bisecting cause commit starting from f1583cb1be35c23df60b1c39e3e7e6704d749d0b
building syzkaller on d236a457274375e5273ac4e958722659929c469f
testing commit f1583cb1be35c23df60b1c39e3e7e6704d749d0b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 85c1de74cbac4680cd9e3bad94af94bcf0be69d02e48b478b47c2393347d556b
run #0: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #1: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #2: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #3: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #4: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #5: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #6: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #7: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #8: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #9: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #10: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #11: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #12: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #13: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #14: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #15: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #16: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #17: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #18: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
run #19: boot failed: possible deadlock in blktrans_open
testing release v5.14
testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 1bc25c310b773f41f60536ec01fad7eee81fbd08982b6b34e2bd4f1aafdef1ea
all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
testing release v5.13
testing commit 62fb9874f5da54fdb243003b386128037319b219
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 79cc2141d6961d1d111273529554accf3406ed45786744614f70cb503fcf44bf
all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
testing release v5.12
testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 03446a4bb624836456d5cb3f366f36bb63398997b55dbd1843ea584e688cadcd
all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
testing release v5.11
testing commit f40ddce88593482919761f74910f42f4b84c004b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: f1e7de5acc53e30c83d20cbc5b548485391bef48b416bcc252bad00b586d304a
all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 9234860d4d98c2242226297a473408f6e66001791ea0c941ee9d7c74aed71ac3
all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 0074ff66cc93974968691c6f3e95882c46b0a5959af1c1a30f24f4b99ec2bf41
all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c
compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 6b09db9416a1f5f8e3611fc2733acfd5f24b7d2400226f9bcd24fe3229df97c7
all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162
compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 867a99d78bcc59400a5716ff87033ba12dd9e8acef6f5424b19b8887a68b4970
all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 39a98130553008421ff2d74e281c1c369d63abebd99f150ff676c8750000be35
all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: f79a91a2e32b7f05ee82b25d6f19fa751c001e5c9a576feca3a65f3661a3327b
all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: f346a69b61b4c914255ed68c962273e39bfd8285fd4439ad9aeb7c3debccb2be
all runs: crashed: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: eebf7bd4359f1cc5a7c0d70598dac5e77bbd375933d08167b136db9d357c9627
all runs: crashed: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 639da55f42b1c6bc95899ec9c127b400ead9899dfd6e0c8ab9faad45963cc828
all runs: crashed: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: f7bfdcb92cb403de0358f10649551485d1ce1a997be007e214b96745af0ebce9
run #0: crashed: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
run #1: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #2: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #3: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #4: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #5: crashed: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
run #6: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #7: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #8: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #9: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 2129cdbd23dfe72d1fb5bfefc6e0926417bb7f6be8f9d6f5a60f38504cd62325
run #0: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #1: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #2: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #3: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #4: crashed: BUG: unable to handle kernel paging request in corrupted
run #5: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #6: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #7: crashed: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
run #8: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #9: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 4294e61815985e767e94a668516100457b9c17c60bfc17575dc7bdc389764514
run #0: crashed: KASAN: null-ptr-deref Write in vivid_stop_generating_vid_cap
run #1: crashed: KASAN: null-ptr-deref Write in vivid_stop_generating_vid_cap
run #2: crashed: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
run #3: crashed: KASAN: null-ptr-deref Write in vivid_stop_generating_vid_cap
run #4: crashed: KASAN: null-ptr-deref Write in vivid_stop_generating_vid_cap
run #5: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #6: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #7: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #8: crashed: KASAN: null-ptr-deref Write in vivid_stop_generating_vid_cap
run #9: crashed: KASAN: null-ptr-deref Write in vivid_stop_generating_vid_cap
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 9f9ffb6a8dfef58187a20e50437091ec664b3d3ecdee3745c8da989bc50962de
run #0: crashed: KASAN: use-after-free Read in __vb2_perform_fileio
run #1: crashed: KASAN: null-ptr-deref Write in vivid_stop_generating_vid_cap
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
run #3: crashed: KASAN: null-ptr-deref Write in vivid_stop_generating_vid_cap
run #4: crashed: INFO: task hung in vivid_stop_generating_vid_cap
run #5: crashed: INFO: task hung in vivid_stop_generating_vid_cap
run #6: crashed: INFO: task hung in vivid_stop_generating_vid_cap
run #7: crashed: INFO: task hung in vivid_stop_generating_vid_cap
run #8: crashed: INFO: task hung in vivid_stop_generating_vid_cap
run #9: crashed: INFO: task hung in vivid_stop_generating_vid_cap
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 38bd0fbe3e901f2802983a9192a8563d6cc72c0da067f3530a6b30dde6631228
run #0: crashed: KASAN: null-ptr-deref Write in vivid_stop_generating_vid_cap
run #1: crashed: KASAN: null-ptr-deref Write in vivid_stop_generating_vid_cap
run #2: crashed: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
run #3: crashed: INFO: task hung in vivid_stop_generating_vid_cap
run #4: crashed: INFO: task hung in vivid_stop_generating_vid_cap
run #5: crashed: INFO: task hung in vivid_stop_generating_vid_cap
run #6: crashed: INFO: task hung in vivid_stop_generating_vid_cap
run #7: crashed: INFO: task hung in vivid_stop_generating_vid_cap
run #8: crashed: INFO: task hung in vivid_stop_generating_vid_cap
run #9: crashed: INFO: task hung in vivid_stop_generating_vid_cap
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4
failed to run ["make" "-j" "64" "ARCH=x86_64" "CC=/syzkaller/shared/bisect_bin/gcc-8.1.0/bin/gcc" "bzImage"]: exit status 2
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda
orc_dump.c:106:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
orc_dump.c:111:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
elf.c:135:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:140:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff
orc_dump.c:106:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
orc_dump.c:111:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
elf.c:135:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:140:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:36:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.14
testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4
orc_dump.c:105:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
orc_dump.c:110:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:139:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:36:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.13
testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
elf.c:144:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:149:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
testing release v4.12
testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
elf.c:141:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:146:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
testing release v4.11
testing commit a351e9b9fc24e982ec2f0e76379a49826036da12
elf.c:141:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:146:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.10
testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.9
testing commit 69973b830859bc6529a7a0468ba0d80ee5117826
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.8
testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.7
testing commit 523d939ef98fd712632d93a5a2b588e477a7565e
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:122:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:127:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.6
testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
revisions tested: 19, total time: 3h26m4.334833538s (build: 2h6m2.325420654s, test: 1h14m23.490775708s)
the crash already happened on the oldest tested release
commit msg: Linux 4.18
crash: INFO: task hung in vivid_stop_generating_vid_cap
Bluetooth: hci3: command 0x0406 tx timeout
Bluetooth: hci4: command 0x0406 tx timeout
NOHZ: local_softirq_pending 08
NOHZ: local_softirq_pending 08
NOHZ: local_softirq_pending 08
INFO: task syz-executor.2:10172 blocked for more than 140 seconds.
      Not tainted 4.18.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2  D28248 10172   8542 0x00080004
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x80c/0x1fc0 kernel/sched/core.c:3501
 schedule+0x7f/0x1b0 kernel/sched/core.c:3545
 schedule_timeout+0x70e/0xd20 kernel/time/timer.c:1777
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common+0x3fb/0x5d0 kernel/sched/completion.c:115
 wait_for_completion+0x18/0x20 kernel/sched/completion.c:136
 kthread_stop+0xc9/0x550 kernel/kthread.c:548
 vivid_stop_generating_vid_cap+0x191/0x5fe drivers/media/platform/vivid/vivid-kthread-cap.c:919
 vid_cap_stop_streaming+0x75/0xd0 drivers/media/platform/vivid/vivid-vid-cap.c:256
 __vb2_queue_cancel+0x94/0x880 drivers/media/common/videobuf2/videobuf2-core.c:1654
 vb2_core_streamoff+0x4b/0x100 drivers/media/common/videobuf2/videobuf2-core.c:1790
 __vb2_cleanup_fileio+0x69/0x140 drivers/media/common/videobuf2/videobuf2-core.c:2311
 vb2_core_queue_release+0xf/0x70 drivers/media/common/videobuf2/videobuf2-core.c:2038
 vb2_queue_release drivers/media/common/videobuf2/videobuf2-v4l2.c:672 [inline]
 _vb2_fop_release+0x1ac/0x280 drivers/media/common/videobuf2/videobuf2-v4l2.c:843
 vb2_fop_release+0x66/0xd0 drivers/media/common/videobuf2/videobuf2-v4l2.c:857
 vivid_fop_release+0x15f/0x3a0 drivers/media/platform/vivid/vivid-core.c:474
 v4l2_release+0xeb/0x1a0 drivers/media/v4l2-core/v4l2-dev.c:448
 __fput+0x232/0x780 fs/file_table.c:209
 ____fput+0x9/0x10 fs/file_table.c:243
 task_work_run+0x111/0x180 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:192 [inline]
 exit_to_usermode_loop+0x180/0x1e0 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x47a/0x540 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x41940b
Code: Bad RIP value.
RSP: 002b:00007ffedaa35200 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000006 RCX: 000000000041940b
RDX: 0000000000570958 RSI: 0000000000000001 RDI: 0000000000000005
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000001b319200e0
R10: 00007ffedaa352f0 R11: 0000000000000293 R12: 000000000000bff0
R13: 00000000000003e8 R14: 000000000056bf80 R15: 000000000000bfd9
INFO: task syz-executor.1:10195 blocked for more than 140 seconds.
      Not tainted 4.18.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1  D28248 10195   8546 0x00080004
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x80c/0x1fc0 kernel/sched/core.c:3501
 schedule+0x7f/0x1b0 kernel/sched/core.c:3545
 schedule_timeout+0x70e/0xd20 kernel/time/timer.c:1777
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common+0x3fb/0x5d0 kernel/sched/completion.c:115
 wait_for_completion+0x18/0x20 kernel/sched/completion.c:136
 kthread_stop+0xc9/0x550 kernel/kthread.c:548
 vivid_stop_generating_vid_cap+0x191/0x5fe drivers/media/platform/vivid/vivid-kthread-cap.c:919
 vid_cap_stop_streaming+0x75/0xd0 drivers/media/platform/vivid/vivid-vid-cap.c:256
 __vb2_queue_cancel+0x94/0x880 drivers/media/common/videobuf2/videobuf2-core.c:1654
 vb2_core_streamoff+0x4b/0x100 drivers/media/common/videobuf2/videobuf2-core.c:1790
 __vb2_cleanup_fileio+0x69/0x140 drivers/media/common/videobuf2/videobuf2-core.c:2311
 vb2_core_queue_release+0xf/0x70 drivers/media/common/videobuf2/videobuf2-core.c:2038
 vb2_queue_release drivers/media/common/videobuf2/videobuf2-v4l2.c:672 [inline]
 _vb2_fop_release+0x1ac/0x280 drivers/media/common/videobuf2/videobuf2-v4l2.c:843
 vb2_fop_release+0x66/0xd0 drivers/media/common/videobuf2/videobuf2-v4l2.c:857
 vivid_fop_release+0x15f/0x3a0 drivers/media/platform/vivid/vivid-core.c:474
 v4l2_release+0xeb/0x1a0 drivers/media/v4l2-core/v4l2-dev.c:448
 __fput+0x232/0x780 fs/file_table.c:209
 ____fput+0x9/0x10 fs/file_table.c:243
 task_work_run+0x111/0x180 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:192 [inline]
 exit_to_usermode_loop+0x180/0x1e0 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x47a/0x540 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x41940b
Code: 00 00 00 48 85 c0 0f 84 9b 07 00 00 0f b6 48 17 83 e1 1f 80 f9 16 0f 85 1a 07 00 00 48 83 78 30 00 0f 84 f6 06 00 00 48 89 84 <24> 90 00 00 00 48 8b 84 24 f0 00 00 00 48 89 04 24 0f 57 c0 0f 11 
RSP: 002b:00007ffc9061ebb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000006 RCX: 000000000041940b
RDX: 0000000000570958 RSI: 0000000000000001 RDI: 0000000000000005
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000001b31d200e0
R10: 00007ffc9061eca0 R11: 0000000000000293 R12: 000000000000c040
R13: 00000000000003e8 R14: 000000000056bf80 R15: 000000000000c01a
INFO: task syz-executor.3:10216 blocked for more than 140 seconds.
      Not tainted 4.18.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D28248 10216   8554 0x00080004
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x80c/0x1fc0 kernel/sched/core.c:3501
 schedule+0x7f/0x1b0 kernel/sched/core.c:3545
 schedule_timeout+0x70e/0xd20 kernel/time/timer.c:1777
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common+0x3fb/0x5d0 kernel/sched/completion.c:115
 wait_for_completion+0x18/0x20 kernel/sched/completion.c:136
 kthread_stop+0xc9/0x550 kernel/kthread.c:548
 vivid_stop_generating_vid_cap+0x191/0x5fe drivers/media/platform/vivid/vivid-kthread-cap.c:919
 vid_cap_stop_streaming+0x75/0xd0 drivers/media/platform/vivid/vivid-vid-cap.c:256
 __vb2_queue_cancel+0x94/0x880 drivers/media/common/videobuf2/videobuf2-core.c:1654
 vb2_core_streamoff+0x4b/0x100 drivers/media/common/videobuf2/videobuf2-core.c:1790
 __vb2_cleanup_fileio+0x69/0x140 drivers/media/common/videobuf2/videobuf2-core.c:2311
 vb2_core_queue_release+0xf/0x70 drivers/media/common/videobuf2/videobuf2-core.c:2038
 vb2_queue_release drivers/media/common/videobuf2/videobuf2-v4l2.c:672 [inline]
 _vb2_fop_release+0x1ac/0x280 drivers/media/common/videobuf2/videobuf2-v4l2.c:843
 vb2_fop_release+0x66/0xd0 drivers/media/common/videobuf2/videobuf2-v4l2.c:857
 vivid_fop_release+0x15f/0x3a0 drivers/media/platform/vivid/vivid-core.c:474
 v4l2_release+0xeb/0x1a0 drivers/media/v4l2-core/v4l2-dev.c:448
 __fput+0x232/0x780 fs/file_table.c:209
 ____fput+0x9/0x10 fs/file_table.c:243
 task_work_run+0x111/0x180 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:192 [inline]
 exit_to_usermode_loop+0x180/0x1e0 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x47a/0x540 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x41940b
Code: 00 00 00 48 85 c0 0f 84 9b 07 00 00 0f b6 48 17 83 e1 1f 80 f9 16 0f 85 1a 07 00 00 48 83 78 30 00 0f 84 f6 06 00 00 48 89 84 <24> 90 00 00 00 48 8b 84 24 f0 00 00 00 48 89 04 24 0f 57 c0 0f 11 
RSP: 002b:00007ffcf27f8ce0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000006 RCX: 000000000041940b
RDX: 0000000000570958 RSI: 0000000000000001 RDI: 0000000000000005
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000001b324200e0
R10: 00007ffcf27f8dd0 R11: 0000000000000293 R12: 000000000000c08f
R13: 00000000000003e8 R14: 000000000056bf80 R15: 000000000000c07b

Showing all locks held in the system:
1 lock held by khungtaskd/1509:
 #0: 00000000a9af4bcf (rcu_read_lock){....}, at: debug_show_all_locks+0x5b/0x27a kernel/locking/lockdep.c:4461
2 locks held by in:imklog/7858:

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1509 Comm: khungtaskd Not tainted 4.18.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x15a/0x20d lib/dump_stack.c:113
 nmi_cpu_backtrace.cold.0+0x13/0xb6 lib/nmi_backtrace.c:103
 nmi_trigger_cpumask_backtrace+0xf6/0x11a lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
 watchdog+0x512/0x940 kernel/hung_task.c:252
 kthread+0x316/0x3d0 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:412
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:54