INFO: task syz-executor.2:8834 blocked for more than 143 seconds. Not tainted 5.12.0-rc8-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.2 state:D stack:24112 pid: 8834 ppid: 8830 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0x8eb/0x21b0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 wb_wait_for_completion+0x180/0x240 fs/fs-writeback.c:209 sync_inodes_sb+0x1a6/0xa50 fs/fs-writeback.c:2577 __sync_filesystem fs/sync.c:34 [inline] sync_filesystem fs/sync.c:67 [inline] sync_filesystem+0x15c/0x260 fs/sync.c:48 generic_shutdown_super+0x70/0x370 fs/super.c:448 kill_block_super+0x97/0xf0 fs/super.c:1394 deactivate_locked_super+0x94/0x160 fs/super.c:335 deactivate_super+0xad/0xd0 fs/super.c:366 cleanup_mnt+0x3a3/0x530 fs/namespace.c:1136 task_work_run+0xdd/0x1a0 kernel/task_work.c:140 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop kernel/entry/common.c:174 [inline] exit_to_user_mode_prepare+0x1f0/0x200 kernel/entry/common.c:208 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:301 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x466ce7 RSP: 002b:00007fff4c7993b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000466ce7 RDX: 00007fff4c799489 RSI: 0000000000000002 RDI: 00007fff4c799480 RBP: 00007fff4c799480 R08: 00000000ffffffff R09: 00007fff4c799250 R10: 000000000327f8e3 R11: 0000000000000246 R12: 00000000004ae4e4 R13: 00007fff4c79a530 R14: 000000000327f810 R15: 0000000000000002 INFO: task syz-executor.1:8839 blocked for more than 143 seconds. Not tainted 5.12.0-rc8-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:24088 pid: 8839 ppid: 1 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0x8eb/0x21b0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 wb_wait_for_completion+0x180/0x240 fs/fs-writeback.c:209 sync_inodes_sb+0x1a6/0xa50 fs/fs-writeback.c:2577 __sync_filesystem fs/sync.c:34 [inline] sync_filesystem fs/sync.c:67 [inline] sync_filesystem+0x15c/0x260 fs/sync.c:48 generic_shutdown_super+0x70/0x370 fs/super.c:448 kill_block_super+0x97/0xf0 fs/super.c:1394 deactivate_locked_super+0x94/0x160 fs/super.c:335 deactivate_super+0xad/0xd0 fs/super.c:366 cleanup_mnt+0x3a3/0x530 fs/namespace.c:1136 task_work_run+0xdd/0x1a0 kernel/task_work.c:140 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop kernel/entry/common.c:174 [inline] exit_to_user_mode_prepare+0x1f0/0x200 kernel/entry/common.c:208 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:301 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x466ce7 RSP: 002b:00007fffd70e6e88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000466ce7 RDX: 00007fffd70e6f59 RSI: 0000000000000002 RDI: 00007fffd70e6f50 RBP: 00007fffd70e6f50 R08: 00000000ffffffff R09: 00007fffd70e6d20 R10: 00000000028428e3 R11: 0000000000000246 R12: 00000000004ae4e4 R13: 00007fffd70e8000 R14: 0000000002842810 R15: 0000000000000002 INFO: task syz-executor.0:8840 blocked for more than 143 seconds. Not tainted 5.12.0-rc8-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:23904 pid: 8840 ppid: 1 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0x8eb/0x21b0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 wb_wait_for_completion+0x180/0x240 fs/fs-writeback.c:209 sync_inodes_sb+0x1a6/0xa50 fs/fs-writeback.c:2577 __sync_filesystem fs/sync.c:34 [inline] sync_filesystem fs/sync.c:67 [inline] sync_filesystem+0x15c/0x260 fs/sync.c:48 generic_shutdown_super+0x70/0x370 fs/super.c:448 kill_block_super+0x97/0xf0 fs/super.c:1394 deactivate_locked_super+0x94/0x160 fs/super.c:335 deactivate_super+0xad/0xd0 fs/super.c:366 cleanup_mnt+0x3a3/0x530 fs/namespace.c:1136 task_work_run+0xdd/0x1a0 kernel/task_work.c:140 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop kernel/entry/common.c:174 [inline] exit_to_user_mode_prepare+0x1f0/0x200 kernel/entry/common.c:208 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:301 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x466ce7 RSP: 002b:00007fff8db2fcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000466ce7 RDX: 00007fff8db2fdc9 RSI: 0000000000000002 RDI: 00007fff8db2fdc0 RBP: 00007fff8db2fdc0 R08: 00000000ffffffff R09: 00007fff8db2fb90 R10: 000000000186c8e3 R11: 0000000000000246 R12: 00000000004ae4e4 R13: 00007fff8db30e70 R14: 000000000186c810 R15: 0000000000000002 Showing all locks held in the system: 2 locks held by kworker/u4:0/8: #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x871/0x1630 kernel/workqueue.c:2246 #1: ffffc90000cd7da8 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1630 kernel/workqueue.c:2250 4 locks held by kworker/u4:3/156: 2 locks held by kworker/u4:4/239: #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x871/0x1630 kernel/workqueue.c:2246 #1: ffffc9000153fda8 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1630 kernel/workqueue.c:2250 2 locks held by kworker/u4:6/372: #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff8881415fc138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x871/0x1630 kernel/workqueue.c:2246 #1: ffffc9000223fda8 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1630 kernel/workqueue.c:2250 3 locks held by kworker/u4:7/469: #0: ffff8880b9c35198 (&rq->lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1321 [inline] #0: ffff8880b9c35198 (&rq->lock){-.-.}-{2:2}, at: __schedule+0x235/0x21b0 kernel/sched/core.c:4990 #1: ffff8880b9c1f948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x305/0x440 kernel/sched/psi.c:833 #2: ffff88802b7ccd00 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1016 [inline] #2: ffff88802b7ccd00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x93/0xf40 net/mac80211/ibss.c:1683 1 lock held by khungtaskd/1645: #0: ffffffff8b994220 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x28c kernel/locking/lockdep.c:6328 1 lock held by in:imklog/8336: #0: ffff8880119b5770 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:974 2 locks held by syz-executor.2/8834: #0: ffff88803fd300e0 (&type->s_umount_key#51){+.+.}-{3:3}, at: deactivate_super+0xa5/0xd0 fs/super.c:365 #1: ffff888144162708 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:344 [inline] #1: ffff888144162708 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: sync_inodes_sb+0x18c/0xa50 fs/fs-writeback.c:2575 2 locks held by syz-executor.1/8839: #0: ffff8880139c00e0 (&type->s_umount_key#51){+.+.}-{3:3}, at: deactivate_super+0xa5/0xd0 fs/super.c:365 #1: ffff8880193cc708 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:344 [inline] #1: ffff8880193cc708 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: sync_inodes_sb+0x18c/0xa50 fs/fs-writeback.c:2575 2 locks held by syz-executor.0/8840: #0: ffff8880265540e0 (&type->s_umount_key#51){+.+.}-{3:3}, at: deactivate_super+0xa5/0xd0 fs/super.c:365 #1: ffff8881440fe708 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:344 [inline] #1: ffff8881440fe708 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: sync_inodes_sb+0x18c/0xa50 fs/fs-writeback.c:2575 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1645 Comm: khungtaskd Not tainted 5.12.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0xfa/0x151 lib/dump_stack.c:120 nmi_cpu_backtrace.cold+0x3c/0xef lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0xe3b/0x10b0 kernel/hung_task.c:294 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 469 Comm: kworker/u4:7 Not tainted 5.12.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy14 ieee80211_iface_work RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:27 [inline] RIP: 0010:trace_hardirqs_off+0x37/0x1b0 kernel/trace/trace_preemptirq.c:81 Code: 18 e8 7d c0 ac 07 65 8b 1d e6 37 89 7e 31 ff 89 de e8 3d 1f fa ff 85 db 75 2a e8 b4 17 fa ff 65 c7 05 c9 37 89 7e 01 00 00 00 <65> 8b 1d 82 33 88 7e 81 e3 00 00 f0 00 31 ff 89 de e8 13 1f fa ff RSP: 0018:ffffc9000182f3d0 EFLAGS: 00000093 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff8880126d1ac0 RSI: ffffffff8179bc2c RDI: 0000000000000003 RBP: ffff88801cd4d900 R08: 0000000000000000 R09: ffffffff8e157984 R10: ffffffff8179bc23 R11: 000000000000003f R12: ffff888010441640 R13: 0000000000000200 R14: ffff88801cd4d900 R15: ffffc9000182f460 FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa7f5617000 CR3: 0000000012d62000 CR4: 0000000000350ee0 Call Trace: kasan_quarantine_put+0x99/0x1e0 mm/kasan/quarantine.c:193 kasan_slab_free include/linux/kasan.h:199 [inline] slab_free_hook mm/slub.c:1562 [inline] slab_free_freelist_hook+0x51/0x130 mm/slub.c:1600 slab_free mm/slub.c:3161 [inline] kfree+0xdb/0x3c0 mm/slub.c:4213 ieee802_11_parse_elems_crc+0xadc/0x1030 net/mac80211/util.c:1513 ieee802_11_parse_elems net/mac80211/ieee80211_i.h:2041 [inline] ieee80211_rx_mgmt_probe_beacon+0x188/0x1760 net/mac80211/ibss.c:1612 ieee80211_ibss_rx_queued_mgmt+0xe44/0x16e0 net/mac80211/ibss.c:1642 ieee80211_iface_work+0x7b0/0xa50 net/mac80211/iface.c:1439 process_one_work+0x98d/0x1630 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294