INFO: task syz-executor.0:13805 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0  state:D stack:20272 pid:13805 ppid:     1 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0xb72/0x1460 kernel/sched/core.c:6253
 schedule+0x12b/0x1f0 kernel/sched/core.c:6326
 percpu_rwsem_wait+0x3c2/0x580 kernel/locking/percpu-rwsem.c:160
 __percpu_down_read+0xcf/0x100 kernel/locking/percpu-rwsem.c:174
 percpu_down_read include/linux/percpu-rwsem.h:65 [inline]
 uprobe_start_dup_mmap+0x117/0x130 kernel/events/uprobes.c:1564
 dup_mmap+0xc7/0xfd0 kernel/fork.c:497
 dup_mm+0x8c/0x310 kernel/fork.c:1450
 copy_mm kernel/fork.c:1502 [inline]
 copy_process+0x28d7/0x5ca0 kernel/fork.c:2191
 kernel_clone+0x22a/0x7e0 kernel/fork.c:2582
 __do_sys_clone kernel/fork.c:2699 [inline]
 __se_sys_clone kernel/fork.c:2683 [inline]
 __x64_sys_clone+0x245/0x2b0 kernel/fork.c:2683
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fb73637f48b
RSP: 002b:00007ffc54203b80 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb73637f48b
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000555556fb5400
R10: 0000555556fb56d0 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc54203c60
 </TASK>
INFO: task syz-executor.1:13943 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1  state:D stack:22896 pid:13943 ppid: 13792 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0xb72/0x1460 kernel/sched/core.c:6253
 schedule+0x12b/0x1f0 kernel/sched/core.c:6326
 rwsem_down_read_slowpath+0x5e2/0xb00 kernel/locking/rwsem.c:1041
 __down_read_common+0xaa/0x450 kernel/locking/rwsem.c:1223
 mmap_read_lock include/linux/mmap_lock.h:117 [inline]
 acct_collect+0x166/0x780 kernel/acct.c:540
 do_exit+0x5fd/0x2340 kernel/exit.c:811
 do_group_exit+0x168/0x2d0 kernel/exit.c:929
 get_signal+0x1740/0x2120 kernel/signal.c:2852
 arch_do_signal_or_restart+0x9c/0x730 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x191/0x220 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x2e/0x70 kernel/entry/common.c:300
 do_syscall_64+0x53/0xd0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f03d84f0e99
RSP: 002b:00007f03d6e66168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: 0000000000000002 RBX: 00007f03d8603f60 RCX: 00007f03d84f0e99
RDX: 0000000000000000 RSI: 000000000000000b RDI: 000000000000000b
RBP: 00007f03d854aff1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffde2a7066f R14: 00007f03d6e66300 R15: 0000000000022000
 </TASK>
INFO: task dhcpcd-run-hook:14028 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:dhcpcd-run-hook state:D stack:26064 pid:14028 ppid:  3183 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0xb72/0x1460 kernel/sched/core.c:6253
 schedule+0x12b/0x1f0 kernel/sched/core.c:6326
 percpu_rwsem_wait+0x3c2/0x580 kernel/locking/percpu-rwsem.c:160
 __percpu_down_read+0xcf/0x100 kernel/locking/percpu-rwsem.c:174
 percpu_down_read include/linux/percpu-rwsem.h:65 [inline]
 uprobe_start_dup_mmap+0x117/0x130 kernel/events/uprobes.c:1564
 dup_mmap+0xc7/0xfd0 kernel/fork.c:497
 dup_mm+0x8c/0x310 kernel/fork.c:1450
 copy_mm kernel/fork.c:1502 [inline]
 copy_process+0x28d7/0x5ca0 kernel/fork.c:2191
 kernel_clone+0x22a/0x7e0 kernel/fork.c:2582
 __do_sys_clone kernel/fork.c:2699 [inline]
 __se_sys_clone kernel/fork.c:2683 [inline]
 __x64_sys_clone+0x245/0x2b0 kernel/fork.c:2683
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f52a666d0f2
RSP: 002b:00007ffd102a7c40 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000557230885910 RCX: 00007f52a666d0f2
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000000 R08: 0000000000000000 R09: 3c00000040001201
R10: 00007f52a6503ad0 R11: 0000000000000246 R12: 0000000000000000
R13: 0000557230889218 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
INFO: task syz-executor.5:14040 blocked for more than 144 seconds.
      Not tainted 5.16.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.5  state:D stack:26032 pid:14040 ppid:  3617 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0xb72/0x1460 kernel/sched/core.c:6253
 schedule+0x12b/0x1f0 kernel/sched/core.c:6326
 percpu_rwsem_wait+0x3c2/0x580 kernel/locking/percpu-rwsem.c:160
 __percpu_down_read+0xcf/0x100 kernel/locking/percpu-rwsem.c:174
 percpu_down_read include/linux/percpu-rwsem.h:65 [inline]
 uprobe_start_dup_mmap+0x117/0x130 kernel/events/uprobes.c:1564
 dup_mmap+0xc7/0xfd0 kernel/fork.c:497
 dup_mm+0x8c/0x310 kernel/fork.c:1450
 copy_mm kernel/fork.c:1502 [inline]
 copy_process+0x28d7/0x5ca0 kernel/fork.c:2191
 kernel_clone+0x22a/0x7e0 kernel/fork.c:2582
 __do_sys_clone kernel/fork.c:2699 [inline]
 __se_sys_clone kernel/fork.c:2683 [inline]
 __x64_sys_clone+0x245/0x2b0 kernel/fork.c:2683
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fbdc356348b
RSP: 002b:00007fff582fd9d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007fff582fe028 RCX: 00007fbdc356348b
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000555555c72400
R10: 0000555555c726d0 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff582fdac0 R14: 00007fbdc36784d8 R15: 0000000000000006
 </TASK>
INFO: task syz-executor.4:14048 blocked for more than 144 seconds.
      Not tainted 5.16.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4  state:D stack:28080 pid:14048 ppid: 13828 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0xb72/0x1460 kernel/sched/core.c:6253
 schedule+0x12b/0x1f0 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common+0xe9f/0x2490 kernel/locking/mutex.c:680
 __mutex_lock kernel/locking/mutex.c:740 [inline]
 mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:792
 perf_trace_init+0x4f/0x2f0 kernel/trace/trace_event_perf.c:223
 perf_tp_event_init+0x88/0x110 kernel/events/core.c:9794
 perf_try_init_event+0x13e/0x3d0 kernel/events/core.c:11252
 perf_init_event kernel/events/core.c:11316 [inline]
 perf_event_alloc+0x117a/0x2c30 kernel/events/core.c:11607
 __do_sys_perf_event_open kernel/events/core.c:12128 [inline]
 __se_sys_perf_event_open+0x7b2/0x4280 kernel/events/core.c:12020
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f33dc4f4e99
RSP: 002b:00007f33dae6a168 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007f33dc607f60 RCX: 00007f33dc4f4e99
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007f33dc54eff1 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffe6abc52f R14: 00007f33dae6a300 R15: 0000000000022000
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/27:
 #0: ffffffff8cb1de00 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
2 locks held by getty/3286:
 #0: ffff88814b531098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffffc90002b962e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6c5/0x1c60 drivers/tty/n_tty.c:2113
1 lock held by syz-executor.0/13805:
 #0: ffffffff8cbaab90 (dup_mmap_sem){++++}-{0:0}, at: dup_mmap+0xc7/0xfd0 kernel/fork.c:497
1 lock held by syz-executor.1/13943:
 #0: ffff888049a65528 (&mm->mmap_lock#2){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
 #0: ffff888049a65528 (&mm->mmap_lock#2){++++}-{3:3}, at: acct_collect+0x166/0x780 kernel/acct.c:540
1 lock held by dhcpcd-run-hook/14028:
 #0: ffffffff8cbaab90 (dup_mmap_sem){++++}-{0:0}, at: dup_mmap+0xc7/0xfd0 kernel/fork.c:497
1 lock held by syz-executor.5/14040:
 #0: ffffffff8cbaab90 (dup_mmap_sem){++++}-{0:0}, at: dup_mmap+0xc7/0xfd0 kernel/fork.c:497
5 locks held by syz-executor.2/14045:
 #0: ffffffff90c0b2f8 (&pmus_srcu){....}-{0:0}, at: rcu_lock_acquire+0x9/0x30 include/linux/rcupdate.h:268
 #1: ffffffff8cb6c868 (event_mutex){+.+.}-{3:3}, at: perf_uprobe_init+0x12d/0x1a0 kernel/trace/trace_event_perf.c:335
 #2: ffff88804c2bc490 (&uprobe->register_rwsem){+.+.}-{3:3}, at: uprobe_apply+0x3e/0xf0 kernel/events/uprobes.c:1227
 #3: ffffffff8cbaab90 (dup_mmap_sem){++++}-{0:0}, at: register_for_each_vma+0x32/0xc50 kernel/events/uprobes.c:1042
 #4: ffff888049a65528 (&mm->mmap_lock#2){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:71 [inline]
 #4: ffff888049a65528 (&mm->mmap_lock#2){++++}-{3:3}, at: register_for_each_vma+0x674/0xc50 kernel/events/uprobes.c:1057
2 locks held by syz-executor.4/14048:
 #0: ffffffff90c0b2f8 (&pmus_srcu){....}-{0:0}, at: rcu_lock_acquire+0x9/0x30 include/linux/rcupdate.h:268
 #1: ffffffff8cb6c868 (event_mutex){+.+.}-{3:3}, at: perf_trace_init+0x4f/0x2f0 kernel/trace/trace_event_perf.c:223

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.16.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x45f/0x490 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x16a/0x280 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
 watchdog+0xc82/0xcd0 kernel/hung_task.c:295
 kthread+0x468/0x490 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:22 [inline]
RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline]
RIP: 0010:arch_irqs_disabled arch/x86/include/asm/irqflags.h:132 [inline]
RIP: 0010:acpi_safe_halt drivers/acpi/processor_idle.c:110 [inline]
RIP: 0010:acpi_idle_do_entry drivers/acpi/processor_idle.c:553 [inline]
RIP: 0010:acpi_idle_enter+0x42d/0x790 drivers/acpi/processor_idle.c:688
Code: fd 48 83 e3 08 44 8b 7c 24 04 0f 85 22 01 00 00 4c 8d 74 24 40 e8 e3 7c 13 fd eb 0c e8 6c e0 0c fd 0f 00 2d 95 30 6b 06 fb f4 <4c> 89 f3 48 c1 eb 03 42 80 3c 23 00 74 08 4c 89 f7 e8 8d 4f 57 fd
RSP: 0018:ffffffff8c807ba0 EFLAGS: 00000286
RAX: 351fb01dd1952d00 RBX: 0000000000000000 RCX: ffffffff90bb6903
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffffff8c807c50 R08: ffffffff818b1ab0 R09: fffffbfff19176d9
R10: fffffbfff19176d9 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff8881425dc864 R14: ffffffff8c807be0 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c00dbc3080 CR3: 000000002359d000 CR4: 00000000003506f0
Call Trace:
 <TASK>
 cpuidle_enter_state+0x507/0xea0 drivers/cpuidle/cpuidle.c:237
 cpuidle_enter+0x59/0x90 drivers/cpuidle/cpuidle.c:351
 call_cpuidle kernel/sched/idle.c:158 [inline]
 cpuidle_idle_call kernel/sched/idle.c:239 [inline]
 do_idle+0x3e8/0x670 kernel/sched/idle.c:306
 cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:403
 start_kernel+0x4bf/0x56e init/main.c:1135
 secondary_startup_64_no_verify+0xb1/0xbb
 </TASK>
----------------
Code disassembly (best guess):
   0:	fd                   	std
   1:	48 83 e3 08          	and    $0x8,%rbx
   5:	44 8b 7c 24 04       	mov    0x4(%rsp),%r15d
   a:	0f 85 22 01 00 00    	jne    0x132
  10:	4c 8d 74 24 40       	lea    0x40(%rsp),%r14
  15:	e8 e3 7c 13 fd       	callq  0xfd137cfd
  1a:	eb 0c                	jmp    0x28
  1c:	e8 6c e0 0c fd       	callq  0xfd0ce08d
  21:	0f 00 2d 95 30 6b 06 	verw   0x66b3095(%rip)        # 0x66b30bd
  28:	fb                   	sti
  29:	f4                   	hlt
* 2a:	4c 89 f3             	mov    %r14,%rbx <-- trapping instruction
  2d:	48 c1 eb 03          	shr    $0x3,%rbx
  31:	42 80 3c 23 00       	cmpb   $0x0,(%rbx,%r12,1)
  36:	74 08                	je     0x40
  38:	4c 89 f7             	mov    %r14,%rdi
  3b:	e8 8d 4f 57 fd       	callq  0xfd574fcd