Bluetooth: hci2 command 0x0406 tx timeout Bluetooth: hci5 command 0x0406 tx timeout Bluetooth: hci4 command 0x0406 tx timeout Bluetooth: hci1 command 0x0406 tx timeout Bluetooth: hci3 command 0x0406 tx timeout BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 159s! Showing busy workqueues and worker pools: workqueue events: flags=0x0 pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=17/256 refcnt=18 in-flight: 8015:rtc_timer_do_work pending: wait_rcu_exp_gp, cache_reap, wait_rcu_exp_gp, pwq_unbound_release_workfn, perf_sched_delayed, destroy_super_work, macvlan_process_broadcast, macvlan_process_broadcast, defense_work_handler, defense_work_handler, defense_work_handler, defense_work_handler, defense_work_handler, macvlan_process_broadcast, macvlan_process_broadcast, macvlan_process_broadcast workqueue events_long: flags=0x0 pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 pending: gc_worker workqueue events_freezable: flags=0x4 pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 pending: update_balloon_stats_func workqueue events_power_efficient: flags=0x80 pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=5/256 refcnt=6 pending: fb_flashcursor, do_cache_clean, neigh_periodic_work, neigh_periodic_work, check_lifetime workqueue mm_percpu_wq: flags=0x8 pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 pending: vmstat_update workqueue dm_bufio_cache: flags=0x8 pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 pending: work_fn workqueue ipv6_addrconf: flags=0x40008 pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/1 refcnt=3 pending: addrconf_dad_work delayed: addrconf_dad_work pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=4 in-flight: 9220:addrconf_dad_work delayed: addrconf_dad_work, addrconf_verify_work workqueue bat_events: flags=0xe000a pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=9 pending: batadv_nc_worker delayed: batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker pool 0: cpus=0 node=0 flags=0x0 nice=0 hung=0s workers=5 idle: 6064 3625 3 24 pool 2: cpus=1 node=0 flags=0x0 nice=0 hung=159s workers=5 idle: 4315 18 9070 23 INFO: task kworker/0:4:9220 blocked for more than 140 seconds. Not tainted 4.14.277-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/0:4 D27216 9220 2 0x80000000 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893 addrconf_dad_work+0x89/0xef0 net/ipv6/addrconf.c:3921 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 INFO: task syz-executor.0:10075 blocked for more than 140 seconds. Not tainted 4.14.277-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D25456 10075 7978 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 _synchronize_rcu_expedited+0x522/0x770 kernel/rcu/tree_exp.h:615 synchronize_net+0x2b/0x40 net/core/dev.c:8248 dev_deactivate_many+0x3d9/0x970 net/sched/sch_generic.c:936 __dev_close_many+0x11d/0x270 net/core/dev.c:1437 __dev_close net/core/dev.c:1462 [inline] __dev_change_flags+0x21f/0x540 net/core/dev.c:6800 dev_change_flags+0x7e/0x130 net/core/dev.c:6868 do_setlink+0x83f/0x2bf0 net/core/rtnetlink.c:2092 rtnl_group_changelink net/core/rtnetlink.c:2512 [inline] rtnl_newlink+0xc9d/0x1830 net/core/rtnetlink.c:2668 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4322 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2455 netlink_unicast_kernel net/netlink/af_netlink.c:1296 [inline] netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1322 netlink_sendmsg+0x648/0xbc0 net/netlink/af_netlink.c:1893 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0x100 net/socket.c:656 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062 __sys_sendmsg+0xa3/0x120 net/socket.c:2096 SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x27/0x40 net/socket.c:2103 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f21415910e9 RSP: 002b:00007f213ff06168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f21416a3f60 RCX: 00007f21415910e9 RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 RBP: 00007f21415eb08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff929c5e5f R14: 00007f213ff06300 R15: 0000000000022000 INFO: task syz-executor.0:10090 blocked for more than 140 seconds. Not tainted 4.14.277-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28816 10090 7978 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 rcu_sync_enter+0x233/0x2d0 kernel/rcu/sync.c:135 percpu_down_write+0x59/0x3e0 kernel/locking/percpu-rwsem.c:143 ext4_ind_migrate+0x17e/0x620 fs/ext4/migrate.c:646 ext4_ioctl_setflags+0x545/0x680 fs/ext4/ioctl.c:353 ext4_ioctl+0x21e8/0x3800 fs/ext4/ioctl.c:697 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f21415910e9 RSP: 002b:00007f213fee5168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f21416a4030 RCX: 00007f21415910e9 RDX: 0000000020000040 RSI: 0000000040086602 RDI: 000000000000000f RBP: 00007f21415eb08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff929c5e5f R14: 00007f213fee5300 R15: 0000000000022000 INFO: task syz-executor.0:10099 blocked for more than 140 seconds. Not tainted 4.14.277-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D29808 10099 7978 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 __rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline] rwsem_down_write_failed+0x343/0x6d0 kernel/locking/rwsem-xadd.c:617 call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:105 __down_write arch/x86/include/asm/rwsem.h:126 [inline] down_write+0x4f/0x90 kernel/locking/rwsem.c:56 inode_lock include/linux/fs.h:719 [inline] process_measurement+0x4f5/0xb20 security/integrity/ima/ima_main.c:206 do_last fs/namei.c:3435 [inline] path_openat+0x10ad/0x2970 fs/namei.c:3569 do_filp_open+0x179/0x3c0 fs/namei.c:3603 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f21415910e9 RSP: 002b:00007f213fec4168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 RAX: ffffffffffffffda RBX: 00007f21416a4100 RCX: 00007f21415910e9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000380 RBP: 00007f21415eb08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff929c5e5f R14: 00007f213fec4300 R15: 0000000000022000 INFO: task syz-executor.0:10103 blocked for more than 140 seconds. Not tainted 4.14.277-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D30120 10103 7978 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893 addrconf_add_ifaddr+0xb3/0x130 net/ipv6/addrconf.c:2940 inet6_ioctl+0x10b/0x1a0 net/ipv6/af_inet6.c:541 sock_do_ioctl net/socket.c:974 [inline] sock_ioctl+0x2cc/0x4c0 net/socket.c:1071 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f21415910e9 RSP: 002b:00007f213fea3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f21416a41d0 RCX: 00007f21415910e9 RDX: 00000000200000c0 RSI: 0000000000008916 RDI: 0000000000000004 RBP: 00007f21415eb08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff929c5e5f R14: 00007f213fea3300 R15: 0000000000022000 INFO: task syz-executor.0:10110 blocked for more than 140 seconds. Not tainted 4.14.277-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D29184 10110 7978 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2455 netlink_unicast_kernel net/netlink/af_netlink.c:1296 [inline] netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1322 netlink_sendmsg+0x648/0xbc0 net/netlink/af_netlink.c:1893 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0x100 net/socket.c:656 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062 __sys_sendmsg+0xa3/0x120 net/socket.c:2096 SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x27/0x40 net/socket.c:2103 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f21415910e9 RSP: 002b:00007f213fe82168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f21416a42a0 RCX: 00007f21415910e9 RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000012 RBP: 00007f21415eb08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff929c5e5f R14: 00007f213fe82300 R15: 0000000000022000 INFO: task syz-executor.5:10068 blocked for more than 140 seconds. Not tainted 4.14.277-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.5 D28856 10068 7984 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893 exp_funnel_lock kernel/rcu/tree_exp.h:305 [inline] _synchronize_rcu_expedited+0x32d/0x770 kernel/rcu/tree_exp.h:596 synchronize_sched+0xd8/0x1b0 kernel/rcu/tree.c:3239 tracepoint_synchronize_unregister include/linux/tracepoint.h:80 [inline] perf_trace_event_unreg.isra.0+0xa8/0x1d0 kernel/trace/trace_event_perf.c:161 perf_trace_destroy+0xb5/0xf0 kernel/trace/trace_event_perf.c:236 _free_event+0x321/0xe20 kernel/events/core.c:4246 put_event kernel/events/core.c:4332 [inline] perf_event_release_kernel+0x3b2/0x8a0 kernel/events/core.c:4433 perf_release+0x33/0x40 kernel/events/core.c:4443 __fput+0x25f/0x7a0 fs/file_table.c:210 task_work_run+0x11f/0x190 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x1ad/0x200 arch/x86/entry/common.c:164 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7ff2d601cd2b RSP: 002b:00007ffe49d5cfe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007ff2d601cd2b RDX: 0000000000000000 RSI: 00007ff2d5fe1000 RDI: 0000000000000003 RBP: 00007ff2d617e960 R08: 0000000000000000 R09: 000000004770aae7 R10: 0000000000000000 R11: 0000000000000293 R12: 000000000001eb6e R13: 00007ffe49d5d0e0 R14: 00007ffe49d5d100 R15: 0000000000000064 INFO: task syz-executor.2:10071 blocked for more than 140 seconds. Not tainted 4.14.277-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D28912 10071 7980 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893 ip6mr_sk_done+0x3a/0x230 net/ipv6/ip6mr.c:1625 rawv6_close+0x48/0x70 net/ipv6/raw.c:1248 inet_release+0xdf/0x1b0 net/ipv4/af_inet.c:425 inet6_release+0x4c/0x70 net/ipv6/af_inet6.c:450 __sock_release+0xcd/0x2b0 net/socket.c:602 sock_close+0x15/0x20 net/socket.c:1139 __fput+0x25f/0x7a0 fs/file_table.c:210 task_work_run+0x11f/0x190 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x1ad/0x200 arch/x86/entry/common.c:164 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f97502d8d2b RSP: 002b:00007ffc6734eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f97502d8d2b RDX: 0000000000000000 RSI: 0000001b2e421c5c RDI: 0000000000000004 RBP: 00007f975043a960 R08: 0000000000000000 R09: 000000008f3adfb3 R10: 0000000000000000 R11: 0000000000000293 R12: 000000000001eb6a R13: 00007ffc6734ec70 R14: 00007ffc6734ec90 R15: 0000000000000064 INFO: task syz-executor.4:10079 blocked for more than 140 seconds. Not tainted 4.14.277-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D29184 10079 7985 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2455 netlink_unicast_kernel net/netlink/af_netlink.c:1296 [inline] netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1322 netlink_sendmsg+0x648/0xbc0 net/netlink/af_netlink.c:1893 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0x100 net/socket.c:656 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062 __sys_sendmsg+0xa3/0x120 net/socket.c:2096 SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x27/0x40 net/socket.c:2103 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f9c31b3a0e9 RSP: 002b:00007f9c304af168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f9c31c4cf60 RCX: 00007f9c31b3a0e9 RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 RBP: 00007f9c31b9408d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffceffd6ccf R14: 00007f9c304af300 R15: 0000000000022000 INFO: task syz-executor.4:10091 blocked for more than 140 seconds. Not tainted 4.14.277-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28568 10091 7985 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 _synchronize_rcu_expedited+0x522/0x770 kernel/rcu/tree_exp.h:615 synchronize_sched+0xd8/0x1b0 kernel/rcu/tree.c:3239 rcu_sync_enter+0x16e/0x2d0 kernel/rcu/sync.c:131 percpu_down_write+0x59/0x3e0 kernel/locking/percpu-rwsem.c:143 ext4_ind_migrate+0x17e/0x620 fs/ext4/migrate.c:646 ext4_ioctl_setflags+0x545/0x680 fs/ext4/ioctl.c:353 ext4_ioctl+0x21e8/0x3800 fs/ext4/ioctl.c:697 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f9c31b3a0e9 RSP: 002b:00007f9c3048e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f9c31c4d030 RCX: 00007f9c31b3a0e9 RDX: 0000000020000040 RSI: 0000000040086602 RDI: 000000000000000f RBP: 00007f9c31b9408d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffceffd6ccf R14: 00007f9c3048e300 R15: 0000000000022000 Showing all locks held in the system: 1 lock held by khungtaskd/1523: #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548 3 locks held by kworker/0:4/9220: #0: ("%s"("ipv6_addrconf")){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&(&ifa->dad_work)->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (rtnl_mutex){+.+.}, at: [] addrconf_dad_work+0x89/0xef0 net/ipv6/addrconf.c:3921 2 locks held by syz-executor.0/10075: #0: (rtnl_mutex){+.+.}, at: [] rtnl_lock net/core/rtnetlink.c:72 [inline] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317 #1: (rcu_preempt_state.exp_mutex){+.+.}, at: [] exp_funnel_lock kernel/rcu/tree_exp.h:272 [inline] #1: (rcu_preempt_state.exp_mutex){+.+.}, at: [] _synchronize_rcu_expedited+0x2c2/0x770 kernel/rcu/tree_exp.h:596 2 locks held by syz-executor.0/10090: #0: (sb_writers#3){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#3){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 fs/namespace.c:497 #1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [] ext4_ioctl+0x1bb3/0x3800 fs/ext4/ioctl.c:692 2 locks held by syz-executor.0/10099: #0: (sb_writers#3){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#3){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [] process_measurement+0x4f5/0xb20 security/integrity/ima/ima_main.c:206 1 lock held by syz-executor.0/10103: #0: (rtnl_mutex){+.+.}, at: [] addrconf_add_ifaddr+0xb3/0x130 net/ipv6/addrconf.c:2940 1 lock held by syz-executor.0/10110: #0: (rtnl_mutex){+.+.}, at: [] rtnl_lock net/core/rtnetlink.c:72 [inline] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317 2 locks held by syz-executor.5/10068: #0: (event_mutex){+.+.}, at: [] perf_trace_destroy+0x23/0xf0 kernel/trace/trace_event_perf.c:234 #1: (rcu_sched_state.exp_mutex){+.+.}, at: [] exp_funnel_lock kernel/rcu/tree_exp.h:305 [inline] #1: (rcu_sched_state.exp_mutex){+.+.}, at: [] _synchronize_rcu_expedited+0x32d/0x770 kernel/rcu/tree_exp.h:596 2 locks held by syz-executor.2/10071: #0: (&sb->s_type->i_mutex_key#13){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #0: (&sb->s_type->i_mutex_key#13){+.+.}, at: [] __sock_release+0x86/0x2b0 net/socket.c:601 #1: (rtnl_mutex){+.+.}, at: [] ip6mr_sk_done+0x3a/0x230 net/ipv6/ip6mr.c:1625 1 lock held by syz-executor.4/10079: #0: (rtnl_mutex){+.+.}, at: [] rtnl_lock net/core/rtnetlink.c:72 [inline] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317 3 locks held by syz-executor.4/10091: #0: (sb_writers#3){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#3){.+.+}, at: [] mnt_want_write_file+0xfd/0x3b0 fs/namespace.c:497 #1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [] ext4_ioctl+0x1bb3/0x3800 fs/ext4/ioctl.c:692 #2: (rcu_sched_state.exp_mutex){+.+.}, at: [] exp_funnel_lock kernel/rcu/tree_exp.h:272 [inline] #2: (rcu_sched_state.exp_mutex){+.+.}, at: [] _synchronize_rcu_expedited+0x2c2/0x770 kernel/rcu/tree_exp.h:596 2 locks held by syz-executor.4/10096: #0: (sb_writers#3){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#3){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [] process_measurement+0x4f5/0xb20 security/integrity/ima/ima_main.c:206 1 lock held by syz-executor.4/10102: #0: (rtnl_mutex){+.+.}, at: [] addrconf_add_ifaddr+0xb3/0x130 net/ipv6/addrconf.c:2940 1 lock held by syz-executor.4/10108: #0: (rtnl_mutex){+.+.}, at: [] rtnl_lock net/core/rtnetlink.c:72 [inline] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317 3 locks held by syz-executor.3/10112: #0: (&sig->cred_guard_mutex){+.+.}, at: [] SYSC_perf_event_open kernel/events/core.c:10109 [inline] #0: (&sig->cred_guard_mutex){+.+.}, at: [] SyS_perf_event_open+0x132f/0x24b0 kernel/events/core.c:10015 #1: (&pmus_srcu){....}, at: [] fdput include/linux/file.h:40 [inline] #1: (&pmus_srcu){....}, at: [] perf_cgroup_connect kernel/events/core.c:849 [inline] #1: (&pmus_srcu){....}, at: [] perf_event_alloc.part.0+0xc44/0x2640 kernel/events/core.c:9667 #2: (event_mutex){+.+.}, at: [] perf_trace_init+0x4f/0xa30 kernel/trace/trace_event_perf.c:216 1 lock held by syz-executor.3/10119: #0: (rtnl_mutex){+.+.}, at: [] dev_ioctl+0x42e/0xbe0 net/core/dev_ioctl.c:588 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1523 Comm: khungtaskd Not tainted 4.14.277-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline] watchdog+0x5b9/0xb40 kernel/hung_task.c:274 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 4621 Comm: systemd-journal Not tainted 4.14.277-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8880a15e0080 task.stack: ffff8880a15e8000 RIP: 0010:__phys_addr+0x2/0xe0 arch/x86/mm/physaddr.c:15 RSP: 0018:ffff8880a15efb30 EFLAGS: 00000246 RAX: 0000000000000007 RBX: ffff8880b35bf880 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff8880a15e0908 RDI: ffff8880b35bf880 RBP: 0000000000000000 R08: 0000000000000060 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880b35bf880 R13: ffff8880a15efb78 R14: 0000000000000000 R15: 0000000000000286 FS: 00007f48b492d8c0(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f48b1dde000 CR3: 00000000a164d000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: virt_to_head_page include/linux/mm.h:612 [inline] qlink_to_cache mm/kasan/quarantine.c:127 [inline] qlist_free_all+0xbb/0x140 mm/kasan/quarantine.c:163 quarantine_reduce+0x185/0x200 mm/kasan/quarantine.c:259 kasan_kmalloc+0xa2/0x160 mm/kasan/kasan.c:536 slab_post_alloc_hook mm/slab.h:442 [inline] slab_alloc mm/slab.c:3390 [inline] kmem_cache_alloc+0x111/0x3c0 mm/slab.c:3550 getname_flags+0xc8/0x550 fs/namei.c:138 getname fs/namei.c:209 [inline] user_path_create fs/namei.c:3732 [inline] SYSC_mkdirat fs/namei.c:3864 [inline] SyS_mkdirat+0x83/0x270 fs/namei.c:3856 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f48b3be8687 RSP: 002b:00007fff67fc1e18 EFLAGS: 00000293 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 00007fff67fc4e80 RCX: 00007f48b3be8687 RDX: 0000000000000000 RSI: 00000000000001ed RDI: 000055a0a5aa78a0 RBP: 00007fff67fc1e50 R08: 000055a0a3b513e5 R09: 0000000000000018 R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000 R13: 0000000000000001 R14: 000055a0a5aa78a0 R15: 00007fff67fc2490 Code: a5 f0 59 00 e9 75 ff ff ff 48 89 df e8 98 f0 59 00 e9 2f ff ff ff 48 c7 c7 10 00 e7 88 e8 87 f0 59 00 eb a7 0f 1f 44 00 00 41 54 <55> 53 48 89 fb e8 54 38 30 00 b8 00 00 00 80 48 01 d8 48 89 c5 ---------------- Code disassembly (best guess), 4 bytes skipped: 0: e9 75 ff ff ff jmpq 0xffffff7a 5: 48 89 df mov %rbx,%rdi 8: e8 98 f0 59 00 callq 0x59f0a5 d: e9 2f ff ff ff jmpq 0xffffff41 12: 48 c7 c7 10 00 e7 88 mov $0xffffffff88e70010,%rdi 19: e8 87 f0 59 00 callq 0x59f0a5 1e: eb a7 jmp 0xffffffc7 20: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 25: 41 54 push %r12 * 27: 55 push %rbp <-- trapping instruction 28: 53 push %rbx 29: 48 89 fb mov %rdi,%rbx 2c: e8 54 38 30 00 callq 0x303885 31: b8 00 00 00 80 mov $0x80000000,%eax 36: 48 01 d8 add %rbx,%rax 39: 48 89 c5 mov %rax,%rbp