INFO: task syz-executor.4:11721 blocked for more than 140 seconds.
Not tainted 4.14.295-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.4 D28264 11721 7995 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common+0x272/0x430 kernel/sched/completion.c:123
flush_work+0x3fe/0x770 kernel/workqueue.c:2894
__cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965
p9_conn_destroy net/9p/trans_fd.c:898 [inline]
p9_fd_close+0x28d/0x420 net/9p/trans_fd.c:925
p9_client_create+0x736/0x12c0 net/9p/client.c:1093
v9fs_session_init+0x1c5/0x1540 fs/9p/v9fs.c:422
v9fs_mount+0x73/0x860 fs/9p/vfs_super.c:135
mount_fs+0x92/0x2a0 fs/super.c:1237
vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
vfs_kern_mount fs/namespace.c:1036 [inline]
do_new_mount fs/namespace.c:2572 [inline]
do_mount+0xe65/0x2a30 fs/namespace.c:2905
SYSC_mount fs/namespace.c:3121 [inline]
SyS_mount+0xa8/0x120 fs/namespace.c:3098
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f9d663525a9
RSP: 002b:00007f9d64c83168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f9d66473120 RCX: 00007f9d663525a9
RDX: 0000000020000080 RSI: 0000000020000300 RDI: 0000000000000000
RBP: 00007f9d663ad580 R08: 0000000020000740 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe98a2480f R14: 00007f9d64c83300 R15: 0000000000022000
INFO: task syz-executor.2:11866 blocked for more than 140 seconds.
*** Guest State ***
CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
Not tainted 4.14.295-syzkaller #0
CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
CR3 = 0x00000000fffbc000
RSP = 0x0000000000000f80 RIP = 0x0000000000000000
syz-executor.2 D27760 11866 7992 0x00000004
Call Trace:
RFLAGS=0x00000002 DR7 = 0x0000000000000400
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
*** Guest State ***
CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000
CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
process 'syz-executor.0' launched '/dev/fd/3' with NULL argv: empty string added
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724
CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000
CR3 = 0x00000000fffbc000
RSP = 0x0000000000000f80 RIP = 0x0000000000000000
ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common+0x272/0x430 kernel/sched/completion.c:123
RFLAGS=0x00000002 DR7 = 0x0000000000000400
Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000
FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
flush_work+0x3fe/0x770 kernel/workqueue.c:2894
GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
GDTR: limit=0x000007ff, base=0x0000000000001000
SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000
__cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965
ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
IDTR: limit=0x0000ffff, base=0x0000000000000000
GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
p9_conn_destroy net/9p/trans_fd.c:898 [inline]
p9_fd_close+0x28d/0x420 net/9p/trans_fd.c:925
GDTR: limit=0x000007ff, base=0x0000000000001000
EFER = 0x0000000000000000 PAT = 0x0007040600070406
p9_client_create+0x736/0x12c0 net/9p/client.c:1093
LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000
IDTR: limit=0x0000ffff, base=0x0000000000000000
TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
v9fs_session_init+0x1c5/0x1540 fs/9p/v9fs.c:422
Interruptibility = 00000000 ActivityState = 00000000
*** Host State ***
EFER = 0x0000000000000000 PAT = 0x0007040600070406
RIP = 0xffffffff8116119e RSP = 0xffff8880997cf9b8
DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000
Interruptibility = 00000000 ActivityState = 00000000
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
*** Host State ***
RIP = 0xffffffff8116119e RSP = 0xffff88805710f9b8
FSBase=00007f1706e0b700 GSBase=ffff8880ba500000 TRBase=fffffe000003e000
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
FSBase=00007fbe1057d700 GSBase=ffff8880ba400000 TRBase=fffffe0000003000
GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
v9fs_mount+0x73/0x860 fs/9p/vfs_super.c:135
mount_fs+0x92/0x2a0 fs/super.c:1237
GDTBase=fffffe000003c000 IDTBase=fffffe0000000000
vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
vfs_kern_mount fs/namespace.c:1036 [inline]
do_new_mount fs/namespace.c:2572 [inline]
do_mount+0xe65/0x2a30 fs/namespace.c:2905
CR0=0000000080050033 CR3=00000000b109c000 CR4=00000000003426f0
Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff87401690
CR0=0000000080050033 CR3=00000000b0073000 CR4=00000000003426e0
EFER = 0x0000000000000d01 PAT = 0x0407050600070106
*** Control State ***
Sysenter RSP=fffffe000003e000 CS:RIP=0010:ffffffff87401690
SYSC_mount fs/namespace.c:3121 [inline]
SyS_mount+0xa8/0x120 fs/namespace.c:3098
PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
EFER = 0x0000000000000d01 PAT = 0x0407050600070106
EntryControls=0000d1ff ExitControls=002fefff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
reason=80000021 qualification=0000000000000000
IDTVectoring: info=00000000 errcode=00000000
*** Control State ***
PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
EntryControls=0000d1ff ExitControls=002fefff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
reason=80000021 qualification=0000000000000000
TSC Offset = 0xffffff20a19b565c
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffff20c1062c2c
EPT pointer = 0x00000000aec4301e
Virtual processor ID = 0x0001
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7efee8eac5a9
RSP: 002b:00007efee77dd168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007efee8fcd120 RCX: 00007efee8eac5a9
EPT pointer = 0x000000009f8bb01e
RDX: 0000000020000080 RSI: 0000000020000300 RDI: 0000000000000000
Virtual processor ID = 0x0002
RBP: 00007efee8f07580 R08: 0000000020000740 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc5e614c0f R14: 00007efee77dd300 R15: 0000000000022000
INFO: task syz-executor.4:12125 blocked for more than 140 seconds.
Not tainted 4.14.295-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.4 D28968 12125 11876 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724
overlayfs: fs on './file0' does not support file handles, falling back to index=off.
do_wait_for_common kernel/sched/completion.c:91 [inline]
__wait_for_common kernel/sched/completion.c:112 [inline]
wait_for_common+0x272/0x430 kernel/sched/completion.c:123
flush_work+0x3fe/0x770 kernel/workqueue.c:2894
__cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965
p9_conn_destroy net/9p/trans_fd.c:898 [inline]
p9_fd_close+0x28d/0x420 net/9p/trans_fd.c:925
p9_client_create+0x736/0x12c0 net/9p/client.c:1093
v9fs_session_init+0x1c5/0x1540 fs/9p/v9fs.c:422
v9fs_mount+0x73/0x860 fs/9p/vfs_super.c:135
mount_fs+0x92/0x2a0 fs/super.c:1237
vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
vfs_kern_mount fs/namespace.c:1036 [inline]
do_new_mount fs/namespace.c:2572 [inline]
do_mount+0xe65/0x2a30 fs/namespace.c:2905
SYSC_mount fs/namespace.c:3121 [inline]
SyS_mount+0xa8/0x120 fs/namespace.c:3098
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7fd5a55295a9
RSP: 002b:00007fd5a3e5a168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fd5a564a120 RCX: 00007fd5a55295a9
RDX: 0000000020000080 RSI: 0000000020000300 RDI: 0000000000000000
RBP: 00007fd5a5584580 R08: 0000000020000740 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffceee239ff R14: 00007fd5a3e5a300 R15: 0000000000022000
Showing all locks held in the system:
2 locks held by kworker/0:0/3:
#0: ("events"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&m->rq)){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
2 locks held by kworker/1:1/24:
#0: ("events"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&m->rq)){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
1 lock held by khungtaskd/1533:
#0: (tasklist_lock){.+.+}, at: [<ffffffff87024c59>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
2 locks held by kworker/0:3/8007:
#0: ("events"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&m->rq)){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
2 locks held by kworker/1:4/9188:
#0: ("events"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&m->rq)){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
3 locks held by kworker/u4:5/9268:
#0: ("%s""netns"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: (net_cleanup_work){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (net_mutex){+.+.}, at: [<ffffffff85c1cdb0>] cleanup_net+0x110/0x840 net/core/net_namespace.c:453
=============================================
overlayfs: fs on './file0' does not support file handles, falling back to index=off.
overlayfs: fs on './file0' does not support file handles, falling back to index=off.
overlayfs: fs on './file0' does not support file handles, falling back to index=off.
overlayfs: fs on './file0' does not support file handles, falling back to index=off.
overlayfs: fs on './file0' does not support file handles, falling back to index=off.
overlayfs: fs on './file0' does not support file handles, falling back to index=off.
overlayfs: fs on './file0' does not support file handles, falling back to index=off.
overlayfs: fs on './file0' does not support file handles, falling back to index=off.
NMI backtrace for cpu 1
CPU: 1 PID: 1533 Comm: khungtaskd Not tainted 4.14.295-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5b9/0xb40 kernel/hung_task.c:274
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 23 Comm: kworker/u4:1 Not tainted 4.14.295-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Workqueue: bat_events batadv_nc_worker
task: ffff8880b5600600 task.stack: ffff8880b5608000
RIP: 0010:strlen+0x54/0x90 lib/string.c:539
RSP: 0018:ffff8880b560faf8 EFLAGS: 00000006
RAX: ffffffff88720a43 RBX: dffffc0000000000 RCX: 0000000000000003
RDX: 0000000000000004 RSI: ffff888094b89b78 RDI: ffffffff88720a40
RBP: ffffffff88720a40 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff88f617c0
R13: ffff888094b89b78 R14: 0000000000000000 R15: ffff8880b560fbb8
FS: 0000000000000000(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2ee21000 CR3: 00000000aaef4000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
strlen include/linux/string.h:298 [inline]
trace_event_get_offsets_lock_acquire include/trace/events/lock.h:13 [inline]
perf_trace_lock_acquire+0xd3/0x510 include/trace/events/lock.h:13
trace_lock_acquire include/trace/events/lock.h:13 [inline]
lock_acquire+0x2b8/0x3f0 kernel/locking/lockdep.c:3997
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:176
spin_lock_bh include/linux/spinlock.h:322 [inline]
batadv_nc_purge_paths+0xce/0x300 net/batman-adv/network-coding.c:452
batadv_nc_worker+0x660/0xc50 net/batman-adv/network-coding.c:731
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: c0 75 48 80 7d 00 00 74 39 48 bb 00 00 00 00 00 fc ff df 48 89 e8 48 83 c0 01 48 89 c2 48 89 c1 48 c1 ea 03 83 e1 07 0f b6 14 1a <38> ca 7f 04 84 d2 75 1f 80 38 00 75 de 48 83 c4 08 48 29 e8 5b