INFO: task syz-executor.1:8689 blocked for more than 143 seconds. Not tainted 5.15.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:22648 pid: 8689 ppid: 6481 flags:0x00024004 Call Trace: context_switch kernel/sched/core.c:4969 [inline] __schedule+0xb72/0x1460 kernel/sched/core.c:6250 schedule+0x12b/0x1f0 kernel/sched/core.c:6323 schedule_timeout+0xac/0x300 kernel/time/timer.c:1857 do_wait_for_common+0x2da/0x480 kernel/sched/completion.c:85 __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x46/0x60 kernel/sched/completion.c:138 io_wq_exit_workers fs/io-wq.c:1200 [inline] io_wq_put_and_exit+0x5cf/0xc50 fs/io-wq.c:1235 io_uring_clean_tctx+0x103/0x1d5 fs/io_uring.c:9719 io_uring_cancel_generic+0x624/0x661 fs/io_uring.c:9800 io_uring_files_cancel include/linux/io_uring.h:16 [inline] do_exit+0x279/0x24e0 kernel/exit.c:781 do_group_exit+0x168/0x2d0 kernel/exit.c:923 get_signal+0x16b0/0x2090 kernel/signal.c:2855 arch_do_signal_or_restart+0x9c/0x730 arch/x86/kernel/signal.c:868 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x191/0x220 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x2e/0x70 kernel/entry/common.c:300 do_syscall_64+0x53/0xd0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f51bcb31ae9 RSP: 002b:00007f51ba086188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa RAX: 0000000000000200 RBX: 00007f51bcc45020 RCX: 00007f51bcb31ae9 RDX: 0000000000000000 RSI: 00000000000045f5 RDI: 0000000000000003 RBP: 00007f51bcb8bf25 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdb9066c6f R14: 00007f51ba086300 R15: 0000000000022000 Showing all locks held in the system: 1 lock held by khungtaskd/27: #0: ffffffff8c91d480 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 1 lock held by in:imklog/6149: #0: ffff88801cb12d70 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24e/0x2f0 fs/file.c:990 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106 nmi_cpu_backtrace+0x45f/0x490 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x16a/0x280 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0xc82/0xcd0 kernel/hung_task.c:295 kthread+0x468/0x490 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 2929 Comm: systemd-journal Not tainted 5.15.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:kasan_quarantine_put+0x9/0x230 mm/kasan/quarantine.c:172 Code: 31 f6 e8 9a 81 f5 ff 48 c7 c7 f8 32 9e 8c e8 de a9 2f 08 31 c0 48 83 c4 08 5b 41 5e c3 cc cc cc cc 41 57 41 56 41 55 41 54 53 <50> 49 89 fe e8 fe cd ff ff 48 85 c0 74 6b 48 89 c3 48 c7 04 24 00 RSP: 0018:ffffc9000254fd40 EFLAGS: 00000a06 RAX: dffffc0000000000 RBX: ffff888140007500 RCX: 4e4064f730686e00 RDX: 0000000000000800 RSI: ffff88803b725500 RDI: ffff888140007500 RBP: ffff88803b725500 R08: 0000000000000003 R09: ffffffff8a000dd0 R10: ffffffff8a200000 R11: ffffffff8a2007a3 R12: 0000000000000000 R13: ffffc9000254fdc8 R14: 0000000000000000 R15: ffffc9000254fdd0 FS: 00007fc0a68f88c0(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc0a3d09010 CR3: 000000007c65a000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1700 [inline] slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1726 slab_free mm/slub.c:3492 [inline] kmem_cache_free+0x95/0x190 mm/slub.c:3508 putname fs/namei.c:270 [inline] do_mkdirat+0x49d/0x530 fs/namei.c:3918 __do_sys_mkdir fs/namei.c:3929 [inline] __se_sys_mkdir fs/namei.c:3927 [inline] __x64_sys_mkdir+0x6a/0x80 fs/namei.c:3927 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fc0a5bb3687 Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 RSP: 002b:00007ffe299c7b18 EFLAGS: 00000293 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 00007ffe299caa30 RCX: 00007fc0a5bb3687 RDX: 00007fc0a6624a00 RSI: 00000000000001ed RDI: 0000561d2cbd28a0 RBP: 00007ffe299c7b50 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000 R13: 0000000000000000 R14: 00007ffe299caa30 R15: 00007ffe299c8040 ---------------- Code disassembly (best guess): 0: 31 f6 xor %esi,%esi 2: e8 9a 81 f5 ff callq 0xfff581a1 7: 48 c7 c7 f8 32 9e 8c mov $0xffffffff8c9e32f8,%rdi e: e8 de a9 2f 08 callq 0x82fa9f1 13: 31 c0 xor %eax,%eax 15: 48 83 c4 08 add $0x8,%rsp 19: 5b pop %rbx 1a: 41 5e pop %r14 1c: c3 retq 1d: cc int3 1e: cc int3 1f: cc int3 20: cc int3 21: 41 57 push %r15 23: 41 56 push %r14 25: 41 55 push %r13 27: 41 54 push %r12 29: 53 push %rbx * 2a: 50 push %rax <-- trapping instruction 2b: 49 89 fe mov %rdi,%r14 2e: e8 fe cd ff ff callq 0xffffce31 33: 48 85 c0 test %rax,%rax 36: 74 6b je 0xa3 38: 48 89 c3 mov %rax,%rbx 3b: 48 rex.W 3c: c7 .byte 0xc7 3d: 04 24 add $0x24,%al