INFO: task khugepaged:1627 blocked for more than 143 seconds. Not tainted 5.12.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:khugepaged state:D stack:24208 pid: 1627 ppid: 2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0x911/0x21b0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_timeout+0x1db/0x250 kernel/time/timer.c:1868 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x168/0x270 kernel/sched/completion.c:138 __flush_work+0x527/0xac0 kernel/workqueue.c:3052 lru_add_drain_all+0x41f/0x6f0 mm/swap.c:826 khugepaged_do_scan mm/khugepaged.c:2213 [inline] khugepaged+0x10c/0x5510 mm/khugepaged.c:2274 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task syz-executor.2:8407 blocked for more than 143 seconds. Not tainted 5.12.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.2 state:D stack:24024 pid: 8407 ppid: 1 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0x911/0x21b0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:5211 __mutex_lock_common kernel/locking/mutex.c:1026 [inline] __mutex_lock+0x81f/0x1120 kernel/locking/mutex.c:1096 exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline] synchronize_rcu_expedited+0x27e/0x620 kernel/rcu/tree_exp.h:836 namespace_unlock+0x1af/0x410 fs/namespace.c:1446 do_umount fs/namespace.c:1669 [inline] path_umount+0x78c/0x1240 fs/namespace.c:1755 ksys_umount fs/namespace.c:1778 [inline] __do_sys_umount fs/namespace.c:1783 [inline] __se_sys_umount fs/namespace.c:1781 [inline] __x64_sys_umount+0x159/0x180 fs/namespace.c:1781 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4678b7 RSP: 002b:00007ffd1df8aa98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004678b7 RDX: 00007ffd1df8ab6a RSI: 0000000000000002 RDI: 00007ffd1df8ab60 RBP: 00007ffd1df8ab60 R08: 00000000ffffffff R09: 00007ffd1df8a930 R10: 0000000001a3f8e3 R11: 0000000000000246 R12: 00000000004bebb2 R13: 00007ffd1df8bc30 R14: 0000000001a3f810 R15: 00007ffd1df8bc70 INFO: task kworker/u4:10:10370 blocked for more than 144 seconds. Not tainted 5.12.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:10 state:D stack:26088 pid:10370 ppid: 2 flags:0x00004000 Workqueue: events_unbound fsnotify_connector_destroy_workfn Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0x911/0x21b0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_timeout+0x1db/0x250 kernel/time/timer.c:1868 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x168/0x270 kernel/sched/completion.c:138 __synchronize_srcu+0x1a6/0x280 kernel/rcu/srcutree.c:935 fsnotify_connector_destroy_workfn+0x49/0xa0 fs/notify/mark.c:164 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task kworker/u4:11:10374 blocked for more than 144 seconds. Not tainted 5.12.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:11 state:D stack:22680 pid:10374 ppid: 2 flags:0x00004000 Workqueue: events_unbound fsnotify_mark_destroy_workfn Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0x911/0x21b0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_timeout+0x1db/0x250 kernel/time/timer.c:1868 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x168/0x270 kernel/sched/completion.c:138 __synchronize_srcu+0x1a6/0x280 kernel/rcu/srcutree.c:935 fsnotify_mark_destroy_workfn+0xfd/0x340 fs/notify/mark.c:836 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INFO: task syz-executor.4:13164 blocked for more than 144 seconds. Not tainted 5.12.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.4 state:D stack:24184 pid:13164 ppid: 11330 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0x911/0x21b0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 schedule_timeout+0x1db/0x250 kernel/time/timer.c:1868 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x168/0x270 kernel/sched/completion.c:138 __flush_work+0x527/0xac0 kernel/workqueue.c:3052 __drain_all_pages+0x439/0x670 mm/page_alloc.c:3129 drain_all_pages mm/page_alloc.c:3143 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:4420 [inline] __alloc_pages_slowpath.constprop.0+0x955/0x2270 mm/page_alloc.c:4810 __alloc_pages_nodemask+0x5f5/0x730 mm/page_alloc.c:5020 alloc_pages_current+0x18c/0x2a0 mm/mempolicy.c:2277 alloc_pages include/linux/gfp.h:561 [inline] __page_cache_alloc mm/filemap.c:978 [inline] __page_cache_alloc+0x303/0x3a0 mm/filemap.c:963 page_cache_ra_unbounded+0x3a1/0x920 mm/readahead.c:216 do_page_cache_ra mm/readahead.c:267 [inline] ondemand_readahead+0x63d/0x1160 mm/readahead.c:549 page_cache_sync_ra+0x16f/0x1a0 mm/readahead.c:577 page_cache_sync_readahead include/linux/pagemap.h:840 [inline] filemap_get_pages+0x289/0x1900 mm/filemap.c:2375 filemap_read+0x2ca/0xe40 mm/filemap.c:2458 generic_file_read_iter+0x397/0x4f0 mm/filemap.c:2609 ext4_file_read_iter+0x1d4/0x5d0 fs/ext4/file.c:130 call_read_iter include/linux/fs.h:1971 [inline] generic_file_splice_read+0x450/0x6c0 fs/splice.c:311 do_splice_to+0x1bf/0x250 fs/splice.c:796 splice_direct_to_actor+0x2c2/0x8c0 fs/splice.c:870 do_splice_direct+0x1b3/0x280 fs/splice.c:979 do_sendfile+0x9f0/0x1110 fs/read_write.c:1260 __do_sys_sendfile64 fs/read_write.c:1325 [inline] __se_sys_sendfile64 fs/read_write.c:1311 [inline] __x64_sys_sendfile64+0x1cc/0x210 fs/read_write.c:1311 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x466459 RSP: 002b:00007fd776cf6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000005 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 00008400fffffffa R11: 0000000000000246 R12: 000000000056c008 R13: 00007ffde099012f R14: 00007fd776cf6300 R15: 0000000000022000 INFO: task syz-executor.5:13166 blocked for more than 145 seconds. Not tainted 5.12.0-rc6-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.5 state:D stack:26016 pid:13166 ppid: 8477 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4322 [inline] __schedule+0x911/0x21b0 kernel/sched/core.c:5073 schedule+0xcf/0x270 kernel/sched/core.c:5152 synchronize_rcu_expedited+0x453/0x620 kernel/rcu/tree_exp.h:852 synchronize_rcu+0xdf/0x180 kernel/rcu/tree.c:3767 vhost_vsock_dev_release+0x16d/0x4c0 drivers/vhost/vsock.c:705 __fput+0x288/0x920 fs/file_table.c:280 task_work_run+0xdd/0x1a0 kernel/task_work.c:140 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop kernel/entry/common.c:174 [inline] exit_to_user_mode_prepare+0x249/0x250 kernel/entry/common.c:208 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:301 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x41926b RSP: 002b:00007ffebd19d6c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 000000000041926b RDX: 0000000000570150 RSI: 0000000008bc97a8 RDI: 0000000000000003 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000001b336211f0 R10: 00007ffebd19d7b0 R11: 0000000000000293 R12: 000000000004d7d4 R13: 00000000000003e8 R14: 000000000056bf60 R15: 000000000004d6ff Showing all locks held in the system: 2 locks held by kworker/1:0/20: 1 lock held by khungtaskd/1610: #0: ffffffff8bf71860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6327 1 lock held by khugepaged/1627: #0: ffffffff8c04a568 (lock#5){+.+.}-{3:3}, at: lru_add_drain_all+0x5f/0x6f0 mm/swap.c:777 1 lock held by in:imklog/8075: #0: ffff88801f1a93b0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:961 1 lock held by syz-executor.2/8407: #0: ffffffff8bf7a428 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline] #0: ffffffff8bf7a428 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x27e/0x620 kernel/rcu/tree_exp.h:836 2 locks held by kworker/0:5/9591: #0: ffff888010863d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010863d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888010863d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888010863d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888010863d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888010863d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90015a67da8 (key_gc_work){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 2 locks held by kworker/u4:10/10370: #0: ffff888010871138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010871138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888010871138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888010871138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888010871138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888010871138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90001e07da8 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 2 locks held by kworker/u4:11/10374: #0: ffff888010871138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010871138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888010871138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888010871138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888010871138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888010871138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc90000f27da8 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 2 locks held by kworker/u4:17/10397: 2 locks held by syz-executor.4/13164: #0: ffff8880243fe460 (sb_writers#5){.+.+}-{0:0}, at: __do_sys_sendfile64 fs/read_write.c:1325 [inline] #0: ffff8880243fe460 (sb_writers#5){.+.+}-{0:0}, at: __se_sys_sendfile64 fs/read_write.c:1311 [inline] #0: ffff8880243fe460 (sb_writers#5){.+.+}-{0:0}, at: __x64_sys_sendfile64+0x1cc/0x210 fs/read_write.c:1311 #1: ffffffff8c088a68 (pcpu_drain_mutex){+.+.}-{3:3}, at: __drain_all_pages+0x4f/0x670 mm/page_alloc.c:3078 1 lock held by syz-executor.5/13166: #0: ffffffff8bf7a428 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline] #0: ffffffff8bf7a428 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4fa/0x620 kernel/rcu/tree_exp.h:836 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1610 Comm: khungtaskd Not tainted 5.12.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0xd48/0xfb0 kernel/hung_task.c:294 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 4817 Comm: systemd-journal Not tainted 5.12.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:steal_account_process_time kernel/sched/cputime.c:242 [inline] RIP: 0010:account_other_time+0xea/0x370 kernel/sched/cputime.c:262 Code: b3 07 49 89 ed 83 f8 07 41 89 c6 0f 87 fe 01 00 00 4a 8d 3c f5 e0 a6 09 8b 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 ef 01 00 00 4e 03 2c f5 e0 a6 09 8b 48 b8 00 00 RSP: 0018:ffffc90001227e78 EFLAGS: 00000806 RAX: dffffc0000000000 RBX: 000000000000262a RCX: dffffc0000000000 RDX: 1ffffffff16134dd RSI: 0000000000000000 RDI: ffffffff8b09a6e8 RBP: 0000000000035240 R08: ffffffff8f37c058 R09: ffffffff8f37c04f R10: ffffffff8f37c057 R11: 0000000000000001 R12: 000000000457fd17 R13: 0000000000035240 R14: 0000000000000001 R15: 0000000000000000 FS: 00007efed37cf8c0(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007efecf2e6008 CR3: 000000001510c000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: get_vtime_delta+0x4f/0xd0 kernel/sched/cputime.c:656 vtime_account_system+0x1a/0xb0 kernel/sched/cputime.c:666 vtime_user_enter+0xaa/0x170 kernel/sched/cputime.c:710 __context_tracking_enter+0xef/0x100 kernel/context_tracking.c:82 user_enter_irqoff include/linux/context_tracking.h:41 [inline] __exit_to_user_mode kernel/entry/common.c:129 [inline] syscall_exit_to_user_mode+0x4e/0x60 kernel/entry/common.c:303 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7efed2a98303 Code: 49 89 ca b8 e8 00 00 00 0f 05 48 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 0b c2 00 00 48 89 04 24 49 89 ca b8 e8 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 51 c2 00 00 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007fff4e025c20 EFLAGS: 00000293 ORIG_RAX: 00000000000000e8 RAX: 0000000000000001 RBX: 000055d75d16a200 RCX: 00007efed2a98303 RDX: 0000000000000013 RSI: 00007fff4e025c30 RDI: 0000000000000008 RBP: 00007fff4e025e20 R08: 000055d75d16c0a0 R09: 00007fff4e09c080 R10: 0000000000000000 R11: 0000000000000293 R12: 00007fff4e025c30 R13: 0000000000000001 R14: 0000000000000000 R15: 0005bf6f4a968d3f