From: syzbot <syzbot+ed8bc247f231c1a48e21@syzkaller.appspotmail.com>
To: kartikey406@gmail.com, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [block?] general protection fault in bio_add_page
Date: Sat, 21 Mar 2026 19:54:03 -0700 [thread overview]
Message-ID: <69bf59cb.050a0220.3bf4de.006e.GAE@google.com> (raw)
In-Reply-To: <20260322021410.1133285-1-kartikey406@gmail.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in blk_trace_ioctl
INFO: task syz.3.20:6446 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.20 state:D stack:28296 pid:6446 tgid:6441 ppid:6252 task_flags:0x400040 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5298 [inline]
__schedule+0x15dd/0x52d0 kernel/sched/core.c:6911
__schedule_loop kernel/sched/core.c:6993 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7008
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
blk_trace_remove kernel/trace/blktrace.c:561 [inline]
blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
blkdev_common_ioctl+0x13a7/0x3250 block/ioctl.c:724
blkdev_ioctl+0x528/0x740 block/ioctl.c:798
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5c85f9c799
RSP: 002b:00007f5c86de0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f5c86216090 RCX: 00007f5c85f9c799
RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000006
RBP: 00007f5c86032c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5c86216128 R14: 00007f5c86216090 R15: 00007ffe89800468
</TASK>
INFO: task syz.2.19:6447 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.19 state:D stack:28488 pid:6447 tgid:6444 ppid:6250 task_flags:0x400040 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5298 [inline]
__schedule+0x15dd/0x52d0 kernel/sched/core.c:6911
__schedule_loop kernel/sched/core.c:6993 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7008
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
blk_trace_remove kernel/trace/blktrace.c:561 [inline]
blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
blkdev_common_ioctl+0x13a7/0x3250 block/ioctl.c:724
blkdev_ioctl+0x528/0x740 block/ioctl.c:798
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbe8d19c799
RSP: 002b:00007fbe8dfea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fbe8d416090 RCX: 00007fbe8d19c799
RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000006
RBP: 00007fbe8d232c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fbe8d416128 R14: 00007fbe8d416090 R15: 00007ffe5115dce8
</TASK>
INFO: task syz.1.18:6455 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.18 state:D stack:27264 pid:6455 tgid:6454 ppid:6251 task_flags:0x480040 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5298 [inline]
__schedule+0x15dd/0x52d0 kernel/sched/core.c:6911
__schedule_loop kernel/sched/core.c:6993 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7008
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
blk_debugfs_lock block/blk.h:752 [inline]
blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
blk_trace_ioctl+0x37f/0x920 kernel/trace/blktrace.c:937
blkdev_ioctl+0x4c1/0x740 block/ioctl.c:793
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc3e1f9c799
RSP: 002b:00007fc3e2e8f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fc3e2215fa0 RCX: 00007fc3e1f9c799
RDX: 00002000000001c0 RSI: 00000000c0481273 RDI: 0000000000000006
RBP: 00007fc3e2032c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc3e2216038 R14: 00007fc3e2215fa0 R15: 00007ffc215e64d8
</TASK>
INFO: task syz.1.18:6457 blocked for more than 145 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.18 state:D stack:28568 pid:6457 tgid:6454 ppid:6251 task_flags:0x400040 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5298 [inline]
__schedule+0x15dd/0x52d0 kernel/sched/core.c:6911
__schedule_loop kernel/sched/core.c:6993 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7008
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
blk_trace_remove kernel/trace/blktrace.c:561 [inline]
blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
blkdev_common_ioctl+0x13a7/0x3250 block/ioctl.c:724
blkdev_ioctl+0x528/0x740 block/ioctl.c:798
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc3e1f9c799
RSP: 002b:00007fc3e2e6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fc3e2216090 RCX: 00007fc3e1f9c799
RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000006
RBP: 00007fc3e2032c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc3e2216128 R14: 00007fc3e2216090 R15: 00007ffc215e64d8
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/30:
#0: ffffffff8e95e520 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
#0: ffffffff8e95e520 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
#0: ffffffff8e95e520 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
3 locks held by kswapd0/85:
2 locks held by getty/5582:
#0: ffff8880328980a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211
1 lock held by syz.3.20/6446:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
2 locks held by syz.2.19/6445:
1 lock held by syz.2.19/6447:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.1.18/6455:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.1.18/6457:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.4.21/6605:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.4.21/6607:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.5.22/6631:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.5.22/6632:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.7.24/6635:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.7.24/6636:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.6.23/6638:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.6.23/6640:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.8.25/6797:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.8.25/6798:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.0.27/6871:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.0.27/6873:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.1.28/6886:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.1.28/6887:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.9.26/6894:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.9.26/6895:
#0: ffff888026703888
(&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
(&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
(&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.2.29/6961:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.2.29/6963:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.3.30/7027:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.3.30/7028:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.5.32/7049:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.5.32/7050:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.4.31/7053:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.4.31/7054:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.6.33/7074:
#0: ffff888026703888
(&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
(&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
(&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.6.33/7075:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.7.34/7110:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.7.34/7117:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.8.35/7177:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.8.35/7179:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.0.36/7184:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.0.36/7185:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.9.37/7194:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.9.37/7195:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
7 locks held by syz-executor/7198:
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
watchdog+0xfd9/0x1030 kernel/hung_task.c:515
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 7198 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:unwind_next_frame+0x1abd/0x23c0 arch/x86/kernel/unwind_orc.c:695
Code: a3 c9 8b e8 95 3b 2b 00 48 c7 c7 20 e5 95 8e 4c 89 fe e8 06 22 2b 00 e8 51 d1 34 00 89 d8 48 81 c4 98 00 00 00 5b 41 5c 41 5d <41> 5e 41 5f 5d c3 cc cc cc cc cc 4c 8b 7c 24 50 eb 89 c6 05 01 b8
RSP: 0018:ffffc90000a08608 EFLAGS: 00000296
RAX: 0000000090c2b501 RBX: ffffc90000a086e0 RCX: 0000000000000101
RDX: 0000000000000006 RSI: ffffffff8e28800c RDI: ffff88801e343d00
RBP: dffffc0000000000 R08: ffffc90003817008 R09: 0000000000000000
R10: ffffc90000a08678 R11: fffff520001410d1 R12: ffff88801e343d00
R13: 00000000000002c0 R14: ffffc90000a08628 R15: ffffffff8176ce95
FS: 00005555570c1500(0000) GS:ffff888125305000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8cc6b47e20 CR3: 00000001aba1c000 CR4: 00000000003526f0
Call Trace:
<IRQ>
arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
kasan_save_stack mm/kasan/common.c:57 [inline]
kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
unpoison_slab_object mm/kasan/common.c:340 [inline]
__kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366
kasan_slab_alloc include/linux/kasan.h:253 [inline]
slab_post_alloc_hook mm/slub.c:4538 [inline]
slab_alloc_node mm/slub.c:4866 [inline]
kmem_cache_alloc_node_noprof+0x384/0x690 mm/slub.c:4918
kmalloc_reserve net/core/skbuff.c:613 [inline]
__alloc_skb+0x27d/0x7d0 net/core/skbuff.c:713
__netdev_alloc_skb+0xc1/0x810 net/core/skbuff.c:775
netdev_alloc_skb include/linux/skbuff.h:3485 [inline]
dev_alloc_skb include/linux/skbuff.h:3498 [inline]
__ieee80211_beacon_get+0xc06/0x1880 net/mac80211/tx.c:5658
ieee80211_beacon_get_tim+0xbd/0x2c0 net/mac80211/tx.c:5780
ieee80211_beacon_get include/net/mac80211.h:5720 [inline]
mac80211_hwsim_beacon_tx+0x3c5/0x870 drivers/net/wireless/virtual/mac80211_hwsim.c:2361
__iterate_interfaces+0x2ab/0x590 net/mac80211/util.c:760
ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 net/mac80211/util.c:796
mac80211_hwsim_beacon+0xbb/0x180 drivers/net/wireless/virtual/mac80211_hwsim.c:2395
__run_hrtimer kernel/time/hrtimer.c:1785 [inline]
__hrtimer_run_queues+0x53a/0xcc0 kernel/time/hrtimer.c:1849
hrtimer_run_softirq+0x182/0x5a0 kernel/time/hrtimer.c:1866
handle_softirqs+0x22a/0x870 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:console_flush_one_record arch/x86/include/asm/irqflags.h:-1 [inline]
RIP: 0010:console_flush_all+0x801/0xb20 kernel/printk/printk.c:3343
Code: ff ff e8 a2 f0 20 00 90 0f 0b 90 e9 85 fc ff ff e8 94 f0 20 00 e8 1f d2 14 0a 48 85 db 74 c0 e8 85 f0 20 00 fb 48 8b 5c 24 08 <48> 8b 44 24 20 42 80 3c 20 00 4c 8b 74 24 18 74 08 4c 89 f7 e8 96
RSP: 0018:ffffc90003816c80 EFLAGS: 00000293
RAX: ffffffff81a5007b RBX: ffffc90003816de0 RCX: ffff88801e343d00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003816d90 R08: ffffffff9033aeb7 R09: 1ffffffff20675d6
R10: dffffc0000000000 R11: fffffbfff20675d7 R12: dffffc0000000000
R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff8f229520
__console_flush_and_unlock kernel/printk/printk.c:3373 [inline]
console_unlock+0xd1/0x1c0 kernel/printk/printk.c:3413
vprintk_emit+0x485/0x560 kernel/printk/printk.c:2479
_printk+0xdd/0x130 kernel/printk/printk.c:2504
hsr_dev_finalize+0x906/0xaa0 net/hsr/hsr_device.c:812
hsr_newlink+0x7ea/0x970 net/hsr/hsr_netlink.c:128
rtnl_newlink_create+0x329/0xb70 net/core/rtnetlink.c:3840
__rtnl_newlink net/core/rtnetlink.c:3957 [inline]
rtnl_newlink+0x1666/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
__sys_sendto+0x672/0x710 net/socket.c:2206
__do_sys_sendto net/socket.c:2213 [inline]
__se_sys_sendto net/socket.c:2209 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2209
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8cc5d5cfce
Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
RSP: 002b:00007ffe0b9193b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00005555570c1500 RCX: 00007f8cc5d5cfce
RDX: 0000000000000058 RSI: 00007f8cc6b44670 RDI: 0000000000000003
RBP: 0000000000000001 R08: 00007ffe0b919434 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f8cc6b44670 R15: 0000000000000000
</TASK>
Tested on:
commit: 113ae7b4 Merge tag 'hwmon-for-v7.0-rc5' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=140bccba580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a583012a914ba435
dashboard link: https://syzkaller.appspot.com/bug?extid=ed8bc247f231c1a48e21
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=107281d6580000
next parent reply other threads:[~2026-03-22 2:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260322021410.1133285-1-kartikey406@gmail.com>
2026-03-22 2:54 ` syzbot [this message]
[not found] <20260322044138.1136657-1-kartikey406@gmail.com>
2026-03-22 5:02 ` [syzbot] [block?] general protection fault in bio_add_page syzbot
[not found] <20260321121459.1128687-1-kartikey406@gmail.com>
2026-03-21 12:42 ` syzbot
[not found] <20260321083622.1124160-1-kartikey406@gmail.com>
2026-03-21 10:42 ` syzbot
2026-03-20 22:44 syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69bf59cb.050a0220.3bf4de.006e.GAE@google.com \
--to=syzbot+ed8bc247f231c1a48e21@syzkaller.appspotmail.com \
--cc=kartikey406@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.