sd 0:0:1:0: [sg0] tag#6846 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: [sg0] tag#6846 CDB[20]: ba rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu: (detected by 0, t=10502 jiffies, g=11705, q=543) rcu: All QSes seen, last rcu_preempt kthread activity 10498 (4294959963-4294949465), jiffies_till_next_fqs=1, root ->qsmask 0x0 syz-executor.3 R running task 26816 12202 8128 0x00000000 Call Trace: sched_show_task.cold+0x332/0x396 kernel/sched/core.c:5337 print_other_cpu_stall kernel/rcu/tree.c:1430 [inline] check_cpu_stall kernel/rcu/tree.c:1557 [inline] __rcu_pending kernel/rcu/tree.c:3293 [inline] rcu_pending kernel/rcu/tree.c:3336 [inline] rcu_check_callbacks.cold+0xb37/0xe19 kernel/rcu/tree.c:2682 update_process_times+0x2a/0x70 kernel/time/timer.c:1650 tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:168 tick_sched_timer+0xfc/0x290 kernel/time/tick-sched.c:1278 __run_hrtimer kernel/time/hrtimer.c:1465 [inline] __hrtimer_run_queues+0x3f6/0xe60 kernel/time/hrtimer.c:1527 hrtimer_interrupt+0x326/0x9e0 kernel/time/hrtimer.c:1585 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1071 [inline] smp_apic_timer_interrupt+0x10c/0x550 arch/x86/kernel/apic/apic.c:1096 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:on_stack arch/x86/include/asm/stacktrace.h:46 [inline] RIP: 0010:stack_access_ok arch/x86/kernel/unwind_orc.c:321 [inline] RIP: 0010:deref_stack_reg+0xe0/0x1d0 arch/x86/kernel/unwind_orc.c:331 Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 c7 00 00 00 49 39 ee 49 8b 44 24 10 77 13 48 39 e8 76 0e 48 8d 55 08 48 39 d0 72 05 <49> 39 d6 72 3f 49 8d 7c 24 28 48 b8 00 00 00 00 00 fc ff df 49 8d RSP: 0018:ffff8880691ff420 EFLAGS: 00000216 ORIG_RAX: ffffffffffffff13 RAX: ffff888069200000 RBX: 1ffff1100d23fe85 RCX: 0000000000000000 RDX: ffff8880691ff9e8 RSI: ffff8880691ff9e0 RDI: ffff8880691ff5f8 RBP: ffff8880691ff9e0 R08: ffffffff8bbf8dae R09: ffffffff8bbf8daa R10: ffff8880691ff647 R11: 0000000000074071 R12: ffff8880691ff5e8 R13: ffff8880691ff630 R14: ffff8880691f8000 R15: ffffffff8bbf8daa unwind_next_frame+0x9fc/0x1400 arch/x86/kernel/unwind_orc.c:502 __save_stack_trace+0x9f/0x190 arch/x86/kernel/stacktrace.c:44 save_stack mm/kasan/kasan.c:448 [inline] set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553 kmem_cache_alloc_trace+0x12f/0x380 mm/slab.c:3625 kmalloc include/linux/slab.h:515 [inline] tty_alloc_file drivers/tty/tty_io.c:187 [inline] tty_open+0x138/0x990 drivers/tty/tty_io.c:2023 chrdev_open+0x266/0x770 fs/char_dev.c:423 do_dentry_open+0x4aa/0x1160 fs/open.c:796 do_last fs/namei.c:3421 [inline] path_openat+0x793/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f2ada896049 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2ad920b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007f2ada9a8f60 RCX: 00007f2ada896049 RDX: 0000000000000000 RSI: 0000000020000000 RDI: ffffffffffffff9c RBP: 00007f2ada8f008d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc4214f35f R14: 00007f2ad920b300 R15: 0000000000022000 rcu: rcu_preempt kthread starved for 10498 jiffies! g11705 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 rcu: RCU grace-period kthread stack dump: rcu_preempt R running task 29208 10 2 0x80000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_timeout+0x4cf/0xfe0 kernel/time/timer.c:1818 rcu_gp_kthread+0xdad/0x21c0 kernel/rcu/tree.c:2202 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 BUG: workqueue lockup - pool cpus=0-1 flags=0x4 nice=0 stuck for 222s! systemd[1]: systemd-udevd.service: Watchdog timeout (limit 3min)! Showing busy workqueues and worker pools: workqueue events: flags=0x0 pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=3/256 refcnt=4 pending: defense_work_handler, defense_work_handler, defense_work_handler workqueue events_power_efficient: flags=0x80 pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=6/256 refcnt=7 pending: fb_flashcursor, check_lifetime, neigh_periodic_work, do_cache_clean, gc_worker, neigh_periodic_work workqueue netns: flags=0xe000a pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=5 in-flight: 23:cleanup_net delayed: cleanup_net workqueue writeback: flags=0x4a pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=4 pending: wb_workfn workqueue dm_bufio_cache: flags=0x8 pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 pending: work_fn workqueue ipv6_addrconf: flags=0x40008 pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=2 pending: addrconf_verify_work workqueue krxrpcd: flags=0x0 pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=8 pending: rxrpc_peer_keepalive_worker delayed: rxrpc_peer_keepalive_worker, rxrpc_peer_keepalive_worker, rxrpc_peer_keepalive_worker, rxrpc_peer_keepalive_worker, rxrpc_peer_keepalive_worker, rxrpc_peer_keepalive_worker systemd[1]: systemd-udevd.service: Killing process 4697 (systemd-udevd) with signal SIGABRT. workqueue bat_events: flags=0xe000a pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=57 in-flight: 7360:batadv_nc_worker delayed: batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_mcast_mla_update, batadv_mcast_mla_update, batadv_mcast_mla_update, batadv_mcast_mla_update, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_mcast_mla_update, batadv_mcast_mla_update, batadv_iv_send_outstanding_bat_ogm_packet, batadv_purge_orig, batadv_iv_send_outstanding_bat_ogm_packet, batadv_tt_purge, batadv_tt_purge, batadv_tt_purge, batadv_tt_purge, batadv_tt_purge, batadv_tt_purge, batadv_bla_periodic_work, batadv_bla_periodic_work, batadv_dat_purge, batadv_dat_purge, batadv_bla_periodic_work, batadv_bla_periodic_work , batadv_dat_purge, batadv_dat_purge, batadv_bla_periodic_work, batadv_bla_periodic_work, batadv_dat_purge, batadv_dat_purge, batadv_purge_orig, batadv_purge_orig, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_purge_orig, batadv_purge_orig, batadv_purge_orig, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet, batadv_iv_send_outstanding_bat_ogm_packet workqueue phy2: flags=0xa0002 pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 pending: ieee80211_iface_work workqueue phy3: flags=0xa0002 pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 pending: ieee80211_iface_work workqueue phy4: flags=0xa0002 pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 pending: ieee80211_iface_work workqueue phy5: flags=0xa0002 pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 pending: ieee80211_iface_work workqueue phy6: flags=0xa0002 pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 pending: ieee80211_iface_work workqueue phy7: flags=0xa0002 pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 pending: ieee80211_iface_work workqueue phy8: flags=0xa0002 pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 pending: ieee80211_iface_work workqueue phy9: flags=0xa0002 pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 pending: ieee80211_iface_work workqueue phy11: flags=0xa0002 pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 pending: ieee80211_iface_work workqueue phy12: flags=0xa0002 pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 pending: ieee80211_iface_work workqueue phy14: flags=0xa0002 pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 pending: ieee80211_iface_work workqueue phy15: flags=0xa0002 pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4 pending: ieee80211_iface_work pool 4: cpus=0-1 flags=0x4 nice=0 hung=222s workers=8 idle: 33 7340 3635 7 182 2900 systemd[1]: systemd-udevd.service: Main process exited, code=killed, status=6/ABRT systemd[1]: systemd-udevd.service: Killing process 12171 (systemd-udevd) with signal SIGKILL. systemd[1]: systemd-udevd.service: Killing process 12196 (ifupdown-hotplu) with signal SIGKILL. systemd[1]: systemd-udevd.service: Killing process 12198 (ifquery) with signal SIGKILL. systemd[1]: systemd-udevd.service: Killing process 12199 (grep) with signal SIGKILL. ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 systemd[1]: systemd-journald.service: Main process exited, code=killed, status=6/ABRT systemd[1]: systemd-journald.service: Unit entered failed state. systemd[1]: systemd-journald.service: Failed with result 'watchdog'. sd 0:0:1:0: [sg0] tag#6870 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#6870 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: [sg0] tag#6870 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: [sg0] tag#6870 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: [sg0] tag#6870 CDB[20]: ba sd 0:0:1:0: [sg0] tag#6846 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK systemd-journald[12213]: File /run/log/journal/04d8c135ee6b410280ba31a58c89679d/system.journal corrupted or uncleanly shut down, renaming and replacing. sd 0:0:1:0: [sg0] tag#6846 CDB: opcode=0xe5 (vendor) Bluetooth: hci0: command 0x0406 tx timeout sd 0:0:1:0: [sg0] tag#6846 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c Bluetooth: hci3: command 0x0406 tx timeout sd 0:0:1:0: [sg0] tag#6846 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d Bluetooth: hci4: command 0x0406 tx timeout sd 0:0:1:0: [sg0] tag#6846 CDB[20]: ba Bluetooth: hci1: command 0x0406 tx timeout Bluetooth: hci2: command 0x0406 tx timeout Bluetooth: hci5: command 0x0406 tx timeout sd 0:0:1:0: [sg0] tag#6846 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#6846 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: [sg0] tag#6846 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: [sg0] tag#6846 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: [sg0] tag#6846 CDB[20]: ba sd 0:0:1:0: [sg0] tag#6870 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#6870 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: [sg0] tag#6870 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: [sg0] tag#6870 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: [sg0] tag#6870 CDB[20]: ba sd 0:0:1:0: [sg0] tag#6846 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#6846 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: [sg0] tag#6846 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: [sg0] tag#6846 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: [sg0] tag#6846 CDB[20]: ba sd 0:0:1:0: [sg0] tag#6870 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#6870 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: [sg0] tag#6870 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: [sg0] tag#6870 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: [sg0] tag#6870 CDB[20]: ba sd 0:0:1:0: [sg0] tag#6846 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#6846 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: [sg0] tag#6846 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: [sg0] tag#6846 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: [sg0] tag#6846 CDB[20]: ba sd 0:0:1:0: [sg0] tag#6846 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#6846 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: [sg0] tag#6846 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: [sg0] tag#6846 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: [sg0] tag#6846 CDB[20]: ba IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 chnl_net:caif_netlink_parms(): no params data found chnl_net:caif_netlink_parms(): no params data found chnl_net:caif_netlink_parms(): no params data found Bluetooth: hci1: command 0x0409 tx timeout Bluetooth: hci3: command 0x0409 tx timeout Bluetooth: hci5: command 0x0409 tx timeout Bluetooth: hci4: command 0x0409 tx timeout chnl_net:caif_netlink_parms(): no params data found bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered disabled state device bridge_slave_0 entered promiscuous mode bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_1 entered promiscuous mode bond0: Enslaving bond_slave_0 as an active interface with an up link bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered disabled state device bridge_slave_0 entered promiscuous mode bond0: Enslaving bond_slave_1 as an active interface with an up link bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready team0: Port device team_slave_0 added bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered disabled state device bridge_slave_0 entered promiscuous mode bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready team0: Port device team_slave_1 added bond0: Enslaving bond_slave_0 as an active interface with an up link bond0: Enslaving bond_slave_1 as an active interface with an up link bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered disabled state device bridge_slave_0 entered promiscuous mode bond0: Enslaving bond_slave_0 as an active interface with an up link bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_1 entered promiscuous mode batman_adv: batadv0: Adding interface: batadv_slave_0 batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active bond0: Enslaving bond_slave_1 as an active interface with an up link IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready team0: Port device team_slave_0 added IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready team0: Port device team_slave_1 added batman_adv: batadv0: Adding interface: batadv_slave_1 batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready Bluetooth: hci1: command 0x041b tx timeout batman_adv: batadv0: Adding interface: batadv_slave_0 batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active batman_adv: batadv0: Adding interface: batadv_slave_1 ---------------- Code disassembly (best guess): 0: df 48 89 fisttps -0x77(%rax) 3: fa cli 4: 48 c1 ea 03 shr $0x3,%rdx 8: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) c: 0f 85 c7 00 00 00 jne 0xd9 12: 49 39 ee cmp %rbp,%r14 15: 49 8b 44 24 10 mov 0x10(%r12),%rax 1a: 77 13 ja 0x2f 1c: 48 39 e8 cmp %rbp,%rax 1f: 76 0e jbe 0x2f 21: 48 8d 55 08 lea 0x8(%rbp),%rdx 25: 48 39 d0 cmp %rdx,%rax 28: 72 05 jb 0x2f * 2a: 49 39 d6 cmp %rdx,%r14 <-- trapping instruction 2d: 72 3f jb 0x6e 2f: 49 8d 7c 24 28 lea 0x28(%r12),%rdi 34: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 3b: fc ff df 3e: 49 rex.WB 3f: 8d .byte 0x8d