INFO: task syz-executor2:24717 blocked for more than 140 seconds. Not tainted 4.20.0-rc6+ #150 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor2 D19384 24717 6085 0x00000004 Call Trace: context_switch kernel/sched/core.c:2831 [inline] __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472 schedule+0xfe/0x460 kernel/sched/core.c:3516 xlog_grant_head_wait+0x26b/0xf50 fs/xfs/xfs_log.c:263 xlog_grant_head_check+0x4e7/0x560 fs/xfs/xfs_log.c:325 xfs_log_reserve+0x3b6/0xd50 fs/xfs/xfs_log.c:454 xfs_log_write_unmount_record+0x336/0xc30 fs/xfs/xfs_log.c:854 xfs_log_unmount_write fs/xfs/xfs_log.c:953 [inline] xfs_log_quiesce+0x55c/0x660 fs/xfs/xfs_log.c:1020 xfs_log_unmount+0x22/0xb0 fs/xfs/xfs_log.c:1034 xfs_log_mount_cancel+0x44/0x60 fs/xfs/xfs_log.c:816 xfs_mountfs+0x147f/0x1ef0 fs/xfs/xfs_mount.c:1064 xfs_fs_fill_super+0xe60/0x1720 fs/xfs/xfs_super.c:1745 mount_bdev+0x30c/0x3e0 fs/super.c:1158 xfs_fs_mount+0x34/0x40 fs/xfs/xfs_super.c:1819 mount_fs+0xae/0x31d fs/super.c:1261 vfs_kern_mount.part.35+0xdc/0x4f0 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2469 [inline] do_mount+0x581/0x31f0 fs/namespace.c:2801 ksys_mount+0x12d/0x140 fs/namespace.c:3017 __do_sys_mount fs/namespace.c:3031 [inline] __se_sys_mount fs/namespace.c:3028 [inline] __x64_sys_mount+0xbe/0x150 fs/namespace.c:3028 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a0ea Code: Bad RIP value. RSP: 002b:00007f3c0568da88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f3c0568db30 RCX: 000000000045a0ea RDX: 00007f3c0568dad0 RSI: 0000000020000100 RDI: 00007f3c0568daf0 RBP: 0000000020000100 R08: 00007f3c0568db30 R09: 00007f3c0568dad0 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 R13: 0000000000000000 R14: 00000000004d9c40 R15: 00000000ffffffff Showing all locks held in the system: 1 lock held by khungtaskd/1019: #0: 000000001463bffd (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424 kernel/locking/lockdep.c:4379 1 lock held by udevd/3715: 1 lock held by rsyslogd/5933: #0: 00000000d1e0631c (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200 fs/file.c:766 2 locks held by getty/6024: #0: 0000000059192ab7 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 0000000011203a6f (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/6025: #0: 00000000849f09ca (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 000000003b99ce80 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/6026: #0: 0000000033c68859 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 00000000b3798670 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/6027: #0: 000000002653679d (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 0000000009b85e90 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/6028: #0: 00000000c6150e5a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 000000007579d68d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/6029: #0: 00000000bbbdf89d (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 00000000df1f5885 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 2 locks held by getty/6030: #0: 00000000305ee2a2 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353 #1: 00000000ef0f1445 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154 1 lock held by syz-executor0/10532: #0: 000000009cdfe7cf (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x53/0x120 fs/exec.c:1404 1 lock held by syz-executor2/24717: #0: 00000000c11d8cbe (&type->s_umount_key#76/1){+.+.}, at: alloc_super fs/super.c:226 [inline] #0: 00000000c11d8cbe (&type->s_umount_key#76/1){+.+.}, at: sget_userns+0x2c5/0xed0 fs/super.c:519 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1019 Comm: khungtaskd Not tainted 4.20.0-rc6+ #150 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 nmi_cpu_backtrace.cold.2+0x5c/0xa1 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1e8/0x22a lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0xb51/0x1060 kernel/hung_task.c:289 kthread+0x35a/0x440 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 3715 Comm: udevd Not tainted 4.20.0-rc6+ #150 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ktime_get_ts64+0x51/0x4f0 kernel/time/timekeeping.c:877 Code: 48 89 85 00 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 c7 85 30 ff ff ff b3 8a b5 41 48 01 c8 48 c7 85 38 ff ff ff 18 aa 11 89 <48> c7 85 40 ff ff ff 90 56 6e 81 c7 00 f1 f1 f1 f1 c7 40 04 04 f2 RSP: 0018:ffff8881c25e77a8 EFLAGS: 00000282 RAX: ffffed10384bcefb RBX: 1ffff110384bcf19 RCX: 1ffff110384bcefb RDX: 0000000000000000 RSI: ffffffff81d539e2 RDI: ffff8881c25e78e8 RBP: ffff8881c25e78a8 R08: ffff8881c25de100 R09: 0000000000000014 R10: ffffed10385f9c08 R11: 0000000000000001 R12: ffff8881c25e7aa8 R13: ffff8881c25e78e8 R14: ffff8881c25e7968 R15: ffff8881c25e78e8 FS: 00007fe32ce867a0(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32b24000 CR3: 00000001c2ba0000 CR4: 00000000001426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: select_estimate_accuracy+0xde/0x4b0 fs/select.c:87 ep_poll+0x6d9/0x13d0 fs/eventpoll.c:1758 do_epoll_wait+0x1b0/0x200 fs/eventpoll.c:2198 __do_sys_epoll_wait fs/eventpoll.c:2208 [inline] __se_sys_epoll_wait fs/eventpoll.c:2205 [inline] __x64_sys_epoll_wait+0x97/0xf0 fs/eventpoll.c:2205 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fe32c59a943 Code: 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 83 3d b5 dc 2a 00 00 75 13 49 89 ca b8 e8 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 3b c4 00 00 48 89 04 24 RSP: 002b:00007fffae277668 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8 RAX: ffffffffffffffda RBX: 0000000000000bb8 RCX: 00007fe32c59a943 RDX: 0000000000000008 RSI: 00007fffae277760 RDI: 000000000000000a RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000bb8 R11: 0000000000000246 R12: 0000000000000003 R13: 0000000000000000 R14: 0000000001d80000 R15: 0000000001d67250