INFO: task syz-executor.1:27755 blocked for more than 143 seconds. Not tainted 5.7.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D28496 27755 2951 0x80004006 Call Trace: context_switch kernel/sched/core.c:3366 [inline] __schedule+0x937/0x1ff0 kernel/sched/core.c:4082 __sched_text_start+0x8/0x8 atomic_try_cmpxchg include/asm-generic/atomic-instrumented.h:694 [inline] queued_spin_lock include/asm-generic/qspinlock.h:78 [inline] do_raw_spin_lock+0x129/0x2e0 kernel/locking/spinlock_debug.c:113 rwlock_bug.part.0+0x90/0x90 include/linux/sched.h:1329 schedule+0xd0/0x2a0 kernel/sched/core.c:4157 rwsem_down_write_slowpath+0x706/0xf90 kernel/locking/rwsem.c:1235 rwsem_mark_wake+0x8d0/0x8d0 include/linux/compiler.h:199 lock_acquire+0x1f2/0x8f0 kernel/locking/lockdep.c:4934 unregister_netdevice_notifier+0x1e/0x170 net/core/dev.c:1844 lock_release+0x800/0x800 kernel/locking/lockdep.c:4689 inode_lock include/linux/fs.h:797 [inline] __sock_release+0x86/0x280 net/socket.c:604 get_signal+0x47b/0x24e0 kernel/signal.c:2739 __sock_release+0x280/0x280 net/socket.c:605 __down_write kernel/locking/rwsem.c:1389 [inline] down_write+0x137/0x150 kernel/locking/rwsem.c:1532 atomic64_try_cmpxchg include/asm-generic/atomic-instrumented.h:1504 [inline] atomic_long_try_cmpxchg_acquire include/asm-generic/atomic-long.h:442 [inline] __down_write kernel/locking/rwsem.c:1387 [inline] down_write+0xb2/0x150 kernel/locking/rwsem.c:1532 __down_write kernel/locking/rwsem.c:1389 [inline] down_write+0x137/0x150 kernel/locking/rwsem.c:1532 __down_timeout+0x2d0/0x2d0 unregister_netdevice_notifier+0x1e/0x170 net/core/dev.c:1844 __sock_release+0x280/0x280 net/socket.c:605 raw_release+0x53/0x730 net/can/raw.c:354 fcntl_setlk+0xcc0/0xcc0 fs/locks.c:2542 __sock_release+0x280/0x280 net/socket.c:605 __sock_release+0xcd/0x280 net/socket.c:605 sock_close+0x18/0x20 net/socket.c:1278 __fput+0x33e/0x880 fs/file_table.c:280 task_work_run+0xf4/0x1b0 kernel/task_work.c:123 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xb34/0x2dd0 kernel/exit.c:796 lock_acquire+0x1f2/0x8f0 kernel/locking/lockdep.c:4934 mm_update_next_owner+0x7a0/0x7a0 kernel/exit.c:375 apparmor_file_alloc_security+0x333/0xb10 security/apparmor/lsm.c:444 lock_downgrade+0x840/0x840 kernel/locking/lockdep.c:4579 atomic_try_cmpxchg include/asm-generic/atomic-instrumented.h:694 [inline] queued_spin_lock include/asm-generic/qspinlock.h:78 [inline] do_raw_spin_lock+0x129/0x2e0 kernel/locking/spinlock_debug.c:113 rwlock_bug.part.0+0x90/0x90 include/linux/sched.h:1329 do_group_exit+0x125/0x340 kernel/exit.c:894 get_signal+0x47b/0x24e0 kernel/signal.c:2739 __get_unused_fd_flags+0x60/0x60 fs/file.c:545 do_signal+0x81/0x2240 arch/x86/kernel/signal.c:784 lock_downgrade+0x840/0x840 kernel/locking/lockdep.c:4579 alloc_file+0x4e0/0x4e0 fs/file_table.c:205 pv_queued_spin_unlock arch/x86/include/asm/paravirt.h:650 [inline] queued_spin_unlock arch/x86/include/asm/qspinlock.h:55 [inline] do_raw_spin_unlock+0x171/0x260 kernel/locking/spinlock_debug.c:139 get_sigframe.isra.0+0x730/0x730 arch/x86/kernel/signal.c:268 rcu_read_unlock_sched include/linux/rcupdate.h:732 [inline] __fd_install+0x1e6/0x600 fs/file.c:613 __sys_socket+0x16d/0x200 net/socket.c:438 move_addr_to_kernel+0x70/0x70 net/socket.c:195 __ia32_sys_clock_settime+0x260/0x260 kernel/time/posix-timers.c:1410 exit_to_usermode_loop+0x26c/0x360 arch/x86/entry/common.c:161 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline] syscall_return_slowpath arch/x86/entry/common.c:279 [inline] do_syscall_64+0x6b1/0x7d0 arch/x86/entry/common.c:305 entry_SYSCALL_64_after_hwframe+0x49/0xb3 INFO: lockdep is turned off. NMI backtrace for cpu 0 CPU: 0 PID: 1143 Comm: khungtaskd Not tainted 5.7.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101 lapic_can_unplug_cpu.cold+0x3b/0x3b nmi_trigger_cpumask_backtrace+0x231/0x27e lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0xa8c/0x1010 kernel/hung_task.c:289 reset_hung_task_detector+0x30/0x30 kernel/hung_task.c:243 kthread+0x388/0x470 kernel/kthread.c:268 kthread_mod_delayed_work+0x1a0/0x1a0 kernel/kthread.c:1090 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 8390 Comm: kworker/u4:7 Not tainted 5.7.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:unwind_next_frame+0x17/0x1df0 arch/x86/kernel/unwind_orc.c:417 Code: 00 4c 89 e7 e8 7a 3d 7f 00 eb e5 0f 1f 84 00 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 41 57 49 89 ff 41 56 41 55 41 54 55 53 <48> 81 ec a0 00 00 00 48 c7 44 24 40 b3 8a b5 41 48 8d 5c 24 40 48 RSP: 0018:ffffc90000da8660 EFLAGS: 00000006 RAX: dffffc0000000000 RBX: ffffc90000da87d8 RCX: ffffc90000da87e0 RDX: ffffc90000da9000 RSI: ffffc90000da8558 RDI: ffffc90000da8750 RBP: 1ffff920001b50d7 R08: 0000000000000001 R09: 0000000000000001 R10: 000000000000cb54 R11: 000000000007001f R12: dffffc0000000000 R13: fffff520001b50ec R14: fffff520001b50eb R15: ffffc90000da8750 FS: 0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007efd4f7db008 CR3: 000000009659f000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __unwind_start+0x51e/0x870 arch/x86/kernel/unwind_orc.c:690 unwind_next_frame+0x1df0/0x1df0 arch/x86/kernel/unwind_orc.c:404 unwind_next_frame+0x538/0x1df0 arch/x86/kernel/unwind_orc.c:611 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351 profile_setup.cold+0xc1/0xc1 unwind_start arch/x86/include/asm/unwind.h:60 [inline] arch_stack_walk+0x5e/0xf0 arch/x86/kernel/stacktrace.c:24 unwind_start arch/x86/include/asm/unwind.h:60 [inline] arch_stack_walk+0x5e/0xf0 arch/x86/kernel/stacktrace.c:24 __netif_receive_skb_core+0x593/0x30e0 net/core/dev.c:5239 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:123 stack_trace_consume_entry+0x160/0x160 kernel/stacktrace.c:93 mark_held_locks+0xe0/0xe0 kernel/locking/lockdep.c:3620 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:123 save_stack+0x1b/0x40 mm/kasan/common.c:49 save_stack+0x1b/0x40 mm/kasan/common.c:49 skb_release_data+0x42e/0x8b0 net/core/skbuff.c:610 skb_release_all+0x46/0x60 net/core/skbuff.c:664 lock_acquire+0x1f2/0x8f0 kernel/locking/lockdep.c:4934 __debug_check_no_obj_freed lib/debugobjects.c:955 [inline] debug_check_no_obj_freed+0xc8/0x449 lib/debugobjects.c:998 do_softirq.part.0+0x10f/0x160 kernel/softirq.c:337 lock_downgrade+0x840/0x840 kernel/locking/lockdep.c:4579 trace_hardirqs_off+0x50/0x220 kernel/trace/trace_preemptirq.c:45 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline] _raw_spin_unlock_irqrestore+0x9b/0xe0 kernel/locking/spinlock.c:191 __debug_check_no_obj_freed lib/debugobjects.c:977 [inline] debug_check_no_obj_freed+0x213/0x449 lib/debugobjects.c:998 __phys_addr+0x9a/0x110 arch/x86/mm/physaddr.c:31 skb_free_head+0x8b/0xa0 net/core/skbuff.c:590 set_track mm/kasan/common.c:57 [inline] kasan_set_free_info mm/kasan/common.c:317 [inline] __kasan_slab_free+0xf7/0x140 mm/kasan/common.c:456 skb_free_head+0x8b/0xa0 net/core/skbuff.c:590 __cache_free mm/slab.c:3426 [inline] kfree+0x109/0x2b0 mm/slab.c:3757 skb_free_head+0x8b/0xa0 net/core/skbuff.c:590 skb_release_data+0x42e/0x8b0 net/core/skbuff.c:610 trace_hardirqs_on+0x55/0x220 kernel/trace/trace_preemptirq.c:31 __netif_receive_skb_core+0x593/0x30e0 net/core/dev.c:5239 skb_release_all+0x46/0x60 net/core/skbuff.c:664 __kfree_skb net/core/skbuff.c:678 [inline] kfree_skb net/core/skbuff.c:696 [inline] kfree_skb+0xfa/0x410 net/core/skbuff.c:690 __netif_receive_skb_core+0x593/0x30e0 net/core/dev.c:5239 do_xdp_generic+0x40/0x40 net/core/dev.c:4742 mark_held_locks+0xe0/0xe0 kernel/locking/lockdep.c:3620 lock_acquire+0x1f2/0x8f0 kernel/locking/lockdep.c:4934 __write_once_size include/linux/compiler.h:226 [inline] __skb_unlink include/linux/skbuff.h:2078 [inline] __skb_dequeue include/linux/skbuff.h:2093 [inline] process_backlog+0x1ad/0x7a0 net/core/dev.c:6202 __netif_receive_skb_one_core+0x99/0x160 net/core/dev.c:5256 __netif_receive_skb_one_core+0x99/0x160 net/core/dev.c:5256 __netif_receive_skb_core+0x30e0/0x30e0 include/linux/skbuff.h:1446 rwlock_bug.part.0+0x90/0x90 include/linux/sched.h:1329 mark_held_locks+0xe0/0xe0 kernel/locking/lockdep.c:3620 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5372 process_backlog+0x21e/0x7a0 net/core/dev.c:6204 lock_acquire+0x1f2/0x8f0 kernel/locking/lockdep.c:4934 check_preemption_disabled lib/smp_processor_id.c:52 [inline] debug_smp_processor_id+0x2f/0x185 lib/smp_processor_id.c:57 napi_poll net/core/dev.c:6649 [inline] net_rx_action+0x4c2/0x1070 net/core/dev.c:6717 napi_busy_loop+0x950/0x950 net/core/dev.c:6460 paravirt_sched_clock arch/x86/include/asm/paravirt.h:22 [inline] sched_clock+0x2a/0x40 arch/x86/kernel/tsc.c:245 sched_clock_cpu+0x18/0x1b0 kernel/sched/clock.c:371 __do_softirq+0x26c/0x9f7 kernel/softirq.c:292 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1082 rcu_read_unlock_bh include/linux/rcupdate.h:686 [inline] __dev_queue_xmit+0x174a/0x3090 net/core/dev.c:4147 do_softirq.part.0+0x10f/0x160 kernel/softirq.c:337 do_softirq kernel/softirq.c:329 [inline] __local_bh_enable_ip+0x20e/0x270 kernel/softirq.c:189 local_bh_enable include/linux/bottom_half.h:32 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:690 [inline] __dev_queue_xmit+0x1778/0x3090 net/core/dev.c:4147 netdev_core_pick_tx+0x2e0/0x2e0 net/core/dev.c:4007 skb_release_data+0x128/0x8b0 net/core/skbuff.c:598 skb_headers_offset_update+0x15a/0x2a0 net/core/skbuff.c:1468 pskb_expand_head+0x558/0x1020 net/core/skbuff.c:1686 batadv_send_skb_packet+0x4a9/0x5f0 net/batman-adv/send.c:108 batadv_send_skb_packet+0x4a9/0x5f0 net/batman-adv/send.c:108 skb_clone+0x1a8/0x3c0 net/core/skbuff.c:1454 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:393 [inline] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:419 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x693/0x7c0 net/batman-adv/bat_iv_ogm.c:1710 process_one_work+0x965/0x16a0 kernel/workqueue.c:2268 lock_release+0x800/0x800 kernel/locking/lockdep.c:4689 pwq_dec_nr_in_flight+0x310/0x310 kernel/workqueue.c:1198 rwlock_bug.part.0+0x90/0x90 include/linux/sched.h:1329 worker_thread+0x96/0xe20 kernel/workqueue.c:2414 process_one_work+0x16a0/0x16a0 kernel/workqueue.c:2273 kthread+0x388/0x470 kernel/kthread.c:268 kthread_mod_delayed_work+0x1a0/0x1a0 kernel/kthread.c:1090 kthread_mod_delayed_work+0x1a0/0x1a0 kernel/kthread.c:1090 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351