RAX: 0000000000000005 RBX: 00007f82cd1aaf80 RCX: 00007f82cd08b0d9
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000003
RBP: 00007f82cb5fd1d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff01c894af R14: 00007f82cb5fd300 R15: 0000000000022000
INFO: task syz-executor.1:31126 blocked for more than 140 seconds.
      Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1  D28648 31126  19507 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:589 [inline]
 rwsem_down_write_failed+0x3aa/0x760 kernel/locking/rwsem-xadd.c:618
 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:117
 __down_write arch/x86/include/asm/rwsem.h:142 [inline]
 down_write+0x4f/0x90 kernel/locking/rwsem.c:72
 inode_lock include/linux/fs.h:748 [inline]
 fuse_flush+0x1fd/0x5b0 fs/fuse/file.c:421
 filp_close+0xb4/0x160 fs/open.c:1162
 __close_fd+0x133/0x200 fs/file.c:636
 __do_sys_close fs/open.c:1181 [inline]
 __se_sys_close fs/open.c:1179 [inline]
 __x64_sys_close+0x69/0x100 fs/open.c:1179
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fa84a1b0f8b
Code: Bad RIP value.
RSP: 002b:00007ffc2ed3b570 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fa84a1b0f8b
RDX: 0000001b2ee20000 RSI: 0000001b2ee2691c RDI: 0000000000000004
RBP: 00007fa84a320980 R08: 0000000000000000 R09: 000000003253460c
R10: 00137a0950257975 R11: 0000000000000293 R12: 00000000000d877c
R13: 00007ffc2ed3b670 R14: 00007fa84a31f120 R15: 0000000000000032
INFO: task syz-executor.1:31133 blocked for more than 140 seconds.
      Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1  D27648 31133  19507 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 fuse_wait_on_page_writeback fs/fuse/file.c:383 [inline]
 fuse_wait_on_page_writeback.isra.0+0x11b/0x170 fs/fuse/file.c:379
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
 fuse_launder_page fs/fuse/file.c:2033 [inline]
 fuse_launder_page+0xb6/0xe0 fs/fuse/file.c:2026
CPU: 1 PID: 14932 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
 do_launder_page mm/truncate.c:655 [inline]
 invalidate_inode_pages2_range+0x795/0x1110 mm/truncate.c:725
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0xf lib/fault-inject.c:149
 __should_failslab+0x115/0x180 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc mm/slab.c:3383 [inline]
 __do_kmalloc mm/slab.c:3725 [inline]
 __kmalloc+0x2ab/0x3c0 mm/slab.c:3736
 kmalloc include/linux/slab.h:520 [inline]
 kzalloc include/linux/slab.h:709 [inline]
 kobject_get_path+0xbf/0x240 lib/kobject.c:171
 kobject_uevent_env+0x25c/0x1480 lib/kobject_uevent.c:527
 kvm_uevent_notify_change.part.0+0x2e4/0x440 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4188
 kvm_uevent_notify_change arch/x86/kvm/../../../virt/kvm/kvm_main.c:4147 [inline]
 kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:788 [inline]
 kvm_put_kvm+0xb0/0xc70 arch/x86/kvm/../../../virt/kvm/kvm_main.c:831
 kvm_vcpu_release+0x77/0xa0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2663
 __fput+0x2ce/0x890 fs/file_table.c:278
 task_work_run+0x148/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f82cd08b0d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f82cb5fd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000021
RAX: 0000000000000005 RBX: 00007f82cd1aaf80 RCX: 00007f82cd08b0d9
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000003
RBP: 00007f82cb5fd1d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff01c894af R14: 00007f82cb5fd300 R15: 0000000000022000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
 fuse_finish_open+0x2e2/0x590 fs/fuse/file.c:182
CPU: 1 PID: 15003 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
 fuse_open_common+0x236/0x2c0 fs/fuse/file.c:222
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0xf lib/fault-inject.c:149
 do_dentry_open+0x4aa/0x1160 fs/open.c:796
 __should_failslab+0x115/0x180 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc mm/slab.c:3383 [inline]
 kmem_cache_alloc+0x277/0x370 mm/slab.c:3557
 skb_clone+0x151/0x3d0 net/core/skbuff.c:1293
 do_one_broadcast net/netlink/af_netlink.c:1450 [inline]
 netlink_broadcast_filtered+0x8e5/0xbc0 net/netlink/af_netlink.c:1525
 netlink_broadcast+0x35/0x40 net/netlink/af_netlink.c:1549
 uevent_net_broadcast_untagged lib/kobject_uevent.c:330 [inline]
 kobject_uevent_net_broadcast lib/kobject_uevent.c:407 [inline]
 kobject_uevent_env+0xa56/0x1480 lib/kobject_uevent.c:591
 kvm_uevent_notify_change.part.0+0x2e4/0x440 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4188
 kvm_uevent_notify_change arch/x86/kvm/../../../virt/kvm/kvm_main.c:4147 [inline]
 kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:788 [inline]
 kvm_put_kvm+0xb0/0xc70 arch/x86/kvm/../../../virt/kvm/kvm_main.c:831
 do_last fs/namei.c:3421 [inline]
 path_openat+0x793/0x2df0 fs/namei.c:3537
 kvm_vcpu_release+0x77/0xa0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2663
 __fput+0x2ce/0x890 fs/file_table.c:278
 task_work_run+0x148/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f82cd08b0d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f82cb5fd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000021
 do_filp_open+0x18c/0x3f0 fs/namei.c:3567
RAX: 0000000000000005 RBX: 00007f82cd1aaf80 RCX: 00007f82cd08b0d9
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000003
RBP: 00007f82cb5fd1d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff01c894af R14: 00007f82cb5fd300 R15: 0000000000022000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 15071 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0xf lib/fault-inject.c:149
 __should_failslab+0x115/0x180 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc mm/slab.c:3383 [inline]
 __do_kmalloc mm/slab.c:3725 [inline]
 __kmalloc+0x2ab/0x3c0 mm/slab.c:3736
 kmalloc include/linux/slab.h:520 [inline]
 kzalloc include/linux/slab.h:709 [inline]
 kobject_get_path+0xbf/0x240 lib/kobject.c:171
 kobject_uevent_env+0x25c/0x1480 lib/kobject_uevent.c:527
 kvm_uevent_notify_change.part.0+0x2e4/0x440 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4188
 kvm_uevent_notify_change arch/x86/kvm/../../../virt/kvm/kvm_main.c:4147 [inline]
 kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:788 [inline]
 kvm_put_kvm+0xb0/0xc70 arch/x86/kvm/../../../virt/kvm/kvm_main.c:831
 kvm_vcpu_release+0x77/0xa0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2663
 __fput+0x2ce/0x890 fs/file_table.c:278
 task_work_run+0x148/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f82cd08b0d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f82cb5fd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000021
RAX: 0000000000000005 RBX: 00007f82cd1aaf80 RCX: 00007f82cd08b0d9
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000003
RBP: 00007f82cb5fd1d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007fff01c894af R14: 00007f82cb5fd300 R15: 0000000000022000
 do_sys_open+0x3b3/0x520 fs/open.c:1085
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fa84a1ff0d9
Code: Bad RIP value.
RSP: 002b:00007fa848771168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007fa84a31ef80 RCX: 00007fa84a1ff0d9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100
RBP: 00007fa84a25aae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc2ed3b50f R14: 00007fa848771300 R15: 0000000000022000
INFO: task syz-executor.1:31156 blocked for more than 140 seconds.
      Not tainted 4.19.211-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1  D28856 31156  19507 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 io_schedule+0xb5/0x120 kernel/sched/core.c:5181
 wait_on_page_bit_common mm/filemap.c:1123 [inline]
 __lock_page+0x316/0x460 mm/filemap.c:1296
 lock_page include/linux/pagemap.h:484 [inline]
 invalidate_inode_pages2_range+0xb3f/0x1110 mm/truncate.c:713
 fuse_finish_open+0x2e2/0x590 fs/fuse/file.c:182
 fuse_open_common+0x254/0x2c0 fs/fuse/file.c:222
 do_dentry_open+0x4aa/0x1160 fs/open.c:796
 do_last fs/namei.c:3421 [inline]
 path_openat+0x793/0x2df0 fs/namei.c:3537
 do_filp_open+0x18c/0x3f0 fs/namei.c:3567
 do_sys_open+0x3b3/0x520 fs/open.c:1085
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fa84a1ff0d9
Code: Bad RIP value.
RSP: 002b:00007fa848750168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007fa84a31f050 RCX: 00007fa84a1ff0d9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0
RBP: 00007fa84a25aae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc2ed3b50f R14: 00007fa848750300 R15: 0000000000022000

Showing all locks held in the system:
1 lock held by khungtaskd/1564:
 #0: 00000000a841c080 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441
1 lock held by systemd-udevd/4699:
1 lock held by in:imklog/7813:
 #0: 00000000b8d78000 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767
2 locks held by agetty/7817:
 #0: 00000000e82f0ed8 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
 #1: 00000000f4952b70 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x217/0x1950 drivers/tty/n_tty.c:2154
2 locks held by agetty/7819:
 #0: 00000000963ce8d2 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272
 #1: 0000000052abd80c (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x217/0x1950 drivers/tty/n_tty.c:2154
1 lock held by syz-executor.1/31126:
 #0: 000000008d87c430 (&sb->s_type->i_mutex_key#21){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
 #0: 000000008d87c430 (&sb->s_type->i_mutex_key#21){+.+.}, at: fuse_flush+0x1fd/0x5b0 fs/fuse/file.c:421
2 locks held by syz-executor.1/31156:
 #0: 00000000c3bcdd1d (sb_writers#24){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
 #0: 00000000c3bcdd1d (sb_writers#24){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
 #1: 000000008d87c430 (&sb->s_type->i_mutex_key#21){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
 #1: 000000008d87c430 (&sb->s_type->i_mutex_key#21){+.+.}, at: fuse_open_common+0x1bc/0x2c0 fs/fuse/file.c:215
3 locks held by kworker/0:2/31479:
5 locks held by syz-executor.3/15292:
2 locks held by syz-executor.0/15263:

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 1564 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline]
 watchdog+0x991/0xe60 kernel/hung_task.c:287
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 31479 Comm: kworker/0:2 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: rcu_gp process_srcu
RIP: 0010:__lock_acquire+0x25d/0x3ff0 kernel/locking/lockdep.c:3322
Code: 85 c0 0f 84 38 ff ff ff 48 8d b8 38 01 00 00 be 04 00 00 00 48 89 44 24 10 e8 bf 54 4d 00 48 8b 44 24 10 f0 ff 80 38 01 00 00 <49> 8d b5 80 08 00 00 48 ba 00 00 00 00 00 fc ff df 48 89 f1 48 89
RSP: 0018:ffff8880a9c6faf8 EFLAGS: 00000002
RAX: ffffffff8cd7ad30 RBX: 0000000000000000 RCX: ffffffff814afa31
RDX: fffffbfff19af5ce RSI: 0000000000000004 RDI: ffffffff8cd7ae68
RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff19af5cd
R10: ffffffff8cd7ae6b R11: 0000000000000000 R12: 0000000000000000
R13: ffff888096e922c0 R14: ffff8880a9c6fdb8 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f82ccc00000 CR3: 00000000b3834000 CR4: 00000000003426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 process_one_work+0x7ec/0x1570 kernel/workqueue.c:2129
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415