INFO: task syz-executor.4:11721 blocked for more than 140 seconds. Not tainted 4.14.295-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28264 11721 7995 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724 do_wait_for_common kernel/sched/completion.c:91 [inline] __wait_for_common kernel/sched/completion.c:112 [inline] wait_for_common+0x272/0x430 kernel/sched/completion.c:123 flush_work+0x3fe/0x770 kernel/workqueue.c:2894 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 p9_conn_destroy net/9p/trans_fd.c:898 [inline] p9_fd_close+0x28d/0x420 net/9p/trans_fd.c:925 p9_client_create+0x736/0x12c0 net/9p/client.c:1093 v9fs_session_init+0x1c5/0x1540 fs/9p/v9fs.c:422 v9fs_mount+0x73/0x860 fs/9p/vfs_super.c:135 mount_fs+0x92/0x2a0 fs/super.c:1237 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046 vfs_kern_mount fs/namespace.c:1036 [inline] do_new_mount fs/namespace.c:2572 [inline] do_mount+0xe65/0x2a30 fs/namespace.c:2905 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f9d663525a9 RSP: 002b:00007f9d64c83168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f9d66473120 RCX: 00007f9d663525a9 RDX: 0000000020000080 RSI: 0000000020000300 RDI: 0000000000000000 RBP: 00007f9d663ad580 R08: 0000000020000740 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe98a2480f R14: 00007f9d64c83300 R15: 0000000000022000 INFO: task syz-executor.2:11866 blocked for more than 140 seconds. *** Guest State *** CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 Not tainted 4.14.295-syzkaller #0 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 syz-executor.2 D27760 11866 7992 0x00000004 Call Trace: RFLAGS=0x00000002 DR7 = 0x0000000000000400 context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 *** Guest State *** CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 process 'syz-executor.0' launched '/dev/fd/3' with NULL argv: empty string added schedule+0x8d/0x1b0 kernel/sched/core.c:3431 DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724 CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000 CR3 = 0x00000000fffbc000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 do_wait_for_common kernel/sched/completion.c:91 [inline] __wait_for_common kernel/sched/completion.c:112 [inline] wait_for_common+0x272/0x430 kernel/sched/completion.c:123 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 flush_work+0x3fe/0x770 kernel/workqueue.c:2894 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 IDTR: limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 p9_conn_destroy net/9p/trans_fd.c:898 [inline] p9_fd_close+0x28d/0x420 net/9p/trans_fd.c:925 GDTR: limit=0x000007ff, base=0x0000000000001000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 p9_client_create+0x736/0x12c0 net/9p/client.c:1093 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 v9fs_session_init+0x1c5/0x1540 fs/9p/v9fs.c:422 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** EFER = 0x0000000000000000 PAT = 0x0007040600070406 RIP = 0xffffffff8116119e RSP = 0xffff8880997cf9b8 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 *** Host State *** RIP = 0xffffffff8116119e RSP = 0xffff88805710f9b8 FSBase=00007f1706e0b700 GSBase=ffff8880ba500000 TRBase=fffffe000003e000 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007fbe1057d700 GSBase=ffff8880ba400000 TRBase=fffffe0000003000 GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 v9fs_mount+0x73/0x860 fs/9p/vfs_super.c:135 mount_fs+0x92/0x2a0 fs/super.c:1237 GDTBase=fffffe000003c000 IDTBase=fffffe0000000000 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046 vfs_kern_mount fs/namespace.c:1036 [inline] do_new_mount fs/namespace.c:2572 [inline] do_mount+0xe65/0x2a30 fs/namespace.c:2905 CR0=0000000080050033 CR3=00000000b109c000 CR4=00000000003426f0 Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff87401690 CR0=0000000080050033 CR3=00000000b0073000 CR4=00000000003426e0 EFER = 0x0000000000000d01 PAT = 0x0407050600070106 *** Control State *** Sysenter RSP=fffffe000003e000 CS:RIP=0010:ffffffff87401690 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea EFER = 0x0000000000000d01 PAT = 0x0407050600070106 EntryControls=0000d1ff ExitControls=002fefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 *** Control State *** PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea EntryControls=0000d1ff ExitControls=002fefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 reason=80000021 qualification=0000000000000000 TSC Offset = 0xffffff20a19b565c IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff20c1062c2c EPT pointer = 0x00000000aec4301e Virtual processor ID = 0x0001 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7efee8eac5a9 RSP: 002b:00007efee77dd168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007efee8fcd120 RCX: 00007efee8eac5a9 EPT pointer = 0x000000009f8bb01e RDX: 0000000020000080 RSI: 0000000020000300 RDI: 0000000000000000 Virtual processor ID = 0x0002 RBP: 00007efee8f07580 R08: 0000000020000740 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc5e614c0f R14: 00007efee77dd300 R15: 0000000000022000 INFO: task syz-executor.4:12125 blocked for more than 140 seconds. Not tainted 4.14.295-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28968 12125 11876 0x00000004 Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3387 schedule+0x8d/0x1b0 kernel/sched/core.c:3431 schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724 overlayfs: fs on './file0' does not support file handles, falling back to index=off. do_wait_for_common kernel/sched/completion.c:91 [inline] __wait_for_common kernel/sched/completion.c:112 [inline] wait_for_common+0x272/0x430 kernel/sched/completion.c:123 flush_work+0x3fe/0x770 kernel/workqueue.c:2894 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 p9_conn_destroy net/9p/trans_fd.c:898 [inline] p9_fd_close+0x28d/0x420 net/9p/trans_fd.c:925 p9_client_create+0x736/0x12c0 net/9p/client.c:1093 v9fs_session_init+0x1c5/0x1540 fs/9p/v9fs.c:422 v9fs_mount+0x73/0x860 fs/9p/vfs_super.c:135 mount_fs+0x92/0x2a0 fs/super.c:1237 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046 vfs_kern_mount fs/namespace.c:1036 [inline] do_new_mount fs/namespace.c:2572 [inline] do_mount+0xe65/0x2a30 fs/namespace.c:2905 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7fd5a55295a9 RSP: 002b:00007fd5a3e5a168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007fd5a564a120 RCX: 00007fd5a55295a9 RDX: 0000000020000080 RSI: 0000000020000300 RDI: 0000000000000000 RBP: 00007fd5a5584580 R08: 0000000020000740 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffceee239ff R14: 00007fd5a3e5a300 R15: 0000000000022000 Showing all locks held in the system: 2 locks held by kworker/0:0/3: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&m->rq)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 2 locks held by kworker/1:1/24: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&m->rq)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 1 lock held by khungtaskd/1533: #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548 2 locks held by kworker/0:3/8007: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&m->rq)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 2 locks held by kworker/1:4/9188: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&m->rq)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 3 locks held by kworker/u4:5/9268: #0: ("%s""netns"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: (net_cleanup_work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (net_mutex){+.+.}, at: [] cleanup_net+0x110/0x840 net/core/net_namespace.c:453 ============================================= overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. NMI backtrace for cpu 1 CPU: 1 PID: 1533 Comm: khungtaskd Not tainted 4.14.295-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline] watchdog+0x5b9/0xb40 kernel/hung_task.c:274 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 23 Comm: kworker/u4:1 Not tainted 4.14.295-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Workqueue: bat_events batadv_nc_worker task: ffff8880b5600600 task.stack: ffff8880b5608000 RIP: 0010:strlen+0x54/0x90 lib/string.c:539 RSP: 0018:ffff8880b560faf8 EFLAGS: 00000006 RAX: ffffffff88720a43 RBX: dffffc0000000000 RCX: 0000000000000003 RDX: 0000000000000004 RSI: ffff888094b89b78 RDI: ffffffff88720a40 RBP: ffffffff88720a40 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff88f617c0 R13: ffff888094b89b78 R14: 0000000000000000 R15: ffff8880b560fbb8 FS: 0000000000000000(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2ee21000 CR3: 00000000aaef4000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: strlen include/linux/string.h:298 [inline] trace_event_get_offsets_lock_acquire include/trace/events/lock.h:13 [inline] perf_trace_lock_acquire+0xd3/0x510 include/trace/events/lock.h:13 trace_lock_acquire include/trace/events/lock.h:13 [inline] lock_acquire+0x2b8/0x3f0 kernel/locking/lockdep.c:3997 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:176 spin_lock_bh include/linux/spinlock.h:322 [inline] batadv_nc_purge_paths+0xce/0x300 net/batman-adv/network-coding.c:452 batadv_nc_worker+0x660/0xc50 net/batman-adv/network-coding.c:731 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 Code: c0 75 48 80 7d 00 00 74 39 48 bb 00 00 00 00 00 fc ff df 48 89 e8 48 83 c0 01 48 89 c2 48 89 c1 48 c1 ea 03 83 e1 07 0f b6 14 1a <38> ca 7f 04 84 d2 75 1f 80 38 00 75 de 48 83 c4 08 48 29 e8 5b