bisecting cause commit starting from 90cadbbf341dd5b2df991c33a6bd6341f3a53788
building syzkaller on 8a41a0ad8ed91a6c7a65663b1bacaf6d79cde558
testing commit 90cadbbf341dd5b2df991c33a6bd6341f3a53788 with gcc (GCC) 8.1.0
run #0: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #1: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #2: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #3: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #4: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #5: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #6: crashed: INFO: task hung in tls_sw_free_resources_tx
run #7: crashed: INFO: task hung in tls_sw_free_resources_tx
run #8: crashed: INFO: task hung in tls_sw_free_resources_tx
run #9: crashed: INFO: task hung in tls_sw_free_resources_tx
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
all runs: OK
# git bisect start 90cadbbf341dd5b2df991c33a6bd6341f3a53788 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d
Bisecting: 9032 revisions left to test after this (roughly 13 steps)
[746bb4ed6d626f3f9e431a7f9b20504538e62ded] Merge tag 'vla-v4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
testing commit 746bb4ed6d626f3f9e431a7f9b20504538e62ded with gcc (GCC) 8.1.0
run #0: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #1: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #2: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #3: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #4: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #5: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #6: crashed: INFO: task hung in tls_sw_free_resources_tx
run #7: crashed: INFO: task hung in tls_sw_free_resources_tx
run #8: crashed: INFO: task hung in tls_sw_free_resources_tx
run #9: crashed: INFO: task hung in tls_sw_free_resources_tx
# git bisect bad 746bb4ed6d626f3f9e431a7f9b20504538e62ded
Bisecting: 3734 revisions left to test after this (roughly 12 steps)
[50b825d7e87f4cff7070df6eb26390152bb29537] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
testing commit 50b825d7e87f4cff7070df6eb26390152bb29537 with gcc (GCC) 8.1.0
run #0: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #1: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #2: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #3: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #4: crashed: INFO: task hung in tls_sw_free_resources_tx
run #5: crashed: INFO: task hung in tls_sw_free_resources_tx
run #6: crashed: INFO: task hung in tls_sw_free_resources_tx
run #7: crashed: INFO: task hung in tls_sw_free_resources_tx
run #8: crashed: INFO: task hung in tls_sw_free_resources_tx
run #9: crashed: INFO: task hung in tls_sw_free_resources_tx
# git bisect bad 50b825d7e87f4cff7070df6eb26390152bb29537
Bisecting: 2120 revisions left to test after this (roughly 11 steps)
[99e9acd85ccbdc8f5785f9e961d4956e96bd6aa5] Merge tag 'mlx5-updates-2018-10-17' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux
testing commit 99e9acd85ccbdc8f5785f9e961d4956e96bd6aa5 with gcc (GCC) 8.1.0
run #0: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #1: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #2: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #3: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #4: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #5: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #6: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #7: crashed: INFO: task hung in lock_sock_nested
run #8: crashed: INFO: task hung in tls_sw_free_resources_tx
run #9: crashed: INFO: task hung in tls_sw_free_resources_tx
# git bisect bad 99e9acd85ccbdc8f5785f9e961d4956e96bd6aa5
Bisecting: 989 revisions left to test after this (roughly 10 steps)
[d793fb46822ff7408a1767313ef6b12e811baa55] Merge tag 'wireless-drivers-next-for-davem-2018-10-02' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
testing commit d793fb46822ff7408a1767313ef6b12e811baa55 with gcc (GCC) 8.1.0
run #0: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #1: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #2: crashed: INFO: task hung in tls_sw_free_resources_tx
run #3: crashed: INFO: task hung in tls_sw_free_resources_tx
run #4: crashed: INFO: task hung in tls_sw_free_resources_tx
run #5: crashed: INFO: task hung in tls_sw_free_resources_tx
run #6: crashed: INFO: task hung in tls_sw_free_resources_tx
run #7: crashed: INFO: task hung in tls_sw_free_resources_tx
run #8: crashed: INFO: task hung in tls_sw_free_resources_tx
run #9: crashed: INFO: task hung in tls_sw_free_resources_tx
# git bisect bad d793fb46822ff7408a1767313ef6b12e811baa55
Bisecting: 565 revisions left to test after this (roughly 9 steps)
[72b0094f918294e6cb8cf5c3b4520d928fbb1a57] tcp: switch tcp_clock_ns() to CLOCK_TAI base
testing commit 72b0094f918294e6cb8cf5c3b4520d928fbb1a57 with gcc (GCC) 8.1.0
run #0: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #1: crashed: KASAN: use-after-free Read in tls_write_space
run #2: crashed: KASAN: slab-out-of-bounds Read in tls_write_space
run #3: crashed: KASAN: slab-out-of-bounds Read in tls_write_space
run #4: crashed: KASAN: use-after-free Read in tls_write_space
run #5: crashed: KASAN: use-after-free Read in tls_write_space
run #6: crashed: KASAN: use-after-free Read in tls_write_space
run #7: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #8: crashed: INFO: task hung in tls_sw_free_resources_tx
run #9: crashed: INFO: task hung in tls_sw_free_resources_tx
# git bisect bad 72b0094f918294e6cb8cf5c3b4520d928fbb1a57
Bisecting: 282 revisions left to test after this (roughly 8 steps)
[250bb6f0f8240a6addbb3fe9c9dbd4abd79503c8] staging: rtl8192e: Use __skb_peek().
testing commit 250bb6f0f8240a6addbb3fe9c9dbd4abd79503c8 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 250bb6f0f8240a6addbb3fe9c9dbd4abd79503c8
Bisecting: 141 revisions left to test after this (roughly 7 steps)
[56184e01c00d6d23609f9f9e52cc731568e8088f] iavf: rename most of i40e strings
testing commit 56184e01c00d6d23609f9f9e52cc731568e8088f with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 56184e01c00d6d23609f9f9e52cc731568e8088f
Bisecting: 70 revisions left to test after this (roughly 6 steps)
[c8c618afc2b22067d6f37e2e41d9bba209fe0036] net: ibm: remove redundant local variables 'act_nr_of_entries' and 'act_pages'
testing commit c8c618afc2b22067d6f37e2e41d9bba209fe0036 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good c8c618afc2b22067d6f37e2e41d9bba209fe0036
Bisecting: 34 revisions left to test after this (roughly 5 steps)
[1ba2a720da72b11435dbe278c6ab83aac75734e5] Merge branch 'kfree_skb-NULL'
testing commit 1ba2a720da72b11435dbe278c6ab83aac75734e5 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 1ba2a720da72b11435dbe278c6ab83aac75734e5
Bisecting: 17 revisions left to test after this (roughly 4 steps)
[30f8eb55873ef078f5f02f636061d9399debbeab] net: if_arp: Fix incorrect indents
testing commit 30f8eb55873ef078f5f02f636061d9399debbeab with gcc (GCC) 8.1.0
run #0: crashed: KASAN: use-after-free Read in tls_write_space
run #1: crashed: KASAN: use-after-free Read in tls_write_space
run #2: crashed: KASAN: use-after-free Read in tls_write_space
run #3: crashed: KASAN: use-after-free Read in tls_write_space
run #4: crashed: KASAN: use-after-free Read in tls_write_space
run #5: crashed: KASAN: use-after-free Read in tls_write_space
run #6: crashed: KASAN: use-after-free Read in tls_write_space
run #7: crashed: INFO: task hung in tls_sw_free_resources_tx
run #8: crashed: INFO: task hung in tls_sw_free_resources_tx
run #9: crashed: INFO: task hung in tls_sw_free_resources_tx
# git bisect bad 30f8eb55873ef078f5f02f636061d9399debbeab
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[075ddebc3283e83ac56fcc8f4bb44c15cef0d7ce] net: phy: don't reschedule state machine when PHY is halted
testing commit 075ddebc3283e83ac56fcc8f4bb44c15cef0d7ce with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 075ddebc3283e83ac56fcc8f4bb44c15cef0d7ce
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[94e7c844990f0db92418586b107be135b4963b66] net: lan78xx: Avoid unnecessary self assignment
testing commit 94e7c844990f0db92418586b107be135b4963b66 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 94e7c844990f0db92418586b107be135b4963b66
Bisecting: 2 revisions left to test after this (roughly 1 step)
[2b49117a5abee8478b0470cba46ac74f93b4a479] net: micrel: fix return type of ndo_start_xmit function
testing commit 2b49117a5abee8478b0470cba46ac74f93b4a479 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 2b49117a5abee8478b0470cba46ac74f93b4a479
Bisecting: 0 revisions left to test after this (roughly 1 step)
[a42055e8d2c30d4decfc13ce943d09c7b9dad221] net/tls: Add support for async encryption of records for performance
testing commit a42055e8d2c30d4decfc13ce943d09c7b9dad221 with gcc (GCC) 8.1.0
run #0: crashed: KASAN: use-after-free Read in tls_write_space
run #1: crashed: KASAN: use-after-free Read in tls_write_space
run #2: crashed: KASAN: use-after-free Read in tls_write_space
run #3: crashed: KASAN: use-after-free Read in tls_write_space
run #4: crashed: KASAN: use-after-free Read in tls_write_space
run #5: crashed: KASAN: use-after-free Read in tls_write_space
run #6: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt
run #7: crashed: KASAN: use-after-free Read in tls_write_space
run #8: crashed: INFO: task hung in tls_sw_free_resources_tx
run #9: crashed: INFO: task hung in tls_sw_free_resources_tx
# git bisect bad a42055e8d2c30d4decfc13ce943d09c7b9dad221
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[06983aa526c759ebdf43f202d8d0491d9494e2f4] net: freescale: fix return type of ndo_start_xmit function
testing commit 06983aa526c759ebdf43f202d8d0491d9494e2f4 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 06983aa526c759ebdf43f202d8d0491d9494e2f4
a42055e8d2c30d4decfc13ce943d09c7b9dad221 is the first bad commit
commit a42055e8d2c30d4decfc13ce943d09c7b9dad221
Author: Vakul Garg <vakul.garg@nxp.com>
Date:   Fri Sep 21 09:46:13 2018 +0530

    net/tls: Add support for async encryption of records for performance
    
    In current implementation, tls records are encrypted & transmitted
    serially. Till the time the previously submitted user data is encrypted,
    the implementation waits and on finish starts transmitting the record.
    This approach of encrypt-one record at a time is inefficient when
    asynchronous crypto accelerators are used. For each record, there are
    overheads of interrupts, driver softIRQ scheduling etc. Also the crypto
    accelerator sits idle most of time while an encrypted record's pages are
    handed over to tcp stack for transmission.
    
    This patch enables encryption of multiple records in parallel when an
    async capable crypto accelerator is present in system. This is achieved
    by allowing the user space application to send more data using sendmsg()
    even while previously issued data is being processed by crypto
    accelerator. This requires returning the control back to user space
    application after submitting encryption request to accelerator. This
    also means that zero-copy mode of encryption cannot be used with async
    accelerator as we must be done with user space application buffer before
    returning from sendmsg().
    
    There can be multiple records in flight to/from the accelerator. Each of
    the record is represented by 'struct tls_rec'. This is used to store the
    memory pages for the record.
    
    After the records are encrypted, they are added in a linked list called
    tx_ready_list which contains encrypted tls records sorted as per tls
    sequence number. The records from tx_ready_list are transmitted using a
    newly introduced function called tls_tx_records(). The tx_ready_list is
    polled for any record ready to be transmitted in sendmsg(), sendpage()
    after initiating encryption of new tls records. This achieves parallel
    encryption and transmission of records when async accelerator is
    present.
    
    There could be situation when crypto accelerator completes encryption
    later than polling of tx_ready_list by sendmsg()/sendpage(). Therefore
    we need a deferred work context to be able to transmit records from
    tx_ready_list. The deferred work context gets scheduled if applications
    are not sending much data through the socket. If the applications issue
    sendmsg()/sendpage() in quick succession, then the scheduling of
    tx_work_handler gets cancelled as the tx_ready_list would be polled from
    application's context itself. This saves scheduling overhead of deferred
    work.
    
    The patch also brings some side benefit. We are able to get rid of the
    concept of CLOSED record. This is because the records once closed are
    either encrypted and then placed into tx_ready_list or if encryption
    fails, the socket error is set. This simplifies the kernel tls
    sendpath. However since tls_device.c is still using macros, accessory
    functions for CLOSED records have been retained.
    
    Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

:040000 040000 3d612ab648b98bcf8d858d9b038edc4e9610af17 e709cb2c5bf2154d7bc5e7f69873c1f9b1a82b9f M	include
:040000 040000 a414ef7f5a06dfe36221471957c7adcf8ee457c9 c7d7f747d7ce08f890acffc7f0476d28b650be5b M	net
revisions tested: 17, total time: 4h15m2.792598546s (build: 1h35m4.901097281s, test: 2h35m13.13017581s)
first bad commit: a42055e8d2c30d4decfc13ce943d09c7b9dad221 net/tls: Add support for async encryption of records for performance
cc: ["aviadye@mellanox.com" "borisp@mellanox.com" "davejwatson@fb.com" "davem@davemloft.net" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "vakul.garg@nxp.com"]
crash: INFO: task hung in tls_sw_free_resources_tx
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
INFO: task syz-executor0:8444 blocked for more than 140 seconds.
      Not tainted 4.19.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0   D23160  8444   6837 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2825 [inline]
 __schedule+0x836/0x1e90 kernel/sched/core.c:3473
 schedule+0xfe/0x460 kernel/sched/core.c:3517
 schedule_timeout+0x197/0x220 kernel/time/timer.c:1780
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common kernel/sched/completion.c:115 [inline]
 wait_for_completion+0x427/0x8a0 kernel/sched/completion.c:136
 __flush_work+0x4cb/0x8e0 kernel/workqueue.c:2917
 __cancel_work_timer+0x3fd/0x7b0 kernel/workqueue.c:3004
 cancel_delayed_work_sync+0xe/0x10 kernel/workqueue.c:3136
 tls_sw_free_resources_tx+0x1ce/0xc60 net/tls/tls_sw.c:1564
 tls_sk_proto_close+0x4ac/0x6e0 net/tls/tls_main.c:278
 inet_release+0xde/0x1c0 net/ipv4/af_inet.c:428
 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:458
 __sock_release+0xc7/0x230 net/socket.c:579
 sock_close+0x10/0x20 net/socket.c:1141
 __fput+0x303/0xab0 fs/file_table.c:278
 ____fput+0x9/0x10 fs/file_table.c:309
 task_work_run+0x19f/0x240 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x26e/0x300 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x587/0x700 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x411211
Code: Bad RIP value.
RSP: 002b:00007fff3b021d80 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000411211
RDX: 0000000000000000 RSI: 0000000000740b80 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00007fff3b021cb0 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
INFO: task syz-executor1:8454 blocked for more than 140 seconds.
      Not tainted 4.19.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor1   D23160  8454   6836 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2825 [inline]
 __schedule+0x836/0x1e90 kernel/sched/core.c:3473
 schedule+0xfe/0x460 kernel/sched/core.c:3517
 schedule_timeout+0x197/0x220 kernel/time/timer.c:1780
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common kernel/sched/completion.c:115 [inline]
 wait_for_completion+0x427/0x8a0 kernel/sched/completion.c:136
 __flush_work+0x4cb/0x8e0 kernel/workqueue.c:2917
 __cancel_work_timer+0x3fd/0x7b0 kernel/workqueue.c:3004
 cancel_delayed_work_sync+0xe/0x10 kernel/workqueue.c:3136
 tls_sw_free_resources_tx+0x1ce/0xc60 net/tls/tls_sw.c:1564
 tls_sk_proto_close+0x4ac/0x6e0 net/tls/tls_main.c:278
 inet_release+0xde/0x1c0 net/ipv4/af_inet.c:428
 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:458
 __sock_release+0xc7/0x230 net/socket.c:579
 sock_close+0x10/0x20 net/socket.c:1141
 __fput+0x303/0xab0 fs/file_table.c:278
 ____fput+0x9/0x10 fs/file_table.c:309
 task_work_run+0x19f/0x240 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x26e/0x300 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x587/0x700 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x411211
Code: Bad RIP value.
RSP: 002b:00007fff68b10a10 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000411211
RDX: 0000000000000000 RSI: 0000000000740b80 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00007fff68b10940 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
INFO: task syz-executor2:8474 blocked for more than 140 seconds.
      Not tainted 4.19.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor2   D23160  8474   6845 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2825 [inline]
 __schedule+0x836/0x1e90 kernel/sched/core.c:3473
 schedule+0xfe/0x460 kernel/sched/core.c:3517
 schedule_timeout+0x197/0x220 kernel/time/timer.c:1780
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common kernel/sched/completion.c:115 [inline]
 wait_for_completion+0x427/0x8a0 kernel/sched/completion.c:136
 __flush_work+0x4cb/0x8e0 kernel/workqueue.c:2917
 __cancel_work_timer+0x3fd/0x7b0 kernel/workqueue.c:3004
 cancel_delayed_work_sync+0xe/0x10 kernel/workqueue.c:3136
 tls_sw_free_resources_tx+0x1ce/0xc60 net/tls/tls_sw.c:1564
 tls_sk_proto_close+0x4ac/0x6e0 net/tls/tls_main.c:278
 inet_release+0xde/0x1c0 net/ipv4/af_inet.c:428
 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:458
 __sock_release+0xc7/0x230 net/socket.c:579
 sock_close+0x10/0x20 net/socket.c:1141
 __fput+0x303/0xab0 fs/file_table.c:278
 ____fput+0x9/0x10 fs/file_table.c:309
 task_work_run+0x19f/0x240 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x26e/0x300 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x587/0x700 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x411211
Code: Bad RIP value.
RSP: 002b:00007ffc72ea4f00 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000411211
RDX: 0000000000000000 RSI: 0000000000740b80 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffc72ea4e30 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000002
INFO: task syz-executor4:8479 blocked for more than 140 seconds.
      Not tainted 4.19.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor4   D20456  8479   6846 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2825 [inline]
 __schedule+0x836/0x1e90 kernel/sched/core.c:3473
 schedule+0xfe/0x460 kernel/sched/core.c:3517
 schedule_timeout+0x197/0x220 kernel/time/timer.c:1780
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common kernel/sched/completion.c:115 [inline]
 wait_for_completion+0x427/0x8a0 kernel/sched/completion.c:136
 __flush_work+0x4cb/0x8e0 kernel/workqueue.c:2917
 __cancel_work_timer+0x3fd/0x7b0 kernel/workqueue.c:3004
 cancel_delayed_work_sync+0xe/0x10 kernel/workqueue.c:3136
 tls_sw_free_resources_tx+0x1ce/0xc60 net/tls/tls_sw.c:1564
 tls_sk_proto_close+0x4ac/0x6e0 net/tls/tls_main.c:278
 inet_release+0xde/0x1c0 net/ipv4/af_inet.c:428
 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:458
 __sock_release+0xc7/0x230 net/socket.c:579
 sock_close+0x10/0x20 net/socket.c:1141
 __fput+0x303/0xab0 fs/file_table.c:278
 ____fput+0x9/0x10 fs/file_table.c:309
 task_work_run+0x19f/0x240 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x26e/0x300 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x587/0x700 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x411211
Code: Bad RIP value.
RSP: 002b:00007ffe30f202b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000411211
RDX: 0000000000000000 RSI: 0000000000740b80 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffe30f201e0 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000004
INFO: task syz-executor5:8482 blocked for more than 140 seconds.
      Not tainted 4.19.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor5   D23160  8482   6864 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2825 [inline]
 __schedule+0x836/0x1e90 kernel/sched/core.c:3473
 schedule+0xfe/0x460 kernel/sched/core.c:3517
 schedule_timeout+0x197/0x220 kernel/time/timer.c:1780
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common kernel/sched/completion.c:115 [inline]
 wait_for_completion+0x427/0x8a0 kernel/sched/completion.c:136
 __flush_work+0x4cb/0x8e0 kernel/workqueue.c:2917
 __cancel_work_timer+0x3fd/0x7b0 kernel/workqueue.c:3004
 cancel_delayed_work_sync+0xe/0x10 kernel/workqueue.c:3136
 tls_sw_free_resources_tx+0x1ce/0xc60 net/tls/tls_sw.c:1564
 tls_sk_proto_close+0x4ac/0x6e0 net/tls/tls_main.c:278
 inet_release+0xde/0x1c0 net/ipv4/af_inet.c:428
 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:458
 __sock_release+0xc7/0x230 net/socket.c:579
 sock_close+0x10/0x20 net/socket.c:1141
 __fput+0x303/0xab0 fs/file_table.c:278
 ____fput+0x9/0x10 fs/file_table.c:309
 task_work_run+0x19f/0x240 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x26e/0x300 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x587/0x700 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x411211
Code: Bad RIP value.
RSP: 002b:00007fff66e8aaa0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000411211
RDX: 0000000000000000 RSI: 0000000000740b80 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00007fff66e8a9d0 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000005
INFO: task syz-executor3:8493 blocked for more than 140 seconds.
      Not tainted 4.19.0-rc4-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor3   D22752  8493   6833 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2825 [inline]
 __schedule+0x836/0x1e90 kernel/sched/core.c:3473
 schedule+0xfe/0x460 kernel/sched/core.c:3517
 schedule_timeout+0x197/0x220 kernel/time/timer.c:1780
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common kernel/sched/completion.c:115 [inline]
 wait_for_completion+0x427/0x8a0 kernel/sched/completion.c:136
 __flush_work+0x4cb/0x8e0 kernel/workqueue.c:2917
 __cancel_work_timer+0x3fd/0x7b0 kernel/workqueue.c:3004
 cancel_delayed_work_sync+0xe/0x10 kernel/workqueue.c:3136
 tls_sw_free_resources_tx+0x1ce/0xc60 net/tls/tls_sw.c:1564
 tls_sk_proto_close+0x4ac/0x6e0 net/tls/tls_main.c:278
 inet_release+0xde/0x1c0 net/ipv4/af_inet.c:428
 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:458
 __sock_release+0xc7/0x230 net/socket.c:579
 sock_close+0x10/0x20 net/socket.c:1141
 __fput+0x303/0xab0 fs/file_table.c:278
 ____fput+0x9/0x10 fs/file_table.c:309
 task_work_run+0x19f/0x240 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x26e/0x300 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x587/0x700 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x411211
Code: Bad RIP value.
RSP: 002b:00007ffee1258f80 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000411211
RDX: 0000000000000000 RSI: 0000000000740b80 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffee1258eb0 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000003

Showing all locks held in the system:
2 locks held by kworker/0:0/5:
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:215 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: process_one_work+0x9d6/0x1a20 kernel/workqueue.c:2124
 #1: 00000000b47a6a1b ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}, at: process_one_work+0xa20/0x1a20 kernel/workqueue.c:2128
2 locks held by kworker/0:1/14:
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:215 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: process_one_work+0x9d6/0x1a20 kernel/workqueue.c:2124
 #1: 00000000c5d74f2c ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}, at: process_one_work+0xa20/0x1a20 kernel/workqueue.c:2128
2 locks held by kworker/1:0/19:
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:215 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: process_one_work+0x9d6/0x1a20 kernel/workqueue.c:2124
 #1: 0000000076e9f146 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}, at: process_one_work+0xa20/0x1a20 kernel/workqueue.c:2128
2 locks held by kworker/1:1/24:
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:215 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: process_one_work+0x9d6/0x1a20 kernel/workqueue.c:2124
 #1: 00000000b9ae2b87 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}, at: process_one_work+0xa20/0x1a20 kernel/workqueue.c:2128
1 lock held by khungtaskd/1023:
 #0: 000000004a6a29d1 (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424 kernel/locking/lockdep.c:4435
2 locks held by kworker/1:2/2726:
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:215 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: process_one_work+0x9d6/0x1a20 kernel/workqueue.c:2124
 #1: 0000000034898476 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}, at: process_one_work+0xa20/0x1a20 kernel/workqueue.c:2128
1 lock held by rsyslogd/6634:
 #0: 000000004b0513fb (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x170/0x1d0 fs/file.c:766
2 locks held by getty/6725:
 #0: 00000000c0d8f150 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:353
 #1: 00000000ad0ce7a1 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x2fd/0x1b60 drivers/tty/n_tty.c:2140
2 locks held by getty/6726:
 #0: 0000000037b33ea8 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:353
 #1: 00000000c38fc073 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x2fd/0x1b60 drivers/tty/n_tty.c:2140
2 locks held by getty/6727:
 #0: 000000003161cc34 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:353
 #1: 0000000060229d69 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x2fd/0x1b60 drivers/tty/n_tty.c:2140
2 locks held by getty/6728:
 #0: 00000000801624f7 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:353
 #1: 0000000023ad799e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x2fd/0x1b60 drivers/tty/n_tty.c:2140
2 locks held by getty/6729:
 #0: 00000000f09b7742 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:353
 #1: 0000000046992977 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x2fd/0x1b60 drivers/tty/n_tty.c:2140
2 locks held by getty/6730:
 #0: 000000006804bd48 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:353
 #1: 00000000722d9258 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x2fd/0x1b60 drivers/tty/n_tty.c:2140
2 locks held by getty/6731:
 #0: 000000009c88759f (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x2d/0x40 drivers/tty/tty_ldsem.c:353
 #1: 0000000044498deb (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x2fd/0x1b60 drivers/tty/n_tty.c:2140
2 locks held by kworker/1:3/7288:
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: __write_once_size include/linux/compiler.h:215 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: 000000008cfdef9b ((wq_completion)"events"){+.+.}, at: process_one_work+0x9d6/0x1a20 kernel/workqueue.c:2124
 #1: 00000000b2f30e8e ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}, at: process_one_work+0xa20/0x1a20 kernel/workqueue.c:2128
2 locks held by syz-executor0/8444:
 #0: 000000003267ee46 (&sb->s_type->i_mutex_key#12){+.+.}, at: inode_lock include/linux/fs.h:738 [inline]
 #0: 000000003267ee46 (&sb->s_type->i_mutex_key#12){+.+.}, at: __sock_release+0x7d/0x230 net/socket.c:578
 #1: 00000000bbcbb66e (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1492 [inline]
 #1: 00000000bbcbb66e (sk_lock-AF_INET6){+.+.}, at: wait_on_pending_writer+0x260/0x550 net/tls/tls_main.c:87
2 locks held by syz-executor1/8454:
 #0: 00000000dcf89476 (&sb->s_type->i_mutex_key#12){+.+.}, at: inode_lock include/linux/fs.h:738 [inline]
 #0: 00000000dcf89476 (&sb->s_type->i_mutex_key#12){+.+.}, at: __sock_release+0x7d/0x230 net/socket.c:578
 #1: 00000000437b2e41 (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1492 [inline]
 #1: 00000000437b2e41 (sk_lock-AF_INET6){+.+.}, at: wait_on_pending_writer+0x260/0x550 net/tls/tls_main.c:87
2 locks held by syz-executor2/8474:
 #0: 0000000033a1e2b9 (&sb->s_type->i_mutex_key#12){+.+.}, at: inode_lock include/linux/fs.h:738 [inline]
 #0: 0000000033a1e2b9 (&sb->s_type->i_mutex_key#12){+.+.}, at: __sock_release+0x7d/0x230 net/socket.c:578
 #1: 00000000ba0404fc (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1492 [inline]
 #1: 00000000ba0404fc (sk_lock-AF_INET6){+.+.}, at: wait_on_pending_writer+0x260/0x550 net/tls/tls_main.c:87
2 locks held by syz-executor4/8479:
 #0: 000000004256a71d (&sb->s_type->i_mutex_key#12){+.+.}, at: inode_lock include/linux/fs.h:738 [inline]
 #0: 000000004256a71d (&sb->s_type->i_mutex_key#12){+.+.}, at: __sock_release+0x7d/0x230 net/socket.c:578
 #1: 00000000a151b706 (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1492 [inline]
 #1: 00000000a151b706 (sk_lock-AF_INET6){+.+.}, at: wait_on_pending_writer+0x260/0x550 net/tls/tls_main.c:87
2 locks held by syz-executor5/8482:
 #0: 00000000765001e9 (&sb->s_type->i_mutex_key#12){+.+.}, at: inode_lock include/linux/fs.h:738 [inline]
 #0: 00000000765001e9 (&sb->s_type->i_mutex_key#12){+.+.}, at: __sock_release+0x7d/0x230 net/socket.c:578
 #1: 00000000cdf0379e (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1492 [inline]
 #1: 00000000cdf0379e (sk_lock-AF_INET6){+.+.}, at: wait_on_pending_writer+0x260/0x550 net/tls/tls_main.c:87
2 locks held by syz-executor3/8493:
 #0: 00000000121ceb45 (&sb->s_type->i_mutex_key#12){+.+.}, at: inode_lock include/linux/fs.h:738 [inline]
 #0: 00000000121ceb45 (&sb->s_type->i_mutex_key#12){+.+.}, at: __sock_release+0x7d/0x230 net/socket.c:578
 #1: 00000000e902cda0 (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1492 [inline]
 #1: 00000000e902cda0 (sk_lock-AF_INET6){+.+.}, at: wait_on_pending_writer+0x260/0x550 net/tls/tls_main.c:87

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1023 Comm: khungtaskd Not tainted 4.19.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x16e/0x22a lib/dump_stack.c:113
 nmi_cpu_backtrace.cold.3+0x3e/0x76 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0xf5/0x119 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:144 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:204 [inline]
 watchdog+0x749/0xc80 kernel/hung_task.c:265
 kthread+0x327/0x3f0 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:57