bisecting cause commit starting from c60174717544aa8959683d7e19d568309c3a0c65 building syzkaller on 8b96726707a5846209f943c978ccd7eeb1dd6f5e testing commit c60174717544aa8959683d7e19d568309c3a0c65 with gcc (GCC) 8.1.0 kernel signature: 577df449e882e12c2dddca01c8d1c778138a6716 run #0: crashed: INFO: task hung in do_fb_ioctl run #1: crashed: INFO: task hung in do_fb_ioctl run #2: crashed: INFO: task hung in do_fb_ioctl run #3: crashed: INFO: task hung in do_fb_ioctl run #4: crashed: INFO: task hung in do_fb_ioctl run #5: crashed: INFO: task hung in do_fb_ioctl run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: b65b4b5d4255410fb3509e327abad52b11aaef60 run #0: crashed: INFO: task hung in do_fb_ioctl run #1: crashed: INFO: task hung in do_fb_ioctl run #2: crashed: INFO: task hung in do_fb_ioctl run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 4508d27c4ef6364e484f484448de8d8085f2e640 run #0: crashed: INFO: task hung in do_fb_ioctl run #1: crashed: INFO: task hung in do_fb_ioctl run #2: crashed: INFO: task hung in do_fb_ioctl run #3: crashed: INFO: task hung in do_fb_ioctl run #4: crashed: INFO: task hung in fb_open run #5: crashed: INFO: task hung in do_fb_ioctl run #6: crashed: INFO: task hung in do_fb_ioctl run #7: OK run #8: OK run #9: OK testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: bbb8383101be875fb7b7350e7437c51b28aafd3d run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor025038550" "root@10.128.10.56:./syz-executor025038550"]: exit status 1 ssh: connect to host 10.128.10.56 port 22: Connection timed out lost connection run #1: crashed: INFO: task hung in do_fb_ioctl run #2: crashed: INFO: task hung in do_fb_ioctl run #3: crashed: INFO: task hung in do_fb_ioctl run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: ea7fb3b5ff3e1e2a5782f5fde0ec3c1b728cfc55 run #0: crashed: INFO: task hung in do_fb_ioctl run #1: crashed: INFO: task hung in do_fb_ioctl run #2: crashed: INFO: task hung in do_fb_ioctl run #3: crashed: INFO: task hung in do_fb_ioctl run #4: crashed: INFO: task hung in fb_release run #5: crashed: INFO: task hung in do_fb_ioctl run #6: crashed: INFO: task hung in do_fb_ioctl run #7: crashed: INFO: task hung in do_fb_ioctl run #8: OK run #9: OK testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: dcf5e109d35149c026149e1429d5895d4e7e35f9 run #0: crashed: INFO: task hung in do_fb_ioctl run #1: crashed: INFO: task hung in do_fb_ioctl run #2: crashed: INFO: task hung in do_fb_ioctl run #3: crashed: INFO: task hung in do_fb_ioctl run #4: crashed: INFO: task hung in do_fb_ioctl run #5: crashed: INFO: task hung in fb_release run #6: crashed: INFO: task hung in do_fb_ioctl run #7: crashed: INFO: task hung in do_fb_ioctl run #8: crashed: INFO: task hung in do_fb_ioctl run #9: crashed: INFO: task hung in do_fb_ioctl testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 3c5b9d07bf7f46d4eeb1522e9a8739d34407d43b run #0: crashed: INFO: task hung in fb_release run #1: crashed: INFO: task hung in fb_open run #2: crashed: INFO: task hung in do_fb_ioctl run #3: crashed: INFO: task hung in do_fb_ioctl run #4: crashed: INFO: task hung in do_fb_ioctl run #5: crashed: INFO: task hung in do_fb_ioctl run #6: crashed: INFO: task hung in do_fb_ioctl run #7: crashed: INFO: task hung in do_fb_ioctl run #8: crashed: INFO: task hung in do_fb_ioctl run #9: OK testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: ca1697293f4e3a8c2806651e2f2795f9fb98766d run #0: crashed: INFO: task hung in do_fb_ioctl run #1: crashed: INFO: task hung in do_fb_ioctl run #2: crashed: INFO: task hung in do_fb_ioctl run #3: crashed: INFO: task hung in do_fb_ioctl run #4: crashed: INFO: task hung in do_fb_ioctl run #5: crashed: INFO: task hung in do_fb_ioctl run #6: crashed: INFO: task hung in do_fb_ioctl run #7: crashed: INFO: task hung in do_fb_ioctl run #8: crashed: INFO: task hung in do_fb_ioctl run #9: OK testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 50f78b10cfbf3194e708223e168162fc0ca038f3 run #0: crashed: INFO: task hung in do_fb_ioctl run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: f9dbdc3a00c146e26cc3d0a068bbbedd413addf3 run #0: crashed: INFO: task hung in do_fb_ioctl run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 413da5c6c14cb7f1c444665ec3c391e9e3b66d5c all runs: OK # git bisect start 29dcea88779c856c7dc92040a0c01233263101d4 0adb32858b0bddf4ada5f364a84ed60b196dbcda Bisecting: 7380 revisions left to test after this (roughly 13 steps) [97b1255cb27c551d7c3c5c496d787da40772da99] mm,oom_reaper: check for MMF_OOM_SKIP before complaining testing commit 97b1255cb27c551d7c3c5c496d787da40772da99 with gcc (GCC) 8.1.0 kernel signature: 14f05e2c50ed58b00f6bcd84f5e34a194977f184 run #0: crashed: INFO: task hung in do_fb_ioctl run #1: crashed: INFO: task hung in do_fb_ioctl run #2: crashed: INFO: task hung in fb_release run #3: crashed: INFO: task hung in fb_release run #4: crashed: INFO: task hung in do_fb_ioctl run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 97b1255cb27c551d7c3c5c496d787da40772da99 Bisecting: 4372 revisions left to test after this (roughly 12 steps) [bb2407a7219760926760f0448fddf00d625e5aec] Merge tag 'docs-4.17' of git://git.lwn.net/linux testing commit bb2407a7219760926760f0448fddf00d625e5aec with gcc (GCC) 8.1.0 kernel signature: a5a99ebec8a9095337b2f6cfc671db7ba553b004 run #0: crashed: INFO: task hung in do_fb_ioctl run #1: crashed: INFO: task hung in do_fb_ioctl run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad bb2407a7219760926760f0448fddf00d625e5aec Bisecting: 1469 revisions left to test after this (roughly 11 steps) [1c7095d2836baafd84e596dd34ba1a1293a4faa9] Merge airlied/drm-next into drm-misc-next testing commit 1c7095d2836baafd84e596dd34ba1a1293a4faa9 with gcc (GCC) 8.1.0 kernel signature: 0110691ccbee9fb7788233b98a5c57ee95bf9ca9 run #0: crashed: INFO: task hung in do_fb_ioctl run #1: crashed: INFO: task hung in do_fb_ioctl run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 1c7095d2836baafd84e596dd34ba1a1293a4faa9 Bisecting: 760 revisions left to test after this (roughly 10 steps) [65ad7cac3866f5fa80dcef3e5048a839046d6a46] drm/amd/pp: Refine powerplay instance testing commit 65ad7cac3866f5fa80dcef3e5048a839046d6a46 with gcc (GCC) 8.1.0 kernel signature: b9dbe28d634d425b347fd31cab34812fca9e395c run #0: crashed: INFO: task hung in do_fb_ioctl run #1: crashed: INFO: task hung in do_fb_ioctl run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 65ad7cac3866f5fa80dcef3e5048a839046d6a46 Bisecting: 379 revisions left to test after this (roughly 9 steps) [5c2ff9a60d2123df1e4ccee363541dd17916ddea] drm/amdgpu: always allocate a PASIDs for each VM v2 testing commit 5c2ff9a60d2123df1e4ccee363541dd17916ddea with gcc (GCC) 8.1.0 kernel signature: ec52c020015d79317b7bac48c233f2eff61887e5 all runs: OK # git bisect good 5c2ff9a60d2123df1e4ccee363541dd17916ddea Bisecting: 189 revisions left to test after this (roughly 8 steps) [25b304471846659c8df353e4ccc50e23b04cea81] drm/amd/display: enable #PME code path for RV. testing commit 25b304471846659c8df353e4ccc50e23b04cea81 with gcc (GCC) 8.1.0 kernel signature: c738810dd34cf93aef61dc5e03aff6c6cbca3385 run #0: crashed: INFO: task hung in do_fb_ioctl run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 25b304471846659c8df353e4ccc50e23b04cea81 Bisecting: 94 revisions left to test after this (roughly 7 steps) [cf5e4a67f410b00799a05ceae48a5ac6b9212191] drm/amd/display: Add debug flag for p010_mpo_support testing commit cf5e4a67f410b00799a05ceae48a5ac6b9212191 with gcc (GCC) 8.1.0 kernel signature: 0aa9cef213f84a8dd057de37adc83a956ce35d5a run #0: crashed: INFO: task hung in do_fb_ioctl run #1: crashed: INFO: task hung in do_fb_ioctl run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad cf5e4a67f410b00799a05ceae48a5ac6b9212191 Bisecting: 47 revisions left to test after this (roughly 6 steps) [f797dd51849ae1f5df481802099c449971b8b939] drm/amdgpu: include new ip and ip offset headers testing commit f797dd51849ae1f5df481802099c449971b8b939 with gcc (GCC) 8.1.0 kernel signature: 6e65733931055bb87818a6aaf9de1747144f96fe run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor877938566" "root@10.128.10.3:./syz-executor877938566"]: exit status 1 ssh: connect to host 10.128.10.3 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good f797dd51849ae1f5df481802099c449971b8b939 Bisecting: 23 revisions left to test after this (roughly 5 steps) [166140fb24638da93013aa909c0268d2a7b9e759] drm/amdgpu: rename amdgpu_update_display_priority testing commit 166140fb24638da93013aa909c0268d2a7b9e759 with gcc (GCC) 8.1.0 kernel signature: f2b0df70a1fed1a42dff03707745f6a28206fe96 run #0: crashed: INFO: task hung in do_fb_ioctl run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 166140fb24638da93013aa909c0268d2a7b9e759 Bisecting: 11 revisions left to test after this (roughly 4 steps) [3c9d1fde7f63b6f7f30e9a5366fbc2fe249e0b74] drm/amd/pp: Add update_avfs call when set_power_state testing commit 3c9d1fde7f63b6f7f30e9a5366fbc2fe249e0b74 with gcc (GCC) 8.1.0 kernel signature: 474ed3397c928de6fde9475d7c029aaa04fc7bbb run #0: crashed: INFO: task hung in do_fb_ioctl run #1: crashed: INFO: task hung in do_fb_ioctl run #2: crashed: INFO: task hung in do_fb_ioctl run #3: crashed: INFO: task hung in do_fb_ioctl run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 3c9d1fde7f63b6f7f30e9a5366fbc2fe249e0b74 Bisecting: 5 revisions left to test after this (roughly 3 steps) [897e1bbeec6bfb52dc075f9100b2a6f209d16583] drm/amd/pp: Add hwmgr interface for edit dpm table testing commit 897e1bbeec6bfb52dc075f9100b2a6f209d16583 with gcc (GCC) 8.1.0 kernel signature: ac408345b8c99432ec691234974e5f0c0780694d all runs: OK # git bisect good 897e1bbeec6bfb52dc075f9100b2a6f209d16583 Bisecting: 2 revisions left to test after this (roughly 2 steps) [b7e919b9403fe5fb653d274d530d5118a3408f1b] drm/amd/pp: Disable OD feature on APU/Iceland testing commit b7e919b9403fe5fb653d274d530d5118a3408f1b with gcc (GCC) 8.1.0 kernel signature: 565e1294b8088dd339c5c3e311bb4819d216ee47 run #0: crashed: INFO: task hung in do_fb_ioctl run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad b7e919b9403fe5fb653d274d530d5118a3408f1b Bisecting: 0 revisions left to test after this (roughly 1 step) [3abb20264db563fc45f78ab323d9c6c4c533efe9] drm/amd/pp: Disable OD feature if VBIOS limits testing commit 3abb20264db563fc45f78ab323d9c6c4c533efe9 with gcc (GCC) 8.1.0 kernel signature: 993ed02fb9f9bec884e90faacbe5ca853a75625b run #0: crashed: INFO: task hung in do_fb_ioctl run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 3abb20264db563fc45f78ab323d9c6c4c533efe9 Bisecting: 0 revisions left to test after this (roughly 0 steps) [e3933f26b657c341055443103bad331f4537b113] drm/amd/pp: Add edit/commit/show OD clock/voltage support in sysfs testing commit e3933f26b657c341055443103bad331f4537b113 with gcc (GCC) 8.1.0 kernel signature: 63e2513239036c92c8a8690b6187475b227a3bc0 run #0: crashed: INFO: task hung in do_fb_ioctl run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad e3933f26b657c341055443103bad331f4537b113 e3933f26b657c341055443103bad331f4537b113 is the first bad commit commit e3933f26b657c341055443103bad331f4537b113 Author: Rex Zhu Date: Tue Jan 16 18:35:15 2018 +0800 drm/amd/pp: Add edit/commit/show OD clock/voltage support in sysfs when cat pp_od_clk_voltage it show OD_SCLK: 0: 300Mhz 800 mV 1: 466Mhz 818 mV 2: 751Mhz 824 mV 3: 1019Mhz 987 mV 4: 1074Mhz 1037 mV 5: 1126Mhz 1087 mV 6: 1169Mhz 1137 mV 7: 1206Mhz 1150 mV OD_MCLK: 0: 300Mhz 800 mV 1: 1650Mhz 1000 mV echo "s/m level clock voltage" to change sclk/mclk's clock and voltage echo "r" to restore default value. echo "c" to commit the user setting. Reviewed-by: Alex Deucher Signed-off-by: Rex Zhu Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_dpm.h | 4 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 98 +++++++++++++++++++++++++- drivers/gpu/drm/amd/include/kgd_pp_interface.h | 1 + drivers/gpu/drm/amd/powerplay/amd_powerplay.c | 19 +++++ 4 files changed, 121 insertions(+), 1 deletion(-) culprit signature: 63e2513239036c92c8a8690b6187475b227a3bc0 parent signature: ac408345b8c99432ec691234974e5f0c0780694d revisions tested: 25, total time: 6h45m47.047760223s (build: 2h12m47.784351524s, test: 4h30m34.03581453s) first bad commit: e3933f26b657c341055443103bad331f4537b113 drm/amd/pp: Add edit/commit/show OD clock/voltage support in sysfs cc: ["airlied@linux.ie" "alexander.deucher@amd.com" "amd-gfx@lists.freedesktop.org" "christian.koenig@amd.com" "david1.zhou@amd.com" "dri-devel@lists.freedesktop.org" "linux-kernel@vger.kernel.org" "rex.zhu@amd.com"] crash: INFO: task hung in do_fb_ioctl kobject: 'lo' (000000004db6931b): kobject_uevent_env kobject: 'lo' (000000004db6931b): kobject_uevent_env: uevent_suppress caused the event to drop! kobject: 'lo' (000000004db6931b): calling ktype release kobject: 'lo': free name INFO: task syz-executor.5:6676 blocked for more than 140 seconds. Not tainted 4.16.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D29288 6676 6636 0x00000004 Call Trace: context_switch kernel/sched/core.c:2857 [inline] __schedule+0x798/0x1f10 kernel/sched/core.c:3435 schedule+0x7f/0x1b0 kernel/sched/core.c:3494 schedule_timeout+0x6f0/0xe00 kernel/time/timer.c:1777 __down_common kernel/locking/semaphore.c:221 [inline] __down+0x180/0x2b0 kernel/locking/semaphore.c:238 down+0x5e/0x80 kernel/locking/semaphore.c:62 console_lock+0x23/0x70 kernel/printk/printk.c:2211 do_fb_ioctl+0x3fa/0x940 drivers/video/fbdev/core/fbmem.c:1114 fb_ioctl+0xcb/0x150 drivers/video/fbdev/core/fbmem.c:1235 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x196/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x74/0x80 fs/ioctl.c:692 do_syscall_64+0x1c9/0x6a0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x45a919 RSP: 002b:00007f3e472fcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a919 RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3e472fd6d4 R13: 00000000004c310d R14: 00000000004d8498 R15: 00000000ffffffff Showing all locks held in the system: 2 locks held by khungtaskd/1040: #0: (rcu_read_lock){....}, at: [<000000001ae45ed5>] check_hung_uninterruptible_tasks kernel/hung_task.c:175 [inline] #0: (rcu_read_lock){....}, at: [<000000001ae45ed5>] watchdog+0xfc/0x8d0 kernel/hung_task.c:249 #1: (tasklist_lock){.+.+}, at: [<0000000056f59066>] debug_show_all_locks+0x79/0x222 kernel/locking/lockdep.c:4470 1 lock held by rsyslogd/6422: #0: (&f->f_pos_lock){+.+.}, at: [<0000000024160c64>] __fdget_pos+0x8e/0xc0 fs/file.c:765 2 locks held by getty/6512: #0: (&tty->ldisc_sem){++++}, at: [<00000000c1980b1e>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000bfc71959>] n_tty_read+0x1ee/0x16c0 drivers/tty/n_tty.c:2131 2 locks held by getty/6513: #0: (&tty->ldisc_sem){++++}, at: [<00000000c1980b1e>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000bfc71959>] n_tty_read+0x1ee/0x16c0 drivers/tty/n_tty.c:2131 2 locks held by getty/6514: #0: (&tty->ldisc_sem){++++}, at: [<00000000c1980b1e>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000bfc71959>] n_tty_read+0x1ee/0x16c0 drivers/tty/n_tty.c:2131 2 locks held by getty/6515: #0: (&tty->ldisc_sem){++++}, at: [<00000000c1980b1e>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000bfc71959>] n_tty_read+0x1ee/0x16c0 drivers/tty/n_tty.c:2131 2 locks held by getty/6516: #0: (&tty->ldisc_sem){++++}, at: [<00000000c1980b1e>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000bfc71959>] n_tty_read+0x1ee/0x16c0 drivers/tty/n_tty.c:2131 2 locks held by getty/6517: #0: (&tty->ldisc_sem){++++}, at: [<00000000c1980b1e>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000bfc71959>] n_tty_read+0x1ee/0x16c0 drivers/tty/n_tty.c:2131 2 locks held by getty/6518: #0: (&tty->ldisc_sem){++++}, at: [<00000000c1980b1e>] ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000bfc71959>] n_tty_read+0x1ee/0x16c0 drivers/tty/n_tty.c:2131 1 lock held by syz-executor.4/6677: #0: (&fb_info->lock){+.+.}, at: [<00000000fd961c7a>] fb_release+0x4d/0x140 drivers/video/fbdev/core/fbmem.c:1490 1 lock held by syz-executor.1/6682: #0: (&fb_info->lock){+.+.}, at: [<00000000fd961c7a>] fb_release+0x4d/0x140 drivers/video/fbdev/core/fbmem.c:1490 1 lock held by syz-executor.0/6714: #0: (&fb_info->lock){+.+.}, at: [<0000000055e728ee>] fb_open+0x9f/0x390 drivers/video/fbdev/core/fbmem.c:1461 1 lock held by syz-executor.0/6718: #0: (&fb_info->lock){+.+.}, at: [<0000000055e728ee>] fb_open+0x9f/0x390 drivers/video/fbdev/core/fbmem.c:1461 1 lock held by syz-executor.3/6717: #0: (&fb_info->lock){+.+.}, at: [<0000000055e728ee>] fb_open+0x9f/0x390 drivers/video/fbdev/core/fbmem.c:1461 1 lock held by syz-executor.3/6719: #0: (&fb_info->lock){+.+.}, at: [<0000000055e728ee>] fb_open+0x9f/0x390 drivers/video/fbdev/core/fbmem.c:1461 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1040 Comm: khungtaskd Not tainted 4.16.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xed/0x131 lib/dump_stack.c:53 nmi_cpu_backtrace.cold.5+0x13/0xb2 lib/nmi_backtrace.c:103 nmi_trigger_cpumask_backtrace+0xf4/0x118 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline] check_hung_task kernel/hung_task.c:132 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:190 [inline] watchdog+0x5a8/0x8d0 kernel/hung_task.c:249 kthread+0x316/0x3d0 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:429 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 6652 Comm: syz-executor.2 Not tainted 4.16.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:bitfill_aligned+0x30/0x120 drivers/video/fbdev/core/cfbfillrect.c:44 RSP: 0018:ffff880088387140 EFLAGS: 00000246 RAX: 0000000000000028 RBX: 0000000000000a00 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff8800000a0000 RDI: 0000000000000000 RBP: ffff880088387150 R08: 0000000000000a00 R09: 0000000000000040 R10: ffffffffffffffff R11: 0000000000000000 R12: ffffffffffffffff R13: ffff8800a5e22c40 R14: 00000000698037fc R15: ffffed0014bc45c4 FS: 00007f0a9bf79700(0000) GS:ffff8800aed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000a78030 CR3: 000000009797a000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: cfb_fillrect+0x3e8/0x750 drivers/video/fbdev/core/cfbfillrect.c:327 vga16fb_fillrect+0x5ac/0x19b0 drivers/video/fbdev/vga16fb.c:951 bit_clear_margins+0x392/0x610 drivers/video/fbdev/core/bitblit.c:232 fbcon_clear_margins+0x1b1/0x330 drivers/video/fbdev/core/fbcon.c:1324 fbcon_switch+0xbe9/0x1982 drivers/video/fbdev/core/fbcon.c:2306 redraw_screen+0x313/0x810 drivers/tty/vt/vt.c:690 fbcon_modechanged+0x56f/0x890 drivers/video/fbdev/core/fbcon.c:2953 fbcon_event_notify+0xcc/0x1980 drivers/video/fbdev/core/fbcon.c:3306 notifier_call_chain+0x8a/0x160 kernel/notifier.c:93 __blocking_notifier_call_chain kernel/notifier.c:317 [inline] blocking_notifier_call_chain+0x6b/0xa0 kernel/notifier.c:328 fb_notifier_call_chain+0x16/0x20 drivers/video/fbdev/core/fb_notify.c:45 fb_set_var+0xadd/0xf60 drivers/video/fbdev/core/fbmem.c:1047 do_fb_ioctl+0x44c/0x940 drivers/video/fbdev/core/fbmem.c:1120 fb_ioctl+0xcb/0x150 drivers/video/fbdev/core/fbmem.c:1235 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x196/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x74/0x80 fs/ioctl.c:692 do_syscall_64+0x1c9/0x6a0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x26/0x9b RIP: 0033:0x45a919 RSP: 002b:00007f0a9bf78c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a919 RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0a9bf796d4 R13: 00000000004c310d R14: 00000000004d8498 R15: 00000000ffffffff Code: e2 00 00 00 55 41 89 d3 48 89 cf 89 d1 48 89 e5 41 54 49 c7 c2 ff ff ff ff 53 42 8d 1c 02 31 d2 4d 89 d4 89 d8 49 d3 e4 41 f7 f1 <89> d1 49 d3 e2 44 39 cb 49 f7 d2 77 21 4c 89 e0 4c 21 d0 4d 85