INFO: task systemd-udevd:26242 blocked for more than 143 seconds. Not tainted 5.8.0-rc4-next-20200710-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. systemd-udevd D25800 26242 3878 0x00004100 Call Trace: context_switch kernel/sched/core.c:3445 [inline] __schedule+0x8b4/0x1e80 kernel/sched/core.c:4169 schedule+0xd0/0x2a0 kernel/sched/core.c:4244 io_schedule+0xb5/0x120 kernel/sched/core.c:5935 wait_on_page_bit_common+0x34f/0xda0 mm/filemap.c:1124 wait_on_page_bit mm/filemap.c:1173 [inline] wait_on_page_locked include/linux/pagemap.h:643 [inline] wait_on_page_read mm/filemap.c:2790 [inline] do_read_cache_page+0x957/0x1390 mm/filemap.c:2833 read_mapping_page include/linux/pagemap.h:437 [inline] read_part_sector+0xf6/0x5af block/partitions/core.c:772 adfspart_check_ICS+0x9d/0xc90 block/partitions/acorn.c:360 check_partition block/partitions/core.c:140 [inline] blk_add_partitions+0x44b/0xe10 block/partitions/core.c:700 bdev_disk_changed+0x1ea/0x370 fs/block_dev.c:1488 __blkdev_get+0x142b/0x16e0 fs/block_dev.c:1624 blkdev_get+0x45/0x4d0 fs/block_dev.c:1689 blkdev_open+0x21d/0x2b0 fs/block_dev.c:1831 do_dentry_open+0x4b9/0x11b0 fs/open.c:822 do_open fs/namei.c:3249 [inline] path_openat+0x1bb9/0x2750 fs/namei.c:3366 do_filp_open+0x17e/0x3c0 fs/namei.c:3393 do_sys_openat2+0x16f/0x3b0 fs/open.c:1173 do_sys_open fs/open.c:1189 [inline] ksys_open include/linux/syscalls.h:1398 [inline] __do_sys_open fs/open.c:1195 [inline] __se_sys_open fs/open.c:1193 [inline] __x64_sys_open+0x119/0x1c0 fs/open.c:1193 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fbb20a49840 Code: Bad RIP value. RSP: 002b:00007ffdd2169d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00005594f4b6a370 RCX: 00007fbb20a49840 RDX: 00005594f2cfdfe3 RSI: 00000000000a0800 RDI: 00005594f4b7df60 RBP: 00007ffdd2169eb0 R08: 00005594f2cfd670 R09: 0000000000000010 R10: 00005594f2cfdd0c R11: 0000000000000246 R12: 00007ffdd2169e00 R13: 00005594f4b7ed90 R14: 0000000000000003 R15: 000000000000000e INFO: task syz-executor.4:7661 can't die for more than 145 seconds. syz-executor.4 D28560 7661 7268 0x00004004 Call Trace: context_switch kernel/sched/core.c:3445 [inline] __schedule+0x8b4/0x1e80 kernel/sched/core.c:4169 schedule+0xd0/0x2a0 kernel/sched/core.c:4244 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4303 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x3e2/0x10d0 kernel/locking/mutex.c:1103 blkdev_put+0x30/0x520 fs/block_dev.c:1882 blkdev_close+0x8c/0xb0 fs/block_dev.c:1931 __fput+0x33c/0x880 fs/file_table.c:281 task_work_run+0xdd/0x190 kernel/task_work.c:135 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop arch/x86/entry/common.c:239 [inline] __prepare_exit_to_usermode+0x1e9/0x1f0 arch/x86/entry/common.c:269 do_syscall_64+0x6c/0xe0 arch/x86/entry/common.c:393 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45cba9 Code: Bad RIP value. RSP: 002b:00007f94827d3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: 0000000000000000 RBX: 00000000004ea300 RCX: 000000000045cba9 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000418 R14: 00000000004c6f09 R15: 00007f94827d46d4 INFO: task syz-executor.4:7661 blocked for more than 146 seconds. Not tainted 5.8.0-rc4-next-20200710-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28560 7661 7268 0x00004004 Call Trace: context_switch kernel/sched/core.c:3445 [inline] __schedule+0x8b4/0x1e80 kernel/sched/core.c:4169 schedule+0xd0/0x2a0 kernel/sched/core.c:4244 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4303 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x3e2/0x10d0 kernel/locking/mutex.c:1103 blkdev_put+0x30/0x520 fs/block_dev.c:1882 blkdev_close+0x8c/0xb0 fs/block_dev.c:1931 __fput+0x33c/0x880 fs/file_table.c:281 task_work_run+0xdd/0x190 kernel/task_work.c:135 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop arch/x86/entry/common.c:239 [inline] __prepare_exit_to_usermode+0x1e9/0x1f0 arch/x86/entry/common.c:269 do_syscall_64+0x6c/0xe0 arch/x86/entry/common.c:393 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45cba9 Code: Bad RIP value. RSP: 002b:00007f94827d3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: 0000000000000000 RBX: 00000000004ea300 RCX: 000000000045cba9 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000418 R14: 00000000004c6f09 R15: 00007f94827d46d4 INFO: task syz-executor.4:7674 can't die for more than 146 seconds. syz-executor.4 D28736 7674 7268 0x00000004 Call Trace: context_switch kernel/sched/core.c:3445 [inline] __schedule+0x8b4/0x1e80 kernel/sched/core.c:4169 schedule+0xd0/0x2a0 kernel/sched/core.c:4244 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4303 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x3e2/0x10d0 kernel/locking/mutex.c:1103 __blkdev_get+0x164/0x16e0 fs/block_dev.c:1543 blkdev_get+0x45/0x4d0 fs/block_dev.c:1689 blkdev_open+0x21d/0x2b0 fs/block_dev.c:1831 do_dentry_open+0x4b9/0x11b0 fs/open.c:822 do_open fs/namei.c:3249 [inline] path_openat+0x1bb9/0x2750 fs/namei.c:3366 do_filp_open+0x17e/0x3c0 fs/namei.c:3393 do_sys_openat2+0x16f/0x3b0 fs/open.c:1173 do_sys_open fs/open.c:1189 [inline] ksys_open include/linux/syscalls.h:1398 [inline] __do_sys_open fs/open.c:1195 [inline] __se_sys_open fs/open.c:1193 [inline] __x64_sys_open+0x119/0x1c0 fs/open.c:1193 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x416921 Code: Bad RIP value. RSP: 002b:00007f94827917a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 0000000000416921 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f9482791850 RBP: 000000000078c040 R08: 000000000000000f R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000c7a R14: 00000000004cec75 R15: 00007f94827926d4 INFO: task syz-executor.4:7674 blocked for more than 148 seconds. Not tainted 5.8.0-rc4-next-20200710-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28736 7674 7268 0x00000004 Call Trace: context_switch kernel/sched/core.c:3445 [inline] __schedule+0x8b4/0x1e80 kernel/sched/core.c:4169 schedule+0xd0/0x2a0 kernel/sched/core.c:4244 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4303 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x3e2/0x10d0 kernel/locking/mutex.c:1103 __blkdev_get+0x164/0x16e0 fs/block_dev.c:1543 blkdev_get+0x45/0x4d0 fs/block_dev.c:1689 blkdev_open+0x21d/0x2b0 fs/block_dev.c:1831 do_dentry_open+0x4b9/0x11b0 fs/open.c:822 do_open fs/namei.c:3249 [inline] path_openat+0x1bb9/0x2750 fs/namei.c:3366 do_filp_open+0x17e/0x3c0 fs/namei.c:3393 do_sys_openat2+0x16f/0x3b0 fs/open.c:1173 do_sys_open fs/open.c:1189 [inline] ksys_open include/linux/syscalls.h:1398 [inline] __do_sys_open fs/open.c:1195 [inline] __se_sys_open fs/open.c:1193 [inline] __x64_sys_open+0x119/0x1c0 fs/open.c:1193 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x416921 Code: Bad RIP value. RSP: 002b:00007f94827917a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 0000000000416921 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f9482791850 RBP: 000000000078c040 R08: 000000000000000f R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00000000ffffffff R13: 0000000000000c7a R14: 00000000004cec75 R15: 00007f94827926d4 Showing all locks held in the system: 1 lock held by khungtaskd/1156: #0: ffffffff89bc2e40 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:5779 1 lock held by in:imklog/6704: #0: ffff88809550d3f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:930 2 locks held by systemd-udevd/26214: #0: ffff88808a9ac980 (&bdev->bd_mutex){+.+.}-{3:3}, at: __blkdev_put+0xfc/0x890 fs/block_dev.c:1849 #1: ffff88821873ed90 (&nbd->config_lock){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock lib/refcount.c:118 [inline] #1: ffff88821873ed90 (&nbd->config_lock){+.+.}-{3:3}, at: refcount_dec_and_mutex_lock+0x50/0x140 lib/refcount.c:113 1 lock held by systemd-udevd/26242: #0: ffff88808a9cb100 (&bdev->bd_mutex){+.+.}-{3:3}, at: __blkdev_get+0x164/0x16e0 fs/block_dev.c:1543 4 locks held by kworker/u4:9/2795: 1 lock held by systemd-udevd/15430: 1 lock held by syz-executor.4/7661: #0: ffff88808a9cb100 (&bdev->bd_mutex){+.+.}-{3:3}, at: blkdev_put+0x30/0x520 fs/block_dev.c:1882 1 lock held by syz-executor.4/7674: #0: ffff88808a9cb100 (&bdev->bd_mutex){+.+.}-{3:3}, at: __blkdev_get+0x164/0x16e0 fs/block_dev.c:1543 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1156 Comm: khungtaskd Not tainted 5.8.0-rc4-next-20200710-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x18f/0x20d lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x1b3/0x223 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:147 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:253 [inline] watchdog+0xd89/0xf30 kernel/hung_task.c:339 kthread+0x3b5/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 32181 Comm: kworker/1:2 Not tainted 5.8.0-rc4-next-20200710-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events nsim_dev_trap_report_work RIP: 0010:__raw_callee_save___pv_queued_spin_unlock+0xc/0x12 Code: 56 57 41 50 41 51 41 52 41 53 e8 ff 14 00 00 41 5b 41 5a 41 59 41 58 5f 5e 5a 59 c3 66 90 52 b8 01 00 00 00 31 d2 f0 0f b0 17 <3c> 01 75 02 5a c3 56 0f b6 f0 e8 c5 ff ff ff 5e 5a c3 66 90 48 b8 RSP: 0018:ffffc90017e9fab8 EFLAGS: 00000046 RAX: 0000000000000001 RBX: 0000000000000082 RCX: ffffffff815b2df0 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8cbc31a0 RBP: ffffffff8cbc31a0 R08: 0000000000000000 R09: ffffffff8cbc31a3 R10: fffffbfff1978634 R11: 0000000000000000 R12: ffffffff8cbc31a8 R13: ffffffff8cbc31b0 R14: dead000000000100 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa320d25000 CR3: 000000009b16a000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: pv_queued_spin_unlock arch/x86/include/asm/paravirt.h:656 [inline] queued_spin_unlock arch/x86/include/asm/qspinlock.h:55 [inline] do_raw_spin_unlock+0x171/0x230 kernel/locking/spinlock_debug.c:139 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:159 [inline] _raw_spin_unlock_irqrestore+0x1e/0xe0 kernel/locking/spinlock.c:191 __debug_check_no_obj_freed lib/debugobjects.c:977 [inline] debug_check_no_obj_freed+0x20c/0x41c lib/debugobjects.c:998 kfree+0xf0/0x2c0 mm/slab.c:3755 skb_free_head net/core/skbuff.c:590 [inline] skb_release_data+0x6d9/0x910 net/core/skbuff.c:610 skb_release_all net/core/skbuff.c:664 [inline] __kfree_skb net/core/skbuff.c:678 [inline] consume_skb net/core/skbuff.c:837 [inline] consume_skb+0xc2/0x160 net/core/skbuff.c:831 nsim_dev_trap_report drivers/net/netdevsim/dev.c:573 [inline] nsim_dev_trap_report_work+0x889/0xbe0 drivers/net/netdevsim/dev.c:598 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 kthread+0x3b5/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294