INFO: task kworker/u4:6:1354 blocked for more than 143 seconds.
Not tainted 5.19.0-rc3-syzkaller-00167-ge65af5403e46 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:6 state:D stack:23328 pid: 1354 ppid: 2 flags:0x00004000
Workqueue: netns cleanup_net
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5146 [inline]
__schedule+0xa00/0x4b50 kernel/sched/core.c:6458
schedule+0xd2/0x1f0 kernel/sched/core.c:6530
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6589
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0xa70/0x1350 kernel/locking/mutex.c:747
ip6gre_exit_batch_net+0x88/0x760 net/ipv6/ip6_gre.c:1630
ops_exit_list+0x125/0x170 net/core/net_namespace.c:167
cleanup_net+0x4ea/0xb00 net/core/net_namespace.c:594
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/29:
#0: ffffffff8bd86ba0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6491
4 locks held by kworker/u4:6/1354:
#0: ffff8880119bd938 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8880119bd938 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff8880119bd938 ((wq_completion)netns){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff8880119bd938 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff8880119bd938 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff8880119bd938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
#1: ffffc9000578fda8 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
#2: ffffffff8d57b110 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9b/0xb00 net/core/net_namespace.c:556
#3: ffffffff8d58e828 (rtnl_mutex){+.+.}-{3:3}, at: ip6gre_exit_batch_net+0x88/0x760 net/ipv6/ip6_gre.c:1630
1 lock held by klogd/2968:
2 locks held by getty/3288:
#0: ffff888026602098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:244
#1: ffffc90002d162e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xe50/0x13c0 drivers/tty/n_tty.c:2124
3 locks held by kworker/0:5/3684:
#0: ffff888011865d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888011865d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888011865d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888011865d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888011865d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888011865d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
#1: ffffc90003c4fda8 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
#2: ffffffff8d58e828 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x83/0xe20 net/wireless/reg.c:2461
3 locks held by kworker/0:7/3688:
#0: ffff888025f47d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888025f47d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888025f47d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888025f47d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888025f47d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888025f47d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
#1: ffffc90003c8fda8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
#2: ffffffff8d58e828 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xe/0x20 net/ipv6/addrconf.c:4616
3 locks held by kworker/1:10/6088:
#0: ffff888025f47d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888025f47d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888025f47d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888025f47d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888025f47d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888025f47d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
#1: ffffc90002d6fda8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
#2: ffffffff8d58e828 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xe/0x20 net/ipv6/addrconf.c:4616
1 lock held by syz-executor.3/6090:
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 29 Comm: khungtaskd Not tainted 5.19.0-rc3-syzkaller-00167-ge65af5403e46 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x1e6/0x230 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline]
watchdog+0xc22/0xf90 kernel/hung_task.c:378
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 3713 Comm: kworker/u4:7 Not tainted 5.19.0-rc3-syzkaller-00167-ge65af5403e46 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy11 ieee80211_iface_work
RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:29 [inline]
RIP: 0010:rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:341 [inline]
RIP: 0010:rcu_is_watching+0x69/0xb0 kernel/rcu/tree.c:1138
Code: e0 b8 7f 8b 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 0f b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 19 <8b> 03 83 e0 01 65 ff 0d 6b 58 9d 7e 74 03 5b 5d c3 e8 a0 2e 9b ff
RSP: 0018:ffffc90003f3f350 EFLAGS: 00000046
RAX: 0000000000000003 RBX: ffff8880b9b3aed0 RCX: ffffffff815e53e1
RDX: 0000000000000000 RSI: 0000000000000204 RDI: ffffffff8b7fb8e8
RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff8dbb85d7
R10: fffffbfff1b770ba R11: 0000000000000001 R12: 0000000000000001
R13: ffffffff89cdf4a0 R14: 1ffff920007e7e8f R15: ffff88801f98a080
FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f24adb41990 CR3: 000000001bbed000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
rcu_read_lock_held_common kernel/rcu/update.c:108 [inline]
rcu_read_lock_sched_held+0x1c/0x70 kernel/rcu/update.c:123
trace_lock_release include/trace/events/lock.h:69 [inline]
lock_release+0x560/0x780 kernel/locking/lockdep.c:5676
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:149 [inline]
_raw_spin_unlock_irqrestore+0x16/0x70 kernel/locking/spinlock.c:194
debug_object_active_state lib/debugobjects.c:942 [inline]
debug_object_active_state+0x260/0x350 lib/debugobjects.c:911
debug_rcu_head_queue kernel/rcu/rcu.h:179 [inline]
kvfree_call_rcu+0x4b/0x990 kernel/rcu/tree.c:3638
cfg80211_update_known_bss+0x833/0xa60 net/wireless/scan.c:1668
cfg80211_bss_update+0xef/0x2070 net/wireless/scan.c:1715
cfg80211_inform_single_bss_frame_data+0x731/0xf40 net/wireless/scan.c:2473
cfg80211_inform_bss_frame_data+0xa7/0xb50 net/wireless/scan.c:2506
ieee80211_bss_info_update+0x35b/0xb00 net/mac80211/scan.c:190
ieee80211_rx_bss_info net/mac80211/ibss.c:1119 [inline]
ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1610 [inline]
ieee80211_ibss_rx_queued_mgmt+0x1ab8/0x33f0 net/mac80211/ibss.c:1639
ieee80211_iface_process_skb net/mac80211/iface.c:1527 [inline]
ieee80211_iface_work+0xa78/0xd10 net/mac80211/iface.c:1581
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
</TASK>
----------------
Code disassembly (best guess):
0: e0 b8 loopne 0xffffffba
2: 7f 8b jg 0xffffff8f
4: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
b: fc ff df
e: 48 89 da mov %rbx,%rdx
11: 48 c1 ea 03 shr $0x3,%rdx
15: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx
19: 48 89 d8 mov %rbx,%rax
1c: 83 e0 07 and $0x7,%eax
1f: 83 c0 03 add $0x3,%eax
22: 38 d0 cmp %dl,%al
24: 7c 04 jl 0x2a
26: 84 d2 test %dl,%dl
28: 75 19 jne 0x43
* 2a: 8b 03 mov (%rbx),%eax <-- trapping instruction
2c: 83 e0 01 and $0x1,%eax
2f: 65 ff 0d 6b 58 9d 7e decl %gs:0x7e9d586b(%rip) # 0x7e9d58a1
36: 74 03 je 0x3b
38: 5b pop %rbx
39: 5d pop %rbp
3a: c3 retq
3b: e8 a0 2e 9b ff callq 0xff9b2ee0