linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
To: syzbot
	<bot+980f5e5fc060c37505bd65abb49a963518b269d9@syzkaller.appspotmail.com>,
	ak@linux.intel.com, akpm@linux-foundation.org, jack@suse.cz,
	jlayton@redhat.com, linux-kernel@vger.kernel.org,
	linux-mm@kvack.org, mgorman@techsingularity.net,
	mingo@kernel.org, npiggin@gmail.com, rgoldwyn@suse.com,
	syzkaller-bugs@googlegroups.com
Subject: Re: INFO: task hung in filemap_fault
Date: Mon, 18 Dec 2017 23:52:17 +0900	[thread overview]
Message-ID: <82d89066-7dd2-12fe-3cc0-c8d624fe0d51@I-love.SAKURA.ne.jp> (raw)
In-Reply-To: <001a11444d0e7bfd7f05609956c6@google.com>

On 2017/12/18 17:43, syzbot wrote:
> Hello,
> 
> syzkaller hit the following crash on 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
> 
> Unfortunately, I don't have any reproducer for this bug yet.
> 

This log has a lot of mmap() but also has Android's binder messages.

r9 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x800)

[   49.200735] binder: 9749:9755 IncRefs 0 refcount change on invalid ref 2 ret -22
[   49.221514] binder: 9749:9755 Acquire 1 refcount change on invalid ref 4 ret -22
[   49.233325] binder: 9749:9755 Acquire 1 refcount change on invalid ref 0 ret -22
[   49.241979] binder: binder_mmap: 9749 205a3000-205a7000 bad vm_flags failed -1
[   49.256949] binder: 9749:9755 unknown command 0
[   49.262470] binder: 9749:9755 ioctl c0306201 20000fd0 returned -22
[   49.293365] binder: 9749:9755 IncRefs 0 refcount change on invalid ref 2 ret -22
[   49.301297] binder: binder_mmap: 9749 205a3000-205a7000 bad vm_flags failed -1
[   49.314146] binder: 9749:9755 Acquire 1 refcount change on invalid ref 4 ret -22
[   49.322732] binder: 9749:9755 Acquire 1 refcount change on invalid ref 0 ret -22
[   49.332063] binder: 9749:9755 Release 1 refcount change on invalid ref 1 ret -22
[   49.340796] binder: 9749:9755 Acquire 1 refcount change on invalid ref 2 ret -22
[   49.349457] binder: 9749:9755 BC_DEAD_BINDER_DONE 0000000000000001 not found
[   49.349462] binder: 9749:9755 BC_DEAD_BINDER_DONE 0000000000000000 not found

[  246.752088] INFO: task syz-executor7:10280 blocked for more than 120 seconds.

Anything that hung after uptime > 46.75 can be reported at uptime = 246.75, can't it?

Is it possible to reproduce this problem by running the same program?

> 
> INFO: task syz-executor7:10280 blocked for more than 120 seconds.
> A A A A A  Not tainted 4.15.0-rc3-next-20171214+ #67
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> syz-executor7A A  DA A A  0 10280A A  3310 0x00000004
> Call Trace:
> A context_switch kernel/sched/core.c:2800 [inline]
> A __schedule+0x30b/0xaf0 kernel/sched/core.c:3376
> A schedule+0x2e/0x90 kernel/sched/core.c:3435
> A io_schedule+0x11/0x40 kernel/sched/core.c:5043
> A wait_on_page_bit_common mm/filemap.c:1099 [inline]
> A wait_on_page_bit mm/filemap.c:1132 [inline]
> A wait_on_page_locked include/linux/pagemap.h:530 [inline]
> A __lock_page_or_retry+0x391/0x3e0 mm/filemap.c:1310
> A lock_page_or_retry include/linux/pagemap.h:510 [inline]
> A filemap_fault+0x61c/0xa70 mm/filemap.c:2532
> A __do_fault+0x23/0xa4 mm/memory.c:3206
> A do_read_fault mm/memory.c:3616 [inline]
> A do_fault mm/memory.c:3716 [inline]
> A handle_pte_fault mm/memory.c:3947 [inline]
> A __handle_mm_fault+0x10b5/0x1930 mm/memory.c:4071
> A handle_mm_fault+0x215/0x450 mm/memory.c:4108
> A faultin_page mm/gup.c:502 [inline]
> A __get_user_pages+0x1ff/0x980 mm/gup.c:699
> A populate_vma_page_range+0xa1/0xb0 mm/gup.c:1200
> A __mm_populate+0xcc/0x190 mm/gup.c:1250
> A mm_populate include/linux/mm.h:2233 [inline]
> A vm_mmap_pgoff+0x103/0x110 mm/util.c:338
> A SYSC_mmap_pgoff mm/mmap.c:1533 [inline]
> A SyS_mmap_pgoff+0x215/0x2c0 mm/mmap.c:1491
> A SYSC_mmap arch/x86/kernel/sys_x86_64.c:100 [inline]
> A SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:91
> A entry_SYSCALL_64_fastpath+0x1f/0x96
> RIP: 0033:0x452a09
> RSP: 002b:00007efce66dac58 EFLAGS: 00000212 ORIG_RAX: 0000000000000009
> RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452a09
> RDX: 0000000000000003 RSI: 0000000000001000 RDI: 0000000020e5b000
> RBP: 0000000000000033 R08: 0000000000000016 R09: 0000000000000000
> R10: 0000000000002011 R11: 0000000000000212 R12: 00000000006ed568
> R13: 00000000ffffffff R14: 00007efce66db6d4 R15: 0000000000000000

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

  reply	other threads:[~2017-12-18 14:52 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-18  8:43 INFO: task hung in filemap_fault syzbot
2017-12-18 14:52 ` Tetsuo Handa [this message]
2017-12-18 22:19   ` Tetsuo Handa
2017-12-28 14:09   ` Dmitry Vyukov
2018-01-01 15:27     ` Tetsuo Handa
2018-01-08  9:08       ` Dmitry Vyukov
2018-01-08 10:48         ` Tetsuo Handa
2018-01-15  9:40           ` Dmitry Vyukov
2018-01-15 10:44             ` Tetsuo Handa
2018-01-15 12:29               ` Dmitry Vyukov
2018-01-15 13:43               ` Dmitry Vyukov
2018-01-15 13:56                 ` Tetsuo Handa
2018-01-15 14:00                   ` Dmitry Vyukov
2018-01-15 14:25                     ` Tetsuo Handa
2018-01-15 14:27                       ` Dmitry Vyukov
2018-01-15 14:38                         ` Tetsuo Handa
2018-01-08  9:17       ` Dmitry Vyukov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=82d89066-7dd2-12fe-3cc0-c8d624fe0d51@I-love.SAKURA.ne.jp \
    --to=penguin-kernel@i-love.sakura.ne.jp \
    --cc=ak@linux.intel.com \
    --cc=akpm@linux-foundation.org \
    --cc=bot+980f5e5fc060c37505bd65abb49a963518b269d9@syzkaller.appspotmail.com \
    --cc=jack@suse.cz \
    --cc=jlayton@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=mgorman@techsingularity.net \
    --cc=mingo@kernel.org \
    --cc=npiggin@gmail.com \
    --cc=rgoldwyn@suse.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).