INFO: task syz-executor.2:11016 blocked for more than 140 seconds. Not tainted 4.19.144-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D30112 11016 6565 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 request_wait_answer+0x3dc/0x750 fs/fuse/dev.c:485 __fuse_request_send+0x123/0x1c0 fs/fuse/dev.c:505 fuse_readdir+0x49c/0x12f0 fs/fuse/dir.c:1390 iterate_dir+0x473/0x5c0 fs/readdir.c:51 __do_sys_getdents fs/readdir.c:268 [inline] __se_sys_getdents+0x175/0x2d0 fs/readdir.c:249 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d5b9 Code: Bad RIP value. RSP: 002b:00007fc596513c78 EFLAGS: 00000246 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 0000000000003f80 RCX: 000000000045d5b9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffe4f12cbef R14: 00007fc5965149c0 R15: 000000000118cf4c INFO: task syz-executor.0:11017 blocked for more than 140 seconds. Not tainted 4.19.144-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D29880 11017 6561 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 request_wait_answer+0x3dc/0x750 fs/fuse/dev.c:485 __fuse_request_send+0x123/0x1c0 fs/fuse/dev.c:505 fuse_readdir+0x49c/0x12f0 fs/fuse/dir.c:1390 iterate_dir+0x473/0x5c0 fs/readdir.c:51 __do_sys_getdents fs/readdir.c:268 [inline] __se_sys_getdents+0x175/0x2d0 fs/readdir.c:249 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d5b9 Code: Bad RIP value. RSP: 002b:00007f90a14b5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 0000000000003f80 RCX: 000000000045d5b9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffe896bdb9f R14: 00007f90a14b69c0 R15: 000000000118cf4c INFO: task syz-executor.0:11050 blocked for more than 140 seconds. Not tainted 4.19.144-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D30160 11050 6561 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 request_wait_answer+0x3dc/0x750 fs/fuse/dev.c:485 __fuse_request_send+0x123/0x1c0 fs/fuse/dev.c:505 fuse_readdir+0x49c/0x12f0 fs/fuse/dir.c:1390 iterate_dir+0x473/0x5c0 fs/readdir.c:51 __do_sys_getdents fs/readdir.c:268 [inline] __se_sys_getdents+0x175/0x2d0 fs/readdir.c:249 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d5b9 Code: Bad RIP value. RSP: 002b:00007f90a14b5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 0000000000003f80 RCX: 000000000045d5b9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffe896bdb9f R14: 00007f90a14b69c0 R15: 000000000118cf4c INFO: task syz-executor.2:11052 blocked for more than 140 seconds. Not tainted 4.19.144-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D29824 11052 6565 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 request_wait_answer+0x3dc/0x750 fs/fuse/dev.c:485 __fuse_request_send+0x123/0x1c0 fs/fuse/dev.c:505 fuse_readdir+0x49c/0x12f0 fs/fuse/dir.c:1390 iterate_dir+0x473/0x5c0 fs/readdir.c:51 __do_sys_getdents fs/readdir.c:268 [inline] __se_sys_getdents+0x175/0x2d0 fs/readdir.c:249 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d5b9 Code: Bad RIP value. RSP: 002b:00007fc596513c78 EFLAGS: 00000246 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 0000000000003f80 RCX: 000000000045d5b9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffe4f12cbef R14: 00007fc5965149c0 R15: 000000000118cf4c INFO: task syz-executor.2:11099 blocked for more than 140 seconds. Not tainted 4.19.144-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D29944 11099 6565 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 request_wait_answer+0x3dc/0x750 fs/fuse/dev.c:485 __fuse_request_send+0x123/0x1c0 fs/fuse/dev.c:505 fuse_readdir+0x49c/0x12f0 fs/fuse/dir.c:1390 iterate_dir+0x473/0x5c0 fs/readdir.c:51 __do_sys_getdents fs/readdir.c:268 [inline] __se_sys_getdents+0x175/0x2d0 fs/readdir.c:249 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d5b9 Code: Bad RIP value. RSP: 002b:00007fc596513c78 EFLAGS: 00000246 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 0000000000003f80 RCX: 000000000045d5b9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffe4f12cbef R14: 00007fc5965149c0 R15: 000000000118cf4c INFO: task syz-executor.0:11102 blocked for more than 140 seconds. Not tainted 4.19.144-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D29944 11102 6561 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 request_wait_answer+0x3dc/0x750 fs/fuse/dev.c:485 __fuse_request_send+0x123/0x1c0 fs/fuse/dev.c:505 fuse_readdir+0x49c/0x12f0 fs/fuse/dir.c:1390 iterate_dir+0x473/0x5c0 fs/readdir.c:51 __do_sys_getdents fs/readdir.c:268 [inline] __se_sys_getdents+0x175/0x2d0 fs/readdir.c:249 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d5b9 Code: Bad RIP value. RSP: 002b:00007f90a14b5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 0000000000003f80 RCX: 000000000045d5b9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffe896bdb9f R14: 00007f90a14b69c0 R15: 000000000118cf4c INFO: task syz-executor.2:11135 blocked for more than 140 seconds. Not tainted 4.19.144-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D30160 11135 6565 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 request_wait_answer+0x3dc/0x750 fs/fuse/dev.c:485 __fuse_request_send+0x123/0x1c0 fs/fuse/dev.c:505 fuse_readdir+0x49c/0x12f0 fs/fuse/dir.c:1390 iterate_dir+0x473/0x5c0 fs/readdir.c:51 __do_sys_getdents fs/readdir.c:268 [inline] __se_sys_getdents+0x175/0x2d0 fs/readdir.c:249 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d5b9 Code: Bad RIP value. RSP: 002b:00007fc596513c78 EFLAGS: 00000246 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 0000000000003f80 RCX: 000000000045d5b9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffe4f12cbef R14: 00007fc5965149c0 R15: 000000000118cf4c INFO: task syz-executor.0:11142 blocked for more than 140 seconds. Not tainted 4.19.144-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D30160 11142 6561 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 request_wait_answer+0x3dc/0x750 fs/fuse/dev.c:485 __fuse_request_send+0x123/0x1c0 fs/fuse/dev.c:505 fuse_readdir+0x49c/0x12f0 fs/fuse/dir.c:1390 iterate_dir+0x473/0x5c0 fs/readdir.c:51 __do_sys_getdents fs/readdir.c:268 [inline] __se_sys_getdents+0x175/0x2d0 fs/readdir.c:249 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d5b9 Code: Bad RIP value. RSP: 002b:00007f90a14b5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 0000000000003f80 RCX: 000000000045d5b9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffe896bdb9f R14: 00007f90a14b69c0 R15: 000000000118cf4c INFO: task syz-executor.2:11186 blocked for more than 140 seconds. Not tainted 4.19.144-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D30160 11186 6565 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 request_wait_answer+0x3dc/0x750 fs/fuse/dev.c:485 __fuse_request_send+0x123/0x1c0 fs/fuse/dev.c:505 fuse_readdir+0x49c/0x12f0 fs/fuse/dir.c:1390 iterate_dir+0x473/0x5c0 fs/readdir.c:51 __do_sys_getdents fs/readdir.c:268 [inline] __se_sys_getdents+0x175/0x2d0 fs/readdir.c:249 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d5b9 Code: Bad RIP value. RSP: 002b:00007fc596513c78 EFLAGS: 00000246 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 0000000000003f80 RCX: 000000000045d5b9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffe4f12cbef R14: 00007fc5965149c0 R15: 000000000118cf4c INFO: task syz-executor.0:11187 blocked for more than 140 seconds. Not tainted 4.19.144-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D30160 11187 6561 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 request_wait_answer+0x3dc/0x750 fs/fuse/dev.c:485 __fuse_request_send+0x123/0x1c0 fs/fuse/dev.c:505 fuse_readdir+0x49c/0x12f0 fs/fuse/dir.c:1390 iterate_dir+0x473/0x5c0 fs/readdir.c:51 __do_sys_getdents fs/readdir.c:268 [inline] __se_sys_getdents+0x175/0x2d0 fs/readdir.c:249 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d5b9 Code: Bad RIP value. RSP: 002b:00007f90a14b5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 0000000000003f80 RCX: 000000000045d5b9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffe896bdb9f R14: 00007f90a14b69c0 R15: 000000000118cf4c Showing all locks held in the system: 1 lock held by khungtaskd/1091: #0: 0000000016c12498 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4440 1 lock held by in:imklog/6160: #0: 00000000b226b133 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 3 locks held by rs:main Q:Reg/6161: 3 locks held by syz-executor.3/10963: #0: 000000001862cc2e (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 00000000c0f5167e (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 000000005877806d (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.3/10975: #0: 0000000082e10e7b (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 0000000024f38128 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 0000000094a12f9c (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.1/11014: #0: 00000000f4f56818 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 0000000012c18f3c (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 000000006c508df4 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.4/11015: #0: 00000000b43ece41 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 000000001468fd14 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 000000005a864103 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.2/11016: #0: 0000000049a9cb0c (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 00000000e02c572d (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 000000005ee1b142 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.0/11017: #0: 00000000fc4cec72 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 00000000847d4a23 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 00000000466b0909 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.4/11045: #0: 00000000a84a9a0a (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 0000000086c5b14d (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 00000000d0381430 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.1/11048: #0: 0000000043c0b644 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 000000005c56bcc9 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 00000000abb628bb (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.0/11050: #0: 00000000a94e20ce (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 000000004c368130 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 00000000164b1ce6 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.2/11052: #0: 00000000aad1bfc1 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 00000000c8981125 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 0000000090959a89 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.3/11053: #0: 000000000ba817b2 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 000000004b5a5067 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 0000000001e1a44b (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.4/11065: #0: 000000002ac778fb (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 000000004a153a69 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 000000002191042f (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.1/11098: #0: 0000000049fa96af (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 00000000e3392da2 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 0000000068fb7db9 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.2/11099: #0: 00000000745bedc4 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 00000000efdace99 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 00000000e5a6db50 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.4/11100: #0: 000000009a6f3c5b (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 0000000056c4aaa6 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 000000001a0f0863 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.0/11102: #0: 0000000016d038d6 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 000000005fe1e21e (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 00000000c34319fc (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.3/11126: #0: 000000006112a83b (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 00000000ede14c82 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 000000004d4982f5 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.1/11129: #0: 00000000b273b0ba (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 000000002f96afe7 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 000000008022f2a3 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.4/11131: #0: 00000000a5e89833 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 00000000424d1a5e (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 00000000844e493d (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.2/11135: #0: 0000000040d944f8 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 00000000649545fa (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 000000003832c2b1 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.0/11142: #0: 00000000bf4a86e9 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 000000004bac32c8 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 000000001d9e43e8 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.3/11151: #0: 000000002751558b (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 000000006f581820 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 0000000023c8732e (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.2/11186: #0: 00000000984a98b9 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 000000007e8fb5e6 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 00000000d00ea151 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.0/11187: #0: 000000002c5bb6b5 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 000000002b4c68c7 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 00000000fa594418 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.1/11191: #0: 000000002ce93bfd (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 0000000082a6c9cc (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 000000009bef2e34 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.4/11192: #0: 000000004378b556 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 00000000c621be1e (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 000000006f6cb1fb (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.4/11218: #0: 0000000012834359 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 0000000042b37429 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 000000002f1f8214 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.2/11220: #0: 000000000ef265dd (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 000000004dcdeb77 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 0000000079419e06 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.0/11223: #0: 000000007bb1f92c (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 00000000efd7b857 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 00000000884a39a7 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 3 locks held by syz-executor.4/11239: #0: 00000000a192f65a (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 00000000a00d4bd6 (&type->i_mutex_dir_key#8){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41 #2: 00000000126b3511 (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:365 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1091 Comm: khungtaskd Not tainted 4.19.144-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2fe lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1a6/0x1eb lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x991/0xe60 kernel/hung_task.c:287 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 3701 Comm: systemd-journal Not tainted 4.19.144-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__bpf_prog_run32+0x0/0xd0 kernel/bpf/core.c:1436 Code: 00 00 00 48 8b 8c 24 18 01 00 00 65 48 2b 0c 25 28 00 00 00 75 0c 48 81 c4 20 01 00 00 5b 5d 41 5c c3 e8 f3 a0 c9 ff 0f 1f 00 <48> b8 00 00 00 00 00 fc ff df 41 54 49 89 fc 55 48 89 f5 53 48 81 RSP: 0018:ffff88809426fbb8 EFLAGS: 00000246 RAX: 1ffff92000328606 RBX: ffff88809403fc00 RCX: ffffffff8169e81c RDX: 0000000000000000 RSI: ffffc90001943038 RDI: ffff88809426fe70 RBP: ffffc90001943000 R08: 0000000000000000 R09: 000000007fff0000 R10: 0000000000000004 R11: 0000000000000000 R12: dffffc0000000000 R13: 000000007fff0000 R14: 000000007fff0000 R15: 000000007fff0000 FS: 00007f1cd0d078c0(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1cce181000 CR3: 000000009429f000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: seccomp_run_filters+0x124/0x590 kernel/seccomp.c:211 __seccomp_filter+0x93/0xca0 kernel/seccomp.c:668 __secure_computing+0xfc/0x360 kernel/seccomp.c:795 syscall_trace_enter+0x563/0xd60 arch/x86/entry/common.c:121 do_syscall_64+0x486/0x620 arch/x86/entry/common.c:283 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f1ccffc39c7 Code: 83 c4 08 48 3d 01 f0 ff ff 73 01 c3 48 8b 0d c8 d4 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 15 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a1 d4 2b 00 f7 d8 64 89 01 48 RSP: 002b:00007ffe90081108 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 RAX: ffffffffffffffda RBX: 00007ffe90084130 RCX: 00007f1ccffc39c7 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00005568892fc9a3 RBP: 00007ffe90081250 R08: 00005568892f23e5 R09: 0000000000000018 R10: 0000000000000069 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 000055688a7298c0 R15: 00007ffe90081740