INFO: task syz-executor.2:18380 blocked for more than 140 seconds.
      Not tainted 4.14.218-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2  D27592 18380   7975 0x80000004
Call Trace:
 context_switch kernel/sched/core.c:2808 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3384
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
 blkdev_put+0x27/0x4c0 fs/block_dev.c:1826
 deactivate_locked_super+0x6c/0xd0 fs/super.c:319
 mount_bdev+0x31f/0x360 fs/super.c:1136
 mount_fs+0x92/0x2a0 fs/super.c:1237
 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2549 [inline]
 do_mount+0xe53/0x2a00 fs/namespace.c:2879
 SYSC_mount fs/namespace.c:3095 [inline]
 SyS_mount+0xa8/0x120 fs/namespace.c:3072
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x465b09
RSP: 002b:00007ff6d151d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09
RDX: 0000000020000000 RSI: 0000000020000180 RDI: 0000000020000380
RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007ffd4550ac6f R14: 00007ff6d151d300 R15: 0000000000022000
INFO: task syz-executor.2:18386 blocked for more than 140 seconds.
      Not tainted 4.14.218-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2  D29368 18386   7975 0x80000004
Call Trace:
 context_switch kernel/sched/core.c:2808 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3384
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
 lo_ioctl+0x87/0x1cd0 drivers/block/loop.c:1414
 __blkdev_driver_ioctl block/ioctl.c:297 [inline]
 blkdev_ioctl+0x540/0x1830 block/ioctl.c:594
 ioctl_by_bdev+0xa0/0x110 fs/block_dev.c:2078
 udf_get_last_session+0x7c/0xd0 fs/udf/lowlevel.c:37
 udf_fill_super+0x1229/0x1680 fs/udf/super.c:2152
 mount_bdev+0x2b3/0x360 fs/super.c:1134
 mount_fs+0x92/0x2a0 fs/super.c:1237
 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2549 [inline]
 do_mount+0xe53/0x2a00 fs/namespace.c:2879
 SYSC_mount fs/namespace.c:3095 [inline]
 SyS_mount+0xa8/0x120 fs/namespace.c:3072
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x465b09
RSP: 002b:00007ff6d14fc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000465b09
RDX: 0000000020000000 RSI: 0000000020000180 RDI: 0000000020000380
RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008
R13: 00007ffd4550ac6f R14: 00007ff6d14fc300 R15: 0000000000022000
INFO: task syz-executor.5:18396 blocked for more than 140 seconds.
      Not tainted 4.14.218-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5  D28352 18396   7976 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2808 [inline]
 __schedule+0x88b/0x1de0 kernel/sched/core.c:3384
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline]
 rwsem_down_read_failed+0x1e6/0x350 kernel/locking/rwsem-xadd.c:309
 call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94
 __down_read arch/x86/include/asm/rwsem.h:66 [inline]
 down_read+0x44/0x80 kernel/locking/rwsem.c:26
 __get_super.part.0+0x271/0x390 fs/super.c:678
 __get_super include/linux/spinlock.h:317 [inline]
 get_super+0x2b/0x50 fs/super.c:707
 fsync_bdev+0x14/0xc0 fs/block_dev.c:495
 invalidate_partition+0x74/0xb0 block/genhd.c:1509
 drop_partitions.isra.0+0x83/0x150 block/partition-generic.c:442
 rescan_partitions+0xa9/0x800 block/partition-generic.c:515
 __blkdev_reread_part+0x140/0x1d0 block/ioctl.c:173
 blkdev_reread_part+0x23/0x40 block/ioctl.c:193
 loop_reread_partitions drivers/block/loop.c:624 [inline]
 loop_set_status+0xeeb/0x12b0 drivers/block/loop.c:1193
 loop_set_status64+0x92/0xe0 drivers/block/loop.c:1311
 lo_ioctl+0x587/0x1cd0 drivers/block/loop.c:1441
 __blkdev_driver_ioctl block/ioctl.c:297 [inline]
 blkdev_ioctl+0x540/0x1830 block/ioctl.c:594
 block_ioctl+0xd9/0x120 fs/block_dev.c:1893
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x4658c7
RSP: 002b:00007f6724497ef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f6724497f40 RCX: 00000000004658c7
RDX: 00007f6724498050 RSI: 0000000000004c04 RDI: 000000000000000a
RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 00007f6724498050
R13: 00007ffe0dc3882f R14: 00007f6724498300 R15: 0000000000022000

Showing all locks held in the system:
1 lock held by khungtaskd/1528:
 #0:  (tasklist_lock){.+.+}, at: [<ffffffff86fedc17>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
1 lock held by syz-executor.2/18380:
 #0:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff81938457>] blkdev_put+0x27/0x4c0 fs/block_dev.c:1826
2 locks held by syz-executor.2/18386:
 #0:  (&type->s_umount_key#69/1){+.+.}, at: [<ffffffff818705e6>] alloc_super fs/super.c:251 [inline]
 #0:  (&type->s_umount_key#69/1){+.+.}, at: [<ffffffff818705e6>] sget_userns+0x556/0xc10 fs/super.c:516
 #1:  (&lo->lo_ctl_mutex/1){+.+.}, at: [<ffffffff838c0a87>] lo_ioctl+0x87/0x1cd0 drivers/block/loop.c:1414
3 locks held by syz-executor.5/18396:
 #0:  (&lo->lo_ctl_mutex/1){+.+.}, at: [<ffffffff838c0a87>] lo_ioctl+0x87/0x1cd0 drivers/block/loop.c:1414
 #1:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff830a073b>] blkdev_reread_part+0x1b/0x40 block/ioctl.c:192
 #2:  (&type->s_umount_key#70){++++}, at: [<ffffffff81871e81>] __get_super.part.0+0x271/0x390 fs/super.c:678

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1528 Comm: khungtaskd Not tainted 4.14.218-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
 watchdog+0x5b9/0xb40 kernel/hung_task.c:274
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 9218 Comm: kworker/u4:5 Not tainted 4.14.218-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: krdsd rds_tcp_accept_worker
task: ffff88805d3dc540 task.stack: ffff88805d3e0000
RIP: 0010:__read_once_size include/linux/compiler.h:183 [inline]
RIP: 0010:lookup_chain_cache kernel/locking/lockdep.c:2361 [inline]
RIP: 0010:lookup_chain_cache_add kernel/locking/lockdep.c:2381 [inline]
RIP: 0010:validate_chain kernel/locking/lockdep.c:2435 [inline]
RIP: 0010:__lock_acquire+0xa61/0x3f20 kernel/locking/lockdep.c:3491
RSP: 0018:ffff8880ba507320 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: 11239e645c70b2ed RCX: 0000000000006dca
RDX: 1ffffffff1737f22 RSI: 000000009d1006ee RDI: ffff88805d3dcf01
RBP: 0000000000000000 R08: ffffffff8b9bf910 R09: 00000000000c2001
R10: ffff88805d3dcee0 R11: ffff88805d3dc540 R12: ffff88805d3dcef8
R13: 0000000000000000 R14: 91b09dcc03e5abef R15: ffffffff8beb4d40
FS:  0000000000000000(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc5d9792000 CR3: 00000000ab8d7000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
 debug_object_assert_init lib/debugobjects.c:638 [inline]
 debug_object_assert_init+0xdd/0x2d0 lib/debugobjects.c:627
 debug_timer_assert_init kernel/time/timer.c:708 [inline]
 debug_assert_init kernel/time/timer.c:756 [inline]
 del_timer+0x5d/0xe0 kernel/time/timer.c:1151
 sk_stop_timer+0x15/0x40 net/core/sock.c:2702
 inet_csk_clear_xmit_timers+0xb6/0xe0 net/ipv4/inet_connection_sock.c:548
 tcp_clear_xmit_timers include/net/tcp.h:594 [inline]
 tcp_done+0xa3/0x210 net/ipv4/tcp.c:3418
 tcp_fin+0x366/0x770 net/ipv4/tcp_input.c:4107
 tcp_data_queue+0x1846/0x3aa0 net/ipv4/tcp_input.c:4714
 tcp_rcv_state_process+0xbe9/0x4950 net/ipv4/tcp_input.c:6168
 tcp_v4_do_rcv+0x2c4/0x7d0 net/ipv4/tcp_ipv4.c:1498
 tcp_v4_rcv+0x275c/0x3560 net/ipv4/tcp_ipv4.c:1750
 ip_local_deliver_finish+0x3f2/0xab0 net/ipv4/ip_input.c:216
 NF_HOOK include/linux/netfilter.h:250 [inline]
 ip_local_deliver+0x167/0x460 net/ipv4/ip_input.c:257
 dst_input include/net/dst.h:476 [inline]
 ip_rcv_finish+0x6e3/0x19f0 net/ipv4/ip_input.c:396
 NF_HOOK include/linux/netfilter.h:250 [inline]
 ip_rcv+0x8a7/0xf10 net/ipv4/ip_input.c:493
 __netif_receive_skb_core+0x15ee/0x2a30 net/core/dev.c:4474
 __netif_receive_skb+0x27/0x1a0 net/core/dev.c:4512
 process_backlog+0x218/0x6f0 net/core/dev.c:5194
 napi_poll net/core/dev.c:5596 [inline]
 net_rx_action+0x466/0xfd0 net/core/dev.c:5662
 __do_softirq+0x24d/0x9ff kernel/softirq.c:288
 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1016
 </IRQ>
 do_softirq.part.0+0x154/0x1b0 kernel/softirq.c:332
 do_softirq kernel/softirq.c:324 [inline]
 __local_bh_enable_ip+0x12b/0x170 kernel/softirq.c:185
 local_bh_enable include/linux/bottom_half.h:32 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:725 [inline]
 ip_finish_output2+0xbfc/0x1340 net/ipv4/ip_output.c:232
 ip_finish_output+0x37c/0xc50 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:239 [inline]
 ip_output+0x1cd/0x510 net/ipv4/ip_output.c:406
 dst_output include/net/dst.h:470 [inline]
 ip_local_out+0x93/0x170 net/ipv4/ip_output.c:125
 ip_queue_xmit+0x7d3/0x1a80 net/ipv4/ip_output.c:505
 __tcp_transmit_skb+0x17e2/0x2cb0 net/ipv4/tcp_output.c:1133
 tcp_transmit_skb net/ipv4/tcp_output.c:1149 [inline]
 tcp_write_xmit+0x654/0x5570 net/ipv4/tcp_output.c:2394
 __tcp_push_pending_frames+0xa0/0x2d0 net/ipv4/tcp_output.c:2580
 tcp_send_fin+0x16d/0xc00 net/ipv4/tcp_output.c:3132
 tcp_shutdown net/ipv4/tcp.c:2119 [inline]
 tcp_shutdown+0xaa/0xc0 net/ipv4/tcp.c:2104
 inet_shutdown+0x16c/0x340 net/ipv4/af_inet.c:832
 rds_tcp_accept_one+0x465/0x8b0 net/rds/tcp_listen.c:214
 rds_tcp_accept_worker+0x4d/0x70 net/rds/tcp.c:407
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: b5 80 46 86 c8 61 48 b8 00 00 00 00 00 fc ff df 49 0f af ce 48 c1 e9 31 4c 8d 04 cd c0 8a 98 8b 4c 89 c2 48 c1 ea 03 80 3c 02 00 <0f> 85 17 2d 00 00 48 8b 1c cd c0 8a 98 8b 48 85 db 74 55 48 83