Extracting prog: 6m27.635977007s Minimizing prog: 54m18.811211946s Simplifying prog options: 14m25.13732234s Extracting C: 5m9.298341029s Simplifying C: 0s extracting reproducer from 1 programs testing a last program of every proc single: executing 1 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) program crashed: INFO: task hung in bdev_release program crashed: INFO: task hung in bdev_release single: successfully extracted reproducer found reproducer with 6 syscalls minimizing guilty program testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) ioctl$NBD_DO_IT(r1, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, 0xffffffffffffffff) ioctl$NBD_DO_IT(r1, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r1) ioctl$NBD_DO_IT(0xffffffffffffffff, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) r0 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: ioctl$NBD_SET_SIZE_BLOCKS(0xffffffffffffffff, 0xab07, 0xb) r0 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(0x0, 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, 0xffffffffffffffff) ioctl$NBD_DO_IT(r1, 0xab03) program did not crash extracting C reproducer testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT program crashed: no output from test machine a never seen crash title: no output from test machine, ignore simplifying guilty program options testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) program crashed: INFO: task hung in bdev_release extracting C reproducer testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) program crashed: INFO: task hung in bdev_release validation run: crashed=true testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) program crashed: INFO: task hung in bdev_release validation run: crashed=true testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) program crashed: INFO: task hung in bdev_release validation run: crashed=true reproducing took 1h29m35.303233681s repro crashed as (corrupted=false): INFO: task syz.0.17:6753 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.17 state:D stack:0 pid:6753 tgid:6753 ppid:6704 task_flags:0x400040 flags:0x00800001 Call trace: __switch_to+0x418/0x87c arch/arm64/kernel/process.c:742 (T) context_switch kernel/sched/core.c:5256 [inline] __schedule+0x1250/0x2a7c kernel/sched/core.c:6863 __schedule_loop kernel/sched/core.c:6945 [inline] schedule+0xb4/0x230 kernel/sched/core.c:6960 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017 __mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692 __mutex_lock kernel/locking/mutex.c:776 [inline] mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828 bdev_release+0x154/0x654 block/bdev.c:1145 blkdev_release+0x20/0x34 block/fops.c:706 __fput+0x340/0x75c fs/file_table.c:468 ____fput+0x20/0x58 fs/file_table.c:496 task_work_run+0x1dc/0x260 kernel/task_work.c:233 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] __exit_to_user_mode_loop kernel/entry/common.c:44 [inline] exit_to_user_mode_loop+0x10c/0x18c kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] exit_to_user_mode_prepare_legacy include/linux/irq-entry-common.h:242 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:81 [inline] el0_svc+0x17c/0x26c arch/arm64/kernel/entry-common.c:725 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 INFO: task syz.0.17:6754 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.17 state:D stack:0 pid:6754 tgid:6753 ppid:6704 task_flags:0x400140 flags:0x00000011 Call trace: __switch_to+0x418/0x87c arch/arm64/kernel/process.c:742 (T) context_switch kernel/sched/core.c:5256 [inline] __schedule+0x1250/0x2a7c kernel/sched/core.c:6863 __schedule_loop kernel/sched/core.c:6945 [inline] schedule+0xb4/0x230 kernel/sched/core.c:6960 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017 __mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692 __mutex_lock kernel/locking/mutex.c:776 [inline] mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828 bdev_release+0x154/0x654 block/bdev.c:1145 blkdev_release+0x20/0x34 block/fops.c:706 __fput+0x340/0x75c fs/file_table.c:468 ____fput+0x20/0x58 fs/file_table.c:496 task_work_run+0x1dc/0x260 kernel/task_work.c:233 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] __exit_to_user_mode_loop kernel/entry/common.c:44 [inline] exit_to_user_mode_loop+0x10c/0x18c kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] exit_to_user_mode_prepare_legacy include/linux/irq-entry-common.h:242 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:81 [inline] el0_svc+0x17c/0x26c arch/arm64/kernel/entry-common.c:725 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 Showing all locks held in the system: 1 lock held by khungtaskd/32: #0: ffff80008fa5b6e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 include/linux/rcupdate.h:330 2 locks held by pr/ttyAMA-1/43: 2 locks held by getty/6354: #0: ffff0000dbcf00a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340 #1: ffff800099f1e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x34c/0xfc8 drivers/tty/n_tty.c:2211 1 lock held by udevd/6608: #0: ffff0000cbb3e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by udevd/6620: #0: ffff0000cbbfe358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by udevd/6712: #0: ffff0000cc0dc358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by udevd/6713: #0: ffff0000cbb3a358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by udevd/6714: #0: ffff0000cbbfa358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by syz.0.17/6753: #0: ffff0000cbb3a358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.0.17/6754: #0: ffff0000cbb3a358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.1.18/6779: #0: ffff0000cbb3e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.1.18/6780: #0: ffff0000cbb3e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.2.19/6801: #0: ffff0000cbbfa358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.2.19/6802: #0: ffff0000cbbfa358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.3.20/6824: #0: ffff0000cbbfe358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.3.20/6825: #0: ffff0000cbbfe358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by udevd/6831: #0: ffff0000cc0d8358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by syz.4.21/6857: #0: ffff0000cc0d8358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.4.21/6858: #0: ffff0000cc0d8358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by udevd/6868: #0: ffff0000cb68d358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by syz.5.22/6894: #0: ffff0000cb68d358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.5.22/6895: #0: ffff0000cb68d358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.6.23/6926: #0: ffff0000cc0dc358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.6.23/6927: #0: ffff0000cc0dc358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by udevd/6933: #0: ffff0000cc239358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by syz.7.24/6960: #0: ffff0000cc239358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.7.24/6961: #0: ffff0000cc239358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by udevd/6967: #0: ffff0000cc23d358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by syz.8.25/6994: #0: ffff0000cc23d358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.8.25/6995: #0: ffff0000cc23d358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by udevd/7006: #0: ffff0000cc2a0358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by syz.9.26/7032: #0: ffff0000cc2a0358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.9.26/7033: #0: ffff0000cc2a0358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 ============================================= final repro crashed as (corrupted=false): INFO: task syz.0.17:6753 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.17 state:D stack:0 pid:6753 tgid:6753 ppid:6704 task_flags:0x400040 flags:0x00800001 Call trace: __switch_to+0x418/0x87c arch/arm64/kernel/process.c:742 (T) context_switch kernel/sched/core.c:5256 [inline] __schedule+0x1250/0x2a7c kernel/sched/core.c:6863 __schedule_loop kernel/sched/core.c:6945 [inline] schedule+0xb4/0x230 kernel/sched/core.c:6960 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017 __mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692 __mutex_lock kernel/locking/mutex.c:776 [inline] mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828 bdev_release+0x154/0x654 block/bdev.c:1145 blkdev_release+0x20/0x34 block/fops.c:706 __fput+0x340/0x75c fs/file_table.c:468 ____fput+0x20/0x58 fs/file_table.c:496 task_work_run+0x1dc/0x260 kernel/task_work.c:233 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] __exit_to_user_mode_loop kernel/entry/common.c:44 [inline] exit_to_user_mode_loop+0x10c/0x18c kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] exit_to_user_mode_prepare_legacy include/linux/irq-entry-common.h:242 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:81 [inline] el0_svc+0x17c/0x26c arch/arm64/kernel/entry-common.c:725 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 INFO: task syz.0.17:6754 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.17 state:D stack:0 pid:6754 tgid:6753 ppid:6704 task_flags:0x400140 flags:0x00000011 Call trace: __switch_to+0x418/0x87c arch/arm64/kernel/process.c:742 (T) context_switch kernel/sched/core.c:5256 [inline] __schedule+0x1250/0x2a7c kernel/sched/core.c:6863 __schedule_loop kernel/sched/core.c:6945 [inline] schedule+0xb4/0x230 kernel/sched/core.c:6960 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017 __mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692 __mutex_lock kernel/locking/mutex.c:776 [inline] mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828 bdev_release+0x154/0x654 block/bdev.c:1145 blkdev_release+0x20/0x34 block/fops.c:706 __fput+0x340/0x75c fs/file_table.c:468 ____fput+0x20/0x58 fs/file_table.c:496 task_work_run+0x1dc/0x260 kernel/task_work.c:233 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] __exit_to_user_mode_loop kernel/entry/common.c:44 [inline] exit_to_user_mode_loop+0x10c/0x18c kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] exit_to_user_mode_prepare_legacy include/linux/irq-entry-common.h:242 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:81 [inline] el0_svc+0x17c/0x26c arch/arm64/kernel/entry-common.c:725 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 Showing all locks held in the system: 1 lock held by khungtaskd/32: #0: ffff80008fa5b6e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 include/linux/rcupdate.h:330 2 locks held by pr/ttyAMA-1/43: 2 locks held by getty/6354: #0: ffff0000dbcf00a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340 #1: ffff800099f1e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x34c/0xfc8 drivers/tty/n_tty.c:2211 1 lock held by udevd/6608: #0: ffff0000cbb3e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by udevd/6620: #0: ffff0000cbbfe358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by udevd/6712: #0: ffff0000cc0dc358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by udevd/6713: #0: ffff0000cbb3a358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by udevd/6714: #0: ffff0000cbbfa358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by syz.0.17/6753: #0: ffff0000cbb3a358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.0.17/6754: #0: ffff0000cbb3a358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.1.18/6779: #0: ffff0000cbb3e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.1.18/6780: #0: ffff0000cbb3e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.2.19/6801: #0: ffff0000cbbfa358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.2.19/6802: #0: ffff0000cbbfa358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.3.20/6824: #0: ffff0000cbbfe358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.3.20/6825: #0: ffff0000cbbfe358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by udevd/6831: #0: ffff0000cc0d8358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by syz.4.21/6857: #0: ffff0000cc0d8358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.4.21/6858: #0: ffff0000cc0d8358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by udevd/6868: #0: ffff0000cb68d358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by syz.5.22/6894: #0: ffff0000cb68d358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.5.22/6895: #0: ffff0000cb68d358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.6.23/6926: #0: ffff0000cc0dc358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.6.23/6927: #0: ffff0000cc0dc358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by udevd/6933: #0: ffff0000cc239358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by syz.7.24/6960: #0: ffff0000cc239358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.7.24/6961: #0: ffff0000cc239358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by udevd/6967: #0: ffff0000cc23d358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by syz.8.25/6994: #0: ffff0000cc23d358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.8.25/6995: #0: ffff0000cc23d358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by udevd/7006: #0: ffff0000cc2a0358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xcc/0xc20 block/bdev.c:962 1 lock held by syz.9.26/7032: #0: ffff0000cc2a0358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 1 lock held by syz.9.26/7033: #0: ffff0000cc2a0358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x154/0x654 block/bdev.c:1145 =============================================