INFO: task khugepaged:33 blocked for more than 143 seconds. Not tainted 5.14.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:khugepaged state:D stack:24248 pid: 33 ppid: 2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x176/0x280 kernel/sched/completion.c:138 __flush_work+0x56e/0xb10 kernel/workqueue.c:3083 __lru_add_drain_all+0x3fd/0x760 mm/swap.c:820 khugepaged_do_scan mm/khugepaged.c:2214 [inline] khugepaged+0x10f/0x55a0 mm/khugepaged.c:2275 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 INFO: task kworker/u4:4:1097 blocked for more than 144 seconds. Not tainted 5.14.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:4 state:D stack:24456 pid: 1097 ppid: 2 flags:0x00004000 Workqueue: events_unbound fsnotify_connector_destroy_workfn Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x176/0x280 kernel/sched/completion.c:138 __synchronize_srcu+0x1f4/0x290 kernel/rcu/srcutree.c:930 fsnotify_connector_destroy_workfn+0x49/0xa0 fs/notify/mark.c:164 process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297 worker_thread+0x658/0x11f0 kernel/workqueue.c:2444 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Showing all locks held in the system: 2 locks held by kworker/u4:0/8: #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x8a3/0x16b0 kernel/workqueue.c:2268 #1: ffffc90000cd7db0 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x8d7/0x16b0 kernel/workqueue.c:2272 1 lock held by khungtaskd/26: #0: ffffffff8b97fda0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446 1 lock held by khugepaged/33: #0: ffffffff8ba62f28 (lock#5){+.+.}-{3:3}, at: __lru_add_drain_all+0x65/0x760 mm/swap.c:769 5 locks held by kworker/u4:3/253: #0: ffff8880b9d31a58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:474 [inline] #0: ffff8880b9d31a58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1317 [inline] #0: ffff8880b9d31a58 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1620 [inline] #0: ffff8880b9d31a58 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x236/0x26f0 kernel/sched/core.c:6201 #1: ffff8880b9d1f9c8 (&per_cpu_ptr(group->pcpu, cpu)->seq ){-.-.}-{0:0}, at: psi_task_switch+0x39d/0x480 kernel/sched/psi.c:880 #2: ffffffff8b97fda0 (rcu_read_lock){....}-{1:2}, at: batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline] #2: ffffffff8b97fda0 (rcu_read_lock){....}-{1:2}, at: batadv_nc_worker+0xf3/0xfa0 net/batman-adv/network-coding.c:721 #3: ffffffff9047e578 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x12e/0x3e0 lib/debugobjects.c:661 #4: ffff8880b9d20030 (krc.lock){..-.}-{2:2}, at: krc_this_cpu_lock kernel/rcu/tree.c:3179 [inline] #4: ffff8880b9d20030 (krc.lock){..-.}-{2:2}, at: add_ptr_to_bulk_krc_lock kernel/rcu/tree.c:3462 [inline] #4: ffff8880b9d20030 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0xde/0x990 kernel/rcu/tree.c:3553 2 locks held by kworker/u4:4/1097: #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x8a3/0x16b0 kernel/workqueue.c:2268 #1: ffffc90004e47db0 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x8d7/0x16b0 kernel/workqueue.c:2272 1 lock held by in:imklog/6233: #0: ffff88801deba0f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:990 3 locks held by kworker/0:7/8539: 1 lock held by syz-executor.3/10463: #0: ffff88804e866210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88804e866210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/10484: #0: ffff88804e8dca10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88804e8dca10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/10506: #0: ffff88804e812610 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] ffff88804e812610 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/10824: #0: ffff88806d84e210 (&sb->s_type->i_mutex_key #13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/10843: #0: ffff88806db19a10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88806db19a10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/10868: #0: ffff88804e9ba010 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] ffff88804e9ba010 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/10886: #0: ffff88806d970810 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] ffff88806d970810 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/10906: #0: ffff88806d966210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88806d966210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/11313: #0: ffff88806d84f410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88806d84f410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/11332: #0: ffff88804e853810 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88804e853810 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/15624: #0: ffff88804e9b9410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88804e9b9410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/16579: #0: ffff88804e9b4a10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88804e9b4a10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/16605: #0: ffff88806db4ca10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] ffff88806db4ca10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/16833: #0: ffff88806d9e8210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88806d9e8210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/16872: #0: ffff88804e878210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88804e878210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/16901: #0: ffff88806db95610 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/16932: #0: ffff88806db33210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88806db33210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/16955: #0: ffff88806db1f410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88806db1f410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/16981: #0: ffff88806d9d0e10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/17006: #0: ffff88806d84c410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88806d84c410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/17040: #0: ffff88804e839a10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88804e839a10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/17065: #0: ffff88804e9dd010 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88804e9dd010 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/17093: #0: ffff888144705610 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff888144705610 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/17125: #0: ffff8880764e4a10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] ffff8880764e4a10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/17145: #0: ffff88804e9a8e10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/17166: #0: ffff88806db49410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88806db49410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/17195: #0: ffff88804e8dc410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88804e8dc410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/17219: #0: ffff88806d94b210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88806d94b210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/18412: #0: ffff88807b5bac10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88807b5bac10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/18454: #0: ffff88806db4a610 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/18530: #0: ffff88806d9e8e10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88806d9e8e10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/18567: #0: ffff88804e8b3210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88804e8b3210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/20926: #0: ffff88806db9c410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/20958: #0: ffff88804e9b5610 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88804e9b5610 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/20992: #0: ffff88804e9f5c10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/21016: #0: ffff88804e8b6810 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/21033: #0: ffff88804e812010 (&sb->s_type->i_mutex_key#13 ){+.+.}-{3:3} , at: inode_lock include/linux/fs.h:786 [inline] , at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/21057: #0: ffff88804e86d010 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/21072: #0: ffff88804e825610 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88804e825610 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/21095: #0: ffff88804e9fee10 ( &sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] &sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/21227: #0: ffff888076572610 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff888076572610 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/21253: #0: ffff88806db28e10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] ffff88806db28e10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/21291: #0: ffff88806d944410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88806d944410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/21315: #0: ffff88804e9b2010 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88804e9b2010 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:648 1 lock held by syz-executor.3/22411: #0: ffffffff8b989128 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline] #0: ffffffff8b989128 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x2d5/0x620 kernel/rcu/tree_exp.h:837 3 locks held by kworker/1:2/3269: 1 lock held by syz-executor.3/8562: #0: ffffffff8b989128 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline] #0: ffffffff8b989128 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4fc/0x620 kernel/rcu/tree_exp.h:837 1 lock held by systemd-journal/8670: 2 locks held by kworker/u4:8/8671: #0: ffff8880b9d31a58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:474 [inline] #0: ffff8880b9d31a58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1317 [inline] #0: ffff8880b9d31a58 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1620 [inline] #0: ffff8880b9d31a58 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x236/0x26f0 kernel/sched/core.c:6201 #1: ffffc90002d2fdb0 ((kfence_timer).work){+.+.}-{0:0}, at: process_one_work+0x8d7/0x16b0 kernel/workqueue.c:2272 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 26 Comm: khungtaskd Not tainted 5.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x1ae/0x220 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0xc1d/0xf50 kernel/hung_task.c:295 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 148 Comm: kworker/u4:2 Not tainted 5.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_nc_worker RIP: 0010:lock_release+0x10/0x720 kernel/locking/lockdep.c:5633 Code: ff 48 c7 c7 08 7c 6e 8d e8 8d f9 61 00 e9 6d fd ff ff 0f 1f 84 00 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 41 57 41 56 41 55 <41> 54 49 89 fc 55 53 48 81 ec 90 00 00 00 48 8d 6c 24 10 48 89 74 RSP: 0018:ffffc9000153fc70 EFLAGS: 00000293 RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: ffff8880166e0000 RSI: ffffffff88d20029 RDI: ffffffff8b97fda0 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 R10: ffffffff88d20021 R11: 0000000000000000 R12: ffffc9000153fdb0 R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000143 FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff76cfcb000 CR3: 00000000714c3000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rcu_lock_release include/linux/rcupdate.h:272 [inline] rcu_read_unlock include/linux/rcupdate.h:720 [inline] batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:414 [inline] batadv_nc_worker+0x86b/0xfa0 net/batman-adv/network-coding.c:721 process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297 worker_thread+0x658/0x11f0 kernel/workqueue.c:2444 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 48 c7 c7 08 7c 6e 8d mov $0xffffffff8d6e7c08,%rdi 7: e8 8d f9 61 00 callq 0x61f999 c: e9 6d fd ff ff jmpq 0xfffffd7e 11: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 18: 00 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 20: fc ff df 23: 41 57 push %r15 25: 41 56 push %r14 27: 41 55 push %r13 * 29: 41 54 push %r12 <-- trapping instruction 2b: 49 89 fc mov %rdi,%r12 2e: 55 push %rbp 2f: 53 push %rbx 30: 48 81 ec 90 00 00 00 sub $0x90,%rsp 37: 48 8d 6c 24 10 lea 0x10(%rsp),%rbp 3c: 48 rex.W 3d: 89 .byte 0x89 3e: 74 .byte 0x74