0 pages cma reserved Out of memory: Kill process 23941 (syz-executor.2) score 1007 or sacrifice child Killed process 23941 (syz-executor.2) total-vm:93940kB, anon-rss:16488kB, file-rss:34608kB, shmem-rss:0kB INFO: task kworker/u4:9:23935 blocked for more than 140 seconds. Not tainted 4.14.193-syzkaller #0 oom_reaper: reaped process 23941 (syz-executor.2), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:9 D27480 23935 23708 0x80000000 Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3384 systemd[1]: systemd-journald.service: Main process exited, code=killed, status=6/ABRT do_task_dead+0xc3/0xf0 kernel/sched/core.c:3401 do_exit+0x15f0/0x27f0 kernel/exit.c:916 systemd[1]: systemd-journald.service: Unit entered failed state. systemd[1]: systemd-journald.service: Failed with result 'watchdog'. systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart. do_group_exit+0x100/0x2e0 kernel/exit.c:962 SYSC_exit_group kernel/exit.c:973 [inline] SyS_exit_group+0x19/0x20 kernel/exit.c:971 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f8405bef618 RSP: 002b:00007ffe307b43a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f8405bef618 systemd[1]: Stopped Flush Journal to Persistent Storage. systemd[1]: Stopping Flush Journal to Persistent Storage... RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 systemd[1]: Stopped Journal Service. RBP: 00007f8405ecc8e0 R08: 00000000000000e7 R09: ffffffffffffff98 R10: 00007ffe307b4328 R11: 0000000000000246 R12: 00007f8405ecc8e0 R13: 00007f8405ed1c20 R14: 0000000000000000 R15: 0000000000000000 systemd[1]: Starting Journal Service... Showing all locks held in the system: 2 locks held by kworker/0:0/3: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:1/23: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 1 lock held by khungtaskd/1068: #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548 2 locks held by kworker/1:2/2739: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:2/2874: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:3/3668: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by agetty/6073: #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e3/0x1680 drivers/tty/n_tty.c:2156 1 lock held by syz-fuzzer/6359: #0: (&ei->i_mmap_sem){++++}, at: [] ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6237 1 lock held by syz-fuzzer/6363: #0: (&ei->i_mmap_sem){++++}, at: [] ext4_filemap_fault+0x7c/0xb0 fs/ext4/inode.c:6237 2 locks held by kworker/1:3/7366: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:4/7481: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:4/7567: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/u4:1/3866: #0: ("events_unbound"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((reaper_work).work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:0/4291: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/u4:7/7972: #0: ("events_unbound"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: (connector_reaper_work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:5/8938: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:6/8943: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:1/9050: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:5/10427: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:6/14192: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:7/19340: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:7/19634: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:8/21418: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:8/21421: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:9/21422: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:9/21423: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:10/21424: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:11/21425: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:12/21426: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:10/21427: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:13/21428: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:14/21429: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:15/21430: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:11/21431: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:16/21432: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:12/21433: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:17/21434: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:13/21435: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:18/21436: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 3 locks held by kworker/0:19/21437: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 #2: (rcu_preempt_state.exp_mutex){+.+.}, at: [] exp_funnel_lock kernel/rcu/tree_exp.h:305 [inline] #2: (rcu_preempt_state.exp_mutex){+.+.}, at: [] _synchronize_rcu_expedited+0x32d/0x770 kernel/rcu/tree_exp.h:596 2 locks held by kworker/1:14/21438: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:20/21439: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:15/21440: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:21/21441: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:16/21442: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:22/21443: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:17/21444: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:23/21445: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:18/21446: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:24/21447: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:19/21448: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:20/21449: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:21/21450: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:22/21451: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:23/21452: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:24/21453: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:25/21454: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 3 locks held by syz-executor.0/23630: #0: (&hdev->req_lock){+.+.}, at: [] hci_dev_do_close+0xfd/0xc50 net/bluetooth/hci_core.c:1576 #1: (&hdev->lock){+.+.}, at: [] hci_dev_do_close+0x210/0xc50 net/bluetooth/hci_core.c:1607 #2: (hci_cb_list_lock){+.+.}, at: [] hci_disconn_cfm include/net/bluetooth/hci_core.h:1223 [inline] #2: (hci_cb_list_lock){+.+.}, at: [] hci_conn_hash_flush+0xc7/0x220 net/bluetooth/hci_conn.c:1376 2 locks held by kworker/0:25/23979: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:26/23980: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:26/23981: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:27/23982: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:27/23983: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:28/23984: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:28/23985: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:29/23986: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:29/23987: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:30/23988: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:30/23990: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:31/23991: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:32/23992: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:31/23993: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:32/23995: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:33/23996: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:34/23997: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:33/23998: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:34/23999: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:35/24000: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:35/24001: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:36/24002: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:36/24003: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:37/24004: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:37/24005: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:38/24006: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:38/24007: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:39/24008: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:39/24009: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:40/24010: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:40/24011: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:41/24012: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:41/24013: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:42/24014: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:42/24015: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:43/24016: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:43/24017: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:44/24018: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:44/24019: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:45/24020: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:46/24021: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:45/24022: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:47/24023: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 3 locks held by kworker/0:48/24024: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 #2: (rcu_preempt_state.exp_mutex){+.+.}, at: [] exp_funnel_lock kernel/rcu/tree_exp.h:305 [inline] #2: (rcu_preempt_state.exp_mutex){+.+.}, at: [] _synchronize_rcu_expedited+0x32d/0x770 kernel/rcu/tree_exp.h:596 2 locks held by kworker/1:46/24025: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:49/24026: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/1:47/24028: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:50/24029: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:51/24031: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 2 locks held by kworker/0:52/24032: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&ns->proc_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1068 Comm: khungtaskd Not tainted 4.14.193-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x283 lib/dump_stack.c:58 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x13a/0x17f lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline] watchdog+0x5b9/0xb40 kernel/hung_task.c:274 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 6071 Comm: rs:main Q:Reg Not tainted 4.14.193-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88809737c380 task.stack: ffff8880957a8000 RIP: 0010:percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:47 [inline] RIP: 0010:percpu_down_read include/linux/percpu-rwsem.h:59 [inline] RIP: 0010:__sb_start_write+0x1c6/0x2e0 fs/super.c:1363 RSP: 0018:ffff8880957afe10 EFLAGS: 00000a02 RAX: dffffc0000000000 RBX: ffff888094c96a80 RCX: ffffffff818d4d58 RDX: 1ffff110134e79b5 RSI: ffffffff86b30220 RDI: ffff88809a73cda8 RBP: ffff88809a73cd38 R08: ffffffff8a0880f8 R09: 00000000000503f6 R10: ffff88809737cc30 R11: ffff88809737c380 R12: ffff88809a73ca00 R13: 0000000000000001 R14: ffff88809a73cd38 R15: 0000000000000fe5 FS: 00007f91fcb1f700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c007f76008 CR3: 00000000a53a5000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: file_start_write include/linux/fs.h:2708 [inline] vfs_write+0x3d8/0x4d0 fs/read_write.c:543 SYSC_write fs/read_write.c:590 [inline] SyS_write+0xf2/0x210 fs/read_write.c:582 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f91ff5631cd RSP: 002b:00007f91fcb1e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f91f4028800 RCX: 00007f91ff5631cd RDX: 0000000000000fe5 RSI: 00007f91f4028800 RDI: 000000000000000a RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00007f91f4028580 R13: 00007f91fcb1e5b0 R14: 00005591860b07c0 R15: 0000000000000fe5 Code: 01 00 00 00 e8 0c f3 b0 ff 48 c7 c7 20 02 b3 86 e8 90 e3 77 01 48 8d 7d 70 59 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 ff 00 00 00 48 89 ef 48 8b 45 70 65 ff 00 e8