syzbot


INFO: task hung in collapse_huge_page

Status: closed as dup on 2018/06/11 10:57
Reported-by: syzbot+e65df5e4d866512cd91d@syzkaller.appspotmail.com
First crash: 1629d, last: 1536d
Duplicate of (1):
Title Repro Cause bisect Fix bisect Count Last Reported
INFO: task hung in __sb_start_write 1508 1536d 1606d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in collapse_huge_page (2) 4 1236d 1286d 0/24 auto-closed as invalid on 2019/10/25 09:41

Sample crash report:
netlink: 52 bytes leftover after parsing attributes in process `syz-executor4'.
INFO: task khugepaged:908 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #142
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
khugepaged      D22472   908      2 0x80000000
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501
 schedule+0xfb/0x450 kernel/sched/core.c:3545
 __rwsem_down_write_failed_common+0x95d/0x1630 kernel/locking/rwsem-xadd.c:566
 rwsem_down_write_failed+0xe/0x10 kernel/locking/rwsem-xadd.c:595
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0xaa/0x130 kernel/locking/rwsem.c:72
 collapse_huge_page+0x2b9/0x2140 mm/khugepaged.c:1006
 khugepaged_scan_pmd mm/khugepaged.c:1215 [inline]
 khugepaged_scan_mm_slot+0x20a1/0x3370 mm/khugepaged.c:1734
 khugepaged_do_scan mm/khugepaged.c:1815 [inline]
 khugepaged+0x9aa/0xce0 mm/khugepaged.c:1860
 kthread+0x345/0x410 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
INFO: task rs:main Q:Reg:4395 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #142
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
rs:main Q:Reg   D23336  4395      1 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501
 schedule+0xfb/0x450 kernel/sched/core.c:3545
 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline]
 rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85
 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline]
 percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
 __sb_start_write+0x2d7/0x300 fs/super.c:1403
 file_start_write include/linux/fs.h:2737 [inline]
 vfs_write+0x452/0x560 fs/read_write.c:548
 ksys_write+0x101/0x260 fs/read_write.c:598
 __do_sys_write fs/read_write.c:610 [inline]
 __se_sys_write fs/read_write.c:607 [inline]
 __x64_sys_write+0x73/0xb0 fs/read_write.c:607
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fb4052ef19d
Code: Bad RIP value.
RSP: 002b:00007fb403890000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000081 RCX: 00007fb4052ef19d
RDX: 0000000000000081 RSI: 0000000001244a90 RDI: 0000000000000005
RBP: 0000000001244a90 R08: 0000000001244a90 R09: 206e692073657475
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 00007fb403890480 R14: 0000000000000001 R15: 0000000001244890
INFO: task syz-fuzzer:4511 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #142
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-fuzzer      D18968  4511   4509 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501
 schedule+0xfb/0x450 kernel/sched/core.c:3545
 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline]
 rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85
 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline]
 percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
 __sb_start_write+0x2d7/0x300 fs/super.c:1403
 sb_start_pagefault include/linux/fs.h:1583 [inline]
 ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126
 do_page_mkwrite+0x14e/0x520 mm/memory.c:2380
 wp_page_shared mm/memory.c:2676 [inline]
 do_wp_page+0xf78/0x19b0 mm/memory.c:2776
 handle_pte_fault mm/memory.c:3988 [inline]
 __handle_mm_fault+0x2a84/0x4460 mm/memory.c:4096
 handle_mm_fault+0x53e/0xc80 mm/memory.c:4133
 __do_page_fault+0x620/0xe50 arch/x86/mm/fault.c:1396
 do_page_fault+0xf6/0x8c0 arch/x86/mm/fault.c:1471
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1160
RIP: 0033:0x70b5e1
Code: Bad RIP value.
RSP: 002b:000000c427d2ec50 EFLAGS: 00010212
RAX: 000000c427d2f288 RBX: 000000c427d2f290 RCX: 00007f946cbe2000
RDX: fffffffffffffffe RSI: 0000000002090d18 RDI: 000000c427d2ec60
RBP: 000000c427d2ec60 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000095bb32 R11: 0000000000000004 R12: 0000000000000000
R13: 0000000000000020 R14: 0000000000000013 R15: 000000c427d2f400
INFO: task syz-fuzzer:4526 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #142
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-fuzzer      D19624  4526   4509 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501
 schedule+0xfb/0x450 kernel/sched/core.c:3545
 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline]
 rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85
 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline]
 percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
 __sb_start_write+0x2d7/0x300 fs/super.c:1403
 sb_start_pagefault include/linux/fs.h:1583 [inline]
 ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126
 do_page_mkwrite+0x14e/0x520 mm/memory.c:2380
 wp_page_shared mm/memory.c:2676 [inline]
 do_wp_page+0xf78/0x19b0 mm/memory.c:2776
 handle_pte_fault mm/memory.c:3988 [inline]
 __handle_mm_fault+0x2a84/0x4460 mm/memory.c:4096
 handle_mm_fault+0x53e/0xc80 mm/memory.c:4133
 __do_page_fault+0x620/0xe50 arch/x86/mm/fault.c:1396
 do_page_fault+0xf6/0x8c0 arch/x86/mm/fault.c:1471
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1160
RIP: 0033:0x70b5e1
Code: Bad RIP value.
RSP: 002b:000000c426f41538 EFLAGS: 00010212
RAX: 000000c426f41878 RBX: 000000c426f41880 RCX: 00007f94695e2000
RDX: 0000000000000745 RSI: 0000000000000000 RDI: 0000000000001468
RBP: 000000c426f41548 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000095bb32 R11: 0000000000000004 R12: 0000000000000000
R13: 0000000000000020 R14: 0000000000000013 R15: 000000c426f419e8
INFO: task syz-executor7:4536 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #142
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor7   D19376  4536   4529 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501
 schedule+0xfb/0x450 kernel/sched/core.c:3545
 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline]
 rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85
 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline]
 percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
 __sb_start_write+0x2d7/0x300 fs/super.c:1403
 sb_start_write include/linux/fs.h:1554 [inline]
 mnt_want_write+0x3f/0xc0 fs/namespace.c:386
 filename_create+0x13e/0x5b0 fs/namei.c:3640
 user_path_create fs/namei.c:3703 [inline]
 do_mkdirat+0xda/0x310 fs/namei.c:3842
 __do_sys_mkdir fs/namei.c:3866 [inline]
 __se_sys_mkdir fs/namei.c:3864 [inline]
 __x64_sys_mkdir+0x5c/0x80 fs/namei.c:3864
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x455267
Code: Bad RIP value.
RSP: 002b:00007ffdaf8760d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00007ffdaf876100 RCX: 0000000000455267
RDX: 00007ffdaf876db5 RSI: 00000000000001ff RDI: 00007ffdaf876db0
RBP: 0000000000000013 R08: 0000000000000000 R09: 0000000000000005
R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000001380 R14: 00007ffdaf876780 R15: 00000000007034c0
INFO: task syz-executor0:4537 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #142
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0   D20072  4537   4528 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501
 schedule+0xfb/0x450 kernel/sched/core.c:3545
 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline]
 rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85
 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline]
 percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
 __sb_start_write+0x2d7/0x300 fs/super.c:1403
 sb_start_write include/linux/fs.h:1554 [inline]
 mnt_want_write+0x3f/0xc0 fs/namespace.c:386
 do_unlinkat+0x2b7/0xa30 fs/namei.c:4055
 __do_sys_unlink fs/namei.c:4120 [inline]
 __se_sys_unlink fs/namei.c:4118 [inline]
 __x64_sys_unlink+0x42/0x50 fs/namei.c:4118
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x455b77
Code: Bad RIP value.
RSP: 002b:00007ffdb7501588 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000455b77
RDX: 00007ffdb7501590 RSI: 00007ffdb7501620 RDI: 00007ffdb7501620
RBP: 00007ffdb7503330 R08: 0000000000000000 R09: 0000000000000010
R10: 000000000000000a R11: 0000000000000206 R12: 000000000236d940
R13: 0000000000000000 R14: 00007ffdb7502d00 R15: 0000000000702140
INFO: task syz-executor1:4541 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #142
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor1   D21232  4541   4533 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501
 schedule+0xfb/0x450 kernel/sched/core.c:3545
 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline]
 rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85
 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline]
 percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
 __sb_start_write+0x2d7/0x300 fs/super.c:1403
 sb_start_write include/linux/fs.h:1554 [inline]
 mnt_want_write+0x3f/0xc0 fs/namespace.c:386
 do_unlinkat+0x2b7/0xa30 fs/namei.c:4055
 __do_sys_unlink fs/namei.c:4120 [inline]
 __se_sys_unlink fs/namei.c:4118 [inline]
 __x64_sys_unlink+0x42/0x50 fs/namei.c:4118
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x455b77
Code: Bad RIP value.
RSP: 002b:00007fff30b93bc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000455b77
RDX: 00007fff30b93bd0 RSI: 00007fff30b93c60 RDI: 00007fff30b93c60
RBP: 00007fff30b95970 R08: 0000000000000000 R09: 0000000000000010
R10: 000000000000000a R11: 0000000000000202 R12: 00000000011ce940
R13: 0000000000000000 R14: 00007fff30b95340 R15: 0000000000702140
INFO: task syz-executor4:21395 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #142
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor4   D23192 21395  21380 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501
 schedule+0xfb/0x450 kernel/sched/core.c:3545
 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline]
 rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85
 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline]
 percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
 __sb_start_write+0x2d7/0x300 fs/super.c:1403
 sb_start_write include/linux/fs.h:1554 [inline]
 mnt_want_write+0x3f/0xc0 fs/namespace.c:386
 do_unlinkat+0x2b7/0xa30 fs/namei.c:4055
 __do_sys_unlink fs/namei.c:4120 [inline]
 __se_sys_unlink fs/namei.c:4118 [inline]
 __x64_sys_unlink+0x42/0x50 fs/namei.c:4118
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x455b77
Code: Bad RIP value.
RSP: 002b:00007fffc7205588 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000455b77
RDX: 00007fffc7205590 RSI: 00007fffc7205620 RDI: 00007fffc7205620
RBP: 00007fffc7207330 R08: 0000000000000000 R09: 000000000000000e
R10: 000000000000000a R11: 0000000000000206 R12: 0000000001ab3940
R13: 0000000000000000 R14: 00007fffc7206d00 R15: 0000000000702140
INFO: task syz-executor6:21734 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #142
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor6   D24696 21734   4542 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501
 schedule+0xfb/0x450 kernel/sched/core.c:3545
 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline]
 rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85
 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline]
 percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
 __sb_start_write+0x2d7/0x300 fs/super.c:1403
 sb_start_pagefault include/linux/fs.h:1583 [inline]
 ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126
 do_page_mkwrite+0x14e/0x520 mm/memory.c:2380
 wp_page_shared mm/memory.c:2676 [inline]
 do_wp_page+0xf78/0x19b0 mm/memory.c:2776
 handle_pte_fault mm/memory.c:3988 [inline]
 __handle_mm_fault+0x2a84/0x4460 mm/memory.c:4096
 handle_mm_fault+0x53e/0xc80 mm/memory.c:4133
 __do_page_fault+0x620/0xe50 arch/x86/mm/fault.c:1396
 do_page_fault+0xf6/0x8c0 arch/x86/mm/fault.c:1471
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1160
RIP: 0033:0x4084b0
Code: 00 00 2e 23 40 00 00 00 00 00 3e 23 40 00 00 00 00 00 4e 23 40 00 00 00 00 00 5e 23 40 00 00 00 00 00 6e 23 40 00 00 00 00 00 <7e> 23 40 00 00 00 00 00 8e 23 40 00 00 00 00 00 9e 23 40 00 00 00 
RSP: 002b:00007ffd73a91e10 EFLAGS: 00010287
RAX: 0000001b2f22146c RBX: 0000000000000000 RCX: 0000001b30220000
RDX: 0000001b2f221470 RSI: 0000000000730990 RDI: 0000000000000006
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffd73a91e50 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000002 R14: 000000000072bf48 R15: 000000000072bf48
INFO: task syz-executor5:21735 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc4+ #142
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor5   D24696 21735   4538 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501
 schedule+0xfb/0x450 kernel/sched/core.c:3545
 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline]
 rwsem_down_read_failed+0x362/0x600 kernel/locking/rwsem-xadd.c:286
 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:83 [inline]
 __percpu_down_read+0x16e/0x210 kernel/locking/percpu-rwsem.c:85
 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:49 [inline]
 percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
 __sb_start_write+0x2d7/0x300 fs/super.c:1403
 sb_start_pagefault include/linux/fs.h:1583 [inline]
 ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126
 do_page_mkwrite+0x14e/0x520 mm/memory.c:2380
 wp_page_shared mm/memory.c:2676 [inline]
 do_wp_page+0xf78/0x19b0 mm/memory.c:2776
 handle_pte_fault mm/memory.c:3988 [inline]
 __handle_mm_fault+0x2a84/0x4460 mm/memory.c:4096
 handle_mm_fault+0x53e/0xc80 mm/memory.c:4133
 __do_page_fault+0x620/0xe50 arch/x86/mm/fault.c:1396
 do_page_fault+0xf6/0x8c0 arch/x86/mm/fault.c:1471
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1160
RIP: 0033:0x4084b0
Code: 00 00 2e 23 40 00 00 00 00 00 3e 23 40 00 00 00 00 00 4e 23 40 00 00 00 00 00 5e 23 40 00 00 00 00 00 6e 23 40 00 00 00 00 00 <7e> 23 40 00 00 00 00 00 8e 23 40 00 00 00 00 00 9e 23 40 00 00 00 
RSP: 002b:00007ffc8b93fce0 EFLAGS: 00010283
RAX: 0000001b2f021f38 RBX: 0000000000000000 RCX: 0000001b30020000
RDX: 0000001b2f021f3c RSI: 0000000000000005 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffc8b93fd20 R11: 0000000000000246 R12: 0000000000000002
R13: 0000000000000002 R14: 000000000072bf48 R15: 000000000072bf48

Showing all locks held in the system:
1 lock held by khungtaskd/902:
 #0: 000000007328b2e8 (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428 kernel/locking/lockdep.c:4461
1 lock held by khugepaged/908:
 #0: 000000005dad8f7f (&mm->mmap_sem){++++}, at: collapse_huge_page+0x2b9/0x2140 mm/khugepaged.c:1006
2 locks held by rs:main Q:Reg/4395:
 #0: 000000007bbe5d82 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200 fs/file.c:766
 #1: 00000000d7ef968e (sb_writers#6){++++}, at: file_start_write include/linux/fs.h:2737 [inline]
 #1: 00000000d7ef968e (sb_writers#6){++++}, at: vfs_write+0x452/0x560 fs/read_write.c:548
1 lock held by rsyslogd/4397:
2 locks held by getty/4488:
 #0: 0000000094fa6060 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 00000000bfecc431 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4489:
 #0: 00000000881738b6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 00000000d312fe90 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4490:
 #0: 0000000053a85611 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 0000000009e60b96 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4491:
 #0: 0000000005444b59 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 0000000073d83655 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4492:
 #0: 0000000044f944d5 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 000000009e8b1ce8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4493:
 #0: 000000003fef480c (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 000000005f7d3b9f (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4494:
 #0: 0000000074e6c732 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: 00000000e4bf6939 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by syz-fuzzer/4511:
 #0: 000000005dad8f7f (&mm->mmap_sem){++++}, at: __do_page_fault+0x389/0xe50 arch/x86/mm/fault.c:1325
 #1: 000000000f23f046 (sb_pagefaults){++++}, at: sb_start_pagefault include/linux/fs.h:1583 [inline]
 #1: 000000000f23f046 (sb_pagefaults){++++}, at: ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126
2 locks held by syz-fuzzer/4526:
 #0: 000000005dad8f7f (&mm->mmap_sem){++++}, at: __do_page_fault+0x389/0xe50 arch/x86/mm/fault.c:1325
 #1: 000000000f23f046 (sb_pagefaults){++++}, at: sb_start_pagefault include/linux/fs.h:1583 [inline]
 #1: 000000000f23f046 (sb_pagefaults){++++}, at: ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126
1 lock held by syz-executor7/4536:
 #0: 00000000d7ef968e (sb_writers#6){++++}, at: sb_start_write include/linux/fs.h:1554 [inline]
 #0: 00000000d7ef968e (sb_writers#6){++++}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:386
1 lock held by syz-executor0/4537:
 #0: 00000000d7ef968e (sb_writers#6){++++}, at: sb_start_write include/linux/fs.h:1554 [inline]
 #0: 00000000d7ef968e (sb_writers#6){++++}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:386
1 lock held by syz-executor1/4541:
 #0: 00000000d7ef968e (sb_writers#6){++++}, at: sb_start_write include/linux/fs.h:1554 [inline]
 #0: 00000000d7ef968e (sb_writers#6){++++}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:386
1 lock held by syz-executor4/21395:
 #0: 00000000d7ef968e (sb_writers#6){++++}, at: sb_start_write include/linux/fs.h:1554 [inline]
 #0: 00000000d7ef968e (sb_writers#6){++++}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:386
2 locks held by syz-executor6/21734:
 #0: 00000000961da789 (&mm->mmap_sem){++++}, at: __do_page_fault+0x389/0xe50 arch/x86/mm/fault.c:1325
 #1: 000000000f23f046 (sb_pagefaults){++++}, at: sb_start_pagefault include/linux/fs.h:1583 [inline]
 #1: 000000000f23f046 (sb_pagefaults){++++}, at: ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126
2 locks held by syz-executor5/21735:
 #0: 0000000055e17e1f (&mm->mmap_sem){++++}, at: __do_page_fault+0x389/0xe50 arch/x86/mm/fault.c:1325
 #1: 000000000f23f046 (sb_pagefaults){++++}, at: sb_start_pagefault include/linux/fs.h:1583 [inline]
 #1: 000000000f23f046 (sb_pagefaults){++++}, at: ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126
2 locks held by syz-executor3/21765:
 #0: 0000000004820255 (&mm->mmap_sem){++++}, at: __do_page_fault+0x389/0xe50 arch/x86/mm/fault.c:1325
 #1: 000000000f23f046 (sb_pagefaults){++++}, at: sb_start_pagefault include/linux/fs.h:1583 [inline]
 #1: 000000000f23f046 (sb_pagefaults){++++}, at: ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126
2 locks held by syz-executor2/21770:
 #0: 00000000bc7710a7 (&mm->mmap_sem){++++}, at: __do_page_fault+0x389/0xe50 arch/x86/mm/fault.c:1325
 #1: 000000000f23f046 (sb_pagefaults){++++}, at: sb_start_pagefault include/linux/fs.h:1583 [inline]
 #1: 000000000f23f046 (sb_pagefaults){++++}, at: ext4_page_mkwrite+0x1d0/0x1430 fs/ext4/inode.c:6126
1 lock held by cron/21783:
 #0: 00000000d7ef968e (sb_writers#6){++++}, at: sb_start_write include/linux/fs.h:1554 [inline]
 #0: 00000000d7ef968e (sb_writers#6){++++}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:386

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 902 Comm: khungtaskd Not tainted 4.18.0-rc4+ #142
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
 nmi_cpu_backtrace.cold.4+0x19/0xce lib/nmi_backtrace.c:103
 nmi_trigger_cpumask_backtrace+0x151/0x192 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
 watchdog+0x9c4/0xf80 kernel/hung_task.c:252
 kthread+0x345/0x410 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:54

Crashes (352):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2018/07/12 08:19 upstream c25c74b7476e 2e0e3130 .config log report
ci-upstream-kasan-gce-root 2018/07/12 01:41 upstream c25c74b7476e 2e0e3130 .config log report
ci-upstream-kasan-gce-root 2018/07/12 00:29 upstream c25c74b7476e 2e0e3130 .config log report
ci-upstream-kasan-gce-root 2018/07/11 18:34 upstream 1e09177acae3 2e0e3130 .config log report
ci-upstream-kasan-gce-root 2018/07/11 14:30 upstream 1e09177acae3 2e0e3130 .config log report
ci-upstream-kasan-gce-root 2018/07/11 12:23 upstream 1e09177acae3 2e0e3130 .config log report
ci-upstream-kasan-gce-root 2018/07/10 18:16 upstream 092150a25cb7 9fa03fa5 .config log report
ci-upstream-kasan-gce-root 2018/07/10 07:36 upstream 092150a25cb7 f25e5770 .config log report
ci-upstream-kasan-gce-root 2018/07/10 02:34 upstream 092150a25cb7 f25e5770 .config log report
ci-upstream-kasan-gce-root 2018/07/09 20:55 upstream 1e4b044d2251 f25e5770 .config log report
ci-upstream-kasan-gce-root 2018/07/09 16:02 upstream 1e4b044d2251 f25e5770 .config log report
ci-upstream-kasan-gce-root 2018/07/09 12:00 upstream 1e4b044d2251 f25e5770 .config log report
ci-upstream-kasan-gce-root 2018/07/09 01:12 upstream ca04b3cca11a f25e5770 .config log report
ci-upstream-kasan-gce-root 2018/04/09 21:26 upstream fd40ffc72e2f b9f65507 .config log report
ci-upstream-bpf-kasan-gce 2018/07/12 10:29 bpf 6e6fddc78323 2e0e3130 .config log report
ci-upstream-bpf-kasan-gce 2018/07/12 03:26 bpf 61d769807f27 2e0e3130 .config log report
ci-upstream-bpf-kasan-gce 2018/07/11 21:04 bpf 61d769807f27 2e0e3130 .config log report
ci-upstream-bpf-kasan-gce 2018/07/11 00:42 bpf 59ee4129a279 2e0e3130 .config log report
ci-upstream-bpf-kasan-gce 2018/07/10 22:48 bpf 59ee4129a279 2e0e3130 .config log report
ci-upstream-bpf-kasan-gce 2018/07/10 15:14 bpf b9626f45abcc 9fa03fa5 .config log report
ci-upstream-bpf-kasan-gce 2018/07/10 08:51 bpf b9626f45abcc 9fa03fa5 .config log report
ci-upstream-bpf-kasan-gce 2018/07/09 03:48 bpf 7f93d1295131 f25e5770 .config log report
ci-upstream-bpf-next-kasan-gce 2018/07/12 04:32 bpf-next 671dffa7de7b 2e0e3130 .config log report
ci-upstream-bpf-next-kasan-gce 2018/07/11 22:14 bpf-next 671dffa7de7b 2e0e3130 .config log report
ci-upstream-bpf-next-kasan-gce 2018/07/11 06:54 bpf-next d90c936fb318 2e0e3130 .config log report
ci-upstream-bpf-next-kasan-gce 2018/07/10 20:45 bpf-next d90c936fb318 2e0e3130 .config log report
ci-upstream-bpf-next-kasan-gce 2018/07/10 10:08 bpf-next d90c936fb318 9fa03fa5 .config log report
ci-upstream-bpf-next-kasan-gce 2018/07/10 00:57 bpf-next d90c936fb318 f25e5770 .config log report
ci-upstream-bpf-next-kasan-gce 2018/07/09 08:13 bpf-next d90c936fb318 f25e5770 .config log report
ci-upstream-bpf-next-kasan-gce 2018/07/09 05:43 bpf-next d90c936fb318 f25e5770 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/07/11 09:18 linux-next 98be45067040 2e0e3130 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/07/11 04:55 linux-next 3951bd9fe3e2 2e0e3130 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/07/10 21:41 linux-next 3951bd9fe3e2 2e0e3130 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/07/10 04:55 linux-next d00d6d9a339d f25e5770 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/07/09 23:33 linux-next d00d6d9a339d f25e5770 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/07/09 22:31 linux-next d00d6d9a339d f25e5770 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/07/09 18:23 linux-next d00d6d9a339d f25e5770 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/07/09 13:25 linux-next d00d6d9a339d f25e5770 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/07/09 11:44 linux-next d00d6d9a339d f25e5770 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/07/09 10:08 linux-next d00d6d9a339d f25e5770 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/07/08 23:16 linux-next 526674536360 f25e5770 .config log report
* Struck through repros no longer work on HEAD.