INFO: task kworker/0:12:6075 blocked for more than 143 seconds. Not tainted 5.11.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:12 state:D stack:27672 pid: 6075 ppid: 2 flags:0x00004000 Workqueue: dio/loop0 dio_aio_complete_work Call Trace: context_switch kernel/sched/core.c:4327 [inline] __schedule+0x8de/0x2170 kernel/sched/core.c:5078 schedule+0xcf/0x270 kernel/sched/core.c:5157 rwsem_down_write_slowpath+0x7e5/0x1200 kernel/locking/rwsem.c:1106 __down_write_common kernel/locking/rwsem.c:1261 [inline] __down_write_common kernel/locking/rwsem.c:1258 [inline] __down_write kernel/locking/rwsem.c:1270 [inline] down_write+0x132/0x150 kernel/locking/rwsem.c:1407 inode_lock include/linux/fs.h:773 [inline] __generic_file_fsync+0x82/0x190 fs/libfs.c:1080 fat_file_fsync+0x5b/0x200 fs/fat/file.c:190 generic_write_sync include/linux/fs.h:2737 [inline] dio_complete+0x4e1/0xa00 fs/direct-io.c:310 process_one_work+0x84c/0x13b0 kernel/workqueue.c:2275 worker_thread+0x598/0xf80 kernel/workqueue.c:2421 kthread+0x36f/0x450 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 INFO: task syz-executor.0:22781 blocked for more than 143 seconds. Not tainted 5.11.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:26208 pid:22781 ppid: 5877 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4327 [inline] __schedule+0x8de/0x2170 kernel/sched/core.c:5078 schedule+0xcf/0x270 kernel/sched/core.c:5157 __inode_dio_wait fs/inode.c:2189 [inline] inode_dio_wait+0x1d6/0x210 fs/inode.c:2207 fat_setattr+0x235/0xb60 fs/fat/file.c:498 notify_change+0x748/0xd90 fs/attr.c:336 do_truncate+0xe3/0x190 fs/open.c:64 do_sys_ftruncate+0x4d6/0x680 fs/open.c:195 do_syscall_64+0x2d/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f241a334209 RSP: 002b:00007f2419aa9168 EFLAGS: 00000246 ORIG_RAX: 000000000000004d RAX: ffffffffffffffda RBX: 00007f241a446f60 RCX: 00007f241a334209 RDX: 0000000000000000 RSI: 00000000010099b8 RDI: 0000000000000004 RBP: 00007f241a38e161 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc578382df R14: 00007f2419aa9300 R15: 0000000000022000 INFO: task syz-executor.0:22787 blocked for more than 143 seconds. Not tainted 5.11.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:26872 pid:22787 ppid: 5877 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4327 [inline] __schedule+0x8de/0x2170 kernel/sched/core.c:5078 schedule+0xcf/0x270 kernel/sched/core.c:5157 rwsem_down_write_slowpath+0x7e5/0x1200 kernel/locking/rwsem.c:1106 __down_write_common kernel/locking/rwsem.c:1261 [inline] __down_write_common kernel/locking/rwsem.c:1258 [inline] __down_write kernel/locking/rwsem.c:1270 [inline] down_write+0x132/0x150 kernel/locking/rwsem.c:1407 inode_lock include/linux/fs.h:773 [inline] generic_file_write_iter+0x85/0x1c0 mm/filemap.c:3570 call_write_iter include/linux/fs.h:1901 [inline] aio_write+0x2c1/0x680 fs/aio.c:1581 __io_submit_one fs/aio.c:1836 [inline] io_submit_one+0xb48/0x17d0 fs/aio.c:1883 __do_sys_io_submit fs/aio.c:1942 [inline] __se_sys_io_submit fs/aio.c:1912 [inline] __x64_sys_io_submit+0x148/0x290 fs/aio.c:1912 do_syscall_64+0x2d/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f241a334209 RSP: 002b:00007f2419a88168 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 RAX: ffffffffffffffda RBX: 00007f241a447030 RCX: 00007f241a334209 RDX: 0000000020000540 RSI: 0000000000001801 RDI: 00007f241a422000 RBP: 00007f241a38e161 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc578382df R14: 00007f2419a88300 R15: 0000000000022000 INFO: task dio/loop0:22795 blocked for more than 144 seconds. Not tainted 5.11.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:dio/loop0 state:D stack:29216 pid:22795 ppid: 2 flags:0x00004000 Workqueue: dio/loop0 dio_aio_complete_work Call Trace: context_switch kernel/sched/core.c:4327 [inline] __schedule+0x8de/0x2170 kernel/sched/core.c:5078 schedule+0xcf/0x270 kernel/sched/core.c:5157 rwsem_down_write_slowpath+0x7e5/0x1200 kernel/locking/rwsem.c:1106 __down_write_common kernel/locking/rwsem.c:1261 [inline] __down_write_common kernel/locking/rwsem.c:1258 [inline] __down_write kernel/locking/rwsem.c:1270 [inline] down_write+0x132/0x150 kernel/locking/rwsem.c:1407 inode_lock include/linux/fs.h:773 [inline] __generic_file_fsync+0x82/0x190 fs/libfs.c:1080 fat_file_fsync+0x5b/0x200 fs/fat/file.c:190 generic_write_sync include/linux/fs.h:2737 [inline] dio_complete+0x4e1/0xa00 fs/direct-io.c:310 process_one_work+0x84c/0x13b0 kernel/workqueue.c:2275 process_scheduled_works kernel/workqueue.c:2337 [inline] rescuer_thread+0x4fc/0xb80 kernel/workqueue.c:2528 kthread+0x36f/0x450 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 Showing all locks held in the system: 3 locks held by kworker/0:0/5: #0: ffff88801c1dd138 ((wq_completion)dio/loop2){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff88801c1dd138 ((wq_completion)dio/loop2){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff88801c1dd138 ((wq_completion)dio/loop2){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff88801c1dd138 ((wq_completion)dio/loop2){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff88801c1dd138 ((wq_completion)dio/loop2){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88801c1dd138 ((wq_completion)dio/loop2){+.+.}-{0:0}, at: process_one_work+0x771/0x13b0 kernel/workqueue.c:2246 #1: ffffc90000ca7db0 ((work_completion)(&dio->complete_work)){+.+.}-{0:0}, at: process_one_work+0x79e/0x13b0 kernel/workqueue.c:2250 #2: ffff88803a919390 (&sb->s_type->i_mutex_key#21){++++}-{3:3}, at: inode_lock include/linux/fs.h:773 [inline] #2: ffff88803a919390 (&sb->s_type->i_mutex_key#21){++++}-{3:3}, at: __generic_file_fsync+0x82/0x190 fs/libfs.c:1080 1 lock held by khungtaskd/1586: #0: ffffffff8a76ac00 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6259 4 locks held by klogd/4780: #0: ffff8880b9f50c18 (&rq->lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1320 [inline] #0: ffff8880b9f50c18 (&rq->lock){-.-.}-{2:2}, at: __schedule+0x21c/0x2170 kernel/sched/core.c:4995 #1: ffff8880b9f20088 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x30b/0x440 kernel/sched/psi.c:833 #2: ffff888024872518 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0x98/0x14a0 kernel/sched/core.c:3349 #3: ffff8880b9f50c18 (&rq->lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1320 [inline] #3: ffff8880b9f50c18 (&rq->lock){-.-.}-{2:2}, at: ttwu_queue kernel/sched/core.c:3188 [inline] #3: ffff8880b9f50c18 (&rq->lock){-.-.}-{2:2}, at: try_to_wake_up+0x5e6/0x14a0 kernel/sched/core.c:3468 2 locks held by getty/5106: #0: ffff88814a486098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:266 #1: ffffc900016032e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x1e4/0x1740 drivers/tty/n_tty.c:2155 3 locks held by kworker/0:12/6075: #0: ffff888036887138 ((wq_completion)dio/loop0){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888036887138 ((wq_completion)dio/loop0){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888036887138 ((wq_completion)dio/loop0){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888036887138 ((wq_completion)dio/loop0){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888036887138 ((wq_completion)dio/loop0){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888036887138 ((wq_completion)dio/loop0){+.+.}-{0:0}, at: process_one_work+0x771/0x13b0 kernel/workqueue.c:2246 #1: ffffc9000236fdb0 ((work_completion)(&dio->complete_work)){+.+.}-{0:0}, at: process_one_work+0x79e/0x13b0 kernel/workqueue.c:2250 #2: ffff88803918d220 (&sb->s_type->i_mutex_key#21){++++}-{3:3}, at: inode_lock include/linux/fs.h:773 [inline] #2: ffff88803918d220 (&sb->s_type->i_mutex_key#21){++++}-{3:3}, at: __generic_file_fsync+0x82/0x190 fs/libfs.c:1080 2 locks held by syz-executor.0/22781: #0: ffff888032910460 (sb_writers#13){.+.+}-{0:0}, at: do_syscall_64+0x2d/0x40 arch/x86/entry/common.c:46 #1: ffff88803918d220 (&sb->s_type->i_mutex_key#21){++++}-{3:3}, at: inode_lock include/linux/fs.h:773 [inline] #1: ffff88803918d220 (&sb->s_type->i_mutex_key#21){++++}-{3:3}, at: do_truncate+0xd4/0x190 fs/open.c:62 1 lock held by syz-executor.0/22787: #0: ffff88803918d220 (&sb->s_type->i_mutex_key#21){++++}-{3:3}, at: inode_lock include/linux/fs.h:773 [inline] #0: ffff88803918d220 (&sb->s_type->i_mutex_key#21){++++}-{3:3}, at: generic_file_write_iter+0x85/0x1c0 mm/filemap.c:3570 3 locks held by dio/loop0/22795: #0: ffff888036887138 ((wq_completion)dio/loop0){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888036887138 ((wq_completion)dio/loop0){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888036887138 ((wq_completion)dio/loop0){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888036887138 ((wq_completion)dio/loop0){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888036887138 ((wq_completion)dio/loop0){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888036887138 ((wq_completion)dio/loop0){+.+.}-{0:0}, at: process_one_work+0x771/0x13b0 kernel/workqueue.c:2246 #1: ffffc9000904fd30 ((work_completion)(&dio->complete_work)){+.+.}-{0:0}, at: process_one_work+0x79e/0x13b0 kernel/workqueue.c:2250 #2: ffff88803918d220 (&sb->s_type->i_mutex_key#21){++++}-{3:3}, at: inode_lock include/linux/fs.h:773 [inline] #2: ffff88803918d220 (&sb->s_type->i_mutex_key#21){++++}-{3:3}, at: __generic_file_fsync+0x82/0x190 fs/libfs.c:1080 1 lock held by rm/28498: ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1586 Comm: khungtaskd Not tainted 5.11.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x9a/0xcc lib/dump_stack.c:120 nmi_cpu_backtrace.cold+0x30/0x99 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x11f/0x170 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0x951/0xc20 kernel/hung_task.c:294 kthread+0x36f/0x450 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 28504 Comm: dhcpcd-run-hook Not tainted 5.11.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 RIP: 0010:stack_trace_consume_entry+0xab/0x160 kernel/stacktrace.c:92 Code: c0 03 38 d0 7c 08 84 d2 0f 85 90 00 00 00 8b 43 0c 85 c0 75 53 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 80 3c 02 00 <0f> 85 92 00 00 00 8d 45 01 89 43 10 48 8b 03 48 8d 2c e8 48 b8 00 RSP: 0018:ffffc90001adf3f8 EFLAGS: 00000246 RAX: dffffc0000000000 RBX: ffffc90001adf4d0 RCX: 0000000000000000 RDX: 1ffff9200035be9a RSI: ffffffff81a0da1b RDI: ffffc90001adf4dc RBP: 0000000000000000 R08: ffffffff8caedf82 R09: ffffffff8caedf86 R10: 0000000000076082 R11: 0000000000000001 R12: ffffc90001adf4d0 R13: 0000000000000000 R14: ffff888029191c00 R15: 0000000000000246 FS: 00007f0aa12f8800(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0aa15d2e3c CR3: 0000000025b29000 CR4: 0000000000350ee0 Call Trace: arch_stack_walk+0x6d/0xe0 arch/x86/kernel/stacktrace.c:27 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track+0x1c/0x30 mm/kasan/common.c:46 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:356 ____kasan_slab_free+0xe1/0x110 mm/kasan/common.c:362 kasan_slab_free include/linux/kasan.h:192 [inline] slab_free_hook mm/slub.c:1547 [inline] slab_free_freelist_hook+0x5d/0x150 mm/slub.c:1580 slab_free mm/slub.c:3143 [inline] kfree+0xdb/0x3b0 mm/slub.c:4139 tomoyo_check_open_permission+0x143/0x2c0 security/tomoyo/file.c:786 security_file_open+0x43/0x400 security/security.c:1576 do_dentry_open+0x30d/0xfb0 fs/open.c:804 do_open fs/namei.c:3254 [inline] path_openat+0x129c/0x2190 fs/namei.c:3371 do_filp_open+0x16d/0x390 fs/namei.c:3398 do_sys_openat2+0x11e/0x360 fs/open.c:1172 do_sys_open fs/open.c:1188 [inline] __do_sys_openat fs/open.c:1204 [inline] __se_sys_openat fs/open.c:1199 [inline] __x64_sys_openat+0x11b/0x1d0 fs/open.c:1199 do_syscall_64+0x2d/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f0aa1484697 Code: 25 00 00 41 00 3d 00 00 41 00 74 37 64 8b 04 25 18 00 00 00 85 c0 75 5b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 85 00 00 00 48 83 c4 68 5d 41 5c c3 0f 1f RSP: 002b:00007fff3d236250 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000556c6eba3910 RCX: 00007f0aa1484697 RDX: 0000000000080000 RSI: 0000556c6ebabda0 RDI: 00000000ffffff9c RBP: 0000556c6ebabda0 R08: 0000000000000000 R09: 3c00000040001201 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080000 R13: 0000556c6ebabda0 R14: 0000000000000000 R15: 0000000000000000