INFO: task syz-executor.3:1863 blocked for more than 143 seconds. Not tainted 5.1.0-rc1+ #32 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D28368 1863 7704 0x80000002 Call Trace: context_switch kernel/sched/core.c:2877 [inline] __schedule+0x817/0x1cc0 kernel/sched/core.c:3518 schedule+0x92/0x180 kernel/sched/core.c:3562 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3620 __mutex_lock_common kernel/locking/mutex.c:1002 [inline] __mutex_lock+0x726/0x1310 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 vhost_net_stop_vq+0x2d/0x120 drivers/vhost/net.c:1360 vhost_net_stop drivers/vhost/net.c:1374 [inline] vhost_net_release+0x5d/0x260 drivers/vhost/net.c:1406 __fput+0x2e5/0x8d0 fs/file_table.c:278 ____fput+0x16/0x20 fs/file_table.c:309 task_work_run+0x14a/0x1c0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x90a/0x2fa0 kernel/exit.c:876 do_group_exit+0x135/0x370 kernel/exit.c:980 __do_sys_exit_group kernel/exit.c:991 [inline] __se_sys_exit_group kernel/exit.c:989 [inline] __x64_sys_exit_group+0x44/0x50 kernel/exit.c:989 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458209 Code: Bad RIP value. RSP: 002b:0000000000a4fac8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000458209 RDX: 0000000000411f01 RSI: 0000000000a54ef0 RDI: 0000000000000000 RBP: 00000000004bd822 R08: 000000000000000c R09: 0000000000a4fbd0 R10: 00000000013cb940 R11: 0000000000000246 R12: 000000000073bfac R13: 0000000000000001 R14: 0000000000000003 R15: 000000000073bfac Showing all locks held in the system: 1 lock held by khungtaskd/1042: #0: 0000000088a0d6b4 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e kernel/locking/lockdep.c:5061 1 lock held by rsyslogd/7567: #0: 00000000ef24159c (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 fs/file.c:801 2 locks held by getty/7657: #0: 0000000009f0d82f (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 000000002023126b (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/7658: #0: 000000000b27a67e (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000b6c00791 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/7659: #0: 00000000bc4ad1c3 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000b748844d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/7660: #0: 00000000200a7b26 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 00000000e1f956b8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/7661: #0: 0000000002bc2c7b (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 000000005dccccfc (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/7662: #0: 000000000c31fa17 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000051687f75 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 2 locks held by getty/7663: #0: 000000008858ef3d (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341 #1: 0000000086c3b1a6 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 drivers/tty/n_tty.c:2156 1 lock held by syz-executor.3/1863: #0: 00000000f1a58c8f (&vq->mutex){+.+.}, at: vhost_net_stop_vq+0x2d/0x120 drivers/vhost/net.c:1360 1 lock held by vhost-1867/1879: 3 locks held by kworker/u4:2/2611: #0: 0000000070f6e729 (&rq->lock){-.-.}, at: rq_lock kernel/sched/sched.h:1168 [inline] #0: 0000000070f6e729 (&rq->lock){-.-.}, at: __schedule+0x1fc/0x1cc0 kernel/sched/core.c:3456 #1: 00000000e7b06603 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}, at: process_one_work+0x8b4/0x1790 kernel/workqueue.c:2244 #2: 0000000088a0d6b4 (rcu_read_lock){....}, at: batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:417 [inline] #2: 0000000088a0d6b4 (rcu_read_lock){....}, at: batadv_nc_worker+0xe3/0x760 net/batman-adv/network-coding.c:730 1 lock held by syz-executor.5/1177: #0: 000000003e1b7862 (&sb->s_type->i_mutex_key#11){+.+.}, at: inode_lock include/linux/fs.h:769 [inline] #0: 000000003e1b7862 (&sb->s_type->i_mutex_key#11){+.+.}, at: __sock_release+0x89/0x2b0 net/socket.c:578 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1042 Comm: khungtaskd Not tainted 5.1.0-rc1+ #32 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 nmi_cpu_backtrace.cold+0x63/0xa4 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1be/0x236 lib/nmi_backtrace.c:62 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline] watchdog+0x9b7/0xec0 kernel/hung_task.c:288 kthread+0x357/0x430 kernel/kthread.c:253 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 2611 Comm: kworker/u4:2 Not tainted 5.1.0-rc1+ #32 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_purge_orig RIP: 0010:io_serial_in+0x6b/0x90 drivers/tty/serial/8250/8250_port.c:450 Code: e9 00 00 00 49 8d 7c 24 38 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 d3 e3 80 3c 02 00 75 17 41 03 5c 24 38 89 da ec <5b> 0f b6 c0 41 5c 5d c3 e8 c8 d2 2e fe eb c2 e8 21 d3 2e fe eb e2 RSP: 0000:ffff8880ae8074c8 EFLAGS: 00000002 RAX: dffffc0000000000 RBX: 00000000000003fd RCX: 0000000000000000 RDX: 00000000000003fd RSI: ffffffff83799831 RDI: ffffffff8afd6258 RBP: ffff8880ae8074d8 R08: ffff88809732a580 R09: ffffed1015d00ea0 R10: ffffed1015d00e9f R11: 0000000000000003 R12: ffffffff8afd6220 R13: 0000000000000020 R14: 0000000000000000 R15: fffffbfff15fac4d FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004581df CR3: 00000000a91d8000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: serial_in drivers/tty/serial/8250/8250.h:111 [inline] wait_for_xmitr+0xa7/0x250 drivers/tty/serial/8250/8250_port.c:2028 serial8250_console_putchar+0x20/0x60 drivers/tty/serial/8250/8250_port.c:3199 uart_console_write+0x57/0x120 drivers/tty/serial/serial_core.c:1917 serial8250_console_write+0x62b/0x9c0 drivers/tty/serial/8250/8250_port.c:3263 univ8250_console_write+0x5f/0x70 drivers/tty/serial/8250/8250_core.c:586 call_console_drivers kernel/printk/printk.c:1774 [inline] console_unlock+0xb1e/0xeb0 kernel/printk/printk.c:2452 vprintk_emit+0x280/0x6d0 kernel/printk/printk.c:1975 vprintk_default+0x28/0x30 kernel/printk/printk.c:2002 vprintk_func+0x7e/0x189 kernel/printk/printk_safe.c:398 printk+0xba/0xed kernel/printk/printk.c:2035 dev_queue_xmit_nit.cold+0x3f/0x4b net/core/dev.c:2049 xmit_one net/core/dev.c:3274 [inline] dev_hard_start_xmit+0xbb/0x980 net/core/dev.c:3294 __dev_queue_xmit+0x271d/0x3060 net/core/dev.c:3864 dev_queue_xmit+0x18/0x20 net/core/dev.c:3897 hsr_xmit net/hsr/hsr_forward.c:237 [inline] hsr_forward_do net/hsr/hsr_forward.c:295 [inline] hsr_forward_skb+0xcfa/0x1bd0 net/hsr/hsr_forward.c:373 send_hsr_supervision_frame+0x8c2/0xf20 net/hsr/hsr_device.c:319 hsr_announce+0x12f/0x3b0 net/hsr/hsr_device.c:348 call_timer_fn+0x190/0x720 kernel/time/timer.c:1325 expire_timers kernel/time/timer.c:1362 [inline] __run_timers kernel/time/timer.c:1681 [inline] __run_timers kernel/time/timer.c:1649 [inline] run_timer_softirq+0x652/0x1700 kernel/time/timer.c:1694 __do_softirq+0x266/0x95a kernel/softirq.c:293 invoke_softirq kernel/softirq.c:374 [inline] irq_exit+0x180/0x1d0 kernel/softirq.c:414 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x14a/0x570 arch/x86/kernel/apic/apic.c:1062 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807 RIP: 0010:should_resched arch/x86/include/asm/preempt.h:102 [inline] RIP: 0010:__local_bh_enable_ip+0x18e/0x270 kernel/softirq.c:197 Code: 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 df 00 00 00 48 83 3d 3f e1 4d 07 00 0f 84 8f 00 00 00 fb 66 0f 1f 44 00 00 <65> 8b 05 fb 37 bd 7e 85 c0 74 7f 5b 41 5c 41 5d 5d c3 80 3d 20 c5 RSP: 0000:ffff8880506a7c48 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff11252d8 RBX: 0000000000000201 RCX: 1ffff11012e655c9 RDX: dffffc0000000000 RSI: ffff88809732ae28 RDI: ffff88809732adfc RBP: ffff8880506a7c60 R08: ffff88809732a580 R09: ffff88809732ae48 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff86f3c245 R13: ffff88809732a580 R14: dffffc0000000000 R15: 0000000000000360 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:176 [inline] _raw_spin_unlock_bh+0x31/0x40 kernel/locking/spinlock.c:200 spin_unlock_bh include/linux/spinlock.h:374 [inline] batadv_purge_orig_ref+0xa85/0x1060 net/batman-adv/originator.c:1376 batadv_purge_orig+0x1b/0x70 net/batman-adv/originator.c:1389 process_one_work+0x98e/0x1790 kernel/workqueue.c:2269 worker_thread+0x98/0xe40 kernel/workqueue.c:2415 kthread+0x357/0x430 kernel/kthread.c:253 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352