syzbot

INFO: task syz-executor:18664 blocked for more than 143 seconds.
      Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:24864 pid:18664 tgid:18664 ppid:1      flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0x1850/0x4c30 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6848
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6905
 __mutex_lock_common kernel/locking/mutex.c:665 [inline]
 __mutex_lock+0x7e7/0xee0 kernel/locking/mutex.c:735
 add_one_compat_dev+0x10d/0x710 drivers/infiniband/core/device.c:950
 rdma_dev_init_net+0x1f1/0x280 drivers/infiniband/core/device.c:1192
 ops_init+0x320/0x590 net/core/net_namespace.c:138
 setup_net+0x287/0x9e0 net/core/net_namespace.c:362
 copy_net_ns+0x33f/0x570 net/core/net_namespace.c:516
 create_new_namespaces+0x425/0x7b0 kernel/nsproxy.c:110
 unshare_nsproxy_namespaces+0x124/0x180 kernel/nsproxy.c:228
 ksys_unshare+0x57d/0xa70 kernel/fork.c:3333
 __do_sys_unshare kernel/fork.c:3404 [inline]
 __se_sys_unshare kernel/fork.c:3402 [inline]
 __x64_sys_unshare+0x38/0x40 kernel/fork.c:3402
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6f27787527
RSP: 002b:00007ffd69776618 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007f6f27975f40 RCX: 00007f6f27787527
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
RBP: 00007f6f27976738 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000008
R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
 </TASK>

Showing all locks held in the system:
6 locks held by ksoftirqd/1/24:
1 lock held by khungtaskd/30:
 #0: ffffffff8e937ae0
 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6744
7 locks held by kworker/u8:3/36:
 #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 kernel/workqueue.c:3317
 #1: ffffc90000ac7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90000ac7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 kernel/workqueue.c:3317
 #2: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x16a/0xd50 net/core/net_namespace.c:602
 #3: ffff888020b6f0e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
 #3: ffff888020b6f0e8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
 #3: ffff888020b6f0e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x13b/0x440 net/devlink/core.c:506
 #4: ffff888021700250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
 #4: ffff888021700250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
 #4: ffff888021700250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x14d/0x440 net/devlink/core.c:506
 #5: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0x71/0x5c0 drivers/net/netdevsim/netdev.c:816
 #6: ffffffff8e7d2ed0 (cpu_hotplug_lock){++++}-{0:0}, at: flush_all_backlogs net/core/dev.c:6063 [inline]
 #6: ffffffff8e7d2ed0 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x5ea/0x1da0 net/core/dev.c:11526
2 locks held by getty/5575:
 #0: ffff88814dd350a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00 drivers/tty/n_tty.c:2211
2 locks held by syz-executor/18642:
 #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: setup_net+0x602/0x9e0 net/core/net_namespace.c:384
2 locks held by syz-executor/18651:
 #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: setup_net+0x602/0x9e0 net/core/net_namespace.c:384
2 locks held by syz-executor/18653:
 #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x20e/0x720 net/ipv4/ip_tunnel.c:1159
2 locks held by syz-executor/18655:
 #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: ppp_exit_net+0xe3/0x3d0 drivers/net/ppp/ppp_generic.c:1146
6 locks held by syz-executor/18661:
 #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fa27d90 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x198/0x280 drivers/infiniband/core/device.c:1186
 #2: ffffffff8fa27f50 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x1e6/0x280 drivers/infiniband/core/device.c:1191
 #3: ffff88807ecf0f40 (&device->compat_devs_mutex){+.+.}-{4:4}, at: add_one_compat_dev+0x10d/0x710 drivers/infiniband/core/device.c:950
 #4: ffff88807ecf1238 (&rxe->usdev_lock){+.+.}-{4:4}, at: rxe_query_port+0x78/0x2c0 drivers/infiniband/sw/rxe/rxe_verbs.c:61
 #5: ffffffff8fcb2f48 (rtnl_mutex){+.+.}-{4:4}, at: ib_get_eth_speed+0x153/0x800 drivers/infiniband/core/verbs.c:1995
4 locks held by syz-executor/18664:
 #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fa27d90 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x198/0x280 drivers/infiniband/core/device.c:1186
 #2: ffffffff8fa27f50 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x1e6/0x280 drivers/infiniband/core/device.c:1191
 #3: ffff88807ecf0f40 (&device->compat_devs_mutex){+.+.}-{4:4}, at: add_one_compat_dev+0x10d/0x710 drivers/infiniband/core/device.c:950
4 locks held by syz-executor/18695:
 #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fa27d90 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x198/0x280 drivers/infiniband/core/device.c:1186
 #2: ffffffff8fa27f50 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x1e6/0x280 drivers/infiniband/core/device.c:1191
 #3: ffff88807ecf0f40 (&device->compat_devs_mutex){+.+.}-{4:4}, at: add_one_compat_dev+0x10d/0x710 drivers/infiniband/core/device.c:950
4 locks held by syz-executor/18704:
 #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fa27d90 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x198/0x280 drivers/infiniband/core/device.c:1186
 #2: ffffffff8fa27f50 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x1e6/0x280 drivers/infiniband/core/device.c:1191
 #3: ffff88807ecf0f40 (&device->compat_devs_mutex){+.+.}-{4:4}, at: add_one_compat_dev+0x10d/0x710 drivers/infiniband/core/device.c:950
4 locks held by syz-executor/18706:
 #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fa27d90 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x198/0x280 drivers/infiniband/core/device.c:1186
 #2: ffffffff8fa27f50 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x1e6/0x280 drivers/infiniband/core/device.c:1191
 #3: ffff88807ecf0f40 (&device->compat_devs_mutex){+.+.}-{4:4}, at: add_one_compat_dev+0x10d/0x710 drivers/infiniband/core/device.c:950
4 locks held by syz-executor/18708:
 #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fa27d90 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x198/0x280 drivers/infiniband/core/device.c:1186
 #2: ffffffff8fa27f50 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x1e6/0x280 drivers/infiniband/core/device.c:1191
 #3: ffff88807ecf0f40 (&device->compat_devs_mutex){+.+.}-{4:4}, at: add_one_compat_dev+0x10d/0x710 drivers/infiniband/core/device.c:950
4 locks held by syz-executor/18713:
 #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fa27d90 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x198/0x280 drivers/infiniband/core/device.c:1186
 #2: ffffffff8fa27f50 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x1e6/0x280 drivers/infiniband/core/device.c:1191
 #3: ffff88807ecf0f40 (&device->compat_devs_mutex){+.+.}-{4:4}, at: add_one_compat_dev+0x10d/0x710 drivers/infiniband/core/device.c:950
4 locks held by syz-executor/18717:
 #0: ffffffff8fca6a90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:512
 #1: ffffffff8fa27d90 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x198/0x280 drivers/infiniband/core/device.c:1186
 #2: ffffffff8fa27f50 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x1e6/0x280 drivers/infiniband/core/device.c:1191
 #3: ffff88807ecf0f40 (&device->compat_devs_mutex){+.+.}-{4:4}, at: add_one_compat_dev+0x10d/0x710 drivers/infiniband/core/device.c:950

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:234 [inline]
 watchdog+0xff6/0x1040 kernel/hung_task.c:397
 kthread+0x2f2/0x390 kernel/kthread.c:389
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:rcu_lockdep_current_cpu_online+0x3c/0x120 kernel/rcu/tree.c:4777
Code: f7 c1 00 00 f0 00 0f 85 d5 00 00 00 83 3d c3 07 94 0e 00 0f 84 c8 00 00 00 65 ff 05 16 59 7e 7e e8 e9 9a 43 0a 89 c3 83 f8 08 <0f> 83 c6 00 00 00 49 be 00 00 00 00 00 fc ff df 48 8d 1c dd 50 6b
RSP: 0018:ffffc900001e64d0 EFLAGS: 00000297
RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000100
RDX: ffff88801d2e8000 RSI: ffffffff8c5fb200 RDI: ffffffff8c5fb1c0
RBP: ffffc900001e6618 R08: ffffffff8a9ca34c R09: ffffffff8a9ca25c
R10: 0000000000000004 R11: ffff88801d2e8000 R12: ffffffff8a9ca1ad
R13: ffff88805bf48000 R14: 0000000000000000 R15: 1ffff9200003cca8
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4ffdf452d8 CR3: 000000000e736000 CR4: 0000000000350ef0
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 rcu_read_lock_held_common kernel/rcu/update.c:113 [inline]
 rcu_read_lock_held+0x1e/0x50 kernel/rcu/update.c:349
 nf_hook include/linux/netfilter.h:244 [inline]
 NF_HOOK+0x249/0x7c0 include/linux/netfilter.h:312
 br_nf_post_routing+0xa20/0xe80 net/bridge/br_netfilter_hooks.c:997
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_slow+0xc5/0x220 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:269 [inline]
 NF_HOOK+0x2a7/0x460 include/linux/netfilter.h:312
 br_forward_finish+0xd8/0x130 net/bridge/br_forward.c:66
 br_nf_forward_finish+0xb49/0xfb0 net/bridge/br_netfilter_hooks.c:693
 NF_HOOK+0x702/0x7c0 include/linux/netfilter.h:314
 br_nf_forward_ip+0x61e/0x7b0 net/bridge/br_netfilter_hooks.c:747
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_slow+0xc5/0x220 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:269 [inline]
 NF_HOOK+0x2a7/0x460 include/linux/netfilter.h:312
 __br_forward+0x489/0x660 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0xb3/0x150 net/bridge/br_forward.c:190
 br_flood+0x2e4/0x660 net/bridge/br_forward.c:236
 br_handle_frame_finish+0x18ba/0x1fe0 net/bridge/br_input.c:215
 br_nf_hook_thresh+0x474/0x590
 br_nf_pre_routing_finish_ipv6+0xaa0/0xdd0
 NF_HOOK include/linux/netfilter.h:314 [inline]
 br_nf_pre_routing_ipv6+0x379/0x770 net/bridge/br_netfilter_ipv6.c:184
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x9ff/0x1530 net/bridge/br_input.c:424
 __netif_receive_skb_core+0x14ed/0x4690 net/core/dev.c:5598
 __netif_receive_skb_one_core net/core/dev.c:5702 [inline]
 __netif_receive_skb+0x12f/0x650 net/core/dev.c:5817
 process_backlog+0x662/0x15b0 net/core/dev.c:6149
 __napi_poll+0xcd/0x490 net/core/dev.c:6902
 napi_poll net/core/dev.c:6971 [inline]
 net_rx_action+0x89b/0x1240 net/core/dev.c:7093
 handle_softirqs+0x2d6/0x9b0 kernel/softirq.c:561
 run_ksoftirqd+0xca/0x130 kernel/softirq.c:950
 smpboot_thread_fn+0x546/0xa30 kernel/smpboot.c:164
 kthread+0x2f2/0x390 kernel/kthread.c:389
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>