ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 Bluetooth: hci4: command 0x0406 tx timeout ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 INFO: task syz-executor.0:20880 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28272 20880 19133 0x80000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x44/0x80 kernel/locking/rwsem.c:26 exit_mm kernel/exit.c:512 [inline] do_exit+0x6e4/0x2be0 kernel/exit.c:857 do_group_exit+0x125/0x310 kernel/exit.c:967 __do_sys_exit_group kernel/exit.c:978 [inline] __se_sys_exit_group kernel/exit.c:976 [inline] __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:976 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f23dd0040e9 Code: Bad RIP value. RSP: 002b:00007ffd80a12178 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 000000000000001e RCX: 00007f23dd0040e9 RDX: 00007f23dcfb6d2b RSI: ffffffffffffffb8 RDI: 0000000000000000 RBP: 0000000000000000 R08: 000000f0948ff085 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd80a12260 INFO: task syz-executor.0:20883 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D27416 20883 19133 0x80000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x44/0x80 kernel/locking/rwsem.c:26 exit_mm kernel/exit.c:512 [inline] do_exit+0x6e4/0x2be0 kernel/exit.c:857 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f23dd0040e9 Code: Bad RIP value. RSP: 002b:00007f23db979218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007f23dd116f68 RCX: 00007f23dd0040e9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f23dd116f68 RBP: 00007f23dd116f60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f23dd116f6c R13: 00007ffd80a11f3f R14: 00007f23db979300 R15: 0000000000022000 INFO: task syz-executor.0:20885 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D29848 20885 19133 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x44/0x80 kernel/locking/rwsem.c:26 __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0010:do_strncpy_from_user lib/strncpy_from_user.c:39 [inline] RIP: 0010:strncpy_from_user+0x1ea/0x350 lib/strncpy_from_user.c:119 Code: 03 da fd 48 83 ed 08 bf 07 00 00 00 48 83 c3 08 48 89 ee e8 98 04 da fd 48 83 fd 07 0f 86 29 01 00 00 e8 f9 02 da fd 45 31 ff <4d> 8b 64 1d 00 31 ff 44 89 fe e8 57 04 da fd 45 85 ff 0f 84 61 ff RSP: 0018:ffff888059adfdf0 EFLAGS: 00050246 RAX: ffff88805891c300 RBX: 0000000000000000 RCX: ffffffff838881e4 RDX: 0000000000000000 RSI: ffffffff83888277 RDI: 0000000000000007 RBP: 0000000000000fe0 R08: 0000000000000fe0 R09: 0000000000000007 R10: 0000000000000007 R11: 0000000000000000 R12: 0000000000000fe0 R13: 0000000000000000 R14: ffff8880529c86e0 R15: 0000000000000000 getname_flags+0x113/0x590 fs/namei.c:151 getname fs/namei.c:211 [inline] user_path_create fs/namei.c:3696 [inline] do_mkdirat+0x8d/0x2d0 fs/namei.c:3834 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f23dd0040e9 Code: Bad RIP value. RSP: 002b:00007f23db958168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 RAX: ffffffffffffffda RBX: 00007f23dd117030 RCX: 00007f23dd0040e9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffff9c RBP: 00007f23dd05e08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd80a11f3f R14: 00007f23db958300 R15: 0000000000022000 INFO: task syz-executor.0:20886 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D29360 20886 19133 0x80000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x44/0x80 kernel/locking/rwsem.c:26 exit_mm kernel/exit.c:512 [inline] do_exit+0x6e4/0x2be0 kernel/exit.c:857 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f23dd0040e9 Code: Bad RIP value. RSP: 002b:00007f23db937218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007f23dd117108 RCX: 00007f23dd0040e9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f23dd117108 RBP: 00007f23dd117100 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f23dd11710c R13: 00007ffd80a11f3f R14: 00007f23db937300 R15: 0000000000022000 INFO: task syz-executor.0:20887 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D29704 20887 19133 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x44/0x80 kernel/locking/rwsem.c:26 __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0010:__get_user_4+0x21/0x30 arch/x86/lib/getuser.S:78 Code: 50 ff 31 c0 0f 01 ca c3 90 48 83 c0 03 72 55 65 48 8b 14 25 c0 df 01 00 48 3b 82 98 14 00 00 73 43 48 19 d2 48 21 d0 0f 01 cb <8b> 50 fd 31 c0 0f 01 ca c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 RSP: 0018:ffff888092b87d60 EFLAGS: 00050202 RAX: 0000000000000007 RBX: 00007fffffffefc0 RCX: 1ffff11012ffb9a9 RDX: ffffffffffffffff RSI: ffffffff81765ebb RDI: 0000000000000286 RBP: 0000000000000000 R08: ffffffff8cd38068 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff888092b87e40 R14: 0000000000000000 R15: 0000000000000000 perf_copy_attr+0xb8/0x7a0 kernel/events/core.c:10275 __do_sys_perf_event_open kernel/events/core.c:10571 [inline] __se_sys_perf_event_open+0xb4/0x2720 kernel/events/core.c:10549 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f23dd0040e9 Code: Bad RIP value. RSP: 002b:00007f23db916168 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 00007f23dd1171d0 RCX: 00007f23dd0040e9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f23dd05e08d R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd80a11f3f R14: 00007f23db916300 R15: 0000000000022000 INFO: task syz-executor.0:20888 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28728 20888 19133 0x80000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x44/0x80 kernel/locking/rwsem.c:26 exit_mm kernel/exit.c:512 [inline] do_exit+0x6e4/0x2be0 kernel/exit.c:857 do_group_exit+0x125/0x310 kernel/exit.c:967 get_signal+0x3f2/0x1f70 kernel/signal.c:2589 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f23dd0040e9 Code: Bad RIP value. RSP: 002b:00007f23db8f5218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007f23dd1172a8 RCX: 00007f23dd0040e9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f23dd1172a8 RBP: 00007f23dd1172a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f23dd1172ac R13: 00007ffd80a11f3f R14: 00007f23db8f5300 R15: 0000000000022000 INFO: task syz-executor.0:20890 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D30376 20890 19133 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x44/0x80 kernel/locking/rwsem.c:26 __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x7f23dcfaaf84 Code: Bad RIP value. RSP: 002b:00007f23db8b3190 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00007f23dd05f8a4 RDX: 00000000000042af RSI: 0000000000000000 RDI: 00007f23dd05cfbb RBP: 00007f23dd05e08d R08: 00007ffd80be7000 R09: 000000f0621e2b5a R10: 000c5e740e4b949e R11: 0000000000000001 R12: 0000000000000000 R13: 00007ffd80a11f3f R14: 00007f23db8b3300 R15: 0000000000022000 INFO: task syz-executor.0:20891 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D30376 20891 19133 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x44/0x80 kernel/locking/rwsem.c:26 __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x7f23dcfaaf84 Code: Bad RIP value. RSP: 002b:00007f23db892190 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f23dd0681e1 RDX: 00000000000042ad RSI: 000000000000000b RDI: 00007f23dd05cfbb RBP: 00007f23dd05e08d R08: 00007ffd80be7000 R09: 000000f0620a9b6f R10: 000c558fb556b61e R11: 0000000000000001 R12: 0000000000000000 R13: 00007ffd80a11f3f R14: 00007f23db892300 R15: 0000000000022000 INFO: task syz-executor.0:20892 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D30376 20892 19133 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x44/0x80 kernel/locking/rwsem.c:26 __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x7f23dcfaaf84 Code: Bad RIP value. RSP: 002b:00007f23db871190 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f23dd0564c0 RDX: 00000000000042af RSI: 0000000000000005 RDI: 00007f23dd05cfbb RBP: 00007f23dd05e08d R08: 00007ffd80be7000 R09: 000000f0621edf1a R10: 000c5ec5c2e4139e R11: 0000000000000001 R12: 0000000000000000 R13: 00007ffd80a11f3f R14: 00007f23db871300 R15: 0000000000022000 INFO: task syz-executor.0:20893 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D30376 20893 19133 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x44/0x80 kernel/locking/rwsem.c:26 __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x7f23dcfaaf84 Code: Bad RIP value. RSP: 002b:00007f23db850190 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f23dd0681e1 RDX: 00000000000042ad RSI: 0000000000000000 RDI: 00007f23dd05cfbb RBP: 00007f23dd05e08d R08: 00007ffd80be7000 R09: 000000f0620b0a44 R10: 000c55c21652961e R11: 0000000000000001 R12: 0000000000000000 R13: 00007ffd80a11f3f R14: 00007f23db850300 R15: 0000000000022000 Showing all locks held in the system: 1 lock held by khungtaskd/1569: #0: 00000000fe554ad6 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 1 lock held by in:imklog/7805: #0: 00000000aafc3d3a (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 1 lock held by syz-executor.0/20880: #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: do_exit+0x6e4/0x2be0 kernel/exit.c:857 1 lock held by syz-executor.0/20883: #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: do_exit+0x6e4/0x2be0 kernel/exit.c:857 1 lock held by syz-executor.0/20885: #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 1 lock held by syz-executor.0/20886: #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: do_exit+0x6e4/0x2be0 kernel/exit.c:857 1 lock held by syz-executor.0/20887: #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 1 lock held by syz-executor.0/20888: #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: exit_mm kernel/exit.c:512 [inline] #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: do_exit+0x6e4/0x2be0 kernel/exit.c:857 1 lock held by syz-executor.0/20889: 1 lock held by syz-executor.0/20890: #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 1 lock held by syz-executor.0/20891: #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 1 lock held by syz-executor.0/20892: #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 1 lock held by syz-executor.0/20893: #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 1 lock held by syz-executor.0/20894: #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 1 lock held by syz-executor.0/20895: #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 1 lock held by syz-executor.0/20896: #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 1 lock held by syz-executor.0/20898: #0: 00000000fc2e9f6e (&mm->mmap_sem){++++}, at: __do_page_fault+0x97f/0xd60 arch/x86/mm/fault.c:1348 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1569 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x991/0xe60 kernel/hung_task.c:287 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 4688 Comm: systemd-journal Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:terminate_walk+0x0/0x5c0 fs/namei.c:594 Code: fc ff ff e8 42 d6 f2 ff e9 03 ff ff ff e8 38 d6 f2 ff e9 d5 fe ff ff 48 89 ef e8 0b d5 f2 ff e9 33 fe ff ff 66 0f 1f 44 00 00 <41> 57 41 56 41 55 41 54 55 48 89 fd 53 48 83 ec 20 e8 1a f9 bc ff RSP: 0018:ffff8880a0d77bc8 EFLAGS: 00000293 RAX: ffff8880a0d6a480 RBX: ffff8880a0d77eb0 RCX: ffffffff81a65353 RDX: 0000000000000000 RSI: ffffffff81a6535d RDI: ffff8880a0d77c38 RBP: ffff8880a0d77be8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: 00000000fffffffe R13: ffff8880a0d77c38 R14: ffff8880a0d77eb0 R15: ffff8880a0d77c38 FS: 00007f56d508c8c0(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f56d13db000 CR3: 00000000a109b000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: path_parentat+0x75/0x140 fs/namei.c:2375 filename_parentat+0x198/0x590 fs/namei.c:2389 filename_create+0x9e/0x490 fs/namei.c:3621 user_path_create fs/namei.c:3696 [inline] do_mkdirat+0xa0/0x2d0 fs/namei.c:3834 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f56d4347687 Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 RSP: 002b:00007ffc7cc04368 EFLAGS: 00000293 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 00007ffc7cc073d0 RCX: 00007f56d4347687 RDX: 0000000000000000 RSI: 00000000000001ed RDI: 0000562cb09048a0 RBP: 00007ffc7cc043a0 R08: 0000562caef763e5 R09: 0000000000000018 R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000 R13: 0000000000000001 R14: 0000562cb09048a0 R15: 00007ffc7cc049e0 ---------------- Code disassembly (best guess): 0: 03 da add %edx,%ebx 2: fd std 3: 48 83 ed 08 sub $0x8,%rbp 7: bf 07 00 00 00 mov $0x7,%edi c: 48 83 c3 08 add $0x8,%rbx 10: 48 89 ee mov %rbp,%rsi 13: e8 98 04 da fd callq 0xfdda04b0 18: 48 83 fd 07 cmp $0x7,%rbp 1c: 0f 86 29 01 00 00 jbe 0x14b 22: e8 f9 02 da fd callq 0xfdda0320 27: 45 31 ff xor %r15d,%r15d * 2a: 4d 8b 64 1d 00 mov 0x0(%r13,%rbx,1),%r12 <-- trapping instruction 2f: 31 ff xor %edi,%edi 31: 44 89 fe mov %r15d,%esi 34: e8 57 04 da fd callq 0xfdda0490 39: 45 85 ff test %r15d,%r15d 3c: 0f .byte 0xf 3d: 84 61 ff test %ah,-0x1(%rcx)