INFO: task hung in blk_trace

Date	Name	Commit	Repro	Result
2025/11/15	upstream (ToT)	f824272b6e3f	syz	[report] INFO: task hung in blk_trace_setup

Date

Name

Commit

Repro

Result

2025/11/15

upstream (ToT)

f824272b6e3f

syz

[report] INFO: task hung in blk_trace_setup

Kernel	Title	Rank 🛈	Repro	Cause bisect	Count	Last	Reported	Patched	Status
upstream	INFO: task hung in blk_trace_ioctl block trace	1			3	2566d	2646d	0/29	auto-closed as invalid on 2019/06/04 08:29
upstream	INFO: task hung in blk_trace_ioctl (2) trace block	1			4	2166d	2276d	0/29	auto-closed as invalid on 2020/04/09 23:38
upstream	INFO: task hung in blk_trace_ioctl (3) block trace	1			2	1476d	1541d	0/29	closed as invalid on 2022/02/07 19:19
linux-5.15	INFO: task hung in blk_trace_ioctl	1			1	135d	135d	0/3	auto-obsoleted due to no activity on 2025/11/10 20:19
upstream	INFO: task hung in blk_trace_ioctl (4) block trace	1	C	done	65	1d15h	746d	0/29	upstream: reported C repro on 2023/11/30 21:17
linux-4.19	INFO: task hung in blk_trace_ioctl	1			1	1230d	1230d	0/1	auto-obsoleted due to no activity on 2022/12/01 07:14

Created	Duration	User	Patch	Repo	Result
2025/11/29 13:12	14m	retest repro		linux-5.15.y	report log

Created

Duration

User

Patch

Repo

Result

2025/11/29 13:12

14m

retest repro

linux-5.15.y

report log

INFO: task syz.5.22:4681 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.5.22 state:D stack:28736 pid: 4681 ppid: 4450 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5049 [inline] __schedule+0x11bb/0x4390 kernel/sched/core.c:6395 schedule+0x11b/0x1e0 kernel/sched/core.c:6478 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669 __mutex_lock kernel/locking/mutex.c:729 [inline] mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743 blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 blkdev_common_ioctl+0xfbe/0x1c70 block/ioctl.c:532 blkdev_ioctl+0x295/0x690 block/ioctl.c:598 block_ioctl+0xac/0xf0 block/fops.c:496 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f7fbd6d76c9 RSP: 002b:00007f7fbcd25038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f7fbd92e090 RCX: 00007f7fbd6d76c9 RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000004 RBP: 00007f7fbd759f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f7fbd92e128 R14: 00007f7fbd92e090 R15: 00007ffc0faa3818 </TASK> INFO: task syz.8.25:4688 blocked for more than 144 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.8.25 state:D stack:27872 pid: 4688 ppid: 4469 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5049 [inline] __schedule+0x11bb/0x4390 kernel/sched/core.c:6395 schedule+0x11b/0x1e0 kernel/sched/core.c:6478 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669 __mutex_lock kernel/locking/mutex.c:729 [inline] mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743 blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 blkdev_ioctl+0x153/0x690 block/ioctl.c:593 block_ioctl+0xac/0xf0 block/fops.c:496 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f4681ad46c9 RSP: 002b:00007f4681143038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f4681d2afa0 RCX: 00007f4681ad46c9 RDX: 0000200000000380 RSI: 00000000c0481273 RDI: 0000000000000004 RBP: 00007f4681b56f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f4681d2b038 R14: 00007f4681d2afa0 R15: 00007ffcca705ae8 </TASK> INFO: task syz.8.25:4691 blocked for more than 144 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.8.25 state:D stack:28800 pid: 4691 ppid: 4469 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5049 [inline] __schedule+0x11bb/0x4390 kernel/sched/core.c:6395 schedule+0x11b/0x1e0 kernel/sched/core.c:6478 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669 __mutex_lock kernel/locking/mutex.c:729 [inline] mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743 blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 blkdev_common_ioctl+0xfbe/0x1c70 block/ioctl.c:532 blkdev_ioctl+0x295/0x690 block/ioctl.c:598 block_ioctl+0xac/0xf0 block/fops.c:496 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f4681ad46c9 RSP: 002b:00007f4681122038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f4681d2b090 RCX: 00007f4681ad46c9 RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000004 RBP: 00007f4681b56f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f4681d2b128 R14: 00007f4681d2b090 R15: 00007ffcca705ae8 </TASK> INFO: task syz.9.26:4693 blocked for more than 144 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.9.26 state:D stack:27872 pid: 4693 ppid: 4470 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5049 [inline] __schedule+0x11bb/0x4390 kernel/sched/core.c:6395 schedule+0x11b/0x1e0 kernel/sched/core.c:6478 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669 __mutex_lock kernel/locking/mutex.c:729 [inline] mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743 blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 blkdev_ioctl+0x153/0x690 block/ioctl.c:593 block_ioctl+0xac/0xf0 block/fops.c:496 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f5871bd26c9 RSP: 002b:00007f5871241038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f5871e28fa0 RCX: 00007f5871bd26c9 RDX: 0000200000000380 RSI: 00000000c0481273 RDI: 0000000000000004 RBP: 00007f5871c54f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f5871e29038 R14: 00007f5871e28fa0 R15: 00007ffc45b74e08 </TASK> INFO: task syz.9.26:4694 blocked for more than 145 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.9.26 state:D stack:28800 pid: 4694 ppid: 4470 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5049 [inline] __schedule+0x11bb/0x4390 kernel/sched/core.c:6395 schedule+0x11b/0x1e0 kernel/sched/core.c:6478 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669 __mutex_lock kernel/locking/mutex.c:729 [inline] mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743 blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 blkdev_common_ioctl+0xfbe/0x1c70 block/ioctl.c:532 blkdev_ioctl+0x295/0x690 block/ioctl.c:598 block_ioctl+0xac/0xf0 block/fops.c:496 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f5871bd26c9 RSP: 002b:00007f5871220038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f5871e29090 RCX: 00007f5871bd26c9 RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000004 RBP: 00007f5871c54f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f5871e29128 R14: 00007f5871e29090 R15: 00007ffc45b74e08 </TASK> INFO: task syz.7.24:4699 blocked for more than 145 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.7.24 state:D stack:27872 pid: 4699 ppid: 4468 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5049 [inline] __schedule+0x11bb/0x4390 kernel/sched/core.c:6395 schedule+0x11b/0x1e0 kernel/sched/core.c:6478 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669 __mutex_lock kernel/locking/mutex.c:729 [inline] mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743 blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 blkdev_ioctl+0x153/0x690 block/ioctl.c:593 block_ioctl+0xac/0xf0 block/fops.c:496 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7fd9e31736c9 RSP: 002b:00007fd9e27e2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fd9e33c9fa0 RCX: 00007fd9e31736c9 RDX: 0000200000000380 RSI: 00000000c0481273 RDI: 0000000000000004 RBP: 00007fd9e31f5f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fd9e33ca038 R14: 00007fd9e33c9fa0 R15: 00007ffd30117348 </TASK> INFO: task syz.7.24:4702 blocked for more than 146 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.7.24 state:D stack:28800 pid: 4702 ppid: 4468 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5049 [inline] __schedule+0x11bb/0x4390 kernel/sched/core.c:6395 schedule+0x11b/0x1e0 kernel/sched/core.c:6478 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6537 __mutex_lock_common+0xc71/0x2390 kernel/locking/mutex.c:669 __mutex_lock kernel/locking/mutex.c:729 [inline] mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743 blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 blkdev_common_ioctl+0xfbe/0x1c70 block/ioctl.c:532 blkdev_ioctl+0x295/0x690 block/ioctl.c:598 block_ioctl+0xac/0xf0 block/fops.c:496 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7fd9e31736c9 RSP: 002b:00007fd9e27c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fd9e33ca090 RCX: 00007fd9e31736c9 RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000004 RBP: 00007fd9e31f5f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fd9e33ca128 R14: 00007fd9e33ca090 R15: 00007ffd30117348 </TASK> Showing all locks held in the system: 3 locks held by kworker/0:1/13: #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1 #1: ffffc90000d27d00 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285 #2: ffff88807dc37400 (&nsim_dev->port_list_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x56/0xb40 drivers/net/netdevsim/dev.c:757 1 lock held by khungtaskd/27: #0: ffffffff8c11c760 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 2 locks held by getty/3944: #0: ffff88814c973098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252 #1: ffffc900026562e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5ba/0x1a30 drivers/tty/n_tty.c:2158 3 locks held by kworker/u4:5/4367: 3 locks held by kworker/0:8/4371: #0: ffff88802ac37538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1 #1: ffffc9000366fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285 #2: ffffffff8d238988 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xc4/0x1520 net/ipv6/addrconf.c:4110 2 locks held by kworker/0:10/4373: #0: ffff888016872138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 kernel/workqueue.c:-1 #1: ffffc9000368fd00 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 kernel/workqueue.c:2285 2 locks held by syz.5.22/4680: 1 lock held by syz.5.22/4681: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.8.25/4688: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.8.25/4691: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.9.26/4693: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.9.26/4694: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.7.24/4699: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.7.24/4702: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.1.27/5053: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.1.27/5056: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.2.28/5059: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.2.28/5061: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.3.30/5176: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.3.30/5178: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.0.29/5173: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.0.29/5177: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.4.31/5199: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.4.31/5201: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.6.33/5356: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.6.33/5357: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.5.32/5359: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.5.32/5360: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.7.34/5411: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.7.34/5412: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.8.35/5414: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.8.35/5415: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.9.36/5417: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.9.36/5418: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.1.37/5461: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.1.37/5464: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.2.38/5476: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.2.38/5477: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.0.39/5516: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.0.39/5517: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.3.40/5533: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.3.40/5534: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.4.41/5537: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.4.41/5540: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.6.42/5571: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.6.42/5572: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.5.43/5595: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.5.43/5596: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.7.44/5634: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.7.44/5635: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.8.45/5685: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.8.45/5687: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.9.46/5697: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.9.46/5698: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.1.47/5710: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.1.47/5711: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.2.48/5725: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.2.48/5726: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.0.49/5740: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.0.49/5743: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz-executor/5776: #0: ffffffff8d238988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d238988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7a5/0xe90 net/core/rtnetlink.c:5681 1 lock held by syz.3.50/5794: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.3.50/5799: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 8 locks held by syz-executor/5795: #0: ffff88807f29c460 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x28a/0xd00 fs/read_write.c:590 #1: ffff88807cf0e488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1e5/0x4c0 fs/kernfs/file.c:287 #2: ffff888023275e88 (kn->active#362){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x208/0x4c0 fs/kernfs/file.c:288 #3: ffffffff8cb725e8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xce/0x380 drivers/net/netdevsim/bus.c:344 #4: ffff88817a5f0178 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:764 [inline] #4: ffff88817a5f0178 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1044 [inline] #4: ffff88817a5f0178 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xb0/0x750 drivers/base/dd.c:1259 #5: ffff88807dc37400 (&nsim_dev->port_list_lock){+.+.}-{3:3}, at: nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1359 [inline] #5: ffff88807dc37400 (&nsim_dev->port_list_lock){+.+.}-{3:3}, at: nsim_dev_reload_destroy+0x115/0x240 drivers/net/netdevsim/dev.c:1561 #6: ffffffff8d238988 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x3b/0x150 drivers/net/netdevsim/netdev.c:381 #7: ffffffff8c1211e8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline] #7: ffffffff8c1211e8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x347/0x6b0 kernel/rcu/tree_exp.h:845 2 locks held by syz-executor/5812: #0: ffffffff8d22cd10 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x32e/0x5b0 net/core/net_namespace.c:499 #1: ffffffff8d238988 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x224/0x6b0 net/ipv4/ip_tunnel.c:1083 1 lock held by syz.4.51/5816: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 1 lock held by syz.4.51/5817: #0: ffff88802103a288 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_ioctl+0x108/0x4f0 kernel/trace/blktrace.c:735 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Call Trace: <TASK> dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106 nmi_cpu_backtrace+0x397/0x3d0 lib/nmi_backtrace.c:111 nmi_trigger_cpumask_backtrace+0x163/0x280 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline] watchdog+0xe0f/0xe50 kernel/hung_task.c:369 kthread+0x436/0x520 kernel/kthread.c:334 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287 </TASK> Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 4680 Comm: syz.5.22 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 RIP: 0010:check_region_inline mm/kasan/generic.c:169 [inline] RIP: 0010:kasan_check_range+0xd/0x290 mm/kasan/generic.c:189 Code: c3 0f 0b b8 ea ff ff ff c3 0f 0b b8 ea ff ff ff c3 00 00 cc cc 00 00 cc cc 00 00 cc cc b0 01 48 85 f6 0f 84 a4 01 00 00 41 57 <41> 56 53 49 89 f8 49 01 f0 0f 82 57 02 00 00 49 89 f8 49 c1 e8 2f RSP: 0018:ffffc90002fff470 EFLAGS: 00000202 RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff815bfaab RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8d699d28 RBP: ffffc90002fff5a0 R08: 0000000000000001 R09: 0000000000000000 R10: fffffbfff1ff7c1b R11: 1ffffffff1ff7c1a R12: ffffffff8c1ece60 R13: 1ffff920005ffe9c R14: 0000000000000000 R15: dffffc0000000000 FS: 00007f7fbcd466c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055e5e2973b68 CR3: 0000000199761000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> instrument_atomic_read include/linux/instrumented.h:71 [inline] test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline] cpumask_test_cpu include/linux/cpumask.h:344 [inline] cpu_online include/linux/cpumask.h:895 [inline] trace_lock_acquire include/trace/events/lock.h:13 [inline] lock_acquire+0xbb/0x3f0 kernel/locking/lockdep.c:5594 fs_reclaim_acquire+0x91/0x100 mm/page_alloc.c:4597 prepare_alloc_pages+0x15a/0x5f0 mm/page_alloc.c:5258 __alloc_pages+0x10e/0x470 mm/page_alloc.c:5476 __get_free_pages+0x8/0x30 mm/page_alloc.c:5524 kasan_populate_vmalloc_pte+0x21/0xc0 mm/kasan/shadow.c:266 apply_to_pte_range mm/memory.c:2573 [inline] apply_to_pmd_range mm/memory.c:2617 [inline] apply_to_pud_range mm/memory.c:2653 [inline] apply_to_p4d_range mm/memory.c:2689 [inline] __apply_to_page_range+0x983/0xd10 mm/memory.c:2725 alloc_vmap_area+0x19f7/0x1b20 mm/vmalloc.c:1572 __get_vm_area_node+0x14f/0x2d0 mm/vmalloc.c:2430 get_vm_area_caller mm/vmalloc.c:2473 [inline] vmap+0xd4/0x290 mm/vmalloc.c:2758 relay_alloc_buf kernel/relay.c:129 [inline] relay_create_buf kernel/relay.c:165 [inline] relay_open_buf+0x3e8/0xda0 kernel/relay.c:387 relay_open+0x371/0x8e0 kernel/relay.c:520 do_blk_trace_setup+0x559/0x9d0 kernel/trace/blktrace.c:559 __blk_trace_setup kernel/trace/blktrace.c:599 [inline] blk_trace_ioctl+0x404/0x4f0 kernel/trace/blktrace.c:740 blkdev_ioctl+0x153/0x690 block/ioctl.c:593 block_ioctl+0xac/0xf0 block/fops.c:496 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f7fbd6d76c9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f7fbcd46038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f7fbd92dfa0 RCX: 00007f7fbd6d76c9 RDX: 0000200000000380 RSI: 00000000c0481273 RDI: 0000000000000004 RBP: 00007f7fbd759f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f7fbd92e038 R14: 00007f7fbd92dfa0 R15: 00007ffc0faa3818 </TASK>

Crashes (1):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/11/13 16:39	linux-5.15.y	cc5ec8769306	07e030de	.config	console log	report	syz / log			[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	INFO: task hung in blk_trace_ioctl

Crashes (1):

Assets (help?)