syzbot

 sign-in | mailing list | source | docs
🐞 Open [1081] 🐞 Fixed [4184] 🐞 Invalid [9308] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

INFO: task hung in process_measurement

Status: closed as invalid on 2022/02/08 10:56
Reported-by: syzbot+cdc562bc26a2b2b0a94f@syzkaller.appspotmail.com
First crash: 1520d, last: 485d

Cause bisection: introduced by (bisect log) :
commit 8fe5616b20e5742bb5fee0e77dffe2fc76ac92a0
Author: Jyri Sarha <jsarha@ti.com>
Date: Tue Jun 14 08:43:30 2016 +0000

  drm/tilcdc: Restore old dpms state in pm_resume()

Crash: INFO: task hung in process_measurement (log)
Repro: C syz .config

Fix bisection: the fix commit could be any of (bisect log):
  14c2a7b934e4 dt-bindings: dmaengine: nbpfaxi: Rename bindings documentation file
  7607a121f461 dmaengine: fsldma: Mark expected switch fall-through
  b48b8bc45a8f dmaengine: dw: Update Intel Elkhart Lake Service Engine acronym
  069e4a19f44d dmaengine: ti: unexport filter functions
  3a1144f83c53 MAINTAINERS: dmaengine: dw axi dmac: Fix typo in a path
  698f7a9be9b2 dmaengine: mv_xor_v2: Fix -Wshift-negative-value
  ba1cab79cfc6 dmaengine: fsl-edma: implement .device_synchronize callback
  4f48e29f7673 dmaengine: make mux_configure32 static
  d1b622f68daf dmaengine: pl330: use the same attributes when freeing pl330->mcode_cpu
  057b05d5ac47 dmaengine: qcom: hidma_mgmt: Add of_node_put() before goto
  d071fd294f24 dmaengine: change alignment of mux_configure32 and fsl_edma_chan_mux
  232a7f18cf8e dmaengine: fsl-edma: add i.mx7ulp edma2 version support
  a6bc332373e5 dmaengine: acpi: Set up DMA mask based on CSRT
  4b8584bac040 dmaengine: acpi: Add kernel doc parameter descriptions
  719e25dba443 dmaengine: qcom_hidma: Remove call to memset after dmam_alloc_coherent
  9603a7ab6098 dmaengine: imx-sdma: Remove call to memset after dma_alloc_coherent
  ae923c91aa3b dmaengine: dw: Export struct dw_dma_chip_pdata for wider use
  b3757413b91e dmaengine: dw: platform: Use struct dw_dma_chip_pdata
  e17be6e1b713 dmaengine: Remove dev_err() usage after platform_get_irq()
  7f5d7425748d dmaengine: imx-dma: Mark expected switch fall-through
  f8d9ddbc2851 dmaengine: dw: platform: Enable iDMA 32-bit on Intel Elkhart Lake
  a9afc9ea9399 dmaengine: tegra210-adma: Don't program FIFO threshold
  a9c56721d6ae dmaengine: dw: platform: Use devm_platform_ioremap_resource()
  57dbd0e4b97d dmaengine: stm32-mdma: Switch to use device_property_count_u32()
  e7b8514e4d68 dmaengine: dw: platform: Switch to acpi_dma_controller_register()
  2cb114c4fac7 dmaengine: stm32-dmamux: Switch to use device_property_count_u32()
  84da042e7023 dmaengine: dw: platform: Move handle check to dw_dma_acpi_controller_register()
  b685fe26e9af dmaengine: dw: platform: Split ACPI helpers to separate module
  ffbb569b9cee dt-bindings: dmaengine: shdma: Rename bindings documentation file
  edd14218bd66 dt-bindings: dmaengine: Convert Allwinner A31 and A64 DMA to a schema
  f5e84eae7956 dmaengine: dw: platform: Split OF helpers to separate module
  545a29c811f6 dt-bindings: dmaengine: Convert Allwinner A10 DMA to a schema
  e3b9fef8ddf8 dmaengine: ti: edma: Remove 'Assignment in if condition'
  7a09c09c3007 dmaengine: ti: omap-dma: Remove 'Assignment in if condition'
  b37e3534ac42 dt-bindings: dmaengine: Add YAML schemas for the generic DMA bindings
  9fa2df6eafa0 dmaengine: ti: omap-dma: Remove variable override in omap_dma_tx_status()
  aa3c6ce4eab8 dmaengine: ti: edma: Support for polled (memcpy) completion
  097ffdc75259 dmaengine: ti: edma: Correct the residue calculation (fix for memcpy)
  fb9816f9d05f dmaengine: dmatest: Add support for completion polling
  09104bb1b5d4 dmaengine: iop-adma: remove set but not used variable 'slots_per_op'
  e96b1f64ee28 dmaengine: ti: edma: Clean up the 2x32bit array register accesses
  25af5afe77a8 dmanegine: ioat/dca: Use struct_size() helper
  4689d35c765c dmaengine: ti: omap-dma: Improved memcpy polling support
  37256335bd06 dt-bindings: dmaengine: dma-common: Fix the dma-channel-mask property
  aac8670369dc dmaengine: ti: omap-dma: Readability cleanup in omap_dma_tx_status()
  402096cb5b7d dmaengine: stm32-dma: Use struct_size() helper
  f4c255f1a747 dmaengine: dma-jz4780: Break descriptor chains on JZ4740
  156a599b0716 dmaengine: tegra-apb: Support per-burst residue granularity
  d17d9ea95727 dmaengine: iop-adma.c: fix printk format warning
  72503b25ee36 dmaengine: bcm2835: Print error in case setting DMA mask fails
  c5dbe60664b3 dmaengine: ti: edma: Do not reset reserved paRAM slots
  b2003f61a554 dmaengine: ti: edma: Only reset region0 access registers
  d2bfe7b5d182 dmaengine: edma: make edma_filter_fn private
  9c71b9eb3cb2 dmaengine: omap-dma: make omap_dma_filter_fn private
  c5c6faaee6e0 dmaengine: ti: edma: Use bitmap_set() instead of open coded edma_set_bits()
  04cbfba62085 Merge tag 'dmaengine-5.4-rc1' of git://git.infradead.org/users/vkoul/slave-dma
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 INFO: task hung in process_measurement 2 1091d 1167d 0/1 auto-closed as invalid on 2020/03/29 20:33
linux-4.14 INFO: task hung in process_measurement 3 986d 1042d 0/1 auto-closed as invalid on 2020/07/13 00:59
linux-4.19 INFO: task hung in process_measurement (2) 1 760d 760d 0/1 auto-closed as invalid on 2021/02/23 17:00

Sample crash report:
INFO: task syz-executor029:7515 blocked for more than 140 seconds.
      Not tainted 5.0.0-rc7+ #85
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor029 D28880  7515   7452 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2844 [inline]
 __schedule+0x817/0x1cc0 kernel/sched/core.c:3485
 schedule+0x92/0x180 kernel/sched/core.c:3529
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:584 [inline]
 rwsem_down_write_failed+0x774/0xc30 kernel/locking/rwsem-xadd.c:613
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x53/0x90 kernel/locking/rwsem.c:72
 inode_lock include/linux/fs.h:757 [inline]
 process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
 ima_file_check+0xc5/0x110 security/integrity/ima/ima_main.c:393
 do_last fs/namei.c:3422 [inline]
 path_openat+0x1130/0x4690 fs/namei.c:3534
 do_filp_open+0x1a1/0x280 fs/namei.c:3564
 do_sys_open+0x3fe/0x5d0 fs/open.c:1063
 ksys_open include/linux/syscalls.h:1298 [inline]
 __do_sys_creat fs/open.c:1121 [inline]
 __se_sys_creat fs/open.c:1119 [inline]
 __x64_sys_creat+0x61/0x80 fs/open.c:1119
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x442249
Code: e8 bc 04 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc02326db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442249
RDX: 0000000000442249 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007ffc02326de0 R08: 00000000000000f0 R09: 00000000000000f0
R10: 00000000000000f0 R11: 0000000000000246 R12: 000000000006f5e3
R13: 00000000004a9250 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor029:7518 blocked for more than 140 seconds.
      Not tainted 5.0.0-rc7+ #85
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor029 D28880  7518   7446 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2844 [inline]
 __schedule+0x817/0x1cc0 kernel/sched/core.c:3485
 schedule+0x92/0x180 kernel/sched/core.c:3529
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:584 [inline]
 rwsem_down_write_failed+0x774/0xc30 kernel/locking/rwsem-xadd.c:613
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x53/0x90 kernel/locking/rwsem.c:72
 inode_lock include/linux/fs.h:757 [inline]
 process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
 ima_file_check+0xc5/0x110 security/integrity/ima/ima_main.c:393
 do_last fs/namei.c:3422 [inline]
 path_openat+0x1130/0x4690 fs/namei.c:3534
 do_filp_open+0x1a1/0x280 fs/namei.c:3564
 do_sys_open+0x3fe/0x5d0 fs/open.c:1063
 ksys_open include/linux/syscalls.h:1298 [inline]
 __do_sys_creat fs/open.c:1121 [inline]
 __se_sys_creat fs/open.c:1119 [inline]
 __x64_sys_creat+0x61/0x80 fs/open.c:1119
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x442249
Code: e8 bc 04 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc02326db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442249
RDX: 0000000000442249 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007ffc02326de0 R08: 00000000000000f0 R09: 00000000000000f0
R10: 00000000000000f0 R11: 0000000000000246 R12: 000000000006f5e5
R13: 00000000004a9250 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor029:7522 blocked for more than 140 seconds.
      Not tainted 5.0.0-rc7+ #85
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor029 D28880  7522   7479 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2844 [inline]
 __schedule+0x817/0x1cc0 kernel/sched/core.c:3485
 schedule+0x92/0x180 kernel/sched/core.c:3529
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:584 [inline]
 rwsem_down_write_failed+0x774/0xc30 kernel/locking/rwsem-xadd.c:613
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x53/0x90 kernel/locking/rwsem.c:72
 inode_lock include/linux/fs.h:757 [inline]
 process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
 ima_file_check+0xc5/0x110 security/integrity/ima/ima_main.c:393
 do_last fs/namei.c:3422 [inline]
 path_openat+0x1130/0x4690 fs/namei.c:3534
 do_filp_open+0x1a1/0x280 fs/namei.c:3564
 do_sys_open+0x3fe/0x5d0 fs/open.c:1063
 ksys_open include/linux/syscalls.h:1298 [inline]
 __do_sys_creat fs/open.c:1121 [inline]
 __se_sys_creat fs/open.c:1119 [inline]
 __x64_sys_creat+0x61/0x80 fs/open.c:1119
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x442249
Code: e8 bc 04 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc02326db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442249
RDX: 0000000000442249 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007ffc02326de0 R08: 00000000000000f0 R09: 00000000000000f0
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000007096c
R13: 00000000004a9250 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor029:7524 blocked for more than 140 seconds.
      Not tainted 5.0.0-rc7+ #85
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor029 D28880  7524   7479 0x00000000
Call Trace:
 context_switch kernel/sched/core.c:2844 [inline]
 __schedule+0x817/0x1cc0 kernel/sched/core.c:3485
 schedule+0x92/0x180 kernel/sched/core.c:3529
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:584 [inline]
 rwsem_down_write_failed+0x774/0xc30 kernel/locking/rwsem-xadd.c:613
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x53/0x90 kernel/locking/rwsem.c:72
 inode_lock include/linux/fs.h:757 [inline]
 process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
 ima_file_check+0xc5/0x110 security/integrity/ima/ima_main.c:393
 do_last fs/namei.c:3422 [inline]
 path_openat+0x1130/0x4690 fs/namei.c:3534
 do_filp_open+0x1a1/0x280 fs/namei.c:3564
 do_sys_open+0x3fe/0x5d0 fs/open.c:1063
 ksys_open include/linux/syscalls.h:1298 [inline]
 __do_sys_creat fs/open.c:1121 [inline]
 __se_sys_creat fs/open.c:1119 [inline]
 __x64_sys_creat+0x61/0x80 fs/open.c:1119
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x442249
Code: e8 bc 04 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc02326db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442249
RDX: 0000000000442249 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007ffc02326de0 R08: 00000000000000f0 R09: 00000000000000f0
R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000071cf6
R13: 00000000004a9250 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor029:7525 blocked for more than 140 seconds.
      Not tainted 5.0.0-rc7+ #85
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor029 D28072  7525   7479 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2844 [inline]
 __schedule+0x817/0x1cc0 kernel/sched/core.c:3485
 schedule+0x92/0x180 kernel/sched/core.c:3529
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:584 [inline]
 rwsem_down_write_failed+0x774/0xc30 kernel/locking/rwsem-xadd.c:613
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x53/0x90 kernel/locking/rwsem.c:72
 inode_lock include/linux/fs.h:757 [inline]
 process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
 ima_file_check+0xc5/0x110 security/integrity/ima/ima_main.c:393
 do_last fs/namei.c:3422 [inline]
 path_openat+0x1130/0x4690 fs/namei.c:3534
 do_filp_open+0x1a1/0x280 fs/namei.c:3564
 do_sys_open+0x3fe/0x5d0 fs/open.c:1063
 ksys_open include/linux/syscalls.h:1298 [inline]
 __do_sys_creat fs/open.c:1121 [inline]
 __se_sys_creat fs/open.c:1119 [inline]
 __x64_sys_creat+0x61/0x80 fs/open.c:1119
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x442249
Code: e8 bc 04 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc02326db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442249
RDX: 0000000000442249 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007ffc02326de0 R08: 00000000000000f0 R09: 00000000000000f0
R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000071cf9
R13: 00000000004a9250 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor029:7526 blocked for more than 140 seconds.
      Not tainted 5.0.0-rc7+ #85
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor029 D28880  7526   7525 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2844 [inline]
 __schedule+0x817/0x1cc0 kernel/sched/core.c:3485
 schedule+0x92/0x180 kernel/sched/core.c:3529
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:584 [inline]
 rwsem_down_write_failed+0x774/0xc30 kernel/locking/rwsem-xadd.c:613
 call_rwsem_down_write_failed+0x17/0x30 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x53/0x90 kernel/locking/rwsem.c:72
 inode_lock include/linux/fs.h:757 [inline]
 process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
 ima_file_check+0xc5/0x110 security/integrity/ima/ima_main.c:393
 do_last fs/namei.c:3422 [inline]
 path_openat+0x1130/0x4690 fs/namei.c:3534
 do_filp_open+0x1a1/0x280 fs/namei.c:3564
 do_sys_open+0x3fe/0x5d0 fs/open.c:1063
 ksys_open include/linux/syscalls.h:1298 [inline]
 __do_sys_creat fs/open.c:1121 [inline]
 __se_sys_creat fs/open.c:1119 [inline]
 __x64_sys_creat+0x61/0x80 fs/open.c:1119
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x442249
Code: e8 bc 04 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc02326db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442249
RDX: 0000000000442249 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007ffc02326de0 R08: 00000000000000f0 R09: 00000000000000f0
R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000071cf9
R13: 00000000004a9250 R14: 0000000000000000 R15: 0000000000000000

Showing all locks held in the system:
1 lock held by khungtaskd/1040:
 #0: 00000000b33b1b17 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:4389
1 lock held by rsyslogd/7331:
 #0: 00000000472554c3 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:795
2 locks held by getty/7421:
 #0: 000000000946e9a4 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 00000000536f8a83 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154
2 locks held by getty/7422:
 #0: 000000000f00229c (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 000000002fd04631 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154
2 locks held by getty/7423:
 #0: 00000000d669190c (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 00000000fe8f8059 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154
2 locks held by getty/7424:
 #0: 000000002568e4dd (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 000000006f772cf5 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154
2 locks held by getty/7425:
 #0: 00000000447753f3 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 00000000c7c7f008 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154
2 locks held by getty/7426:
 #0: 00000000afcbf8c7 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 0000000026623698 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154
2 locks held by getty/7427:
 #0: 000000009ab4afd1 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 00000000fb54d92a (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154
2 locks held by syz-executor029/7515:
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: sb_start_write include/linux/fs.h:1603 [inline]
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:357
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_lock include/linux/fs.h:757 [inline]
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
2 locks held by syz-executor029/7517:
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: file_start_write include/linux/fs.h:2816 [inline]
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: vfs_write+0x429/0x580 fs/read_write.c:548
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_trylock include/linux/fs.h:777 [inline]
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: ext4_file_write_iter+0x250/0x1160 fs/ext4/file.c:232
2 locks held by syz-executor029/7518:
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: sb_start_write include/linux/fs.h:1603 [inline]
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:357
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_lock include/linux/fs.h:757 [inline]
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
2 locks held by syz-executor029/7522:
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: sb_start_write include/linux/fs.h:1603 [inline]
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:357
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_lock include/linux/fs.h:757 [inline]
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
2 locks held by syz-executor029/7524:
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: sb_start_write include/linux/fs.h:1603 [inline]
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:357
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_lock include/linux/fs.h:757 [inline]
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
2 locks held by syz-executor029/7525:
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: sb_start_write include/linux/fs.h:1603 [inline]
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:357
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_lock include/linux/fs.h:757 [inline]
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207
2 locks held by syz-executor029/7526:
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: sb_start_write include/linux/fs.h:1603 [inline]
 #0: 00000000d9f6109b (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:357
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_lock include/linux/fs.h:757 [inline]
 #1: 00000000be0f3d76 (&sb->s_type->i_mutex_key#10){+.+.}, at: process_measurement+0x9ae/0x1570 security/integrity/ima/ima_main.c:207

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1040 Comm: khungtaskd Not tainted 5.0.0-rc7+ #85
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 nmi_cpu_backtrace.cold+0x63/0xa4 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1be/0x236 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
 watchdog+0x9df/0xee0 kernel/hung_task.c:287
 kthread+0x357/0x430 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x2/0x10 arch/x86/include/asm/irqflags.h:57

Crashes (52):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2019/02/23 17:19 upstream cb268d806972 18107ce0 .config log report syz C
ci-upstream-kasan-gce-selinux-root 2018/09/30 16:22 upstream 291d0e5d81e1 41e4b329 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2019/02/23 14:16 linux-next 94a47529a645 18107ce0 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2018/09/30 17:19 linux-next 4794a36bf08d 41e4b329 .config log report syz C
ci-upstream-kasan-gce-smack-root 2021/07/28 21:57 upstream 4010a528219e 9a4781d4 .config log report info INFO: task hung in process_measurement
ci-upstream-kasan-gce-root 2021/07/23 03:42 upstream 9bead1b58c4c bc5f1d88 .config log report info INFO: task hung in process_measurement
ci-upstream-kasan-gce-root 2021/07/01 11:46 upstream dbe69e433722 658ebc66 .config log report info INFO: task hung in process_measurement
ci-upstream-kasan-gce-smack-root 2019/11/13 02:00 upstream 100d46bd72ec 048f2d49 .config log report
ci-upstream-kasan-gce-root 2019/08/17 08:19 upstream 2d63ba3e41db 8fd428a1 .config log report
ci-upstream-kasan-gce-smack-root 2019/07/26 17:32 upstream 6789f873ed37 3e5d1beb .config log report
ci-upstream-kasan-gce-smack-root 2019/03/11 16:41 upstream 12ad143e1b80 12365b99 .config log report
ci-upstream-kasan-gce-smack-root 2019/02/03 17:59 upstream 12491ed354d2 c198d5dd .config log report
ci-upstream-kasan-gce-root 2019/01/25 10:21 upstream d73aba1115cf b5d78bce .config log report
ci-upstream-kasan-gce-selinux-root 2019/01/05 01:57 upstream 96d4f267e40f 0127e3ba .config log report
ci-upstream-kasan-gce-root 2018/12/14 06:58 upstream 65e08c5e8631 fe7127be .config log report
ci-upstream-kasan-gce-root 2018/11/24 10:51 upstream 7c98a4261827 ecc7c870 .config log report
ci-upstream-kasan-gce-smack-root 2018/11/22 16:51 upstream 92b419289cee 2ee77802 .config log report
ci-upstream-kasan-gce-smack-root 2018/11/20 01:08 upstream f2ce1065e767 adf636a8 .config log report
ci-upstream-kasan-gce-selinux-root 2018/11/18 15:42 upstream 1ce80e0fe98e adf636a8 .config log report
ci-upstream-kasan-gce-root 2018/11/14 13:35 upstream ccda4af0f4b9 5f5f6d14 .config log report
ci-upstream-kasan-gce-smack-root 2018/10/22 14:32 upstream 84df9525b0c2 ecb386fe .config log report
ci-upstream-kasan-gce-smack-root 2018/10/16 00:33 upstream f0a7d1883d9f 8cd30605 .config log report
ci-upstream-kasan-gce-smack-root 2018/10/11 00:14 upstream b8db9e69dba9 5f818b4b .config log report
ci-upstream-kasan-gce-smack-root 2018/10/08 23:42 upstream 0854ba5ff5c9 8b311eaf .config log report
ci-upstream-kasan-gce-smack-root 2018/10/05 05:04 upstream 10be83cc6418 8b311eaf .config log report
ci-upstream-kasan-gce-smack-root 2018/09/30 11:59 upstream 291d0e5d81e1 41e4b329 .config log report
ci-upstream-kasan-gce-selinux-root 2018/09/30 11:59 upstream 291d0e5d81e1 41e4b329 .config log report
ci-upstream-net-this-kasan-gce 2018/10/09 04:04 net e2a322a0c8ce 8b311eaf .config log report
ci-upstream-net-this-kasan-gce 2018/10/06 14:47 net 35f3625c2185 8b311eaf .config log report
ci-upstream-net-this-kasan-gce 2018/10/03 13:54 net 45ec318578c0 0f3e0261 .config log report
ci-upstream-net-this-kasan-gce 2018/10/02 23:23 net ad5f97faff42 a316a2af .config log report
ci-upstream-net-this-kasan-gce 2018/10/02 08:04 net 1ad98e9d1bdf e06f7713 .config log report
ci-upstream-net-this-kasan-gce 2018/10/01 06:50 net 43955a45dc0b 41e4b329 .config log report
ci-upstream-net-this-kasan-gce 2018/09/30 20:03 net 43955a45dc0b 41e4b329 .config log report
ci-upstream-net-this-kasan-gce 2018/09/28 08:01 net d4ce58082f20 0c2fa87b .config log report
ci-upstream-net-this-kasan-gce 2018/09/28 06:44 net d4ce58082f20 0c2fa87b .config log report
ci-upstream-net-kasan-gce 2019/03/12 22:30 net-next d9862cfbe209 a71bfb62 .config log report
ci-upstream-net-kasan-gce 2018/10/26 14:20 net-next 44adbac8f721 a8292de9 .config log report
ci-upstream-net-kasan-gce 2018/10/25 11:17 net-next 44adbac8f721 a8292de9 .config log report
ci-upstream-net-kasan-gce 2018/10/20 02:03 net-next 9333f2079203 ecb386fe .config log report
ci-upstream-net-kasan-gce 2018/10/17 14:24 net-next aadd4355918f 1ba7fd7e .config log report
ci-upstream-net-kasan-gce 2018/10/08 02:25 net-next 5057ef7f566d 8b311eaf .config log report
ci-upstream-net-kasan-gce 2018/10/07 17:28 net-next 72438f8cef4e 8b311eaf .config log report
ci-upstream-linux-next-kasan-gce-root 2019/01/13 11:19 linux-next b808822a75a3 c3f3344c .config log report
ci-upstream-linux-next-kasan-gce-root 2019/01/08 02:56 linux-next a85b6b4f6416 69d69aa9 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/11/26 06:28 linux-next 442b8cea2477 3d3ec907 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/11/18 21:54 linux-next 442b8cea2477 adf636a8 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/11/16 21:24 linux-next 442b8cea2477 b08ee62a .config log report
ci-upstream-linux-next-kasan-gce-root 2018/10/10 07:46 linux-next 7f3049305d22 8b311eaf .config log report
ci-upstream-linux-next-kasan-gce-root 2018/10/10 01:44 linux-next 570b7bdeaf18 8b311eaf .config log report
ci-upstream-linux-next-kasan-gce-root 2018/10/02 17:13 linux-next 62f3d25900c9 a316a2af .config log report
ci-upstream-linux-next-kasan-gce-root 2018/09/30 12:00 linux-next 4794a36bf08d 41e4b329 .config log report
* Struck through repros no longer work on HEAD.