bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 INFO: task kworker/0:3:11739 blocked for more than 140 seconds. Not tainted 4.19.141-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/0:3 D27160 11739 2 0x80000000 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072 addrconf_dad_work+0x9c/0x10a0 net/ipv6/addrconf.c:3988 process_one_work+0x864/0x1570 kernel/workqueue.c:2155 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298 kthread+0x30b/0x410 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INFO: task kworker/0:1:23818 blocked for more than 140 seconds. Not tainted 4.19.141-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/0:1 D26416 23818 2 0x80000000 Workqueue: events switchdev_deferred_process_work Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072 switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:150 process_one_work+0x864/0x1570 kernel/workqueue.c:2155 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298 kthread+0x30b/0x410 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INFO: task kworker/0:0:20452 blocked for more than 140 seconds. Not tainted 4.19.141-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/0:0 D29776 20452 2 0x80000000 Workqueue: events linkwatch_event Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072 linkwatch_event+0xb/0x60 net/core/link_watch.c:236 process_one_work+0x864/0x1570 kernel/workqueue.c:2155 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298 kthread+0x30b/0x410 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INFO: task syz-executor.0:3498 blocked for more than 140 seconds. Not tainted 4.19.141-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28296 3498 6479 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072 tun_detach drivers/net/tun.c:751 [inline] tun_chr_close+0x3a/0x180 drivers/net/tun.c:3267 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x416e21 Code: Bad RIP value. RSP: 002b:00007fff37aaa2f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000416e21 RDX: 0000001b30a20000 RSI: 0000000000001577 RDI: 0000000000000003 RBP: 0000000000000001 R08: 0000000057ecd577 R09: 0000000057ecd57b R10: 00007fff37aaa3e0 R11: 0000000000000293 R12: 000000000118d940 R13: 000000000118d940 R14: ffffffffffffffff R15: 000000000118cfec INFO: task syz-executor.4:3519 blocked for more than 140 seconds. Not tainted 4.19.141-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D27544 3519 6487 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072 rtnl_lock net/core/rtnetlink.c:77 [inline] rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4775 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2455 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x6bb/0xc40 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:632 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2115 __sys_sendmsg net/socket.c:2153 [inline] __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2160 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d4d9 Code: Bad RIP value. RSP: 002b:00007ff336568c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000002cbc0 RCX: 000000000045d4d9 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffd01b30bef R14: 00007ff3365699c0 R15: 000000000118cf4c INFO: task syz-executor.4:3543 blocked for more than 140 seconds. Not tainted 4.19.141-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28864 3543 6487 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072 rtnl_lock net/core/rtnetlink.c:77 [inline] rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4775 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2455 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x6bb/0xc40 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:632 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2115 __sys_sendmsg net/socket.c:2153 [inline] __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2160 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d4d9 Code: Bad RIP value. RSP: 002b:00007ff336526c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000002cbc0 RCX: 000000000045d4d9 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 000000000118d0c0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d08c R13: 00007ffd01b30bef R14: 00007ff3365279c0 R15: 000000000118d08c INFO: task syz-executor.1:3523 blocked for more than 140 seconds. Not tainted 4.19.141-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29360 3523 6481 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072 __tun_chr_ioctl.isra.0+0x4e0/0x3bd0 drivers/net/tun.c:2899 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d4d9 Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f49cfbf8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000019e00 RCX: 000000000045d4d9 RDX: 0000000020000100 RSI: 00000000400454ca RDI: 0000000000000003 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffdc77bd77f R14: 00007f49cfbf99c0 R15: 000000000118cf4c INFO: task syz-executor.1:3528 blocked for more than 140 seconds. Not tainted 4.19.141-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29480 3528 6481 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072 sock_do_ioctl+0x1f2/0x2d0 net/socket.c:963 sock_ioctl+0x2ef/0x5d0 net/socket.c:1074 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d4d9 Code: Bad RIP value. RSP: 002b:00007f49cfbd7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000012bc0 RCX: 000000000045d4d9 RDX: 0000000000400200 RSI: 0000000000008912 RDI: 0000000000000006 RBP: 000000000118d020 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec R13: 00007ffdc77bd77f R14: 00007f49cfbd89c0 R15: 000000000118cfec INFO: task syz-executor.1:3534 blocked for more than 140 seconds. Not tainted 4.19.141-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D28952 3534 6481 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072 rtnl_lock net/core/rtnetlink.c:77 [inline] rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4775 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2455 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x6bb/0xc40 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:632 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2115 __sys_sendmsg net/socket.c:2153 [inline] __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2160 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d4d9 Code: Bad RIP value. RSP: 002b:00007f49cfbb6c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000027ac0 RCX: 000000000045d4d9 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000007 RBP: 000000000118d0c0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d08c R13: 00007ffdc77bd77f R14: 00007f49cfbb79c0 R15: 000000000118d08c INFO: task syz-executor.1:3544 blocked for more than 140 seconds. Not tainted 4.19.141-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29304 3544 6481 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x647/0x1260 kernel/locking/mutex.c:1072 __tun_chr_ioctl.isra.0+0x4e0/0x3bd0 drivers/net/tun.c:2899 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d4d9 Code: Bad RIP value. RSP: 002b:00007f49cfb95c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000019e00 RCX: 000000000045d4d9 RDX: 0000000020000100 RSI: 00000000400454ca RDI: 0000000000000003 RBP: 000000000118d160 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d12c R13: 00007ffdc77bd77f R14: 00007f49cfb969c0 R15: 000000000118d12c Showing all locks held in the system: 1 lock held by khungtaskd/1089: #0: 00000000110080d3 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4440 1 lock held by in:imklog/6151: #0: 000000003f4a09ad (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 2 locks held by agetty/6270: #0: 00000000967a60ea (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272 #1: 000000009992c689 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x217/0x1950 drivers/tty/n_tty.c:2154 3 locks held by kworker/0:3/11739: #0: 000000000ae02afa ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126 #1: 00000000c2069865 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130 #2: 000000002a67707a (rtnl_mutex){+.+.}, at: addrconf_dad_work+0x9c/0x10a0 net/ipv6/addrconf.c:3988 3 locks held by kworker/0:1/23818: #0: 000000005f40bbba ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126 #1: 000000007626f542 (deferred_process_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130 #2: 000000002a67707a (rtnl_mutex){+.+.}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:150 3 locks held by kworker/0:0/20452: #0: 000000005f40bbba ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2126 #1: 00000000dd7ad8df ((linkwatch_work).work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2130 #2: 000000002a67707a (rtnl_mutex){+.+.}, at: linkwatch_event+0xb/0x60 net/core/link_watch.c:236 1 lock held by syz-executor.0/3498: #0: 000000002a67707a (rtnl_mutex){+.+.}, at: tun_detach drivers/net/tun.c:751 [inline] #0: 000000002a67707a (rtnl_mutex){+.+.}, at: tun_chr_close+0x3a/0x180 drivers/net/tun.c:3267 1 lock held by syz-executor.0/3512: 1 lock held by syz-executor.4/3519: #0: 000000002a67707a (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: 000000002a67707a (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4775 1 lock held by syz-executor.4/3543: #0: 000000002a67707a (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: 000000002a67707a (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4775 1 lock held by syz-executor.1/3523: #0: 000000002a67707a (rtnl_mutex){+.+.}, at: __tun_chr_ioctl.isra.0+0x4e0/0x3bd0 drivers/net/tun.c:2899 1 lock held by syz-executor.1/3528: #0: 000000002a67707a (rtnl_mutex){+.+.}, at: sock_do_ioctl+0x1f2/0x2d0 net/socket.c:963 1 lock held by syz-executor.1/3534: #0: 000000002a67707a (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: 000000002a67707a (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4775 1 lock held by syz-executor.1/3544: #0: 000000002a67707a (rtnl_mutex){+.+.}, at: __tun_chr_ioctl.isra.0+0x4e0/0x3bd0 drivers/net/tun.c:2899 1 lock held by syz-executor.1/3546: #0: 000000002a67707a (rtnl_mutex){+.+.}, at: sock_do_ioctl+0x1f2/0x2d0 net/socket.c:963 1 lock held by syz-executor.1/3547: #0: 000000002a67707a (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: 000000002a67707a (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4775 2 locks held by kworker/0:2/3552: ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1089 Comm: khungtaskd Not tainted 4.19.141-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2fe lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1a6/0x1eb lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x991/0xe60 kernel/hung_task.c:287 kthread+0x30b/0x410 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 6151 Comm: in:imklog Not tainted 4.19.141-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:bytes_is_nonzero mm/kasan/kasan.c:166 [inline] RIP: 0010:memory_is_nonzero mm/kasan/kasan.c:184 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/kasan.c:210 [inline] RIP: 0010:memory_is_poisoned mm/kasan/kasan.c:241 [inline] RIP: 0010:check_memory_region_inline mm/kasan/kasan.c:257 [inline] RIP: 0010:check_memory_region+0xba/0x170 mm/kasan/kasan.c:267 Code: 00 74 f1 48 8d 50 08 eb 09 48 83 c0 01 48 39 d0 74 0e 80 38 00 74 f2 48 85 c0 0f 85 9c 00 00 00 5b 5d 41 5c c3 48 85 d2 74 f6 <48> 01 ea eb 09 48 83 c0 01 48 39 d0 74 e8 80 38 00 74 f2 eb d8 41 RSP: 0018:ffff8880ae707b68 EFLAGS: 00000002 RAX: fffffbfff1687089 RBX: fffffbfff168708a RCX: ffffffff815138a1 RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8b438448 RBP: fffffbfff1687089 R08: 0000000000000001 R09: fffffbfff1687089 R10: ffffffff8b43844b R11: 0000000000000000 R12: 0000000000000001 R13: ffff88809fe8c5c0 R14: ffff8880ae723a58 R15: 0000000000000001 FS: 00007fc22a993700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000045d4af CR3: 00000000a635b000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: atomic_inc include/asm-generic/atomic-instrumented.h:109 [inline] __lock_acquire+0x251/0x3ff0 kernel/locking/lockdep.c:3307 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline] _raw_spin_lock_irq+0x5b/0x80 kernel/locking/spinlock.c:160 expire_timers+0x24b/0x4e0 kernel/time/timer.c:1376 __run_timers kernel/time/timer.c:1703 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1716 __do_softirq+0x26c/0x9a0 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:544 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1094 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:184 Code: 48 c7 c0 48 5b d2 88 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 2f 48 83 3d 2c e1 94 01 00 74 15 48 89 df 57 9d <0f> 1f 44 00 00 eb b2 e8 ca e4 c2 f9 eb c0 0f 0b 0f 0b 48 c7 c7 48 RSP: 0018:ffff8880879e7a08 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff11a4b69 RBX: 0000000000000286 RCX: 0000000000000000 RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000286 RBP: ffff8880a07facc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff8880ae72c2c0 R14: ffff8880a07fa500 R15: ffff8880a07facc8 try_to_wake_up+0x733/0x1050 kernel/sched/core.c:2056 wake_up_process kernel/sched/core.c:2124 [inline] wake_up_q+0x82/0xe0 kernel/sched/core.c:442 futex_wake+0x3e3/0x480 kernel/futex.c:1636 do_futex+0x351/0x1c40 kernel/futex.c:3714 __do_sys_futex kernel/futex.c:3770 [inline] __se_sys_futex+0x28f/0x3b0 kernel/futex.c:3738 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fc22cfd601a Code: 00 00 b8 ca 00 00 00 0f 05 5a 5e c3 0f 1f 40 00 56 52 c7 07 00 00 00 00 81 f6 81 00 00 00 ba 01 00 00 00 b8 ca 00 00 00 0f 05 <5a> 5e c3 0f 1f 00 41 54 41 55 49 89 fc 49 89 f5 48 83 ec 18 48 89 RSP: 002b:00007fc22a972370 EFLAGS: 00000206 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fc22cfd601a RDX: 0000000000000001 RSI: 0000000000000081 RDI: 000055f51d26d0b0 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000004000001 R10: 0000000000000001 R11: 0000000000000206 R12: 000055f51c3f6520 R13: 000055f51d26ce80 R14: 000055f51c1c8770 R15: 000055f51d26cd70