protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 INFO: task syz-executor.1:6653 blocked for more than 140 seconds. Not tainted 5.0.0+ #7 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D28208 6653 21701 0xa0020002 Call Trace: context_switch kernel/sched/core.c:2844 [inline] __schedule+0x817/0x1cc0 kernel/sched/core.c:3485 schedule+0x92/0x180 kernel/sched/core.c:3529 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3587 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x726/0x1310 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 vhost_net_stop_vq+0x2d/0x120 drivers/vhost/net.c:1360 vhost_net_stop drivers/vhost/net.c:1374 [inline] vhost_net_release+0x5d/0x260 drivers/vhost/net.c:1406 __fput+0x2df/0x8d0 fs/file_table.c:278 ____fput+0x16/0x20 fs/file_table.c:309 task_work_run+0x14a/0x1c0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x92c/0x2fd0 kernel/exit.c:875 do_group_exit+0x135/0x370 kernel/exit.c:979 get_signal+0x399/0x1d50 kernel/signal.c:2575 do_signal+0x87/0x1940 arch/x86/kernel/signal.c:816 kobject: 'loop2' (000000000777766d): kobject_uevent_env kobject: 'loop2' (000000000777766d): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop5' (00000000bcb3cf31): kobject_uevent_env exit_to_usermode_loop+0x244/0x2c0 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_32_irqs_on arch/x86/entry/common.c:341 [inline] do_fast_syscall_32+0xa9d/0xc98 arch/x86/entry/common.c:397 kobject: 'loop5' (00000000bcb3cf31): fill_kobj_path: path = '/devices/virtual/block/loop5' entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7f49869 Code: ff 1c 3a 90 81 ff ff ff ff 58 3a 90 81 ff ff ff ff 9a 3a 90 81 ff ff ff ff 9a 3b 90 81 ff ff ff ff 09 b5 8f 81 ff ff ff ff c9 <7d> 2b 83 ff ff ff ff 4c 7b 2b 83 ff ff ff ff 73 7b 2b 83 ff ff ff kobject: 'loop1' (00000000b4f570ad): kobject_uevent_env kobject: 'loop1' (00000000b4f570ad): fill_kobj_path: path = '/devices/virtual/block/loop1' RSP: 002b:000000000845fbbc EFLAGS: 00000202 ORIG_RAX: 00000000000000f0 kobject: 'loop5' (00000000bcb3cf31): kobject_uevent_env kobject: 'loop5' (00000000bcb3cf31): fill_kobj_path: path = '/devices/virtual/block/loop5' RAX: fffffffffffffdfc RBX: 000000000814af6c RCX: 0000000000000080 RDX: 0000000000000000 RSI: 000000000845fd04 RDI: 0000000000000000 kobject: 'loop1' (00000000b4f570ad): kobject_uevent_env RBP: 00000000000003e8 R08: 0000000000000000 R09: 0000000000000000 kobject: 'loop1' (00000000b4f570ad): fill_kobj_path: path = '/devices/virtual/block/loop1' R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 kobject: 'loop5' (00000000bcb3cf31): kobject_uevent_env Showing all locks held in the system: kobject: 'loop5' (00000000bcb3cf31): fill_kobj_path: path = '/devices/virtual/block/loop5' 1 lock held by khungtaskd/1041: #0: 0000000020fcefeb (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:4389 kobject: 'loop5' (00000000bcb3cf31): kobject_uevent_env kobject: 'loop5' (00000000bcb3cf31): fill_kobj_path: path = '/devices/virtual/block/loop5' 3 locks held by udevd/3869: 1 lock held by rsyslogd/7536: #0: 0000000040053f35 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:795 kobject: 'loop4' (000000004b8451aa): kobject_uevent_env kobject: 'loop4' (000000004b8451aa): fill_kobj_path: path = '/devices/virtual/block/loop4' 2 locks held by getty/7626: #0: 0000000032a5b046 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 kobject: 'loop1' (00000000b4f570ad): kobject_uevent_env #1: 0000000065fac483 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154 kobject: 'loop1' (00000000b4f570ad): fill_kobj_path: path = '/devices/virtual/block/loop1' 2 locks held by getty/7627: #0: 0000000011acb604 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000badc1d47 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154 2 locks held by getty/7628: #0: 000000005b58fb05 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000060444883 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154 2 locks held by getty/7629: #0: 000000003f84df48 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 000000001ebb2b0b (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154 2 locks held by getty/7630: #0: 00000000a5ec3511 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000db40f8a5 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154 2 locks held by getty/7631: #0: 000000007012369c (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000023d487e6 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154 2 locks held by getty/7632: #0: 0000000023159758 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000e21fee33 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2154 3 locks held by kworker/u4:5/8154: #0: 0000000003a14680 (&rq->lock){-.-.}, at: rq_lock kernel/sched/sched.h:1149 [inline] #0: 0000000003a14680 (&rq->lock){-.-.}, at: __schedule+0x1fc/0x1cc0 kernel/sched/core.c:3423 #1: 000000002460f65c ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}, at: process_one_work+0x8b4/0x1790 kernel/workqueue.c:2148 #2: 0000000003a14680 (&rq->lock){-.-.}, at: rq_lock kernel/sched/sched.h:1149 [inline] #2: 0000000003a14680 (&rq->lock){-.-.}, at: __schedule+0x1fc/0x1cc0 kernel/sched/core.c:3423 1 lock held by syz-executor.1/6653: #0: 000000006cdb8138 (&vq->mutex){+.+.}, at: vhost_net_stop_vq+0x2d/0x120 drivers/vhost/net.c:1360 1 lock held by vhost-6654/6656: 3 locks held by syz-executor.3/11179: #0: 00000000faad26dd (&mousedev->mutex/1){+.+.}, at: mixdev_close_devices+0x24/0x140 drivers/input/mousedev.c:489 #1: 00000000d3db2b99 (&mousedev->mutex#2){+.+.}, at: mousedev_close_device+0x22/0xd0 drivers/input/mousedev.c:444 #2: 00000000dcaa9415 (&dev->mutex#2){+.+.}, at: input_close_device+0x48/0x170 drivers/input/input.c:658 1 lock held by syz-executor.2/11187: #0: 000000004913e7a2 (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x173/0x230 mm/util.c:348 2 locks held by syz-executor.2/11190: 1 lock held by syz-executor.2/11231: #0: 000000004913e7a2 (&mm->mmap_sem){++++}, at: __do_sys_mincore mm/mincore.c:256 [inline] #0: 000000004913e7a2 (&mm->mmap_sem){++++}, at: __se_sys_mincore mm/mincore.c:224 [inline] #0: 000000004913e7a2 (&mm->mmap_sem){++++}, at: __ia32_sys_mincore+0x3e3/0x760 mm/mincore.c:224 kobject: 'loop4' (000000004b8451aa): kobject_uevent_env kobject: 'loop4' (000000004b8451aa): fill_kobj_path: path = '/devices/virtual/block/loop4' ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1041 Comm: khungtaskd Not tainted 5.0.0+ #7 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 nmi_cpu_backtrace.cold+0x63/0xa4 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1be/0x236 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x9df/0xee0 kernel/hung_task.c:287 kthread+0x357/0x430 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 6286 Comm: kworker/u4:3 Not tainted 5.0.0+ #7 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_nc_worker RIP: 0010:__lock_acquire+0x964/0x4700 kernel/locking/lockdep.c:3318 Code: 1f 00 00 0f 87 16 0a 00 00 49 8d 87 70 08 00 00 48 89 c2 48 89 44 24 70 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 <0f> 85 5e 2d 00 00 45 85 c0 4d 8b af 70 08 00 00 0f 85 50 fc ff ff RSP: 0018:ffff8880653f7a80 EFLAGS: 00000046 RAX: dffffc0000000000 RBX: 000000000000002b RCX: 1ffff1100c80ddfe RDX: 1ffff1100c80ddee RSI: ffff88806406efd0 RDI: ffffffff8a09ad70 RBP: ffff8880653f7c50 R08: 0000000000000002 R09: ffff88806406eff0 R10: ffff88806406efd0 R11: 0000000000000000 R12: ffff88806406efe8 R13: 000000000002002b R14: 000000000000002b R15: ffff88806406e700 FS: 0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fdd469c6518 CR3: 00000000a553e000 CR4: 00000000001406e0 Call Trace: lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3841 rcu_lock_acquire include/linux/rcupdate.h:223 [inline] rcu_read_lock include/linux/rcupdate.h:607 [inline] batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:419 [inline] batadv_nc_worker+0x117/0x760 net/batman-adv/network-coding.c:730 process_one_work+0x98e/0x1790 kernel/workqueue.c:2173 worker_thread+0x98/0xe40 kernel/workqueue.c:2319 kthread+0x357/0x430 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352