bisecting fixing commit since 830a059cbba6832c11fefc0894c7ec7a27f75734 building syzkaller on 6a81331a1d4c744da9204d02ec88d558f7eea9c9 testing commit 830a059cbba6832c11fefc0894c7ec7a27f75734 with gcc (GCC) 8.4.1 20210217 kernel signature: 014b70af13725b383207500c5b3ff456cf3a10a9e2e2e549246387d779fef40c all runs: crashed: INFO: task hung in nbd_ioctl testing current HEAD 1722257b8ececec9b3b83a8b14058f8209d78071 testing commit 1722257b8ececec9b3b83a8b14058f8209d78071 with gcc (GCC) 8.4.1 20210217 kernel signature: 165515f0ebad471f21edf0f4b83b6ac14d5331faf9e037c68d61a2563750a459 all runs: crashed: INFO: task hung in nbd_ioctl revisions tested: 2, total time: 27m29.377143451s (build: 15m22.723406353s, test: 11m46.714157502s) the crash still happens on HEAD commit msg: Linux 4.19.193 crash: INFO: task hung in nbd_ioctl Bluetooth: hci1: command 0x0406 tx timeout Bluetooth: hci4: command 0x0406 tx timeout Bluetooth: hci5: command 0x0406 tx timeout ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 INFO: task syz-executor.1:9848 blocked for more than 140 seconds. Not tainted 4.19.193-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D27720 9848 8476 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1015 [inline] __mutex_lock+0x4ba/0x1190 kernel/locking/mutex.c:1083 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1098 nbd_start_device_ioctl drivers/block/nbd.c:1278 [inline] __nbd_ioctl drivers/block/nbd.c:1347 [inline] nbd_ioctl+0x2d6/0xb30 drivers/block/nbd.c:1387 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x7ea/0x1790 block/ioctl.c:601 block_ioctl+0xd7/0x130 fs/block_dev.c:1906 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0x196/0x10c0 fs/ioctl.c:688 ksys_ioctl+0x62/0x90 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:710 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x466459 Code: Bad RIP value. RSP: 002b:00007f5632922188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000006 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007fffcde8f38f R14: 00007f5632922300 R15: 0000000000022000 INFO: task syz-executor.1:9879 blocked for more than 140 seconds. Not tainted 4.19.193-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D28552 9879 8476 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1015 [inline] __mutex_lock+0x4ba/0x1190 kernel/locking/mutex.c:1083 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1098 nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x7ea/0x1790 block/ioctl.c:601 block_ioctl+0xd7/0x130 fs/block_dev.c:1906 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0x196/0x10c0 fs/ioctl.c:688 ksys_ioctl+0x62/0x90 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:710 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x466459 Code: Bad RIP value. RSP: 002b:00007f5632901188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 RDX: 00000000000000ff RSI: 000000000000ab09 RDI: 0000000000000006 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 R13: 00007fffcde8f38f R14: 00007f5632901300 R15: 0000000000022000 INFO: task syz-executor.1:9990 blocked for more than 140 seconds. Not tainted 4.19.193-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29216 9990 8476 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 blk_mq_freeze_queue_wait+0x105/0x220 block/blk-mq.c:152 blk_freeze_queue+0x3d/0x60 block/blk-mq.c:181 blk_mq_freeze_queue+0x9/0x10 block/blk-mq.c:190 nbd_add_socket+0x109/0x840 drivers/block/nbd.c:973 __nbd_ioctl drivers/block/nbd.c:1320 [inline] nbd_ioctl+0x4fd/0xb30 drivers/block/nbd.c:1387 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x7ea/0x1790 block/ioctl.c:601 block_ioctl+0xd7/0x130 fs/block_dev.c:1906 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0x196/0x10c0 fs/ioctl.c:688 ksys_ioctl+0x62/0x90 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:710 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x466459 Code: Bad RIP value. RSP: 002b:00007f56328e0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000466459 RDX: 0000000000000004 RSI: 000000000000ab00 RDI: 0000000000000003 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0 R13: 00007fffcde8f38f R14: 00007f56328e0300 R15: 0000000000022000 INFO: task syz-executor.1:9991 blocked for more than 140 seconds. Not tainted 4.19.193-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29304 9991 8476 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1015 [inline] __mutex_lock+0x4ba/0x1190 kernel/locking/mutex.c:1083 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1098 nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x7ea/0x1790 block/ioctl.c:601 block_ioctl+0xd7/0x130 fs/block_dev.c:1906 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0x196/0x10c0 fs/ioctl.c:688 ksys_ioctl+0x62/0x90 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:710 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x466459 Code: Bad RIP value. RSP: 002b:00007f56328bf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 RDX: 0000000000000f53 RSI: 000000000000ab07 RDI: 0000000000000007 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c158 R13: 00007fffcde8f38f R14: 00007f56328bf300 R15: 0000000000022000 INFO: task syz-executor.5:9908 blocked for more than 140 seconds. Not tainted 4.19.193-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D28248 9908 8478 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1015 [inline] __mutex_lock+0x4ba/0x1190 kernel/locking/mutex.c:1083 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1098 nbd_start_device_ioctl drivers/block/nbd.c:1278 [inline] __nbd_ioctl drivers/block/nbd.c:1347 [inline] nbd_ioctl+0x2d6/0xb30 drivers/block/nbd.c:1387 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x7ea/0x1790 block/ioctl.c:601 block_ioctl+0xd7/0x130 fs/block_dev.c:1906 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0x196/0x10c0 fs/ioctl.c:688 ksys_ioctl+0x62/0x90 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:710 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x466459 Code: Bad RIP value. RSP: 002b:00007f1cc521b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000006 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffe28d0554f R14: 00007f1cc521b300 R15: 0000000000022000 INFO: task syz-executor.5:9929 blocked for more than 140 seconds. Not tainted 4.19.193-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D28328 9929 8478 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1015 [inline] __mutex_lock+0x4ba/0x1190 kernel/locking/mutex.c:1083 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1098 nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x7ea/0x1790 block/ioctl.c:601 block_ioctl+0xd7/0x130 fs/block_dev.c:1906 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0x196/0x10c0 fs/ioctl.c:688 ksys_ioctl+0x62/0x90 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:710 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x466459 Code: Bad RIP value. RSP: 002b:00007f1cc51fa188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 RDX: 00000000000000ff RSI: 000000000000ab09 RDI: 0000000000000006 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 R13: 00007ffe28d0554f R14: 00007f1cc51fa300 R15: 0000000000022000 INFO: task syz-executor.5:9992 blocked for more than 140 seconds. Not tainted 4.19.193-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D28168 9992 8478 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 blk_mq_freeze_queue_wait+0x105/0x220 block/blk-mq.c:152 blk_freeze_queue+0x3d/0x60 block/blk-mq.c:181 blk_mq_freeze_queue+0x9/0x10 block/blk-mq.c:190 nbd_add_socket+0x109/0x840 drivers/block/nbd.c:973 __nbd_ioctl drivers/block/nbd.c:1320 [inline] nbd_ioctl+0x4fd/0xb30 drivers/block/nbd.c:1387 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x7ea/0x1790 block/ioctl.c:601 block_ioctl+0xd7/0x130 fs/block_dev.c:1906 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0x196/0x10c0 fs/ioctl.c:688 ksys_ioctl+0x62/0x90 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:710 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x466459 Code: Bad RIP value. RSP: 002b:00007f1cc51d9188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000466459 RDX: 0000000000000004 RSI: 000000000000ab00 RDI: 0000000000000003 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0 R13: 00007ffe28d0554f R14: 00007f1cc51d9300 R15: 0000000000022000 INFO: task syz-executor.5:9994 blocked for more than 140 seconds. Not tainted 4.19.193-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D29304 9994 8478 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1015 [inline] __mutex_lock+0x4ba/0x1190 kernel/locking/mutex.c:1083 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1098 nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x7ea/0x1790 block/ioctl.c:601 block_ioctl+0xd7/0x130 fs/block_dev.c:1906 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0x196/0x10c0 fs/ioctl.c:688 ksys_ioctl+0x62/0x90 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:710 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x466459 Code: Bad RIP value. RSP: 002b:00007f1cc51b8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 0000000000466459 RDX: 0000000000000f53 RSI: 000000000000ab07 RDI: 0000000000000007 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c158 R13: 00007ffe28d0554f R14: 00007f1cc51b8300 R15: 0000000000022000 INFO: task syz-executor.2:9914 blocked for more than 140 seconds. Not tainted 4.19.193-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D27832 9914 8472 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1015 [inline] __mutex_lock+0x4ba/0x1190 kernel/locking/mutex.c:1083 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1098 nbd_start_device_ioctl drivers/block/nbd.c:1278 [inline] __nbd_ioctl drivers/block/nbd.c:1347 [inline] nbd_ioctl+0x2d6/0xb30 drivers/block/nbd.c:1387 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x7ea/0x1790 block/ioctl.c:601 block_ioctl+0xd7/0x130 fs/block_dev.c:1906 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0x196/0x10c0 fs/ioctl.c:688 ksys_ioctl+0x62/0x90 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:710 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x466459 Code: Bad RIP value. RSP: 002b:00007ffa2224c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000006 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffd3692978f R14: 00007ffa2224c300 R15: 0000000000022000 INFO: task syz-executor.2:9942 blocked for more than 140 seconds. Not tainted 4.19.193-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28728 9942 8472 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1015 [inline] __mutex_lock+0x4ba/0x1190 kernel/locking/mutex.c:1083 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1098 nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x7ea/0x1790 block/ioctl.c:601 block_ioctl+0xd7/0x130 fs/block_dev.c:1906 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0x196/0x10c0 fs/ioctl.c:688 ksys_ioctl+0x62/0x90 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:710 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x466459 Code: Bad RIP value. RSP: 002b:00007ffa2222b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 RDX: 00000000000000ff RSI: 000000000000ab09 RDI: 0000000000000006 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 R13: 00007ffd3692978f R14: 00007ffa2222b300 R15: 0000000000022000 Showing all locks held in the system: 1 lock held by khungtaskd/1570: #0: 00000000d24528e7 (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a kernel/locking/lockdep.c:4443 1 lock held by in:imklog/7753: 1 lock held by syz-executor.1/9848: #0: 00000000e03d2c8c (&nbd->config_lock){+.+.}, at: nbd_start_device_ioctl drivers/block/nbd.c:1278 [inline] #0: 00000000e03d2c8c (&nbd->config_lock){+.+.}, at: __nbd_ioctl drivers/block/nbd.c:1347 [inline] #0: 00000000e03d2c8c (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x2d6/0xb30 drivers/block/nbd.c:1387 1 lock held by syz-executor.1/9879: #0: 00000000e03d2c8c (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.1/9990: #0: 00000000e03d2c8c (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.1/9991: #0: 00000000e03d2c8c (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.5/9908: #0: 00000000684a1150 (&nbd->config_lock){+.+.}, at: nbd_start_device_ioctl drivers/block/nbd.c:1278 [inline] #0: 00000000684a1150 (&nbd->config_lock){+.+.}, at: __nbd_ioctl drivers/block/nbd.c:1347 [inline] #0: 00000000684a1150 (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x2d6/0xb30 drivers/block/nbd.c:1387 1 lock held by syz-executor.5/9929: #0: 00000000684a1150 (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.5/9992: #0: 00000000684a1150 (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.5/9994: #0: 00000000684a1150 (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.2/9914: #0: 00000000b6fe06ee (&nbd->config_lock){+.+.}, at: nbd_start_device_ioctl drivers/block/nbd.c:1278 [inline] #0: 00000000b6fe06ee (&nbd->config_lock){+.+.}, at: __nbd_ioctl drivers/block/nbd.c:1347 [inline] #0: 00000000b6fe06ee (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x2d6/0xb30 drivers/block/nbd.c:1387 1 lock held by syz-executor.2/9942: #0: 00000000b6fe06ee (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.2/9993: #0: 00000000b6fe06ee (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.2/9996: #0: 00000000b6fe06ee (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.4/9925: #0: 0000000068c17be6 (&nbd->config_lock){+.+.}, at: nbd_start_device_ioctl drivers/block/nbd.c:1278 [inline] #0: 0000000068c17be6 (&nbd->config_lock){+.+.}, at: __nbd_ioctl drivers/block/nbd.c:1347 [inline] #0: 0000000068c17be6 (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x2d6/0xb30 drivers/block/nbd.c:1387 1 lock held by syz-executor.4/9962: #0: 0000000068c17be6 (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.4/9995: #0: 0000000068c17be6 (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.4/9997: #0: 0000000068c17be6 (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.4/9998: #0: 0000000068c17be6 (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.0/9977: #0: 00000000037f29a4 (&nbd->config_lock){+.+.}, at: nbd_start_device_ioctl drivers/block/nbd.c:1278 [inline] #0: 00000000037f29a4 (&nbd->config_lock){+.+.}, at: __nbd_ioctl drivers/block/nbd.c:1347 [inline] #0: 00000000037f29a4 (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x2d6/0xb30 drivers/block/nbd.c:1387 1 lock held by syz-executor.0/9986: #0: 00000000037f29a4 (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.0/9999: #0: 00000000037f29a4 (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.0/10005: #0: 00000000037f29a4 (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.3/10003: #0: 000000006750a4aa (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.3/10006: #0: 000000006750a4aa (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.3/10007: #0: 000000006750a4aa (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.3/10008: #0: 000000006750a4aa (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.3/10010: #0: 000000006750a4aa (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 1 lock held by syz-executor.3/10011: #0: 000000006750a4aa (&nbd->config_lock){+.+.}, at: nbd_ioctl+0x12a/0xb30 drivers/block/nbd.c:1380 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1570 Comm: khungtaskd Not tainted 4.19.193-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x17c/0x226 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.0+0x3c/0x78 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0xf6/0x120 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x5c3/0xb40 kernel/hung_task.c:287 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 7889 Comm: kworker/u4:5 Not tainted 4.19.193-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy8 ieee80211_iface_work RIP: 0010:hlock_class kernel/locking/lockdep.c:145 [inline] RIP: 0010:lookup_chain_cache_add kernel/locking/lockdep.c:2336 [inline] RIP: 0010:validate_chain kernel/locking/lockdep.c:2391 [inline] RIP: 0010:__lock_acquire+0xc14/0x47c0 kernel/locking/lockdep.c:3416 Code: 8b 7c 24 70 44 89 5c 24 68 4c 89 94 24 98 00 00 00 e8 c0 66 45 00 44 8b 5c 24 68 4c 8b 94 24 98 00 00 00 66 41 f7 42 20 ff 1f <0f> 84 cf 08 00 00 49 b8 eb 83 b5 80 46 86 c8 61 48 b8 00 00 00 00 RSP: 0018:ffff88809c1a7010 EFLAGS: 00000002 RAX: 0000000000000000 RBX: 000000001f551c0f RCX: 1ffff1101389d179 RDX: 1ffff1101389d179 RSI: ffff88809c4e8b08 RDI: 0000000000000000 RBP: ffff88809c1a7200 R08: ffff88809c4e8bc8 R09: 0000000000000004 R10: ffff88809c4e8ba8 R11: 0000000000000000 R12: 0000000003c6de43 R13: 00000000d5f9052e R14: ffff88809c4e8280 R15: 8eb0eeecd9bfe371 FS: 0000000000000000(0000) GS:ffff8880ba300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3811ed3000 CR3: 00000000b475f000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_acquire+0x180/0x3a0 kernel/locking/lockdep.c:3908 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x99/0xd0 kernel/locking/spinlock.c:152 debug_object_activate+0x11c/0x4e0 lib/debugobjects.c:472 debug_rcu_head_queue kernel/rcu/rcu.h:193 [inline] __call_rcu.constprop.51+0x35/0x7f0 kernel/rcu/tree.c:2977 kfree_call_rcu+0x15/0x20 kernel/rcu/tree.c:3098 cfg80211_bss_update+0x83e/0x2800 net/wireless/scan.c:967 cfg80211_inform_bss_frame_data+0x60c/0xc30 net/wireless/scan.c:1285 ieee80211_bss_info_update+0x325/0x16c0 net/mac80211/scan.c:105 ieee80211_rx_bss_info net/mac80211/ibss.c:1125 [inline] ieee80211_rx_mgmt_probe_beacon+0x723/0x14c0 net/mac80211/ibss.c:1607 ieee80211_ibss_rx_queued_mgmt+0x1d4/0x1690 net/mac80211/ibss.c:1634 ieee80211_iface_work+0x4bc/0x6e0 net/mac80211/iface.c:1341 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2152 worker_thread+0x85/0xb60 kernel/workqueue.c:2295 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415