INFO: task syz-executor3:21310 blocked for more than 140 seconds. Not tainted 5.0.0-rc4+ #51 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kobject: 'loop5' (000000005e46e8e8): kobject_uevent_env kobject: 'loop5' (000000005e46e8e8): fill_kobj_path: path = '/devices/virtual/block/loop5' syz-executor3 D26808 21310 12893 0x00000000 Call Trace: kobject: 'loop0' (0000000053574908): kobject_uevent_env context_switch kernel/sched/core.c:2844 [inline] __schedule+0x897/0x1e60 kernel/sched/core.c:3485 kobject: 'loop0' (0000000053574908): fill_kobj_path: path = '/devices/virtual/block/loop0' F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock kobject: 'loop3' (0000000027f4fa25): kobject_uevent_env kobject: 'loop3' (0000000027f4fa25): fill_kobj_path: path = '/devices/virtual/block/loop3' schedule+0xfe/0x350 kernel/sched/core.c:3529 kobject: 'loop1' (00000000ba6cfa92): kobject_uevent_env attempt to access beyond end of device kobject: 'loop1' (00000000ba6cfa92): fill_kobj_path: path = '/devices/virtual/block/loop1' schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3587 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0xa3b/0x1670 kernel/locking/mutex.c:1072 loop5: rw=12288, want=8200, limit=20 kobject: 'loop2' (00000000ebbc0c92): kobject_uevent_env attempt to access beyond end of device kobject: 'loop2' (00000000ebbc0c92): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop0' (0000000053574908): kobject_uevent_env loop5: rw=12288, want=12296, limit=20 kobject: 'loop0' (0000000053574908): fill_kobj_path: path = '/devices/virtual/block/loop0' mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 F2FS-fs (loop5): Failed to get valid F2FS checkpoint F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) mon_bin_fetch+0x37/0x340 drivers/usb/mon/mon_bin.c:909 F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock attempt to access beyond end of device mon_bin_ioctl+0x29d/0xe20 drivers/usb/mon/mon_bin.c:1091 kobject: 'loop2' (00000000ebbc0c92): kobject_uevent_env loop5: rw=12288, want=8200, limit=20 kobject: 'loop2' (00000000ebbc0c92): fill_kobj_path: path = '/devices/virtual/block/loop2' attempt to access beyond end of device kobject: 'loop3' (0000000027f4fa25): kobject_uevent_env loop5: rw=12288, want=12296, limit=20 kobject: 'loop3' (0000000027f4fa25): fill_kobj_path: path = '/devices/virtual/block/loop3' F2FS-fs (loop5): Failed to get valid F2FS checkpoint vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:509 [inline] do_vfs_ioctl+0x107b/0x17d0 fs/ioctl.c:696 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713 __do_sys_ioctl fs/ioctl.c:720 [inline] __se_sys_ioctl fs/ioctl.c:718 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458089 Code: Bad RIP value. RSP: 002b:00007fdd92893c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458089 RDX: 0000000020000000 RSI: 00000000c0109207 RDI: 0000000000000008 RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdd928946d4 R13: 00000000004c11ab R14: 00000000004d2ed8 R15: 00000000ffffffff Showing all locks held in the system: 1 lock held by khungtaskd/1039: #0: 000000001f0c4a16 (rcu_read_lock){....}, at: debug_show_all_locks+0xc6/0x41d kernel/locking/lockdep.c:4389 2 locks held by rsyslogd/7873: #0: 00000000937669be (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1b3/0x1f0 fs/file.c:795 #1: 000000001f0c4a16 (rcu_read_lock){....}, at: double_lock_hb kernel/futex.c:1564 [inline] #1: 000000001f0c4a16 (rcu_read_lock){....}, at: double_lock_hb kernel/futex.c:1559 [inline] #1: 000000001f0c4a16 (rcu_read_lock){....}, at: futex_wake_op kernel/futex.c:1704 [inline] #1: 000000001f0c4a16 (rcu_read_lock){....}, at: do_futex+0x1520/0x2910 kernel/futex.c:3607 2 locks held by getty/7964: #0: 00000000f98151d3 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 000000003c6561f2 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x30a/0x1eb0 drivers/tty/n_tty.c:2154 2 locks held by getty/7965: #0: 00000000bee5a753 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000f6aa94b9 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x30a/0x1eb0 drivers/tty/n_tty.c:2154 2 locks held by getty/7966: #0: 00000000fa109b35 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000036ce589e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x30a/0x1eb0 drivers/tty/n_tty.c:2154 2 locks held by getty/7967: #0: 00000000de8650c9 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000042163af8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x30a/0x1eb0 drivers/tty/n_tty.c:2154 2 locks held by getty/7968: #0: 000000001ca351ee (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 000000005f4586ff (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x30a/0x1eb0 drivers/tty/n_tty.c:2154 2 locks held by getty/7969: #0: 00000000f6d69506 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000c49c097c (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x30a/0x1eb0 drivers/tty/n_tty.c:2154 2 locks held by getty/7970: #0: 00000000fede17bf (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000a8bc44ef (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x30a/0x1eb0 drivers/tty/n_tty.c:2154 2 locks held by kworker/u4:3/32636: 1 lock held by syz-executor3/21294: #0: 0000000009176c4f (&rp->fetch_lock){+.+.}, at: mon_bin_fetch+0x37/0x340 drivers/usb/mon/mon_bin.c:909 1 lock held by syz-executor3/21310: #0: 0000000009176c4f (&rp->fetch_lock){+.+.}, at: mon_bin_fetch+0x37/0x340 drivers/usb/mon/mon_bin.c:909 1 lock held by syz-executor1/21798: #0: 00000000ddc11a3f (&rp->fetch_lock){+.+.}, at: mon_bin_fetch+0x37/0x340 drivers/usb/mon/mon_bin.c:909 2 locks held by kworker/0:0/23746: #0: 0000000096c86014 ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:220 [inline] #0: 0000000096c86014 ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 0000000096c86014 ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 0000000096c86014 ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 0000000096c86014 ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 0000000096c86014 ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 0000000096c86014 ((wq_completion)"events"){+.+.}, at: process_one_work+0xbc7/0x1ce0 kernel/workqueue.c:2124 #1: 0000000081caf7b9 (xfrm_state_gc_work){+.+.}, at: process_one_work+0xc1d/0x1ce0 kernel/workqueue.c:2128 1 lock held by syz-executor4/28387: #0: 00000000edfc0b96 (event_mutex){+.+.}, at: perf_trace_destroy+0x28/0x100 kernel/trace/trace_event_perf.c:236 1 lock held by syz-executor5/28408: #0: 000000005d1e3a9a (loop_ctl_mutex){+.+.}, at: __loop_clr_fd+0x88/0xc90 drivers/block/loop.c:1046 2 locks held by blkid/28428: #0: 00000000cab448ca (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x19b/0x1560 fs/block_dev.c:1494 #1: 000000005d1e3a9a (loop_ctl_mutex){+.+.}, at: lo_open+0x1d/0xd0 drivers/block/loop.c:1722 2 locks held by blkid/28429: #0: 0000000027d8a547 (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x19b/0x1560 fs/block_dev.c:1494 #1: 000000005d1e3a9a (loop_ctl_mutex){+.+.}, at: lo_open+0x1d/0xd0 drivers/block/loop.c:1722 2 locks held by blkid/28430: #0: 0000000015831a82 (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x19b/0x1560 fs/block_dev.c:1494 #1: 000000005d1e3a9a (loop_ctl_mutex){+.+.}, at: lo_open+0x1d/0xd0 drivers/block/loop.c:1722 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1039 Comm: khungtaskd Not tainted 5.0.0-rc4+ #51 kobject: 'loop5' (000000005e46e8e8): kobject_uevent_env Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1db/0x2d0 lib/dump_stack.c:113 nmi_cpu_backtrace.cold+0x63/0xa4 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1be/0x236 lib/nmi_backtrace.c:62 kobject: 'loop5' (000000005e46e8e8): fill_kobj_path: path = '/devices/virtual/block/loop5' arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0xbbb/0x1170 kernel/hung_task.c:287 kobject: 'loop5' (000000005e46e8e8): kobject_uevent_env kobject: 'loop5' (000000005e46e8e8): fill_kobj_path: path = '/devices/virtual/block/loop5' kthread+0x357/0x430 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 1 to CPUs 0: INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.352 msecs NMI backtrace for cpu 0 CPU: 0 PID: 14548 Comm: udevd Not tainted 5.0.0-rc4+ #51 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:bpf_prog_kallsyms_find+0xe5/0x4b0 kernel/bpf/core.c:626 Code: ff 41 83 fc 01 74 57 45 31 e4 e8 c6 48 f3 ff 4c 89 e0 48 ba 00 00 00 00 00 fc ff df 48 03 95 d8 fe ff ff 48 c7 02 00 00 00 00 <48> c7 42 08 00 00 00 00 c7 42 10 00 00 00 00 48 8b 4d d0 65 48 33 RSP: 0018:ffff88809ea16e98 EFLAGS: 00000286 RAX: 0000000000000000 RBX: 0000000000000058 RCX: ffffffff818ebc2e RDX: ffffed1013d42ddb RSI: ffffffff818ebb9a RDI: 0000000000000004 RBP: ffff88809ea16fc0 R08: ffff8880541ce700 R09: ffffed1015cc5b90 R10: ffffed1015cc5b8f R11: ffff8880ae62dc7b R12: 0000000000000000 R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000 FS: 00007f9eec92b7a0(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9eec932000 CR3: 000000008a898000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: is_bpf_text_address+0x78/0x170 kernel/bpf/core.c:667 kernel_text_address+0x73/0xf0 kernel/extable.c:152 __kernel_text_address+0xd/0x40 kernel/extable.c:107 unwind_get_return_address arch/x86/kernel/unwind_frame.c:18 [inline] unwind_get_return_address+0x61/0xa0 arch/x86/kernel/unwind_frame.c:13 __save_stack_trace+0x8a/0xf0 arch/x86/kernel/stacktrace.c:45 save_stack_trace+0x1a/0x20 arch/x86/kernel/stacktrace.c:60 save_stack+0x45/0xd0 mm/kasan/common.c:73 set_track mm/kasan/common.c:85 [inline] __kasan_kmalloc mm/kasan/common.c:496 [inline] __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:469 kasan_kmalloc mm/kasan/common.c:504 [inline] kasan_slab_alloc+0xf/0x20 mm/kasan/common.c:411 kmem_cache_alloc+0x12d/0x710 mm/slab.c:3543 anon_vma_chain_alloc mm/rmap.c:129 [inline] anon_vma_clone+0x148/0x750 mm/rmap.c:269 anon_vma_fork+0xed/0x880 mm/rmap.c:332 dup_mmap kernel/fork.c:541 [inline] dup_mm kernel/fork.c:1320 [inline] copy_mm kernel/fork.c:1375 [inline] copy_process+0x39f2/0x8860 kernel/fork.c:1917 _do_fork+0x1a9/0x1170 kernel/fork.c:2227 __do_sys_clone kernel/fork.c:2334 [inline] __se_sys_clone kernel/fork.c:2328 [inline] __x64_sys_clone+0xbf/0x150 kernel/fork.c:2328 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f9eec00ef46 Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 14 25 10 00 00 00 31 d2 49 81 c2 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 31 01 00 00 85 c0 41 89 c4 0f 85 3b 01 00 RSP: 002b:00007ffc949a8750 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007ffc949a8750 RCX: 00007f9eec00ef46 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 00007ffc949a87b0 R08: 00000000000038d4 R09: 00000000000038d4 R10: 00007f9eec92ba70 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc949a8770 R14: 0000000000000005 R15: 0000000000000005