INFO: task syz-executor.5:2102 blocked for more than 140 seconds. Not tainted 4.9.205-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D24856 2102 1 0x00000004 0000000000000083 ffff8801d7fd2f80 ffff8801d48b4200 ffff8801db71ffc0 ffff8801d05c0000 ffff8801db71ffd8 ffff8801a8fff688 ffffffff8280a6ae 0000000041b58ab3 ffffffff82e2ad80 00ffffff81205320 ffff8801db7208b0 Call Trace: [<00000000d07ba01c>] schedule+0x92/0x1c0 kernel/sched/core.c:3546 [<000000000cf5550d>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3579 [<00000000f16c100e>] __mutex_lock_common kernel/locking/mutex.c:582 [inline] [<00000000f16c100e>] mutex_lock_nested+0x38d/0x920 kernel/locking/mutex.c:621 [<00000000eec9f6c0>] lo_open+0x1d/0xb0 drivers/block/loop.c:1622 [<00000000174a0a9f>] __blkdev_get+0x268/0xeb0 fs/block_dev.c:1287 [<0000000068c675ed>] blkdev_get+0x2e8/0x920 fs/block_dev.c:1424 [<000000005ccc9370>] blkdev_open+0x1aa/0x250 fs/block_dev.c:1579 [<00000000eb1228f3>] do_dentry_open+0x422/0xd20 fs/open.c:791 [<000000008871bd7c>] vfs_open+0x105/0x230 fs/open.c:904 [<00000000943039dc>] do_last fs/namei.c:3457 [inline] [<00000000943039dc>] path_openat+0xbf5/0x2f60 fs/namei.c:3581 [<00000000ebc8d543>] do_filp_open+0x1a1/0x280 fs/namei.c:3615 [<00000000d078ed15>] do_sys_open+0x2f0/0x610 fs/open.c:1097 [<0000000007927ac7>] SYSC_open fs/open.c:1115 [inline] [<0000000007927ac7>] SyS_open+0x2d/0x40 fs/open.c:1110 [<00000000eb1c94b9>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000c2caaff5>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [<0000000091d00a22>] check_hung_uninterruptible_tasks kernel/hung_task.c:169 [inline] #0: (rcu_read_lock){......}, at: [<0000000091d00a22>] watchdog+0x14b/0xaf0 kernel/hung_task.c:263 #1: (tasklist_lock){.+.+..}, at: [<00000000dfeec852>] debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4339 1 lock held by rsyslogd/1897: #0: (&f->f_pos_lock){+.+.+.}, at: [<0000000012b38659>] __fdget_pos+0xa8/0xd0 fs/file.c:782 2 locks held by getty/2025: #0: (&tty->ldisc_sem){++++++}, at: [<000000007ec58e7d>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376 #1: (&ldata->atomic_read_lock){+.+...}, at: [<000000003a5558ba>] n_tty_read+0x1fe/0x1820 drivers/tty/n_tty.c:2156 2 locks held by syz-executor.5/2102: #0: (&bdev->bd_mutex){+.+.+.}, at: [<000000002f12e8dd>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273 #1: (loop_index_mutex){+.+.+.}, at: [<00000000eec9f6c0>] lo_open+0x1d/0xb0 drivers/block/loop.c:1622 1 lock held by syz-executor.4/2117: #0: (&bdev->bd_mutex){+.+.+.}, at: [<000000002f12e8dd>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273 2 locks held by syz-executor.3/2130: #0: (&bdev->bd_mutex){+.+.+.}, at: [<000000002f12e8dd>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273 #1: (loop_index_mutex){+.+.+.}, at: [<00000000eec9f6c0>] lo_open+0x1d/0xb0 drivers/block/loop.c:1622 1 lock held by syz-executor.1/4308: #0: (&bdev->bd_mutex){+.+.+.}, at: [<000000000fa3807b>] blkdev_put+0x2b/0x560 fs/block_dev.c:1629 2 locks held by syz-executor.1/4326: #0: (&bdev->bd_mutex){+.+.+.}, at: [<000000002f12e8dd>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273 #1: (loop_index_mutex){+.+.+.}, at: [<00000000eec9f6c0>] lo_open+0x1d/0xb0 drivers/block/loop.c:1622 2 locks held by syz-executor.2/4317: #0: (loop_index_mutex){+.+.+.}, at: [<00000000afe0dc68>] loop_control_ioctl+0x7a/0x320 drivers/block/loop.c:1974 #1: (&lo->lo_ctl_mutex#2){+.+.+.}, at: [<0000000052abcaec>] loop_control_ioctl+0x17f/0x320 drivers/block/loop.c:1988 1 lock held by syz-executor.2/4324: #0: (loop_index_mutex){+.+.+.}, at: [<00000000afe0dc68>] loop_control_ioctl+0x7a/0x320 drivers/block/loop.c:1974 2 locks held by syz-executor.0/4316: #0: (&lo->lo_ctl_mutex/1){+.+.+.}, at: [<000000009ef9f403>] lo_ioctl+0x8e/0x1b10 drivers/block/loop.c:1404 #1: (&bdev->bd_mutex){+.+.+.}, at: [<0000000023e85738>] blkdev_reread_part+0x1f/0x40 block/ioctl.c:189 1 lock held by syz-executor.0/4329: #0: (&bdev->bd_mutex){+.+.+.}, at: [<000000002f12e8dd>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273 1 lock held by blkid/4315: #0: (&bdev->bd_mutex){+.+.+.}, at: [<000000000fa3807b>] blkdev_put+0x2b/0x560 fs/block_dev.c:1629 2 locks held by syz-executor.4/4322: #0: (&bdev->bd_mutex){+.+.+.}, at: [<000000002f12e8dd>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273 #1: (loop_index_mutex){+.+.+.}, at: [<00000000eec9f6c0>] lo_open+0x1d/0xb0 drivers/block/loop.c:1622 2 locks held by blkid/4323: #0: (&bdev->bd_mutex){+.+.+.}, at: [<000000002f12e8dd>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273 #1: (loop_index_mutex){+.+.+.}, at: [<00000000eec9f6c0>] lo_open+0x1d/0xb0 drivers/block/loop.c:1622 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 24 Comm: khungtaskd Not tainted 4.9.205-syzkaller #0 ffff8801d98d7cc8 ffffffff81b55e6b 0000000000000000 0000000000000000 0000000000000000 ffffffff8109a001 dffffc0000000000 ffff8801d98d7d00 ffffffff81b6110c 0000000000000000 0000000000000000 0000000000000000 Call Trace: [<0000000033c33b79>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000033c33b79>] dump_stack+0xcb/0x130 lib/dump_stack.c:56 [<00000000d517474c>] nmi_cpu_backtrace.cold+0x47/0x87 lib/nmi_backtrace.c:99 [<000000004cfcf5e9>] nmi_trigger_cpumask_backtrace+0x124/0x155 lib/nmi_backtrace.c:60 [<000000004bbb806e>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [<000000002223b01d>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [<000000002223b01d>] check_hung_task kernel/hung_task.c:126 [inline] [<000000002223b01d>] check_hung_uninterruptible_tasks kernel/hung_task.c:183 [inline] [<000000002223b01d>] watchdog+0x670/0xaf0 kernel/hung_task.c:263 [<0000000035c4b6f5>] kthread+0x278/0x310 kernel/kthread.c:211 [<000000004b644164>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.9.205-syzkaller #0 task: 000000002bda0aba task.stack: 00000000c8af286a RIP: 0010:[] c [<0000000073ce6749>] timerqueue_del+0x68/0x170 lib/timerqueue.c:86 RSP: 0018:ffff8801da6d7c58 EFLAGS: 00000083 RAX: dffffc0000000000 RBX: ffff8801db71cb00 RCX: 0000000000000001 RDX: 1ffff1003b6e38bb RSI: ffffffff81b73831 RDI: ffff8801db71c5d0 RBP: ffff8801da6d7c78 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000001 R12: ffff8801db71c5d0 R13: ffff8801db71c5d8 R14: 0000000000000001 R15: ffff8801db71c500 FS: 0000000000000000(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000018e7fe0 CR3: 00000001d18de000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8801da6b2f80c ffff8801db71cb00c ffff8801db71c5c0c 0000000000000000c ffff8801da6d7cb0c ffffffff8126f18ec ffff8801db71cb00c 1ffff1003b4daf9ac ffff8801db71c500c 000000000001c500c ffff8801db71cb30c ffff8801da6d7d58c Call Trace: [<00000000ee05bce0>] __remove_hrtimer+0x8e/0x250 kernel/time/hrtimer.c:899 [<000000003d16a8f2>] remove_hrtimer kernel/time/hrtimer.c:941 [inline] [<000000003d16a8f2>] hrtimer_try_to_cancel kernel/time/hrtimer.c:1042 [inline] [<000000003d16a8f2>] hrtimer_try_to_cancel+0x28c/0x590 kernel/time/hrtimer.c:1024 [<00000000c16ed569>] hrtimer_cancel+0x22/0x40 kernel/time/hrtimer.c:1062 [<000000004ab044a6>] tick_nohz_restart+0x24/0x200 kernel/time/tick-sched.c:654 [<00000000a714b3d8>] tick_nohz_restart_sched_tick kernel/time/tick-sched.c:850 [inline] [<00000000a714b3d8>] tick_nohz_idle_exit+0x24c/0x3e0 kernel/time/tick-sched.c:1070 [<0000000086bd2868>] cpu_idle_loop kernel/sched/idle.c:262 [inline] [<0000000086bd2868>] cpu_startup_entry+0x32f/0x3a0 kernel/sched/idle.c:303 [<00000000c5fbde73>] start_secondary+0x31c/0x410 arch/x86/kernel/smpboot.c:251 Code: cef cee c7a cff c4d c8d c6c c24 c08 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c4c c89 cea c48 cc1 cea c03 c80 c3c c02 c00 c0f c85 ce0 c00 c00 c00 c49 c39 c5c c24 c08 c74 c5d c cc3 cee c7a cff c4c c89 ce6 c48 c89 cdf ce8 c38 c46 cff cff c48 c89 cda c48 cb8 c