INFO: task kworker/1:1:23 blocked for more than 140 seconds.
Not tainted 4.14.277-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/1:1 D26384 23 2 0x80000000
Workqueue: events_power_efficient reg_check_chans_work
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
reg_check_chans_work+0x77/0xd00 net/wireless/reg.c:1655
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Showing all locks held in the system:
3 locks held by kworker/1:1/23:
#0: ("events_power_efficient"){+.+.}, at: [<ffffffff81364f80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((reg_check_chans).work){+.+.}, at: [<ffffffff81364fb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (rtnl_mutex){+.+.}, at: [<ffffffff869e6a97>] reg_check_chans_work+0x77/0xd00 net/wireless/reg.c:1655
1 lock held by khungtaskd/1531:
#0: (tasklist_lock){.+.+}, at: [<ffffffff8702740c>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
3 locks held by kworker/1:2/3303:
#0: ("events"){+.+.}, at: [<ffffffff81364f80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: (deferred_process_work){+.+.}, at: [<ffffffff81364fb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (rtnl_mutex){+.+.}, at: [<ffffffff86fc256a>] switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:150
3 locks held by kworker/0:2/3403:
#0: ("%s"("ipv6_addrconf")){+.+.}, at: [<ffffffff81364f80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&(&ifa->dad_work)->work)){+.+.}, at: [<ffffffff81364fb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (rtnl_mutex){+.+.}, at: [<ffffffff863741b9>] addrconf_dad_work+0x89/0xef0 net/ipv6/addrconf.c:3921
1 lock held by in:imklog/7686:
#0: (&f->f_pos_lock){+.+.}, at: [<ffffffff818d6c6b>] __fdget_pos+0x1fb/0x2b0 fs/file.c:819
1 lock held by syz-fuzzer/7957:
#0: (&mm->mmap_sem){++++}, at: [<ffffffff812418a8>] __do_page_fault+0x7b8/0xad0 arch/x86/mm/fault.c:1378
1 lock held by syz-fuzzer/7964:
#0: (&mm->mmap_sem){++++}, at: [<ffffffff812418a8>] __do_page_fault+0x7b8/0xad0 arch/x86/mm/fault.c:1378
1 lock held by syz-executor.5/7974:
#0: (uevent_sock_mutex){+.+.}, at: [<ffffffff86fe7925>] kobject_uevent_env+0x755/0xf30 lib/kobject_uevent.c:460
1 lock held by syz-executor.4/7978:
#0: (uevent_sock_mutex){+.+.}, at: [<ffffffff86fe7925>] kobject_uevent_env+0x755/0xf30 lib/kobject_uevent.c:460
3 locks held by kworker/1:3/8011:
#0: ("%s"("ipv6_addrconf")){+.+.}, at: [<ffffffff81364f80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((addr_chk_work).work){+.+.}, at: [<ffffffff81364fb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (rtnl_mutex){+.+.}, at: [<ffffffff86371cfa>] addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4416
2 locks held by syz-executor.4/11536:
#0: (&sb->s_type->i_mutex_key#13){+.+.}, at: [<ffffffff85bcb2c6>] inode_lock include/linux/fs.h:719 [inline]
#0: (&sb->s_type->i_mutex_key#13){+.+.}, at: [<ffffffff85bcb2c6>] __sock_release+0x86/0x2b0 net/socket.c:601
#1: (rtnl_mutex){+.+.}, at: [<ffffffff8642a96a>] ip6mr_sk_done+0x3a/0x230 net/ipv6/ip6mr.c:1625
2 locks held by syz-executor.0/11547:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff85c894ed>] rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff85c894ed>] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317
#1: (uevent_sock_mutex){+.+.}, at: [<ffffffff86fe7925>] kobject_uevent_env+0x755/0xf30 lib/kobject_uevent.c:460
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 1531 Comm: khungtaskd Not tainted 4.14.277-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5b9/0xb40 kernel/hung_task.c:274
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 9313 Comm: kworker/u4:6 Not tainted 4.14.277-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_purge_orig
task: ffff8880a9112180 task.stack: ffff8880ab3d0000
RIP: 0010:unwind_next_frame+0xfb0/0x17d0 arch/x86/kernel/unwind_orc.c:474
RSP: 0018:ffff8880ba507a08 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 1ffff110174a0f48 RCX: ffffffff8a6b14a6
RDX: ffff8880ba507b08 RSI: 0000000000000000 RDI: ffffffff8a6b14a8
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
R10: ffff8880ab3d7ca0 R11: 0000000000000001 R12: ffff8880ba507afd
R13: ffff8880ba507b00 R14: ffff8880ba507b18 R15: ffff8880ba507ac8
FS: 0000000000000000(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb84f365f5a CR3: 00000000af938000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
__save_stack_trace+0x90/0x160 arch/x86/kernel/stacktrace.c:44
save_stack mm/kasan/kasan.c:447 [inline]
set_track mm/kasan/kasan.c:459 [inline]
kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551
slab_post_alloc_hook mm/slab.h:442 [inline]
slab_alloc_node mm/slab.c:3333 [inline]
kmem_cache_alloc_node+0x133/0x410 mm/slab.c:3640
__alloc_skb+0x5c/0x510 net/core/skbuff.c:193
alloc_skb include/linux/skbuff.h:980 [inline]
bcm_can_tx+0x1c1/0x680 net/can/bcm.c:300
bcm_tx_timeout_tsklet+0x179/0x320 net/can/bcm.c:427
tasklet_action+0x195/0x340 kernel/softirq.c:513
__do_softirq+0x24d/0x9ff kernel/softirq.c:288
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1016
</IRQ>
do_softirq.part.0+0x154/0x1b0 kernel/softirq.c:332
do_softirq kernel/softirq.c:324 [inline]
__local_bh_enable_ip+0x12b/0x170 kernel/softirq.c:185
spin_unlock_bh include/linux/spinlock.h:362 [inline]
_batadv_purge_orig+0x400/0xef0 net/batman-adv/originator.c:1325
batadv_purge_orig+0x17/0x60 net/batman-adv/originator.c:1338
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: 49 89 f9 41 83 e1 07 45 38 c8 41 0f 9e c1 45 84 c0 41 0f 95 c0 45 84 c1 0f 85 2e 04 00 00 83 e0 07 40 38 c6 41 0f 9e c0 40 84 f6 <0f> 95 c0 41 84 c0 0f 85 15 04 00 00 48 0f bf 71 02 4c 89 ff 4c
----------------
Code disassembly (best guess):
0: 49 89 f9 mov %rdi,%r9
3: 41 83 e1 07 and $0x7,%r9d
7: 45 38 c8 cmp %r9b,%r8b
a: 41 0f 9e c1 setle %r9b
e: 45 84 c0 test %r8b,%r8b
11: 41 0f 95 c0 setne %r8b
15: 45 84 c1 test %r8b,%r9b
18: 0f 85 2e 04 00 00 jne 0x44c
1e: 83 e0 07 and $0x7,%eax
21: 40 38 c6 cmp %al,%sil
24: 41 0f 9e c0 setle %r8b
28: 40 84 f6 test %sil,%sil
* 2b: 0f 95 c0 setne %al <-- trapping instruction
2e: 41 84 c0 test %al,%r8b
31: 0f 85 15 04 00 00 jne 0x44c
37: 48 0f bf 71 02 movswq 0x2(%rcx),%rsi
3c: 4c 89 ff mov %r15,%rdi
3f: 4c rex.WR