INFO: task kworker/1:11:3006 blocked for more than 143 seconds. Not tainted 5.15.0-rc2-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:11 state:D stack:24952 pid: 3006 ppid: 2 flags:0x00004000 Workqueue: ipv6_addrconf addrconf_verify_work Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0xc8d/0x1270 kernel/sched/core.c:6287 schedule+0x14b/0x210 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common+0xdff/0x2550 kernel/locking/mutex.c:669 __mutex_lock kernel/locking/mutex.c:729 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:743 addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4590 process_one_work+0x853/0x1140 kernel/workqueue.c:2297 worker_thread+0xac1/0x1320 kernel/workqueue.c:2444 kthread+0x453/0x480 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 INFO: task kworker/1:12:3007 blocked for more than 144 seconds. Not tainted 5.15.0-rc2-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:12 state:D stack:22736 pid: 3007 ppid: 2 flags:0x00004000 Workqueue: events switchdev_deferred_process_work Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0xc8d/0x1270 kernel/sched/core.c:6287 schedule+0x14b/0x210 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common+0xdff/0x2550 kernel/locking/mutex.c:669 __mutex_lock kernel/locking/mutex.c:729 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:743 switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:74 process_one_work+0x853/0x1140 kernel/workqueue.c:2297 worker_thread+0xac1/0x1320 kernel/workqueue.c:2444 kthread+0x453/0x480 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 INFO: task kworker/0:32:9387 blocked for more than 145 seconds. Not tainted 5.15.0-rc2-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:32 state:D stack:24408 pid: 9387 ppid: 2 flags:0x00004000 Workqueue: events linkwatch_event Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0xc8d/0x1270 kernel/sched/core.c:6287 schedule+0x14b/0x210 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common+0xdff/0x2550 kernel/locking/mutex.c:669 __mutex_lock kernel/locking/mutex.c:729 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:743 linkwatch_event+0xa/0x50 net/core/link_watch.c:251 process_one_work+0x853/0x1140 kernel/workqueue.c:2297 worker_thread+0xac1/0x1320 kernel/workqueue.c:2444 kthread+0x453/0x480 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 Showing all locks held in the system: 1 lock held by khungtaskd/26: #0: ffffffff8c91c180 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 1 lock held by systemd-udevd/2970: 1 lock held by in:imklog/6207: #0: ffff88801bb960f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24e/0x2f0 fs/file.c:990 2 locks held by agetty/6238: #0: ffff888016969098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252 #1: ffffc9000112c2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6c5/0x1c60 drivers/tty/n_tty.c:2113 4 locks held by kworker/u4:6/12151: 3 locks held by kworker/0:8/12818: #0: ffff888011064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140 #1: ffffc9000328fd20 ((work_completion)(&pwq->unbound_release_work)){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272 #2: ffffffff8c920968 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline] #2: ffffffff8c920968 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x277/0x750 kernel/rcu/tree_exp.h:837 3 locks held by kworker/u4:2/16717: 3 locks held by kworker/1:3/595: #0: ffff888011064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140 #1: ffffc90004c37d20 ((work_completion)(&pwq->unbound_release_work)){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272 #2: ffffffff8c920968 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline] #2: ffffffff8c920968 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x356/0x750 kernel/rcu/tree_exp.h:837 3 locks held by kworker/1:11/3006: #0: ffff88802630e938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140 #1: ffffc9000344fd20 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272 #2: ffffffff8d95b7c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4590 3 locks held by kworker/1:12/3007: #0: ffff888011064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140 #1: ffffc90002de7d20 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272 #2: ffffffff8d95b7c8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:74 2 locks held by kworker/0:9/7985: #0: ffff888011066538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140 #1: ffffc90005447d20 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272 2 locks held by kworker/0:19/9368: #0: ffff888011064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140 #1: ffffc9000af77d20 ((work_completion)(&pwq->unbound_release_work)){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272 3 locks held by kworker/0:32/9387: #0: ffff888011064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140 #1: ffffc9000b657d20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272 #2: ffffffff8d95b7c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 net/core/link_watch.c:251 2 locks held by systemd-udevd/16393: #0: ffff88801c0dd118 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0xf6/0xb90 block/bdev.c:816 #1: ffff88801c037468 (&lo->lo_mutex){+.+.}-{3:3}, at: lo_open+0x68/0x100 drivers/block/loop.c:2040 1 lock held by syz-executor.2/18039: #0: ffff88801c037468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xa5/0xbc0 drivers/block/loop.c:1350 1 lock held by syz-executor.2/18067: #0: ffff88801c0dd118 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0xf6/0xb90 block/bdev.c:816 1 lock held by syz-executor.4/18041: #0: ffff88801c0ed468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xa5/0xbc0 drivers/block/loop.c:1350 2 locks held by syz-executor.4/18068: #0: ffff88801c176118 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0xf6/0xb90 block/bdev.c:816 #1: ffff88801c0ed468 (&lo->lo_mutex){+.+.}-{3:3}, at: lo_open+0x68/0x100 drivers/block/loop.c:2040 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 26 Comm: khungtaskd Not tainted 5.15.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106 nmi_cpu_backtrace+0x45f/0x490 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x16a/0x280 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0xc54/0xca0 kernel/hung_task.c:295 kthread+0x453/0x480 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 6203 Comm: kworker/u4:3 Not tainted 5.15.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:strlen+0x2c/0x60 lib/string.c:566 Code: 41 56 53 49 89 fe 49 bf 00 00 00 00 00 fc ff df 48 89 f8 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 c3 48 c1 e8 03 42 0f b6 04 38 <84> c0 75 0b 48 8d 43 01 80 3b 00 75 e7 eb 13 89 d9 80 e1 07 38 c1 RSP: 0018:ffffc90005cf7480 EFLAGS: 00000a03 RAX: 0000000000000000 RBX: ffffffff8a4bab84 RCX: 0000000005cf7503 RDX: 0000000000000000 RSI: ffff8880111af138 RDI: ffffffff8a4bab80 RBP: ffffc90005cf75b8 R08: 0000000000000000 R09: 0000000000000001 R10: fffffbfff1bb7dce R11: 0000000000000000 R12: 0000000000000000 R13: ffffffff8c7ea980 R14: ffffffff8a4bab80 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f203403a2e0 CR3: 000000000c68e000 CR4: 00000000001526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000003000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Call Trace: trace_event_get_offsets_lock_acquire include/trace/events/lock.h:13 [inline] perf_trace_lock_acquire+0x113/0x4a0 include/trace/events/lock.h:13 trace_lock_acquire+0x161/0x190 include/trace/events/lock.h:13 lock_acquire+0xa5/0x4d0 kernel/locking/lockdep.c:5596 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:363 [inline] __get_locked_pte+0x2ad/0x390 mm/memory.c:1736 get_locked_pte include/linux/mm.h:2051 [inline] __text_poke+0x27d/0x9f0 arch/x86/kernel/alternative.c:817 text_poke arch/x86/kernel/alternative.c:900 [inline] text_poke_bp_batch+0x6b0/0x940 arch/x86/kernel/alternative.c:1178 text_poke_flush arch/x86/kernel/alternative.c:1268 [inline] text_poke_finish+0x16/0x30 arch/x86/kernel/alternative.c:1275 arch_jump_label_transform_apply+0x13/0x20 arch/x86/kernel/jump_label.c:146 static_key_enable_cpuslocked+0x12d/0x250 kernel/jump_label.c:177 static_key_enable+0x16/0x20 kernel/jump_label.c:190 toggle_allocation_gate+0xbf/0x460 mm/kfence/core.c:626 process_one_work+0x853/0x1140 kernel/workqueue.c:2297 worker_thread+0xac1/0x1320 kernel/workqueue.c:2444 kthread+0x453/0x480 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 ---------------- Code disassembly (best guess): 0: 41 56 push %r14 2: 53 push %rbx 3: 49 89 fe mov %rdi,%r14 6: 49 bf 00 00 00 00 00 movabs $0xdffffc0000000000,%r15 d: fc ff df 10: 48 89 f8 mov %rdi,%rax 13: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 1a: 00 00 00 1d: 90 nop 1e: 48 89 c3 mov %rax,%rbx 21: 48 c1 e8 03 shr $0x3,%rax 25: 42 0f b6 04 38 movzbl (%rax,%r15,1),%eax * 2a: 84 c0 test %al,%al <-- trapping instruction 2c: 75 0b jne 0x39 2e: 48 8d 43 01 lea 0x1(%rbx),%rax 32: 80 3b 00 cmpb $0x0,(%rbx) 35: 75 e7 jne 0x1e 37: eb 13 jmp 0x4c 39: 89 d9 mov %ebx,%ecx 3b: 80 e1 07 and $0x7,%cl 3e: 38 c1 cmp %al,%cl