| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Jan 2016 20:16:20 +0100
From: Dmitry Vyukov <dvyukov@...gle.com>
To: Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>,
Jie Yang <yang.jie@...el.com>, Mark Brown <broonie@...nel.org>,
alsa-devel@...a-project.org, LKML <linux-kernel@...r.kernel.org>
Cc: syzkaller <syzkaller@...glegroups.com>,
Kostya Serebryany <kcc@...gle.com>,
Alexander Potapenko <glider@...gle.com>,
Sasha Levin <sasha.levin@...cle.com>
Subject: sound: spinlock lockup in sound/core/timer.c
Hello,
The following program hangs kernel dead:
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#include <unistd.h>
#include <sys/syscall.h>
#include <string.h>
#include <stdint.h>
#include <pthread.h>
long r[42];
void *thr(void *arg)
{
switch ((long)arg) {
case 0:
r[0] = syscall(SYS_mmap, 0x20000000ul, 0x2000ul,
0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul);
break;
case 1:
memcpy((void*)0x20000000,
"\x2f\x64\x65\x76\x2f\x73\x6e\x64\x2f\x74\x69\x6d\x65\x72", 14);
r[2] = open("/dev/snd/timer", 0x181400ul, 0);
break;
case 2:
*(uint32_t*)0x20001000 = (uint32_t)0x1;
*(uint32_t*)0x20001004 = (uint32_t)0xfffffffffffffffe;
*(uint32_t*)0x20001008 = (uint32_t)0x0;
*(uint32_t*)0x2000100c = (uint32_t)0x3;
*(uint32_t*)0x20001010 = (uint32_t)0x0;
*(uint8_t*)0x20001014 = (uint8_t)0x0;
*(uint8_t*)0x20001015 = (uint8_t)0x0;
*(uint8_t*)0x20001016 = (uint8_t)0x0;
*(uint8_t*)0x20001017 = (uint8_t)0x0;
*(uint8_t*)0x20001018 = (uint8_t)0x0;
*(uint8_t*)0x20001019 = (uint8_t)0x0;
*(uint8_t*)0x2000101a = (uint8_t)0x0;
*(uint8_t*)0x2000101b = (uint8_t)0x0;
*(uint8_t*)0x2000101c = (uint8_t)0x0;
*(uint8_t*)0x2000101d = (uint8_t)0x0;
*(uint8_t*)0x2000101e = (uint8_t)0x0;
*(uint8_t*)0x2000101f = (uint8_t)0x0;
*(uint8_t*)0x20001020 = (uint8_t)0x0;
*(uint8_t*)0x20001021 = (uint8_t)0x0;
*(uint8_t*)0x20001022 = (uint8_t)0x0;
*(uint8_t*)0x20001023 = (uint8_t)0x0;
*(uint8_t*)0x20001024 = (uint8_t)0x0;
*(uint8_t*)0x20001025 = (uint8_t)0x0;
*(uint8_t*)0x20001026 = (uint8_t)0x0;
*(uint8_t*)0x20001027 = (uint8_t)0x0;
*(uint8_t*)0x20001028 = (uint8_t)0x0;
*(uint8_t*)0x20001029 = (uint8_t)0x0;
*(uint8_t*)0x2000102a = (uint8_t)0x0;
*(uint8_t*)0x2000102b = (uint8_t)0x0;
*(uint8_t*)0x2000102c = (uint8_t)0x0;
*(uint8_t*)0x2000102d = (uint8_t)0x0;
*(uint8_t*)0x2000102e = (uint8_t)0x0;
*(uint8_t*)0x2000102f = (uint8_t)0x0;
*(uint8_t*)0x20001030 = (uint8_t)0x0;
*(uint8_t*)0x20001031 = (uint8_t)0x0;
*(uint8_t*)0x20001032 = (uint8_t)0x0;
*(uint8_t*)0x20001033 = (uint8_t)0x0;
r[40] = syscall(SYS_ioctl, r[2], 0x40345410ul,
0x20001000ul, 0, 0, 0);
break;
case 3:
r[41] = syscall(SYS_ioctl, r[2], 0x54a0ul, 0, 0, 0, 0);
break;
}
return 0;
}
int main()
{
long i;
pthread_t th[4];
memset(r, -1, sizeof(r));
for (i = 0; i < 4; i++) {
pthread_create(&th[i], 0, thr, (void*)i);
usleep(10000);
}
for (i = 0; i < 4; i++) {
pthread_create(&th[i], 0, thr, (void*)i);
if (i%2==0)
usleep(10000);
}
usleep(100000);
return 0;
}
INFO: rcu_sched detected stalls on CPUs/tasks:
(detected by 1, t=26002 jiffies, g=16336, c=16335, q=82)
All QSes seen, last rcu_sched kthread activity 26002
(4294782026-4294756024), jiffies_till_next_fqs=3, root ->qsmask 0x0
a.out R running task 30168 32322 30913 0x0000000a
ffff880034627600 ffff88003ed07ca8 ffffffff813e63b9 00000000fffcc6b8
00000000fffcc6b8 ffff88003ed20f40 00000000fffd2c4a dffffc0000000000
0000000000000000 ffff88003ed07d80 ffffffff814b21ca 0000000000000000
Call Trace:
<IRQ> [<ffffffff813e63b9>] sched_show_task+0x269/0x3b0
kernel/sched/core.c:5036
[< inline >] print_other_cpu_stall kernel/rcu/tree.c:1318
[< inline >] check_cpu_stall kernel/rcu/tree.c:1424
[< inline >] __rcu_pending kernel/rcu/tree.c:3906
[< inline >] rcu_pending kernel/rcu/tree.c:3970
[<ffffffff814b21ca>] rcu_check_callbacks+0x1dfa/0x1e10 kernel/rcu/tree.c:2795
[<ffffffff814c195a>] update_process_times+0x3a/0x70 kernel/time/timer.c:1420
[<ffffffff814eaebf>] tick_sched_handle.isra.20+0xaf/0xe0
kernel/time/tick-sched.c:151
[<ffffffff814eb5e5>] tick_sched_timer+0x75/0x100 kernel/time/tick-sched.c:1086
[< inline >] __run_hrtimer kernel/time/hrtimer.c:1229
[<ffffffff814c3723>] __hrtimer_run_queues+0x363/0xc10
kernel/time/hrtimer.c:1293
[<ffffffff814c5732>] hrtimer_interrupt+0x182/0x430 kernel/time/hrtimer.c:1327
[<ffffffff8124e10f>] local_apic_timer_interrupt+0x6f/0xe0
arch/x86/kernel/apic/apic.c:907
[<ffffffff81251576>] smp_apic_timer_interrupt+0x76/0xa0
arch/x86/kernel/apic/apic.c:931
[<ffffffff86273dec>] apic_timer_interrupt+0x8c/0xa0
arch/x86/entry/entry_64.S:520
[<ffffffff814f99bc>] smp_call_function_many+0x59c/0x720 kernel/smp.c:435
[<ffffffff81291e96>] native_flush_tlb_others+0xd6/0x370 arch/x86/mm/tlb.c:154
[< inline >] flush_tlb_others ./arch/x86/include/asm/paravirt.h:329
[<ffffffff812925fc>] flush_tlb_mm_range+0x10c/0x550 arch/x86/mm/tlb.c:220
[<ffffffff816d3a32>] tlb_flush_mmu_tlbonly+0x1e2/0x3f0 mm/memory.c:242
[< inline >] tlb_flush_mmu mm/memory.c:263
[<ffffffff816d6acb>] tlb_finish_mmu+0x1b/0xa0 mm/memory.c:275
[<ffffffff816ea5ad>] unmap_region+0x22d/0x300 mm/mmap.c:2418
[<ffffffff816f2682>] do_munmap+0x712/0xf60 mm/mmap.c:2612
[<ffffffff816f3e90>] mmap_region+0x1d0/0x11a0 mm/mmap.c:1566
[<ffffffff816f55b3>] do_mmap+0x753/0x980 mm/mmap.c:1402
[< inline >] do_mmap_pgoff include/linux/mm.h:1925
[<ffffffff816aa44f>] vm_mmap_pgoff+0x15f/0x1b0 mm/util.c:328
[< inline >] SYSC_mmap_pgoff mm/mmap.c:1452
[<ffffffff816ef9b8>] SyS_mmap_pgoff+0xc8/0x580 mm/mmap.c:1410
[< inline >] SYSC_mmap arch/x86/kernel/sys_x86_64.c:95
[<ffffffff811afa46>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86
[<ffffffff86272ff6>] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
rcu_sched kthread starved for 26002 jiffies! g16336 c16335 f0x2
RCU_GP_WAIT_FQS(3) ->state=0x100
rcu_sched W ffff88003dfdfa98 29272 8 2 0x00000000
ffff88003dfdfa98 ffff88003ec16d40 ffff88003dfc6718 00ffed0007bfbf6f
ffff88003ec20a70 ffff88003ec20a48 ffff88003ec200d8 ffff88003dfc5f08
ffff88003ec200c0 ffffffff874ddc40 ffff88003dfc5f00 ffff88003dfd8000
Call Trace:
[<ffffffff86263a57>] schedule+0x97/0x1c0 kernel/sched/core.c:3311
[<ffffffff8626fbbb>] schedule_timeout+0x36b/0x920 kernel/time/timer.c:1531
[<ffffffff814ae693>] rcu_gp_kthread+0xae3/0x1b70 kernel/rcu/tree.c:2125
[<ffffffff813b2cef>] kthread+0x23f/0x2d0 drivers/block/aoe/aoecmd.c:1303
[<ffffffff862733af>] ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468
BUG: spinlock lockup suspected on CPU#2, a.out/32321
lock: 0xffff88006928dc18, .magic: dead4ead, .owner: a.out/32313, .owner_cpu: 0
CPU: 2 PID: 32321 Comm: a.out Not tainted 4.4.0+ #242
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
00000000ffffffff ffff8800339879b8 ffffffff82926eed ffff88006928dc18
ffff880063472f80 ffff8800333c4740 ffff8800339879f0 ffffffff81462f0d
ffffffff84ebd130 0000000000000000 ffff88006928dc18 ffff88006928dc28
Call Trace:
[< inline >] __dump_stack lib/dump_stack.c:15
[<ffffffff82926eed>] dump_stack+0x6f/0xa2 lib/dump_stack.c:50
[<ffffffff81462f0d>] spin_dump+0x14d/0x280 kernel/locking/spinlock_debug.c:67
[< inline >] __spin_lock_debug kernel/locking/spinlock_debug.c:117
[<ffffffff8146322d>] do_raw_spin_lock+0x15d/0x2b0
kernel/locking/spinlock_debug.c:137
[< inline >] __raw_spin_lock_irqsave
include/linux/spinlock_api_smp.h:119
[<ffffffff862729c7>] _raw_spin_lock_irqsave+0xa7/0xd0
kernel/locking/spinlock.c:159
[<ffffffff84ebd130>] _snd_timer_stop+0xa0/0x450 sound/core/timer.c:499
[<ffffffff84ebd504>] snd_timer_stop+0x24/0x140 sound/core/timer.c:535
[< inline >] snd_timer_user_start sound/core/timer.c:1725
[<ffffffff84ec4224>] snd_timer_user_ioctl+0x684/0x2540 sound/core/timer.c:1818
[< inline >] vfs_ioctl fs/ioctl.c:43
[<ffffffff817cbd3c>] do_vfs_ioctl+0x18c/0xfa0 fs/ioctl.c:674
[< inline >] SYSC_ioctl fs/ioctl.c:689
[<ffffffff817ccbdf>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:680
[<ffffffff86272ff6>] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
Sending NMI to all CPUs:
NMI backtrace for cpu 0
CPU: 0 PID: 32313 Comm: a.out Not tainted 4.4.0+ #242
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff880063472f80 ti: ffff880064cd8000 task.ti: ffff880064cd8000
RIP: 0010:[<ffffffff8144b9b0>] [<ffffffff8144b9b0>]
trace_hardirqs_off_caller+0x80/0x3d0
RSP: 0018:ffff880064cdf918 EFLAGS: 00000002
RAX: 0000000000000004 RBX: ffff880063472f80 RCX: ffff880063472f80
RDX: 0000000000000000 RSI: ffff880063473798 RDI: ffff88006347379c
RBP: ffff880064cdf930 R08: 0000000000000001 R09: 0000000000000002
R10: 0000000000000001 R11: 0000000000000001 R12: ffff880063472f80
R13: ffffffff86272b66 R14: 00000000ffffffff R15: ffff88006d717dc0
FS: 00007fcc8e404700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f274232de78 CR3: 000000006698e000 CR4: 00000000000006f0
Stack:
0000000000000086 ffff88006d717dc0 ffff880033a05c58 ffff880064cdf940
ffffffff8144bd0d ffff880064cdf960 ffffffff86272b66 1ffff1000c99bf30
ffff880033a05c28 ffff880064cdfa08 ffffffff814c2f00 ffff8800324ed998
Call Trace:
[<ffffffff8144bd0d>] trace_hardirqs_off+0xd/0x10 kernel/locking/lockdep.c:2657
[< inline >] __raw_spin_unlock_irqrestore
include/linux/spinlock_api_smp.h:162
[<ffffffff86272b66>] _raw_spin_unlock_irqrestore+0xa6/0xc0
kernel/locking/spinlock.c:191
[< inline >] unlock_hrtimer_base kernel/time/hrtimer.c:813
[<ffffffff814c2f00>] hrtimer_try_to_cancel+0x160/0x4a0
kernel/time/hrtimer.c:1047
[<ffffffff814c3262>] hrtimer_cancel+0x22/0x40 kernel/time/hrtimer.c:1065
[<ffffffff84ec6881>] snd_hrtimer_start+0x81/0x120 sound/core/hrtimer.c:93
[<ffffffff84ec0602>] snd_timer_start1+0x212/0x2b0 sound/core/timer.c:430
[<ffffffff84ec0c71>] snd_timer_start+0x121/0x1d0 sound/core/timer.c:473
[< inline >] snd_timer_user_start sound/core/timer.c:1728
[<ffffffff84ec42c0>] snd_timer_user_ioctl+0x720/0x2540 sound/core/timer.c:1818
[< inline >] vfs_ioctl fs/ioctl.c:43
[<ffffffff817cbd3c>] do_vfs_ioctl+0x18c/0xfa0 fs/ioctl.c:674
[< inline >] SYSC_ioctl fs/ioctl.c:689
[<ffffffff817ccbdf>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:680
[<ffffffff86272ff6>] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
Code: 4c 8b 24 25 c0 4e 01 00 49 8d bc 24 1c 08 00 00 48 b8 00 00 00
00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 <83>
c0 03 38 d0 7c 08 84 d2 0f 85 bf 02 00 00 41 8b b4 24 1c 08
NMI backtrace for cpu 1
CPU: 1 PID: 32322 Comm: a.out Not tainted 4.4.0+ #242
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff8800355fc740 ti: ffff880034620000 task.ti: ffff880034620000
RIP: 0010:[<ffffffff814f8f27>] [<ffffffff814f8f27>]
smp_call_function_single+0x227/0x340
RSP: 0018:ffff880034627878 EFLAGS: 00000297
RAX: ffff8800355fc740 RBX: ffff8800346278f0 RCX: ffff8800355fcf60
RDX: 0000000000000000 RSI: ffff8800355fcf60 RDI: 0000000000000286
RBP: ffff880034627918 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 00000000ffffffff R14: 1ffff100068c4f12 R15: dffffc0000000000
FS: 00007fd5c724e700(0000) GS:ffff88003ed00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007fd5c724de78 CR3: 0000000035627000 CR4: 00000000000006e0
Stack:
ffff8800346279e0 ffffffff81291720 0000000200000040 0000000041b58ab3
ffffffff8733ad2f ffffffff814f8d00 ffffffff881ca238 0000000000000000
BUG: spinlock lockup suspected on CPU#3, a.out/32311
lock: 0xffff88006928dc18, .magic: dead4ead, .owner: a.out/32313, .owner_cpu: 0
CPU: 3 PID: 32311 Comm: a.out Not tainted 4.4.0+ #242
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
00000000ffffffff ffff88006d707c60 ffffffff82926eed ffff88006928dc18
ffff880063472f80 ffff8800634717c0 ffff88006d707c98 ffffffff81462f0d
ffffffff84ebe3b7 ffffffff00000000 ffff88006928dc18 ffff88006928dc28
Call Trace:
<IRQ> [< inline >] __dump_stack lib/dump_stack.c:15
<IRQ> [<ffffffff82926eed>] dump_stack+0x6f/0xa2 lib/dump_stack.c:50
[<ffffffff81462f0d>] spin_dump+0x14d/0x280 kernel/locking/spinlock_debug.c:67
[< inline >] __spin_lock_debug kernel/locking/spinlock_debug.c:117
[<ffffffff8146322d>] do_raw_spin_lock+0x15d/0x2b0
kernel/locking/spinlock_debug.c:137
[< inline >] __raw_spin_lock include/linux/spinlock_api_smp.h:145
[<ffffffff86271f2b>] _raw_spin_lock+0x3b/0x50 kernel/locking/spinlock.c:151
[< inline >] spin_lock include/linux/spinlock.h:302
[<ffffffff84ebe3b7>] snd_timer_interrupt+0x677/0xbf0 sound/core/timer.c:745
[<ffffffff84ec6b26>] snd_hrtimer_callback+0x166/0x230 sound/core/hrtimer.c:54
[< inline >] __run_hrtimer kernel/time/hrtimer.c:1229
[<ffffffff814c3723>] __hrtimer_run_queues+0x363/0xc10
kernel/time/hrtimer.c:1293
[<ffffffff814c5732>] hrtimer_interrupt+0x182/0x430 kernel/time/hrtimer.c:1327
[<ffffffff8124e10f>] local_apic_timer_interrupt+0x6f/0xe0
arch/x86/kernel/apic/apic.c:907
[<ffffffff81251576>] smp_apic_timer_interrupt+0x76/0xa0
arch/x86/kernel/apic/apic.c:931
[<ffffffff86273dec>] apic_timer_interrupt+0x8c/0xa0
arch/x86/entry/entry_64.S:520
[< inline >] spin_unlock_irqrestore include/linux/spinlock.h:362
[<ffffffff84ec0c7f>] snd_timer_start+0x12f/0x1d0 sound/core/timer.c:474
[< inline >] snd_timer_user_start sound/core/timer.c:1728
[<ffffffff84ec42c0>] snd_timer_user_ioctl+0x720/0x2540 sound/core/timer.c:1818
[< inline >] vfs_ioctl fs/ioctl.c:43
[<ffffffff817cbd3c>] do_vfs_ioctl+0x18c/0xfa0 fs/ioctl.c:674
[< inline >] SYSC_ioctl fs/ioctl.c:689
[<ffffffff817ccbdf>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:680
[<ffffffff86272ff6>] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
ffffffff81291720 ffff8800346279e0 0000000000000003 fffffbfff1039670
Call Trace:
[<ffffffff814f99bc>] smp_call_function_many+0x59c/0x720 kernel/smp.c:435
[<ffffffff81291e96>] native_flush_tlb_others+0xd6/0x370 arch/x86/mm/tlb.c:154
[< inline >] flush_tlb_others ./arch/x86/include/asm/paravirt.h:329
[<ffffffff812925fc>] flush_tlb_mm_range+0x10c/0x550 arch/x86/mm/tlb.c:220
[<ffffffff816d3a32>] tlb_flush_mmu_tlbonly+0x1e2/0x3f0 mm/memory.c:242
[< inline >] tlb_flush_mmu mm/memory.c:263
[<ffffffff816d6acb>] tlb_finish_mmu+0x1b/0xa0 mm/memory.c:275
[<ffffffff816ea5ad>] unmap_region+0x22d/0x300 mm/mmap.c:2418
[<ffffffff816f2682>] do_munmap+0x712/0xf60 mm/mmap.c:2612
[<ffffffff816f3e90>] mmap_region+0x1d0/0x11a0 mm/mmap.c:1566
[<ffffffff816f55b3>] do_mmap+0x753/0x980 mm/mmap.c:1402
[< inline >] do_mmap_pgoff include/linux/mm.h:1925
[<ffffffff816aa44f>] vm_mmap_pgoff+0x15f/0x1b0 mm/util.c:328
[< inline >] SYSC_mmap_pgoff mm/mmap.c:1452
[<ffffffff816ef9b8>] SyS_mmap_pgoff+0xc8/0x580 mm/mmap.c:1410
[< inline >] SYSC_mmap arch/x86/kernel/sys_x86_64.c:95
[<ffffffff811afa46>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86
[<ffffffff86272ff6>] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
Code: 60 ff ff ff 48 8b 95 68 ff ff ff 48 8d 73 c0 8b bd 74 ff ff ff
e8 9a f9 ff ff 41 89 c4 8b 43 d8 a8 01 74 9a e8 1b b3 07 00 f3 90 <8b>
43 d8 a8 01 75 f2 eb 8a e8 0b b3 07 00 48 c7 c7 60 57 56 87
NMI backtrace for cpu 2
CPU: 2 PID: 32321 Comm: a.out Not tainted 4.4.0+ #242
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff8800333c4740 ti: ffff880033980000 task.ti: ffff880033980000
RIP: 0010:[<ffffffff81261bb6>] [<ffffffff81261bb6>]
flat_send_IPI_mask+0x156/0x290
RSP: 0018:ffff880033987940 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000c00 RCX: 0000000000000000
RDX: 0000000000000c00 RSI: 0000000000000000 RDI: ffffffffff5fc300
RBP: ffff880033987968 R08: 0000000000000001 R09: 0000000000000000
R10: fffffbfff10e18f2 R11: 1ffffffff12758b5 R12: 0000000000000086
R13: 000000000f000000 R14: ffffffff87561c60 R15: 0000000000000002
FS: 00007fd5c7a4f700(0000) GS:ffff88006d600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f2a48ebde78 CR3: 0000000035627000 CR4: 00000000000006e0
Stack:
ffffffff87561c60 ffffffff881ce320 0000000000000040 fffffbfff1039670
ffff88006d71a460 ffff880033987988 ffffffff812576bb ffffffff86603680
dffffc0000000000 ffff8800339879e0 ffffffff82932402 ffffffff82926f05
Call Trace:
[<ffffffff812576bb>] nmi_raise_cpu_backtrace+0x5b/0x70
arch/x86/kernel/apic/hw_nmi.c:33
[<ffffffff82932402>] nmi_trigger_all_cpu_backtrace+0x4b2/0x540
lib/nmi_backtrace.c:85
[<ffffffff81257704>] arch_trigger_all_cpu_backtrace+0x14/0x20
arch/x86/kernel/apic/hw_nmi.c:38
[< inline >] trigger_all_cpu_backtrace include/linux/nmi.h:41
[< inline >] __spin_lock_debug kernel/locking/spinlock_debug.c:119
[<ffffffff81463237>] do_raw_spin_lock+0x167/0x2b0
kernel/locking/spinlock_debug.c:137
[< inline >] __raw_spin_lock_irqsave
include/linux/spinlock_api_smp.h:119
[<ffffffff862729c7>] _raw_spin_lock_irqsave+0xa7/0xd0
kernel/locking/spinlock.c:159
[<ffffffff84ebd130>] _snd_timer_stop+0xa0/0x450 sound/core/timer.c:499
[<ffffffff84ebd504>] snd_timer_stop+0x24/0x140 sound/core/timer.c:535
[< inline >] snd_timer_user_start sound/core/timer.c:1725
[<ffffffff84ec4224>] snd_timer_user_ioctl+0x684/0x2540 sound/core/timer.c:1818
[< inline >] vfs_ioctl fs/ioctl.c:43
[<ffffffff817cbd3c>] do_vfs_ioctl+0x18c/0xfa0 fs/ioctl.c:674
[< inline >] SYSC_ioctl fs/ioctl.c:689
[<ffffffff817ccbdf>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:680
[<ffffffff86272ff6>] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
Code: 00 c3 5f ff 80 e6 10 75 e1 41 c1 e5 18 44 89 2c 25 10 c3 5f ff
44 89 fa 09 da 80 cf 04 41 83 ff 02 0f 44 d3 89 14 25 00 c3 5f ff <41>
f7 c4 00 02 00 00 74 4a e8 fc fd 1e 00 48 c7 c7 68 57 56 87
NMI backtrace for cpu 3
CPU: 3 PID: 32311 Comm: a.out Not tainted 4.4.0+ #242
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff8800634717c0 ti: ffff880065f40000 task.ti: ffff880065f40000
RIP: 0010:[<ffffffff82953fb8>] [<ffffffff82953fb8>] delay_tsc+0x18/0x70
RSP: 0018:ffff88006d707c88 EFLAGS: 00000086
RAX: 0000000071a66e06 RBX: ffff88006928dc18 RCX: 000000000000001e
RDX: 0000000000000064 RSI: 0000006471a66dc4 RDI: 0000000000000001
RBP: ffff88006d707c88 R08: 0000000000000003 R09: 0000000000000001
R10: ffff8800634717c0 R11: 0000000000000000 R12: ffff88006928dc28
R13: 000000009a9d2d40 R14: ffff88006928dc20 R15: 000000009a8c7d02
FS: 00007fbb31057700(0000) GS:ffff88006d700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007fcc8e403e78 CR3: 0000000032e86000 CR4: 00000000000006e0
Stack:
ffff88006d707c98 ffffffff82953f0a ffff88006d707cd0 ffffffff81463219
ffff88006928dc18 ffff8800324ee230 ffffed000d251b90 ffff8800324ee220
ffff8800324ee2b0 ffff88006d707cf0 ffffffff86271f2b ffffffff84ebe3b7
Call Trace:
<IRQ> d [<ffffffff82953f0a>] __delay+0xa/0x10 arch/x86/lib/delay.c:153
[< inline >] __spin_lock_debug kernel/locking/spinlock_debug.c:114
[<ffffffff81463219>] do_raw_spin_lock+0x149/0x2b0
kernel/locking/spinlock_debug.c:137
[< inline >] __raw_spin_lock include/linux/spinlock_api_smp.h:145
[<ffffffff86271f2b>] _raw_spin_lock+0x3b/0x50 kernel/locking/spinlock.c:151
[< inline >] spin_lock include/linux/spinlock.h:302
[<ffffffff84ebe3b7>] snd_timer_interrupt+0x677/0xbf0 sound/core/timer.c:745
[<ffffffff84ec6b26>] snd_hrtimer_callback+0x166/0x230 sound/core/hrtimer.c:54
[< inline >] __run_hrtimer kernel/time/hrtimer.c:1229
[<ffffffff814c3723>] __hrtimer_run_queues+0x363/0xc10
kernel/time/hrtimer.c:1293
[<ffffffff814c5732>] hrtimer_interrupt+0x182/0x430 kernel/time/hrtimer.c:1327
[<ffffffff8124e10f>] local_apic_timer_interrupt+0x6f/0xe0
arch/x86/kernel/apic/apic.c:907
[<ffffffff81251576>] smp_apic_timer_interrupt+0x76/0xa0
arch/x86/kernel/apic/apic.c:931
[<ffffffff86273dec>] apic_timer_interrupt+0x8c/0xa0
arch/x86/entry/entry_64.S:520
[< inline >] spin_unlock_irqrestore include/linux/spinlock.h:362
[<ffffffff84ec0c7f>] snd_timer_start+0x12f/0x1d0 sound/core/timer.c:474
[< inline >] snd_timer_user_start sound/core/timer.c:1728
[<ffffffff84ec42c0>] snd_timer_user_ioctl+0x720/0x2540 sound/core/timer.c:1818
[< inline >] vfs_ioctl fs/ioctl.c:43
[<ffffffff817cbd3c>] do_vfs_ioctl+0x18c/0xfa0 fs/ioctl.c:674
[< inline >] SYSC_ioctl fs/ioctl.c:689
[<ffffffff817ccbdf>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:680
[<ffffffff86272ff6>] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
Code: 48 8d 7a 01 ff 15 a9 ad f8 04 5d c3 0f 1f 80 00 00 00 00 55 65
ff 05 a8 0e 6c 7d 48 89 e5 65 44 8b 05 6d f1 6b 7d 0f ae e8 0f 31 <48>
c1 e2 20 48 89 d6 48 09 c6 0f ae e8 0f 31 48 c1 e2 20 48 09
On commit 67990608c8b95d2b8ccc29932376ae73d5818727 (Jan 12).
Powered by blists - more mailing lists