841 16 3 0
-1000 udevd
&mm->mmap_sem
[17230] 0 17230 8426 6408 23 3 0
-1000 blkid
){++++}
[17233] 0 17233 6022 861 16 3 0
-1000 udevd
, at: [<00000000d973725f>] __do_page_fault+0x271/0xb80
arch/x86/mm/fault.c:1352
1 lock held by blkid/17037:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
[17234] 0 17234 6022 841 16 3 0
-1000 udevd
1 lock held by blkid/17038:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17039:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by syz-executor.2/17183:
#0: (rtnl_mutex){+.+.}, at: [<0000000040cd6823>] dev_ioctl+0x531/0xdf0
net/core/dev_ioctl.c:421
1 lock held by syz-executor.1/17218:
#0: (rtnl_mutex){+.+.}, at: [<0000000040cd6823>] dev_ioctl+0x531/0xdf0
net/core/dev_ioctl.c:421
1 lock held by syz-executor.1/17224:
#0: (rtnl_mutex){+.+.}, at: [<0000000040cd6823>] dev_ioctl+0x531/0xdf0
net/core/dev_ioctl.c:421
1 lock held by udevd/17219:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17220:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17221:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17222:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
[17235] 0 17235 6022 841 16 3 0
-1000 udevd
1 lock held by udevd/17223:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17226:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17229:
#0: (&ei->i_mmap_sem){++++}, at: [<00000000f564af78>]
ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6178
1 lock held by blkid/17230:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by blkid/17252:
#0: (&mm->mmap_sem){++++}, at: [<00000000d973725f>]
__do_page_fault+0x271/0xb80 arch/x86/mm/fault.c:1352
1 lock held by udevd/17345:
#0: (kernfs_mutex){+.+.}, at: [<000000002cd124e3>]
kernfs_iop_permission+0x4e/0x90 fs/kernfs/inode.c:301
1 lock held by udevd/17346:
#0: (kernfs_mutex){+.+.}, at: [<000000002cd124e3>]
kernfs_iop_permission+0x4e/0x90 fs/kernfs/inode.c:301
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.124+ #3
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
nmi_cpu_backtrace.cold+0x47/0x86 lib/nmi_backtrace.c:101
[17236] 0 17236 6022 857 16 3 0
-1000 udevd
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 17330 Comm: blkid Not tainted 4.14.124+ #3
task: 00000000d5c54985 task.stack: 000000004e4ea3cb
RIP: 0010:hlock_class kernel/locking/lockdep.c:148 [inline]
RIP: 0010:lookup_chain_cache_add kernel/locking/lockdep.c:2376 [inline]
RIP: 0010:validate_chain kernel/locking/lockdep.c:2431 [inline]
RIP: 0010:__lock_acquire+0xb15/0x3fa0 kernel/locking/lockdep.c:3487
RSP: 0000:ffff88803b4df1c0 EFLAGS: 00000806
RAX: 0000000000000000 RBX: 0000000063d5b496 RCX: 00000000717820f4
RDX: 1ffff110342f83ff RSI: ffff8881a17c1fd8 RDI: 0000000000000000
RBP: ffff88803b4df380 R08: 0000000000000001 R09: 00000000000c0191
R10: ffff8881a17c1fd8 R11: 0000000000000000 R12: ffff8881a17c1ff0
R13: 00000000a5791f71 R14: 4c236992094ed407 R15: ffff8881a17c1780
FS: 00007f8757f8e740(0000) GS:ffff8881dbb00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8c5a594000 CR3: 00000000264f8003 CR4: 00000000001606a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
Code: 3b 91 00 00 66 83 40 22 10 41 bb 01 00 00 00 e9 e0 fd ff ff 48 b8 00
00 00 00 00 fc ff df 48 8b 54 24 68 48 c1 ea 03 0f b6 04 02 <84> c0 74 28
3c 01 7f 24 48 8b 7c 24 68 44 89 5c 24 58 4c 89 94
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Oct 25, 2019, 4:37:07 AM10/25/19
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages