syzbot

INFO: task kworker/u4:2:79 blocked for more than 143 seconds.
      Not tainted 5.4.0-rc3+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:2    D24664    79      2 0x80004000
Workqueue: events_unbound fsnotify_mark_destroy_workfn
Call Trace:
 context_switch kernel/sched/core.c:3384 [inline]
 __schedule+0x74b/0xb80 kernel/sched/core.c:4069
 schedule+0x131/0x1e0 kernel/sched/core.c:4136
 schedule_timeout+0x46/0x240 kernel/time/timer.c:1871
 do_wait_for_common+0x2e7/0x4d0 kernel/sched/completion.c:83
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common kernel/sched/completion.c:115 [inline]
 wait_for_completion+0x47/0x60 kernel/sched/completion.c:136
 __synchronize_srcu+0x1d7/0x260 kernel/rcu/srcutree.c:921
 synchronize_srcu+0x2cb/0x2f0 kernel/rcu/srcutree.c:999
 fsnotify_mark_destroy_workfn+0xe5/0x2a0 fs/notify/mark.c:832
 process_one_work+0x7ef/0x10e0 kernel/workqueue.c:2269
 worker_thread+0xc01/0x1630 kernel/workqueue.c:2415
 kthread+0x332/0x350 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
INFO: task kworker/u4:8:9278 blocked for more than 143 seconds.
      Not tainted 5.4.0-rc3+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:8    D24680  9278      2 0x80004000
Workqueue: events_unbound fsnotify_connector_destroy_workfn
Call Trace:
 context_switch kernel/sched/core.c:3384 [inline]
 __schedule+0x74b/0xb80 kernel/sched/core.c:4069
 schedule+0x131/0x1e0 kernel/sched/core.c:4136
 schedule_timeout+0x46/0x240 kernel/time/timer.c:1871
 do_wait_for_common+0x2e7/0x4d0 kernel/sched/completion.c:83
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common kernel/sched/completion.c:115 [inline]
 wait_for_completion+0x47/0x60 kernel/sched/completion.c:136
 __synchronize_srcu+0x1d7/0x260 kernel/rcu/srcutree.c:921
 synchronize_srcu+0x2cb/0x2f0 kernel/rcu/srcutree.c:999
 fsnotify_connector_destroy_workfn+0x44/0xb0 fs/notify/mark.c:164
 process_one_work+0x7ef/0x10e0 kernel/workqueue.c:2269
 worker_thread+0xc01/0x1630 kernel/workqueue.c:2415
 kthread+0x332/0x350 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
INFO: task syz-executor.3:21738 blocked for more than 143 seconds.
      Not tainted 5.4.0-rc3+ #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D28368 21738  13769 0x00004004
Call Trace:
 context_switch kernel/sched/core.c:3384 [inline]
 __schedule+0x74b/0xb80 kernel/sched/core.c:4069
 schedule+0x131/0x1e0 kernel/sched/core.c:4136
 synchronize_rcu_expedited+0x485/0x5a0 kernel/rcu/tree_exp.h:833
 synchronize_net net/core/dev.c:9319 [inline]
 netif_napi_del+0x173/0x7f0 net/core/dev.c:6364
 tun_napi_del drivers/net/tun.c:331 [inline]
 __tun_detach+0x142/0x1a90 drivers/net/tun.c:686
 tun_detach drivers/net/tun.c:740 [inline]
 tun_chr_close+0xf1/0x130 drivers/net/tun.c:3448
 __fput+0x2e4/0x740 fs/file_table.c:280
 ____fput+0x15/0x20 fs/file_table.c:313
 task_work_run+0x17e/0x1b0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop arch/x86/entry/common.c:163 [inline]
 prepare_exit_to_usermode+0x459/0x580 arch/x86/entry/common.c:194
 syscall_return_slowpath+0x113/0x4a0 arch/x86/entry/common.c:274
 do_syscall_64+0x11f/0x1c0 arch/x86/entry/common.c:300
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x413741
Code: 00 b8 2d f8 ff ff 0f 44 c2 c3 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 31 c0 c3 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 31 <c0> c3 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 48 c7 07 40 37 41 00
RSP: 002b:00007fffa4ad9200 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413741
RDX: 0000001b2fc20000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000001 R08: 0000000026345e97 R09: 0000000026345e9b
R10: 00007fffa4ad92e0 R11: 0000000000000293 R12: 000000000075c9a0
R13: 000000000075c9a0 R14: 0000000000760710 R15: 000000000075bfd4

Showing all locks held in the system:
2 locks held by kworker/u4:2/79:
 #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: spin_unlock_irq include/linux/spinlock.h:388 [inline]
 #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: process_one_work+0x75d/0x10e0 kernel/workqueue.c:2242
 #1: ffff8880a94c7d78 ((reaper_work).work){+.+.}, at: process_one_work+0x79f/0x10e0 kernel/workqueue.c:2244
1 lock held by khungtaskd/1070:
 #0: ffffffff888d3f80 (rcu_read_lock){....}, at: rcu_lock_acquire+0x4/0x30 include/linux/rcupdate.h:207
1 lock held by rsyslogd/7762:
 #0: ffff8880a99501a0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x243/0x2e0 fs/file.c:801
2 locks held by getty/7852:
 #0: ffff88809a9f5090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:272
 #1: ffffc90005f212e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x221/0x1b00 drivers/tty/n_tty.c:2156
2 locks held by getty/7853:
 #0: ffff8880954f7090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:272
 #1: ffffc90005f392e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x221/0x1b00 drivers/tty/n_tty.c:2156
2 locks held by getty/7854:
 #0: ffff8880a12e7090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:272
 #1: ffffc90005f292e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x221/0x1b00 drivers/tty/n_tty.c:2156
2 locks held by getty/7855:
 #0: ffff8880a5a8b090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:272
 #1: ffffc90005f412e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x221/0x1b00 drivers/tty/n_tty.c:2156
2 locks held by getty/7856:
 #0: ffff88809cdea090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:272
 #1: ffffc90005f252e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x221/0x1b00 drivers/tty/n_tty.c:2156
2 locks held by getty/7857:
 #0: ffff88809a363090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:272
 #1: ffffc90005f3d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x221/0x1b00 drivers/tty/n_tty.c:2156
2 locks held by getty/7858:
 #0: ffff88808f4fb090 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:272
 #1: ffffc90005f112e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x221/0x1b00 drivers/tty/n_tty.c:2156
2 locks held by kworker/u4:8/9278:
 #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: spin_unlock_irq include/linux/spinlock.h:388 [inline]
 #0: ffff8880aa433928 ((wq_completion)events_unbound){+.+.}, at: process_one_work+0x75d/0x10e0 kernel/workqueue.c:2242
 #1: ffff88807065fd78 (connector_reaper_work){+.+.}, at: process_one_work+0x79f/0x10e0 kernel/workqueue.c:2244
2 locks held by syz-executor.3/28888:
 #0: ffff888094e88c80 (&sb->s_type->i_mutex_key#11){+.+.}, at: inode_lock include/linux/fs.h:791 [inline]
 #0: ffff888094e88c80 (&sb->s_type->i_mutex_key#11){+.+.}, at: __sock_release net/socket.c:589 [inline]
 #0: ffff888094e88c80 (&sb->s_type->i_mutex_key#11){+.+.}, at: sock_close+0x9e/0x260 net/socket.c:1268
 #1: ffffffff88b04c90 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
3 locks held by kworker/1:2/20724:
3 locks held by kworker/0:2/21025:
 #0: ffff88809c1e5528 ((wq_completion)ipv6_addrconf){+.+.}, at: spin_unlock_irq include/linux/spinlock.h:388 [inline]
 #0: ffff88809c1e5528 ((wq_completion)ipv6_addrconf){+.+.}, at: process_one_work+0x75d/0x10e0 kernel/workqueue.c:2242
 #1: ffff888055b97d78 ((addr_chk_work).work){+.+.}, at: process_one_work+0x79f/0x10e0 kernel/workqueue.c:2244
 #2: ffffffff88b04c90 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
2 locks held by syz-executor.3/21738:
 #0: ffffffff88b04c90 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
 #1: ffffffff888d61b8 (rcu_state.exp_mutex){+.+.}, at: exp_funnel_lock kernel/rcu/tree_exp.h:285 [inline]
 #1: ffffffff888d61b8 (rcu_state.exp_mutex){+.+.}, at: synchronize_rcu_expedited+0x1bd/0x5a0 kernel/rcu/tree_exp.h:817
2 locks held by syz-executor.0/21766:
 #0: ffffffff88b02aa8 (pernet_ops_rwsem){++++}, at: register_netdevice_notifier+0x32/0x5f0 net/core/dev.c:1644
 #1: ffffffff88b04c90 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72
1 lock held by syz-executor.4/21769:
 #0: ffffffff88b04c90 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff88b04c90 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x83c/0xd40 net/core/rtnetlink.c:5220

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1070 Comm: khungtaskd Not tainted 5.4.0-rc3+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d8/0x2f8 lib/dump_stack.c:113
 nmi_cpu_backtrace+0xaf/0x1a0 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x174/0x290 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x10/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace+0x17/0x20 include/linux/nmi.h:146
 check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline]
 watchdog+0xbb9/0xbd0 kernel/hung_task.c:289
 kthread+0x332/0x350 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 20724 Comm: kworker/1:2 Not tainted 5.4.0-rc3+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events rtc_timer_do_work
RIP: 0010:mark_lock+0xb9/0x1650 kernel/locking/lockdep.c:3635
Code: 00 00 00 45 31 ed 48 c7 c7 0d 53 36 88 48 c7 c6 14 0f 3b 88 31 c0 e8 66 ff ec ff 0f 0b e9 bb 00 00 00 41 89 d6 48 89 7c 24 08 <41> bf 01 00 00 00 44 89 f1 41 d3 e7 48 89 74 24 28 48 8d 5e 20 49
RSP: 0018:ffff888071c57980 EFLAGS: 00000097
RAX: a6c84112bde67900 RBX: ffff888091522c20 RCX: ffffffff8158ddb7
RDX: 0000000000000002 RSI: ffff888091522c00 RDI: ffff888091522340
RBP: ffff888071c57a78 R08: ffff888091522340 R09: fffffbfff12bbc9f
R10: fffffbfff12bbc9f R11: 0000000000000000 R12: 0000000000000001
R13: dffffc0000000000 R14: 0000000000000002 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c4289e2380 CR3: 00000000a0c28000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 mark_held_locks kernel/locking/lockdep.c:3360 [inline]
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3381 [inline]
 lockdep_hardirqs_on+0x295/0x7d0 kernel/locking/lockdep.c:3434
 trace_hardirqs_on+0x74/0x80 kernel/trace/trace_preemptirq.c:31
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0x77/0xe0 kernel/locking/spinlock.c:191
 spin_unlock_irqrestore include/linux/spinlock.h:393 [inline]
 __wake_up_common_lock kernel/sched/wait.c:125 [inline]
 __wake_up+0xe1/0x150 kernel/sched/wait.c:142
 rtc_handle_legacy_irq drivers/rtc/interface.c:598 [inline]
 rtc_uie_update_irq+0x82/0xb0 drivers/rtc/interface.c:621
 rtc_timer_do_work+0x4df/0x950 drivers/rtc/interface.c:894
 process_one_work+0x7ef/0x10e0 kernel/workqueue.c:2269
 worker_thread+0xc01/0x1630 kernel/workqueue.c:2415
 kthread+0x332/0x350 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352