INFO: task syz-executor.0:8275 blocked for more than 143 seconds. Not tainted 5.9.0-rc8-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:14088 pid: 8275 ppid: 6981 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x404/0x8a0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_timeout+0x224/0x2d0 kernel/time/timer.c:1855 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0xa7/0x110 kernel/sched/completion.c:138 __flush_work+0x260/0x490 kernel/workqueue.c:3046 __cancel_work_timer+0x159/0x1e0 kernel/workqueue.c:3133 tls_sk_proto_close+0x181/0x2a0 net/tls/tls_main.c:305 inet_release+0x37/0x70 net/ipv4/af_inet.c:431 __sock_release+0x32/0xa0 net/socket.c:596 sock_close+0xf/0x20 net/socket.c:1277 __fput+0xaa/0x250 fs/file_table.c:281 task_work_run+0x68/0xb0 kernel/task_work.c:141 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:165 [inline] exit_to_user_mode_prepare+0x219/0x220 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x416f01 Code: Bad RIP value. RSP: 002b:00007ffef2355ff0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000416f01 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffef23560e0 R11: 0000000000000293 R12: 000000000118d940 R13: 000000000118d940 R14: ffffffffffffffff R15: 000000000118cf4c INFO: task syz-executor.3:8298 blocked for more than 143 seconds. Not tainted 5.9.0-rc8-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:14088 pid: 8298 ppid: 6974 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x404/0x8a0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_timeout+0x224/0x2d0 kernel/time/timer.c:1855 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0xa7/0x110 kernel/sched/completion.c:138 __flush_work+0x260/0x490 kernel/workqueue.c:3046 __cancel_work_timer+0x159/0x1e0 kernel/workqueue.c:3133 tls_sk_proto_close+0x181/0x2a0 net/tls/tls_main.c:305 inet_release+0x37/0x70 net/ipv4/af_inet.c:431 __sock_release+0x32/0xa0 net/socket.c:596 sock_close+0xf/0x20 net/socket.c:1277 __fput+0xaa/0x250 fs/file_table.c:281 task_work_run+0x68/0xb0 kernel/task_work.c:141 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:165 [inline] exit_to_user_mode_prepare+0x219/0x220 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x416f01 Code: Bad RIP value. RSP: 002b:00007ffea72d9300 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000416f01 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffea72d93f0 R11: 0000000000000293 R12: 0000000001190930 R13: 000000000000b206 R14: ffffffffffffffff R15: 000000000118cf4c INFO: task syz-executor.2:8302 blocked for more than 143 seconds. Not tainted 5.9.0-rc8-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.2 state:D stack:14088 pid: 8302 ppid: 6976 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x404/0x8a0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_timeout+0x224/0x2d0 kernel/time/timer.c:1855 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0xa7/0x110 kernel/sched/completion.c:138 __flush_work+0x260/0x490 kernel/workqueue.c:3046 __cancel_work_timer+0x159/0x1e0 kernel/workqueue.c:3133 tls_sk_proto_close+0x181/0x2a0 net/tls/tls_main.c:305 inet_release+0x37/0x70 net/ipv4/af_inet.c:431 __sock_release+0x32/0xa0 net/socket.c:596 sock_close+0xf/0x20 net/socket.c:1277 __fput+0xaa/0x250 fs/file_table.c:281 task_work_run+0x68/0xb0 kernel/task_work.c:141 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:165 [inline] exit_to_user_mode_prepare+0x219/0x220 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x416f01 Code: Bad RIP value. RSP: 002b:00007ffd48985170 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000416f01 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffd48985260 R11: 0000000000000293 R12: 000000000118d940 R13: 000000000118d940 R14: ffffffffffffffff R15: 000000000118cf4c INFO: task syz-executor.1:8308 blocked for more than 143 seconds. Not tainted 5.9.0-rc8-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:13800 pid: 8308 ppid: 6980 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x404/0x8a0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_timeout+0x224/0x2d0 kernel/time/timer.c:1855 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0xa7/0x110 kernel/sched/completion.c:138 __flush_work+0x260/0x490 kernel/workqueue.c:3046 __cancel_work_timer+0x159/0x1e0 kernel/workqueue.c:3133 tls_sk_proto_close+0x181/0x2a0 net/tls/tls_main.c:305 inet_release+0x37/0x70 net/ipv4/af_inet.c:431 __sock_release+0x32/0xa0 net/socket.c:596 sock_close+0xf/0x20 net/socket.c:1277 __fput+0xaa/0x250 fs/file_table.c:281 task_work_run+0x68/0xb0 kernel/task_work.c:141 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:165 [inline] exit_to_user_mode_prepare+0x219/0x220 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x416f01 Code: Bad RIP value. RSP: 002b:00007ffdb86bd790 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000416f01 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffdb86bd880 R11: 0000000000000293 R12: 000000000118d940 R13: 000000000118d940 R14: ffffffffffffffff R15: 000000000118cf4c INFO: task syz-executor.5:8313 blocked for more than 144 seconds. Not tainted 5.9.0-rc8-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.5 state:D stack:14088 pid: 8313 ppid: 6979 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x404/0x8a0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_timeout+0x224/0x2d0 kernel/time/timer.c:1855 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0xa7/0x110 kernel/sched/completion.c:138 __flush_work+0x260/0x490 kernel/workqueue.c:3046 __cancel_work_timer+0x159/0x1e0 kernel/workqueue.c:3133 tls_sk_proto_close+0x181/0x2a0 net/tls/tls_main.c:305 inet_release+0x37/0x70 net/ipv4/af_inet.c:431 __sock_release+0x32/0xa0 net/socket.c:596 sock_close+0xf/0x20 net/socket.c:1277 __fput+0xaa/0x250 fs/file_table.c:281 task_work_run+0x68/0xb0 kernel/task_work.c:141 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:165 [inline] exit_to_user_mode_prepare+0x219/0x220 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x416f01 Code: Bad RIP value. RSP: 002b:00007fff4a6cc7c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000416f01 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 00007fff4a6cc8b0 R11: 0000000000000293 R12: 0000000001190930 R13: 000000000000b5b2 R14: ffffffffffffffff R15: 000000000118cf4c INFO: task syz-executor.4:8316 blocked for more than 144 seconds. Not tainted 5.9.0-rc8-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.4 state:D stack:13880 pid: 8316 ppid: 6971 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x404/0x8a0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 schedule_timeout+0x224/0x2d0 kernel/time/timer.c:1855 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0xa7/0x110 kernel/sched/completion.c:138 __flush_work+0x260/0x490 kernel/workqueue.c:3046 __cancel_work_timer+0x159/0x1e0 kernel/workqueue.c:3133 tls_sk_proto_close+0x181/0x2a0 net/tls/tls_main.c:305 inet_release+0x37/0x70 net/ipv4/af_inet.c:431 __sock_release+0x32/0xa0 net/socket.c:596 sock_close+0xf/0x20 net/socket.c:1277 __fput+0xaa/0x250 fs/file_table.c:281 task_work_run+0x68/0xb0 kernel/task_work.c:141 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:165 [inline] exit_to_user_mode_prepare+0x219/0x220 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x416f01 Code: Bad RIP value. RSP: 002b:00007ffc4bed9700 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000416f01 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffc4bed97f0 R11: 0000000000000293 R12: 000000000118d940 R13: 000000000118d940 R14: ffffffffffffffff R15: 000000000118cf4c Showing all locks held in the system: 3 locks held by kworker/0:0/5: #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #1: ffffc90000c93e70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90000c93e70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90000c93e70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #2: ffff88810e303ad8 (&ctx->tx_lock){+.+.}-{3:3}, at: tx_work_handler+0x42/0x70 net/tls/tls_sw.c:2256 3 locks held by kworker/0:1/12: #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #1: ffffc90000ccbe70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90000ccbe70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90000ccbe70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #2: ffff88810f7946d8 (&ctx->tx_lock){+.+.}-{3:3}, at: tx_work_handler+0x42/0x70 net/tls/tls_sw.c:2256 3 locks held by kworker/1:1/23: #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #1: ffffc90000d2fe70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90000d2fe70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90000d2fe70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #2: ffff88811938b6d8 (&ctx->tx_lock){+.+.}-{3:3}, at: tx_work_handler+0x42/0x70 net/tls/tls_sw.c:2256 3 locks held by kworker/u4:3/119: #0: ffff88812c12dbd8 (&rq->lock){-.-.}-{2:2}, at: newidle_balance+0x430/0x630 kernel/sched/fair.c:10555 #1: ffffffff842f5dc0 (rcu_read_lock){....}-{1:2}, at: __update_idle_core+0x0/0x200 kernel/sched/fair.c:5211 #2: ffff88812c11d5d8 (&base->lock){..-.}-{2:2}, at: lock_timer_base+0x62/0x80 kernel/time/timer.c:947 1 lock held by khungtaskd/1072: #0: ffffffff842f5dc0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x15/0x17a kernel/locking/lockdep.c:5853 3 locks held by kworker/0:3/3914: #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #1: ffffc90000d97e70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90000d97e70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90000d97e70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #2: ffff88810f797ad8 (&ctx->tx_lock){+.+.}-{3:3}, at: tx_work_handler+0x42/0x70 net/tls/tls_sw.c:2256 3 locks held by kworker/0:4/6870: #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #1: ffffc90000e53e70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90000e53e70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90000e53e70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #2: ffff88810a16e0d8 (&ctx->tx_lock){+.+.}-{3:3}, at: tx_work_handler+0x42/0x70 net/tls/tls_sw.c:2256 3 locks held by kworker/0:5/6871: #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88812bc55738 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #1: ffffc90000e43e70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90000e43e70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90000e43e70 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: process_one_work+0x1de/0x5f0 kernel/workqueue.c:2240 #2: ffff8881102f5ad8 (&ctx->tx_lock){+.+.}-{3:3}, at: tx_work_handler+0x42/0x70 net/tls/tls_sw.c:2256 1 lock held by syz-executor.0/8275: #0: ffff88810f85d250 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:779 [inline] #0: ffff88810f85d250 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x28/0xa0 net/socket.c:595 1 lock held by syz-executor.3/8298: #0: ffff88811db4b810 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:779 [inline] #0: ffff88811db4b810 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x28/0xa0 net/socket.c:595 1 lock held by syz-executor.2/8302: #0: ffff888122f296d0 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:779 [inline] #0: ffff888122f296d0 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x28/0xa0 net/socket.c:595 1 lock held by syz-executor.1/8308: #0: ffff88810f85dbd0 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:779 [inline] #0: ffff88810f85dbd0 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x28/0xa0 net/socket.c:595 1 lock held by syz-executor.5/8313: #0: ffff88810f88fc10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:779 [inline] #0: ffff88810f88fc10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x28/0xa0 net/socket.c:595 1 lock held by syz-executor.4/8316: #0: ffff88810f85a790 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:779 [inline] #0: ffff88810f85a790 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x28/0xa0 net/socket.c:595 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1072 Comm: khungtaskd Not tainted 5.9.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xa3/0xcc lib/dump_stack.c:118 nmi_cpu_backtrace.cold.8+0x3e/0x58 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0xd5/0xec lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0x58e/0x680 kernel/hung_task.c:295 kthread+0x148/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 119 Comm: kworker/u4:3 Not tainted 5.9.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_tt_purge RIP: 0010:mark_lock.part.46+0x53/0x340 kernel/locking/lockdep.c:4039 Code: 66 25 ff 1f 0f b7 c0 48 0f a3 05 78 ec 7b 04 73 4d 48 69 c0 b8 00 00 00 41 bc 01 00 00 00 48 05 a0 2b 9f 85 48 85 68 50 74 50 <48> 83 c4 10 44 89 e0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f b6 46 22 RSP: 0018:ffffc90000fe7d10 EFLAGS: 00000002 RAX: ffffffff85a49560 RBX: 0000000000000002 RCX: 0000000000000002 RDX: 0000000000000002 RSI: ffff88812ac4e9e8 RDI: ffff88812ac4e100 RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000001 R11: 5e62cc7e6c4321de R12: 0000000000000001 R13: 0000000000000002 R14: ffff88812ac4e100 R15: ffff88812ac4e9e8 FS: 0000000000000000(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe8872a7000 CR3: 0000000120021000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: mark_lock kernel/locking/lockdep.c:3974 [inline] mark_held_locks+0x48/0x70 kernel/locking/lockdep.c:3611 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3629 [inline] lockdep_hardirqs_on_prepare+0x78/0x1a0 kernel/locking/lockdep.c:3697 trace_hardirqs_on+0x1c/0x100 kernel/trace/trace_preemptirq.c:49 __local_bh_enable_ip+0xa1/0x130 kernel/softirq.c:200 spin_unlock_bh include/linux/spinlock.h:399 [inline] batadv_tt_local_purge+0xba/0xe0 net/batman-adv/translation-table.c:1446 batadv_tt_purge+0x36/0x280 net/batman-adv/translation-table.c:3801 process_one_work+0x26a/0x5f0 kernel/workqueue.c:2269 worker_thread+0x38/0x380 kernel/workqueue.c:2415 kthread+0x148/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294