INFO: task khugepaged:33 blocked for more than 143 seconds.
Not tainted 5.16.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:khugepaged state:D stack:27472 pid: 33 ppid: 2 flags:0x00004000
Call Trace:
context_switch kernel/sched/core.c:4972 [inline]
__schedule+0xa9a/0x4940 kernel/sched/core.c:6253
schedule+0xd2/0x260 kernel/sched/core.c:6326
schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x174/0x270 kernel/sched/completion.c:138
__flush_work+0x56c/0xb10 kernel/workqueue.c:3084
__lru_add_drain_all+0x3fd/0x760 mm/swap.c:849
khugepaged_do_scan mm/khugepaged.c:2222 [inline]
khugepaged+0x112/0x5390 mm/khugepaged.c:2283
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task kworker/u4:5:2416 blocked for more than 143 seconds.
Not tainted 5.16.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:5 state:D stack:23392 pid: 2416 ppid: 2 flags:0x00004000
Workqueue: events_unbound fsnotify_mark_destroy_workfn
Call Trace:
context_switch kernel/sched/core.c:4972 [inline]
__schedule+0xa9a/0x4940 kernel/sched/core.c:6253
schedule+0xd2/0x260 kernel/sched/core.c:6326
schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x174/0x270 kernel/sched/completion.c:138
__synchronize_srcu+0x1f2/0x290 kernel/rcu/srcutree.c:930
fsnotify_mark_destroy_workfn+0xfd/0x340 fs/notify/mark.c:861
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task kworker/u4:2:32424 blocked for more than 143 seconds.
Not tainted 5.16.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:2 state:D stack:24456 pid:32424 ppid: 2 flags:0x00004000
Workqueue: events_unbound fsnotify_connector_destroy_workfn
Call Trace:
context_switch kernel/sched/core.c:4972 [inline]
__schedule+0xa9a/0x4940 kernel/sched/core.c:6253
schedule+0xd2/0x260 kernel/sched/core.c:6326
schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x174/0x270 kernel/sched/completion.c:138
__synchronize_srcu+0x1f2/0x290 kernel/rcu/srcutree.c:930
fsnotify_connector_destroy_workfn+0x49/0xa0 fs/notify/mark.c:164
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Showing all locks held in the system:
1 lock held by khungtaskd/27:
#0: ffffffff8bb83ca0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6458
1 lock held by khugepaged/33:
#0: ffffffff8bc68ce8 (lock#5){+.+.}-{3:3}, at: __lru_add_drain_all+0x65/0x760 mm/swap.c:798
2 locks held by kworker/u4:5/2416:
#0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
#0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline]
#0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline]
#0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2269
#1: ffffc9000a6cfdb0 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273
3 locks held by kworker/1:3/2951:
1 lock held by systemd-udevd/2973:
1 lock held by in:imklog/6213:
3 locks held by syz-executor.0/6519:
3 locks held by kworker/0:1/23687:
2 locks held by kworker/u4:2/32424:
#0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
#0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline]
#0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline]
#0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2269
#1: ffffc9000577fdb0 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273
3 locks held by syz-executor.5/6239:
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.16.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
watchdog+0xc1d/0xf50 kernel/hung_task.c:295
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 6239 Comm: syz-executor.5 Not tainted 5.16.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:check_kcov_mode kernel/kcov.c:166 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0xd/0x60 kernel/kcov.c:200
Code: 00 00 e9 f6 14 63 02 66 0f 1f 44 00 00 48 8b be b0 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 65 8b 05 99 d6 8a 7e 89 c1 48 8b 34 24 <81> e1 00 01 00 00 65 48 8b 14 25 40 70 02 00 a9 00 01 ff 00 74 0e
RSP: 0018:ffffc9001ae1f628 EFLAGS: 00000046
RAX: 0000000080000001 RBX: ffff88814076c000 RCX: 0000000080000001
RDX: 0000000000000000 RSI: ffffffff81a08aee RDI: 0000000000000003
RBP: ffffea000281c640 R08: 0000000000000000 R09: ffffea000281c647
R10: ffffffff81a08ae0 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000007 R14: ffffea000281c640 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020a38000 CR3: 000000000b88e000 CR4: 0000000000350ef0
Call Trace:
__folio_memcg include/linux/memcontrol.h:397 [inline]
folio_memcg+0xfe/0x230 include/linux/memcontrol.h:445
folio_matches_lruvec include/linux/memcontrol.h:1570 [inline]
folio_lruvec_relock_irqsave include/linux/memcontrol.h:1592 [inline]
release_pages+0x10bc/0x1480 mm/swap.c:963
tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
zap_pte_range mm/memory.c:1418 [inline]
zap_pmd_range mm/memory.c:1467 [inline]
zap_pud_range mm/memory.c:1496 [inline]
zap_p4d_range mm/memory.c:1517 [inline]
unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
unmap_single_vma+0x198/0x310 mm/memory.c:1583
unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
exit_mmap+0x1d0/0x630 mm/mmap.c:3170
__mmput+0x122/0x4b0 kernel/fork.c:1113
mmput+0x56/0x60 kernel/fork.c:1134
exit_mm kernel/exit.c:507 [inline]
do_exit+0xb27/0x2b40 kernel/exit.c:819
do_group_exit+0x125/0x310 kernel/exit.c:929
get_signal+0x47d/0x2220 kernel/signal.c:2852
arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
handle_signal_work kernel/entry/common.c:148 [inline]
exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
__syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7ff97ef78ae9
Code: Unable to access opcode bytes at RIP 0x7ff97ef78abf.
RSP: 002b:00007ff97c449188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
RAX: 0000000000000002 RBX: 00007ff97f08c320 RCX: 00007ff97ef78ae9
RDX: 0000000000000002 RSI: 0000000020000880 RDI: 0000000000000006
RBP: 00007ff97efd2f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000002100 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc8d503abf R14: 00007ff97c449300 R15: 0000000000022000
----------------
Code disassembly (best guess):
0: 00 00 add %al,(%rax)
2: e9 f6 14 63 02 jmpq 0x26314fd
7: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
d: 48 8b be b0 01 00 00 mov 0x1b0(%rsi),%rdi
14: e8 b4 ff ff ff callq 0xffffffcd
19: 31 c0 xor %eax,%eax
1b: c3 retq
1c: 90 nop
1d: 65 8b 05 99 d6 8a 7e mov %gs:0x7e8ad699(%rip),%eax # 0x7e8ad6bd
24: 89 c1 mov %eax,%ecx
26: 48 8b 34 24 mov (%rsp),%rsi
* 2a: 81 e1 00 01 00 00 and $0x100,%ecx <-- trapping instruction
30: 65 48 8b 14 25 40 70 mov %gs:0x27040,%rdx
37: 02 00
39: a9 00 01 ff 00 test $0xff0100,%eax
3e: 74 0e je 0x4e