From: syzbot <syzbot+585ef057d3538fcc1639@syzkaller.appspotmail.com>
To: daniel.vetter@ffwll.ch, ghalat@redhat.com,
gregkh@linuxfoundation.org, jslaby@suse.com,
linux-kernel@vger.kernel.org, nico@fluxnic.net, sam@ravnborg.org,
syzkaller-bugs@googlegroups.com, textshell@uchuujin.de
Subject: INFO: task hung in release_tty
Date: Tue, 07 Jan 2020 00:17:09 -0800 [thread overview]
Message-ID: <000000000000078348059b8867d2@google.com> (raw)
Hello,
syzbot found the following crash on:
HEAD commit: fd698849 Linux 5.5-rc4
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=135b29c1e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=874bac2ff63646fa
dashboard link: https://syzkaller.appspot.com/bug?extid=585ef057d3538fcc1639
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+585ef057d3538fcc1639@syzkaller.appspotmail.com
INFO: task syz-executor.3:5749 blocked for more than 143 seconds.
Not tainted 5.5.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3 D28160 5749 9203 0x80004002
Call Trace:
context_switch kernel/sched/core.c:3385 [inline]
__schedule+0x934/0x1f90 kernel/sched/core.c:4081
schedule+0xdc/0x2b0 kernel/sched/core.c:4155
schedule_timeout+0x717/0xc50 kernel/time/timer.c:1871
__down_common kernel/locking/semaphore.c:220 [inline]
__down+0x176/0x2c0 kernel/locking/semaphore.c:237
down+0x64/0x90 kernel/locking/semaphore.c:61
console_lock+0x29/0x80 kernel/printk/printk.c:2289
con_shutdown+0x41/0x90 drivers/tty/vt/vt.c:3277
release_tty+0xd3/0x470 drivers/tty/tty_io.c:1514
tty_release_struct+0x3c/0x50 drivers/tty/tty_io.c:1629
tty_release+0xbcb/0xe90 drivers/tty/tty_io.c:1789
__fput+0x2ff/0x890 fs/file_table.c:280
____fput+0x16/0x20 fs/file_table.c:313
task_work_run+0x145/0x1c0 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0x8e7/0x2ef0 kernel/exit.c:797
do_group_exit+0x135/0x360 kernel/exit.c:895
__do_sys_exit_group kernel/exit.c:906 [inline]
__se_sys_exit_group kernel/exit.c:904 [inline]
__x64_sys_exit_group+0x44/0x50 kernel/exit.c:904
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a9e9
Code: bd 4c 00 00 b9 00 00 40 00 e8 b3 4c 00 00 90 cc cc 64 48 8b 0c 25 f8
ff ff ff 48 3b 61 10 0f 86 ff 00 00 00 48 83 ec 40 48 89 <6c> 24 38 48 8d
6c 24 38 48 8b 42 08 48 89 44 24 30 84 00 48 8b 4a
RSP: 002b:0000000000a6fae8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 000000000045a9e9
RDX: 00000000004144c1 RSI: 0000000000a770d0 RDI: 0000000000000000
RBP: 00000000004c0308 R08: 000000000000000c R09: 0000000000a6fbf0
R10: 0000000000f72940 R11: 0000000000000246 R12: 000000000075bfc8
R13: 0000000000000004 R14: 0000000000000001 R15: 000000000075bfd4
INFO: task syz-executor.1:5948 blocked for more than 143 seconds.
Not tainted 5.5.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1 D28160 5948 9197 0x80004002
Call Trace:
context_switch kernel/sched/core.c:3385 [inline]
__schedule+0x934/0x1f90 kernel/sched/core.c:4081
schedule+0xdc/0x2b0 kernel/sched/core.c:4155
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4214
__mutex_lock_common kernel/locking/mutex.c:1033 [inline]
__mutex_lock+0x7ab/0x13c0 kernel/locking/mutex.c:1103
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
tty_release_struct+0x31/0x50 drivers/tty/tty_io.c:1628
tty_release+0xbcb/0xe90 drivers/tty/tty_io.c:1789
__fput+0x2ff/0x890 fs/file_table.c:280
____fput+0x16/0x20 fs/file_table.c:313
task_work_run+0x145/0x1c0 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0x8e7/0x2ef0 kernel/exit.c:797
do_group_exit+0x135/0x360 kernel/exit.c:895
__do_sys_exit_group kernel/exit.c:906 [inline]
__se_sys_exit_group kernel/exit.c:904 [inline]
__x64_sys_exit_group+0x44/0x50 kernel/exit.c:904
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a9e9
Code: bd 4c 00 00 b9 00 00 40 00 e8 b3 4c 00 00 90 cc cc 64 48 8b 0c 25 f8
ff ff ff 48 3b 61 10 0f 86 ff 00 00 00 48 83 ec 40 48 89 <6c> 24 38 48 8d
6c 24 38 48 8b 42 08 48 89 44 24 30 84 00 48 8b 4a
RSP: 002b:0000000000a6fae8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 000000000045a9e9
RDX: 00000000004144c1 RSI: 0000000000a770d0 RDI: 0000000000000000
RBP: 00000000004c0308 R08: 000000000000000c R09: 0000000000a6fbf0
R10: 00000000021af940 R11: 0000000000000246 R12: 000000000075bfc8
R13: 0000000000000003 R14: 0000000000000001 R15: 000000000075bfd4
INFO: task syz-executor.5:5962 blocked for more than 143 seconds.
Not tainted 5.5.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D28160 5962 9207 0x80004002
Call Trace:
context_switch kernel/sched/core.c:3385 [inline]
__schedule+0x934/0x1f90 kernel/sched/core.c:4081
schedule+0xdc/0x2b0 kernel/sched/core.c:4155
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4214
__mutex_lock_common kernel/locking/mutex.c:1033 [inline]
__mutex_lock+0x7ab/0x13c0 kernel/locking/mutex.c:1103
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
tty_release_struct+0x31/0x50 drivers/tty/tty_io.c:1628
tty_release+0xbcb/0xe90 drivers/tty/tty_io.c:1789
__fput+0x2ff/0x890 fs/file_table.c:280
____fput+0x16/0x20 fs/file_table.c:313
task_work_run+0x145/0x1c0 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0x8e7/0x2ef0 kernel/exit.c:797
do_group_exit+0x135/0x360 kernel/exit.c:895
__do_sys_exit_group kernel/exit.c:906 [inline]
__se_sys_exit_group kernel/exit.c:904 [inline]
__x64_sys_exit_group+0x44/0x50 kernel/exit.c:904
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a9e9
Code: bd 4c 00 00 b9 00 00 40 00 e8 b3 4c 00 00 90 cc cc 64 48 8b 0c 25 f8
ff ff ff 48 3b 61 10 0f 86 ff 00 00 00 48 83 ec 40 48 89 <6c> 24 38 48 8d
6c 24 38 48 8b 42 08 48 89 44 24 30 84 00 48 8b 4a
RSP: 002b:0000000000a6fae8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 000000000045a9e9
RDX: 00000000004144c1 RSI: 0000000000a770d0 RDI: 0000000000000000
RBP: 00000000004c0308 R08: 000000000000000c R09: 0000000000a6fbf0
R10: 0000000001c44940 R11: 0000000000000246 R12: 000000000075bfc8
R13: 0000000000000003 R14: 0000000000000001 R15: 000000000075bfd4
INFO: task syz-executor.2:6670 blocked for more than 143 seconds.
Not tainted 5.5.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D28552 6670 9201 0x00004004
Call Trace:
context_switch kernel/sched/core.c:3385 [inline]
__schedule+0x934/0x1f90 kernel/sched/core.c:4081
schedule+0xdc/0x2b0 kernel/sched/core.c:4155
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:4214
__mutex_lock_common kernel/locking/mutex.c:1033 [inline]
__mutex_lock+0x7ab/0x13c0 kernel/locking/mutex.c:1103
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
tty_open_by_driver drivers/tty/tty_io.c:1951 [inline]
tty_open+0x3cb/0xbb0 drivers/tty/tty_io.c:2035
chrdev_open+0x245/0x6b0 fs/char_dev.c:414
do_dentry_open+0x4e6/0x1380 fs/open.c:797
vfs_open+0xa0/0xd0 fs/open.c:914
do_last fs/namei.c:3420 [inline]
path_openat+0x10df/0x4500 fs/namei.c:3537
do_filp_open+0x1a1/0x280 fs/namei.c:3567
do_sys_open+0x3fe/0x5d0 fs/open.c:1097
__do_sys_open fs/open.c:1115 [inline]
__se_sys_open fs/open.c:1110 [inline]
__x64_sys_open+0x7e/0xc0 fs/open.c:1110
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x414781
Code: 48 0f af de 48 8d 04 13 4c 89 d2 48 89 f3 eb 97 49 89 ca 31 f6 48 89
d0 eb ee 48 8b 1d 78 51 7b 01 84 03 48 8b 14 d3 48 85 d2 <74> 1d 48 89 c3
48 c1 e8 0d 48 25 ff 1f 00 00 48 8b 8c c2 00 00 20
RSP: 002b:00007fb9ea1627a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000414781
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00007fb9ea1627d0
RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000e
R10: 0000000000000064 R11: 0000000000000293 R12: 00007fb9ea1636d4
R13: 00000000004cb2f9 R14: 00000000004e4b10 R15: 00000000ffffffff
Showing all locks held in the system:
1 lock held by khungtaskd/1116:
#0: ffffffff899a5680 (rcu_read_lock){....}, at:
debug_show_all_locks+0x5f/0x279 kernel/locking/lockdep.c:5334
1 lock held by rsyslogd/9065:
#0: ffff8880a6456120 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110
fs/file.c:801
2 locks held by getty/9155:
#0: ffff8880a3122090 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
#1: ffffc9000171b2e0 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/9156:
#0: ffff888095638090 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
#1: ffffc900016ab2e0 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/9157:
#0: ffff8880a25db090 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
#1: ffffc9000168b2e0 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/9158:
#0: ffff888094735090 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
#1: ffffc9000174b2e0 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/9159:
#0: ffff8880a4a8d090 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
#1: ffffc9000173b2e0 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/9160:
#0: ffff88809820d090 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
#1: ffffc9000172b2e0 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
2 locks held by getty/9161:
#0: ffff888098d34090 (&tty->ldisc_sem){++++}, at:
ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:340
#1: ffffc900011102e0 (&ldata->atomic_read_lock){+.+.}, at:
n_tty_read+0x220/0x1bf0 drivers/tty/n_tty.c:2156
1 lock held by syz-executor.2/16901:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_release_struct+0x31/0x50
drivers/tty/tty_io.c:1628
1 lock held by syz-executor.3/5749:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_release_struct+0x31/0x50
drivers/tty/tty_io.c:1628
1 lock held by syz-executor.1/5948:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_release_struct+0x31/0x50
drivers/tty/tty_io.c:1628
1 lock held by syz-executor.5/5962:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_release_struct+0x31/0x50
drivers/tty/tty_io.c:1628
2 locks held by syz-executor.4/6053:
1 lock held by syz-executor.2/6670:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open_by_driver
drivers/tty/tty_io.c:1951 [inline]
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open+0x3cb/0xbb0
drivers/tty/tty_io.c:2035
1 lock held by syz-executor.1/7297:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open_by_driver
drivers/tty/tty_io.c:1951 [inline]
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open+0x3cb/0xbb0
drivers/tty/tty_io.c:2035
1 lock held by syz-executor.1/7299:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open_by_driver
drivers/tty/tty_io.c:1951 [inline]
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open+0x3cb/0xbb0
drivers/tty/tty_io.c:2035
1 lock held by syz-executor.1/7300:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open_by_driver
drivers/tty/tty_io.c:1951 [inline]
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open+0x3cb/0xbb0
drivers/tty/tty_io.c:2035
1 lock held by syz-executor.1/7303:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open_by_driver
drivers/tty/tty_io.c:1951 [inline]
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open+0x3cb/0xbb0
drivers/tty/tty_io.c:2035
1 lock held by syz-executor.1/7308:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open_by_driver
drivers/tty/tty_io.c:1951 [inline]
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open+0x3cb/0xbb0
drivers/tty/tty_io.c:2035
1 lock held by syz-executor.3/7315:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open_by_driver
drivers/tty/tty_io.c:1951 [inline]
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open+0x3cb/0xbb0
drivers/tty/tty_io.c:2035
1 lock held by syz-executor.3/7320:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open_by_driver
drivers/tty/tty_io.c:1951 [inline]
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open+0x3cb/0xbb0
drivers/tty/tty_io.c:2035
1 lock held by syz-executor.3/7321:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open_by_driver
drivers/tty/tty_io.c:1951 [inline]
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open+0x3cb/0xbb0
drivers/tty/tty_io.c:2035
1 lock held by syz-executor.3/7334:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open_by_driver
drivers/tty/tty_io.c:1951 [inline]
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open+0x3cb/0xbb0
drivers/tty/tty_io.c:2035
1 lock held by syz-executor.3/7336:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open_by_driver
drivers/tty/tty_io.c:1951 [inline]
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open+0x3cb/0xbb0
drivers/tty/tty_io.c:2035
1 lock held by syz-executor.5/7319:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open_by_driver
drivers/tty/tty_io.c:1951 [inline]
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open+0x3cb/0xbb0
drivers/tty/tty_io.c:2035
1 lock held by syz-executor.5/7323:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open_by_driver
drivers/tty/tty_io.c:1951 [inline]
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open+0x3cb/0xbb0
drivers/tty/tty_io.c:2035
1 lock held by syz-executor.5/7326:
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open_by_driver
drivers/tty/tty_io.c:1951 [inline]
#0: ffffffff89eceb20 (tty_mutex){+.+.}, at: tty_open+0x3cb/0xbb0
drivers/tty/tty_io.c:2035
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 1116 Comm: khungtaskd Not tainted 5.5.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x70/0xb2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x23b/0x28b lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline]
watchdog+0xb11/0x10c0 kernel/hung_task.c:289
kthread+0x361/0x430 kernel/kthread.c:255
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 6053 Comm: syz-executor.4 Not tainted 5.5.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__sanitizer_cov_trace_cmp4+0xd/0x20 kernel/kcov.c:248
Code: d6 0f b7 f7 bf 02 00 00 00 48 89 e5 48 8b 4d 08 e8 58 ff ff ff 5d c3
66 0f 1f 44 00 00 55 89 f2 89 fe bf 04 00 00 00 48 89 e5 <48> 8b 4d 08 e8
3a ff ff ff 5d c3 0f 1f 84 00 00 00 00 00 55 48 89
RSP: 0018:ffffc900077f7398 EFLAGS: 00000286
RAX: 0000000000040000 RBX: 0000000000000050 RCX: ffffc90012dbb000
RDX: 000000000000001e RSI: 0000000000000050 RDI: 0000000000000004
RBP: ffffc900077f7398 R08: ffff88805b088500 R09: ffffed1043195044
R10: ffffed1043195043 R11: ffff888218ca821f R12: 000000000000001e
R13: ffff8880000a001e R14: ffff8880000a0000 R15: 0000000000000000
FS: 00007fa5c7d87700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c010c40870 CR3: 00000000a3b19000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vga16fb_fillrect+0xa20/0x19b0 drivers/video/fbdev/vga16fb.c:922
bit_clear_margins+0x30b/0x530 drivers/video/fbdev/core/bitblit.c:232
fbcon_clear_margins+0x1e9/0x250 drivers/video/fbdev/core/fbcon.c:1372
fbcon_switch+0xd7f/0x17f0 drivers/video/fbdev/core/fbcon.c:2354
redraw_screen+0x2b6/0x7d0 drivers/tty/vt/vt.c:997
fbcon_modechanged+0x5c3/0x790 drivers/video/fbdev/core/fbcon.c:2991
fbcon_update_vcs+0x42/0x50 drivers/video/fbdev/core/fbcon.c:3038
fb_set_var+0xb32/0xdd0 drivers/video/fbdev/core/fbmem.c:1051
do_fb_ioctl+0x390/0x7d0 drivers/video/fbdev/core/fbmem.c:1104
fb_ioctl+0xe6/0x130 drivers/video/fbdev/core/fbmem.c:1180
vfs_ioctl fs/ioctl.c:47 [inline]
file_ioctl fs/ioctl.c:545 [inline]
do_vfs_ioctl+0x977/0x14e0 fs/ioctl.c:732
ksys_ioctl+0xab/0xd0 fs/ioctl.c:749
__do_sys_ioctl fs/ioctl.c:756 [inline]
__se_sys_ioctl fs/ioctl.c:754 [inline]
__x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:754
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a9e9
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fa5c7d86c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a9e9
RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa5c7d876d4
R13: 00000000004c3208 R14: 00000000004d8678 R15: 00000000ffffffff
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
reply other threads:[~2020-01-07 8:17 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000078348059b8867d2@google.com \
--to=syzbot+585ef057d3538fcc1639@syzkaller.appspotmail.com \
--cc=daniel.vetter@ffwll.ch \
--cc=ghalat@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=jslaby@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nico@fluxnic.net \
--cc=sam@ravnborg.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=textshell@uchuujin.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.