bisecting fixing commit since 811218eceeaa7618652e1b8d11caeff67ab42072 building syzkaller on a52ee10ae11c1342cfca60cf3957619bcf92bd1a testing commit 811218eceeaa7618652e1b8d11caeff67ab42072 with gcc (GCC) 8.4.1 20210217 kernel signature: c64c3e9486c32927a121cc480ebf6df86418c92b6c841a252701000ce66068ee all runs: crashed: INFO: task hung in acct testing current HEAD 830a059cbba6832c11fefc0894c7ec7a27f75734 testing commit 830a059cbba6832c11fefc0894c7ec7a27f75734 with gcc (GCC) 8.4.1 20210217 kernel signature: d5c9da17b6e07ed8c9da958baca6ee326f0c8c50f3f5bbb4dc415c8fd9392895 all runs: crashed: INFO: task hung in acct revisions tested: 2, total time: 39m14.263495573s (build: 21m48.908790485s, test: 16m58.068686397s) the crash still happens on HEAD commit msg: Linux 4.19.186 crash: INFO: task hung in acct Bluetooth: hci5: command 0x0406 tx timeout Bluetooth: hci4: command 0x0406 tx timeout Bluetooth: hci0: command 0x0406 tx timeout Bluetooth: hci2: command 0x0406 tx timeout Bluetooth: hci3: command 0x0406 tx timeout INFO: task syz-executor.4:10050 blocked for more than 140 seconds. Not tainted 4.19.186-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28904 10050 8442 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1005 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1075 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1090 __do_sys_acct kernel/acct.c:285 [inline] __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 __x64_sys_acct+0x2c/0x40 kernel/acct.c:273 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465b09 Code: 00 e9 30 ff ff ff 83 f9 77 75 26 48 83 b8 d8 00 00 00 00 7c e2 83 f9 72 75 10 80 78 19 00 74 0a b9 03 00 00 00 e9 0c ff ff ff <31> c9 e9 05 ff ff ff 83 f9 72 eb e2 e8 c6 35 00 00 e9 c1 fe ff ff RSP: 002b:00007f2c817dc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffe104f1d6f R14: 00007f2c817dc300 R15: 0000000000022000 INFO: task syz-executor.5:10057 blocked for more than 140 seconds. Not tainted 4.19.186-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D29784 10057 8445 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1005 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1075 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1090 __do_sys_acct kernel/acct.c:285 [inline] __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 __x64_sys_acct+0x2c/0x40 kernel/acct.c:273 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465b09 Code: 00 e9 30 ff ff ff 83 f9 77 75 26 48 83 b8 d8 00 00 00 00 7c e2 83 f9 72 75 10 80 78 19 00 74 0a b9 03 00 00 00 e9 0c ff ff ff <31> c9 e9 05 ff ff ff 83 f9 72 eb e2 e8 c6 35 00 00 e9 c1 fe ff ff RSP: 002b:00007fc83a5f4188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffdda31a3ef R14: 00007fc83a5f4300 R15: 0000000000022000 INFO: task syz-executor.3:10058 blocked for more than 140 seconds. Not tainted 4.19.186-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D29784 10058 8451 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1005 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1075 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1090 __do_sys_acct kernel/acct.c:285 [inline] __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 __x64_sys_acct+0x2c/0x40 kernel/acct.c:273 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465b09 Code: 00 e9 30 ff ff ff 83 f9 77 75 26 48 83 b8 d8 00 00 00 00 7c e2 83 f9 72 75 10 80 78 19 00 74 0a b9 03 00 00 00 e9 0c ff ff ff <31> c9 e9 05 ff ff ff 83 f9 72 eb e2 e8 c6 35 00 00 e9 c1 fe ff ff RSP: 002b:00007f72497d7188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffcfeca524f R14: 00007f72497d7300 R15: 0000000000022000 INFO: task syz-executor.1:10060 blocked for more than 140 seconds. Not tainted 4.19.186-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29784 10060 8452 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1005 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1075 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1090 __do_sys_acct kernel/acct.c:285 [inline] __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 __x64_sys_acct+0x2c/0x40 kernel/acct.c:273 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465b09 Code: 00 e9 30 ff ff ff 83 f9 77 75 26 48 83 b8 d8 00 00 00 00 7c e2 83 f9 72 75 10 80 78 19 00 74 0a b9 03 00 00 00 e9 0c ff ff ff <31> c9 e9 05 ff ff ff 83 f9 72 eb e2 e8 c6 35 00 00 e9 c1 fe ff ff RSP: 002b:00007f23e53a8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007fff1cdf2b1f R14: 00007f23e53a8300 R15: 0000000000022000 INFO: task syz-executor.1:10078 blocked for more than 140 seconds. Not tainted 4.19.186-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29784 10078 8452 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1005 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1075 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1090 __do_sys_acct kernel/acct.c:285 [inline] __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 __x64_sys_acct+0x2c/0x40 kernel/acct.c:273 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465b09 Code: 00 e9 30 ff ff ff 83 f9 77 75 26 48 83 b8 d8 00 00 00 00 7c e2 83 f9 72 75 10 80 78 19 00 74 0a b9 03 00 00 00 e9 0c ff ff ff <31> c9 e9 05 ff ff ff 83 f9 72 eb e2 e8 c6 35 00 00 e9 c1 fe ff ff RSP: 002b:00007f23e53a8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007fff1cdf2b1f R14: 00007f23e53a8300 R15: 0000000000022000 INFO: task syz-executor.2:10075 blocked for more than 140 seconds. Not tainted 4.19.186-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D29784 10075 8449 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1005 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1075 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1090 __do_sys_acct kernel/acct.c:285 [inline] __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 __x64_sys_acct+0x2c/0x40 kernel/acct.c:273 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465b09 Code: 00 e9 30 ff ff ff 83 f9 77 75 26 48 83 b8 d8 00 00 00 00 7c e2 83 f9 72 75 10 80 78 19 00 74 0a b9 03 00 00 00 e9 0c ff ff ff <31> c9 e9 05 ff ff ff 83 f9 72 eb e2 e8 c6 35 00 00 e9 c1 fe ff ff RSP: 002b:00007fef1d918188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffd230bc34f R14: 00007fef1d918300 R15: 0000000000022000 INFO: task syz-executor.5:10080 blocked for more than 140 seconds. Not tainted 4.19.186-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D29448 10080 8445 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1005 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1075 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1090 __do_sys_acct kernel/acct.c:285 [inline] __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 __x64_sys_acct+0x2c/0x40 kernel/acct.c:273 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465b09 Code: 00 e9 30 ff ff ff 83 f9 77 75 26 48 83 b8 d8 00 00 00 00 7c e2 83 f9 72 75 10 80 78 19 00 74 0a b9 03 00 00 00 e9 0c ff ff ff <31> c9 e9 05 ff ff ff 83 f9 72 eb e2 e8 c6 35 00 00 e9 c1 fe ff ff RSP: 002b:00007fc83a5f4188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffdda31a3ef R14: 00007fc83a5f4300 R15: 0000000000022000 INFO: task syz-executor.1:10084 blocked for more than 140 seconds. Not tainted 4.19.186-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29448 10084 8452 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1005 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1075 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1090 __do_sys_acct kernel/acct.c:285 [inline] __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 __x64_sys_acct+0x2c/0x40 kernel/acct.c:273 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465b09 Code: Bad RIP value. RSP: 002b:00007f23e53a8188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007fff1cdf2b1f R14: 00007f23e53a8300 R15: 0000000000022000 INFO: task syz-executor.3:10088 blocked for more than 140 seconds. Not tainted 4.19.186-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D29784 10088 8451 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1005 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1075 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1090 __do_sys_acct kernel/acct.c:285 [inline] __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 __x64_sys_acct+0x2c/0x40 kernel/acct.c:273 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465b09 Code: Bad RIP value. RSP: 002b:00007f72497d7188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffcfeca524f R14: 00007f72497d7300 R15: 0000000000022000 INFO: task syz-executor.3:10098 blocked for more than 140 seconds. Not tainted 4.19.186-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D29448 10098 8451 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x80c/0x1f70 kernel/sched/core.c:3517 schedule+0x7f/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1005 [inline] __mutex_lock+0x4c3/0x1200 kernel/locking/mutex.c:1075 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1090 __do_sys_acct kernel/acct.c:285 [inline] __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 __x64_sys_acct+0x2c/0x40 kernel/acct.c:273 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465b09 Code: Bad RIP value. RSP: 002b:00007f72497d7188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffcfeca524f R14: 00007f72497d7300 R15: 0000000000022000 Showing all locks held in the system: 3 locks held by kworker/u4:4/1273: #0: 00000000aaa18ada (&rq->lock){-.-.}, at: idle_balance kernel/sched/fair.c:9701 [inline] #0: 00000000aaa18ada (&rq->lock){-.-.}, at: pick_next_task_fair+0x1006/0x1540 kernel/sched/fair.c:6840 #1: 000000007b1fac41 (rcu_read_lock){....}, at: cpu_of kernel/sched/sched.h:921 [inline] #1: 000000007b1fac41 (rcu_read_lock){....}, at: __update_idle_core+0x3c/0x3f0 kernel/sched/fair.c:6057 #2: 00000000d3667f88 (&base->lock){-.-.}, at: lock_timer_base+0xc8/0x160 kernel/time/timer.c:950 1 lock held by khungtaskd/1560: #0: 000000007b1fac41 (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a kernel/locking/lockdep.c:4442 2 locks held by in:imklog/7795: #0: 000000008e2bf5b8 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xa7/0xd0 fs/file.c:767 #1: 00000000aaa18ada (&rq->lock){-.-.}, at: finish_wait+0xb9/0x290 kernel/sched/wait.c:366 1 lock held by syz-executor.4/10050: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.5/10057: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.3/10058: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.2/10056: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.1/10060: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.1/10078: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.2/10075: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.5/10080: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.1/10084: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.3/10088: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.3/10098: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.5/10100: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.1/10101: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.2/10103: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.1/10109: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.3/10116: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.5/10117: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.3/10122: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 1 lock held by syz-executor.0/10393: #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000fa28603b (acct_on_mutex){+.+.}, at: __se_sys_acct+0x65/0x7d0 kernel/acct.c:273 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1560 Comm: khungtaskd Not tainted 4.19.186-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x17c/0x226 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.0+0x3c/0x78 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0xf6/0x120 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x5c3/0xb40 kernel/hung_task.c:287 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 1273 Comm: kworker/u4:4 Not tainted 4.19.186-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: writeback wb_workfn (flush-8:0) RIP: 0010:move_expired_inodes+0x275/0x7b0 fs/fs-writeback.c:1170 Code: e8 03 80 3c 18 00 0f 85 23 04 00 00 49 8b 45 00 49 39 c5 74 3f 49 8d 7d 08 48 89 f8 48 c1 e8 03 80 3c 18 00 0f 85 f9 04 00 00 <4d> 8b 7d 08 49 8d 7f e0 48 89 f8 48 c1 e8 03 80 3c 18 00 0f 85 20 RSP: 0018:ffff8880b325fa08 EFLAGS: 00000246 RAX: 1ffff11015847c6f RBX: dffffc0000000000 RCX: ffffffff819ec7ab RDX: 00000000ffffeeab RSI: ffff8880ac23e380 RDI: ffff8880ac23e378 RBP: ffff8880b325fad0 R08: ffffed1015847c77 R09: ffffed1015847c76 R10: ffffed1015847c76 R11: ffff8880ac23e3b3 R12: ffff8880b325fa68 R13: ffff8880ac23e370 R14: 0000000000000000 R15: ffff8880ac23e380 FS: 0000000000000000(0000) GS:ffff8880ba200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb52066c000 CR3: 00000000aa005000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: queue_io+0x18c/0x4b0 fs/fs-writeback.c:1223 wb_writeback+0x65e/0x910 fs/fs-writeback.c:1813 wb_check_background_flush fs/fs-writeback.c:1885 [inline] wb_do_writeback fs/fs-writeback.c:1973 [inline] wb_workfn+0x7b0/0xec0 fs/fs-writeback.c:2001 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2152 worker_thread+0x85/0xb60 kernel/workqueue.c:2295 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415