ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
ubi0: background thread "ubi_bgt0d" started, PID 21345
ubi: mtd0 is already attached to ubi0
ubi: mtd0 is already attached to ubi0
ubi0: detaching mtd0
INFO: task syz-executor.2:21333 blocked for more than 140 seconds.
      Not tainted 4.14.175-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2  D29792 21333   6354 0x00000004
Call Trace:
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_timeout+0x946/0xe40 kernel/time/timer.c:1723
 do_wait_for_common kernel/sched/completion.c:91 [inline]
 __wait_for_common kernel/sched/completion.c:112 [inline]
 wait_for_common kernel/sched/completion.c:123 [inline]
 wait_for_completion+0x241/0x390 kernel/sched/completion.c:144
 kthread_stop+0xce/0x640 kernel/kthread.c:530
 ubi_detach_mtd_dev+0x1e3/0x3cc drivers/mtd/ubi/build.c:1084
 ctrl_cdev_ioctl+0x14b/0x220 drivers/mtd/ubi/cdev.c:1040
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c849
RSP: 002b:00007fa295b07c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa295b086d4 RCX: 000000000045c849
RDX: 000000000076006e RSI: 0000000040046f41 RDI: 0000000000000004
RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000207 R14: 00000000004c42a6 R15: 000000000076bfac
INFO: task syz-executor.3:21340 blocked for more than 140 seconds.
      Not tainted 4.14.175-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D29280 21340   6353 0x00000004
Call Trace:
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
 ctrl_cdev_ioctl+0x190/0x220 drivers/mtd/ubi/cdev.c:1014
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c849
RSP: 002b:00007f4b6c7dbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f4b6c7dc6d4 RCX: 000000000045c849
RDX: 000000000076006e RSI: 0000000040186f40 RDI: 0000000000000005
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000207 R14: 00000000004c42a6 R15: 000000000076bf0c
INFO: task syz-executor.3:21346 blocked for more than 140 seconds.
      Not tainted 4.14.175-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D29960 21346   6353 0x00000004
Call Trace:
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
 ctrl_cdev_ioctl+0x142/0x220 drivers/mtd/ubi/cdev.c:1039
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c849
RSP: 002b:00007f4b6c7bac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f4b6c7bb6d4 RCX: 000000000045c849
RDX: 000000000076006e RSI: 0000000040046f41 RDI: 0000000000000004
RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000207 R14: 00000000004c42a6 R15: 000000000076bfac
INFO: task syz-executor.0:21341 blocked for more than 140 seconds.
      Not tainted 4.14.175-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0  D29280 21341   6351 0x00000004
Call Trace:
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
 ctrl_cdev_ioctl+0x142/0x220 drivers/mtd/ubi/cdev.c:1039
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c849
RSP: 002b:00007f3ccf62cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f3ccf62d6d4 RCX: 000000000045c849
RDX: 000000000076006e RSI: 0000000040046f41 RDI: 0000000000000004
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000207 R14: 00000000004c42a6 R15: 000000000076bf0c
INFO: task syz-executor.5:21342 blocked for more than 140 seconds.
      Not tainted 4.14.175-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5  D28304 21342   6357 0x00000004
Call Trace:
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
 ctrl_cdev_ioctl+0x190/0x220 drivers/mtd/ubi/cdev.c:1014
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c849
RSP: 002b:00007fe3d0937c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fe3d09386d4 RCX: 000000000045c849
RDX: 000000000076006e RSI: 0000000040186f40 RDI: 0000000000000005
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000207 R14: 00000000004c42a6 R15: 000000000076bf0c
INFO: task syz-executor.5:21347 blocked for more than 140 seconds.
      Not tainted 4.14.175-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5  D30336 21347   6357 0x00000004
Call Trace:
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
 ctrl_cdev_ioctl+0x142/0x220 drivers/mtd/ubi/cdev.c:1039
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c849
RSP: 002b:00007fe3d0916c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fe3d09176d4 RCX: 000000000045c849
RDX: 000000000076006e RSI: 0000000040046f41 RDI: 0000000000000004
RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000207 R14: 00000000004c42a6 R15: 000000000076bfac
INFO: task syz-executor.4:21349 blocked for more than 140 seconds.
      Not tainted 4.14.175-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.4  D29312 21349   6356 0x00000004
Call Trace:
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
 ctrl_cdev_ioctl+0x190/0x220 drivers/mtd/ubi/cdev.c:1014
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c849
RSP: 002b:00007f81c1d88c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f81c1d896d4 RCX: 000000000045c849
RDX: 000000000076006e RSI: 0000000040186f40 RDI: 0000000000000004
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000207 R14: 00000000004c42a6 R15: 000000000076bf0c
INFO: task syz-executor.1:21351 blocked for more than 140 seconds.
      Not tainted 4.14.175-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1  D29280 21351   6355 0x00000004
Call Trace:
 schedule+0x8d/0x1b0 kernel/sched/core.c:3428
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3486
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x73c/0x1470 kernel/locking/mutex.c:893
 ctrl_cdev_ioctl+0x190/0x220 drivers/mtd/ubi/cdev.c:1014
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c849
RSP: 002b:00007f24c5a3ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f24c5a3b6d4 RCX: 000000000045c849
RDX: 000000000076006e RSI: 0000000040186f40 RDI: 0000000000000004
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000207 R14: 00000000004c42a6 R15: 000000000076bf0c

Showing all locks held in the system:
1 lock held by khungtaskd/1054:
 #0:  (tasklist_lock){.+.+}, at: [<ffffffff81465bb3>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4544
1 lock held by in:imklog/5971:
 #0:  (&f->f_pos_lock){+.+.}, at: [<ffffffff8191b836>] __fdget_pos+0xa6/0xc0 fs/file.c:769
1 lock held by syz-executor.2/21333:
 #0:  (ubi_devices_mutex){+.+.}, at: [<ffffffff83cba202>] ctrl_cdev_ioctl+0x142/0x220 drivers/mtd/ubi/cdev.c:1039
1 lock held by syz-executor.3/21340:
 #0:  (ubi_devices_mutex){+.+.}, at: [<ffffffff83cba250>] ctrl_cdev_ioctl+0x190/0x220 drivers/mtd/ubi/cdev.c:1014
1 lock held by syz-executor.3/21346:
 #0:  (ubi_devices_mutex){+.+.}, at: [<ffffffff83cba202>] ctrl_cdev_ioctl+0x142/0x220 drivers/mtd/ubi/cdev.c:1039
1 lock held by syz-executor.0/21341:
 #0:  (ubi_devices_mutex){+.+.}, at: [<ffffffff83cba202>] ctrl_cdev_ioctl+0x142/0x220 drivers/mtd/ubi/cdev.c:1039
1 lock held by syz-executor.5/21342:
 #0:  (ubi_devices_mutex){+.+.}, at: [<ffffffff83cba250>] ctrl_cdev_ioctl+0x190/0x220 drivers/mtd/ubi/cdev.c:1014
1 lock held by syz-executor.5/21347:
 #0:  (ubi_devices_mutex){+.+.}, at: [<ffffffff83cba202>] ctrl_cdev_ioctl+0x142/0x220 drivers/mtd/ubi/cdev.c:1039
1 lock held by syz-executor.4/21349:
 #0:  (ubi_devices_mutex){+.+.}, at: [<ffffffff83cba250>] ctrl_cdev_ioctl+0x190/0x220 drivers/mtd/ubi/cdev.c:1014
1 lock held by syz-executor.1/21351:
 #0:  (ubi_devices_mutex){+.+.}, at: [<ffffffff83cba250>] ctrl_cdev_ioctl+0x190/0x220 drivers/mtd/ubi/cdev.c:1014

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1054 Comm: khungtaskd Not tainted 4.14.175-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x13e/0x194 lib/dump_stack.c:58
 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x139/0x17e lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
 watchdog+0x5e2/0xb80 kernel/hung_task.c:274
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 5976 Comm: rs:main Q:Reg Not tainted 4.14.175-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880a6dd6200 task.stack: ffff88808a0e8000
RIP: 0010:find_held_lock+0x2d/0x110 kernel/locking/lockdep.c:3599
RSP: 0018:ffff88808a0ef1b0 EFLAGS: 00000086
RAX: 0000000000000001 RBX: 0000000000000007 RCX: ffff88808a0ef228
RDX: 1ffff11014dbad70 RSI: ffffffff87d84360 RDI: ffff8880a6dd6b80
RBP: ffffffff87d84360 R08: 0000000000000001 R09: 0000000000000000
R10: ffff8880a6dd6b70 R11: ffff8880a6dd6200 R12: ffff8880a6dd6b70
R13: ffffffff87d84360 R14: ffff88808a0ef228 R15: 0000000000000006
FS:  00007ff8048f5700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0577aaa000 CR3: 000000008dbb6000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __lock_release kernel/locking/lockdep.c:3763 [inline]
 lock_release+0x237/0x7f0 kernel/locking/lockdep.c:4013
 update_curr+0x2d0/0x680 kernel/sched/fair.c:856
 enqueue_entity+0x26b/0x21c0 kernel/sched/fair.c:3712
 enqueue_task_fair+0xb6/0x530 kernel/sched/fair.c:4912
 ttwu_activate kernel/sched/core.c:1670 [inline]
 ttwu_do_activate+0xce/0x1f0 kernel/sched/core.c:1729
 ttwu_queue kernel/sched/core.c:1874 [inline]
 try_to_wake_up+0x890/0xef0 kernel/sched/core.c:2087
 wake_up_worker kernel/workqueue.c:840 [inline]
 insert_work+0x238/0x2f0 kernel/workqueue.c:1313
 __queue_work+0x3c2/0xf70 kernel/workqueue.c:1465
 __queue_delayed_work+0x1f3/0x2a0 kernel/workqueue.c:1527
 queue_delayed_work_on+0x169/0x1d0 kernel/workqueue.c:1563
 kblockd_schedule_delayed_work_on+0x26/0x30 block/blk-core.c:3248
 __blk_mq_delay_run_hw_queue+0x113/0x1f0 block/blk-mq.c:1251
 blk_mq_sched_insert_request+0x32e/0x550 block/blk-mq-sched.c:387
 blk_mq_make_request+0x51e/0x1aa0 block/blk-mq.c:1750
 generic_make_request block/blk-core.c:2227 [inline]
 generic_make_request+0x205/0xa40 block/blk-core.c:2171
 submit_bio+0x18f/0x3a0 block/blk-core.c:2301
 submit_bh_wbc+0x52e/0x700 fs/buffer.c:3152
 submit_bh fs/buffer.c:3158 [inline]
 __sync_dirty_buffer fs/buffer.c:3244 [inline]
 __sync_dirty_buffer+0xc1/0x250 fs/buffer.c:3235
 ext4_write_inode+0x396/0x420 fs/ext4/inode.c:5300
 write_inode fs/fs-writeback.c:1227 [inline]
 __writeback_single_inode+0xb42/0x1140 fs/fs-writeback.c:1426
 writeback_single_inode+0x1f3/0x370 fs/fs-writeback.c:1480
 sync_inode fs/fs-writeback.c:2508 [inline]
 sync_inode_metadata+0x79/0xa0 fs/fs-writeback.c:2528
 __generic_file_fsync+0x121/0x190 fs/libfs.c:994
 ext4_sync_file+0x757/0x12c0 fs/ext4/fsync.c:120
 vfs_fsync_range+0x103/0x250 fs/sync.c:196
 generic_write_sync include/linux/fs.h:2678 [inline]
 ext4_file_write_iter+0x639/0xdc0 fs/ext4/file.c:281
 call_write_iter include/linux/fs.h:1778 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x44e/0x630 fs/read_write.c:482
 vfs_write+0x192/0x4e0 fs/read_write.c:544
 SYSC_write fs/read_write.c:590 [inline]
 SyS_write+0xf2/0x210 fs/read_write.c:582
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7ff8073391cd
RSP: 002b:00007ff8048f4590 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007ff7fc002da0 RCX: 00007ff8073391cd
RDX: 000000000000042a RSI: 00007ff7fc002da0 RDI: 0000000000000006
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 00007ff7fc002b00
R13: 00007ff8048f45b0 R14: 00005593a6cb6360 R15: 000000000000042a
Code: 44 8d 7a ff 49 63 c7 41 56 49 89 ce 48 8d 04 80 41 55 49 89 f5 41 54 4c 8d a4 c7 80 08 00 00 55 4c 89 e7 53 89 d3 e8 13 fa ff ff <85> c0 0f 85 87 00 00 00 49 83 ec 28 83 eb 02 41 89 df 78 78 48