INFO: task syz-executor.0:16136 can't die for more than 143 seconds.
task:syz-executor.0 state:D stack:28096 pid:16136 ppid: 6562 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:4953 [inline]
__schedule+0x940/0x26f0 kernel/sched/core.c:6234
schedule+0xd2/0x260 kernel/sched/core.c:6307
schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x174/0x270 kernel/sched/completion.c:138
__flush_work+0x56c/0xb10 kernel/workqueue.c:3083
__cancel_work_timer+0x3f9/0x570 kernel/workqueue.c:3170
p9_conn_destroy net/9p/trans_fd.c:891 [inline]
p9_fd_close+0x305/0x520 net/9p/trans_fd.c:921
p9_client_create+0x95a/0x1110 net/9p/client.c:1073
v9fs_session_init+0x1dd/0x17b0 fs/9p/v9fs.c:407
v9fs_mount+0x79/0x9c0 fs/9p/vfs_super.c:126
legacy_get_tree+0x105/0x220 fs/fs_context.c:610
vfs_get_tree+0x89/0x2f0 fs/super.c:1498
do_new_mount fs/namespace.c:2988 [inline]
path_mount+0x1320/0x1fa0 fs/namespace.c:3318
do_mount fs/namespace.c:3331 [inline]
__do_sys_mount fs/namespace.c:3539 [inline]
__se_sys_mount fs/namespace.c:3516 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3516
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fd096c788d9
RSP: 002b:00007fd09418c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fd096d7d1a0 RCX: 00007fd096c788d9
RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
RBP: 00007fd096cd2cb4 R08: 0000000020000140 R09: 0000000000000000
R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd3277c3cf R14: 00007fd09418c300 R15: 0000000000022000
INFO: task syz-executor.0:16136 blocked for more than 143 seconds.
Not tainted 5.15.0-rc4-next-20211007-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0 state:D stack:28096 pid:16136 ppid: 6562 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:4953 [inline]
__schedule+0x940/0x26f0 kernel/sched/core.c:6234
schedule+0xd2/0x260 kernel/sched/core.c:6307
schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x174/0x270 kernel/sched/completion.c:138
__flush_work+0x56c/0xb10 kernel/workqueue.c:3083
__cancel_work_timer+0x3f9/0x570 kernel/workqueue.c:3170
p9_conn_destroy net/9p/trans_fd.c:891 [inline]
p9_fd_close+0x305/0x520 net/9p/trans_fd.c:921
p9_client_create+0x95a/0x1110 net/9p/client.c:1073
v9fs_session_init+0x1dd/0x17b0 fs/9p/v9fs.c:407
v9fs_mount+0x79/0x9c0 fs/9p/vfs_super.c:126
legacy_get_tree+0x105/0x220 fs/fs_context.c:610
vfs_get_tree+0x89/0x2f0 fs/super.c:1498
do_new_mount fs/namespace.c:2988 [inline]
path_mount+0x1320/0x1fa0 fs/namespace.c:3318
do_mount fs/namespace.c:3331 [inline]
__do_sys_mount fs/namespace.c:3539 [inline]
__se_sys_mount fs/namespace.c:3516 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3516
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fd096c788d9
RSP: 002b:00007fd09418c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fd096d7d1a0 RCX: 00007fd096c788d9
RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
RBP: 00007fd096cd2cb4 R08: 0000000020000140 R09: 0000000000000000
R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd3277c3cf R14: 00007fd09418c300 R15: 0000000000022000
Showing all locks held in the system:
1 lock held by khungtaskd/27:
#0: ffffffff8bb813a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6458
2 locks held by in:imklog/6244:
2 locks held by kworker/1:3/7886:
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2268
#1: ffffc90003fd7db0 ((work_completion)(&m->wq)){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2272
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.0-rc4-next-20211007-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:105
nmi_trigger_cpumask_backtrace+0x1ae/0x220 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:254 [inline]
watchdog+0xcb7/0xed0 kernel/hung_task.c:339
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 56 Comm: kworker/u4:3 Not tainted 5.15.0-rc4-next-20211007-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4725 [inline]
RIP: 0010:__lock_acquire+0x65b/0x54a0 kernel/locking/lockdep.c:4977
Code: 01 f8 48 89 44 24 60 eb 66 48 8d 04 5b 48 c1 e0 06 48 05 60 dd f3 8f 48 8d b8 b8 00 00 00 48 89 fa 48 c1 ea 03 42 0f b6 14 3a <84> d2 74 06 0f 8e 5f 2b 00 00 0f b6 80 b8 00 00 00 84 c0 74 06 40
RSP: 0018:ffffc90001a2f7e0 EFLAGS: 00000802
RAX: ffffffff8ff3e360 RBX: 0000000000000008 RCX: ffffffff815b5c7d
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8ff3e418
RBP: 0000000000000004 R08: 0000000000000000 R09: ffffffff8ff3d947
R10: fffffbfff1fe7b28 R11: 0000000000000000 R12: 0000000000000003
R13: ffff888017135700 R14: ffff888017136168 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0387bfd000 CR3: 000000000b88e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
__mutex_lock_common kernel/locking/mutex.c:599 [inline]
__mutex_lock+0x12f/0x12f0 kernel/locking/mutex.c:732
arch_jump_label_transform_queue+0x58/0x100 arch/x86/kernel/jump_label.c:136
__jump_label_update+0x12e/0x400 kernel/jump_label.c:451
jump_label_update+0x1d5/0x430 kernel/jump_label.c:830
static_key_disable_cpuslocked+0x152/0x1b0 kernel/jump_label.c:207
static_key_disable+0x16/0x20 kernel/jump_label.c:215
toggle_allocation_gate mm/kfence/core.c:745 [inline]
toggle_allocation_gate+0x183/0x390 mm/kfence/core.c:723
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2297
worker_thread+0x658/0x11f0 kernel/workqueue.c:2444
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
----------------
Code disassembly (best guess):
0: 01 f8 add %edi,%eax
2: 48 89 44 24 60 mov %rax,0x60(%rsp)
7: eb 66 jmp 0x6f
9: 48 8d 04 5b lea (%rbx,%rbx,2),%rax
d: 48 c1 e0 06 shl $0x6,%rax
11: 48 05 60 dd f3 8f add $0xffffffff8ff3dd60,%rax
17: 48 8d b8 b8 00 00 00 lea 0xb8(%rax),%rdi
1e: 48 89 fa mov %rdi,%rdx
21: 48 c1 ea 03 shr $0x3,%rdx
25: 42 0f b6 14 3a movzbl (%rdx,%r15,1),%edx
* 2a: 84 d2 test %dl,%dl <-- trapping instruction
2c: 74 06 je 0x34
2e: 0f 8e 5f 2b 00 00 jle 0x2b93
34: 0f b6 80 b8 00 00 00 movzbl 0xb8(%rax),%eax
3b: 84 c0 test %al,%al
3d: 74 06 je 0x45
3f: 40 rex