INFO: task syz-executor.1:22301 can't die for more than 143 seconds. syz-executor.1 R running task 25464 22301 9049 0x00004004 Call Trace: context_switch /kernel/sched/core.c:3254 [inline] __schedule+0x755/0x1580 /kernel/sched/core.c:3880 preempt_schedule_irq+0xb5/0x160 /kernel/sched/core.c:4128 retint_kernel+0x1b/0x2b RIP: 0010:check_memory_region+0x21/0x1a0 /mm/kasan/generic.c:191 Code: 2e 0f 1f 84 00 00 00 00 00 48 85 f6 0f 84 34 01 00 00 48 b8 ff ff ff ff ff 7f ff ff 55 0f b6 d2 48 39 c7 48 89 e5 41 55 41 54 <53> 0f 86 07 01 00 00 4c 8d 5c 37 ff 49 89 f8 48 b8 00 00 00 00 00 RSP: 0018:ffff8880582372e0 EFLAGS: 00000216 ORIG_RAX: ffffffffffffff13 RAX: ffff7fffffffffff RBX: ffff88821b6eabf8 RCX: ffffffff81b0ec6a RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88821b6eabf8 RBP: ffff8880582372f0 R08: ffff888052304480 R09: ffffed100ba409a1 R10: ffffed100ba409a0 R11: ffff88805d204d07 R12: 0000000000075493 R13: dffffc0000000000 R14: ffff88805d204cb8 R15: 0000000000075493 __kasan_check_write+0x14/0x20 /mm/kasan/common.c:98 atomic64_add_return /./include/asm-generic/atomic-instrumented.h:881 [inline] atomic_long_add_return /./include/asm-generic/atomic-long.h:58 [inline] page_counter_charge+0x4a/0xe0 /mm/page_counter.c:79 try_charge+0x2d9/0x1480 /mm/memcontrol.c:2473 mem_cgroup_try_charge+0x136/0x590 /mm/memcontrol.c:6094 __add_to_page_cache_locked+0x43f/0xec0 /mm/filemap.c:857 add_to_page_cache_lru+0x1d8/0x790 /mm/filemap.c:934 mpage_readpages+0x344/0x630 /fs/mpage.c:399 blkdev_readpages+0x2d/0x40 /fs/block_dev.c:620 read_pages+0x108/0x540 /mm/readahead.c:126 __do_page_cache_readahead+0x3bd/0x5d0 /mm/readahead.c:190 ra_submit /mm/internal.h:62 [inline] do_sync_mmap_readahead /mm/filemap.c:2463 [inline] filemap_fault+0x1389/0x2840 /mm/filemap.c:2549 __do_fault+0x111/0x540 /mm/memory.c:3087 do_shared_fault /mm/memory.c:3539 [inline] do_fault /mm/memory.c:3617 [inline] handle_pte_fault /mm/memory.c:3844 [inline] __handle_mm_fault+0x2ae5/0x3f20 /mm/memory.c:3968 handle_mm_fault+0x1b5/0x6b0 /mm/memory.c:4005 do_user_addr_fault /arch/x86/mm/fault.c:1444 [inline] __do_page_fault+0x536/0xdd0 /arch/x86/mm/fault.c:1510 do_page_fault+0x71/0x5e1 /arch/x86/mm/fault.c:1541 page_fault+0x1e/0x30 /arch/x86/entry/entry_64.S:1182 RIP: 0033:0x400590 Code: Bad RIP value. RSP: 002b:00007ffea44f1f60 EFLAGS: 00010202 RAX: 0000000000000005 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005 RBP: 0000000000760f80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000438c70 R11: 0000000000000012 R12: 00000000004c5c44 R13: 000000000000012c R14: 0000000000760f88 R15: fffffffffffffffe INFO: task syz-executor.1:22333 can't die for more than 144 seconds. syz-executor.1 R running task 20968 22333 9049 0x00004006 Call Trace: Showing all locks held in the system: 1 lock held by khungtaskd/1056: #0: 0000000031a6d643 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e /kernel/locking/lockdep.c:5257 1 lock held by rsyslogd/8916: #0: 000000002e95f723 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 /fs/file.c:801 2 locks held by getty/9006: #0: 000000009c0a588d (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 /drivers/tty/tty_ldsem.c:341 #1: 0000000020a9b1c1 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 /drivers/tty/n_tty.c:2156 2 locks held by getty/9007: #0: 00000000f3928edf (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 /drivers/tty/tty_ldsem.c:341 #1: 0000000058e3c751 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 /drivers/tty/n_tty.c:2156 2 locks held by getty/9008: #0: 00000000d9014ba6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 /drivers/tty/tty_ldsem.c:341 #1: 00000000d2c67baa (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 /drivers/tty/n_tty.c:2156 2 locks held by getty/9009: #0: 000000002df25685 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 /drivers/tty/tty_ldsem.c:341 #1: 00000000cb3402ec (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 /drivers/tty/n_tty.c:2156 2 locks held by getty/9010: #0: 000000004fe21c27 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 /drivers/tty/tty_ldsem.c:341 #1: 00000000f881f72e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 /drivers/tty/n_tty.c:2156 2 locks held by getty/9011: #0: 000000000c816657 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 /drivers/tty/tty_ldsem.c:341 #1: 000000001a9d1190 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 /drivers/tty/n_tty.c:2156 2 locks held by getty/9012: #0: 0000000069cf8745 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 /drivers/tty/tty_ldsem.c:341 #1: 000000007175c653 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 /drivers/tty/n_tty.c:2156 1 lock held by syz-executor.1/22333: ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1056 Comm: khungtaskd Not tainted 5.2.0-next-20190718 #41 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack /lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 /lib/dump_stack.c:113 nmi_cpu_backtrace.cold+0x70/0xb2 /lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x23b/0x28b /lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 /arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace /./include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks /kernel/hung_task.c:249 [inline] watchdog+0xc54/0x1320 /kernel/hung_task.c:333 kthread+0x361/0x430 /kernel/kthread.c:255 ret_from_fork+0x24/0x30 /arch/x86/entry/entry_64.S:352 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 22333 Comm: syz-executor.1 Not tainted 5.2.0-next-20190718 #41 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x50 /kernel/kcov.c:95 Code: 89 25 34 ad 18 09 41 bc f4 ff ff ff e8 fd a2 e9 ff 48 c7 05 1e ad 18 09 00 00 00 00 e9 77 e9 ff ff 90 90 90 90 90 90 90 90 90 <55> 48 89 e5 65 48 8b 04 25 c0 fd 01 00 65 8b 15 84 78 8f 7e 81 e2 RSP: 0018:ffff8880ae809e10 EFLAGS: 00000002 RAX: 0000000080010001 RBX: 0000000000000001 RCX: ffffffff8162eb35 RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000001 RBP: ffff8880ae809f08 R08: ffff88805941a300 R09: fffffbfff134a400 R10: fffffbfff134a3ff R11: ffffffff89a51fff R12: 000002eb8dd84af1 R13: ffff88809dec26d8 R14: ffff8880ae826d80 R15: dffffc0000000000 FS: 00007f34b49f9700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000863e80 CR3: 00000000528e3000 CR4: 00000000001426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: hrtimer_interrupt+0x314/0x770 /kernel/time/hrtimer.c:1509 local_apic_timer_interrupt /arch/x86/kernel/apic/apic.c:1068 [inline] smp_apic_timer_interrupt+0x160/0x610 /arch/x86/kernel/apic/apic.c:1093 apic_timer_interrupt+0xf/0x20 /arch/x86/entry/entry_64.S:828 RIP: 0010:write_comp_data+0x1e/0x70 /kernel/kcov.c:123 Code: 48 89 34 d1 48 89 11 5d c3 0f 1f 00 65 4c 8b 04 25 c0 fd 01 00 65 8b 05 38 78 8f 7e a9 00 01 1f 00 75 51 41 8b 80 f8 12 00 00 <83> f8 03 75 45 49 8b 80 00 13 00 00 45 8b 80 fc 12 00 00 4c 8b 08 RSP: 0018:ffff888057997430 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000002 RBX: 0000000000001000 RCX: ffffffff81c7fe1b RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 RBP: ffff888057997438 R08: ffff88805941a300 R09: fffff94000df89d1 R10: fffff94000df89d0 R11: ffffea0006fc4e87 R12: ffffea0006fc4e80 R13: dead000000000100 R14: 000000000007a33d R15: ffff888057997630 compound_head /./include/linux/page-flags.h:174 [inline] PageUptodate /./include/linux/page-flags.h:491 [inline] do_mpage_readpage+0x185b/0x2220 /fs/mpage.c:287 mpage_readpages+0x388/0x630 /fs/mpage.c:404 blkdev_readpages+0x2d/0x40 /fs/block_dev.c:620 read_pages+0x108/0x540 /mm/readahead.c:126 __do_page_cache_readahead+0x4e0/0x5d0 /mm/readahead.c:212 ra_submit /mm/internal.h:62 [inline] do_sync_mmap_readahead /mm/filemap.c:2463 [inline] filemap_fault+0x1389/0x2840 /mm/filemap.c:2549 __do_fault+0x111/0x540 /mm/memory.c:3087 do_read_fault /mm/memory.c:3484 [inline] do_fault /mm/memory.c:3613 [inline] handle_pte_fault /mm/memory.c:3844 [inline] __handle_mm_fault+0x2cbe/0x3f20 /mm/memory.c:3968 handle_mm_fault+0x1b5/0x6b0 /mm/memory.c:4005 do_user_addr_fault /arch/x86/mm/fault.c:1444 [inline] __do_page_fault+0x536/0xdd0 /arch/x86/mm/fault.c:1510 do_page_fault+0x71/0x5e1 /arch/x86/mm/fault.c:1541 page_fault+0x1e/0x30 /arch/x86/entry/entry_64.S:1182 RIP: 0010:__get_user_8+0x21/0x2b /arch/x86/lib/getuser.S:95 Code: 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 48 8b 14 25 c0 fd 01 00 48 3b 82 18 14 00 00 73 13 48 19 d2 48 21 d0 0f 1f 00 <48> 8b 50 f9 31 c0 0f 1f 00 c3 31 d2 48 c7 c0 f2 ff ff ff 0f 1f 00 RSP: 0018:ffff888057997ee8 EFLAGS: 00010206 RAX: 0000000020000047 RBX: 0000000000000101 RCX: ffffc90008162000 RDX: ffffffffffffffff RSI: ffffffff819cf3a3 RDI: 0000000000000282 RBP: ffff888057997f10 R08: 0000000000000001 R09: ffff88805941ab90 R10: fffffbfff134a3ff R11: ffffffff89a51fff R12: ffff888057997f58 R13: ffffffff88d2f120 R14: 0000000020000040 R15: 0000000000000000 do_syscall_64+0xfd/0x6a0 /arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459819 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f34b49f8c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000459819 RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000101 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f34b49f96d4 R13: 00000000004c0bf8 R14: 00000000004d39d0 R15: 00000000ffffffff