INFO: task syz-executor.0:7580 blocked for more than 143 seconds. Not tainted 5.1.0-rc6-next-20190423 #29 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D24192 7580 7579 0x00000000 Call Trace: context_switch kernel/sched/core.c:2817 [inline] __schedule+0x7d1/0x15c0 kernel/sched/core.c:3444 schedule+0xa8/0x260 kernel/sched/core.c:3508 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3567 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x726/0x1310 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 exp_funnel_lock kernel/rcu/tree_exp.h:318 [inline] synchronize_rcu_expedited+0x26f/0x5b0 kernel/rcu/tree_exp.h:790 namespace_unlock+0x108/0x130 fs/namespace.c:1384 do_umount fs/namespace.c:1605 [inline] ksys_umount+0x73e/0xf00 fs/namespace.c:1702 __do_sys_umount fs/namespace.c:1713 [inline] __se_sys_umount fs/namespace.c:1711 [inline] __x64_sys_umount+0x54/0x80 fs/namespace.c:1711 do_syscall_64+0x103/0x670 arch/x86/entry/common.c:298 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45b7e7 Code: Bad RIP value. RSP: 002b:00007ffc094272d8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045b7e7 RDX: 00000000004032d0 RSI: 0000000000000002 RDI: 00007ffc09427380 RBP: 00000000000017e8 R08: 0000000000000000 R09: 000000000000000c R10: 0000000000000005 R11: 0000000000000202 R12: 00007ffc09428410 R13: 00000000015ff940 R14: 0000000000000000 R15: 00007ffc09428410 INFO: task syz-executor.5:7597 blocked for more than 143 seconds. Not tainted 5.1.0-rc6-next-20190423 #29 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D24184 7597 1 0x00000004 Call Trace: context_switch kernel/sched/core.c:2817 [inline] __schedule+0x7d1/0x15c0 kernel/sched/core.c:3444 schedule+0xa8/0x260 kernel/sched/core.c:3508 synchronize_rcu_expedited+0x431/0x5b0 kernel/rcu/tree_exp.h:807 namespace_unlock+0x108/0x130 fs/namespace.c:1384 do_umount fs/namespace.c:1605 [inline] ksys_umount+0x73e/0xf00 fs/namespace.c:1702 __do_sys_umount fs/namespace.c:1713 [inline] __se_sys_umount fs/namespace.c:1711 [inline] __x64_sys_umount+0x54/0x80 fs/namespace.c:1711 do_syscall_64+0x103/0x670 arch/x86/entry/common.c:298 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45b7e7 Code: 44 00 00 b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffc646ca448 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045b7e7 RDX: 00000000004032d0 RSI: 0000000000000002 RDI: 00007ffc646ca4f0 RBP: 0000000000001cb0 R08: 0000000000000000 R09: 000000000000000c R10: 0000000000000005 R11: 0000000000000202 R12: 00007ffc646cb580 R13: 00000000010bc940 R14: 0000000000000000 R15: 00007ffc646cb580 INFO: task syz-executor.4:32215 blocked for more than 144 seconds. Not tainted 5.1.0-rc6-next-20190423 #29 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28248 32215 7592 0x00000004 Call Trace: context_switch kernel/sched/core.c:2817 [inline] __schedule+0x7d1/0x15c0 kernel/sched/core.c:3444 schedule+0xa8/0x260 kernel/sched/core.c:3508 schedule_timeout+0x717/0xc50 kernel/time/timer.c:1783 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x29c/0x440 kernel/sched/completion.c:136 __synchronize_srcu+0x197/0x250 kernel/rcu/srcutree.c:921 synchronize_srcu_expedited kernel/rcu/srcutree.c:946 [inline] synchronize_srcu+0x239/0x3e8 kernel/rcu/srcutree.c:997 tracepoint_synchronize_unregister include/linux/tracepoint.h:84 [inline] perf_trace_event_unreg.isra.0+0xcb/0x220 kernel/trace/trace_event_perf.c:163 perf_trace_destroy+0xc1/0x100 kernel/trace/trace_event_perf.c:238 tp_perf_event_destroy+0x16/0x20 kernel/events/core.c:8620 _free_event+0x356/0x13b0 kernel/events/core.c:4464 put_event+0x47/0x60 kernel/events/core.c:4550 perf_event_release_kernel+0x693/0xbe0 kernel/events/core.c:4656 perf_release+0x37/0x50 kernel/events/core.c:4666 __fput+0x2e5/0x8d0 fs/file_table.c:278 ____fput+0x16/0x20 fs/file_table.c:309 task_work_run+0x14a/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x273/0x2c0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:276 [inline] do_syscall_64+0x57e/0x670 arch/x86/entry/common.c:301 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x412b51 Code: ff ff ff 41 bc 01 00 00 00 f0 4c 0f c1 25 6f ab 24 00 8b 93 04 01 00 00 85 d2 89 54 24 0c 0f 8e 2f 02 00 00 4c 8b 7c 24 28 c7 <44> 24 20 00 00 00 00 41 bd ff ff ff ff 45 31 f6 eb 40 0f 1f 44 00 RSP: 002b:00007ffdade38dd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000412b51 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 0000000000000001 R08: ffffffff8128c500 R09: 00000000ccd0b877 R10: 00007ffdade38eb0 R11: 0000000000000293 R12: 0000000000741af0 R13: 0000000000157fd5 R14: 0000000000158002 R15: 000000000073bf0c Showing all locks held in the system: 1 lock held by khungtaskd/965: #0: 000000002960a3ca (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:5051 3 locks held by kworker/1:2/2989: 3 locks held by rs:main Q:Reg/7448: #0: 000000009a8de17b (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:801 #1: 00000000867e3a68 (sb_writers#3){.+.+}, at: file_start_write include/linux/fs.h:2825 [inline] #1: 00000000867e3a68 (sb_writers#3){.+.+}, at: vfs_write+0x429/0x580 fs/read_write.c:548 #2: 00000000b58b5107 (&rq->lock){-.-.}, at: rq_lock kernel/sched/sched.h:1168 [inline] #2: 00000000b58b5107 (&rq->lock){-.-.}, at: __schedule+0x1f5/0x15c0 kernel/sched/core.c:3396 1 lock held by rsyslogd/7451: #0: 00000000cff064c1 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:801 2 locks held by getty/7540: #0: 00000000402fd2ef (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000ff99d862 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/7541: #0: 0000000071147a79 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000f1f454f8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/7542: #0: 0000000079eb8258 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 000000000bfb4543 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/7543: #0: 00000000cb675087 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000c199f0b1 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/7544: #0: 000000004a2b612f (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000050c79d47 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/7545: #0: 0000000019dde0b3 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000042e7bba2 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/7546: #0: 00000000b48a7d11 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000285f05e2 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 1 lock held by syz-executor.0/7580: #0: 0000000079c75db8 (rcu_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:318 [inline] #0: 0000000079c75db8 (rcu_state.exp_mutex){+.+.}, at: synchronize_rcu_expedited+0x26f/0x5b0 kernel/rcu/tree_exp.h:790 1 lock held by syz-executor.5/7597: #0: 0000000079c75db8 (rcu_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:286 [inline] #0: 0000000079c75db8 (rcu_state.exp_mutex){+.+.}, at: synchronize_rcu_expedited+0x4ab/0x5b0 kernel/rcu/tree_exp.h:790 1 lock held by syz-executor.4/27523: #0: 0000000028a53041 (event_mutex){+.+.}, at: perf_trace_destroy+0x28/0x100 kernel/trace/trace_event_perf.c:236 1 lock held by syz-executor.4/27525: #0: 0000000028a53041 (event_mutex){+.+.}, at: perf_trace_destroy+0x28/0x100 kernel/trace/trace_event_perf.c:236 1 lock held by syz-executor.4/27534: #0: 0000000028a53041 (event_mutex){+.+.}, at: perf_trace_destroy+0x28/0x100 kernel/trace/trace_event_perf.c:236 1 lock held by syz-executor.4/27549: #0: 0000000028a53041 (event_mutex){+.+.}, at: perf_trace_destroy+0x28/0x100 kernel/trace/trace_event_perf.c:236 1 lock held by syz-executor.4/27558: #0: 0000000028a53041 (event_mutex){+.+.}, at: perf_trace_destroy+0x28/0x100 kernel/trace/trace_event_perf.c:236 1 lock held by syz-executor.4/32215: #0: 0000000028a53041 (event_mutex){+.+.}, at: perf_trace_destroy+0x28/0x100 kernel/trace/trace_event_perf.c:236 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 965 Comm: khungtaskd Not tainted 5.1.0-rc6-next-20190423 #29 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 nmi_cpu_backtrace.cold+0x63/0xa4 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1be/0x236 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline] watchdog+0x9b7/0xec0 kernel/hung_task.c:288 kthread+0x357/0x430 kernel/kthread.c:254 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 7448 Comm: rs:main Q:Reg Not tainted 5.1.0-rc6-next-20190423 #29 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:debug_lockdep_rcu_enabled+0x56/0xa0 kernel/rcu/update.c:236 Code: 75 49 8b 15 60 ea 01 08 85 d2 74 3b 48 c7 c0 b4 27 60 89 48 ba 00 00 00 00 00 fc ff df 48 89 c1 83 e0 07 48 c1 e9 03 83 c0 03 <0f> b6 14 11 38 d0 7c 04 84 d2 75 23 8b 05 3c 1b 02 08 85 c0 74 07 RSP: 0018:ffff88809414f178 EFLAGS: 00000202 RAX: 0000000000000007 RBX: ffff88809414f2b8 RCX: 1ffffffff12c04f6 RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000282 RBP: ffff88809414f178 R08: 00000000e57c3754 R09: ffffffff896027b0 R10: ffff88809447eab8 R11: ffff88809447e1c0 R12: ffff8880a1a10680 R13: ffff88809eb6e140 R14: ffff88809e7ba558 R15: 0000000000000000 FS: 00007fafc8a30700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000001b61ab8 CR3: 0000000095381000 CR4: 00000000001426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rcu_read_lock_sched include/linux/rcupdate.h:704 [inline] percpu_ref_get_many include/linux/percpu-refcount.h:181 [inline] percpu_ref_get include/linux/percpu-refcount.h:201 [inline] blk_queue_enter_live block/blk.h:66 [inline] blk_mq_get_request+0x7d/0x1570 block/blk-mq.c:358 blk_mq_make_request+0x340/0x1d40 block/blk-mq.c:1956 generic_make_request+0x73f/0x12d0 block/blk-core.c:1089 submit_bio+0xba/0x480 block/blk-core.c:1197 ext4_io_submit+0x197/0x230 fs/ext4/page-io.c:357 ext4_writepages+0x107a/0x3430 fs/ext4/inode.c:2834 do_writepages+0xfc/0x2a0 mm/page-writeback.c:2341 __filemap_fdatawrite_range+0x26d/0x340 mm/filemap.c:418 file_write_and_wait_range+0x9a/0x100 mm/filemap.c:754 __generic_file_fsync+0x79/0x200 fs/libfs.c:979 ext4_sync_file+0x82e/0x1450 fs/ext4/fsync.c:120 vfs_fsync_range+0x144/0x230 fs/sync.c:197 generic_write_sync include/linux/fs.h:2796 [inline] ext4_file_write_iter+0x7b2/0x11c0 fs/ext4/file.c:270 call_write_iter include/linux/fs.h:1866 [inline] new_sync_write+0x4c7/0x760 fs/read_write.c:474 __vfs_write+0xe4/0x110 fs/read_write.c:487 vfs_write+0x20c/0x580 fs/read_write.c:549 ksys_write+0x14f/0x2d0 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x73/0xb0 fs/read_write.c:608 do_syscall_64+0x103/0x670 arch/x86/entry/common.c:298 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fafca48e19d Code: d1 20 00 00 75 10 b8 01 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 be fa ff ff 48 89 04 24 b8 01 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 07 fb ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007fafc8a2f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00000000000000db RCX: 00007fafca48e19d RDX: 00000000000000db RSI: 0000000001b06ce0 RDI: 0000000000000007 RBP: 0000000001b06ce0 R08: 656c6c616b7a7973 R09: 6c656e72656b2072 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007fafc8a2f480 R14: 0000000000000003 R15: 0000000001b06ae0