syz-executor.3 (3607) used greatest stack depth: 23368 bytes left INFO: task syz-executor.5:2105 blocked for more than 140 seconds. Not tainted 4.9.170+ #48 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D25528 2105 1 0x00000004 ffff8801d0d9df00 ffff8801d250bc80 ffff8801db621000 ffff8801d45417c0 ffff8801db621018 ffff8801aefd7a28 ffffffff82801a4e ffffffff82e2bb68 ffffffff81208040 0031303f2a29fd2a ffff8801db6218f0 1ffff10035dfaf34 Call Trace: [<000000007a683a42>] schedule+0x92/0x1c0 kernel/sched/core.c:3546 [<000000007d99e083>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3579 [<000000008ff1b41b>] __mutex_lock_common kernel/locking/mutex.c:582 [inline] [<000000008ff1b41b>] mutex_lock_nested+0x38d/0x920 kernel/locking/mutex.c:621 [<0000000026139b2a>] lo_ioctl+0x85/0x1a10 drivers/block/loop.c:1405 [<000000006c3a960c>] __blkdev_driver_ioctl block/ioctl.c:294 [inline] [<000000006c3a960c>] blkdev_ioctl+0xe14/0x19e0 block/ioctl.c:590 [<00000000e63be97c>] block_ioctl+0xde/0x120 fs/block_dev.c:1696 [<00000000069ee850>] vfs_ioctl fs/ioctl.c:43 [inline] [<00000000069ee850>] file_ioctl fs/ioctl.c:493 [inline] [<00000000069ee850>] do_vfs_ioctl+0xb87/0x11d0 fs/ioctl.c:677 [<000000000e698675>] SYSC_ioctl fs/ioctl.c:694 [inline] [<000000000e698675>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685 [<00000000e988bd1f>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [<00000000ab7ab5d4>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [<0000000035031d14>] check_hung_uninterruptible_tasks kernel/hung_task.c:169 [inline] #0: (rcu_read_lock){......}, at: [<0000000035031d14>] watchdog+0x14b/0xaf0 kernel/hung_task.c:263 #1: (tasklist_lock){.+.+..}, at: [<0000000079738df4>] debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4339 2 locks held by getty/2018: #0: (&tty->ldisc_sem){++++++}, at: [<0000000042d253c3>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:377 #1: (&ldata->atomic_read_lock){+.+...}, at: [<000000003ffa91f5>] n_tty_read+0x1fe/0x1820 drivers/tty/n_tty.c:2156 1 lock held by syz-executor.5/2105: #0: (loop_ctl_mutex/1){+.+.+.}, at: [<0000000026139b2a>] lo_ioctl+0x85/0x1a10 drivers/block/loop.c:1405 2 locks held by syz-executor.0/2110: #0: (&bdev->bd_mutex){+.+.+.}, at: [<00000000cd19976e>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273 #1: (loop_index_mutex){+.+.+.}, at: [<00000000b6b845fd>] lo_open+0x1d/0xb0 drivers/block/loop.c:1622 2 locks held by syz-executor.3/2111: #0: (&bdev->bd_mutex){+.+.+.}, at: [<00000000cd19976e>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273 #1: (loop_index_mutex){+.+.+.}, at: [<00000000b6b845fd>] lo_open+0x1d/0xb0 drivers/block/loop.c:1622 1 lock held by syz-executor.4/2115: #0: (&bdev->bd_mutex){+.+.+.}, at: [<00000000cd19976e>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273 2 locks held by syz-executor.1/2121: #0: (&bdev->bd_mutex){+.+.+.}, at: [<00000000cd19976e>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273 #1: (loop_index_mutex){+.+.+.}, at: [<00000000b6b845fd>] lo_open+0x1d/0xb0 drivers/block/loop.c:1622 3 locks held by blkid/3620: #0: (&bdev->bd_mutex){+.+.+.}, at: [<00000000f1dc97aa>] __blkdev_put+0xbb/0x840 fs/block_dev.c:1587 #1: (loop_index_mutex){+.+.+.}, at: [<0000000067a4c155>] lo_release+0x1e/0x1b0 drivers/block/loop.c:1664 #2: (loop_ctl_mutex#2){+.+...}, at: [<000000005832e9e9>] __lo_release drivers/block/loop.c:1642 [inline] #2: (loop_ctl_mutex#2){+.+...}, at: [<000000005832e9e9>] lo_release+0x84/0x1b0 drivers/block/loop.c:1665 2 locks held by syz-executor.2/3628: #0: (loop_ctl_mutex/1){+.+.+.}, at: [<0000000026139b2a>] lo_ioctl+0x85/0x1a10 drivers/block/loop.c:1405 #1: (&bdev->bd_mutex){+.+.+.}, at: [<0000000004ff547b>] blkdev_reread_part+0x1f/0x40 block/ioctl.c:189 1 lock held by syz-executor.2/3634: #0: (&bdev->bd_mutex){+.+.+.}, at: [<00000000cd19976e>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273 2 locks held by blkid/3633: #0: (&bdev->bd_mutex){+.+.+.}, at: [<00000000cd19976e>] __blkdev_get+0x10e/0xeb0 fs/block_dev.c:1273 #1: (loop_index_mutex){+.+.+.}, at: [<00000000b6b845fd>] lo_open+0x1d/0xb0 drivers/block/loop.c:1622 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.170+ #48 ffff8801d98d7cc8 ffffffff81b4fb21 0000000000000001 0000000000000000 0000000000000001 ffffffff81097401 dffffc0000000000 ffff8801d98d7d00 ffffffff81b5adbc 0000000000000001 0000000000000000 0000000000000001 Call Trace: [<000000004fb42f70>] __dump_stack lib/dump_stack.c:15 [inline] [<000000004fb42f70>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<0000000039ee1d53>] nmi_cpu_backtrace.cold+0x47/0x87 lib/nmi_backtrace.c:99 [<0000000087d3d56f>] nmi_trigger_cpumask_backtrace+0x124/0x155 lib/nmi_backtrace.c:60 [<00000000b493b0ca>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [<00000000f8a845d9>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [<00000000f8a845d9>] check_hung_task kernel/hung_task.c:126 [inline] [<00000000f8a845d9>] check_hung_uninterruptible_tasks kernel/hung_task.c:183 [inline] [<00000000f8a845d9>] watchdog+0x670/0xaf0 kernel/hung_task.c:263 [<00000000cb333322>] kthread+0x278/0x310 kernel/kthread.c:211 [<00000000fa9cb77b>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 3135 Comm: syz-executor.5 Not tainted 4.9.170+ #48 task: 00000000a74c8044 task.stack: 00000000b6dee55b RIP: 0010:[] c [<00000000a6f41663>] unwind_next_frame arch/x86/kernel/unwind_frame.c:51 [inline] RIP: 0010:[] c [<00000000a6f41663>] unwind_next_frame+0x64/0xd0 arch/x86/kernel/unwind_frame.c:44 RSP: 0018:ffff8801cbb77b58 EFLAGS: 00000246 RAX: dffffc0000000000 RBX: ffff8801cbb77b80 RCX: 0000000000000006 RDX: ffff8801cbb77eb0 RSI: ffffffff815f14de RDI: ffff8801cbb77b80 RBP: ffff8801cbb77b70 R08: 1ffff1003976ef70 R09: ffff8801cbb77b80 R10: ffffed003976ef77 R11: ffff8801cbb77bbf R12: ffff8801cbb77bb8 R13: ffff8801cbb77eb0 R14: ffff8801cf0cdf00 R15: 0000000000000202 FS: 00007fec12b25700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c420057e80 CR3: 00000001cd943000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8801cbb77c08c 0000000000000000c 0000000000000000c ffff8801cbb77be8c ffffffff8107744ac 0000000000000001c ffff8801cbb70000c ffff8801cbb78000c 0000000000000000c 0000000000000002c ffff8801cf0cdf00c 0000000000000000c Call Trace: [<000000007496370e>] __save_stack_trace+0x7a/0xf0 arch/x86/kernel/stacktrace.c:42 [<00000000ddbd8635>] save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 [<00000000bb2243fc>] save_stack mm/kasan/kasan.c:505 [inline] [<00000000bb2243fc>] set_track mm/kasan/kasan.c:517 [inline] [<00000000bb2243fc>] kasan_slab_free+0xb0/0x190 mm/kasan/kasan.c:582 [<000000005e8e73a9>] slab_free_hook mm/slub.c:1355 [inline] [<000000005e8e73a9>] slab_free_freelist_hook mm/slub.c:1377 [inline] [<000000005e8e73a9>] slab_free mm/slub.c:2958 [inline] [<000000005e8e73a9>] kfree+0xfc/0x310 mm/slub.c:3878 [<000000000e64d7f0>] inotify_free_event+0x16/0x20 fs/notify/inotify/inotify_fsnotify.c:176 [<00000000f90012cc>] fsnotify_destroy_group+0xec/0x120 fs/notify/group.c:91 [<0000000028bb5dea>] inotify_new_group fs/notify/inotify/inotify_user.c:660 [inline] [<0000000028bb5dea>] SYSC_inotify_init1 fs/notify/inotify/inotify_user.c:682 [inline] [<0000000028bb5dea>] SyS_inotify_init1+0x2be/0x350 fs/notify/inotify/inotify_user.c:669 [<00000000b33265d8>] sys_inotify_init+0x10/0x20 fs/notify/inotify/inotify_user.c:696 [<00000000e988bd1f>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [<00000000ab7ab5d4>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: c8d c63 c38 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c4c c89 ce2 c48 cc1 cea c03 c80 c3c c02 c00 c75 c5f c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c4c c8b c6b c38 c4c c89 cea c<48> cc1 cea c03 c80 c3c c02 c00 c75 c4e c4d c8b c6d c00 c48 c89 cdf c4c c89 cee ce8 c