From: syzbot <syzbot+8f41dccfb6c03cc36fd6@syzkaller.appspotmail.com>
To: gregkh@linuxfoundation.org, jirislaby@kernel.org,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] INFO: task can't die in show_free_areas
Date: Wed, 02 Feb 2022 16:14:27 -0800 [thread overview]
Message-ID: <000000000000785f9605d712043f@google.com> (raw)
In-Reply-To: <0000000000006527b405d653df1f@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: 6abab1b81b65 Add linux-next specific files for 20220202
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=10de0ec8700000
kernel config: https://syzkaller.appspot.com/x/.config?x=b8d8750556896349
dashboard link: https://syzkaller.appspot.com/bug?extid=8f41dccfb6c03cc36fd6
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=133f0c58700000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1205d17c700000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8f41dccfb6c03cc36fd6@syzkaller.appspotmail.com
INFO: task syz-executor372:3664 can't die for more than 143 seconds.
task:syz-executor372 state:R running task stack:26120 pid: 3664 ppid: 3651 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5000 [inline]
__schedule+0xab2/0x4db0 kernel/sched/core.c:6309
preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6475
preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:35
vprintk_emit+0x1c9/0x4f0 kernel/printk/printk.c:2249
vprintk+0x80/0x90 kernel/printk/printk_safe.c:50
_printk+0xba/0xed kernel/printk/printk.c:2269
show_free_areas.cold+0x4aa/0x961 mm/page_alloc.c:6052
show_mem+0x31/0x191 lib/show_mem.c:17
warn_alloc_show_mem mm/page_alloc.c:4268 [inline]
warn_alloc.cold+0x121/0x189 mm/page_alloc.c:4293
__vmalloc_area_node mm/vmalloc.c:3003 [inline]
__vmalloc_node_range+0xeb5/0x1130 mm/vmalloc.c:3157
__vmalloc_node mm/vmalloc.c:3222 [inline]
vzalloc+0x67/0x80 mm/vmalloc.c:3292
n_tty_open+0x16/0x170 drivers/tty/n_tty.c:1813
tty_ldisc_open+0x9b/0x110 drivers/tty/tty_ldisc.c:433
tty_ldisc_setup+0x43/0x100 drivers/tty/tty_ldisc.c:740
tty_init_dev.part.0+0x1f4/0x610 drivers/tty/tty_io.c:1443
tty_init_dev include/linux/err.h:36 [inline]
tty_open_by_driver drivers/tty/tty_io.c:2086 [inline]
tty_open+0xb16/0x1000 drivers/tty/tty_io.c:2133
chrdev_open+0x266/0x770 fs/char_dev.c:414
do_dentry_open+0x4b9/0x1240 fs/open.c:957
do_open fs/namei.c:3476 [inline]
path_openat+0x1c9e/0x2940 fs/namei.c:3609
do_filp_open+0x1aa/0x400 fs/namei.c:3636
do_sys_openat2+0x16d/0x4d0 fs/open.c:1347
do_sys_open fs/open.c:1363 [inline]
__do_sys_openat fs/open.c:1379 [inline]
__se_sys_openat fs/open.c:1374 [inline]
__x64_sys_openat+0x13f/0x1f0 fs/open.c:1374
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f5f16eac9d7
RSP: 002b:00007ffe798c0ac0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5f16eac9d7
RDX: 0000000000000002 RSI: 00007ffe798c0b50 RDI: 00000000ffffff9c
RBP: 00007ffe798c0b50 R08: 0000000000000000 R09: 000000000000000e
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffe798c0c10 R14: 00007ffe798c0c50 R15: 0000000000000000
</TASK>
INFO: task syz-executor372:3665 can't die for more than 143 seconds.
task:syz-executor372 state:D stack:28112 pid: 3665 ppid: 3654 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5000 [inline]
__schedule+0xab2/0x4db0 kernel/sched/core.c:6309
schedule+0xd2/0x260 kernel/sched/core.c:6382
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6441
__mutex_lock_common kernel/locking/mutex.c:673 [inline]
__mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:733
tty_open_by_driver drivers/tty/tty_io.c:2050 [inline]
tty_open+0x55e/0x1000 drivers/tty/tty_io.c:2133
chrdev_open+0x266/0x770 fs/char_dev.c:414
do_dentry_open+0x4b9/0x1240 fs/open.c:957
do_open fs/namei.c:3476 [inline]
path_openat+0x1c9e/0x2940 fs/namei.c:3609
do_filp_open+0x1aa/0x400 fs/namei.c:3636
do_sys_openat2+0x16d/0x4d0 fs/open.c:1347
do_sys_open fs/open.c:1363 [inline]
__do_sys_openat fs/open.c:1379 [inline]
__se_sys_openat fs/open.c:1374 [inline]
__x64_sys_openat+0x13f/0x1f0 fs/open.c:1374
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f5f16eac9d7
RSP: 002b:00007ffe798c0ac0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5f16eac9d7
RDX: 0000000000000002 RSI: 00007ffe798c0b50 RDI: 00000000ffffff9c
RBP: 00007ffe798c0b50 R08: 0000000000000000 R09: 000000000000000e
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffe798c0c10 R14: 00007ffe798c0c50 R15: 0000000000000000
</TASK>
INFO: task syz-executor372:3665 blocked for more than 144 seconds.
Not tainted 5.17.0-rc2-next-20220202-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor372 state:D stack:28112 pid: 3665 ppid: 3654 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5000 [inline]
__schedule+0xab2/0x4db0 kernel/sched/core.c:6309
schedule+0xd2/0x260 kernel/sched/core.c:6382
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6441
__mutex_lock_common kernel/locking/mutex.c:673 [inline]
__mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:733
tty_open_by_driver drivers/tty/tty_io.c:2050 [inline]
tty_open+0x55e/0x1000 drivers/tty/tty_io.c:2133
chrdev_open+0x266/0x770 fs/char_dev.c:414
do_dentry_open+0x4b9/0x1240 fs/open.c:957
do_open fs/namei.c:3476 [inline]
path_openat+0x1c9e/0x2940 fs/namei.c:3609
do_filp_open+0x1aa/0x400 fs/namei.c:3636
do_sys_openat2+0x16d/0x4d0 fs/open.c:1347
do_sys_open fs/open.c:1363 [inline]
__do_sys_openat fs/open.c:1379 [inline]
__se_sys_openat fs/open.c:1374 [inline]
__x64_sys_openat+0x13f/0x1f0 fs/open.c:1374
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f5f16eac9d7
RSP: 002b:00007ffe798c0ac0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5f16eac9d7
RDX: 0000000000000002 RSI: 00007ffe798c0b50 RDI: 00000000ffffff9c
RBP: 00007ffe798c0b50 R08: 0000000000000000 R09: 000000000000000e
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffe798c0c10 R14: 00007ffe798c0c50 R15: 0000000000000000
</TASK>
INFO: task syz-executor372:3666 can't die for more than 144 seconds.
task:syz-executor372 state:D stack:27696 pid: 3666 ppid: 3653 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5000 [inline]
__schedule+0xab2/0x4db0 kernel/sched/core.c:6309
schedule+0xd2/0x260 kernel/sched/core.c:6382
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6441
__mutex_lock_common kernel/locking/mutex.c:673 [inline]
__mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:733
tty_open_by_driver drivers/tty/tty_io.c:2050 [inline]
tty_open+0x55e/0x1000 drivers/tty/tty_io.c:2133
chrdev_open+0x266/0x770 fs/char_dev.c:414
do_dentry_open+0x4b9/0x1240 fs/open.c:957
do_open fs/namei.c:3476 [inline]
path_openat+0x1c9e/0x2940 fs/namei.c:3609
do_filp_open+0x1aa/0x400 fs/namei.c:3636
do_sys_openat2+0x16d/0x4d0 fs/open.c:1347
do_sys_open fs/open.c:1363 [inline]
__do_sys_openat fs/open.c:1379 [inline]
__se_sys_openat fs/open.c:1374 [inline]
__x64_sys_openat+0x13f/0x1f0 fs/open.c:1374
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f5f16eac9d7
RSP: 002b:00007ffe798c0ac0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5f16eac9d7
RDX: 0000000000000002 RSI: 00007ffe798c0b50 RDI: 00000000ffffff9c
RBP: 00007ffe798c0b50 R08: 0000000000000000 R09: 000000000000000e
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffe798c0c10 R14: 00007ffe798c0c50 R15: 0000000000000000
</TASK>
INFO: task syz-executor372:3666 blocked for more than 144 seconds.
Not tainted 5.17.0-rc2-next-20220202-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor372 state:D stack:27696 pid: 3666 ppid: 3653 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5000 [inline]
__schedule+0xab2/0x4db0 kernel/sched/core.c:6309
schedule+0xd2/0x260 kernel/sched/core.c:6382
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6441
__mutex_lock_common kernel/locking/mutex.c:673 [inline]
__mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:733
tty_open_by_driver drivers/tty/tty_io.c:2050 [inline]
tty_open+0x55e/0x1000 drivers/tty/tty_io.c:2133
chrdev_open+0x266/0x770 fs/char_dev.c:414
do_dentry_open+0x4b9/0x1240 fs/open.c:957
do_open fs/namei.c:3476 [inline]
path_openat+0x1c9e/0x2940 fs/namei.c:3609
do_filp_open+0x1aa/0x400 fs/namei.c:3636
do_sys_openat2+0x16d/0x4d0 fs/open.c:1347
do_sys_open fs/open.c:1363 [inline]
__do_sys_openat fs/open.c:1379 [inline]
__se_sys_openat fs/open.c:1374 [inline]
__x64_sys_openat+0x13f/0x1f0 fs/open.c:1374
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f5f16eac9d7
RSP: 002b:00007ffe798c0ac0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5f16eac9d7
RDX: 0000000000000002 RSI: 00007ffe798c0b50 RDI: 00000000ffffff9c
RBP: 00007ffe798c0b50 R08: 0000000000000000 R09: 000000000000000e
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffe798c0c10 R14: 00007ffe798c0c50 R15: 0000000000000000
</TASK>
INFO: task syz-executor372:3671 can't die for more than 144 seconds.
task:syz-executor372 state:D stack:28112 pid: 3671 ppid: 3652 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5000 [inline]
__schedule+0xab2/0x4db0 kernel/sched/core.c:6309
schedule+0xd2/0x260 kernel/sched/core.c:6382
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6441
__mutex_lock_common kernel/locking/mutex.c:673 [inline]
__mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:733
tty_open_by_driver drivers/tty/tty_io.c:2050 [inline]
tty_open+0x55e/0x1000 drivers/tty/tty_io.c:2133
chrdev_open+0x266/0x770 fs/char_dev.c:414
do_dentry_open+0x4b9/0x1240 fs/open.c:957
do_open fs/namei.c:3476 [inline]
path_openat+0x1c9e/0x2940 fs/namei.c:3609
do_filp_open+0x1aa/0x400 fs/namei.c:3636
do_sys_openat2+0x16d/0x4d0 fs/open.c:1347
do_sys_open fs/open.c:1363 [inline]
__do_sys_openat fs/open.c:1379 [inline]
__se_sys_openat fs/open.c:1374 [inline]
__x64_sys_openat+0x13f/0x1f0 fs/open.c:1374
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f5f16eac9d7
RSP: 002b:00007ffe798c0ac0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5f16eac9d7
RDX: 0000000000000002 RSI: 00007ffe798c0b50 RDI: 00000000ffffff9c
RBP: 00007ffe798c0b50 R08: 0000000000000000 R09: 000000000000000e
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffe798c0c10 R14: 00007ffe798c0c50 R15: 0000000000000001
</TASK>
INFO: task syz-executor372:3671 blocked for more than 145 seconds.
Not tainted 5.17.0-rc2-next-20220202-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor372 state:D stack:28112 pid: 3671 ppid: 3652 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5000 [inline]
__schedule+0xab2/0x4db0 kernel/sched/core.c:6309
schedule+0xd2/0x260 kernel/sched/core.c:6382
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6441
__mutex_lock_common kernel/locking/mutex.c:673 [inline]
__mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:733
tty_open_by_driver drivers/tty/tty_io.c:2050 [inline]
tty_open+0x55e/0x1000 drivers/tty/tty_io.c:2133
chrdev_open+0x266/0x770 fs/char_dev.c:414
do_dentry_open+0x4b9/0x1240 fs/open.c:957
do_open fs/namei.c:3476 [inline]
path_openat+0x1c9e/0x2940 fs/namei.c:3609
do_filp_open+0x1aa/0x400 fs/namei.c:3636
do_sys_openat2+0x16d/0x4d0 fs/open.c:1347
do_sys_open fs/open.c:1363 [inline]
__do_sys_openat fs/open.c:1379 [inline]
__se_sys_openat fs/open.c:1374 [inline]
__x64_sys_openat+0x13f/0x1f0 fs/open.c:1374
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f5f16eac9d7
RSP: 002b:00007ffe798c0ac0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5f16eac9d7
RDX: 0000000000000002 RSI: 00007ffe798c0b50 RDI: 00000000ffffff9c
RBP: 00007ffe798c0b50 R08: 0000000000000000 R09: 000000000000000e
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffe798c0c10 R14: 00007ffe798c0c50 R15: 0000000000000001
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/27:
#0: ffffffff8bb83a60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6463
2 locks held by getty/3274:
#0: ffff88814abb0098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:244
#1: ffffc90002b562e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xcf0/0x1230 drivers/tty/n_tty.c:2077
3 locks held by syz-executor372/3664:
1 lock held by syz-executor372/3665:
#0: ffffffff8c5b60c8 (tty_mutex){+.+.}-{3:3}, at: tty_open_by_driver drivers/tty/tty_io.c:2050 [inline]
#0: ffffffff8c5b60c8 (tty_mutex){+.+.}-{3:3}, at: tty_open+0x55e/0x1000 drivers/tty/tty_io.c:2133
1 lock held by syz-executor372/3666:
#0: ffffffff8c5b60c8 (tty_mutex){+.+.}-{3:3}, at: tty_open_by_driver drivers/tty/tty_io.c:2050 [inline]
#0: ffffffff8c5b60c8 (tty_mutex){+.+.}-{3:3}, at: tty_open+0x55e/0x1000 drivers/tty/tty_io.c:2133
1 lock held by syz-executor372/3671:
#0: ffffffff8c5b60c8 (tty_mutex){+.+.}-{3:3}, at: tty_open_by_driver drivers/tty/tty_io.c:2050 [inline]
#0: ffffffff8c5b60c8 (tty_mutex){+.+.}-{3:3}, at: tty_open+0x55e/0x1000 drivers/tty/tty_io.c:2133
1 lock held by syz-executor372/3680:
#0: ffffffff8c5b60c8 (tty_mutex){+.+.}-{3:3}, at: tty_open_by_driver drivers/tty/tty_io.c:2050 [inline]
#0: ffffffff8c5b60c8 (tty_mutex){+.+.}-{3:3}, at: tty_open+0x55e/0x1000 drivers/tty/tty_io.c:2133
1 lock held by syz-executor372/3683:
#0: ffffffff8c5b60c8 (tty_mutex){+.+.}-{3:3}, at: tty_open_by_driver drivers/tty/tty_io.c:2050 [inline]
#0: ffffffff8c5b60c8 (tty_mutex){+.+.}-{3:3}, at: tty_open+0x55e/0x1000 drivers/tty/tty_io.c:2133
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.17.0-rc2-next-20220202-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x1e6/0x230 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:256 [inline]
watchdog+0xcb7/0xed0 kernel/hung_task.c:413
kthread+0x2e9/0x3a0 kernel/kthread.c:377
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 3668 Comm: kworker/u4:6 Not tainted 5.17.0-rc2-next-20220202-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:__lock_release kernel/locking/lockdep.c:5323 [inline]
RIP: 0010:lock_release+0x217/0x720 kernel/locking/lockdep.c:5659
Code: e8 6e 08 ff ff 48 85 c0 48 89 c3 0f 84 85 03 00 00 48 8d 78 24 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 94 04 00 00 8b
RSP: 0018:ffffc900028bf920 EFLAGS: 00000807
RAX: dffffc0000000000 RBX: ffff88801f760b30 RCX: ffffc900028bf970
RDX: 0000000000000000 RSI: ffff888010db6138 RDI: ffff88801f760b54
RBP: 1ffff92000517f26 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 000000000000003f R12: ffff888010db6138
R13: 0000000000000006 R14: ffff88801f760a60 R15: ffff88801f760000
FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f80cab3f680 CR3: 000000000b88e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__raw_spin_unlock include/linux/spinlock_api_smp.h:141 [inline]
_raw_spin_unlock+0x12/0x40 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:394 [inline]
__text_poke+0x5d4/0x8c0 arch/x86/kernel/alternative.c:1059
text_poke_bp_batch+0x2c3/0x4e0 arch/x86/kernel/alternative.c:1313
text_poke_flush arch/x86/kernel/alternative.c:1470 [inline]
text_poke_flush arch/x86/kernel/alternative.c:1467 [inline]
text_poke_finish+0x16/0x30 arch/x86/kernel/alternative.c:1477
arch_jump_label_transform_apply+0x13/0x20 arch/x86/kernel/jump_label.c:146
jump_label_update+0x1da/0x400 kernel/jump_label.c:830
static_key_disable_cpuslocked+0x152/0x1b0 kernel/jump_label.c:207
static_key_disable+0x16/0x20 kernel/jump_label.c:215
toggle_allocation_gate mm/kfence/core.c:748 [inline]
toggle_allocation_gate+0x183/0x390 mm/kfence/core.c:726
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:377
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.308 msecs
----------------
Code disassembly (best guess):
0: e8 6e 08 ff ff callq 0xffff0873
5: 48 85 c0 test %rax,%rax
8: 48 89 c3 mov %rax,%rbx
b: 0f 84 85 03 00 00 je 0x396
11: 48 8d 78 24 lea 0x24(%rax),%rdi
15: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
1c: fc ff df
1f: 48 89 fa mov %rdi,%rdx
22: 48 c1 ea 03 shr $0x3,%rdx
26: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx
* 2a: 48 89 f8 mov %rdi,%rax <-- trapping instruction
2d: 83 e0 07 and $0x7,%eax
30: 83 c0 03 add $0x3,%eax
33: 38 d0 cmp %dl,%al
35: 7c 08 jl 0x3f
37: 84 d2 test %dl,%dl
39: 0f 85 94 04 00 00 jne 0x4d3
3f: 8b .byte 0x8b
prev parent reply other threads:[~2022-02-03 0:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-24 13:23 [syzbot] INFO: task can't die in show_free_areas syzbot
2022-02-03 0:14 ` syzbot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000785f9605d712043f@google.com \
--to=syzbot+8f41dccfb6c03cc36fd6@syzkaller.appspotmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=jirislaby@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.