INFO: task syz-executor.4:21231 blocked for more than 143 seconds. Not tainted 5.7.0-rc2-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D29792 21231 16355 0x00000000 Call Trace: schedule+0xd0/0x2a0 kernel/sched/core.c:4158 rwsem_down_write_slowpath+0x706/0xf90 kernel/locking/rwsem.c:1235 __down_write kernel/locking/rwsem.c:1389 [inline] down_write+0x137/0x150 kernel/locking/rwsem.c:1532 inode_lock include/linux/fs.h:797 [inline] chown_common+0x2d0/0x550 fs/open.c:649 do_fchownat+0x126/0x1e0 fs/open.c:682 __do_sys_chown fs/open.c:702 [inline] __se_sys_chown fs/open.c:700 [inline] __x64_sys_chown+0x77/0xb0 fs/open.c:700 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45c829 Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f81adc4cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000005c RAX: ffffffffffffffda RBX: 00000000004da680 RCX: 000000000045c829 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 000000000000006f R14: 00000000004c9c61 R15: 00007f81adc4d6d4 Showing all locks held in the system: 2 locks held by kworker/0:0/5: #0: ffff8880ae637998 (&rq->lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1262 [inline] #0: ffff8880ae637998 (&rq->lock){-.-.}-{2:2}, at: __schedule+0x233/0x1ff0 kernel/sched/core.c:4029 #1: ffff8880ae622ec8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x304/0x410 kernel/sched/psi.c:817 1 lock held by khungtaskd/1140: #0: ffffffff899beb00 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:5754 1 lock held by in:imklog/6737: #0: ffff88809ed43870 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:826 2 locks held by syz-executor.4/17387: #0: ffff8880472f6450 (sb_writers#17){.+.+}-{0:0}, at: sb_start_write include/linux/fs.h:1655 [inline] #0: ffff8880472f6450 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:354 #1: ffff888044ded910 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: inode_lock include/linux/fs.h:797 [inline] #1: ffff888044ded910 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: chown_common+0x2d0/0x550 fs/open.c:649 2 locks held by syz-executor.4/17486: #0: ffff8880a14cc450 (sb_writers#17){.+.+}-{0:0}, at: sb_start_write include/linux/fs.h:1655 [inline] #0: ffff8880a14cc450 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:354 #1: ffff888044dd4950 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: inode_lock include/linux/fs.h:797 [inline] #1: ffff888044dd4950 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: chown_common+0x2d0/0x550 fs/open.c:649 2 locks held by syz-executor.4/17654: #0: ffff88809709c450 (sb_writers#17){.+.+}-{0:0}, at: sb_start_write include/linux/fs.h:1655 [inline] #0: ffff88809709c450 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:354 #1: ffff888044db7250 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: inode_lock include/linux/fs.h:797 [inline] #1: ffff888044db7250 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: chown_common+0x2d0/0x550 fs/open.c:649 2 locks held by syz-executor.4/17936: #0: ffff88809ab80450 (sb_writers#17){.+.+}-{0:0}, at: sb_start_write include/linux/fs.h:1655 [inline] #0: ffff88809ab80450 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:354 #1: ffff888089a409d0 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: inode_lock include/linux/fs.h:797 [inline] #1: ffff888089a409d0 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: chown_common+0x2d0/0x550 fs/open.c:649 2 locks held by syz-executor.4/20120: #0: ffff88802b620450 (sb_writers#17){.+.+}-{0:0}, at: sb_start_write include/linux/fs.h:1655 [inline] #0: ffff88802b620450 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:354 #1: ffff888044dd6150 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: inode_lock include/linux/fs.h:797 [inline] #1: ffff888044dd6150 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: chown_common+0x2d0/0x550 fs/open.c:649 2 locks held by syz-executor.4/20128: #0: ffff888050ab6450 (sb_writers#17){.+.+}-{0:0}, at: sb_start_write include/linux/fs.h:1655 [inline] #0: ffff888050ab6450 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:354 #1: ffff888044dba7d0 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: inode_lock include/linux/fs.h:797 [inline] #1: ffff888044dba7d0 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: chown_common+0x2d0/0x550 fs/open.c:649 2 locks held by syz-executor.4/20275: #0: ffff88803f862450 (sb_writers#17){.+.+}-{0:0}, at: sb_start_write include/linux/fs.h:1655 [inline] #0: ffff88803f862450 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:354 #1: ffff888086b62250 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: inode_lock include/linux/fs.h:797 [inline] #1: ffff888086b62250 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: chown_common+0x2d0/0x550 fs/open.c:649 2 locks held by syz-executor.4/20814: #0: ffff8880a8b0c450 (sb_writers#17){.+.+}-{0:0}, at: sb_start_write include/linux/fs.h:1655 [inline] #0: ffff8880a8b0c450 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:354 #1: ffff888044dd4310 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: inode_lock include/linux/fs.h:797 [inline] #1: ffff888044dd4310 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: chown_common+0x2d0/0x550 fs/open.c:649 2 locks held by syz-executor.4/21198: #0: ffff888045130450 (sb_writers#17){.+.+}-{0:0}, at: sb_start_write include/linux/fs.h:1655 [inline] #0: ffff888045130450 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:354 #1: ffff888086841810 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: inode_lock include/linux/fs.h:797 [inline] #1: ffff888086841810 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: chown_common+0x2d0/0x550 fs/open.c:649 2 locks held by syz-executor.4/21231: #0: ffff888045130450 (sb_writers#17){.+.+}-{0:0}, at: sb_start_write include/linux/fs.h:1655 [inline] #0: ffff888045130450 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:354 #1: ffff888086841810 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: inode_lock include/linux/fs.h:797 [inline] #1: ffff888086841810 (&type->i_mutex_dir_key#8){++++}-{3:3}, at: chown_common+0x2d0/0x550 fs/open.c:649 1 lock held by syz-executor.0/28623: ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1140 Comm: khungtaskd Not tainted 5.7.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x231/0x27e lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0xa8c/0x1010 kernel/hung_task.c:289 kthread+0x388/0x470 kernel/kthread.c:268 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 2694 Comm: kworker/0:2 Not tainted 5.7.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events nsim_dev_trap_report_work RIP: 0010:unwind_next_frame+0x109f/0x19d0 arch/x86/kernel/unwind_orc.c:548 Code: 47 35 01 e9 67 f6 ff ff 4c 8b 64 24 60 49 8d 78 02 48 b9 00 00 00 00 00 fc ff df 49 8d 57 40 48 89 f8 48 c1 e8 03 0f b6 34 08 <49> 8d 40 03 49 89 c1 49 c1 e9 03 41 0f b6 0c 09 49 89 f9 41 83 e1 RSP: 0018:ffffc90007ed7688 EFLAGS: 00000a02 RAX: 1ffffffff15f59ae RBX: 1ffff92000fdaed9 RCX: dffffc0000000000 RDX: ffffc90007ed77a0 RSI: 0000000000000000 RDI: ffffffff8afacd70 RBP: 0000000000000001 R08: ffffffff8afacd6e R09: ffffffff8afacd72 R10: 00000000000284da R11: 000000000007001f R12: ffffc90007ed7ad0 R13: ffffc90007ed7795 R14: ffffc90007ed77b0 R15: ffffc90007ed7760 FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f089917c000 CR3: 000000009efbd000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: arch_stack_walk+0x74/0xd0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:123 save_stack+0x1b/0x40 mm/kasan/common.c:49 set_track mm/kasan/common.c:57 [inline] __kasan_kmalloc mm/kasan/common.c:495 [inline] __kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:468 kmem_cache_alloc_node_trace+0x161/0x790 mm/slab.c:3595 __do_kmalloc_node mm/slab.c:3615 [inline] __kmalloc_node_track_caller+0x38/0x60 mm/slab.c:3630 __kmalloc_reserve.isra.0+0x39/0xe0 net/core/skbuff.c:142 __alloc_skb+0xef/0x5a0 net/core/skbuff.c:210 alloc_skb include/linux/skbuff.h:1083 [inline] nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:492 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:549 [inline] nsim_dev_trap_report_work+0x2bb/0xbc0 drivers/net/netdevsim/dev.c:590 process_one_work+0x965/0x16a0 kernel/workqueue.c:2268 worker_thread+0x96/0xe20 kernel/workqueue.c:2414 kthread+0x388/0x470 kernel/kthread.c:268 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352