INFO: task syz-executor.2:335 blocked for more than 140 seconds. Not tainted 4.19.48 #20 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28152 335 7847 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x80d/0x1c70 kernel/sched/core.c:3474 schedule+0x92/0x1c0 kernel/sched/core.c:3518 schedule_timeout+0x8c8/0xfc0 kernel/time/timer.c:1780 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x29c/0x440 kernel/sched/completion.c:136 __flush_work+0x49f/0x880 kernel/workqueue.c:2920 flush_work+0x18/0x20 kernel/workqueue.c:2941 lru_add_drain_all+0x3a6/0x500 mm/swap.c:699 invalidate_bdev+0xa0/0xe0 fs/block_dev.c:97 __loop_clr_fd+0x387/0xd70 drivers/block/loop.c:1082 loop_clr_fd drivers/block/loop.c:1178 [inline] lo_ioctl+0x373/0x20e0 drivers/block/loop.c:1547 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0xc38/0x1ac0 block/ioctl.c:601 block_ioctl+0xee/0x130 fs/block_dev.c:1891 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xd5f/0x1380 fs/ioctl.c:688 ksys_ioctl+0xab/0xd0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:710 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4590e7 Code: Bad RIP value. RSP: 002b:00007f3a27cffa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f3a27cffb40 RCX: 00000000004590e7 RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000004 RBP: 0000000000000000 R08: 00007f3a27cffb40 R09: 00007f3a27cffae0 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000003 R13: 00000000004c7fb7 R14: 00000000004de530 R15: 00000000ffffffff INFO: task syz-executor.5:338 blocked for more than 140 seconds. Not tainted 4.19.48 #20 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D28472 338 7856 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x80d/0x1c70 kernel/sched/core.c:3474 schedule+0x92/0x1c0 kernel/sched/core.c:3518 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3576 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x726/0x1300 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 lo_release+0x1f/0x200 drivers/block/loop.c:1756 __blkdev_put+0x4d1/0x810 fs/block_dev.c:1804 blkdev_put+0x98/0x560 fs/block_dev.c:1866 blkdev_close+0x8b/0xb0 fs/block_dev.c:1873 __fput+0x2dd/0x8b0 fs/file_table.c:278 ____fput+0x16/0x20 fs/file_table.c:309 task_work_run+0x145/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x273/0x2c0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x53d/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x412f61 Code: 00 00 00 00 00 80 3b 2d 0f 84 cb 02 00 00 8b 05 59 a7 24 00 89 85 e4 00 00 00 48 c7 85 18 01 00 00 00 00 00 00 0f b6 03 3c 2f <0f> 87 69 01 00 00 3c 2e 0f 82 c1 01 00 00 be 01 00 00 00 4c 89 e7 RSP: 002b:00007f008e674a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 00007f008e674b40 RCX: 0000000000412f61 RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000004 RBP: 0000000000000000 R08: 00007f008e674b40 R09: 00007f008e674ae0 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 R13: 00000000004c7fb7 R14: 00000000004de530 R15: 00000000ffffffff INFO: task syz-executor.5:368 blocked for more than 140 seconds. Not tainted 4.19.48 #20 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D28872 368 7856 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x80d/0x1c70 kernel/sched/core.c:3474 schedule+0x92/0x1c0 kernel/sched/core.c:3518 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3576 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x726/0x1300 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __blkdev_get+0x19b/0x1660 fs/block_dev.c:1471 blkdev_get+0xc4/0x990 fs/block_dev.c:1625 blkdev_open+0x205/0x290 fs/block_dev.c:1783 do_dentry_open+0x4c3/0x1200 fs/open.c:777 vfs_open+0xa0/0xd0 fs/open.c:886 do_last fs/namei.c:3418 [inline] path_openat+0x10d7/0x4690 fs/namei.c:3534 do_filp_open+0x1a1/0x280 fs/namei.c:3564 do_sys_open+0x3fe/0x550 fs/open.c:1069 __do_sys_open fs/open.c:1087 [inline] __se_sys_open fs/open.c:1082 [inline] __x64_sys_open+0x7e/0xc0 fs/open.c:1082 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413161 Code: 00 00 4c 89 e7 e8 7f be 00 00 85 c0 41 89 c7 0f 84 ec 00 00 00 41 81 ff 29 f8 ff ff 75 8b 49 89 2e 49 89 5d 00 eb a5 66 90 be <02> 00 00 00 4c 89 e7 e8 53 be 00 00 85 c0 41 89 c7 75 d8 48 8b 05 RSP: 002b:00007f008e653a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000413161 RDX: 00007f008e653b0a RSI: 0000000000000002 RDI: 00007f008e653b00 RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000003 R13: 00000000004c7fb7 R14: 00000000004de530 R15: 00000000ffffffff INFO: task syz-executor.0:357 blocked for more than 140 seconds. Not tainted 4.19.48 #20 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28872 357 7840 0x00000006 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x80d/0x1c70 kernel/sched/core.c:3474 schedule+0x92/0x1c0 kernel/sched/core.c:3518 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3576 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x726/0x1300 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 blkdev_put+0x34/0x560 fs/block_dev.c:1824 blkdev_close+0x8b/0xb0 fs/block_dev.c:1873 __fput+0x2dd/0x8b0 fs/file_table.c:278 ____fput+0x16/0x20 fs/file_table.c:309 task_work_run+0x145/0x1c0 kernel/task_work.c:113 get_signal+0x195e/0x1d50 kernel/signal.c:2385 do_signal+0x95/0x1960 arch/x86/kernel/signal.c:821 exit_to_usermode_loop+0x244/0x2c0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x53d/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4590e7 Code: Bad RIP value. RSP: 002b:00007f64a916ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: fffffffffffffffc RBX: 00007f64a916d6d4 RCX: 00000000004590e7 RDX: 0000000000000003 RSI: 0000000000004c00 RDI: 0000000000000004 RBP: 0000000000000004 R08: 0000000000000000 R09: 000000000000000a R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 R13: 00000000004c7fb7 R14: 00000000004de530 R15: 00000000ffffffff INFO: task blkid:359 blocked for more than 140 seconds. Not tainted 4.19.48 #20 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. blkid D28728 359 7809 0x00000004 Call Trace: context_switch kernel/sched/core.c:2826 [inline] __schedule+0x80d/0x1c70 kernel/sched/core.c:3474 schedule+0x92/0x1c0 kernel/sched/core.c:3518 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3576 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x726/0x1300 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 __blkdev_get+0x19b/0x1660 fs/block_dev.c:1471 blkdev_get+0xc4/0x990 fs/block_dev.c:1625 blkdev_open+0x205/0x290 fs/block_dev.c:1783 do_dentry_open+0x4c3/0x1200 fs/open.c:777 vfs_open+0xa0/0xd0 fs/open.c:886 do_last fs/namei.c:3418 [inline] path_openat+0x10d7/0x4690 fs/namei.c:3534 do_filp_open+0x1a1/0x280 fs/namei.c:3564 do_sys_open+0x3fe/0x550 fs/open.c:1069 __do_sys_open fs/open.c:1087 [inline] __se_sys_open fs/open.c:1082 [inline] __x64_sys_open+0x7e/0xc0 fs/open.c:1082 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f122a590120 Code: Bad RIP value. RSP: 002b:00007ffeecea8378 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f122a590120 RDX: 00007ffeecea8f40 RSI: 0000000000000000 RDI: 00007ffeecea8f40 RBP: 0000000000000000 R08: 0000000000000078 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001725030 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000005 Showing all locks held in the system: 1 lock held by khungtaskd/1032: #0: 00000000b6650842 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:4435 1 lock held by rsyslogd/7675: #0: 0000000031879785 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:767 2 locks held by getty/7798: #0: 000000003343cbc3 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:363 #1: 00000000a9191617 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154 2 locks held by getty/7799: #0: 0000000014b0205d (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:363 #1: 000000000d971a1c (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154 2 locks held by getty/7800: #0: 0000000019425a40 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:363 #1: 000000007036b80c (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154 2 locks held by getty/7801: #0: 00000000109f1058 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:363 #1: 00000000dd09f7d7 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154 2 locks held by getty/7802: #0: 000000003212f2cd (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:363 #1: 000000005c264440 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154 2 locks held by getty/7803: #0: 000000005943e250 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:363 #1: 000000004e61de5c (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154 2 locks held by getty/7804: #0: 00000000fc35e075 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:363 #1: 000000008ef21fb4 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b30 drivers/tty/n_tty.c:2154 2 locks held by syz-executor.1/7843: #0: 00000000e879584d (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 #1: 000000006081ff97 (cpu_hotplug_lock.rw_sem){++++}, at: get_online_cpus include/linux/cpu.h:132 [inline] #1: 000000006081ff97 (cpu_hotplug_lock.rw_sem){++++}, at: flush_all_backlogs net/core/dev.c:5283 [inline] #1: 000000006081ff97 (cpu_hotplug_lock.rw_sem){++++}, at: rollback_registered_many+0x4f0/0xf90 net/core/dev.c:7990 3 locks held by kworker/0:4/7861: #0: 00000000b643021c ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:220 [inline] #0: 00000000b643021c ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 00000000b643021c ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 00000000b643021c ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 00000000b643021c ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 00000000b643021c ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 00000000b643021c ((wq_completion)"events"){+.+.}, at: process_one_work+0x87e/0x1750 kernel/workqueue.c:2124 #1: 0000000025f09197 ((linkwatch_work).work){+.+.}, at: process_one_work+0x8b4/0x1750 kernel/workqueue.c:2128 #2: 00000000e879584d (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77 2 locks held by syz-executor.3/330: #0: 00000000d67361c5 (&bdev->bd_mutex){+.+.}, at: __blkdev_put+0xbb/0x810 fs/block_dev.c:1791 #1: 0000000027ab441e (loop_ctl_mutex){+.+.}, at: lo_release+0x1f/0x200 drivers/block/loop.c:1756 1 lock held by syz-executor.3/347: 2 locks held by syz-executor.2/335: #0: 0000000027ab441e (loop_ctl_mutex){+.+.}, at: __loop_clr_fd+0x88/0xd70 drivers/block/loop.c:1047 #1: 00000000468200a0 (lock#6){+.+.}, at: lru_add_drain_all+0x60/0x500 mm/swap.c:681 2 locks held by syz-executor.5/338: #0: 00000000b5e9aa9d (&bdev->bd_mutex){+.+.}, at: __blkdev_put+0xbb/0x810 fs/block_dev.c:1791 #1: 0000000027ab441e (loop_ctl_mutex){+.+.}, at: lo_release+0x1f/0x200 drivers/block/loop.c:1756 1 lock held by syz-executor.5/368: #0: 00000000b5e9aa9d (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x19b/0x1660 fs/block_dev.c:1471 1 lock held by syz-executor.0/357: #0: 00000000d67361c5 (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x34/0x560 fs/block_dev.c:1824 1 lock held by syz-executor.0/369: #0: 00000000d67361c5 (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x19b/0x1660 fs/block_dev.c:1471 1 lock held by blkid/359: #0: 00000000b5e9aa9d (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x19b/0x1660 fs/block_dev.c:1471 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1032 Comm: khungtaskd Not tainted 4.19.48 #20 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 nmi_cpu_backtrace.cold+0x63/0xa4 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1b0/0x1f8 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x9df/0xee0 kernel/hung_task.c:287 kthread+0x354/0x420 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 347 Comm: syz-executor.3 Not tainted 4.19.48 #20 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:rcu_is_watching+0x1/0x30 kernel/rcu/tree.c:1021 Code: 83 e0 01 c3 4c 89 e7 e8 ed 07 48 00 eb e2 48 89 45 e8 e8 02 08 48 00 48 8b 45 e8 eb 94 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 <48> 89 e5 65 ff 05 15 8e a8 7e e8 40 ff ff ff 83 f0 01 65 ff 0d 06 RSP: 0018:ffff888058097410 EFLAGS: 00000246 RAX: 0000000000040000 RBX: ffff8880608d0ec0 RCX: ffffc9000c6b3000 RDX: 0000000000040000 RSI: ffffffff8188a090 RDI: 0000000000000001 RBP: ffff8880580974e8 R08: ffff88805f4ee1c0 R09: 0000000000000002 R10: ffff88805f4eea90 R11: 73f4ae22fb1a440e R12: 0000000000000000 R13: 0000000000000080 R14: 0000000000000000 R15: 0000000000000028 FS: 00007fa3cb478700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2e42b000 CR3: 000000009751b000 CR4: 00000000001406e0 Call Trace: generic_perform_write+0x353/0x520 mm/filemap.c:3175 __generic_file_write_iter+0x25e/0x630 mm/filemap.c:3264 ext4_file_write_iter+0x32b/0x1060 fs/ext4/file.c:266 call_write_iter include/linux/fs.h:1820 [inline] do_iter_readv_writev+0x558/0x830 fs/read_write.c:681 do_iter_write fs/read_write.c:960 [inline] do_iter_write+0x184/0x5f0 fs/read_write.c:941 vfs_iter_write+0x77/0xb0 fs/read_write.c:973 iter_file_splice_write+0x661/0xbd0 fs/splice.c:750 do_splice_from fs/splice.c:852 [inline] direct_splice_actor+0x123/0x190 fs/splice.c:1019 splice_direct_to_actor+0x2e7/0x890 fs/splice.c:974 do_splice_direct+0x1da/0x2a0 fs/splice.c:1062 do_sendfile+0x597/0xce0 fs/read_write.c:1447 __do_sys_sendfile64 fs/read_write.c:1508 [inline] __se_sys_sendfile64 fs/read_write.c:1494 [inline] __x64_sys_sendfile64+0x1dd/0x220 fs/read_write.c:1494 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459279 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fa3cb477c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459279 RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fa3cb4786d4 R13: 00000000004c65f3 R14: 00000000004db2a8 R15: 00000000ffffffff