INFO: task syz-executor.3:29536 blocked for more than 153 seconds. Not tainted 5.11.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:29656 pid:29536 ppid: 24443 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4313 [inline] __schedule+0x90c/0x21a0 kernel/sched/core.c:5064 schedule+0xcf/0x270 kernel/sched/core.c:5143 __lock_sock+0x13d/0x260 net/core/sock.c:2518 lock_sock_nested+0xf1/0x110 net/core/sock.c:3051 lock_sock include/net/sock.h:1594 [inline] __inet_bind+0x827/0xbc0 net/ipv4/af_inet.c:514 inet_bind+0xf0/0x170 net/ipv4/af_inet.c:457 __sys_bind+0x1e9/0x250 net/socket.c:1635 __do_sys_bind net/socket.c:1646 [inline] __se_sys_bind net/socket.c:1644 [inline] __x64_sys_bind+0x6f/0xb0 net/socket.c:1644 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e219 RSP: 002b:00007f69344ecc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e219 RDX: 0000000000000010 RSI: 0000000020000140 RDI: 0000000000000006 RBP: 000000000119c068 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119c034 R13: 00007ffc0e39740f R14: 00007f69344ed9c0 R15: 000000000119c034 Showing all locks held in the system: 1 lock held by khungtaskd/1638: #0: ffffffff8b373920 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6254 1 lock held by in:imklog/8153: #0: ffff88801ace0370 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:947 4 locks held by kworker/u4:6/10439: 2 locks held by agetty/14373: #0: ffff88801bf15098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:266 #1: ffff88801bf15130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: tty_write_lock drivers/tty/tty_io.c:887 [inline] #1: ffff88801bf15130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: do_tty_write drivers/tty/tty_io.c:910 [inline] #1: ffff88801bf15130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: tty_write+0x27f/0x8b0 drivers/tty/tty_io.c:1045 2 locks held by syz-executor.3/29532: 3 locks held by syz-executor.5/29544: ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1638 Comm: khungtaskd Not tainted 5.11.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:120 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0xd43/0xfa0 kernel/hung_task.c:294 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 29544 Comm: syz-executor.5 Not tainted 5.11.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:check_kcov_mode kernel/kcov.c:163 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x2d/0x60 kernel/kcov.c:197 Code: f9 25 8f 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b 14 25 00 f0 01 00 a9 00 01 ff 00 74 0e 85 c9 74 35 8b 82 cc 14 00 00 <85> c0 74 2b 8b 82 a8 14 00 00 83 f8 02 75 20 48 8b 8a b0 14 00 00 RSP: 0018:ffffc90000db0250 EFLAGS: 00000006 RAX: 0000000000000000 RBX: ffff888028d7c160 RCX: 0000000000000100 RDX: ffff8880632ab780 RSI: ffffffff8162c29b RDI: ffff888028d7c160 RBP: 0000000000000000 R08: 000000c0690881c5 R09: 0000000000000001 R10: ffffffff83d9b64f R11: 0000000000000000 R12: 0000000000000000 R13: ffff8880b9f26a80 R14: ffff8880b9f26a00 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020fac000 CR3: 0000000026263000 CR4: 0000000000350ee0 Call Trace: do_raw_write_seqcount_barrier include/linux/seqlock.h:616 [inline] __run_hrtimer kernel/time/hrtimer.c:1545 [inline] __hrtimer_run_queues+0x29b/0xe40 kernel/time/hrtimer.c:1583 hrtimer_interrupt+0x334/0x940 kernel/time/hrtimer.c:1645 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1085 [inline] __sysvec_apic_timer_interrupt+0x146/0x540 arch/x86/kernel/apic/apic.c:1102 run_sysvec_on_irqstack_cond arch/x86/include/asm/irq_stack.h:91 [inline] sysvec_apic_timer_interrupt+0x48/0x100 arch/x86/kernel/apic/apic.c:1096 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628 RIP: 0010:check_kcov_mode+0x22/0x40 kernel/kcov.c:163 Code: fe ff ff cc cc cc cc cc 65 8b 05 19 2e 8f 7e 89 c2 81 e2 00 01 00 00 a9 00 01 ff 00 74 10 31 c0 85 d2 74 15 8b 96 cc 14 00 00 <85> d2 74 0b 8b 86 a8 14 00 00 39 f8 0f 94 c0 c3 0f 1f 40 00 66 2e RSP: 0018:ffffc90000db04f0 EFLAGS: 00000206 RAX: 0000000000000000 RBX: 0000000000000502 RCX: 0000000000000502 RDX: 0000000000000000 RSI: ffff8880632ab780 RDI: 0000000000000003 RBP: ffff888021466200 R08: 0000000000000000 R09: ffff88802146646f R10: ffffffff86efe831 R11: 0000000000000000 R12: 00000000000004ff R13: ffff88802146646c R14: ffff888056a20000 R15: 0000000000000029 write_comp_data kernel/kcov.c:218 [inline] __sanitizer_cov_trace_const_cmp4+0x1c/0x70 kernel/kcov.c:284 __refcount_sub_and_test include/linux/refcount.h:282 [inline] refcount_sub_and_test include/linux/refcount.h:310 [inline] sock_wfree+0x191/0x240 net/core/sock.c:2051 skb_release_head_state+0x9f/0x250 net/core/skbuff.c:661 skb_release_all net/core/skbuff.c:672 [inline] __kfree_skb net/core/skbuff.c:688 [inline] kfree_skb net/core/skbuff.c:706 [inline] kfree_skb+0xfa/0x3f0 net/core/skbuff.c:700 ip6_tnl_start_xmit+0x717/0x16f0 net/ipv6/ip6_tunnel.c:1439 __netdev_start_xmit include/linux/netdevice.h:4776 [inline] netdev_start_xmit include/linux/netdevice.h:4790 [inline] xmit_one net/core/dev.c:3574 [inline] dev_hard_start_xmit+0x1eb/0x920 net/core/dev.c:3590 __dev_queue_xmit+0x21db/0x2dd0 net/core/dev.c:4151 neigh_connected_output+0x380/0x4c0 net/core/neighbour.c:1520 neigh_output include/net/neighbour.h:510 [inline] ip6_finish_output2+0x6b8/0x16c0 net/ipv6/ip6_output.c:117 __ip6_finish_output net/ipv6/ip6_output.c:182 [inline] __ip6_finish_output+0x4c1/0xe10 net/ipv6/ip6_output.c:161 ip6_finish_output+0x35/0x200 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip6_output+0x1db/0x520 net/ipv6/ip6_output.c:215 dst_output include/net/dst.h:441 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ndisc_send_skb+0xa90/0x1750 net/ipv6/ndisc.c:508 ndisc_send_rs+0x12e/0x700 net/ipv6/ndisc.c:702 addrconf_rs_timer+0x3f2/0x820 net/ipv6/addrconf.c:3874 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1417 expire_timers kernel/time/timer.c:1462 [inline] __run_timers.part.0+0x67c/0xa50 kernel/time/timer.c:1731 __run_timers kernel/time/timer.c:1712 [inline] run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1744 __do_softirq+0x2bc/0xa29 kernel/softirq.c:343 asm_call_irq_on_stack+0xf/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:226 [inline] __irq_exit_rcu kernel/softirq.c:420 [inline] irq_exit_rcu+0x134/0x200 kernel/softirq.c:432 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1096 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628 RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline] RIP: 0010:check_kcov_mode kernel/kcov.c:163 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:197 Code: 00 00 00 4d 8b 0b 48 0f bd c8 49 8b 14 24 48 63 c9 e9 66 ff ff ff 4c 01 ca 49 89 13 e9 00 fd ff ff 66 0f 1f 84 00 00 00 00 00 <65> 8b 05 f9 25 8f 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b RSP: 0018:ffffc9000987f790 EFLAGS: 00000282 RAX: 0000000000000000 RBX: 80000000508c8007 RCX: 80000000508c8007 RDX: 0000000000000000 RSI: ffff8880632ab780 RDI: 0000000000000003 RBP: ffffea00007f8fc0 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff81a50276 R11: 0000000000000000 R12: 80000000508c8007 R13: ffff8880134ebe18 R14: dffffc0000000000 R15: 00007f13231c4000 get_current arch/x86/include/asm/current.h:15 [inline] need_resched include/linux/sched.h:1917 [inline] zap_pte_range mm/memory.c:1231 [inline] zap_pmd_range mm/memory.c:1368 [inline] zap_pud_range mm/memory.c:1397 [inline] zap_p4d_range mm/memory.c:1418 [inline] unmap_page_range+0x825/0x2640 mm/memory.c:1439 unmap_single_vma+0x198/0x300 mm/memory.c:1484 unmap_vmas+0x168/0x2e0 mm/memory.c:1516 exit_mmap+0x2b1/0x5a0 mm/mmap.c:3220 __mmput+0x122/0x470 kernel/fork.c:1083 mmput+0x53/0x60 kernel/fork.c:1104 exit_mm kernel/exit.c:501 [inline] do_exit+0xb6a/0x2ae0 kernel/exit.c:812 do_group_exit+0x125/0x310 kernel/exit.c:922 get_signal+0x3e9/0x20a0 kernel/signal.c:2770 arch_do_signal_or_restart+0x2a8/0x1eb0 arch/x86/kernel/signal.c:811 handle_signal_work kernel/entry/common.c:147 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x148/0x250 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:302 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e219 Code: Unable to access opcode bytes at RIP 0x45e1ef. RSP: 002b:00007f1321514c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: 0000000000278000 RBX: 0000000000000006 RCX: 000000000045e219 RDX: ffffffffffffffef RSI: 0000000020d7cfcb RDI: 0000000000000006 RBP: 000000000119bfd8 R08: 0000000000000000 R09: 0000000009000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c R13: 00007ffca90e9a8f R14: 00007f13215159c0 R15: 000000000119bf8c