Bluetooth: hci2 command 0x0406 tx timeout
Bluetooth: hci5 command 0x0406 tx timeout
Bluetooth: hci4 command 0x0406 tx timeout
Bluetooth: hci1 command 0x0406 tx timeout
Bluetooth: hci3 command 0x0406 tx timeout
BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 159s!
Showing busy workqueues and worker pools:
workqueue events: flags=0x0
pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=17/256 refcnt=18
in-flight: 8015:rtc_timer_do_work
pending: wait_rcu_exp_gp, cache_reap, wait_rcu_exp_gp, pwq_unbound_release_workfn, perf_sched_delayed, destroy_super_work, macvlan_process_broadcast, macvlan_process_broadcast, defense_work_handler, defense_work_handler, defense_work_handler, defense_work_handler, defense_work_handler, macvlan_process_broadcast, macvlan_process_broadcast, macvlan_process_broadcast
workqueue events_long: flags=0x0
pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
pending: gc_worker
workqueue events_freezable: flags=0x4
pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
pending: update_balloon_stats_func
workqueue events_power_efficient: flags=0x80
pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=5/256 refcnt=6
pending: fb_flashcursor, do_cache_clean, neigh_periodic_work, neigh_periodic_work, check_lifetime
workqueue mm_percpu_wq: flags=0x8
pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
pending: vmstat_update
workqueue dm_bufio_cache: flags=0x8
pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
pending: work_fn
workqueue ipv6_addrconf: flags=0x40008
pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/1 refcnt=3
pending: addrconf_dad_work
delayed: addrconf_dad_work
pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=4
in-flight: 9220:addrconf_dad_work
delayed: addrconf_dad_work, addrconf_verify_work
workqueue bat_events: flags=0xe000a
pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=9
pending: batadv_nc_worker
delayed: batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker, batadv_nc_worker
pool 0: cpus=0 node=0 flags=0x0 nice=0 hung=0s workers=5 idle: 6064 3625 3 24
pool 2: cpus=1 node=0 flags=0x0 nice=0 hung=159s workers=5 idle: 4315 18 9070 23
INFO: task kworker/0:4:9220 blocked for more than 140 seconds.
Not tainted 4.14.277-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:4 D27216 9220 2 0x80000000
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
addrconf_dad_work+0x89/0xef0 net/ipv6/addrconf.c:3921
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
INFO: task syz-executor.0:10075 blocked for more than 140 seconds.
Not tainted 4.14.277-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0 D25456 10075 7978 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
_synchronize_rcu_expedited+0x522/0x770 kernel/rcu/tree_exp.h:615
synchronize_net+0x2b/0x40 net/core/dev.c:8248
dev_deactivate_many+0x3d9/0x970 net/sched/sch_generic.c:936
__dev_close_many+0x11d/0x270 net/core/dev.c:1437
__dev_close net/core/dev.c:1462 [inline]
__dev_change_flags+0x21f/0x540 net/core/dev.c:6800
dev_change_flags+0x7e/0x130 net/core/dev.c:6868
do_setlink+0x83f/0x2bf0 net/core/rtnetlink.c:2092
rtnl_group_changelink net/core/rtnetlink.c:2512 [inline]
rtnl_newlink+0xc9d/0x1830 net/core/rtnetlink.c:2668
rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4322
netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2455
netlink_unicast_kernel net/netlink/af_netlink.c:1296 [inline]
netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1322
netlink_sendmsg+0x648/0xbc0 net/netlink/af_netlink.c:1893
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
__sys_sendmsg+0xa3/0x120 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 net/socket.c:2103
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f21415910e9
RSP: 002b:00007f213ff06168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f21416a3f60 RCX: 00007f21415910e9
RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
RBP: 00007f21415eb08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff929c5e5f R14: 00007f213ff06300 R15: 0000000000022000
INFO: task syz-executor.0:10090 blocked for more than 140 seconds.
Not tainted 4.14.277-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0 D28816 10090 7978 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
rcu_sync_enter+0x233/0x2d0 kernel/rcu/sync.c:135
percpu_down_write+0x59/0x3e0 kernel/locking/percpu-rwsem.c:143
ext4_ind_migrate+0x17e/0x620 fs/ext4/migrate.c:646
ext4_ioctl_setflags+0x545/0x680 fs/ext4/ioctl.c:353
ext4_ioctl+0x21e8/0x3800 fs/ext4/ioctl.c:697
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f21415910e9
RSP: 002b:00007f213fee5168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f21416a4030 RCX: 00007f21415910e9
RDX: 0000000020000040 RSI: 0000000040086602 RDI: 000000000000000f
RBP: 00007f21415eb08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff929c5e5f R14: 00007f213fee5300 R15: 0000000000022000
INFO: task syz-executor.0:10099 blocked for more than 140 seconds.
Not tainted 4.14.277-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0 D29808 10099 7978 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
__rwsem_down_write_failed_common kernel/locking/rwsem-xadd.c:588 [inline]
rwsem_down_write_failed+0x343/0x6d0 kernel/locking/rwsem-xadd.c:617
call_rwsem_down_write_failed+0x13/0x20 arch/x86/lib/rwsem.S:105
__down_write arch/x86/include/asm/rwsem.h:126 [inline]
down_write+0x4f/0x90 kernel/locking/rwsem.c:56
inode_lock include/linux/fs.h:719 [inline]
process_measurement+0x4f5/0xb20 security/integrity/ima/ima_main.c:206
do_last fs/namei.c:3435 [inline]
path_openat+0x10ad/0x2970 fs/namei.c:3569
do_filp_open+0x179/0x3c0 fs/namei.c:3603
do_sys_open+0x296/0x410 fs/open.c:1081
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f21415910e9
RSP: 002b:00007f213fec4168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f21416a4100 RCX: 00007f21415910e9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000380
RBP: 00007f21415eb08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff929c5e5f R14: 00007f213fec4300 R15: 0000000000022000
INFO: task syz-executor.0:10103 blocked for more than 140 seconds.
Not tainted 4.14.277-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0 D30120 10103 7978 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
addrconf_add_ifaddr+0xb3/0x130 net/ipv6/addrconf.c:2940
inet6_ioctl+0x10b/0x1a0 net/ipv6/af_inet6.c:541
sock_do_ioctl net/socket.c:974 [inline]
sock_ioctl+0x2cc/0x4c0 net/socket.c:1071
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f21415910e9
RSP: 002b:00007f213fea3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f21416a41d0 RCX: 00007f21415910e9
RDX: 00000000200000c0 RSI: 0000000000008916 RDI: 0000000000000004
RBP: 00007f21415eb08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff929c5e5f R14: 00007f213fea3300 R15: 0000000000022000
INFO: task syz-executor.0:10110 blocked for more than 140 seconds.
Not tainted 4.14.277-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0 D29184 10110 7978 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
rtnl_lock net/core/rtnetlink.c:72 [inline]
rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317
netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2455
netlink_unicast_kernel net/netlink/af_netlink.c:1296 [inline]
netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1322
netlink_sendmsg+0x648/0xbc0 net/netlink/af_netlink.c:1893
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
__sys_sendmsg+0xa3/0x120 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 net/socket.c:2103
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f21415910e9
RSP: 002b:00007f213fe82168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f21416a42a0 RCX: 00007f21415910e9
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000012
RBP: 00007f21415eb08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff929c5e5f R14: 00007f213fe82300 R15: 0000000000022000
INFO: task syz-executor.5:10068 blocked for more than 140 seconds.
Not tainted 4.14.277-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5 D28856 10068 7984 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
exp_funnel_lock kernel/rcu/tree_exp.h:305 [inline]
_synchronize_rcu_expedited+0x32d/0x770 kernel/rcu/tree_exp.h:596
synchronize_sched+0xd8/0x1b0 kernel/rcu/tree.c:3239
tracepoint_synchronize_unregister include/linux/tracepoint.h:80 [inline]
perf_trace_event_unreg.isra.0+0xa8/0x1d0 kernel/trace/trace_event_perf.c:161
perf_trace_destroy+0xb5/0xf0 kernel/trace/trace_event_perf.c:236
_free_event+0x321/0xe20 kernel/events/core.c:4246
put_event kernel/events/core.c:4332 [inline]
perf_event_release_kernel+0x3b2/0x8a0 kernel/events/core.c:4433
perf_release+0x33/0x40 kernel/events/core.c:4443
__fput+0x25f/0x7a0 fs/file_table.c:210
task_work_run+0x11f/0x190 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x1ad/0x200 arch/x86/entry/common.c:164
prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7ff2d601cd2b
RSP: 002b:00007ffe49d5cfe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007ff2d601cd2b
RDX: 0000000000000000 RSI: 00007ff2d5fe1000 RDI: 0000000000000003
RBP: 00007ff2d617e960 R08: 0000000000000000 R09: 000000004770aae7
R10: 0000000000000000 R11: 0000000000000293 R12: 000000000001eb6e
R13: 00007ffe49d5d0e0 R14: 00007ffe49d5d100 R15: 0000000000000064
INFO: task syz-executor.2:10071 blocked for more than 140 seconds.
Not tainted 4.14.277-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D28912 10071 7980 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
ip6mr_sk_done+0x3a/0x230 net/ipv6/ip6mr.c:1625
rawv6_close+0x48/0x70 net/ipv6/raw.c:1248
inet_release+0xdf/0x1b0 net/ipv4/af_inet.c:425
inet6_release+0x4c/0x70 net/ipv6/af_inet6.c:450
__sock_release+0xcd/0x2b0 net/socket.c:602
sock_close+0x15/0x20 net/socket.c:1139
__fput+0x25f/0x7a0 fs/file_table.c:210
task_work_run+0x11f/0x190 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x1ad/0x200 arch/x86/entry/common.c:164
prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f97502d8d2b
RSP: 002b:00007ffc6734eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f97502d8d2b
RDX: 0000000000000000 RSI: 0000001b2e421c5c RDI: 0000000000000004
RBP: 00007f975043a960 R08: 0000000000000000 R09: 000000008f3adfb3
R10: 0000000000000000 R11: 0000000000000293 R12: 000000000001eb6a
R13: 00007ffc6734ec70 R14: 00007ffc6734ec90 R15: 0000000000000064
INFO: task syz-executor.4:10079 blocked for more than 140 seconds.
Not tainted 4.14.277-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.4 D29184 10079 7985 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3489
__mutex_lock_common kernel/locking/mutex.c:833 [inline]
__mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893
rtnl_lock net/core/rtnetlink.c:72 [inline]
rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317
netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2455
netlink_unicast_kernel net/netlink/af_netlink.c:1296 [inline]
netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1322
netlink_sendmsg+0x648/0xbc0 net/netlink/af_netlink.c:1893
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
__sys_sendmsg+0xa3/0x120 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 net/socket.c:2103
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f9c31b3a0e9
RSP: 002b:00007f9c304af168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f9c31c4cf60 RCX: 00007f9c31b3a0e9
RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
RBP: 00007f9c31b9408d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffceffd6ccf R14: 00007f9c304af300 R15: 0000000000022000
INFO: task syz-executor.4:10091 blocked for more than 140 seconds.
Not tainted 4.14.277-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.4 D28568 10091 7985 0x00000004
Call Trace:
context_switch kernel/sched/core.c:2811 [inline]
__schedule+0x88b/0x1de0 kernel/sched/core.c:3387
schedule+0x8d/0x1b0 kernel/sched/core.c:3431
_synchronize_rcu_expedited+0x522/0x770 kernel/rcu/tree_exp.h:615
synchronize_sched+0xd8/0x1b0 kernel/rcu/tree.c:3239
rcu_sync_enter+0x16e/0x2d0 kernel/rcu/sync.c:131
percpu_down_write+0x59/0x3e0 kernel/locking/percpu-rwsem.c:143
ext4_ind_migrate+0x17e/0x620 fs/ext4/migrate.c:646
ext4_ioctl_setflags+0x545/0x680 fs/ext4/ioctl.c:353
ext4_ioctl+0x21e8/0x3800 fs/ext4/ioctl.c:697
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f9c31b3a0e9
RSP: 002b:00007f9c3048e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f9c31c4d030 RCX: 00007f9c31b3a0e9
RDX: 0000000020000040 RSI: 0000000040086602 RDI: 000000000000000f
RBP: 00007f9c31b9408d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffceffd6ccf R14: 00007f9c3048e300 R15: 0000000000022000
Showing all locks held in the system:
1 lock held by khungtaskd/1523:
#0: (tasklist_lock){.+.+}, at: [<ffffffff8702740c>] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548
3 locks held by kworker/0:4/9220:
#0: ("%s"("ipv6_addrconf")){+.+.}, at: [<ffffffff81364f80>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
#1: ((&(&ifa->dad_work)->work)){+.+.}, at: [<ffffffff81364fb6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
#2: (rtnl_mutex){+.+.}, at: [<ffffffff863741b9>] addrconf_dad_work+0x89/0xef0 net/ipv6/addrconf.c:3921
2 locks held by syz-executor.0/10075:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff85c894ed>] rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff85c894ed>] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317
#1: (rcu_preempt_state.exp_mutex){+.+.}, at: [<ffffffff814701e2>] exp_funnel_lock kernel/rcu/tree_exp.h:272 [inline]
#1: (rcu_preempt_state.exp_mutex){+.+.}, at: [<ffffffff814701e2>] _synchronize_rcu_expedited+0x2c2/0x770 kernel/rcu/tree_exp.h:596
2 locks held by syz-executor.0/10090:
#0: (sb_writers#3){.+.+}, at: [<ffffffff818dfe4d>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#3){.+.+}, at: [<ffffffff818dfe4d>] mnt_want_write_file+0xfd/0x3b0 fs/namespace.c:497
#1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffff81bc6a23>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffff81bc6a23>] ext4_ioctl+0x1bb3/0x3800 fs/ext4/ioctl.c:692
2 locks held by syz-executor.0/10099:
#0: (sb_writers#3){.+.+}, at: [<ffffffff818dfcda>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#3){.+.+}, at: [<ffffffff818dfcda>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
#1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffff82eeaf45>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffff82eeaf45>] process_measurement+0x4f5/0xb20 security/integrity/ima/ima_main.c:206
1 lock held by syz-executor.0/10103:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff86378dc3>] addrconf_add_ifaddr+0xb3/0x130 net/ipv6/addrconf.c:2940
1 lock held by syz-executor.0/10110:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff85c894ed>] rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff85c894ed>] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317
2 locks held by syz-executor.5/10068:
#0: (event_mutex){+.+.}, at: [<ffffffff815b1343>] perf_trace_destroy+0x23/0xf0 kernel/trace/trace_event_perf.c:234
#1: (rcu_sched_state.exp_mutex){+.+.}, at: [<ffffffff8147024d>] exp_funnel_lock kernel/rcu/tree_exp.h:305 [inline]
#1: (rcu_sched_state.exp_mutex){+.+.}, at: [<ffffffff8147024d>] _synchronize_rcu_expedited+0x32d/0x770 kernel/rcu/tree_exp.h:596
2 locks held by syz-executor.2/10071:
#0: (&sb->s_type->i_mutex_key#13){+.+.}, at: [<ffffffff85bcb2c6>] inode_lock include/linux/fs.h:719 [inline]
#0: (&sb->s_type->i_mutex_key#13){+.+.}, at: [<ffffffff85bcb2c6>] __sock_release+0x86/0x2b0 net/socket.c:601
#1: (rtnl_mutex){+.+.}, at: [<ffffffff8642a96a>] ip6mr_sk_done+0x3a/0x230 net/ipv6/ip6mr.c:1625
1 lock held by syz-executor.4/10079:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff85c894ed>] rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff85c894ed>] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317
3 locks held by syz-executor.4/10091:
#0: (sb_writers#3){.+.+}, at: [<ffffffff818dfe4d>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#3){.+.+}, at: [<ffffffff818dfe4d>] mnt_want_write_file+0xfd/0x3b0 fs/namespace.c:497
#1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffff81bc6a23>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffff81bc6a23>] ext4_ioctl+0x1bb3/0x3800 fs/ext4/ioctl.c:692
#2: (rcu_sched_state.exp_mutex){+.+.}, at: [<ffffffff814701e2>] exp_funnel_lock kernel/rcu/tree_exp.h:272 [inline]
#2: (rcu_sched_state.exp_mutex){+.+.}, at: [<ffffffff814701e2>] _synchronize_rcu_expedited+0x2c2/0x770 kernel/rcu/tree_exp.h:596
2 locks held by syz-executor.4/10096:
#0: (sb_writers#3){.+.+}, at: [<ffffffff818dfcda>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#3){.+.+}, at: [<ffffffff818dfcda>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
#1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffff82eeaf45>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffff82eeaf45>] process_measurement+0x4f5/0xb20 security/integrity/ima/ima_main.c:206
1 lock held by syz-executor.4/10102:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff86378dc3>] addrconf_add_ifaddr+0xb3/0x130 net/ipv6/addrconf.c:2940
1 lock held by syz-executor.4/10108:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff85c894ed>] rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: (rtnl_mutex){+.+.}, at: [<ffffffff85c894ed>] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4317
3 locks held by syz-executor.3/10112:
#0: (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff816640df>] SYSC_perf_event_open kernel/events/core.c:10109 [inline]
#0: (&sig->cred_guard_mutex){+.+.}, at: [<ffffffff816640df>] SyS_perf_event_open+0x132f/0x24b0 kernel/events/core.c:10015
#1: (&pmus_srcu){....}, at: [<ffffffff81639474>] fdput include/linux/file.h:40 [inline]
#1: (&pmus_srcu){....}, at: [<ffffffff81639474>] perf_cgroup_connect kernel/events/core.c:849 [inline]
#1: (&pmus_srcu){....}, at: [<ffffffff81639474>] perf_event_alloc.part.0+0xc44/0x2640 kernel/events/core.c:9667
#2: (event_mutex){+.+.}, at: [<ffffffff815b093f>] perf_trace_init+0x4f/0xa30 kernel/trace/trace_event_perf.c:216
1 lock held by syz-executor.3/10119:
#0: (rtnl_mutex){+.+.}, at: [<ffffffff85cae18e>] dev_ioctl+0x42e/0xbe0 net/core/dev_ioctl.c:588
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 1523 Comm: khungtaskd Not tainted 4.14.277-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline]
watchdog+0x5b9/0xb40 kernel/hung_task.c:274
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 4621 Comm: systemd-journal Not tainted 4.14.277-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880a15e0080 task.stack: ffff8880a15e8000
RIP: 0010:__phys_addr+0x2/0xe0 arch/x86/mm/physaddr.c:15
RSP: 0018:ffff8880a15efb30 EFLAGS: 00000246
RAX: 0000000000000007 RBX: ffff8880b35bf880 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff8880a15e0908 RDI: ffff8880b35bf880
RBP: 0000000000000000 R08: 0000000000000060 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880b35bf880
R13: ffff8880a15efb78 R14: 0000000000000000 R15: 0000000000000286
FS: 00007f48b492d8c0(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f48b1dde000 CR3: 00000000a164d000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
virt_to_head_page include/linux/mm.h:612 [inline]
qlink_to_cache mm/kasan/quarantine.c:127 [inline]
qlist_free_all+0xbb/0x140 mm/kasan/quarantine.c:163
quarantine_reduce+0x185/0x200 mm/kasan/quarantine.c:259
kasan_kmalloc+0xa2/0x160 mm/kasan/kasan.c:536
slab_post_alloc_hook mm/slab.h:442 [inline]
slab_alloc mm/slab.c:3390 [inline]
kmem_cache_alloc+0x111/0x3c0 mm/slab.c:3550
getname_flags+0xc8/0x550 fs/namei.c:138
getname fs/namei.c:209 [inline]
user_path_create fs/namei.c:3732 [inline]
SYSC_mkdirat fs/namei.c:3864 [inline]
SyS_mkdirat+0x83/0x270 fs/namei.c:3856
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f48b3be8687
RSP: 002b:00007fff67fc1e18 EFLAGS: 00000293 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00007fff67fc4e80 RCX: 00007f48b3be8687
RDX: 0000000000000000 RSI: 00000000000001ed RDI: 000055a0a5aa78a0
RBP: 00007fff67fc1e50 R08: 000055a0a3b513e5 R09: 0000000000000018
R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000001 R14: 000055a0a5aa78a0 R15: 00007fff67fc2490
Code: a5 f0 59 00 e9 75 ff ff ff 48 89 df e8 98 f0 59 00 e9 2f ff ff ff 48 c7 c7 10 00 e7 88 e8 87 f0 59 00 eb a7 0f 1f 44 00 00 41 54 <55> 53 48 89 fb e8 54 38 30 00 b8 00 00 00 80 48 01 d8 48 89 c5
----------------
Code disassembly (best guess), 4 bytes skipped:
0: e9 75 ff ff ff jmpq 0xffffff7a
5: 48 89 df mov %rbx,%rdi
8: e8 98 f0 59 00 callq 0x59f0a5
d: e9 2f ff ff ff jmpq 0xffffff41
12: 48 c7 c7 10 00 e7 88 mov $0xffffffff88e70010,%rdi
19: e8 87 f0 59 00 callq 0x59f0a5
1e: eb a7 jmp 0xffffffc7
20: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
25: 41 54 push %r12
* 27: 55 push %rbp <-- trapping instruction
28: 53 push %rbx
29: 48 89 fb mov %rdi,%rbx
2c: e8 54 38 30 00 callq 0x303885
31: b8 00 00 00 80 mov $0x80000000,%eax
36: 48 01 d8 add %rbx,%rax
39: 48 89 c5 mov %rax,%rbp