From: syzbot <syzbot+ed8bc247f231c1a48e21@syzkaller.appspotmail.com>
To: kartikey406@gmail.com, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [block?] general protection fault in bio_add_page
Date: Sat, 21 Mar 2026 19:54:03 -0700 [thread overview]
Message-ID: <69bf59cb.050a0220.3bf4de.006e.GAE@google.com> (raw)
In-Reply-To: <20260322021410.1133285-1-kartikey406@gmail.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in blk_trace_ioctl
INFO: task syz.3.20:6446 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.20 state:D stack:28296 pid:6446 tgid:6441 ppid:6252 task_flags:0x400040 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5298 [inline]
__schedule+0x15dd/0x52d0 kernel/sched/core.c:6911
__schedule_loop kernel/sched/core.c:6993 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7008
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
blk_trace_remove kernel/trace/blktrace.c:561 [inline]
blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
blkdev_common_ioctl+0x13a7/0x3250 block/ioctl.c:724
blkdev_ioctl+0x528/0x740 block/ioctl.c:798
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5c85f9c799
RSP: 002b:00007f5c86de0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f5c86216090 RCX: 00007f5c85f9c799
RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000006
RBP: 00007f5c86032c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5c86216128 R14: 00007f5c86216090 R15: 00007ffe89800468
</TASK>
INFO: task syz.2.19:6447 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.19 state:D stack:28488 pid:6447 tgid:6444 ppid:6250 task_flags:0x400040 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5298 [inline]
__schedule+0x15dd/0x52d0 kernel/sched/core.c:6911
__schedule_loop kernel/sched/core.c:6993 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7008
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
blk_trace_remove kernel/trace/blktrace.c:561 [inline]
blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
blkdev_common_ioctl+0x13a7/0x3250 block/ioctl.c:724
blkdev_ioctl+0x528/0x740 block/ioctl.c:798
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbe8d19c799
RSP: 002b:00007fbe8dfea028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fbe8d416090 RCX: 00007fbe8d19c799
RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000006
RBP: 00007fbe8d232c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fbe8d416128 R14: 00007fbe8d416090 R15: 00007ffe5115dce8
</TASK>
INFO: task syz.1.18:6455 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.18 state:D stack:27264 pid:6455 tgid:6454 ppid:6251 task_flags:0x480040 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5298 [inline]
__schedule+0x15dd/0x52d0 kernel/sched/core.c:6911
__schedule_loop kernel/sched/core.c:6993 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7008
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
blk_debugfs_lock block/blk.h:752 [inline]
blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
blk_trace_ioctl+0x37f/0x920 kernel/trace/blktrace.c:937
blkdev_ioctl+0x4c1/0x740 block/ioctl.c:793
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc3e1f9c799
RSP: 002b:00007fc3e2e8f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fc3e2215fa0 RCX: 00007fc3e1f9c799
RDX: 00002000000001c0 RSI: 00000000c0481273 RDI: 0000000000000006
RBP: 00007fc3e2032c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc3e2216038 R14: 00007fc3e2215fa0 R15: 00007ffc215e64d8
</TASK>
INFO: task syz.1.18:6457 blocked for more than 145 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.18 state:D stack:28568 pid:6457 tgid:6454 ppid:6251 task_flags:0x400040 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5298 [inline]
__schedule+0x15dd/0x52d0 kernel/sched/core.c:6911
__schedule_loop kernel/sched/core.c:6993 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7008
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
blk_trace_remove kernel/trace/blktrace.c:561 [inline]
blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
blkdev_common_ioctl+0x13a7/0x3250 block/ioctl.c:724
blkdev_ioctl+0x528/0x740 block/ioctl.c:798
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc3e1f9c799
RSP: 002b:00007fc3e2e6e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fc3e2216090 RCX: 00007fc3e1f9c799
RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000006
RBP: 00007fc3e2032c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc3e2216128 R14: 00007fc3e2216090 R15: 00007ffc215e64d8
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/30:
#0: ffffffff8e95e520 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
#0: ffffffff8e95e520 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
#0: ffffffff8e95e520 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
3 locks held by kswapd0/85:
2 locks held by getty/5582:
#0: ffff8880328980a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211
1 lock held by syz.3.20/6446:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
2 locks held by syz.2.19/6445:
1 lock held by syz.2.19/6447:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.1.18/6455:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.1.18/6457:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.4.21/6605:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.4.21/6607:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.5.22/6631:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.5.22/6632:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.7.24/6635:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.7.24/6636:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.6.23/6638:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.6.23/6640:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.8.25/6797:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.8.25/6798:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.0.27/6871:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.0.27/6873:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.1.28/6886:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.1.28/6887:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.9.26/6894:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.9.26/6895:
#0: ffff888026703888
(&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
(&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
(&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.2.29/6961:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.2.29/6963:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.3.30/7027:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.3.30/7028:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.5.32/7049:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.5.32/7050:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.4.31/7053:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.4.31/7054:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.6.33/7074:
#0: ffff888026703888
(&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
(&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
(&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.6.33/7075:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.7.34/7110:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.7.34/7117:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.8.35/7177:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.8.35/7179:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.0.36/7184:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.0.36/7185:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
1 lock held by syz.9.37/7194:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:788
1 lock held by syz.9.37/7195:
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove kernel/trace/blktrace.c:561 [inline]
#0: ffff888026703888 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x39a/0x920 kernel/trace/blktrace.c:952
7 locks held by syz-executor/7198:
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
watchdog+0xfd9/0x1030 kernel/hung_task.c:515
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 7198 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:unwind_next_frame+0x1abd/0x23c0 arch/x86/kernel/unwind_orc.c:695
Code: a3 c9 8b e8 95 3b 2b 00 48 c7 c7 20 e5 95 8e 4c 89 fe e8 06 22 2b 00 e8 51 d1 34 00 89 d8 48 81 c4 98 00 00 00 5b 41 5c 41 5d <41> 5e 41 5f 5d c3 cc cc cc cc cc 4c 8b 7c 24 50 eb 89 c6 05 01 b8
RSP: 0018:ffffc90000a08608 EFLAGS: 00000296
RAX: 0000000090c2b501 RBX: ffffc90000a086e0 RCX: 0000000000000101
RDX: 0000000000000006 RSI: ffffffff8e28800c RDI: ffff88801e343d00
RBP: dffffc0000000000 R08: ffffc90003817008 R09: 0000000000000000
R10: ffffc90000a08678 R11: fffff520001410d1 R12: ffff88801e343d00
R13: 00000000000002c0 R14: ffffc90000a08628 R15: ffffffff8176ce95
FS: 00005555570c1500(0000) GS:ffff888125305000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8cc6b47e20 CR3: 00000001aba1c000 CR4: 00000000003526f0
Call Trace:
<IRQ>
arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
kasan_save_stack mm/kasan/common.c:57 [inline]
kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
unpoison_slab_object mm/kasan/common.c:340 [inline]
__kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366
kasan_slab_alloc include/linux/kasan.h:253 [inline]
slab_post_alloc_hook mm/slub.c:4538 [inline]
slab_alloc_node mm/slub.c:4866 [inline]
kmem_cache_alloc_node_noprof+0x384/0x690 mm/slub.c:4918
kmalloc_reserve net/core/skbuff.c:613 [inline]
__alloc_skb+0x27d/0x7d0 net/core/skbuff.c:713
__netdev_alloc_skb+0xc1/0x810 net/core/skbuff.c:775
netdev_alloc_skb include/linux/skbuff.h:3485 [inline]
dev_alloc_skb include/linux/skbuff.h:3498 [inline]
__ieee80211_beacon_get+0xc06/0x1880 net/mac80211/tx.c:5658
ieee80211_beacon_get_tim+0xbd/0x2c0 net/mac80211/tx.c:5780
ieee80211_beacon_get include/net/mac80211.h:5720 [inline]
mac80211_hwsim_beacon_tx+0x3c5/0x870 drivers/net/wireless/virtual/mac80211_hwsim.c:2361
__iterate_interfaces+0x2ab/0x590 net/mac80211/util.c:760
ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 net/mac80211/util.c:796
mac80211_hwsim_beacon+0xbb/0x180 drivers/net/wireless/virtual/mac80211_hwsim.c:2395
__run_hrtimer kernel/time/hrtimer.c:1785 [inline]
__hrtimer_run_queues+0x53a/0xcc0 kernel/time/hrtimer.c:1849
hrtimer_run_softirq+0x182/0x5a0 kernel/time/hrtimer.c:1866
handle_softirqs+0x22a/0x870 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:console_flush_one_record arch/x86/include/asm/irqflags.h:-1 [inline]
RIP: 0010:console_flush_all+0x801/0xb20 kernel/printk/printk.c:3343
Code: ff ff e8 a2 f0 20 00 90 0f 0b 90 e9 85 fc ff ff e8 94 f0 20 00 e8 1f d2 14 0a 48 85 db 74 c0 e8 85 f0 20 00 fb 48 8b 5c 24 08 <48> 8b 44 24 20 42 80 3c 20 00 4c 8b 74 24 18 74 08 4c 89 f7 e8 96
RSP: 0018:ffffc90003816c80 EFLAGS: 00000293
RAX: ffffffff81a5007b RBX: ffffc90003816de0 RCX: ffff88801e343d00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003816d90 R08: ffffffff9033aeb7 R09: 1ffffffff20675d6
R10: dffffc0000000000 R11: fffffbfff20675d7 R12: dffffc0000000000
R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff8f229520
__console_flush_and_unlock kernel/printk/printk.c:3373 [inline]
console_unlock+0xd1/0x1c0 kernel/printk/printk.c:3413
vprintk_emit+0x485/0x560 kernel/printk/printk.c:2479
_printk+0xdd/0x130 kernel/printk/printk.c:2504
hsr_dev_finalize+0x906/0xaa0 net/hsr/hsr_device.c:812
hsr_newlink+0x7ea/0x970 net/hsr/hsr_netlink.c:128
rtnl_newlink_create+0x329/0xb70 net/core/rtnetlink.c:3840
__rtnl_newlink net/core/rtnetlink.c:3957 [inline]
rtnl_newlink+0x1666/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
__sys_sendto+0x672/0x710 net/socket.c:2206
__do_sys_sendto net/socket.c:2213 [inline]
__se_sys_sendto net/socket.c:2209 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2209
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8cc5d5cfce
Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
RSP: 002b:00007ffe0b9193b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00005555570c1500 RCX: 00007f8cc5d5cfce
RDX: 0000000000000058 RSI: 00007f8cc6b44670 RDI: 0000000000000003
RBP: 0000000000000001 R08: 00007ffe0b919434 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f8cc6b44670 R15: 0000000000000000
</TASK>
Tested on:
commit: 113ae7b4 Merge tag 'hwmon-for-v7.0-rc5' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=140bccba580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a583012a914ba435
dashboard link: https://syzkaller.appspot.com/bug?extid=ed8bc247f231c1a48e21
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=107281d6580000
next parent reply other threads:[~2026-03-22 2:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260322021410.1133285-1-kartikey406@gmail.com>
2026-03-22 2:54 ` syzbot [this message]
[not found] <20260322044138.1136657-1-kartikey406@gmail.com>
2026-03-22 5:02 ` [syzbot] [block?] general protection fault in bio_add_page syzbot
[not found] <20260321121459.1128687-1-kartikey406@gmail.com>
2026-03-21 12:42 ` syzbot
[not found] <20260321083622.1124160-1-kartikey406@gmail.com>
2026-03-21 10:42 ` syzbot
2026-03-20 22:44 syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69bf59cb.050a0220.3bf4de.006e.GAE@google.com \
--to=syzbot+ed8bc247f231c1a48e21@syzkaller.appspotmail.com \
--cc=kartikey406@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox