INFO: task syz-executor.4:12893 blocked for more than 143 seconds. Not tainted 5.13.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.4 state:D stack:20592 pid:12893 ppid: 8442 flags:0x00004002 Call Trace: context_switch kernel/sched/core.c:4339 [inline] __schedule+0xb98/0x1120 kernel/sched/core.c:5147 schedule+0x14b/0x200 kernel/sched/core.c:5226 wb_wait_for_completion+0x155/0x280 fs/fs-writeback.c:209 __writeback_inodes_sb_nr+0x2b8/0x380 fs/fs-writeback.c:2491 try_to_writeback_inodes_sb+0xa5/0xd0 fs/fs-writeback.c:2539 ext4_nonda_switch fs/ext4/inode.c:2916 [inline] ext4_da_write_begin+0x24a/0x10c0 fs/ext4/inode.c:2957 generic_perform_write+0x28c/0x540 mm/filemap.c:3660 ext4_buffered_write_iter+0x41c/0x590 fs/ext4/file.c:269 ext4_file_write_iter+0x8f7/0x1b90 fs/ext4/file.c:519 do_iter_readv_writev+0x566/0x770 include/linux/fs.h:2108 do_iter_write+0x16c/0x5f0 fs/read_write.c:866 iter_file_splice_write+0x7c1/0xf30 fs/splice.c:689 do_splice_from fs/splice.c:767 [inline] direct_splice_actor+0xe6/0x1c0 fs/splice.c:936 splice_direct_to_actor+0x529/0xd00 fs/splice.c:891 do_splice_direct+0x282/0x3e0 fs/splice.c:979 do_sendfile+0x885/0x1200 fs/read_write.c:1260 __do_sys_sendfile64 fs/read_write.c:1325 [inline] __se_sys_sendfile64+0x145/0x1a0 fs/read_write.c:1311 do_syscall_64+0x3f/0xb0 arch/x86/entry/common.c:47 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f473eaf8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 00008400fffffffa R11: 0000000000000246 R12: 000000000056bf60 R13: 00007fff82a7a8ff R14: 00007f473eaf8300 R15: 0000000000022000 INFO: task syz-executor.1:12915 blocked for more than 145 seconds. Not tainted 5.13.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:20592 pid:12915 ppid: 8425 flags:0x00004002 Call Trace: context_switch kernel/sched/core.c:4339 [inline] __schedule+0xb98/0x1120 kernel/sched/core.c:5147 schedule+0x14b/0x200 kernel/sched/core.c:5226 wb_wait_for_completion+0x155/0x280 fs/fs-writeback.c:209 __writeback_inodes_sb_nr+0x2b8/0x380 fs/fs-writeback.c:2491 try_to_writeback_inodes_sb+0xa5/0xd0 fs/fs-writeback.c:2539 ext4_nonda_switch fs/ext4/inode.c:2916 [inline] ext4_da_write_begin+0x24a/0x10c0 fs/ext4/inode.c:2957 generic_perform_write+0x28c/0x540 mm/filemap.c:3660 ext4_buffered_write_iter+0x41c/0x590 fs/ext4/file.c:269 ext4_file_write_iter+0x8f7/0x1b90 fs/ext4/file.c:519 do_iter_readv_writev+0x566/0x770 include/linux/fs.h:2108 do_iter_write+0x16c/0x5f0 fs/read_write.c:866 iter_file_splice_write+0x7c1/0xf30 fs/splice.c:689 do_splice_from fs/splice.c:767 [inline] direct_splice_actor+0xe6/0x1c0 fs/splice.c:936 splice_direct_to_actor+0x529/0xd00 fs/splice.c:891 do_splice_direct+0x282/0x3e0 fs/splice.c:979 do_sendfile+0x885/0x1200 fs/read_write.c:1260 __do_sys_sendfile64 fs/read_write.c:1325 [inline] __se_sys_sendfile64+0x145/0x1a0 fs/read_write.c:1311 do_syscall_64+0x3f/0xb0 arch/x86/entry/common.c:47 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f7b69b5f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 00008400fffffffa R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffc4b4d3b1f R14: 00007f7b69b5f300 R15: 0000000000022000 INFO: task syz-executor.4:12917 blocked for more than 147 seconds. Not tainted 5.13.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.4 state:D stack:20592 pid:12917 ppid: 8442 flags:0x00004002 Call Trace: context_switch kernel/sched/core.c:4339 [inline] __schedule+0xb98/0x1120 kernel/sched/core.c:5147 schedule+0x14b/0x200 kernel/sched/core.c:5226 wb_wait_for_completion+0x155/0x280 fs/fs-writeback.c:209 __writeback_inodes_sb_nr+0x2b8/0x380 fs/fs-writeback.c:2491 try_to_writeback_inodes_sb+0xa5/0xd0 fs/fs-writeback.c:2539 ext4_nonda_switch fs/ext4/inode.c:2916 [inline] ext4_da_write_begin+0x24a/0x10c0 fs/ext4/inode.c:2957 generic_perform_write+0x28c/0x540 mm/filemap.c:3660 ext4_buffered_write_iter+0x41c/0x590 fs/ext4/file.c:269 ext4_file_write_iter+0x8f7/0x1b90 fs/ext4/file.c:519 do_iter_readv_writev+0x566/0x770 include/linux/fs.h:2108 do_iter_write+0x16c/0x5f0 fs/read_write.c:866 iter_file_splice_write+0x7c1/0xf30 fs/splice.c:689 do_splice_from fs/splice.c:767 [inline] direct_splice_actor+0xe6/0x1c0 fs/splice.c:936 splice_direct_to_actor+0x529/0xd00 fs/splice.c:891 do_splice_direct+0x282/0x3e0 fs/splice.c:979 do_sendfile+0x885/0x1200 fs/read_write.c:1260 __do_sys_sendfile64 fs/read_write.c:1325 [inline] __se_sys_sendfile64+0x145/0x1a0 fs/read_write.c:1311 do_syscall_64+0x3f/0xb0 arch/x86/entry/common.c:47 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 RSP: 002b:00007f473eaf8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 00008400fffffffa R11: 0000000000000246 R12: 000000000056bf60 R13: 00007fff82a7a8ff R14: 00007f473eaf8300 R15: 0000000000022000 Showing all locks held in the system: 3 locks held by kworker/u4:1/25: 3 locks held by kworker/u4:4/209: 1 lock held by khungtaskd/1626: #0: ffffffff8cf15c00 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 arch/x86/pci/mmconfig_64.c:151 3 locks held by kworker/0:3/3872: 3 locks held by systemd-udevd/4848: 1 lock held by in:imklog/8112: #0: ffff888022f980f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24e/0x2f0 fs/file.c:974 2 locks held by kworker/1:5/9607: #0: ffff888011866538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x7aa/0x10c0 kernel/workqueue.c:2248 #1: ffffc900038a7d20 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7e8/0x10c0 kernel/workqueue.c:2250 3 locks held by kworker/1:6/9696: #0: ffff888011864d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7aa/0x10c0 kernel/workqueue.c:2248 #1: ffffc9000a0dfd20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7e8/0x10c0 kernel/workqueue.c:2250 #2: ffffffff8df2a2a8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 net/core/link_watch.c:250 3 locks held by syz-executor.4/12893: #0: ffff88814797c460 (sb_writers#5){.+.+}-{0:0}, at: do_sendfile+0x862/0x1200 fs/read_write.c:1259 #1: ffff8880632bc058 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:774 [inline] #1: ffff8880632bc058 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xaf/0x590 fs/ext4/file.c:263 #2: ffff88814797c0e0 (&type->s_umount_key#38){++++}-{3:3}, at: try_to_writeback_inodes_sb+0x20/0xd0 fs/fs-writeback.c:2536 3 locks held by syz-executor.1/12915: #0: ffff88814797c460 (sb_writers#5){.+.+}-{0:0}, at: do_sendfile+0x862/0x1200 fs/read_write.c:1259 #1: ffff88803a35e838 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:774 [inline] #1: ffff88803a35e838 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xaf/0x590 fs/ext4/file.c:263 #2: ffff88814797c0e0 (&type->s_umount_key#38){++++}-{3:3}, at: try_to_writeback_inodes_sb+0x20/0xd0 fs/fs-writeback.c:2536 3 locks held by syz-executor.4/12917: #0: ffff88814797c460 (sb_writers#5){.+.+}-{0:0}, at: do_sendfile+0x862/0x1200 fs/read_write.c:1259 #1: ffff8880633d2270 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:774 [inline] #1: ffff8880633d2270 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_buffered_write_iter+0xaf/0x590 fs/ext4/file.c:263 #2: ffff88814797c0e0 (&type->s_umount_key#38){++++}-{3:3}, at: try_to_writeback_inodes_sb+0x20/0xd0 fs/fs-writeback.c:2536 1 lock held by syz-executor.5/16169: #0: ffffffff8df2a2a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8df2a2a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xaee/0xe70 net/core/rtnetlink.c:5559 2 locks held by syz-executor.5/16173: #0: ffffffff8df2a2a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8df2a2a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xaee/0xe70 net/core/rtnetlink.c:5559 #1: ffffffff8cf1a3a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline] #1: ffffffff8cf1a3a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x325/0x6b0 kernel/rcu/tree_exp.h:837 3 locks held by syz-executor.3/16180: #0: ffff8880371a3bd0 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:774 [inline] #0: ffff8880371a3bd0 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release net/socket.c:598 [inline] #0: ffff8880371a3bd0 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: sock_close+0x94/0x260 net/socket.c:1258 #1: ffff88802f7586e0 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1610 [inline] #1: ffff88802f7586e0 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_unhash+0x27/0x310 net/phonet/pep.c:1299 #2: ffffffff8cf1a3a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline] #2: ffffffff8cf1a3a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x325/0x6b0 kernel/rcu/tree_exp.h:837 1 lock held by syz-executor.2/16211: #0: ffff88801f4e83e0 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0x88/0xa20 drivers/block/loop.c:1204 3 locks held by syz-executor.2/16215: #0: ffff88801dc93a20 (&bdev->bd_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0xee/0x640 fs/block_dev.c:1452 #1: ffffffff8d671528 (loop_ctl_mutex){+.+.}-{3:3}, at: lo_open+0x1c/0x100 drivers/block/loop.c:1890 #2: ffff88801f4e83e0 (&lo->lo_mutex){+.+.}-{3:3}, at: lo_open+0x97/0x100 drivers/block/loop.c:1898 1 lock held by syz-executor.2/16223: #0: ffff88801dc93a20 (&bdev->bd_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0xee/0x640 fs/block_dev.c:1452 1 lock held by syz-executor.2/16225: #0: ffff88801dc93a20 (&bdev->bd_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0xee/0x640 fs/block_dev.c:1452 1 lock held by syz-executor.2/16226: #0: ffff88801dc93a20 (&bdev->bd_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0xee/0x640 fs/block_dev.c:1452 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1626 Comm: khungtaskd Not tainted 5.13.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x202/0x31e lib/dump_stack.c:120 nmi_cpu_backtrace+0x16c/0x190 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x191/0x2f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0xcfb/0xd40 kernel/hung_task.c:294 kthread+0x39a/0x3c0 kernel/kthread.c:313 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 16203 Comm: syz-executor.2 Not tainted 5.13.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0033:0x414640 Code: c1 73 6b 48 39 d0 0f 82 b3 00 00 00 48 39 d1 72 67 49 89 0e 49 89 7e 08 49 8b 50 f8 48 89 ee 4c 89 e3 4c 89 c0 0f 1f 44 00 00 <49> 89 dd 48 39 cf 72 2f 48 83 e8 08 48 39 d1 73 14 0f 1f 80 00 00 RSP: 002b:00007fff85269cf0 EFLAGS: 00000212 RAX: 00007f9494bf3510 RBX: 00007f9494bf2208 RCX: ffffffff841f729c RDX: ffffffff83f84e23 RSI: 00007f9494bf2210 RDI: ffffffff841f632c RBP: 00007f9494bf1e70 R08: 00007f9494bf3598 R09: 0000001b3262afe8 R10: 0000000000000000 R11: 0000000000000000 R12: 00007f9494bf1e68 R13: 00007f9494bf2200 R14: 00007f9494bf1e60 R15: 000000000000000f FS: 0000000002ee0400 GS: 0000000000000000