INFO: task kworker/u4:0:8 blocked for more than 143 seconds.
Not tainted 5.19.0-rc5-syzkaller-00250-gd9919d43cbf6 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:0 state:D stack:25560 pid: 8 ppid: 2 flags:0x00004000
Workqueue: netns cleanup_net
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5146 [inline]
__schedule+0xa00/0x4b50 kernel/sched/core.c:6458
schedule+0xd2/0x1f0 kernel/sched/core.c:6530
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6589
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0xa70/0x1350 kernel/locking/mutex.c:747
cangw_pernet_exit_batch+0x11/0xa0 net/can/gw.c:1250
ops_exit_list+0x125/0x170 net/core/net_namespace.c:167
cleanup_net+0x4ea/0xb00 net/core/net_namespace.c:594
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
</TASK>
INFO: task kworker/0:11:4114 blocked for more than 143 seconds.
Not tainted 5.19.0-rc5-syzkaller-00250-gd9919d43cbf6 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:11 state:D stack:21064 pid: 4114 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5146 [inline]
__schedule+0xa00/0x4b50 kernel/sched/core.c:6458
schedule+0xd2/0x1f0 kernel/sched/core.c:6530
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6589
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0xa70/0x1350 kernel/locking/mutex.c:747
unregister_netdev+0xe/0x20 net/core/dev.c:10897
r871xu_dev_remove+0x285/0x470 drivers/staging/rtl8712/usb_intf.c:597
usb_unbind_interface+0x1d8/0x8e0 drivers/usb/core/driver.c:458
device_remove drivers/base/dd.c:545 [inline]
device_remove+0x11f/0x170 drivers/base/dd.c:537
__device_release_driver drivers/base/dd.c:1222 [inline]
device_release_driver_internal+0x4a1/0x700 drivers/base/dd.c:1248
bus_remove_device+0x2eb/0x5a0 drivers/base/bus.c:529
device_del+0x4f3/0xc80 drivers/base/core.c:3615
usb_disable_device+0x35b/0x7b0 drivers/usb/core/message.c:1419
usb_disconnect.cold+0x278/0x6ec drivers/usb/core/hub.c:2228
hub_port_connect drivers/usb/core/hub.c:5207 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
port_event drivers/usb/core/hub.c:5663 [inline]
hub_event+0x1e83/0x4690 drivers/usb/core/hub.c:5745
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
</TASK>
Showing all locks held in the system:
4 locks held by kworker/u4:0/8:
#0: ffff8880119bd938 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8880119bd938 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff8880119bd938 ((wq_completion)netns){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff8880119bd938 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff8880119bd938 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff8880119bd938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
#1: ffffc900000d7da8 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
#2: ffffffff8d57cbd0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9b/0xb00 net/core/net_namespace.c:556
#3: ffffffff8d5902e8 (rtnl_mutex){+.+.}-{3:3}, at: cangw_pernet_exit_batch+0x11/0xa0 net/can/gw.c:1250
1 lock held by khungtaskd/28:
#0: ffffffff8bd866a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6491
2 locks held by dhcpcd/3187:
#0: ffffffff8d5902e8 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x1b3/0x1ca0 net/ipv4/devinet.c:1070
#1: ffff88801d294df0 (&padapter->mutex_start){+.+.}-{3:3}, at: netdev_open+0x2e/0x690 drivers/staging/rtl8712/os_intfs.c:374
2 locks held by getty/3286:
#0: ffff88814ad3d098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:244
#1: ffffc90002d162e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xe50/0x13c0 drivers/tty/n_tty.c:2124
6 locks held by kworker/0:11/4114:
#0: ffff888011b9f138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888011b9f138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888011b9f138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888011b9f138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888011b9f138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888011b9f138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
#1: ffffc9000b2dfda8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
#2: ffff888147c7c190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#2: ffff888147c7c190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4690 drivers/usb/core/hub.c:5691
#3: ffff8880737c0190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#3: ffff8880737c0190 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x6ec drivers/usb/core/hub.c:2219
#4: ffff888042c89118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#4: ffff888042c89118 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1054 [inline]
#4: ffff888042c89118 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xa0/0x700 drivers/base/dd.c:1245
#5: ffffffff8d5902e8 (rtnl_mutex){+.+.}-{3:3}, at: unregister_netdev+0xe/0x20 net/core/dev.c:10897
3 locks held by kworker/0:1/2812:
#0: ffff88814ab1f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88814ab1f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88814ab1f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88814ab1f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88814ab1f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88814ab1f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
#1: ffffc9000b827da8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
#2: ffffffff8d5902e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xe/0x20 net/ipv6/addrconf.c:4616
3 locks held by kworker/1:7/7439:
#0: ffff88814ab1f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88814ab1f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88814ab1f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88814ab1f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88814ab1f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88814ab1f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
#1: ffffc900153ffda8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
#2: ffffffff8d5902e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xe/0x20 net/ipv6/addrconf.c:4616
1 lock held by syz-executor.0/7155:
#0: ffffffff8d5902e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline]
#0: ffffffff8d5902e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e5/0xc90 net/core/rtnetlink.c:6086
1 lock held by syz-executor.0/7163:
#0: ffffffff8d5902e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline]
#0: ffffffff8d5902e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e5/0xc90 net/core/rtnetlink.c:6086
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 28 Comm: khungtaskd Not tainted 5.19.0-rc5-syzkaller-00250-gd9919d43cbf6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x1e6/0x230 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
watchdog+0xc1d/0xf50 kernel/hung_task.c:369
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 3691 Comm: kworker/1:8 Not tainted 5.19.0-rc5-syzkaller-00250-gd9919d43cbf6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Workqueue: events nsim_dev_trap_report_work
RIP: 0010:put_unaligned_le32 include/asm-generic/unaligned.h:47 [inline]
RIP: 0010:chacha_block_generic+0x11d/0x250 lib/crypto/chacha.c:86
Code: 01 00 00 48 89 da 49 89 d8 41 03 0c 24 48 c1 ea 03 41 83 e0 07 42 0f b6 3c 2a 48 8d 53 03 48 89 d6 48 c1 ee 03 42 0f b6 34 2e <44> 38 c7 41 0f 9e c0 40 84 ff 40 0f 95 c7 41 84 f8 0f 85 d0 00 00
RSP: 0018:ffffc90004ad7908 EFLAGS: 00000803
RAX: 0000000000000000 RBX: ffffc90004ad7a2c RCX: 000000008e7ac247
RDX: ffffc90004ad7a2f RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90004ad7954 R08: 0000000000000004 R09: 0000000000000010
R10: 0000000000000007 R11: 000000009f78e8a1 R12: ffffc90004ad7b54
R13: dffffc0000000000 R14: 0000000000000007 R15: ffffc90004ad7b38
FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005586ab726018 CR3: 000000007ec86000 CR4: 00000000003506e0
Call Trace:
<TASK>
chacha20_block include/crypto/chacha.h:36 [inline]
crng_fast_key_erasure+0x18a/0x230 drivers/char/random.c:255
crng_make_state+0x242/0x7a0 drivers/char/random.c:350
_get_random_bytes.part.0+0x95/0x1a0 drivers/char/random.c:364
_get_random_bytes drivers/char/random.c:360 [inline]
get_random_bytes+0x2d/0x40 drivers/char/random.c:396
nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:770 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:799 [inline]
nsim_dev_trap_report_work+0x734/0xba0 drivers/net/netdevsim/dev.c:840
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
</TASK>
----------------
Code disassembly (best guess):
0: 01 00 add %eax,(%rax)
2: 00 48 89 add %cl,-0x77(%rax)
5: da 49 89 fimull -0x77(%rcx)
8: d8 41 03 fadds 0x3(%rcx)
b: 0c 24 or $0x24,%al
d: 48 c1 ea 03 shr $0x3,%rdx
11: 41 83 e0 07 and $0x7,%r8d
15: 42 0f b6 3c 2a movzbl (%rdx,%r13,1),%edi
1a: 48 8d 53 03 lea 0x3(%rbx),%rdx
1e: 48 89 d6 mov %rdx,%rsi
21: 48 c1 ee 03 shr $0x3,%rsi
25: 42 0f b6 34 2e movzbl (%rsi,%r13,1),%esi
* 2a: 44 38 c7 cmp %r8b,%dil <-- trapping instruction
2d: 41 0f 9e c0 setle %r8b
31: 40 84 ff test %dil,%dil
34: 40 0f 95 c7 setne %dil
38: 41 84 f8 test %dil,%r8b
3b: 0f .byte 0xf
3c: 85 d0 test %edx,%eax