INFO: task syz-executor.1:9544 blocked for more than 430 seconds. Not tainted 5.12.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack: 0 pid: 9544 ppid: 3306 flags:0x00000001 Backtrace: [<8181f408>] (__schedule) from [<8182012c>] (schedule+0x5c/0x108 kernel/sched/core.c:5152) r10:00000099 r9:854dc240 r8:81820e40 r7:855add40 r6:855add44 r5:855ac000 r4:86c50000 [<818200d0>] (schedule) from [<81825cfc>] (schedule_timeout+0xe0/0x12c kernel/time/timer.c:1868) r5:855ac000 r4:7fffffff [<81825c1c>] (schedule_timeout) from [<81820e70>] (do_wait_for_common kernel/sched/completion.c:85 [inline]) [<81825c1c>] (schedule_timeout) from [<81820e70>] (__wait_for_common kernel/sched/completion.c:106 [inline]) [<81825c1c>] (schedule_timeout) from [<81820e70>] (wait_for_common kernel/sched/completion.c:117 [inline]) [<81825c1c>] (schedule_timeout) from [<81820e70>] (wait_for_completion_timeout+0xb4/0x130 kernel/sched/completion.c:157) r6:855add44 r5:855ac000 r4:7fffffff [<81820dbc>] (wait_for_completion_timeout) from [<80d278f0>] (usb_start_wait_urb+0x80/0x16c drivers/usb/core/message.c:63) r8:855add40 r7:855adde0 r6:00000000 r5:00000000 r4:86cc5d80 [<80d27870>] (usb_start_wait_urb) from [<80d27e88>] (usb_bulk_msg+0x94/0x120 drivers/usb/core/message.c:387) r8:86bd6140 r7:00000011 r6:85407800 r5:00000000 r4:40008180 [<80d27df4>] (usb_bulk_msg) from [<80d33d14>] (do_proc_bulk+0x13c/0x448 drivers/usb/core/devio.c:1231) r9:86bd6140 r8:833c3938 r7:85407800 r6:00000011 r5:855ade9c r4:85407908 [<80d33bd8>] (do_proc_bulk) from [<80d34454>] (proc_bulk drivers/usb/core/devio.c:1268 [inline]) [<80d33bd8>] (do_proc_bulk) from [<80d34454>] (usbdev_do_ioctl drivers/usb/core/devio.c:2542 [inline]) [<80d33bd8>] (do_proc_bulk) from [<80d34454>] (usbdev_ioctl+0x434/0x2a7c drivers/usb/core/devio.c:2708) r10:85528f50 r9:20000040 r8:863543c0 r7:85407878 r6:c0105502 r5:85407908 r4:86eca800 [<80d34020>] (usbdev_ioctl) from [<804f33f4>] (vfs_ioctl fs/ioctl.c:48 [inline]) [<80d34020>] (usbdev_ioctl) from [<804f33f4>] (do_vfs_ioctl fs/ioctl.c:725 [inline]) [<80d34020>] (usbdev_ioctl) from [<804f33f4>] (__do_sys_ioctl fs/ioctl.c:751 [inline]) [<80d34020>] (usbdev_ioctl) from [<804f33f4>] (sys_ioctl+0x120/0xaa4 fs/ioctl.c:739) r10:85528f50 r9:00000003 r8:863543c0 r7:20000040 r6:863543c1 r5:00000000 r4:c0105502 [<804f32d4>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x2c arch/arm/mm/proc-v7.S:64) Exception stack(0x855adfa8 to 0x855adff0) dfa0: 00000000 00000000 00000003 c0105502 20000040 00000000 dfc0: 00000000 00000000 00000000 00000036 7ec4d31a 76f506d0 7ec4d4a4 76f5020c dfe0: 76f50048 76f50038 00018e9c 0004ba40 r10:00000036 r9:855ac000 r8:80200224 r7:00000036 r6:00000000 r5:00000000 r4:00000000 Showing all locks held in the system: 1 lock held by khungtaskd/860: #0: 82b09c5c (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x34/0x1dc kernel/locking/lockdep.c:6329 2 locks held by getty/3226: #0: 857cdc54 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x38/0x3c drivers/tty/tty_ldsem.c:340 #1: e4570290 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x4a4/0x56c drivers/tty/n_tty.c:2178 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 860 Comm: khungtaskd Not tainted 5.12.0-rc3-syzkaller #0 Hardware name: ARM-Versatile Express Backtrace: [<81802550>] (dump_backtrace) from [<818027c4>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:252) r7:00000000 r6:60000113 r5:00000000 r4:82b58344 [<818027ac>] (show_stack) from [<81809e98>] (__dump_stack lib/dump_stack.c:79 [inline]) [<818027ac>] (show_stack) from [<81809e98>] (dump_stack+0xb8/0xe8 lib/dump_stack.c:120) [<81809de0>] (dump_stack) from [<80876540>] (nmi_cpu_backtrace+0xfc/0x160 lib/nmi_backtrace.c:105) r7:00000000 r6:80210934 r5:00000000 r4:00000000 [<80876444>] (nmi_cpu_backtrace) from [<808766e0>] (nmi_trigger_cpumask_backtrace+0x13c/0x224 lib/nmi_backtrace.c:62) r5:82a22c1c r4:00000000 [<808765a4>] (nmi_trigger_cpumask_backtrace) from [<80211dec>] (arch_trigger_cpumask_backtrace+0x18/0x1c arch/arm/kernel/smp.c:857) r9:82a225d8 r8:82a06d00 r7:00007f75 r6:82a30690 r5:000330c0 r4:82bfd475 [<80211dd4>] (arch_trigger_cpumask_backtrace) from [<8036625c>] (trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]) [<80211dd4>] (arch_trigger_cpumask_backtrace) from [<8036625c>] (check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline]) [<80211dd4>] (arch_trigger_cpumask_backtrace) from [<8036625c>] (watchdog+0x6d0/0x88c kernel/hung_task.c:294) [<80365b8c>] (watchdog) from [<80271d20>] (kthread+0x184/0x1a4 kernel/kthread.c:292) r10:834dfe2c r9:00000000 r8:80365b8c r7:00000000 r6:83620000 r5:8370f280 r4:8356e600 [<80271b9c>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:158) Exception stack(0x83621fb0 to 0x83621ff8) 1fa0: 00000000 00000000 00000000 00000000 1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:80271b9c r4:8370f280 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 3051 Comm: syslogd Not tainted 5.12.0-rc3-syzkaller #0 Hardware name: ARM-Versatile Express PC is at do_slab_free mm/slub.c:3139 [inline] PC is at slab_free mm/slub.c:3162 [inline] PC is at kmem_cache_free+0x160/0x530 mm/slub.c:3177 LR is at 0x862db240 pc : [<804b63a8>] lr : [<862db240>] psr: 200f0013 sp : 85831d60 ip : 5b734000 fp : 85831db4 r10: 862db780 r9 : 00000001 r8 : 85831d60 r7 : 85830000 r6 : de121910 r5 : 862db780 r4 : 8348fd80 r3 : 600f0013 r2 : 862db780 r1 : 828b48c4 r0 : 00078f99 Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 30c5387d Table: 858592c0 DAC: 00000000 CPU: 1 PID: 3051 Comm: syslogd Not tainted 5.12.0-rc3-syzkaller #0 Hardware name: ARM-Versatile Express Backtrace: [<81802550>] (dump_backtrace) from [<818027c4>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:252) r7:00000080 r6:600f0193 r5:00000000 r4:82b58344 [<818027ac>] (show_stack) from [<81809e98>] (__dump_stack lib/dump_stack.c:79 [inline]) [<818027ac>] (show_stack) from [<81809e98>] (dump_stack+0xb8/0xe8 lib/dump_stack.c:120) [<81809de0>] (dump_stack) from [<802096bc>] (show_regs+0x14/0x18 arch/arm/kernel/process.c:191) r7:8340cd80 r6:00000001 r5:85831d10 r4:00000001 [<802096a8>] (show_regs) from [<80876528>] (nmi_cpu_backtrace+0xe4/0x160 lib/nmi_backtrace.c:103) [<80876444>] (nmi_cpu_backtrace) from [<80210e34>] (do_handle_IPI+0x4c/0x440 arch/arm/kernel/smp.c:672) r5:00000017 r4:00000007 [<80210de8>] (do_handle_IPI) from [<80211248>] (ipi_handler+0x20/0x28 arch/arm/kernel/smp.c:700) r9:85831d10 r8:85831c78 r7:8340cd80 r6:82a22c34 r5:00000017 r4:8348a600 [<80211228>] (ipi_handler) from [<802df904>] (handle_percpu_devid_irq+0xa4/0x19c kernel/irq/chip.c:930) [<802df860>] (handle_percpu_devid_irq) from [<802d8730>] (generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]) [<802df860>] (handle_percpu_devid_irq) from [<802d8730>] (generic_handle_irq kernel/irq/irqdesc.c:652 [inline]) [<802df860>] (handle_percpu_devid_irq) from [<802d8730>] (__handle_domain_irq+0xb0/0x120 kernel/irq/irqdesc.c:689) r10:85831ca8 r9:85831d10 r8:00000001 r7:00000000 r6:828ad498 r5:00000000 r4:828ad498 r3:00010000 [<802d8680>] (__handle_domain_irq) from [<8088af70>] (handle_domain_irq include/linux/irqdesc.h:176 [inline]) [<802d8680>] (__handle_domain_irq) from [<8088af70>] (gic_handle_irq+0x84/0xac drivers/irqchip/irq-gic.c:370) r10:862db780 r9:400f0193 r8:e000200c r7:828ad4bc r6:e0002000 r5:85831d10 r4:82a22c34 [<8088aeec>] (gic_handle_irq) from [<80200abc>] (__irq_svc+0x5c/0x94 arch/arm/kernel/entry-armv.S:205) Exception stack(0x85831d10 to 0x85831d58) 1d00: 00078f99 828b48c4 862db780 600f0013 1d20: 8348fd80 862db780 de121910 85830000 85831d60 00000001 862db780 85831db4 1d40: 5b734000 85831d60 862db240 804b63a8 200f0013 ffffffff r9:85830000 r8:85831d60 r7:85831d44 r6:ffffffff r5:200f0013 r4:804b63a8 [<804b6248>] (kmem_cache_free) from [<8132fa80>] (kfree_skbmem+0x78/0xa4 net/core/skbuff.c:683) r10:00000000 r9:0000007b r8:0000007b r7:00000000 r6:8582c34c r5:8582c000 r4:862db780 [<8132fa08>] (kfree_skbmem) from [<81334bec>] (__kfree_skb net/core/skbuff.c:740 [inline]) [<8132fa08>] (kfree_skbmem) from [<81334bec>] (consume_skb net/core/skbuff.c:895 [inline]) [<8132fa08>] (kfree_skbmem) from [<81334bec>] (consume_skb+0x50/0x90 net/core/skbuff.c:889) [<81334b9c>] (consume_skb) from [<8133a918>] (skb_free_datagram+0x18/0x44 net/core/datagram.c:325) r5:8582c000 r4:8582c000 [<8133a900>] (skb_free_datagram) from [<81602d8c>] (unix_dgram_recvmsg+0x27c/0x3a0 net/unix/af_unix.c:2180) r5:8582c000 r4:862db780 [<81602b10>] (unix_dgram_recvmsg) from [<81322c38>] (sock_recvmsg_nosec net/socket.c:888 [inline]) [<81602b10>] (unix_dgram_recvmsg) from [<81322c38>] (sock_recvmsg net/socket.c:906 [inline]) [<81602b10>] (unix_dgram_recvmsg) from [<81322c38>] (sock_recvmsg net/socket.c:902 [inline]) [<81602b10>] (unix_dgram_recvmsg) from [<81322c38>] (sock_read_iter+0xfc/0x12c net/socket.c:979) r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:8388d6c0 r5:81602b10 r4:85831ef0 [<81322b3c>] (sock_read_iter) from [<804da800>] (call_read_iter include/linux/fs.h:1971 [inline]) [<81322b3c>] (sock_read_iter) from [<804da800>] (new_sync_read fs/read_write.c:415 [inline]) [<81322b3c>] (sock_read_iter) from [<804da800>] (vfs_read+0x310/0x33c fs/read_write.c:496) r7:00000000 r6:835cbdc0 r5:00000000 r4:000000ff [<804da4f0>] (vfs_read) from [<804dac30>] (ksys_read+0xb4/0xec fs/read_write.c:634) r10:00000003 r9:85830000 r8:80200224 r7:000000ff r6:007ba1b8 r5:835cbdc0 r4:835cbdc0 [<804dab7c>] (ksys_read) from [<804dac78>] (__do_sys_read fs/read_write.c:644 [inline]) [<804dab7c>] (ksys_read) from [<804dac78>] (sys_read+0x10/0x14 fs/read_write.c:642) r7:00000003 r6:76feb080 r5:007ba190 r4:fffffc00 [<804dac68>] (sys_read) from [<80200060>] (ret_fast_syscall+0x0/0x2c arch/arm/mm/proc-v7.S:64) Exception stack(0x85831fa8 to 0x85831ff0) 1fa0: fffffc00 007ba190 00000000 007ba1b8 000000ff 00000000 1fc0: fffffc00 007ba190 76feb080 00000003 00000000 000d6c90 000d6c90 00000000 1fe0: 000d609c 7eaa7c98 000579b8 76f0f6f8