INFO: task syz.4.1337:10306 blocked in I/O wait for more than 143 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.1337 state:D stack:25216 pid:10306 tgid:10305 ppid:7063 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5388 [inline]
__schedule+0x1295/0x67a0 kernel/sched/core.c:7189
__schedule_loop kernel/sched/core.c:7268 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7283
io_schedule+0x8a/0xf0 kernel/sched/core.c:8110
folio_wait_bit_common+0x414/0xa70 mm/filemap.c:1324
folio_lock include/linux/pagemap.h:1159 [inline]
migrate_folio_unmap mm/migrate.c:1252 [inline]
migrate_pages_batch+0x7a1/0x45c0 mm/migrate.c:1909
migrate_pages_sync+0x4db/0x880 mm/migrate.c:2053
migrate_pages+0x1aa5/0x2880 mm/migrate.c:2135
compact_zone+0x244f/0x4460 mm/compaction.c:2664
compact_node+0x17f/0x2c0 mm/compaction.c:2933
compact_nodes mm/compaction.c:2955 [inline]
sysctl_compaction_handler mm/compaction.c:3006 [inline]
sysctl_compaction_handler+0x141/0x210 mm/compaction.c:2993
proc_sys_call_handler+0x47f/0x5a0 fs/proc/proc_sysctl.c:600
iter_file_splice_write+0x830/0x10a0 fs/splice.c:736
do_splice_from fs/splice.c:936 [inline]
direct_splice_actor+0x192/0x6c0 fs/splice.c:1159
splice_direct_to_actor+0x345/0xa30 fs/splice.c:1103
do_splice_direct_actor fs/splice.c:1202 [inline]
do_splice_direct+0x174/0x240 fs/splice.c:1228
do_sendfile+0xadc/0xe20 fs/read_write.c:1372
__do_sys_sendfile64 fs/read_write.c:1427 [inline]
__se_sys_sendfile64 fs/read_write.c:1419 [inline]
__x64_sys_sendfile64+0x154/0x220 fs/read_write.c:1419
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x115/0x870 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2fa7d9ce59
RSP: 002b:00007f2fa8b86028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f2fa8015fa0 RCX: 00007f2fa7d9ce59
RDX: 00002000000000c0 RSI: 0000000000000003 RDI: 0000000000000004
RBP: 00007f2fa7e32d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2fa8016038 R14: 00007f2fa8015fa0 R15: 00007ffd80012268
Showing all locks held in the system:
1 lock held by khungtaskd/42:
#0: ffffffff8e7e5560 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#0: ffffffff8e7e5560 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
#0: ffffffff8e7e5560 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 kernel/locking/lockdep.c:6775
2 locks held by getty/5539:
#0: ffff88802356d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc900033732e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14f0 drivers/tty/n_tty.c:2211
4 locks held by sshd-session/5720:
3 locks held by kworker/1:3/5814:
#0: ffff88801b8aa940 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3289
#1: ffffc9000447fd08 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3290
#2: ffff888058e6f250 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x1b8/0x63b0 drivers/net/netdevsim/fib.c:1490
1 lock held by udevd/6890:
#0: ffff8880289d3350 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40 block/bdev.c:953
1 lock held by syz.4.1337/10306:
#0: ffff888022640410 (sb_writers#3){.+.+}-{0:0}, at: splice_direct_to_actor+0x345/0xa30 fs/splice.c:1103
3 locks held by syz-executor/11705:
#0: ffffffff8e67c630 (cpu_hotplug_lock){++++}-{0:0}, at: kmem_cache_destroy mm/slab_common.c:556 [inline]
#0: ffffffff8e67c630 (cpu_hotplug_lock){++++}-{0:0}, at: kmem_cache_destroy+0x4b/0x190 mm/slab_common.c:527
#1: ffffffff8e97f760 (slab_mutex){+.+.}-{4:4}, at: kmem_cache_destroy mm/slab_common.c:557 [inline]
#1: ffffffff8e97f760 (slab_mutex){+.+.}-{4:4}, at: kmem_cache_destroy+0x59/0x190 mm/slab_common.c:527
#2: ffffffff8e7f0f78 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 kernel/rcu/tree.c:3828
1 lock held by syz-executor/16784:
1 lock held by syz-executor/16789:
#0: ffffffff8e7f0f78 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 kernel/rcu/tree.c:3828
1 lock held by syz.7.3020/17060:
#0: ffffffff8e7f10a8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 kernel/rcu/tree_exp.h:343
1 lock held by dhcpcd/17144:
#0: ffff88804d1e4260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1713 [inline]
#0: ffff88804d1e4260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf50 net/packet/af_packet.c:3204
1 lock held by dhcpcd-run-hook/17145:
=============================================
NMI backtrace for cpu 3
CPU: 3 UID: 0 PID: 42 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
nmi_cpu_backtrace.cold+0x12d/0x151 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x1d7/0x230 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x141/0x190 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
watchdog+0xcb1/0x1030 kernel/hung_task.c:561
kthread+0x370/0x450 kernel/kthread.c:436
ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 3 to CPUs 0-2:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 15156 Comm: syz.6.2664 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:__nr_to_section+0x13/0xb0 include/linux/mmzone.h:2061
Code: ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 48 89 fd 53 48 c1 ed 07 48 89 fb eb 76 cc cc cc 31 c0 <3c> 01 48 19 c0 25 00 f0 03 00 48 05 00 10 00 00 48 39 c5 73 63 48
RSP: 0000:ffffc900046ef8f8 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 0000000000000024 RCX: 0000000000000002
RDX: 1ffff1102ffff034 RSI: 00000000001215ec RDI: 0000000000000024
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: ffffed10242bd800 R11: 0000000000000000 R12: 00000000001215ec
R13: 0000000000000017 R14: ffff88817fff7100 R15: 0000000000180000
FS: 0000000000000000(0000) GS:ffff8880d6383000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f78b684f156 CR3: 000000000e596000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 000000000000003c
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
__pfn_to_section include/linux/mmzone.h:2198 [inline]
get_pageblock_bitmap mm/page_alloc.c:323 [inline]
get_pfnblock_bitmap_bitidx mm/page_alloc.c:359 [inline]
__get_pfnblock_flags_mask mm/page_alloc.c:384 [inline]
__get_pfnblock_flags_mask+0x128/0x240 mm/page_alloc.c:376
get_pfnblock_migratetype mm/page_alloc.c:432 [inline]
__free_frozen_pages+0x4d2/0x10a0 mm/page_alloc.c:2949
vfree mm/vmalloc.c:3472 [inline]
vfree+0x15f/0x8d0 mm/vmalloc.c:3436
kcov_put kernel/kcov.c:442 [inline]
kcov_put kernel/kcov.c:438 [inline]
kcov_close+0x34/0x60 kernel/kcov.c:543
__fput+0x3ff/0xb50 fs/file_table.c:510
task_work_run+0x150/0x240 kernel/task_work.c:233
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x951/0x2af0 kernel/exit.c:976
do_group_exit+0xd5/0x2a0 kernel/exit.c:1119
get_signal+0x20ff/0x2210 kernel/signal.c:3037
arch_do_signal_or_restart+0x91/0x7e0 arch/x86/kernel/signal.c:337
__exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
exit_to_user_mode_loop+0x98/0x670 kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline]
do_syscall_64+0x666/0x870 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f78b675d68e
Code: Unable to access opcode bytes at 0x7f78b675d664.
RSP: 002b:00007f78b75f8f58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6
RAX: fffffffffffffdfc RBX: 00007f78b75f96c0 RCX: 00007f78b675d68e
RDX: 00007f78b75f8fb0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f78b6832d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f78b6a16038 R14: 00007f78b6a15fa0 R15: 00007ffc07092ba8
NMI backtrace for cpu 2
CPU: 2 UID: 0 PID: 17060 Comm: syz.7.3020 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:__read_once_word_nocheck+0x0/0x10 include/asm-generic/rwonce.h:67
Code: e9 c2 fa ff ff 48 c7 c7 58 c2 ab 8b e8 49 cf be 00 e9 1e fa ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 07 c3 cc cc cc cc 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
RSP: 0018:ffffc90006baecd8 EFLAGS: 00000202
RAX: ffffc90006bb0001 RBX: 0000000000000001 RCX: ffffffff917abb96
RDX: ffffc90006baee01 RSI: ffffc90006baee78 RDI: ffffc90006baee78
RBP: ffffc90006baed98 R08: ffffffff917abb9a R09: 0000000000000007
R10: 0000000000000200 R11: 000000000000f2f7 R12: ffffc90006baeda0
R13: ffffc90006baed50 R14: ffffc90006baee80 R15: ffffc90006baed84
FS: 0000000000000000(0000) GS:ffff8880d6583000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005580fd246000 CR3: 000000003563f000 CR4: 0000000000352ef0
Call Trace:
deref_stack_reg arch/x86/kernel/unwind_orc.c:422 [inline]
unwind_next_frame+0xd07/0x2090 arch/x86/kernel/unwind_orc.c:614
arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
save_stack+0x162/0x1e0 mm/page_owner.c:165
__reset_page_owner+0x84/0x190 mm/page_owner.c:320
reset_page_owner include/linux/page_owner.h:25 [inline]
__free_pages_prepare mm/page_alloc.c:1397 [inline]
free_unref_folios+0xa44/0x1730 mm/page_alloc.c:2999
folios_put_refs+0x571/0xa90 mm/swap.c:1008
folio_batch_release include/linux/folio_batch.h:101 [inline]
shmem_undo_range+0x5e5/0x1570 mm/shmem.c:1149
shmem_truncate_range mm/shmem.c:1277 [inline]
shmem_evict_inode+0x3f3/0xc40 mm/shmem.c:1407
evict+0x3c2/0xad0 fs/inode.c:841
iput_final fs/inode.c:1960 [inline]
iput.part.0+0x605/0xf50 fs/inode.c:2009
iput+0x35/0x40 fs/inode.c:1975
dentry_unlink_inode+0x2c0/0x4c0 fs/dcache.c:476
__dentry_kill+0x1d0/0x690 fs/dcache.c:718
shrink_kill fs/dcache.c:1195 [inline]
shrink_dentry_list+0x180/0x5e0 fs/dcache.c:1222
shrink_dcache_tree+0x3b1/0x7e0 fs/dcache.c:1653
do_one_tree fs/dcache.c:1721 [inline]
shrink_dcache_for_umount+0xa7/0x400 fs/dcache.c:1738
generic_shutdown_super+0x7e/0x360 fs/super.c:624
kill_anon_super+0x3a/0x60 fs/super.c:1292
deactivate_locked_super+0xc1/0x1b0 fs/super.c:476
deactivate_super fs/super.c:509 [inline]
deactivate_super+0xe7/0x110 fs/super.c:505
cleanup_mnt+0x21f/0x450 fs/namespace.c:1312
task_work_run+0x150/0x240 kernel/task_work.c:233
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x951/0x2af0 kernel/exit.c:976
do_group_exit+0xd5/0x2a0 kernel/exit.c:1119
get_signal+0x20ff/0x2210 kernel/signal.c:3037
arch_do_signal_or_restart+0x91/0x7e0 arch/x86/kernel/signal.c:337
__exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
exit_to_user_mode_loop+0x98/0x670 kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline]
do_syscall_64+0x666/0x870 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa8d519ce59
Code: Unable to access opcode bytes at 0x7fa8d519ce2f.
RSP: 002b:00007fff4a970348 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007fa8d5417da0 RCX: 00007fa8d519ce59
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007fa8d5417da0 R08: 0000000000000006 R09: 0000000000000000
R10: 00007fa8d5417cb0 R11: 0000000000000246 R12: 000000000004efcf
R13: 00007fa8d541609c R14: 000000000004ed04 R15: 00007fa8d5416090
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 5720 Comm: sshd-session Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:mark_lock+0x83/0xa20 kernel/locking/lockdep.c:4774
Code: 8d 04 80 48 8d 04 c5 60 9b 10 96 4c 89 f1 48 23 48 60 0f 84 03 03 00 00 b8 01 00 00 00 48 8b 54 24 68 65 48 2b 15 75 77 25 12 <0f> 85 ea 07 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc
RSP: 0018:ffffc900031ff150 EFLAGS: 00000046
RAX: 0000000000000001 RBX: 0000000000000009 RCX: 0000000000000200
RDX: 0000000000000000 RSI: ffff888031138bb8 RDI: ffff888031138000
RBP: ffffc900031ff1e8 R08: 0000000000000000 R09: 0000000000000007
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888031138bb8
R13: ffff888031138000 R14: 0000000000000200 R15: 0000000000000004
FS: 00007ff69c3f1300(0000) GS:ffff8880d6483000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff69b928000 CR3: 000000003a7c1000 CR4: 0000000000352ef0
Call Trace:
mark_usage kernel/locking/lockdep.c:4674 [inline]
__lock_acquire+0x4a5/0x2630 kernel/locking/lockdep.c:5191
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825
rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
rcu_read_lock include/linux/rcupdate.h:838 [inline]
__update_page_owner_free_handle.isra.0+0x4d/0x4d0 mm/page_owner.c:283
__reset_page_owner+0x93/0x190 mm/page_owner.c:321
reset_page_owner include/linux/page_owner.h:25 [inline]
__free_pages_prepare mm/page_alloc.c:1397 [inline]
free_unref_folios+0xa44/0x1730 mm/page_alloc.c:2999
folios_put_refs+0x571/0xa90 mm/swap.c:1008
free_pages_and_swap_cache+0x22d/0x3b0 mm/swap_state.c:401
__tlb_batch_free_encoded_pages+0xe9/0x280 mm/mmu_gather.c:138
tlb_batch_pages_flush mm/mmu_gather.c:151 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:417 [inline]
tlb_flush_mmu mm/mmu_gather.c:424 [inline]
tlb_finish_mmu+0x1b0/0x810 mm/mmu_gather.c:549
unmap_region+0x2d9/0x3b0 mm/vma.c:491
vms_clear_ptes mm/vma.c:1303 [inline]
vms_complete_munmap_vmas+0xa4b/0xdd0 mm/vma.c:1345
do_vmi_align_munmap+0x44f/0x5f0 mm/vma.c:1604
do_vmi_munmap+0x1f8/0x3e0 mm/vma.c:1652
__vm_munmap+0x196/0x390 mm/vma.c:3285
__do_sys_munmap mm/mmap.c:1079 [inline]
__se_sys_munmap mm/mmap.c:1076 [inline]
__x64_sys_munmap+0x59/0x80 mm/mmap.c:1076
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x115/0x870 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff69bd1e097
Code: 73 01 c3 48 8b 0d 61 2d 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 31 2d 0d 00 f7 d8 64 89 01 48
RSP: 002b:00007ffc2ca1ca18 EFLAGS: 00000206 ORIG_RAX: 000000000000000b
RAX: ffffffffffffffda RBX: 000055ddb6bc5960 RCX: 00007ff69bd1e097
RDX: 0000000000000000 RSI: 00000000002ff000 RDI: 00007ff69b62a000
RBP: 00007ff69b62a000 R08: 00000000002ff000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: fffffffffffffea0
R13: 0000000000000020 R14: 000055ddb6bcf300 R15: 000055ddb6bc96e0