INFO: task khugepaged:33 blocked for more than 143 seconds. Not tainted 5.15.0-rc4-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:khugepaged state:D stack:24064 pid: 33 ppid: 2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_timeout+0x19d/0x250 kernel/time/timer.c:1857 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x176/0x280 kernel/sched/completion.c:138 __flush_work+0x48d/0xa30 kernel/workqueue.c:3083 __lru_add_drain_all+0x33a/0x6e0 mm/swap.c:833 khugepaged_do_scan mm/khugepaged.c:2214 [inline] khugepaged+0xf0/0x40b0 mm/khugepaged.c:2275 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Showing all locks held in the system: 2 locks held by kworker/u4:1/10: #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a4/0x1450 kernel/workqueue.c:2268 #1: ffffc90000cf7db8 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x7d1/0x1450 kernel/workqueue.c:2272 5 locks held by kworker/1:0/20: 1 lock held by khungtaskd/27: #0: ffffffff8ab76840 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446 1 lock held by khugepaged/33: #0: ffffffff8ac53aa8 (lock#5){+.+.}-{3:3}, at: __lru_add_drain_all+0x5a/0x6e0 mm/swap.c:782 2 locks held by kworker/u4:5/1447: #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a4/0x1450 kernel/workqueue.c:2268 #1: ffffc90005d9fdb8 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x7d1/0x1450 kernel/workqueue.c:2272 1 lock held by systemd-udevd/2970: 1 lock held by in:imklog/6207: #0: ffff8880180e3770 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x9c/0xb0 fs/file.c:990 3 locks held by kworker/0:4/6872: #0: ffff888023f0e138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888023f0e138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888023f0e138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888023f0e138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] #0: ffff888023f0e138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] #0: ffff888023f0e138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7a4/0x1450 kernel/workqueue.c:2268 #1: ffff8880b9e1f9c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39d/0x480 kernel/sched/psi.c:880 #2: ffff888082213530 (&idev->mc_lock){+.+.}-{3:3}, at: mld_ifc_work+0x3a/0xa90 net/ipv6/mcast.c:2658 2 locks held by syz-executor.2/13455: #0: ffff88805e9ce210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88805e9ce210 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x76/0x270 net/socket.c:648 #1: ffffffff8c2305c8 (rtnl_mutex){+.+.}-{3:3}, at: ip6mr_sk_done+0xad/0x2e0 net/ipv6/ip6mr.c:1582 2 locks held by syz-executor.5/13457: #0: ffff8880b9e31a18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:474 [inline] #0: ffff8880b9e31a18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1317 [inline] #0: ffff8880b9e31a18 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1620 [inline] #0: ffff8880b9e31a18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x236/0x26c0 kernel/sched/core.c:6201 #1: ffff8880b9e1f9c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39d/0x480 kernel/sched/psi.c:880 2 locks held by syz-executor.5/13488: #0: ffff88807c284410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88807c284410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x76/0x270 net/socket.c:648 #1: ffffffff8c2305c8 (rtnl_mutex){+.+.}-{3:3}, at: ip6mr_sk_done+0xad/0x2e0 net/ipv6/ip6mr.c:1582 1 lock held by syz-executor.5/13528: 1 lock held by syz-executor.0/13530: 1 lock held by syz-executor.3/13535: #0: ffffffff8c2305c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8c2305c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x2d2/0x8d0 net/core/rtnetlink.c:5569 2 locks held by syz-executor.4/13531: #0: ffff8880b9e31a18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:474 [inline] #0: ffff8880b9e31a18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1317 [inline] #0: ffff8880b9e31a18 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1620 [inline] #0: ffff8880b9e31a18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x236/0x26c0 kernel/sched/core.c:6201 #1: ffff8880b9e1f9c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39d/0x480 kernel/sched/psi.c:880 1 lock held by syz-executor.5/13557: 1 lock held by syz-executor.1/13564: #0: ffffffff8c2305c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8c2305c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x2d2/0x8d0 net/core/rtnetlink.c:5569 3 locks held by syz-executor.0/13565: #0: ffff8880b9e31a18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:474 [inline] #0: ffff8880b9e31a18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1317 [inline] #0: ffff8880b9e31a18 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1620 [inline] #0: ffff8880b9e31a18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x236/0x26c0 kernel/sched/core.c:6201 #1: ffff8880b9e1f9c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39d/0x480 kernel/sched/psi.c:880 #2: ffffffff8ab76840 (rcu_read_lock){....}-{1:2}, at: trace_sched_stat_runtime include/trace/events/sched.h:517 [inline] #2: ffffffff8ab76840 (rcu_read_lock){....}-{1:2}, at: update_curr+0x2ea/0x850 kernel/sched/fair.c:852 2 locks held by syz-executor.4/13567: 2 locks held by syz-executor.3/13560: #0: ffff88806bd6c410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff88806bd6c410 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x76/0x270 net/socket.c:648 #1: ffffffff8c2305c8 (rtnl_mutex){+.+.}-{3:3}, at: ip6mr_sk_done+0xad/0x2e0 net/ipv6/ip6mr.c:1582 1 lock held by syz-executor.0/13594: 1 lock held by syz-executor.1/13599: #0: ffffffff8c2305c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8c2305c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x2d2/0x8d0 net/core/rtnetlink.c:5569 1 lock held by syz-executor.2/13597: #0: ffffffff8c2305c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8c2305c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x2d2/0x8d0 net/core/rtnetlink.c:5569 1 lock held by syz-executor.5/13600: #0: ffffffff8c2305c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8c2305c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x2d2/0x8d0 net/core/rtnetlink.c:5569 2 locks held by syz-executor.3/13593: #0: ffff8880591a3e10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #0: ffff8880591a3e10 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x76/0x270 net/socket.c:648 #1: ffffffff8c2305c8 (rtnl_mutex){+.+.}-{3:3}, at: ip6mr_sk_done+0xad/0x2e0 net/ipv6/ip6mr.c:1582 2 locks held by syz-executor.4/13601: ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 nmi_cpu_backtrace.cold+0x30/0xc0 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x11a/0x160 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0x88c/0xbf0 kernel/hung_task.c:295 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.15.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events ipvlan_process_multicast RIP: 0010:__read_once_word_nocheck+0x3/0x10 include/asm-generic/rwonce.h:68 Code: e9 97 fb ff ff 4c 89 f6 48 c7 c7 80 fe 9e 8a e8 e3 ac 73 02 e9 60 fb ff ff e8 09 26 7a 00 e9 cf fb ff ff cc cc cc cc 48 8b 07 66 66 2e 0f 1f 84 00 00 00 00 00 90 41 57 89 d0 41 56 41 55 41 RSP: 0018:ffffc90000dc0710 EFLAGS: 00000293 RAX: ffffffff81003b5f RBX: ffffc90000dc0868 RCX: ffffc90000dc0868 RDX: dffffc0000000000 RSI: ffffc90000da7f50 RDI: ffffc90000da7f50 RBP: ffffc90000da7f50 R08: ffffffff8cfda976 R09: 0000000000000001 R10: fffff520001b810f R11: 000000000007a089 R12: ffffc90000dc0820 R13: ffffc90000da0000 R14: ffffc90000dc0820 R15: ffffffff8cfda97a FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055875de6dff8 CR3: 000000007870c000 CR4: 0000000000350ee0 Call Trace: deref_stack_reg+0xee/0x150 arch/x86/kernel/unwind_orc.c:355 unwind_next_frame+0xcc3/0x1ce0 arch/x86/kernel/unwind_orc.c:534 arch_stack_walk+0x7d/0xe0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track+0x1c/0x30 mm/kasan/common.c:46 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:360 ____kasan_slab_free mm/kasan/common.c:366 [inline] ____kasan_slab_free mm/kasan/common.c:328 [inline] __kasan_slab_free+0xff/0x130 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1700 [inline] slab_free_freelist_hook+0x81/0x190 mm/slub.c:1725 slab_free mm/slub.c:3483 [inline] kmem_cache_free+0x8a/0x5b0 mm/slub.c:3499 ip6_mc_input+0x96d/0xbc0 net/ipv6/ip6_input.c:569 __netif_receive_skb_one_core+0x104/0x180 net/core/dev.c:5436 process_backlog+0x22a/0x610 net/core/dev.c:6427 __napi_poll+0x94/0x350 net/core/dev.c:6986 napi_poll net/core/dev.c:7053 [inline] net_rx_action+0x6fc/0xa50 net/core/dev.c:7140 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 do_softirq.part.0+0xde/0x130 kernel/softirq.c:459 do_softirq kernel/softirq.c:451 [inline] __local_bh_enable_ip+0x102/0x120 kernel/softirq.c:383 local_bh_enable include/linux/bottom_half.h:32 [inline] ipvlan_process_multicast+0x7b1/0xd20 drivers/net/ipvlan/ipvlan_core.c:279 process_one_work+0x87f/0x1450 kernel/workqueue.c:2297 worker_thread+0x598/0x1040 kernel/workqueue.c:2444 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 ---------------- Code disassembly (best guess): 0: e9 97 fb ff ff jmpq 0xfffffb9c 5: 4c 89 f6 mov %r14,%rsi 8: 48 c7 c7 80 fe 9e 8a mov $0xffffffff8a9efe80,%rdi f: e8 e3 ac 73 02 callq 0x273acf7 14: e9 60 fb ff ff jmpq 0xfffffb79 19: e8 09 26 7a 00 callq 0x7a2627 1e: e9 cf fb ff ff jmpq 0xfffffbf2 23: cc int3 24: cc int3 25: cc int3 26: cc int3 27: 48 8b 07 mov (%rdi),%rax * 2a: c3 retq <-- trapping instruction 2b: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1) 32: 00 00 00 00 36: 90 nop 37: 41 57 push %r15 39: 89 d0 mov %edx,%eax 3b: 41 56 push %r14 3d: 41 55 push %r13 3f: 41 rex.B