audit: type=1326 audit(1537653723.295:2386208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6582 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x457679 code=0x50000
audit: type=1326 audit(1537653723.295:2386209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6583 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x457679 code=0x50000
audit: type=1326 audit(1537653723.295:2386210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6582 comm="syz-executor2" exe="/root/syz-executor2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x457679 code=0x50000
INFO: task syz-executor1:8902 blocked for more than 140 seconds.
Not tainted 4.14.71+ #8
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor1 D28560 8902 1851 0x00000004
Call Trace:
schedule+0x7f/0x1b0 kernel/sched/core.c:3490
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
binder_alloc_new_buf+0x33/0xfd0 drivers/android/binder_alloc.c:540
binder_transaction+0x16c6/0x5f10 drivers/android/binder.c:3125
binder_thread_write+0x90e/0x2020 drivers/android/binder.c:3687
binder_ioctl_write_read drivers/android/binder.c:4627 [inline]
binder_ioctl+0x1122/0x18b1 drivers/android/binder.c:4803
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x1a0/0x1030 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7e/0xb0 fs/ioctl.c:692
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457679
RSP: 002b:00007f5810855c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f58108566d4 RCX: 0000000000457679
RDX: 0000000020000200 RSI: 00000000c0306201 RDI: 0000000000000008
RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004ce440 R14: 00000000004be99e R15: 0000000000000001
Showing all locks held in the system:
1 lock held by khungtaskd/23:
#0: (tasklist_lock){.+.+}, at: [<ffffffff9da01e67>] debug_show_all_locks+0x74/0x20f kernel/locking/lockdep.c:4541
1 lock held by rsyslogd/1633:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff9ddbd162>] __fdget_pos+0xa2/0xc0 fs/file.c:768
2 locks held by getty/1761:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff9e5245e0>] tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275
#1: (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff9e51fb5f>] n_tty_read+0x1ff/0x15e0 drivers/tty/n_tty.c:2142
1 lock held by syz-executor1/8902:
#0: (&alloc->mutex){+.+.}, at: [<ffffffff9ea22e63>] binder_alloc_new_buf+0x33/0xfd0 drivers/android/binder_alloc.c:540
1 lock held by init/8918:
#0: (tty_mutex){+.+.}, at: [<ffffffff9e513fd8>] tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff9e513fd8>] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
1 lock held by init/8919:
#0: (tty_mutex){+.+.}, at: [<ffffffff9e513fd8>] tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff9e513fd8>] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
1 lock held by init/8920:
#0: (tty_mutex){+.+.}, at: [<ffffffff9e513fd8>] tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff9e513fd8>] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
1 lock held by init/8921:
#0: (tty_mutex){+.+.}, at: [<ffffffff9e513fd8>] tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff9e513fd8>] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
1 lock held by init/8922:
#0: (tty_mutex){+.+.}, at: [<ffffffff9e513fd8>] tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff9e513fd8>] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
1 lock held by init/8923:
#0: (tty_mutex){+.+.}, at: [<ffffffff9e513fd8>] tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
#0: (tty_mutex){+.+.}, at: [<ffffffff9e513fd8>] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 23 Comm: khungtaskd Not tainted 4.14.71+ #8
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x11b lib/dump_stack.c:53
nmi_cpu_backtrace.cold.0+0x47/0x85 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x121/0x146 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
watchdog+0x574/0xa70 kernel/hung_task.c:252
kthread+0x348/0x420 kernel/kthread.c:232
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 6582 Comm: syz-executor2 Not tainted 4.14.71+ #8
task: ffff8801d324c680 task.stack: ffff8801cebf8000
RIP: 0010:__read_once_size include/linux/compiler.h:183 [inline]
RIP: 0010:atomic_read arch/x86/include/asm/atomic.h:27 [inline]
RIP: 0010:static_key_count include/linux/jump_label.h:191 [inline]
RIP: 0010:static_key_false include/linux/jump_label.h:201 [inline]
RIP: 0010:trace_sched_util_est_cpu include/trace/events/sched.h:1031 [inline]
RIP: 0010:util_est_enqueue kernel/sched/fair.c:3713 [inline]
RIP: 0010:enqueue_task_fair+0x19c/0x71e0 kernel/sched/fair.c:5202
RSP: 0018:ffff8801cebff8e0 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 000000000000017f RCX: 1ffff1003a6499d5
RDX: 1ffffffff4004dd5 RSI: 0000000000000000 RDI: ffffffffa0026ea8
RBP: ffff8801cebff998 R08: 0000000000000008 R09: 0000000010951211
R10: ffffed0043fffa01 R11: 000000646f31fac0 R12: 000000000000043a
R13: ffff8801da319800 R14: ffff8801dba2a368 R15: ffff8801da319780
FS: 00007f3ced12b700(0000) GS:ffff8801dba00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2e78b24a30 CR3: 00000001d1b0e006 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ttwu_activate kernel/sched/core.c:1680 [inline]
ttwu_do_activate+0xd5/0x1f0 kernel/sched/core.c:1739
ttwu_queue kernel/sched/core.c:1884 [inline]
try_to_wake_up+0x751/0x1230 kernel/sched/core.c:2123
autoremove_wake_function+0x12/0x140 kernel/sched/wait.c:377
__wake_up_common+0x109/0x5a0 kernel/sched/wait.c:97
__wake_up_common_lock+0xc5/0x120 kernel/sched/wait.c:125
audit_log_end+0xfd/0x270 kernel/audit.c:2311
__audit_seccomp+0x14e/0x1a0 kernel/auditsc.c:2458
audit_seccomp include/linux/audit.h:318 [inline]
seccomp_log kernel/seccomp.c:607 [inline]
__seccomp_filter+0x331/0xce0 kernel/seccomp.c:770
__secure_computing+0x9c/0x310 kernel/seccomp.c:798
syscall_trace_enter+0x506/0xc10 arch/x86/entry/common.c:120
do_syscall_64+0x331/0x4b0 arch/x86/entry/common.c:280
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457679
RSP: 002b:00007f3ced12acf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000000 RBX: 000000000072bf08 RCX: 0000000000457679
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000072bf08
RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000072bf0c
R13: 00007ffc4cf9614f R14: 00007f3ced12b9c0 R15: 0000000000000000
Code: a8 6e 02 a0 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e b7 6b 00 00 8b 05 8c 4e 69 02 <85> c0 0f 8f f2 3f 00 00 65 8b 05 05 61 68 62 89 c0 48 0f a3 05