INFO: task syz-executor:25033 blocked for more than 143 seconds. Not tainted 5.12.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor state:D stack:12272 pid:25033 ppid: 1 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0x2bf/0x7c0 kernel/sched/core.c:5073 schedule+0x41/0xa0 kernel/sched/core.c:5152 schedule_timeout+0x100/0x140 kernel/time/timer.c:1868 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x7f/0xe0 kernel/sched/completion.c:138 kthread_stop+0x6e/0x170 kernel/kthread.c:621 ext4_put_super+0x2e6/0x3f0 fs/ext4/super.c:1248 generic_shutdown_super+0x67/0x100 fs/super.c:464 kill_block_super+0x1c/0x40 fs/super.c:1394 deactivate_locked_super+0x2c/0xa0 fs/super.c:335 cleanup_mnt+0x109/0x150 fs/namespace.c:1136 task_work_run+0x57/0x90 kernel/task_work.c:140 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop kernel/entry/common.c:174 [inline] exit_to_user_mode_prepare+0x139/0x140 kernel/entry/common.c:208 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline] syscall_exit_to_user_mode+0x13/0x40 kernel/entry/common.c:301 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f1d672d4227 RSP: 002b:00007ffe2a9ee528 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00007f1d67345a14 RCX: 00007f1d672d4227 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe2a9ee5e0 RBP: 00007ffe2a9ee5e0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe2a9ef660 R13: 00007f1d67345a14 R14: 00000000000321eb R15: 00007ffe2a9ef6a0 INFO: task kmmpd-loop2:32514 blocked for more than 143 seconds. Not tainted 5.12.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kmmpd-loop2 state:D stack:14920 pid:32514 ppid: 2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0x2bf/0x7c0 kernel/sched/core.c:5073 schedule+0x41/0xa0 kernel/sched/core.c:5152 percpu_rwsem_wait+0x13e/0x180 kernel/locking/percpu-rwsem.c:160 __percpu_down_read kernel/locking/percpu-rwsem.c:174 [inline] __percpu_down_read+0x47/0x50 kernel/locking/percpu-rwsem.c:165 percpu_down_read include/linux/percpu-rwsem.h:65 [inline] __sb_start_write include/linux/fs.h:1640 [inline] sb_start_write include/linux/fs.h:1710 [inline] write_mmp_block+0x102/0x130 fs/ext4/mmp.c:50 kmmpd+0x2e0/0x430 fs/ext4/mmp.c:245 kthread+0x119/0x130 kernel/kthread.c:292 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:294 Showing all locks held in the system: 2 locks held by kworker/0:2/13: #0: ffff888100056738 ((wq_completion)events){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #0: ffff888100056738 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x1bc/0x430 kernel/workqueue.c:2238 #1: ffffc90000073e70 ((kfence_timer).work){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #1: ffffc90000073e70 ((kfence_timer).work){....}-{0:0}, at: process_one_work+0x1bc/0x430 kernel/workqueue.c:2238 2 locks held by kworker/u4:2/27: #0: ffff888100058938 ((wq_completion)events_unbound){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #0: ffff888100058938 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x1bc/0x430 kernel/workqueue.c:2238 #1: ffffc900000efe70 ((work_completion)(&sub_info->work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #1: ffffc900000efe70 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_one_work+0x1bc/0x430 kernel/workqueue.c:2238 1 lock held by khungtaskd/235: #0: ffffffff82374a80 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x15/0xf2 kernel/locking/lockdep.c:6328 1 lock held by udevd/917: #0: ffff888108df80a0 (&bdev->bd_mutex){....}-{3:3}, at: blkdev_get_by_dev fs/block_dev.c:1453 [inline] #0: ffff888108df80a0 (&bdev->bd_mutex){....}-{3:3}, at: blkdev_get_by_dev+0x13d/0x250 fs/block_dev.c:1422 2 locks held by getty/977: #0: ffff8881057d1898 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x50 drivers/tty/tty_ldisc.c:266 #1: ffffc90001abb2e8 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0x478/0x5a0 drivers/tty/n_tty.c:2178 1 lock held by udevd/4901: #0: ffff888108df80a0 (&bdev->bd_mutex){....}-{3:3}, at: blkdev_get_by_dev fs/block_dev.c:1453 [inline] #0: ffff888108df80a0 (&bdev->bd_mutex){....}-{3:3}, at: blkdev_get_by_dev+0x13d/0x250 fs/block_dev.c:1422 2 locks held by kworker/0:5/11868: #0: ffff888100057338 ((wq_completion)rcu_gp){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #0: ffff888100057338 ((wq_completion)rcu_gp){....}-{0:0}, at: process_one_work+0x1bc/0x430 kernel/workqueue.c:2238 #1: ffffc900024d7e70 ((work_completion)(&rew.rew_work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #1: ffffc900024d7e70 ((work_completion)(&rew.rew_work)){....}-{0:0}, at: process_one_work+0x1bc/0x430 kernel/workqueue.c:2238 1 lock held by syz-executor/25033: #0: ffff8881155f10e0 (&type->s_umount_key#26){....}-{3:3}, at: deactivate_super+0x27/0x30 fs/super.c:365 1 lock held by kmmpd-loop2/32514: #0: ffff8881155f1438 (sb_writers#4){....}-{0:0}, at: kmmpd+0x2e0/0x430 fs/ext4/mmp.c:245 2 locks held by syz.0.19934/21818: #0: ffff8881152f30e0 (&type->s_umount_key#22/1){....}-{3:3}, at: alloc_super+0xd0/0x3b0 fs/super.c:229 #1: ffffffff82375368 (rcu_state.exp_mutex){....}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline] #1: ffffffff82375368 (rcu_state.exp_mutex){....}-{3:3}, at: synchronize_rcu_expedited+0x2f1/0x390 kernel/rcu/tree_exp.h:836 3 locks held by syz.5.19935/21820: #0: ffff888100449a90 (&bdev->bd_fsfreeze_mutex){....}-{3:3}, at: freeze_bdev+0x1a/0xc0 fs/block_dev.c:569 #1: ffff88811583f438 (sb_writers#4){....}-{0:0}, at: sb_wait_write fs/super.c:1592 [inline] #1: ffff88811583f438 (sb_writers#4){....}-{0:0}, at: freeze_super+0x73/0x160 fs/super.c:1685 #2: ffffffff82375368 (rcu_state.exp_mutex){....}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline] #2: ffffffff82375368 (rcu_state.exp_mutex){....}-{3:3}, at: synchronize_rcu_expedited+0xe6/0x390 kernel/rcu/tree_exp.h:836 2 locks held by syz.4.19936/21827: #0: ffff888108dfa4d0 (&bdev->bd_fsfreeze_mutex){....}-{3:3}, at: freeze_bdev+0x1a/0xc0 fs/block_dev.c:569 #1: ffff888118be9438 (sb_writers#4){....}-{0:0}, at: sb_wait_write fs/super.c:1592 [inline] #1: ffff888118be9438 (sb_writers#4){....}-{0:0}, at: freeze_super+0x73/0x160 fs/super.c:1685 2 locks held by syz.1.19938/21834: #0: ffff888108df80a0 (&bdev->bd_mutex){....}-{3:3}, at: __blkdev_put+0x4a/0x230 fs/block_dev.c:1574 #1: ffff888104b7dbf0 (&lo->lo_mutex){....}-{3:3}, at: lo_release+0x1b/0x90 drivers/block/loop.c:1910 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 235 Comm: khungtaskd Not tainted 5.12.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x69/0x8e lib/dump_stack.c:120 nmi_cpu_backtrace.cold+0x32/0x69 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x81/0x90 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0x4b1/0x4c0 kernel/hung_task.c:294 kthread+0x119/0x130 kernel/kthread.c:292 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:294 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 13 Comm: kworker/0:2 Not tainted 5.12.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Workqueue: events toggle_allocation_gate RIP: 0010:kmap_local_sched_out kernel/sched/core.c:4092 [inline] RIP: 0010:prepare_task_switch kernel/sched/core.c:4127 [inline] RIP: 0010:context_switch kernel/sched/core.c:4274 [inline] RIP: 0010:__schedule+0x225/0x7c0 kernel/sched/core.c:5073 Code: 00 00 49 0f ba ad 30 13 00 00 00 49 83 bd 20 13 00 00 00 74 06 f0 41 80 4d 00 02 65 48 8b 04 25 c0 6e 01 00 8b 80 e0 13 00 00 <85> c0 0f 85 a9 04 00 00 49 8b b7 38 04 00 00 41 c7 47 34 01 00 00 RSP: 0018:ffffc90000073df8 EFLAGS: 00000046 RAX: 0000000000000000 RBX: ffffffff82177da8 RCX: 000000000296e009 RDX: 00000052476d74ec RSI: ffff888237c2a918 RDI: ffff888100208928 RBP: ffffc90000073e48 R08: ffff8881075600e8 R09: ffff8881075600e8 R10: 0000000000000016 R11: 0000000000004721 R12: ffff888237c2a900 R13: ffff888100208000 R14: ffff888237c2a918 R15: ffff8881152dcd40 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc9e4293000 CR3: 0000000002222000 CR4: 0000000000350ef0 Call Trace: preempt_schedule_common kernel/sched/core.c:5233 [inline] __cond_resched+0x28/0x40 kernel/sched/core.c:6982 _cond_resched include/linux/sched.h:1893 [inline] process_one_work+0x2c2/0x430 kernel/workqueue.c:2301 worker_thread+0x4d/0x330 kernel/workqueue.c:2421 kthread+0x119/0x130 kernel/kthread.c:292 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:294