ci starts bisection 2023-01-21 00:04:39.723617613 +0000 UTC m=+117631.329014194 bisecting cause commit starting from 7dd4b804e08041ff56c88bdd8da742d14b17ed25 building syzkaller on 1dac8c7a01e2bdd35cb04eb4901ddb157291ac2d ensuring issue is reproducible on original commit 7dd4b804e08041ff56c88bdd8da742d14b17ed25 testing commit 7dd4b804e08041ff56c88bdd8da742d14b17ed25 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: efd6ba0ccafd4d4356650c30c0f8068e945ab30fb8575269ae7b1a41dee3387f run #0: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in corrupted run #9: crashed: INFO: rcu detected stall in corrupted run #10: crashed: INFO: rcu detected stall in corrupted run #11: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #12: crashed: INFO: rcu detected stall in corrupted run #13: crashed: INFO: rcu detected stall in corrupted run #14: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #15: crashed: INFO: rcu detected stall in corrupted run #16: crashed: INFO: rcu detected stall in corrupted run #17: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #18: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #19: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock testing release v6.1 testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 86af248ecfd2790b8e485c1fecef774ca7ce075b7bfba076a8d03562d3094d36 run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #9: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 11bd7a77ff17318116723a712aad003e676284c95631b0b3a24044275e7a2e96 run #0: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in corrupted run #9: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8e96bc1fe580b761f7a869aa89552c516eae2f74f9a1b90f1520605330cd71eb run #0: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #1: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #2: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #3: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #4: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #5: crashed: INFO: task hung in unregister_shrinker run #6: crashed: INFO: task hung in unregister_shrinker run #7: crashed: INFO: task hung in unregister_shrinker run #8: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #9: crashed: INFO: task hung in unregister_shrinker testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 85f08c9b43c8ecedaafd7ae022f85d082fd7308eed83262248d3c279504da025 run #0: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #1: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #2: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #3: crashed: INFO: task hung in unregister_shrinker run #4: crashed: INFO: task hung in xfs_buf_delwri_pushbuf run #5: crashed: INFO: task hung in unregister_shrinker run #6: crashed: INFO: task hung in unregister_shrinker run #7: crashed: INFO: task hung in unregister_shrinker run #8: crashed: INFO: task hung in unregister_shrinker run #9: crashed: INFO: task hung in unregister_shrinker testing release v5.17 testing commit f443e374ae131c168a065ea1748feac6b2e76613 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0ffe704094e21a41b8eb4ad235d89a3d8f46693fe3e93c1b63dffd5c801265f3 run #0: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #1: crashed: INFO: task hung in unregister_shrinker run #2: crashed: INFO: task hung in xfs_buf_delwri_pushbuf run #3: crashed: INFO: task hung in unregister_shrinker run #4: crashed: INFO: task hung in unregister_shrinker run #5: crashed: INFO: task hung in unregister_shrinker run #6: crashed: INFO: task hung in unregister_shrinker run #7: crashed: INFO: task hung in unregister_shrinker run #8: crashed: INFO: task hung in unregister_shrinker run #9: crashed: INFO: task hung in unregister_shrinker testing release v5.16 testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 941c6626e8d0189fe7ca36ff05643d78acea807001eb78055fac25245f217182 all runs: OK # git bisect start f443e374ae131c168a065ea1748feac6b2e76613 df0cc57e057f18e44dac8e6c18aba47ab53202f9 Bisecting: 6995 revisions left to test after this (roughly 13 steps) [22ef12195e13c5ec58320dbf99ef85059a2c0820] Merge tag 'staging-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 22ef12195e13c5ec58320dbf99ef85059a2c0820 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9aefdce06072a8ad68a3817e937345f9e50834801f07de0579882742220cebec all runs: OK # git bisect good 22ef12195e13c5ec58320dbf99ef85059a2c0820 Bisecting: 3520 revisions left to test after this (roughly 12 steps) [51620150ca2df62f8ea472ab8962be590c957288] cifs: update internal module number testing commit 51620150ca2df62f8ea472ab8962be590c957288 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3901ac4d325065718193eaf962a33cb4a1fef677af9085ebc8946e1f008a40ea run #0: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #1: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #2: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #3: crashed: INFO: task hung in unregister_shrinker run #4: crashed: INFO: task hung in unregister_shrinker run #5: crashed: INFO: task hung in unregister_shrinker run #6: crashed: INFO: task hung in unregister_shrinker run #7: crashed: INFO: task hung in unregister_shrinker run #8: crashed: INFO: task hung in unregister_shrinker run #9: crashed: INFO: task hung in xfs_qm_dqfree_one # git bisect bad 51620150ca2df62f8ea472ab8962be590c957288 Bisecting: 1737 revisions left to test after this (roughly 11 steps) [3fb561b1e0bf4c75bc5f4d799845b08fa5ab3853] Merge tag 'mips_5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux testing commit 3fb561b1e0bf4c75bc5f4d799845b08fa5ab3853 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c9f15267d1ddeb387933f50f9930e35d6c6a0928a2e4d05381a55e1777d956e9 run #0: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #1: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #2: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #3: crashed: INFO: task hung in unregister_shrinker run #4: crashed: INFO: task hung in unregister_shrinker run #5: crashed: INFO: task hung in unregister_shrinker run #6: crashed: INFO: task hung in unregister_shrinker run #7: crashed: INFO: task hung in unregister_shrinker run #8: crashed: INFO: task hung in unregister_shrinker run #9: crashed: INFO: task hung in unregister_shrinker # git bisect bad 3fb561b1e0bf4c75bc5f4d799845b08fa5ab3853 Bisecting: 859 revisions left to test after this (roughly 10 steps) [147cc5838c0f5c76e908b816e924ca378e0d4735] Merge tag 'irq-core-2022-01-13' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 147cc5838c0f5c76e908b816e924ca378e0d4735 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fce1ffdab868050064fe4accef98d3a92c9f08b3d6e1ee9bd08e9a4acfee0efb run #0: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #1: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #2: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #3: crashed: INFO: task hung in unregister_shrinker run #4: crashed: INFO: task hung in unregister_shrinker run #5: crashed: INFO: task hung in unregister_shrinker run #6: crashed: INFO: task hung in unregister_shrinker run #7: crashed: INFO: task hung in unregister_shrinker run #8: crashed: INFO: task hung in unregister_shrinker run #9: crashed: INFO: task hung in unregister_shrinker # git bisect bad 147cc5838c0f5c76e908b816e924ca378e0d4735 Bisecting: 424 revisions left to test after this (roughly 9 steps) [3acbdbf42e943d85174401357a6b6243479d4c76] Merge tag 'libnvdimm-for-5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm testing commit 3acbdbf42e943d85174401357a6b6243479d4c76 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6d3caddbd14b2c492068516ccd8be92431114f670038a071dfe5fd06ef16a873 run #0: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #1: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #2: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #3: crashed: INFO: task hung in unregister_shrinker run #4: crashed: INFO: task hung in unregister_shrinker run #5: crashed: INFO: task hung in unregister_shrinker run #6: crashed: INFO: task hung in unregister_shrinker run #7: crashed: INFO: task hung in unregister_shrinker run #8: crashed: INFO: task hung in unregister_shrinker run #9: crashed: INFO: task hung in xfs_buf_delwri_pushbuf # git bisect bad 3acbdbf42e943d85174401357a6b6243479d4c76 Bisecting: 211 revisions left to test after this (roughly 8 steps) [57ea81971b7296b42fc77424af44c5915d3d4ae2] Merge tag 'usb-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit 57ea81971b7296b42fc77424af44c5915d3d4ae2 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 100f45432388a90fe6207ead62507be013aa2588904c44bf419eb2f724aabee0 all runs: OK # git bisect good 57ea81971b7296b42fc77424af44c5915d3d4ae2 Bisecting: 106 revisions left to test after this (roughly 7 steps) [8975f8974888b3cd25aa8cf9eba24edbb9230bb2] Merge tag 'fuse-update-5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse testing commit 8975f8974888b3cd25aa8cf9eba24edbb9230bb2 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5e5b65060762d62a84bb0544d8d3fd1d27ff1fc5e0bf8df13a935c6b6c789bb4 all runs: OK # git bisect good 8975f8974888b3cd25aa8cf9eba24edbb9230bb2 Bisecting: 53 revisions left to test after this (roughly 6 steps) [ecd1a5f62eed35d812de8fe20703e21b551c6560] cachefiles: Allow cachefiles to actually function testing commit ecd1a5f62eed35d812de8fe20703e21b551c6560 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4f7979dad104c1bffb687ac17b2f531c62534e6e856841d673e2916b4a84cf73 all runs: OK # git bisect good ecd1a5f62eed35d812de8fe20703e21b551c6560 Bisecting: 26 revisions left to test after this (roughly 5 steps) [de2051147771017a61b62c02fd4e883c9b07712d] fsdax: shift partition offset handling into the file systems testing commit de2051147771017a61b62c02fd4e883c9b07712d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 168e78f80ec17c0c758be8dee0a26a7f2afdc2b1fc437228e3ac93254d10602f run #0: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #1: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #2: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #3: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #4: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #5: crashed: INFO: task hung in unregister_shrinker run #6: crashed: INFO: task hung in unregister_shrinker run #7: crashed: INFO: task hung in unregister_shrinker run #8: crashed: INFO: task hung in xfs_buf_delwri_pushbuf run #9: crashed: INFO: task hung in xfs_qm_dqfree_one # git bisect bad de2051147771017a61b62c02fd4e883c9b07712d Bisecting: 13 revisions left to test after this (roughly 4 steps) [9dc2f9cdc63e7db82b6b2ec17894ca1b254f5e5d] fsdax: remove a pointless __force cast in copy_cow_page_dax testing commit 9dc2f9cdc63e7db82b6b2ec17894ca1b254f5e5d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: dccfe9a2c48aea0368800caf3ce7f93568287d5a6dd4083de91613d74790083f run #0: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #1: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #2: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #3: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #4: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #5: crashed: INFO: task hung in xfs_buf_delwri_pushbuf run #6: crashed: INFO: task hung in unregister_shrinker run #7: crashed: INFO: task hung in xfs_qm_dqfree_one run #8: crashed: INFO: task hung in xfs_buf_delwri_pushbuf run #9: crashed: INFO: task hung in unregister_shrinker # git bisect bad 9dc2f9cdc63e7db82b6b2ec17894ca1b254f5e5d Bisecting: 6 revisions left to test after this (roughly 3 steps) [586f61682816f0cf7865b2dab7210b8f5339f834] dax: remove the pgmap sanity checks in generic_fsdax_supported testing commit 586f61682816f0cf7865b2dab7210b8f5339f834 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6267d5c7f905f94c8fc5765abecb4541238aef1c9ee9e78bc239cbca7c21fb02 all runs: OK # git bisect good 586f61682816f0cf7865b2dab7210b8f5339f834 Bisecting: 3 revisions left to test after this (roughly 2 steps) [7b0800d00dae8c897398abaf61e82db0d67d7afc] dax: remove dax_capable testing commit 7b0800d00dae8c897398abaf61e82db0d67d7afc gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 893672dba26f780b24908dcdf98044a1449d40dae52fbff9eca2a218c943c5ed run #0: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #1: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #2: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #3: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #4: crashed: INFO: task hung in unregister_shrinker run #5: crashed: INFO: task hung in unregister_shrinker run #6: crashed: INFO: task hung in unregister_shrinker run #7: crashed: INFO: task hung in unregister_shrinker run #8: crashed: INFO: task hung in unregister_shrinker run #9: crashed: INFO: task hung in unregister_shrinker # git bisect bad 7b0800d00dae8c897398abaf61e82db0d67d7afc Bisecting: 0 revisions left to test after this (roughly 1 step) [679a99495b8fda800037b25af8cd990eb7dd72c9] xfs: factor out a xfs_setup_dax_always helper testing commit 679a99495b8fda800037b25af8cd990eb7dd72c9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1783c07b1489ddeb3cb32cae381d4cabe2fe333a267d8f89960ea303eb3412e0 run #0: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #1: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #2: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #3: crashed: INFO: task hung in unregister_shrinker run #4: crashed: INFO: task hung in unregister_shrinker run #5: crashed: INFO: task hung in unregister_shrinker run #6: crashed: INFO: task hung in unregister_shrinker run #7: crashed: INFO: task hung in unregister_shrinker run #8: crashed: INFO: task hung in unregister_shrinker run #9: crashed: INFO: task hung in unregister_shrinker # git bisect bad 679a99495b8fda800037b25af8cd990eb7dd72c9 Bisecting: 0 revisions left to test after this (roughly 0 steps) [0c445871388f4bac74ea74e8c7a12c6c05c6a427] dax: move the partition alignment check into fs_dax_get_by_bdev testing commit 0c445871388f4bac74ea74e8c7a12c6c05c6a427 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ee918ee921d43e6ac38b869beb176e34dce8048458eefb1038ca1e3219bfb1db all runs: OK # git bisect good 0c445871388f4bac74ea74e8c7a12c6c05c6a427 679a99495b8fda800037b25af8cd990eb7dd72c9 is the first bad commit commit 679a99495b8fda800037b25af8cd990eb7dd72c9 Author: Christoph Hellwig Date: Mon Nov 29 11:21:41 2021 +0100 xfs: factor out a xfs_setup_dax_always helper Factor out another DAX setup helper to simplify future changes. Also move the experimental warning after the checks to not clutter the log too much if the setup failed. Signed-off-by: Christoph Hellwig Reviewed-by: Dan Williams Reviewed-by: Darrick J. Wong Link: https://lore.kernel.org/r/20211129102203.2243509-8-hch@lst.de Signed-off-by: Dan Williams fs/xfs/xfs_super.c | 47 ++++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) culprit signature: 1783c07b1489ddeb3cb32cae381d4cabe2fe333a267d8f89960ea303eb3412e0 parent signature: ee918ee921d43e6ac38b869beb176e34dce8048458eefb1038ca1e3219bfb1db revisions tested: 21, total time: 5h9m31.779292386s (build: 2h24m18.034198986s, test: 2h41m17.240713186s) first bad commit: 679a99495b8fda800037b25af8cd990eb7dd72c9 xfs: factor out a xfs_setup_dax_always helper recipients (to): ["dan.j.williams@intel.com" "djwong@kernel.org" "hch@lst.de"] recipients (cc): [] crash: INFO: task hung in unregister_shrinker INFO: task syz-executor.1:4086 blocked for more than 143 seconds. Not tainted 5.16.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:23888 pid: 4086 ppid: 1 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4972 [inline] __schedule+0xa5a/0x48f0 kernel/sched/core.c:6253 schedule+0xd2/0x260 kernel/sched/core.c:6326 rwsem_down_write_slowpath+0x761/0x1130 kernel/locking/rwsem.c:1117 __down_write_common kernel/locking/rwsem.c:1272 [inline] __down_write_common kernel/locking/rwsem.c:1269 [inline] __down_write kernel/locking/rwsem.c:1281 [inline] down_write+0x135/0x150 kernel/locking/rwsem.c:1528 unregister_shrinker mm/vmscan.c:678 [inline] unregister_shrinker+0x5c/0x2b0 mm/vmscan.c:673 xfs_unmountfs+0xfd/0x1a0 fs/xfs/xfs_mount.c:1071 xfs_fs_put_super+0x62/0x370 fs/xfs/xfs_super.c:1107 generic_shutdown_super+0x12e/0x3a0 fs/super.c:465 kill_block_super+0x90/0xd0 fs/super.c:1397 deactivate_locked_super+0x7b/0x130 fs/super.c:335 cleanup_mnt+0x324/0x4d0 fs/namespace.c:1137 task_work_run+0xc0/0x160 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop kernel/entry/common.c:175 [inline] exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300 do_syscall_64+0x42/0x80 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f5f5b84d537 RSP: 002b:00007ffc57f76c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5f5b84d537 RDX: 00007ffc57f76cea RSI: 000000000000000a RDI: 00007ffc57f76ce0 RBP: 00007ffc57f76ce0 R08: 00000000ffffffff R09: 00007ffc57f76ab0 R10: 0000555555f418b3 R11: 0000000000000246 R12: 00007f5f5b8a6b24 R13: 00007ffc57f77da0 R14: 0000555555f41810 R15: 00007ffc57f77de0 INFO: task syz-executor.5:6548 blocked for more than 143 seconds. Not tainted 5.16.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.5 state:D stack:25712 pid: 6548 ppid: 4091 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4972 [inline] __schedule+0xa5a/0x48f0 kernel/sched/core.c:6253 schedule+0xd2/0x260 kernel/sched/core.c:6326 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385 __mutex_lock_common kernel/locking/mutex.c:680 [inline] __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740 xfs_qm_dqfree_one+0x68/0x160 fs/xfs/xfs_qm.c:1600 xfs_qm_shrink_scan fs/xfs/xfs_qm.c:523 [inline] xfs_qm_shrink_scan+0x1bf/0x340 fs/xfs/xfs_qm.c:495 do_shrink_slab+0x33b/0x940 mm/vmscan.c:773 shrink_slab+0x151/0x580 mm/vmscan.c:933 drop_slab_node+0x86/0x110 mm/vmscan.c:968 drop_slab+0x69/0xd0 mm/vmscan.c:978 drop_caches_sysctl_handler+0x6d/0x80 fs/drop_caches.c:66 proc_sys_call_handler+0x35b/0x4f0 fs/proc/proc_sysctl.c:586 call_write_iter include/linux/fs.h:2162 [inline] do_iter_readv_writev+0x336/0x6d0 fs/read_write.c:725 do_iter_write+0x12a/0x620 fs/read_write.c:851 iter_file_splice_write+0x598/0xaf0 fs/splice.c:689 do_splice_from fs/splice.c:767 [inline] direct_splice_actor+0xfb/0x1c0 fs/splice.c:936 splice_direct_to_actor+0x2dd/0x7c0 fs/splice.c:891 do_splice_direct+0x154/0x260 fs/splice.c:979 do_sendfile+0x91e/0x1110 fs/read_write.c:1245 __do_sys_sendfile64 fs/read_write.c:1304 [inline] __se_sys_sendfile64 fs/read_write.c:1296 [inline] __x64_sys_sendfile64+0x11a/0x1d0 fs/read_write.c:1296 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f9e892d80c9 RSP: 002b:00007f9e8864a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f9e893f7f80 RCX: 00007f9e892d80c9 RDX: 0000000020002080 RSI: 0000000000000004 RDI: 0000000000000005 RBP: 00007f9e89333ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000870 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffeff146f4f R14: 00007f9e8864a300 R15: 0000000000022000 INFO: task syz-executor.2:6563 blocked for more than 143 seconds. Not tainted 5.16.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.2 state:D stack:26032 pid: 6563 ppid: 4078 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4972 [inline] __schedule+0xa5a/0x48f0 kernel/sched/core.c:6253 schedule+0xd2/0x260 kernel/sched/core.c:6326 rwsem_down_write_slowpath+0x761/0x1130 kernel/locking/rwsem.c:1117 __down_write_common kernel/locking/rwsem.c:1272 [inline] __down_write_common kernel/locking/rwsem.c:1269 [inline] __down_write kernel/locking/rwsem.c:1281 [inline] down_write+0x135/0x150 kernel/locking/rwsem.c:1528 register_shrinker_prepared mm/vmscan.c:653 [inline] register_shrinker+0x2f/0x120 mm/vmscan.c:665 xfs_qm_init_quotainfo+0x589/0x970 fs/xfs/xfs_qm.c:689 xfs_qm_mount_quotas+0x44/0x4c0 fs/xfs/xfs_qm.c:1421 xfs_mountfs+0x1714/0x1ad0 fs/xfs/xfs_mount.c:918 xfs_fs_fill_super+0xe99/0x19b0 fs/xfs/xfs_super.c:1658 get_tree_bdev+0x398/0x680 fs/super.c:1295 vfs_get_tree+0x7f/0x2c0 fs/super.c:1500 do_new_mount fs/namespace.c:2988 [inline] path_mount+0x7e8/0x1a40 fs/namespace.c:3318 do_mount fs/namespace.c:3331 [inline] __do_sys_mount fs/namespace.c:3539 [inline] __se_sys_mount fs/namespace.c:3516 [inline] __x64_sys_mount+0x1f5/0x260 fs/namespace.c:3516 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f3ca67675fa RSP: 002b:00007f3ca5ad7f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 000000000000975f RCX: 00007f3ca67675fa RDX: 0000000020000040 RSI: 0000000020000180 RDI: 00007f3ca5ad7fe0 RBP: 00007f3ca5ad8020 R08: 00007f3ca5ad8020 R09: 0000000000008012 R10: 0000000000008012 R11: 0000000000000246 R12: 0000000020000040 R13: 0000000020000180 R14: 00007f3ca5ad7fe0 R15: 0000000020000080 INFO: task syz-executor.3:6569 blocked for more than 144 seconds. Not tainted 5.16.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:25904 pid: 6569 ppid: 4081 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4972 [inline] __schedule+0xa5a/0x48f0 kernel/sched/core.c:6253 schedule+0xd2/0x260 kernel/sched/core.c:6326 schedule_timeout+0x19d/0x250 kernel/time/timer.c:1857 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x174/0x270 kernel/sched/completion.c:138 xfs_buf_iowait+0x56/0x3c0 fs/xfs/xfs_buf.c:1573 xfs_buf_delwri_pushbuf+0x207/0x460 fs/xfs/xfs_buf.c:2251 xfs_qm_flush_one+0x1fb/0x2b0 fs/xfs/xfs_qm.c:1249 xfs_qm_dquot_walk.isra.0+0x19e/0x2c0 fs/xfs/xfs_qm.c:86 xfs_qm_quotacheck+0x500/0x7c0 fs/xfs/xfs_qm.c:1328 xfs_qm_mount_quotas+0xc6/0x4c0 fs/xfs/xfs_qm.c:1434 xfs_mountfs+0x1714/0x1ad0 fs/xfs/xfs_mount.c:918 xfs_fs_fill_super+0xe99/0x19b0 fs/xfs/xfs_super.c:1658 get_tree_bdev+0x398/0x680 fs/super.c:1295 vfs_get_tree+0x7f/0x2c0 fs/super.c:1500 do_new_mount fs/namespace.c:2988 [inline] path_mount+0x7e8/0x1a40 fs/namespace.c:3318 do_mount fs/namespace.c:3331 [inline] __do_sys_mount fs/namespace.c:3539 [inline] __se_sys_mount fs/namespace.c:3516 [inline] __x64_sys_mount+0x1f5/0x260 fs/namespace.c:3516 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f07035705fa RSP: 002b:00007f07028e0f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 000000000000975f RCX: 00007f07035705fa RDX: 0000000020000040 RSI: 0000000020000180 RDI: 00007f07028e0fe0 RBP: 00007f07028e1020 R08: 00007f07028e1020 R09: 0000000000008012 R10: 0000000000008012 R11: 0000000000000246 R12: 0000000020000040 R13: 0000000020000180 R14: 00007f07028e0fe0 R15: 0000000020000080 INFO: task syz-executor.0:6594 blocked for more than 144 seconds. Not tainted 5.16.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:27240 pid: 6594 ppid: 4085 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4972 [inline] __schedule+0xa5a/0x48f0 kernel/sched/core.c:6253 schedule+0xd2/0x260 kernel/sched/core.c:6326 rwsem_down_write_slowpath+0x761/0x1130 kernel/locking/rwsem.c:1117 __down_write_common kernel/locking/rwsem.c:1272 [inline] __down_write_common kernel/locking/rwsem.c:1269 [inline] __down_write kernel/locking/rwsem.c:1281 [inline] down_write+0x135/0x150 kernel/locking/rwsem.c:1528 prealloc_memcg_shrinker mm/vmscan.c:359 [inline] prealloc_shrinker+0xf5/0x6a0 mm/vmscan.c:620 alloc_super+0x7f4/0xa10 fs/super.c:270 sget_fc+0x10e/0x700 fs/super.c:533 get_tree_bdev+0x17d/0x680 fs/super.c:1265 vfs_get_tree+0x7f/0x2c0 fs/super.c:1500 do_new_mount fs/namespace.c:2988 [inline] path_mount+0x7e8/0x1a40 fs/namespace.c:3318 do_mount fs/namespace.c:3331 [inline] __do_sys_mount fs/namespace.c:3539 [inline] __se_sys_mount fs/namespace.c:3516 [inline] __x64_sys_mount+0x1f5/0x260 fs/namespace.c:3516 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fbd71eef5fa RSP: 002b:00007fbd7125ff88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 000000000000975f RCX: 00007fbd71eef5fa RDX: 0000000020000040 RSI: 0000000020000180 RDI: 00007fbd7125ffe0 RBP: 00007fbd71260020 R08: 00007fbd71260020 R09: 0000000000008012 R10: 0000000000008012 R11: 0000000000000246 R12: 0000000020000040 R13: 0000000020000180 R14: 00007fbd7125ffe0 R15: 0000000020000080 INFO: task syz-executor.4:6596 blocked for more than 144 seconds. Not tainted 5.16.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.4 state:D stack:27240 pid: 6596 ppid: 4098 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4972 [inline] __schedule+0xa5a/0x48f0 kernel/sched/core.c:6253 schedule+0xd2/0x260 kernel/sched/core.c:6326 rwsem_down_write_slowpath+0x761/0x1130 kernel/locking/rwsem.c:1117 __down_write_common kernel/locking/rwsem.c:1272 [inline] __down_write_common kernel/locking/rwsem.c:1269 [inline] __down_write kernel/locking/rwsem.c:1281 [inline] down_write+0x135/0x150 kernel/locking/rwsem.c:1528 prealloc_memcg_shrinker mm/vmscan.c:359 [inline] prealloc_shrinker+0xf5/0x6a0 mm/vmscan.c:620 alloc_super+0x7f4/0xa10 fs/super.c:270 sget_fc+0x10e/0x700 fs/super.c:533 get_tree_bdev+0x17d/0x680 fs/super.c:1265 vfs_get_tree+0x7f/0x2c0 fs/super.c:1500 do_new_mount fs/namespace.c:2988 [inline] path_mount+0x7e8/0x1a40 fs/namespace.c:3318 do_mount fs/namespace.c:3331 [inline] __do_sys_mount fs/namespace.c:3539 [inline] __se_sys_mount fs/namespace.c:3516 [inline] __x64_sys_mount+0x1f5/0x260 fs/namespace.c:3516 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f4d19e395fa RSP: 002b:00007f4d191a9f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 000000000000975f RCX: 00007f4d19e395fa RDX: 0000000020000040 RSI: 0000000020000180 RDI: 00007f4d191a9fe0 RBP: 00007f4d191aa020 R08: 00007f4d191aa020 R09: 0000000000008012 R10: 0000000000008012 R11: 0000000000000246 R12: 0000000020000040 R13: 0000000020000180 R14: 00007f4d191a9fe0 R15: 0000000020000080 Showing all locks held in the system: 1 lock held by khungtaskd/27: #0: ffffffff8b37cac0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6458 5 locks held by kworker/u4:4/1120: 2 locks held by getty/3285: #0: ffff88814a4dd098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252 #1: ffffc900027a32e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x9e1/0xee0 drivers/tty/n_tty.c:2113 2 locks held by syz-executor.1/4086: #0: ffff888060d760e0 (&type->s_umount_key#50){++++}-{3:3}, at: deactivate_super+0x5f/0x80 fs/super.c:365 #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: unregister_shrinker mm/vmscan.c:678 [inline] #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: unregister_shrinker+0x5c/0x2b0 mm/vmscan.c:673 3 locks held by syz-executor.5/6548: #0: ffff88807e66e460 (sb_writers#4){.+.+}-{0:0}, at: __do_sys_sendfile64 fs/read_write.c:1304 [inline] #0: ffff88807e66e460 (sb_writers#4){.+.+}-{0:0}, at: __se_sys_sendfile64 fs/read_write.c:1296 [inline] #0: ffff88807e66e460 (sb_writers#4){.+.+}-{0:0}, at: __x64_sys_sendfile64+0x11a/0x1d0 fs/read_write.c:1296 #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: shrink_slab+0xb3/0x580 mm/vmscan.c:923 #2: ffff888078946958 (&qinf->qi_tree_lock){+.+.}-{3:3}, at: xfs_qm_dqfree_one+0x68/0x160 fs/xfs/xfs_qm.c:1600 2 locks held by syz-executor.2/6563: #0: ffff888063b800e0 (&type->s_umount_key#48/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa10 fs/super.c:229 #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: register_shrinker_prepared mm/vmscan.c:653 [inline] #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: register_shrinker+0x2f/0x120 mm/vmscan.c:665 3 locks held by syz-executor.3/6569: #0: ffff88801c9460e0 (&type->s_umount_key#48/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa10 fs/super.c:229 #1: ffff888078946958 (&qinf->qi_tree_lock){+.+.}-{3:3}, at: xfs_qm_dquot_walk.isra.0+0xe6/0x2c0 fs/xfs/xfs_qm.c:73 #2: ffff888019c455d8 (&dqp->q_qlock){+.+.}-{3:3}, at: xfs_dqlock fs/xfs/xfs_dquot.h:133 [inline] #2: ffff888019c455d8 (&dqp->q_qlock){+.+.}-{3:3}, at: xfs_qm_flush_one+0x96/0x2b0 fs/xfs/xfs_qm.c:1225 3 locks held by syz-executor.0/6594: #0: ffff88801a434118 (&bdev->bd_fsfreeze_mutex){+.+.}-{3:3}, at: get_tree_bdev+0xdd/0x680 fs/super.c:1255 #1: ffff88807ceaa0e0 (&type->s_umount_key#48/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa10 fs/super.c:229 #2: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_memcg_shrinker mm/vmscan.c:359 [inline] #2: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_shrinker+0xf5/0x6a0 mm/vmscan.c:620 3 locks held by syz-executor.4/6596: #0: ffff888145bd8658 (&bdev->bd_fsfreeze_mutex){+.+.}-{3:3}, at: get_tree_bdev+0xdd/0x680 fs/super.c:1255 #1: ffff88801928e0e0 (&type->s_umount_key#48/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa10 fs/super.c:229 #2: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_memcg_shrinker mm/vmscan.c:359 [inline] #2: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_shrinker+0xf5/0x6a0 mm/vmscan.c:620 2 locks held by syz-executor.5/6598: #0: ffff8880563c60e0 (&type->s_umount_key#23/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa10 fs/super.c:229 #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_memcg_shrinker mm/vmscan.c:359 [inline] #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_shrinker+0xf5/0x6a0 mm/vmscan.c:620 2 locks held by syz-executor.2/6604: #0: ffff88805561a0e0 (&type->s_umount_key#23/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa10 fs/super.c:229 #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_memcg_shrinker mm/vmscan.c:359 [inline] #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_shrinker+0xf5/0x6a0 mm/vmscan.c:620 2 locks held by syz-executor.3/6607: #0: ffff8880555e00e0 (&type->s_umount_key#23/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa10 fs/super.c:229 #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_memcg_shrinker mm/vmscan.c:359 [inline] #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_shrinker+0xf5/0x6a0 mm/vmscan.c:620 2 locks held by syz-executor.4/6610: #0: ffff8880563de0e0 (&type->s_umount_key#23/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa10 fs/super.c:229 #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_memcg_shrinker mm/vmscan.c:359 [inline] #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_shrinker+0xf5/0x6a0 mm/vmscan.c:620 2 locks held by syz-executor.0/6613: #0: ffff888054c280e0 (&type->s_umount_key#23/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa10 fs/super.c:229 #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_memcg_shrinker mm/vmscan.c:359 [inline] #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_shrinker+0xf5/0x6a0 mm/vmscan.c:620 2 locks held by syz-executor.5/6622: #0: ffff888052f3e0e0 (&type->s_umount_key#23/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa10 fs/super.c:229 #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_memcg_shrinker mm/vmscan.c:359 [inline] #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_shrinker+0xf5/0x6a0 mm/vmscan.c:620 2 locks held by syz-executor.2/6626: #0: ffff88807d4cc0e0 (&type->s_umount_key#23/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa10 fs/super.c:229 #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_memcg_shrinker mm/vmscan.c:359 [inline] #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_shrinker+0xf5/0x6a0 mm/vmscan.c:620 2 locks held by syz-executor.3/6630: #0: ffff8880639ba0e0 (&type->s_umount_key#23/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa10 fs/super.c:229 #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_memcg_shrinker mm/vmscan.c:359 [inline] #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_shrinker+0xf5/0x6a0 mm/vmscan.c:620 2 locks held by syz-executor.4/6633: #0: ffff88805dfe60e0 (&type->s_umount_key#23/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa10 fs/super.c:229 #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_memcg_shrinker mm/vmscan.c:359 [inline] #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_shrinker+0xf5/0x6a0 mm/vmscan.c:620 2 locks held by syz-executor.0/6636: #0: ffff8880587d40e0 (&type->s_umount_key#23/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa10 fs/super.c:229 #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_memcg_shrinker mm/vmscan.c:359 [inline] #1: ffffffff8b4649f0 (shrinker_rwsem){++++}-{3:3}, at: prealloc_shrinker+0xf5/0x6a0 mm/vmscan.c:620 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.16.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 nmi_cpu_backtrace.cold+0x30/0xc0 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x11a/0x160 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0x88c/0xbf0 kernel/hung_task.c:295 kthread+0x3ab/0x480 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 4526 Comm: kworker/u4:7 Not tainted 5.16.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:85 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:102 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] RIP: 0010:kasan_check_range+0xde/0x180 mm/kasan/generic.c:189 Code: 74 f2 48 89 c2 b8 01 00 00 00 48 85 d2 75 56 5b 5d 41 5c c3 48 85 d2 74 5e 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 50 80 38 00 <74> f2 eb d4 41 bc 08 00 00 00 48 89 ea 45 29 dc 4d 8d 1c 2c eb 0c RSP: 0018:ffffc900034d7960 EFLAGS: 00000046 RAX: fffffbfff1fb2f50 RBX: fffffbfff1fb2f51 RCX: ffffffff81549236 RDX: fffffbfff1fb2f51 RSI: 0000000000000008 RDI: ffffffff8fd97a80 RBP: fffffbfff1fb2f50 R08: 0000000000000000 R09: ffffffff8fd97a87 R10: fffffbfff1fb2f50 R11: 000000000008008a R12: ffff888076ba8ad8 R13: ffff888076ba8000 R14: 0000000000020000 R15: 0000000000020028 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005574761fd120 CR3: 000000001d06c000 CR4: 0000000000350ef0 Call Trace: instrument_atomic_read include/linux/instrumented.h:71 [inline] test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline] hlock_class kernel/locking/lockdep.c:199 [inline] check_wait_context kernel/locking/lockdep.c:4700 [inline] __lock_acquire+0x3e6/0x54a0 kernel/locking/lockdep.c:4977 lock_acquire kernel/locking/lockdep.c:5637 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602 rcu_lock_acquire include/linux/rcupdate.h:268 [inline] rcu_read_lock include/linux/rcupdate.h:688 [inline] batadv_iv_ogm_slide_own_bcast_window net/batman-adv/bat_iv_ogm.c:755 [inline] batadv_iv_ogm_schedule_buff+0x4d0/0x1030 net/batman-adv/bat_iv_ogm.c:826 batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:869 [inline] batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:862 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x59f/0x8f0 net/batman-adv/bat_iv_ogm.c:1713 process_one_work+0x87f/0x1450 kernel/workqueue.c:2298 worker_thread+0x598/0x1040 kernel/workqueue.c:2445 kthread+0x3ab/0x480 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295