INFO: task kworker/u4:6:240 blocked for more than 143 seconds. Not tainted 5.12.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:6 state:D stack:25808 pid: 240 ppid: 2 flags:0x00004000 Workqueue: events_unbound io_ring_exit_work Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0x90c/0x21a0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_timeout+0x1db/0x250 kernel/time/timer.c:1868 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x168/0x270 kernel/sched/completion.c:138 io_ring_exit_work+0x245/0xcf0 fs/io_uring.c:8559 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Showing all locks held in the system: 2 locks held by kworker/u4:6/240: #0: ffff888010869138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010869138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888010869138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888010869138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888010869138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888010869138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900019cfda8 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 1 lock held by khungtaskd/1638: #0: ffffffff8bf74260 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6327 1 lock held by in:imklog/8359: #0: ffff8880185f1c70 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:961 1 lock held by syz-executor.4/25892: ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1638 Comm: khungtaskd Not tainted 5.12.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0xd48/0xfb0 kernel/hung_task.c:294 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 25892 Comm: syz-executor.4 Not tainted 5.12.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:native_apic_mem_write+0x8/0x10 arch/x86/include/asm/apic.h:110 Code: c7 40 39 38 8f e8 e8 b5 85 00 eb b0 66 0f 1f 44 00 00 be 01 00 00 00 e9 a6 9b 2c 00 cc cc cc cc cc cc 89 ff 89 b7 00 c0 5f ff 0f 1f 80 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 53 89 fb 48 RSP: 0018:ffffc90000007960 EFLAGS: 00000046 RAX: dffffc0000000000 RBX: ffffffff8b0ba8c0 RCX: 0000000000000020 RDX: 1ffffffff161751a RSI: 000000000000003e RDI: 0000000000000380 RBP: ffff8880b9c1f2c0 R08: 000000000000003f R09: 0000000000000000 R10: ffffffff8166a737 R11: 0000000000000000 R12: 000000000000003e R13: 0000000000000020 R14: ffff8880b9c26340 R15: 7fffffffffffffff FS: 00007f1b160df700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb76f297000 CR3: 0000000070b4b000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: apic_write arch/x86/include/asm/apic.h:393 [inline] lapic_next_event+0x4d/0x80 arch/x86/kernel/apic/apic.c:472 clockevents_program_event+0x254/0x370 kernel/time/clockevents.c:334 tick_program_event+0xac/0x140 kernel/time/tick-oneshot.c:44 hrtimer_interrupt+0x414/0xa00 kernel/time/hrtimer.c:1676 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1089 [inline] __sysvec_apic_timer_interrupt+0x146/0x540 arch/x86/kernel/apic/apic.c:1106 sysvec_apic_timer_interrupt+0x40/0xc0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632 RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0x38/0x70 kernel/locking/spinlock.c:191 Code: 74 24 10 e8 1a 2c 51 f8 48 89 ef e8 42 e2 51 f8 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 03 dd 45 f8 65 8b 05 7c be f9 76 85 c0 74 0a 5b 5d c3 e8 c0 69 RSP: 0018:ffffc90000007b78 EFLAGS: 00000206 RAX: 0000000000000002 RBX: 0000000000000200 RCX: 1ffffffff1f5ac3a RDX: 0000000000000000 RSI: 0000000000000103 RDI: 0000000000000001 RBP: ffff88806b5914d0 R08: 0000000000000001 R09: ffffffff8fab08c7 R10: 0000000000000001 R11: 0000000000000000 R12: ffff888014e43780 R13: ffff888070183410 R14: ffff8880701831e0 R15: 0000000000047918 ieee80211_rx_irqsafe+0x5a/0xb0 net/mac80211/rx.c:4866 mac80211_hwsim_tx_frame_no_nl.isra.0+0xc36/0x1330 drivers/net/wireless/mac80211_hwsim.c:1579 mac80211_hwsim_tx_frame+0x14f/0x1e0 drivers/net/wireless/mac80211_hwsim.c:1775 mac80211_hwsim_beacon_tx+0x4ba/0x910 drivers/net/wireless/mac80211_hwsim.c:1829 __iterate_interfaces+0x1e5/0x520 net/mac80211/util.c:793 ieee80211_iterate_active_interfaces_atomic+0x8d/0x170 net/mac80211/util.c:829 mac80211_hwsim_beacon+0xd5/0x1a0 drivers/net/wireless/mac80211_hwsim.c:1852 __run_hrtimer kernel/time/hrtimer.c:1537 [inline] __hrtimer_run_queues+0x609/0xe40 kernel/time/hrtimer.c:1601 hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1618 __do_softirq+0x29b/0x9f6 kernel/softirq.c:345 invoke_softirq kernel/softirq.c:221 [inline] __irq_exit_rcu kernel/softirq.c:422 [inline] irq_exit_rcu+0x134/0x200 kernel/softirq.c:434 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632 RIP: 0010:unwind_next_frame+0x34f/0x1ce0 arch/x86/kernel/unwind_orc.c:456 Code: e8 96 f5 ff ff 49 89 c0 4d 85 c0 0f 84 39 02 00 00 4d 8d 78 04 48 b8 00 00 00 00 00 fc ff df 4c 89 fa 48 c1 ea 03 0f b6 04 02 <4c> 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 1e 09 00 00 41 0f b6 40 RSP: 0018:ffffc9001655f2f8 EFLAGS: 00000a06 RAX: 0000000000000000 RBX: 1ffff92002cabe67 RCX: ffffffff89200067 RDX: 1ffffffff1da4209 RSI: ffffffff8ed21040 RDI: ffffffff8e355e88 RBP: 0000000000000001 R08: ffffffff8ed21046 R09: ffffffff8ed21040 R10: fffff52002cabe85 R11: 0000000000084087 R12: ffffc9001655f418 R13: ffffc9001655f405 R14: ffffc9001655f3d0 R15: ffffffff8ed2104a arch_stack_walk+0x7d/0xe0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track+0x1c/0x30 mm/kasan/common.c:46 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:357 ____kasan_slab_free mm/kasan/common.c:360 [inline] ____kasan_slab_free mm/kasan/common.c:325 [inline] __kasan_slab_free+0xf5/0x130 mm/kasan/common.c:367 kasan_slab_free include/linux/kasan.h:199 [inline] slab_free_hook mm/slub.c:1562 [inline] slab_free_freelist_hook+0x92/0x210 mm/slub.c:1600 slab_free mm/slub.c:3161 [inline] kfree+0xe5/0x7f0 mm/slub.c:4213 tomoyo_check_open_permission+0x172/0x380 security/tomoyo/file.c:786 tomoyo_file_open security/tomoyo/tomoyo.c:313 [inline] tomoyo_file_open+0xa3/0xd0 security/tomoyo/tomoyo.c:308 security_file_open+0x52/0x4f0 security/security.c:1589 do_dentry_open+0x358/0x11b0 fs/open.c:813 do_open fs/namei.c:3365 [inline] path_openat+0x1c0e/0x27e0 fs/namei.c:3498 do_filp_open+0x17e/0x3c0 fs/namei.c:3525 do_sys_openat2+0x16d/0x420 fs/open.c:1187 do_sys_open fs/open.c:1203 [inline] __do_sys_openat fs/open.c:1219 [inline] __se_sys_openat fs/open.c:1214 [inline] __x64_sys_openat+0x13f/0x1f0 fs/open.c:1214 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x419554 Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 RSP: 002b:00007f1b160df060 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000419554 RDX: 0000000000000000 RSI: 00007f1b160df0f0 RDI: 00000000ffffff9c RBP: 00007f1b160df0f0 R08: 0000000000000000 R09: 00007f1b160def70 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 0000000000a9fb1f R14: 00007f1b160df300 R15: 0000000000022000