INFO: task hung in release_tty
5 views
Skip to first unread message
syzbot
Dec 29, 2019, 2:57:09 PM12/29/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: e1f7d50a Linux 4.14.160
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1664dd25e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=46599517442ad9fb
dashboard link: https://syzkaller.appspot.com/bug?extid=6ff5629f3ac522892112
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6ff562...@syzkaller.appspotmail.com
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop5' (ffff8880a4202d60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4202d60): fill_kobj_path: path
= '/devices/virtual/block/loop5'
INFO: task syz-executor.5:12262 blocked for more than 140 seconds.
Not tainted 4.14.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D26816 12262 7070 0x80000002
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
schedule_timeout+0x93b/0xe10 kernel/time/timer.c:1723
__down_common kernel/locking/semaphore.c:221 [inline]
__down+0x160/0x290 kernel/locking/semaphore.c:238
down+0x64/0x90 kernel/locking/semaphore.c:62
console_lock+0x28/0x80 kernel/printk/printk.c:2216
con_shutdown+0x41/0x90 drivers/tty/vt/vt.c:2929
release_tty+0xbf/0x7c0 drivers/tty/tty_io.c:1501
tty_release_struct+0x3c/0x50 drivers/tty/tty_io.c:1616
tty_release+0xaa3/0xd60 drivers/tty/tty_io.c:1776
__fput+0x275/0x7a0 fs/file_table.c:210
____fput+0x16/0x20 fs/file_table.c:244
task_work_run+0x114/0x190 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0x7be/0x2c80 kernel/exit.c:854
do_group_exit+0x111/0x330 kernel/exit.c:951
get_signal+0x381/0x1cd0 kernel/signal.c:2413
do_signal+0x86/0x19a0 arch/x86/kernel/signal.c:814
exit_to_usermode_loop+0x15c/0x220 arch/x86/entry/common.c:160
prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a919
RSP: 002b:00007fd9c8378cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 000000000075c078 RCX: 000000000045a919
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075c078
RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075c07c
R13: 00007ffddce5a65f R14: 00007fd9c83799c0 R15: 000000000075c07c
INFO: task syz-executor.4:17041 blocked for more than 140 seconds.
Not tainted 4.14.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.4 D27216 17041 7071 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
schedule_timeout+0x93b/0xe10 kernel/time/timer.c:1723
__down_common kernel/locking/semaphore.c:221 [inline]
__down+0x160/0x290 kernel/locking/semaphore.c:238
down+0x64/0x90 kernel/locking/semaphore.c:62
console_lock+0x28/0x80 kernel/printk/printk.c:2216
do_fb_ioctl+0x36a/0x940 drivers/video/fbdev/core/fbmem.c:1121
fb_ioctl+0xe6/0x130 drivers/video/fbdev/core/fbmem.c:1242
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a919
RSP: 002b:00007f1aabc07c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a919
RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000006
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1aabc086d4
R13: 00000000004c310d R14: 00000000004d8498 R15: 00000000ffffffff
INFO: task syz-executor.1:17033 blocked for more than 140 seconds.
Not tainted 4.14.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1 D28528 17033 7074 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3486
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
fb_release+0x55/0x150 drivers/video/fbdev/core/fbmem.c:1497
__fput+0x275/0x7a0 fs/file_table.c:210
____fput+0x16/0x20 fs/file_table.c:244
task_work_run+0x114/0x190 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x1da/0x220 arch/x86/entry/common.c:164
prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4144b1
RSP: 002b:00007ffef00591c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00000000004144b1
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
RBP: 0000000000000001 R08: 000000009c68487f R09: 000000009c684883
R10: 00007ffef00592a0 R11: 0000000000000293 R12: 000000000075c9a0
R13: 000000000075c9a0 R14: 00000000007614e8 R15: 000000000075bfd4
INFO: task syz-executor.3:17036 blocked for more than 140 seconds.
Not tainted 4.14.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3 D27856 17036 7073 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
schedule_timeout+0x93b/0xe10 kernel/time/timer.c:1723
__down_common kernel/locking/semaphore.c:221 [inline]
__down+0x160/0x290 kernel/locking/semaphore.c:238
down+0x64/0x90 kernel/locking/semaphore.c:62
console_lock+0x28/0x80 kernel/printk/printk.c:2216
do_fb_ioctl+0x36a/0x940 drivers/video/fbdev/core/fbmem.c:1121
fb_ioctl+0xe6/0x130 drivers/video/fbdev/core/fbmem.c:1242
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a919
RSP: 002b:00007fdfae72bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a919
RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000005
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdfae72c6d4
R13: 00000000004c310d R14: 00000000004d8498 R15: 00000000ffffffff
INFO: task syz-executor.2:17054 blocked for more than 140 seconds.
Not tainted 4.14.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D29488 17054 7072 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3486
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
fb_open+0xb7/0x420 drivers/video/fbdev/core/fbmem.c:1468
chrdev_open+0x207/0x590 fs/char_dev.c:423
do_dentry_open+0x73b/0xeb0 fs/open.c:777
vfs_open+0x105/0x220 fs/open.c:891
do_last fs/namei.c:3425 [inline]
path_openat+0x8bd/0x3f70 fs/namei.c:3566
do_filp_open+0x18e/0x250 fs/namei.c:3600
do_sys_open+0x2c5/0x430 fs/open.c:1084
SYSC_openat fs/open.c:1111 [inline]
SyS_openat+0x30/0x40 fs/open.c:1105
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a919
RSP: 002b:00007fa697d3ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a919
RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c
RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa697d3b6d4
R13: 00000000004c8067 R14: 00000000004df338 R15: 00000000ffffffff
INFO: task syz-executor.0:17044 blocked for more than 140 seconds.
Not tainted 4.14.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0 D27856 17044 7075 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3486
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
fb_open+0xb7/0x420 drivers/video/fbdev/core/fbmem.c:1468
chrdev_open+0x207/0x590 fs/char_dev.c:423
do_dentry_open+0x73b/0xeb0 fs/open.c:777
vfs_open+0x105/0x220 fs/open.c:891
do_last fs/namei.c:3425 [inline]
path_openat+0x8bd/0x3f70 fs/namei.c:3566
do_filp_open+0x18e/0x250 fs/namei.c:3600
do_sys_open+0x2c5/0x430 fs/open.c:1084
SYSC_openat fs/open.c:1111 [inline]
SyS_openat+0x30/0x40 fs/open.c:1105
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a919
RSP: 002b:00007f365f2ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a919
RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f365f2cd6d4
R13: 00000000004c8067 R14: 00000000004df338 R15: 00000000ffffffff
INFO: task syz-executor.5:17052 blocked for more than 140 seconds.
Not tainted 4.14.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D27152 17052 7070 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3486
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
fb_open+0xb7/0x420 drivers/video/fbdev/core/fbmem.c:1468
chrdev_open+0x207/0x590 fs/char_dev.c:423
do_dentry_open+0x73b/0xeb0 fs/open.c:777
vfs_open+0x105/0x220 fs/open.c:891
do_last fs/namei.c:3425 [inline]
path_openat+0x8bd/0x3f70 fs/namei.c:3566
do_filp_open+0x18e/0x250 fs/namei.c:3600
do_sys_open+0x2c5/0x430 fs/open.c:1084
SYSC_openat fs/open.c:1111 [inline]
SyS_openat+0x30/0x40 fs/open.c:1105
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a919
RSP: 002b:00007fd9c83bac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a919
RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd9c83bb6d4
R13: 00000000004c8067 R14: 00000000004df338 R15: 00000000ffffffff
Showing all locks held in the system:
1 lock held by khungtaskd/1045:
#0: (tasklist_lock){.+.+}, at: [<ffffffff8148c8d8>]
debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4544
1 lock held by rsyslogd/6903:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff81966a5b>]
__fdget_pos+0xab/0xd0 fs/file.c:769
2 locks held by getty/7025:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>]
n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156
2 locks held by getty/7026:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>]
n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156
2 locks held by getty/7027:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>]
n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156
2 locks held by getty/7028:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>]
n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156
2 locks held by getty/7029:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>]
n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156
2 locks held by getty/7030:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>]
n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156
2 locks held by getty/7031:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>]
n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156
1 lock held by syz-executor.5/12262:
#0: (tty_mutex){+.+.}, at: [<ffffffff8348a701>]
tty_release_struct+0x31/0x50 drivers/tty/tty_io.c:1615
1 lock held by syz-executor.1/17033:
#0: (&fb_info->lock){+.+.}, at: [<ffffffff8324a005>]
fb_release+0x55/0x150 drivers/video/fbdev/core/fbmem.c:1497
1 lock held by syz-executor.2/17054:
#0: (&fb_info->lock){+.+.}, at: [<ffffffff8324a947>] fb_open+0xb7/0x420
drivers/video/fbdev/core/fbmem.c:1468
1 lock held by syz-executor.0/17044:
#0: (&fb_info->lock){+.+.}, at: [<ffffffff8324a947>] fb_open+0xb7/0x420
drivers/video/fbdev/core/fbmem.c:1468
1 lock held by syz-executor.5/17052:
#0: (&fb_info->lock){+.+.}, at: [<ffffffff8324a947>] fb_open+0xb7/0x420
drivers/video/fbdev/core/fbmem.c:1468
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 1045 Comm: khungtaskd Not tainted 4.14.160-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
nmi_cpu_backtrace.cold+0x57/0x94 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x141/0x189 lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5e7/0xb90 kernel/hung_task.c:274
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 17039 Comm: syz-executor.2 Not tainted 4.14.160-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff88809653e6c0 task.stack: ffff88804bb78000
RIP: 0010:__sanitizer_cov_trace_pc+0x31/0x60 kernel/kcov.c:85
RSP: 0018:ffff88804bb7f260 EFLAGS: 00000246
RAX: ffff88809653e6c0 RBX: ffff8880000a0078 RCX: ffffc90007427000
RDX: 0000000000000001 RSI: ffffffff8328b29a RDI: 0000000000000040
RBP: ffff88804bb7f260 R08: 00000000000003c0 R09: 0000000000000040
R10: ffffed104323f05b R11: ffff8882191f82df R12: 0000000000000007
R13: 0000000000000000 R14: ffff8880000a0078 R15: 0000000000000000
FS: 00007fa697d7d700(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8c3e1f0000 CR3: 00000000a5f10000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
bitfill_aligned drivers/video/fbdev/core/cfbfillrect.c:78 [inline]
bitfill_aligned+0x13a/0x190 drivers/video/fbdev/core/cfbfillrect.c:35
cfb_fillrect+0x3d0/0x720 drivers/video/fbdev/core/cfbfillrect.c:327
vga16fb_fillrect+0x618/0x1880 drivers/video/fbdev/vga16fb.c:951
bit_clear_margins+0x2d5/0x4f0 drivers/video/fbdev/core/bitblit.c:232
fbcon_clear_margins+0x292/0x320 drivers/video/fbdev/core/fbcon.c:1317
fbcon_switch+0xd38/0x1820 drivers/video/fbdev/core/fbcon.c:2299
redraw_screen+0x335/0x7c0 drivers/tty/vt/vt.c:688
fbcon_modechanged+0x59e/0x880 drivers/video/fbdev/core/fbcon.c:2946
fbcon_event_notify+0x11f/0x17af drivers/video/fbdev/core/fbcon.c:3299
notifier_call_chain+0x111/0x1b0 kernel/notifier.c:93
__blocking_notifier_call_chain kernel/notifier.c:317 [inline]
__blocking_notifier_call_chain kernel/notifier.c:304 [inline]
blocking_notifier_call_chain kernel/notifier.c:328 [inline]
blocking_notifier_call_chain+0x80/0xa0 kernel/notifier.c:325
fb_notifier_call_chain+0x25/0x30 drivers/video/fbdev/core/fb_notify.c:45
fb_set_var+0xb09/0xcf0 drivers/video/fbdev/core/fbmem.c:1054
do_fb_ioctl+0x3cc/0x940 drivers/video/fbdev/core/fbmem.c:1127
fb_ioctl+0xe6/0x130 drivers/video/fbdev/core/fbmem.c:1242
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a919
RSP: 002b:00007fa697d7cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a919
RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000006
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa697d7d6d4
R13: 00000000004c310d R14: 00000000004d8498 R15: 00000000ffffffff
Code: ee 01 00 48 85 c0 74 1a 65 8b 15 4b 9e a4 7e 81 e2 00 01 1f 00 75 0b
8b 90 50 13 00 00 83 fa 01 74 01 c3 55 48 89 e5 48 8b 75 08 <48> 8b 88 58
13 00 00 8b 80 54 13 00 00 48 8b 11 48 83 c2 01 48
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: e1f7d50a Linux 4.14.160
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1664dd25e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=46599517442ad9fb
dashboard link: https://syzkaller.appspot.com/bug?extid=6ff5629f3ac522892112
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6ff562...@syzkaller.appspotmail.com
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop5' (ffff8880a4202d60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4202d60): fill_kobj_path: path
= '/devices/virtual/block/loop5'
INFO: task syz-executor.5:12262 blocked for more than 140 seconds.
Not tainted 4.14.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D26816 12262 7070 0x80000002
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
schedule_timeout+0x93b/0xe10 kernel/time/timer.c:1723
__down_common kernel/locking/semaphore.c:221 [inline]
__down+0x160/0x290 kernel/locking/semaphore.c:238
down+0x64/0x90 kernel/locking/semaphore.c:62
console_lock+0x28/0x80 kernel/printk/printk.c:2216
con_shutdown+0x41/0x90 drivers/tty/vt/vt.c:2929
release_tty+0xbf/0x7c0 drivers/tty/tty_io.c:1501
tty_release_struct+0x3c/0x50 drivers/tty/tty_io.c:1616
tty_release+0xaa3/0xd60 drivers/tty/tty_io.c:1776
__fput+0x275/0x7a0 fs/file_table.c:210
____fput+0x16/0x20 fs/file_table.c:244
task_work_run+0x114/0x190 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0x7be/0x2c80 kernel/exit.c:854
do_group_exit+0x111/0x330 kernel/exit.c:951
get_signal+0x381/0x1cd0 kernel/signal.c:2413
do_signal+0x86/0x19a0 arch/x86/kernel/signal.c:814
exit_to_usermode_loop+0x15c/0x220 arch/x86/entry/common.c:160
prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a919
RSP: 002b:00007fd9c8378cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 000000000075c078 RCX: 000000000045a919
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075c078
RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075c07c
R13: 00007ffddce5a65f R14: 00007fd9c83799c0 R15: 000000000075c07c
INFO: task syz-executor.4:17041 blocked for more than 140 seconds.
Not tainted 4.14.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.4 D27216 17041 7071 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
schedule_timeout+0x93b/0xe10 kernel/time/timer.c:1723
__down_common kernel/locking/semaphore.c:221 [inline]
__down+0x160/0x290 kernel/locking/semaphore.c:238
down+0x64/0x90 kernel/locking/semaphore.c:62
console_lock+0x28/0x80 kernel/printk/printk.c:2216
do_fb_ioctl+0x36a/0x940 drivers/video/fbdev/core/fbmem.c:1121
fb_ioctl+0xe6/0x130 drivers/video/fbdev/core/fbmem.c:1242
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a919
RSP: 002b:00007f1aabc07c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a919
RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000006
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1aabc086d4
R13: 00000000004c310d R14: 00000000004d8498 R15: 00000000ffffffff
INFO: task syz-executor.1:17033 blocked for more than 140 seconds.
Not tainted 4.14.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1 D28528 17033 7074 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3486
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
fb_release+0x55/0x150 drivers/video/fbdev/core/fbmem.c:1497
__fput+0x275/0x7a0 fs/file_table.c:210
____fput+0x16/0x20 fs/file_table.c:244
task_work_run+0x114/0x190 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x1da/0x220 arch/x86/entry/common.c:164
prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4144b1
RSP: 002b:00007ffef00591c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00000000004144b1
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
RBP: 0000000000000001 R08: 000000009c68487f R09: 000000009c684883
R10: 00007ffef00592a0 R11: 0000000000000293 R12: 000000000075c9a0
R13: 000000000075c9a0 R14: 00000000007614e8 R15: 000000000075bfd4
INFO: task syz-executor.3:17036 blocked for more than 140 seconds.
Not tainted 4.14.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3 D27856 17036 7073 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
schedule_timeout+0x93b/0xe10 kernel/time/timer.c:1723
__down_common kernel/locking/semaphore.c:221 [inline]
__down+0x160/0x290 kernel/locking/semaphore.c:238
down+0x64/0x90 kernel/locking/semaphore.c:62
console_lock+0x28/0x80 kernel/printk/printk.c:2216
do_fb_ioctl+0x36a/0x940 drivers/video/fbdev/core/fbmem.c:1121
fb_ioctl+0xe6/0x130 drivers/video/fbdev/core/fbmem.c:1242
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a919
RSP: 002b:00007fdfae72bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a919
RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000005
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdfae72c6d4
R13: 00000000004c310d R14: 00000000004d8498 R15: 00000000ffffffff
INFO: task syz-executor.2:17054 blocked for more than 140 seconds.
Not tainted 4.14.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D29488 17054 7072 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3486
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
fb_open+0xb7/0x420 drivers/video/fbdev/core/fbmem.c:1468
chrdev_open+0x207/0x590 fs/char_dev.c:423
do_dentry_open+0x73b/0xeb0 fs/open.c:777
vfs_open+0x105/0x220 fs/open.c:891
do_last fs/namei.c:3425 [inline]
path_openat+0x8bd/0x3f70 fs/namei.c:3566
do_filp_open+0x18e/0x250 fs/namei.c:3600
do_sys_open+0x2c5/0x430 fs/open.c:1084
SYSC_openat fs/open.c:1111 [inline]
SyS_openat+0x30/0x40 fs/open.c:1105
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a919
RSP: 002b:00007fa697d3ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a919
RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c
RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa697d3b6d4
R13: 00000000004c8067 R14: 00000000004df338 R15: 00000000ffffffff
INFO: task syz-executor.0:17044 blocked for more than 140 seconds.
Not tainted 4.14.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0 D27856 17044 7075 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3486
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
fb_open+0xb7/0x420 drivers/video/fbdev/core/fbmem.c:1468
chrdev_open+0x207/0x590 fs/char_dev.c:423
do_dentry_open+0x73b/0xeb0 fs/open.c:777
vfs_open+0x105/0x220 fs/open.c:891
do_last fs/namei.c:3425 [inline]
path_openat+0x8bd/0x3f70 fs/namei.c:3566
do_filp_open+0x18e/0x250 fs/namei.c:3600
do_sys_open+0x2c5/0x430 fs/open.c:1084
SYSC_openat fs/open.c:1111 [inline]
SyS_openat+0x30/0x40 fs/open.c:1105
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a919
RSP: 002b:00007f365f2ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a919
RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f365f2cd6d4
R13: 00000000004c8067 R14: 00000000004df338 R15: 00000000ffffffff
INFO: task syz-executor.5:17052 blocked for more than 140 seconds.
Not tainted 4.14.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D27152 17052 7070 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x7b8/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3486
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
fb_open+0xb7/0x420 drivers/video/fbdev/core/fbmem.c:1468
chrdev_open+0x207/0x590 fs/char_dev.c:423
do_dentry_open+0x73b/0xeb0 fs/open.c:777
vfs_open+0x105/0x220 fs/open.c:891
do_last fs/namei.c:3425 [inline]
path_openat+0x8bd/0x3f70 fs/namei.c:3566
do_filp_open+0x18e/0x250 fs/namei.c:3600
do_sys_open+0x2c5/0x430 fs/open.c:1084
SYSC_openat fs/open.c:1111 [inline]
SyS_openat+0x30/0x40 fs/open.c:1105
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a919
RSP: 002b:00007fd9c83bac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a919
RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd9c83bb6d4
R13: 00000000004c8067 R14: 00000000004df338 R15: 00000000ffffffff
Showing all locks held in the system:
1 lock held by khungtaskd/1045:
#0: (tasklist_lock){.+.+}, at: [<ffffffff8148c8d8>]
debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4544
1 lock held by rsyslogd/6903:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff81966a5b>]
__fdget_pos+0xab/0xd0 fs/file.c:769
2 locks held by getty/7025:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>]
n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156
2 locks held by getty/7026:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>]
n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156
2 locks held by getty/7027:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>]
n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156
2 locks held by getty/7028:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>]
n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156
2 locks held by getty/7029:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>]
n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156
2 locks held by getty/7030:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>]
n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156
2 locks held by getty/7031:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>]
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>]
n_tty_read+0x1e6/0x17d0 drivers/tty/n_tty.c:2156
1 lock held by syz-executor.5/12262:
#0: (tty_mutex){+.+.}, at: [<ffffffff8348a701>]
tty_release_struct+0x31/0x50 drivers/tty/tty_io.c:1615
1 lock held by syz-executor.1/17033:
#0: (&fb_info->lock){+.+.}, at: [<ffffffff8324a005>]
fb_release+0x55/0x150 drivers/video/fbdev/core/fbmem.c:1497
1 lock held by syz-executor.2/17054:
#0: (&fb_info->lock){+.+.}, at: [<ffffffff8324a947>] fb_open+0xb7/0x420
drivers/video/fbdev/core/fbmem.c:1468
1 lock held by syz-executor.0/17044:
#0: (&fb_info->lock){+.+.}, at: [<ffffffff8324a947>] fb_open+0xb7/0x420
drivers/video/fbdev/core/fbmem.c:1468
1 lock held by syz-executor.5/17052:
#0: (&fb_info->lock){+.+.}, at: [<ffffffff8324a947>] fb_open+0xb7/0x420
drivers/video/fbdev/core/fbmem.c:1468
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 1045 Comm: khungtaskd Not tainted 4.14.160-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
nmi_cpu_backtrace.cold+0x57/0x94 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x141/0x189 lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5e7/0xb90 kernel/hung_task.c:274
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 17039 Comm: syz-executor.2 Not tainted 4.14.160-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff88809653e6c0 task.stack: ffff88804bb78000
RIP: 0010:__sanitizer_cov_trace_pc+0x31/0x60 kernel/kcov.c:85
RSP: 0018:ffff88804bb7f260 EFLAGS: 00000246
RAX: ffff88809653e6c0 RBX: ffff8880000a0078 RCX: ffffc90007427000
RDX: 0000000000000001 RSI: ffffffff8328b29a RDI: 0000000000000040
RBP: ffff88804bb7f260 R08: 00000000000003c0 R09: 0000000000000040
R10: ffffed104323f05b R11: ffff8882191f82df R12: 0000000000000007
R13: 0000000000000000 R14: ffff8880000a0078 R15: 0000000000000000
FS: 00007fa697d7d700(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8c3e1f0000 CR3: 00000000a5f10000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
bitfill_aligned drivers/video/fbdev/core/cfbfillrect.c:78 [inline]
bitfill_aligned+0x13a/0x190 drivers/video/fbdev/core/cfbfillrect.c:35
cfb_fillrect+0x3d0/0x720 drivers/video/fbdev/core/cfbfillrect.c:327
vga16fb_fillrect+0x618/0x1880 drivers/video/fbdev/vga16fb.c:951
bit_clear_margins+0x2d5/0x4f0 drivers/video/fbdev/core/bitblit.c:232
fbcon_clear_margins+0x292/0x320 drivers/video/fbdev/core/fbcon.c:1317
fbcon_switch+0xd38/0x1820 drivers/video/fbdev/core/fbcon.c:2299
redraw_screen+0x335/0x7c0 drivers/tty/vt/vt.c:688
fbcon_modechanged+0x59e/0x880 drivers/video/fbdev/core/fbcon.c:2946
fbcon_event_notify+0x11f/0x17af drivers/video/fbdev/core/fbcon.c:3299
notifier_call_chain+0x111/0x1b0 kernel/notifier.c:93
__blocking_notifier_call_chain kernel/notifier.c:317 [inline]
__blocking_notifier_call_chain kernel/notifier.c:304 [inline]
blocking_notifier_call_chain kernel/notifier.c:328 [inline]
blocking_notifier_call_chain+0x80/0xa0 kernel/notifier.c:325
fb_notifier_call_chain+0x25/0x30 drivers/video/fbdev/core/fb_notify.c:45
fb_set_var+0xb09/0xcf0 drivers/video/fbdev/core/fbmem.c:1054
do_fb_ioctl+0x3cc/0x940 drivers/video/fbdev/core/fbmem.c:1127
fb_ioctl+0xe6/0x130 drivers/video/fbdev/core/fbmem.c:1242
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a919
RSP: 002b:00007fa697d7cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a919
RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000006
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa697d7d6d4
R13: 00000000004c310d R14: 00000000004d8498 R15: 00000000ffffffff
Code: ee 01 00 48 85 c0 74 1a 65 8b 15 4b 9e a4 7e 81 e2 00 01 1f 00 75 0b
8b 90 50 13 00 00 83 fa 01 74 01 c3 55 48 89 e5 48 8b 75 08 <48> 8b 88 58
13 00 00 8b 80 54 13 00 00 48 8b 11 48 83 c2 01 48
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Nov 12, 2020, 12:59:15 PM11/12/20
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages