ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 INFO: task syz-executor.1:14238 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D29288 14238 8150 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:292 [inline] rwsem_down_read_failed+0x20a/0x390 kernel/locking/rwsem-xadd.c:309 call_rwsem_down_read_failed+0x14/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0x44/0x80 kernel/locking/rwsem.c:26 __get_super.part.0+0x209/0x2e0 fs/super.c:698 __get_super include/linux/spinlock.h:329 [inline] get_super+0x2b/0x50 fs/super.c:727 fsync_bdev+0x14/0xc0 fs/block_dev.c:483 blkdev_flushbuf block/ioctl.c:436 [inline] blkdev_ioctl+0x912/0x1a80 block/ioctl.c:521 block_ioctl+0xe9/0x130 fs/block_dev.c:1906 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f540a967639 Code: Bad RIP value. RSP: 002b:00007f5408eb9168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f540aa88050 RCX: 00007f540a967639 RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000003 RBP: 00007f540a9c2ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffead049c8f R14: 00007f5408eb9300 R15: 0000000000022000 Showing all locks held in the system: 3 locks held by kworker/u4:0/7: 1 lock held by khungtaskd/1566: #0: 00000000ac899389 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 1 lock held by in:imklog/7806: #0: 00000000c3a5f7a4 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 1 lock held by syz-executor.1/14234: 1 lock held by syz-executor.1/14238: #0: 000000003135c2ab (&type->s_umount_key#78){.+.+}, at: __get_super.part.0+0x209/0x2e0 fs/super.c:698 1 lock held by syz-executor.4/17187: #0: 000000003135c2ab (&type->s_umount_key#78){.+.+}, at: iterate_supers+0xdb/0x290 fs/super.c:631 1 lock held by syz-executor.4/17190: #0: 000000003135c2ab (&type->s_umount_key#78){.+.+}, at: iterate_supers+0xdb/0x290 fs/super.c:631 1 lock held by syz-executor.4/17195: #0: 000000003135c2ab (&type->s_umount_key#78){.+.+}, at: iterate_supers+0xdb/0x290 fs/super.c:631 1 lock held by syz-executor.4/17203: #0: 000000003135c2ab (&type->s_umount_key#78){.+.+}, at: iterate_supers+0xdb/0x290 fs/super.c:631 3 locks held by syz-executor.1/17269: #0: 00000000b8fb099d (sb_writers#3){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 00000000b8fb099d (sb_writers#3){.+.+}, at: mnt_want_write_file+0x63/0x1d0 fs/namespace.c:418 #1: 00000000950f18db (&sb->s_type->i_mutex_key#10){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #1: 00000000950f18db (&sb->s_type->i_mutex_key#10){+.+.}, at: lock_two_nondirectories+0xec/0x110 fs/inode.c:1015 #2: 000000005688a45b (hrtimer_bases.lock){-.-.}, at: lock_hrtimer_base kernel/time/hrtimer.c:174 [inline] #2: 000000005688a45b (hrtimer_bases.lock){-.-.}, at: hrtimer_try_to_cancel.part.0+0x6e/0x560 kernel/time/hrtimer.c:1214 3 locks held by syz-executor.3/17268: #0: 000000001a4ad94b (br_ioctl_mutex){+.+.}, at: sock_ioctl+0x29e/0x5d0 net/socket.c:1100 #1: 00000000922210e2 (rtnl_mutex){+.+.}, at: br_del_bridge+0x14/0x110 net/bridge/br_if.c:472 #2: 00000000b989cbf0 (rcu_preempt_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline] #2: 00000000b989cbf0 (rcu_preempt_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited+0x256/0x6f0 kernel/rcu/tree_exp.h:667 2 locks held by syz-executor.2/17265: #0: 00000000eff47f5b (&sb->s_type->i_mutex_key#13){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #0: 00000000eff47f5b (&sb->s_type->i_mutex_key#13){+.+.}, at: __sock_release+0x86/0x2a0 net/socket.c:598 #1: 00000000b989cbf0 (rcu_preempt_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline] #1: 00000000b989cbf0 (rcu_preempt_state.exp_mutex){+.+.}, at: _synchronize_rcu_expedited+0x256/0x6f0 kernel/rcu/tree_exp.h:667 1 lock held by syz-executor.0/17278: #0: 00000000922210e2 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: 00000000922210e2 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779 3 locks held by syz-executor.1/17284: ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1566 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x991/0xe60 kernel/hung_task.c:287 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 47 Comm: kworker/u4:2 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Workqueue: bat_events batadv_nc_worker RIP: 0010:__lock_is_held+0x128/0x160 kernel/locking/lockdep.c:3737 Code: 03 7e 4c 0f b6 43 22 83 e0 03 3b 44 24 04 0f 94 c0 0f b6 c0 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 83 c4 08 31 c0 5b <5d> 41 5c 41 5d 41 5e 41 5f c3 e8 29 ad 4d 00 e9 0a ff ff ff e8 af RSP: 0018:ffff8880ba107b38 EFLAGS: 00000046 RAX: 0000000000000000 RBX: 0000000000000086 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffff8880b5144e8a RBP: 0000000000000005 R08: 0000000000000000 R09: ffffed101742455a R10: ffff8880ba122ad3 R11: ffffffff8c66505b R12: ffff8880b5144dc8 R13: dffffc0000000000 R14: ffffffff89fa8ec0 R15: ffff8880b5144540 FS: 0000000000000000(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f85530f5718 CR3: 00000000a295d000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_is_held_type+0x10d/0x210 kernel/locking/lockdep.c:3946 lock_is_held include/linux/lockdep.h:344 [inline] task_css_set include/linux/cgroup.h:470 [inline] task_dfl_cgroup include/linux/cgroup.h:539 [inline] cgroup_account_cputime include/linux/cgroup.h:770 [inline] update_curr+0x680/0x870 kernel/sched/fair.c:858 enqueue_entity+0xdba/0x3850 kernel/sched/fair.c:3955 enqueue_task_fair+0x12e/0x2270 kernel/sched/fair.c:5177 ttwu_activate kernel/sched/core.c:1639 [inline] ttwu_do_activate+0xce/0x1e0 kernel/sched/core.c:1698 ttwu_queue kernel/sched/core.c:1843 [inline] try_to_wake_up+0x700/0x1050 kernel/sched/core.c:2052 hrtimer_wakeup+0x43/0x60 kernel/time/hrtimer.c:1713 __run_hrtimer kernel/time/hrtimer.c:1465 [inline] __hrtimer_run_queues+0x3f6/0xe60 kernel/time/hrtimer.c:1527 hrtimer_interrupt+0x326/0x9e0 kernel/time/hrtimer.c:1585 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1071 [inline] smp_apic_timer_interrupt+0x10c/0x550 arch/x86/kernel/apic/apic.c:1096 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:416 [inline] RIP: 0010:batadv_nc_worker+0xa0/0xd50 net/batman-adv/network-coding.c:730 Code: c1 e8 03 48 89 c2 48 b8 00 00 00 00 00 fc ff df 0f b6 04 02 84 c0 74 08 3c 03 0f 8e a6 0c 00 00 48 8b 44 24 38 31 ff 8b 58 10 <89> de e8 09 9c 89 f9 85 db 0f 84 ff 09 00 00 e8 8c 9a 89 f9 48 8b RSP: 0018:ffff8880b5187cb0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: ffff8880af800980 RBX: 0000000000000400 RCX: ffff8880b41ca2c0 RDX: 1ffff11015f00132 RSI: ffffffff87d8ea97 RDI: 0000000000000000 RBP: ffff8880b41cac40 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: ffff88813bfc2d00 R13: ffff8880b5b46300 R14: ffff88813bfc2940 R15: ffff8880a44b9c00 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415