kernel msg: ebtables bug: please report to author: counter_offset != totalcnt INFO: task kworker/1:6:7555 blocked for more than 120 seconds. Not tainted 4.16.0-rc6+ #366 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/1:6 D21016 7555 2 0x80000000 Workqueue: events cgwb_release_workfn Call Trace: context_switch kernel/sched/core.c:2862 [inline] __schedule+0x8fb/0x1ec0 kernel/sched/core.c:3440 schedule+0xf5/0x430 kernel/sched/core.c:3499 bit_wait+0x18/0x90 kernel/sched/wait_bit.c:250 __wait_on_bit+0x88/0x130 kernel/sched/wait_bit.c:51 out_of_line_wait_on_bit+0x204/0x3a0 kernel/sched/wait_bit.c:64 wait_on_bit include/linux/wait_bit.h:84 [inline] wb_shutdown+0x335/0x430 mm/backing-dev.c:377 cgwb_release_workfn+0x8b/0x61d mm/backing-dev.c:520 process_one_work+0xc47/0x1bb0 kernel/workqueue.c:2113 worker_thread+0x223/0x1990 kernel/workqueue.c:2247 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:406 Showing all locks held in the system: 2 locks held by kworker/u4:0/5: #0: ((wq_completion)"events_unbound"){+.+.}, at: [<00000000b58fb3c9>] work_static include/linux/workqueue.h:198 [inline] #0: ((wq_completion)"events_unbound"){+.+.}, at: [<00000000b58fb3c9>] set_work_data kernel/workqueue.c:619 [inline] #0: ((wq_completion)"events_unbound"){+.+.}, at: [<00000000b58fb3c9>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline] #0: ((wq_completion)"events_unbound"){+.+.}, at: [<00000000b58fb3c9>] process_one_work+0xb12/0x1bb0 kernel/workqueue.c:2084 #1: (connector_reaper_work){+.+.}, at: [<000000003dfe4725>] process_one_work+0xb89/0x1bb0 kernel/workqueue.c:2088 2 locks held by khungtaskd/800: #0: (rcu_read_lock){....}, at: [<00000000acfa972f>] check_hung_uninterruptible_tasks kernel/hung_task.c:175 [inline] #0: (rcu_read_lock){....}, at: [<00000000acfa972f>] watchdog+0x1c5/0xd60 kernel/hung_task.c:249 #1: (tasklist_lock){.+.+}, at: [<000000007bdb2ad3>] debug_show_all_locks+0xd3/0x3d0 kernel/locking/lockdep.c:4470 4 locks held by kworker/0:2/1782: #0: ((wq_completion)"cgroup_destroy"){+.+.}, at: [<00000000b58fb3c9>] work_static include/linux/workqueue.h:198 [inline] #0: ((wq_completion)"cgroup_destroy"){+.+.}, at: [<00000000b58fb3c9>] set_work_data kernel/workqueue.c:619 [inline] #0: ((wq_completion)"cgroup_destroy"){+.+.}, at: [<00000000b58fb3c9>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline] #0: ((wq_completion)"cgroup_destroy"){+.+.}, at: [<00000000b58fb3c9>] process_one_work+0xb12/0x1bb0 kernel/workqueue.c:2084 #1: ((work_completion)(&css->destroy_work)#3){+.+.}, at: [<000000003dfe4725>] process_one_work+0xb89/0x1bb0 kernel/workqueue.c:2088 #2: (cpu_hotplug_lock.rw_sem){++++}, at: [<000000006f1c081f>] get_online_cpus include/linux/cpu.h:124 [inline] #2: (cpu_hotplug_lock.rw_sem){++++}, at: [<000000006f1c081f>] memcg_destroy_kmem_caches+0xf/0x80 mm/slab_common.c:771 #3: (slab_mutex){+.+.}, at: [<00000000bc897004>] memcg_destroy_kmem_caches+0x24/0x80 mm/slab_common.c:774 4 locks held by kworker/0:3/1890: #0: ((wq_completion)"memcg_kmem_cache"){+.+.}, at: [<00000000b58fb3c9>] work_static include/linux/workqueue.h:198 [inline] #0: ((wq_completion)"memcg_kmem_cache"){+.+.}, at: [<00000000b58fb3c9>] set_work_data kernel/workqueue.c:619 [inline] #0: ((wq_completion)"memcg_kmem_cache"){+.+.}, at: [<00000000b58fb3c9>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline] #0: ((wq_completion)"memcg_kmem_cache"){+.+.}, at: [<00000000b58fb3c9>] process_one_work+0xb12/0x1bb0 kernel/workqueue.c:2084 #1: ((work_completion)(&cw->work)){+.+.}, at: [<000000003dfe4725>] process_one_work+0xb89/0x1bb0 kernel/workqueue.c:2088 #2: (cpu_hotplug_lock.rw_sem){++++}, at: [<00000000475d2312>] get_online_cpus include/linux/cpu.h:124 [inline] #2: (cpu_hotplug_lock.rw_sem){++++}, at: [<00000000475d2312>] memcg_create_kmem_cache+0x16/0x170 mm/slab_common.c:619 #3: (slab_mutex){+.+.}, at: [<0000000079736bad>] memcg_create_kmem_cache+0x24/0x170 mm/slab_common.c:622 2 locks held by getty/4042: #0: (&tty->ldisc_sem){++++}, at: [<0000000093aa6530>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<000000007823ad3c>] n_tty_read+0x2ef/0x1a40 drivers/tty/n_tty.c:2131 2 locks held by getty/4043: #0: (&tty->ldisc_sem){++++}, at: [<0000000093aa6530>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<000000007823ad3c>] n_tty_read+0x2ef/0x1a40 drivers/tty/n_tty.c:2131 2 locks held by getty/4044: #0: (&tty->ldisc_sem){++++}, at: [<0000000093aa6530>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<000000007823ad3c>] n_tty_read+0x2ef/0x1a40 drivers/tty/n_tty.c:2131 2 locks held by getty/4045: #0: (&tty->ldisc_sem){++++}, at: [<0000000093aa6530>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<000000007823ad3c>] n_tty_read+0x2ef/0x1a40 drivers/tty/n_tty.c:2131 2 locks held by getty/4046: #0: (&tty->ldisc_sem){++++}, at: [<0000000093aa6530>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<000000007823ad3c>] n_tty_read+0x2ef/0x1a40 drivers/tty/n_tty.c:2131 2 locks held by getty/4047: #0: (&tty->ldisc_sem){++++}, at: [<0000000093aa6530>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<000000007823ad3c>] n_tty_read+0x2ef/0x1a40 drivers/tty/n_tty.c:2131 2 locks held by getty/4048: #0: (&tty->ldisc_sem){++++}, at: [<0000000093aa6530>] ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365 #1: (&ldata->atomic_read_lock){+.+.}, at: [<000000007823ad3c>] n_tty_read+0x2ef/0x1a40 drivers/tty/n_tty.c:2131 2 locks held by kworker/u4:5/6428: #0: ((wq_completion)"events_unbound"){+.+.}, at: [<00000000b58fb3c9>] work_static include/linux/workqueue.h:198 [inline] #0: ((wq_completion)"events_unbound"){+.+.}, at: [<00000000b58fb3c9>] set_work_data kernel/workqueue.c:619 [inline] #0: ((wq_completion)"events_unbound"){+.+.}, at: [<00000000b58fb3c9>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline] #0: ((wq_completion)"events_unbound"){+.+.}, at: [<00000000b58fb3c9>] process_one_work+0xb12/0x1bb0 kernel/workqueue.c:2084 #1: ((reaper_work).work){+.+.}, at: [<000000003dfe4725>] process_one_work+0xb89/0x1bb0 kernel/workqueue.c:2088 2 locks held by kworker/1:6/7555: #0: ((wq_completion)"events"){+.+.}, at: [<00000000b58fb3c9>] work_static include/linux/workqueue.h:198 [inline] #0: ((wq_completion)"events"){+.+.}, at: [<00000000b58fb3c9>] set_work_data kernel/workqueue.c:619 [inline] #0: ((wq_completion)"events"){+.+.}, at: [<00000000b58fb3c9>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline] #0: ((wq_completion)"events"){+.+.}, at: [<00000000b58fb3c9>] process_one_work+0xb12/0x1bb0 kernel/workqueue.c:2084 #1: ((work_completion)(&wb->release_work)){+.+.}, at: [<000000003dfe4725>] process_one_work+0xb89/0x1bb0 kernel/workqueue.c:2088 4 locks held by kworker/1:7/9804: #0: ((wq_completion)"memcg_kmem_cache"){+.+.}, at: [<00000000b58fb3c9>] work_static include/linux/workqueue.h:198 [inline] #0: ((wq_completion)"memcg_kmem_cache"){+.+.}, at: [<00000000b58fb3c9>] set_work_data kernel/workqueue.c:619 [inline] #0: ((wq_completion)"memcg_kmem_cache"){+.+.}, at: [<00000000b58fb3c9>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline] #0: ((wq_completion)"memcg_kmem_cache"){+.+.}, at: [<00000000b58fb3c9>] process_one_work+0xb12/0x1bb0 kernel/workqueue.c:2084 #1: ((work_completion)(&cw->work)){+.+.}, at: [<000000003dfe4725>] process_one_work+0xb89/0x1bb0 kernel/workqueue.c:2088 #2: (cpu_hotplug_lock.rw_sem){++++}, at: [<00000000475d2312>] get_online_cpus include/linux/cpu.h:124 [inline] #2: (cpu_hotplug_lock.rw_sem){++++}, at: [<00000000475d2312>] memcg_create_kmem_cache+0x16/0x170 mm/slab_common.c:619 #3: (slab_mutex){+.+.}, at: [<0000000079736bad>] memcg_create_kmem_cache+0x24/0x170 mm/slab_common.c:622 3 locks held by kworker/0:8/13704: #0: ((wq_completion)"events"){+.+.}, at: [<00000000b58fb3c9>] work_static include/linux/workqueue.h:198 [inline] #0: ((wq_completion)"events"){+.+.}, at: [<00000000b58fb3c9>] set_work_data kernel/workqueue.c:619 [inline] #0: ((wq_completion)"events"){+.+.}, at: [<00000000b58fb3c9>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline] #0: ((wq_completion)"events"){+.+.}, at: [<00000000b58fb3c9>] process_one_work+0xb12/0x1bb0 kernel/workqueue.c:2084 #1: (slab_caches_to_rcu_destroy_work){+.+.}, at: [<000000003dfe4725>] process_one_work+0xb89/0x1bb0 kernel/workqueue.c:2088 #2: (slab_mutex){+.+.}, at: [<0000000091939b5b>] slab_caches_to_rcu_destroy_workfn+0x25/0xc0 mm/slab_common.c:556 4 locks held by syz-executor0/3232: #0: (event_mutex){+.+.}, at: [<00000000100cc6f4>] perf_trace_destroy+0x28/0x100 kernel/trace/trace_event_perf.c:234 #1: (tracepoints_mutex){+.+.}, at: [<000000007164d17f>] tracepoint_probe_unregister+0x9a/0x870 kernel/tracepoint.c:320 #2: (cpu_hotplug_lock.rw_sem){++++}, at: [<00000000d99640fb>] __static_key_slow_dec kernel/jump_label.c:214 [inline] #2: (cpu_hotplug_lock.rw_sem){++++}, at: [<00000000d99640fb>] static_key_slow_dec+0x4a/0x90 kernel/jump_label.c:229 #3: (jump_label_mutex){+.+.}, at: [<0000000048098fa6>] __static_key_slow_dec_cpuslocked+0x7a/0x1d0 kernel/jump_label.c:195 1 lock held by syz-executor5/3277: #0: (sk_lock-AF_PACKET){+.+.}, at: [<00000000ab01892e>] lock_sock include/net/sock.h:1464 [inline] #0: (sk_lock-AF_PACKET){+.+.}, at: [<00000000ab01892e>] packet_set_ring+0xc7/0x1b10 net/packet/af_packet.c:4213 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 800 Comm: khungtaskd Not tainted 4.16.0-rc6+ #366 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 nmi_cpu_backtrace+0x1d2/0x210 lib/nmi_backtrace.c:103 nmi_trigger_cpumask_backtrace+0x123/0x180 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline] check_hung_task kernel/hung_task.c:132 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:190 [inline] watchdog+0x90c/0xd60 kernel/hung_task.c:249 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:406 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 4123 Comm: syz-executor7 Not tainted 4.16.0-rc6+ #366 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:update_stack_state+0x3c8/0x700 arch/x86/kernel/unwind_frame.c:271 RSP: 0018:ffff8801be82f150 EFLAGS: 00000246 RAX: dffffc0000000000 RBX: ffff8801be82fd40 RCX: 1ffff10037d05e00 RDX: 1ffff10037d05e7a RSI: ffff8801be82fd50 RDI: ffff8801be82f3d0 RBP: ffff8801be82f258 R08: ffff8801be82f3c8 R09: ffff8801be820300 R10: 000000000000000b R11: ffffed0037d05e7b R12: 1ffff10037d05e32 R13: 1ffff10037d05e36 R14: ffffffff81b62c70 R15: ffff8801be82f388 FS: 00000000013b1940(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000001b20c10 CR3: 00000001bf5c7006 CR4: 00000000001626f0 DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: unwind_next_frame.part.6+0x1a6/0xb40 arch/x86/kernel/unwind_frame.c:329 unwind_next_frame+0x3e/0x50 arch/x86/kernel/unwind_frame.c:287 __save_stack_trace+0x6e/0xd0 arch/x86/kernel/stacktrace.c:44 save_stack_trace+0x1a/0x20 arch/x86/kernel/stacktrace.c:60 save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:552 __do_kmalloc mm/slab.c:3705 [inline] __kmalloc_track_caller+0x15e/0x760 mm/slab.c:3720 kstrdup+0x39/0x70 mm/util.c:56 kstrdup_const+0x39/0x50 mm/util.c:77 __kernfs_new_node+0xa2/0x570 fs/kernfs/dir.c:629 kernfs_new_node+0x80/0xe0 fs/kernfs/dir.c:679 __kernfs_create_file+0x4b/0x320 fs/kernfs/file.c:989 cgroup_add_file kernel/cgroup/cgroup.c:3535 [inline] cgroup_addrm_files+0x3c5/0xa70 kernel/cgroup/cgroup.c:3590 css_populate_dir+0x340/0x420 kernel/cgroup/cgroup.c:1601 cgroup_mkdir+0x553/0xfc0 kernel/cgroup/cgroup.c:4934 kernfs_iop_mkdir+0x153/0x1e0 fs/kernfs/dir.c:1099 vfs_mkdir+0x390/0x600 fs/namei.c:3800 SYSC_mkdirat fs/namei.c:3823 [inline] SyS_mkdirat fs/namei.c:3807 [inline] SYSC_mkdir fs/namei.c:3834 [inline] SyS_mkdir+0x220/0x2a0 fs/namei.c:3832 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x453cd7 RSP: 002b:0000000000a3eb78 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 0000000000000428 RCX: 0000000000453cd7 RDX: 0000000000a3f856 RSI: 00000000000001ff RDI: 0000000000a3f8f0 RBP: 0000000000a3f220 R08: 0000000000000000 R09: 0000000000000006 R10: 0000000000000064 R11: 0000000000000246 R12: 0000000000a3eba0 R13: 0000000000000013 R14: 0000000000000000 R15: 0000000000001380 Code: ff df 4c 8b 75 98 41 c6 44 05 00 f8 49 8d 7f 48 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 76 01 00 00 <4c> 89 c2 48 b8 00 00 00 00 00 fc ff df 4d 89 77 48 48 c1 ea 03