INFO: task kworker/u4:1:10 blocked for more than 143 seconds. Not tainted 5.14.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:1 state:D stack:24480 pid: 10 ppid: 2 flags:0x00004000 Workqueue: events_unbound fsnotify_mark_destroy_workfn Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x176/0x280 kernel/sched/completion.c:138 __synchronize_srcu+0x1f4/0x290 kernel/rcu/srcutree.c:930 fsnotify_mark_destroy_workfn+0xfd/0x340 fs/notify/mark.c:860 process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297 worker_thread+0x658/0x11f0 kernel/workqueue.c:2444 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 INFO: task khugepaged:1665 blocked for more than 143 seconds. Not tainted 5.14.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:khugepaged state:D stack:23936 pid: 1665 ppid: 2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x176/0x280 kernel/sched/completion.c:138 __flush_work+0x56e/0xb10 kernel/workqueue.c:3083 __lru_add_drain_all+0x3fd/0x760 mm/swap.c:820 khugepaged_do_scan mm/khugepaged.c:2214 [inline] khugepaged+0x10f/0x5540 mm/khugepaged.c:2275 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 INFO: task kworker/u4:11:15785 blocked for more than 143 seconds. Not tainted 5.14.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:11 state:D stack:20488 pid:15785 ppid: 2 flags:0x00004000 Workqueue: writeback wb_workfn (flush-8:0) Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x176/0x280 kernel/sched/completion.c:138 __flush_work+0x56e/0xb10 kernel/workqueue.c:3083 __drain_all_pages+0x47d/0x6c0 mm/page_alloc.c:3255 drain_all_pages mm/page_alloc.c:3269 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:4642 [inline] __alloc_pages_slowpath.constprop.0+0x8e5/0x21b0 mm/page_alloc.c:5032 __alloc_pages+0x412/0x500 mm/page_alloc.c:5403 alloc_pages+0x1a7/0x300 mm/mempolicy.c:2291 __page_cache_alloc mm/filemap.c:1022 [inline] __page_cache_alloc+0x303/0x3a0 mm/filemap.c:1007 pagecache_get_page+0x357/0x17c0 mm/filemap.c:1940 find_or_create_page include/linux/pagemap.h:420 [inline] ext4_mb_load_buddy_gfp+0x374/0x1360 fs/ext4/mballoc.c:1536 ext4_mb_load_buddy fs/ext4/mballoc.c:1616 [inline] ext4_mb_regular_allocator+0xb64/0x3870 fs/ext4/mballoc.c:2754 ext4_mb_new_blocks+0x24d4/0x5230 fs/ext4/mballoc.c:5586 ext4_new_meta_blocks+0x2fe/0x360 fs/ext4/balloc.c:699 ext4_ext_grow_indepth fs/ext4/extents.c:1282 [inline] ext4_ext_create_new_leaf fs/ext4/extents.c:1388 [inline] ext4_ext_insert_extent+0x102b/0x4340 fs/ext4/extents.c:2062 ext4_ext_map_blocks+0x1218/0x6140 fs/ext4/extents.c:4271 ext4_map_blocks+0x653/0x17d0 fs/ext4/inode.c:637 mpage_map_one_extent fs/ext4/inode.c:2401 [inline] mpage_map_and_submit_extent fs/ext4/inode.c:2454 [inline] ext4_writepages+0x1d01/0x3ba0 fs/ext4/inode.c:2806 do_writepages+0x1ab/0x7b0 mm/page-writeback.c:2364 __writeback_single_inode+0x126/0xff0 fs/fs-writeback.c:1616 writeback_sb_inodes+0x53d/0xf00 fs/fs-writeback.c:1881 __writeback_inodes_wb+0xc6/0x280 fs/fs-writeback.c:1950 wb_writeback+0x7f8/0xc30 fs/fs-writeback.c:2055 wb_check_start_all fs/fs-writeback.c:2177 [inline] wb_do_writeback fs/fs-writeback.c:2203 [inline] wb_workfn+0xb77/0x12d0 fs/fs-writeback.c:2237 process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297 worker_thread+0x658/0x11f0 kernel/workqueue.c:2444 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 INFO: task kworker/u4:19:15824 blocked for more than 144 seconds. Not tainted 5.14.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:19 state:D stack:21912 pid:15824 ppid: 2 flags:0x00004000 Workqueue: events_unbound fsnotify_connector_destroy_workfn Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x176/0x280 kernel/sched/completion.c:138 __synchronize_srcu+0x1f4/0x290 kernel/rcu/srcutree.c:930 fsnotify_connector_destroy_workfn+0x49/0xa0 fs/notify/mark.c:164 process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297 worker_thread+0x658/0x11f0 kernel/workqueue.c:2444 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 INFO: task syz-executor.5:13906 blocked for more than 144 seconds. Not tainted 5.14.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.5 state:D stack:29168 pid:13906 ppid: 8886 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common kernel/locking/mutex.c:669 [inline] __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729 exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline] synchronize_rcu_expedited+0x2d5/0x620 kernel/rcu/tree_exp.h:837 synchronize_rcu+0x132/0x190 kernel/rcu/tree.c:3746 account_event kernel/events/core.c:11394 [inline] perf_event_alloc.part.0+0x3362/0x3b10 kernel/events/core.c:11619 perf_event_alloc kernel/events/core.c:11971 [inline] __do_sys_perf_event_open+0x4ae/0x3130 kernel/events/core.c:12069 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 RSP: 002b:00007f81a6e40188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffe7dbf154f R14: 00007f81a6e40300 R15: 0000000000022000 INFO: task syz-executor.5:13909 blocked for more than 145 seconds. Not tainted 5.14.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.5 state:D stack:27936 pid:13909 ppid: 8886 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common kernel/locking/mutex.c:669 [inline] __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729 account_event kernel/events/core.c:11386 [inline] perf_event_alloc.part.0+0x31ed/0x3b10 kernel/events/core.c:11619 perf_event_alloc kernel/events/core.c:11971 [inline] __do_sys_perf_event_open+0x4ae/0x3130 kernel/events/core.c:12069 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 RSP: 002b:00007f81a6e1f188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000100 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000056c038 R13: 00007ffe7dbf154f R14: 00007f81a6e1f300 R15: 0000000000022000 INFO: task syz-executor.5:13915 blocked for more than 145 seconds. Not tainted 5.14.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.5 state:D stack:25256 pid:13915 ppid: 8886 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common kernel/locking/mutex.c:669 [inline] __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729 perf_trace_init+0x49/0x2f0 kernel/trace/trace_event_perf.c:223 perf_tp_event_init+0xa2/0x120 kernel/events/core.c:9735 perf_try_init_event+0x12a/0x560 kernel/events/core.c:11193 perf_init_event kernel/events/core.c:11257 [inline] perf_event_alloc.part.0+0xf16/0x3b10 kernel/events/core.c:11548 perf_event_alloc kernel/events/core.c:11971 [inline] __do_sys_perf_event_open+0x4ae/0x3130 kernel/events/core.c:12069 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 RSP: 002b:00007f81a6dfe188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665f9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000056c0f0 R13: 00007ffe7dbf154f R14: 00007f81a6dfe300 R15: 0000000000022000 INFO: task syz-executor.5:13943 blocked for more than 145 seconds. Not tainted 5.14.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.5 state:D stack:29592 pid:13943 ppid: 8886 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common kernel/locking/mutex.c:669 [inline] __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729 account_event kernel/events/core.c:11386 [inline] perf_event_alloc.part.0+0x31ed/0x3b10 kernel/events/core.c:11619 perf_event_alloc kernel/events/core.c:11971 [inline] __do_sys_perf_event_open+0x4ae/0x3130 kernel/events/core.c:12069 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 RSP: 002b:00007f81a6dbc188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 000000000056c260 RCX: 00000000004665f9 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000100 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000056c260 R13: 00007ffe7dbf154f R14: 00007f81a6dbc300 R15: 0000000000022000 INFO: task syz-executor.1:13905 blocked for more than 146 seconds. Not tainted 5.14.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:29168 pid:13905 ppid: 8463 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 synchronize_rcu_expedited+0x473/0x620 kernel/rcu/tree_exp.h:853 synchronize_rcu+0x132/0x190 kernel/rcu/tree.c:3746 synchronize_net+0x4c/0x60 net/core/dev.c:10946 xsk_map_free+0xe/0x20 net/xdp/xskmap.c:90 map_create kernel/bpf/syscall.c:922 [inline] __sys_bpf+0x362b/0x5df0 kernel/bpf/syscall.c:4569 __do_sys_bpf kernel/bpf/syscall.c:4691 [inline] __se_sys_bpf kernel/bpf/syscall.c:4689 [inline] __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:4689 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 RSP: 002b:00007f74420cf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 RDX: 0000000000000040 RSI: 0000000020000000 RDI: 0000000000000000 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffe5c05616f R14: 00007f74420cf300 R15: 0000000000022000 INFO: task syz-executor.1:13941 blocked for more than 146 seconds. Not tainted 5.14.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:29584 pid:13941 ppid: 8463 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x940/0x26f0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 exp_funnel_lock kernel/rcu/tree_exp.h:313 [inline] synchronize_rcu_expedited+0x5ac/0x620 kernel/rcu/tree_exp.h:837 synchronize_rcu+0x132/0x190 kernel/rcu/tree.c:3746 synchronize_net+0x4c/0x60 net/core/dev.c:10946 xsk_map_free+0xe/0x20 net/xdp/xskmap.c:90 map_create kernel/bpf/syscall.c:922 [inline] __sys_bpf+0x362b/0x5df0 kernel/bpf/syscall.c:4569 __do_sys_bpf kernel/bpf/syscall.c:4691 [inline] __se_sys_bpf kernel/bpf/syscall.c:4689 [inline] __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:4689 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 RSP: 002b:00007f74420ae188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 RDX: 0000000000000040 RSI: 0000000020000000 RDI: 0000000000000000 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 R13: 00007ffe5c05616f R14: 00007f74420ae300 R15: 0000000000022000 Showing all locks held in the system: 2 locks held by kworker/u4:1/10: #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x8a3/0x16b0 kernel/workqueue.c:2268 #1: ffffc90000cf7db0 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x8d7/0x16b0 kernel/workqueue.c:2272 1 lock held by khungtaskd/1652: #0: ffffffff8b97f960 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446 1 lock held by khugepaged/1665: #0: ffffffff8ba62ae8 (lock#6){+.+.}-{3:3}, at: __lru_add_drain_all+0x65/0x760 mm/swap.c:769 3 locks held by kworker/0:5/10337: #0: ffff888027e65938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888027e65938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888027e65938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888027e65938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] #0: ffff888027e65938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] #0: ffff888027e65938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x8a3/0x16b0 kernel/workqueue.c:2268 #1: ffffc90016fcfdb0 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x8d7/0x16b0 kernel/workqueue.c:2272 #2: ffffffff8d0e5d28 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4582 3 locks held by kworker/u4:10/15782: 6 locks held by kworker/u4:11/15785: #0: ffff888018096938 ((wq_completion)writeback){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888018096938 ((wq_completion)writeback){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888018096938 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888018096938 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] #0: ffff888018096938 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] #0: ffff888018096938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x8a3/0x16b0 kernel/workqueue.c:2268 #1: ffffc900017efdb0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x8d7/0x16b0 kernel/workqueue.c:2272 #2: ffff8881480d00e0 (&type->s_umount_key#40){++++}-{3:3}, at: trylock_super+0x1d/0x100 fs/super.c:418 #3: ffff8881480d2bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x1ab/0x7b0 mm/page-writeback.c:2364 #4: ffff888036a3dc30 (&ei->i_data_sem){++++}-{3:3}, at: ext4_map_blocks+0x5e1/0x17d0 fs/ext4/inode.c:630 #5: ffffffff8baa2228 (pcpu_drain_mutex){+.+.}-{3:3}, at: __drain_all_pages+0x4f/0x6c0 mm/page_alloc.c:3204 2 locks held by kworker/u4:19/15824: #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] #0: ffff888010c69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x8a3/0x16b0 kernel/workqueue.c:2268 #1: ffffc90001a8fdb0 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x8d7/0x16b0 kernel/workqueue.c:2272 2 locks held by kworker/1:10/13878: 1 lock held by in:imklog/13888: #0: ffff888040f5d4f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:990 3 locks held by rs:main Q:Reg/13889: #0: ffff8881f9c78370 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:990 #1: ffff8881480d0460 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x12d/0x250 fs/read_write.c:647 #2: ffff888036a3dda8 (&sb->s_type->i_mutex_key#10){++++}-{3:3}, at: inode_lock include/linux/fs.h:786 [inline] #2: ffff888036a3dda8 (&sb->s_type->i_mutex_key#10){++++}-{3:3}, at: ext4_buffered_write_iter+0xb6/0x500 fs/ext4/file.c:263 2 locks held by syz-executor.5/13906: #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: account_event kernel/events/core.c:11386 [inline] #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: perf_event_alloc.part.0+0x31ed/0x3b10 kernel/events/core.c:11619 #1: ffffffff8b988ce8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline] #1: ffffffff8b988ce8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x2d5/0x620 kernel/rcu/tree_exp.h:837 1 lock held by syz-executor.5/13909: #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: account_event kernel/events/core.c:11386 [inline] #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: perf_event_alloc.part.0+0x31ed/0x3b10 kernel/events/core.c:11619 2 locks held by syz-executor.5/13915: #0: ffffffff902591b8 (&pmus_srcu){....}-{0:0}, at: perf_event_alloc.part.0+0xce2/0x3b10 kernel/events/core.c:11546 #1: ffffffff8b9f3148 (event_mutex){+.+.}-{3:3}, at: perf_trace_init+0x49/0x2f0 kernel/trace/trace_event_perf.c:223 1 lock held by syz-executor.5/13943: #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: account_event kernel/events/core.c:11386 [inline] #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: perf_event_alloc.part.0+0x31ed/0x3b10 kernel/events/core.c:11619 1 lock held by syz-executor.1/13905: #0: ffffffff8b988ce8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline] #0: ffffffff8b988ce8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4fc/0x620 kernel/rcu/tree_exp.h:837 1 lock held by syz-executor.3/13922: #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: account_event kernel/events/core.c:11386 [inline] #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: perf_event_alloc.part.0+0x31ed/0x3b10 kernel/events/core.c:11619 1 lock held by syz-executor.3/13924: #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: account_event kernel/events/core.c:11386 [inline] #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: perf_event_alloc.part.0+0x31ed/0x3b10 kernel/events/core.c:11619 1 lock held by syz-executor.3/13929: #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: account_event kernel/events/core.c:11386 [inline] #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: perf_event_alloc.part.0+0x31ed/0x3b10 kernel/events/core.c:11619 1 lock held by syz-executor.3/13931: #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: account_event kernel/events/core.c:11386 [inline] #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: perf_event_alloc.part.0+0x31ed/0x3b10 kernel/events/core.c:11619 1 lock held by syz-executor.3/13948: #0: ffffffff8d0e5d28 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x1a7/0xee0 net/core/dev_ioctl.c:586 1 lock held by syz-executor.3/13949: #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: account_event kernel/events/core.c:11386 [inline] #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: perf_event_alloc.part.0+0x31ed/0x3b10 kernel/events/core.c:11619 1 lock held by syz-executor.3/13950: #0: ffffffff8d0e5d28 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x1a7/0xee0 net/core/dev_ioctl.c:586 1 lock held by syz-executor.4/13927: #0: ffffffff8d0e5d28 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:684 [inline] #0: ffffffff8d0e5d28 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3a/0x180 drivers/net/tun.c:3397 1 lock held by syz-executor.4/13928: #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: account_event kernel/events/core.c:11386 [inline] #0: ffffffff8ba4b248 (perf_sched_mutex){+.+.}-{3:3}, at: perf_event_alloc.part.0+0x31ed/0x3b10 kernel/events/core.c:11619 1 lock held by syz-executor.4/13930: #0: ffffffff8b9f3148 (event_mutex){+.+.}-{3:3}, at: perf_trace_destroy+0x23/0xf0 kernel/trace/trace_event_perf.c:241 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1652 Comm: khungtaskd Not tainted 5.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:105 nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x1ae/0x220 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0xc1d/0xf50 kernel/hung_task.c:295 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 13878 Comm: kworker/1:10 Not tainted 5.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events prog_array_map_clear_deferred RIP: 0010:__lock_acquire+0x270/0x54a0 kernel/locking/lockdep.c:4950 Code: d2 74 09 80 fa 03 0f 8e 33 13 00 00 41 0f b7 44 24 20 49 8d 7c 24 08 48 89 fa 48 c1 ea 03 66 25 00 e0 09 c8 66 41 89 44 24 20 <48> b8 00 00 00 00 00 fc ff df 80 3c 02 00 0f 85 43 3b 00 00 48 8b RSP: 0018:ffffc900015df8b0 EFLAGS: 00000006 RAX: 000000000000099f RBX: ffff88801d35d488 RCX: 000000000000099f RDX: 1ffff110044a514a RSI: 000000000000099e RDI: ffff888022528a50 RBP: 0000000000000000 R08: 1ffff110044a5148 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888022528a48 R13: ffff888022528000 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fbcd80531a8 CR3: 000000004972a000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __mutex_lock_common kernel/locking/mutex.c:596 [inline] __mutex_lock+0x131/0x12f0 kernel/locking/mutex.c:729 fd_array_map_delete_elem+0x120/0x2e0 kernel/bpf/arraymap.c:822 bpf_fd_array_map_clear kernel/bpf/arraymap.c:872 [inline] prog_array_map_clear_deferred+0x10b/0x1b0 kernel/bpf/arraymap.c:1051 process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297 worker_thread+0x658/0x11f0 kernel/workqueue.c:2444 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 ---------------- Code disassembly (best guess): 0: d2 74 09 80 shlb %cl,-0x80(%rcx,%rcx,1) 4: fa cli 5: 03 0f add (%rdi),%ecx 7: 8e 33 mov (%rbx),%? 9: 13 00 adc (%rax),%eax b: 00 41 0f add %al,0xf(%rcx) e: b7 44 mov $0x44,%bh 10: 24 20 and $0x20,%al 12: 49 8d 7c 24 08 lea 0x8(%r12),%rdi 17: 48 89 fa mov %rdi,%rdx 1a: 48 c1 ea 03 shr $0x3,%rdx 1e: 66 25 00 e0 and $0xe000,%ax 22: 09 c8 or %ecx,%eax 24: 66 41 89 44 24 20 mov %ax,0x20(%r12) * 2a: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax <-- trapping instruction 31: fc ff df 34: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 38: 0f 85 43 3b 00 00 jne 0x3b81 3e: 48 rex.W 3f: 8b .byte 0x8b