INFO: task kworker/0:0:5 blocked for more than 143 seconds.
Not tainted 5.8.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:0 D26344 5 2 0x00004000
Workqueue: infiniband ib_cache_event_task
Call Trace:
context_switch kernel/sched/core.c:3458 [inline]
__schedule+0x8ea/0x2210 kernel/sched/core.c:4219
schedule+0xd0/0x2a0 kernel/sched/core.c:4294
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4353
__mutex_lock_common kernel/locking/mutex.c:1033 [inline]
__mutex_lock+0x3e2/0x10d0 kernel/locking/mutex.c:1103
ib_get_eth_speed+0xeb/0x570 drivers/infiniband/core/verbs.c:1800
rxe_query_port+0x13d/0x2d0 drivers/infiniband/sw/rxe/rxe_verbs.c:68
__ib_query_port drivers/infiniband/core/device.c:2038 [inline]
ib_query_port drivers/infiniband/core/device.c:2073 [inline]
ib_query_port+0x4d9/0x9e0 drivers/infiniband/core/device.c:2063
ib_cache_update.part.0+0xd6/0x7b0 drivers/infiniband/core/cache.c:1415
ib_cache_update drivers/infiniband/core/cache.c:1483 [inline]
ib_cache_event_task+0x155/0x200 drivers/infiniband/core/cache.c:1483
process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
kthread+0x3b5/0x4a0 kernel/kthread.c:291
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293
INFO: task kworker/0:20:9892 blocked for more than 143 seconds.
Not tainted 5.8.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:20 D27040 9892 2 0x00004000
Workqueue: events linkwatch_event
Call Trace:
context_switch kernel/sched/core.c:3458 [inline]
__schedule+0x8ea/0x2210 kernel/sched/core.c:4219
schedule+0xd0/0x2a0 kernel/sched/core.c:4294
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4353
__mutex_lock_common kernel/locking/mutex.c:1033 [inline]
__mutex_lock+0x3e2/0x10d0 kernel/locking/mutex.c:1103
linkwatch_event+0xb/0x60 net/core/link_watch.c:250
process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
kthread+0x3b5/0x4a0 kernel/kthread.c:291
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293
INFO: task kworker/0:7:29421 blocked for more than 143 seconds.
Not tainted 5.8.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/0:7 D28240 29421 2 0x00004000
Workqueue: events switchdev_deferred_process_work
Call Trace:
context_switch kernel/sched/core.c:3458 [inline]
__schedule+0x8ea/0x2210 kernel/sched/core.c:4219
schedule+0xd0/0x2a0 kernel/sched/core.c:4294
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4353
__mutex_lock_common kernel/locking/mutex.c:1033 [inline]
__mutex_lock+0x3e2/0x10d0 kernel/locking/mutex.c:1103
switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:74
process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
kthread+0x3b5/0x4a0 kernel/kthread.c:291
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293
INFO: task kworker/u4:5:6218 blocked for more than 144 seconds.
Not tainted 5.8.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:5 D24528 6218 2 0x00004000
Workqueue: netns cleanup_net
Call Trace:
context_switch kernel/sched/core.c:3458 [inline]
__schedule+0x8ea/0x2210 kernel/sched/core.c:4219
schedule+0xd0/0x2a0 kernel/sched/core.c:4294
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4353
__mutex_lock_common kernel/locking/mutex.c:1033 [inline]
__mutex_lock+0x3e2/0x10d0 kernel/locking/mutex.c:1103
netdev_run_todo+0x705/0xac0 net/core/dev.c:9833
ip_tunnel_delete_nets+0x3df/0x580 net/ipv4/ip_tunnel.c:1126
ops_exit_list+0x10d/0x160 net/core/net_namespace.c:189
cleanup_net+0x4ea/0xa00 net/core/net_namespace.c:603
process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
kthread+0x3b5/0x4a0 kernel/kthread.c:291
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293
INFO: task syz-executor.1:28610 blocked for more than 144 seconds.
Not tainted 5.8.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1 D27344 28610 6994 0x00004004
Call Trace:
context_switch kernel/sched/core.c:3458 [inline]
__schedule+0x8ea/0x2210 kernel/sched/core.c:4219
schedule+0xd0/0x2a0 kernel/sched/core.c:4294
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4353
__mutex_lock_common kernel/locking/mutex.c:1033 [inline]
__mutex_lock+0x3e2/0x10d0 kernel/locking/mutex.c:1103
ip_tunnel_init_net+0x31c/0x980 net/ipv4/ip_tunnel.c:1071
ops_init+0xaf/0x470 net/core/net_namespace.c:151
setup_net+0x2d8/0x850 net/core/net_namespace.c:341
copy_net_ns+0x2cf/0x5e0 net/core/net_namespace.c:482
create_new_namespaces+0x3f6/0xb10 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0xbd/0x1f0 kernel/nsproxy.c:231
ksys_unshare+0x36c/0x9a0 kernel/fork.c:2979
__do_sys_unshare kernel/fork.c:3047 [inline]
__se_sys_unshare kernel/fork.c:3045 [inline]
__x64_sys_unshare+0x2d/0x40 kernel/fork.c:3045
do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45cc79
Code: Bad RIP value.
RSP: 002b:00007f70e5405c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00000000000355c0 RCX: 000000000045cc79
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
RBP: 000000000078bf30 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c
R13: 00007fffd2e4682f R14: 00007f70e54069c0 R15: 000000000078bf0c
INFO: task syz-executor.1:28612 blocked for more than 144 seconds.
Not tainted 5.8.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.1 D27784 28612 6994 0x00004004
Call Trace:
context_switch kernel/sched/core.c:3458 [inline]
__schedule+0x8ea/0x2210 kernel/sched/core.c:4219
schedule+0xd0/0x2a0 kernel/sched/core.c:4294
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4353
__mutex_lock_common kernel/locking/mutex.c:1033 [inline]
__mutex_lock+0x3e2/0x10d0 kernel/locking/mutex.c:1103
ib_get_eth_speed+0xeb/0x570 drivers/infiniband/core/verbs.c:1800
siw_query_port+0x39/0x420 drivers/infiniband/sw/siw/siw_verbs.c:171
iw_query_port drivers/infiniband/core/device.c:2026 [inline]
ib_query_port drivers/infiniband/core/device.c:2071 [inline]
ib_query_port+0x3fc/0x9e0 drivers/infiniband/core/device.c:2063
add_port drivers/infiniband/core/sysfs.c:1046 [inline]
ib_setup_port_attrs+0x1ee/0x12f0 drivers/infiniband/core/sysfs.c:1345
add_one_compat_dev+0x4ab/0x800 drivers/infiniband/core/device.c:918
rdma_dev_init_net+0x2dc/0x480 drivers/infiniband/core/device.c:1134
ops_init+0xaf/0x470 net/core/net_namespace.c:151
setup_net+0x2d8/0x850 net/core/net_namespace.c:341
copy_net_ns+0x2cf/0x5e0 net/core/net_namespace.c:482
create_new_namespaces+0x3f6/0xb10 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0xbd/0x1f0 kernel/nsproxy.c:231
ksys_unshare+0x36c/0x9a0 kernel/fork.c:2979
__do_sys_unshare kernel/fork.c:3047 [inline]
__se_sys_unshare kernel/fork.c:3045 [inline]
__x64_sys_unshare+0x2d/0x40 kernel/fork.c:3045
do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45cc79
Code: Bad RIP value.
RSP: 002b:00007f70e53e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00000000000355c0 RCX: 000000000045cc79
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
RBP: 000000000078bfd0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac
R13: 00007fffd2e4682f R14: 00007f70e53e59c0 R15: 000000000078bfac
INFO: task syz-executor.0:28646 blocked for more than 144 seconds.
Not tainted 5.8.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0 D28384 28646 6840 0x00000004
Call Trace:
context_switch kernel/sched/core.c:3458 [inline]
__schedule+0x8ea/0x2210 kernel/sched/core.c:4219
schedule+0xd0/0x2a0 kernel/sched/core.c:4294
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4353
__mutex_lock_common kernel/locking/mutex.c:1033 [inline]
__mutex_lock+0x3e2/0x10d0 kernel/locking/mutex.c:1103
packet_flush_mclist net/packet/af_packet.c:3641 [inline]
packet_release+0x3da/0xc90 net/packet/af_packet.c:3044
__sock_release+0xcd/0x280 net/socket.c:596
sock_close+0x18/0x20 net/socket.c:1277
__fput+0x33c/0x880 fs/file_table.c:281
task_work_run+0xdd/0x190 kernel/task_work.c:135
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_usermode_loop arch/x86/entry/common.c:239 [inline]
__prepare_exit_to_usermode+0x1e9/0x1f0 arch/x86/entry/common.c:269
do_syscall_64+0x6c/0xe0 arch/x86/entry/common.c:393
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x416791
Code: Bad RIP value.
RSP: 002b:00007ffdea7ba8b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000416791
RDX: 0000000000000000 RSI: 0000000000001e72 RDI: 0000000000000004
RBP: 0000000000000001 R08: 000000002598fe71 R09: 000000002598fe75
R10: 00007ffdea7ba9a0 R11: 0000000000000293 R12: 000000000078c900
R13: 000000000078c900 R14: ffffffffffffffff R15: 000000000078bfac
INFO: task syz-executor.2:28663 blocked for more than 145 seconds.
Not tainted 5.8.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D27728 28663 7038 0x00004004
Call Trace:
context_switch kernel/sched/core.c:3458 [inline]
__schedule+0x8ea/0x2210 kernel/sched/core.c:4219
schedule+0xd0/0x2a0 kernel/sched/core.c:4294
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4353
__mutex_lock_common kernel/locking/mutex.c:1033 [inline]
__mutex_lock+0x3e2/0x10d0 kernel/locking/mutex.c:1103
ib_get_eth_speed+0xeb/0x570 drivers/infiniband/core/verbs.c:1800
rxe_query_port+0x13d/0x2d0 drivers/infiniband/sw/rxe/rxe_verbs.c:68
__ib_query_port drivers/infiniband/core/device.c:2038 [inline]
ib_query_port drivers/infiniband/core/device.c:2073 [inline]
ib_query_port+0x4d9/0x9e0 drivers/infiniband/core/device.c:2063
add_port drivers/infiniband/core/sysfs.c:1046 [inline]
ib_setup_port_attrs+0x1ee/0x12f0 drivers/infiniband/core/sysfs.c:1345
add_one_compat_dev+0x4ab/0x800 drivers/infiniband/core/device.c:918
rdma_dev_init_net+0x2dc/0x480 drivers/infiniband/core/device.c:1134
ops_init+0xaf/0x470 net/core/net_namespace.c:151
setup_net+0x2d8/0x850 net/core/net_namespace.c:341
copy_net_ns+0x2cf/0x5e0 net/core/net_namespace.c:482
create_new_namespaces+0x3f6/0xb10 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0xbd/0x1f0 kernel/nsproxy.c:231
ksys_unshare+0x36c/0x9a0 kernel/fork.c:2979
__do_sys_unshare kernel/fork.c:3047 [inline]
__se_sys_unshare kernel/fork.c:3045 [inline]
__x64_sys_unshare+0x2d/0x40 kernel/fork.c:3045
do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45cc79
Code: Bad RIP value.
RSP: 002b:00007fc20ee80c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00000000000355c0 RCX: 000000000045cc79
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c060000
RBP: 000000000078bf30 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c
R13: 00007ffc1f729f0f R14: 00007fc20ee819c0 R15: 000000000078bf0c
INFO: task syz-executor.2:28666 blocked for more than 145 seconds.
Not tainted 5.8.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.2 D26408 28666 7038 0x00004004
Call Trace:
context_switch kernel/sched/core.c:3458 [inline]
__schedule+0x8ea/0x2210 kernel/sched/core.c:4219
schedule+0xd0/0x2a0 kernel/sched/core.c:4294
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4353
__mutex_lock_common kernel/locking/mutex.c:1033 [inline]
__mutex_lock+0x3e2/0x10d0 kernel/locking/mutex.c:1103
gtp_net_exit+0x1b5/0x380 drivers/net/gtp.c:1353
ops_exit_list+0xb0/0x160 net/core/net_namespace.c:186
setup_net+0x502/0x850 net/core/net_namespace.c:364
copy_net_ns+0x2cf/0x5e0 net/core/net_namespace.c:482
create_new_namespaces+0x3f6/0xb10 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0xbd/0x1f0 kernel/nsproxy.c:231
ksys_unshare+0x36c/0x9a0 kernel/fork.c:2979
__do_sys_unshare kernel/fork.c:3047 [inline]
__se_sys_unshare kernel/fork.c:3045 [inline]
__x64_sys_unshare+0x2d/0x40 kernel/fork.c:3045
do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45cc79
Code: Bad RIP value.
RSP: 002b:00007fc20ee5fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00000000000355c0 RCX: 000000000045cc79
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c060000
RBP: 000000000078bfd0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac
R13: 00007ffc1f729f0f R14: 00007fc20ee609c0 R15: 000000000078bfac
Showing all locks held in the system:
4 locks held by kworker/0:0/5:
#0: ffff8880a4c55538 ((wq_completion)infiniband){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8880a4c55538 ((wq_completion)infiniband){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
#0: ffff8880a4c55538 ((wq_completion)infiniband){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
#0: ffff8880a4c55538 ((wq_completion)infiniband){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
#0: ffff8880a4c55538 ((wq_completion)infiniband){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
#0: ffff8880a4c55538 ((wq_completion)infiniband){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 kernel/workqueue.c:2240
#1: ffffc90000cbfda8 ((work_completion)(&work->work)#2){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 kernel/workqueue.c:2244
#2: ffff88803be49168 (&rxe->usdev_lock){+.+.}-{3:3}, at: rxe_query_port+0x129/0x2d0 drivers/infiniband/sw/rxe/rxe_verbs.c:67
#3: ffffffff8a7d3d08 (rtnl_mutex){+.+.}-{3:3}, at: ib_get_eth_speed+0xeb/0x570 drivers/infiniband/core/verbs.c:1800
1 lock held by khungtaskd/1156:
#0: ffffffff89bd4ec0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:5779
1 lock held by in:imklog/6528:
#0: ffff8880951f66b0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:826
3 locks held by kworker/0:20/9892:
#0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
#0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
#0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
#0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
#0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 kernel/workqueue.c:2240
#1: ffffc900016d7da8 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 kernel/workqueue.c:2244
#2: ffffffff8a7d3d08 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xb/0x60 net/core/link_watch.c:250
2 locks held by kworker/1:15/12415:
#0: ffff8880aa036538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8880aa036538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
#0: ffff8880aa036538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
#0: ffff8880aa036538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
#0: ffff8880aa036538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
#0: ffff8880aa036538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 kernel/workqueue.c:2240
#1: ffffc90001937da8 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 kernel/workqueue.c:2244
3 locks held by kworker/0:7/29421:
#0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
#0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
#0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
#0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
#0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 kernel/workqueue.c:2240
#1: ffffc900049c7da8 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 kernel/workqueue.c:2244
#2: ffffffff8a7d3d08 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:74
4 locks held by kworker/u4:5/6218:
#0: ffff88821b03c138 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88821b03c138 ((wq_completion)netns){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
#0: ffff88821b03c138 ((wq_completion)netns){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
#0: ffff88821b03c138 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
#0: ffff88821b03c138 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
#0: ffff88821b03c138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 kernel/workqueue.c:2240
#1: ffffc900048f7da8 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 kernel/workqueue.c:2244
#2: ffffffff8a7c6e70 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9b/0xa00 net/core/net_namespace.c:565
#3: ffffffff8a7d3d08 (rtnl_mutex){+.+.}-{3:3}, at: netdev_run_todo+0x705/0xac0 net/core/dev.c:9833
3 locks held by kworker/1:2/23099:
#0: ffff8880a898d538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8880a898d538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline]
#0: ffff8880a898d538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
#0: ffff8880a898d538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline]
#0: ffff8880a898d538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
#0: ffff8880a898d538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 kernel/workqueue.c:2240
#1: ffffc90004937da8 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 kernel/workqueue.c:2244
#2: ffffffff8a7d3d08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4543
2 locks held by syz-executor.1/28610:
#0: ffffffff8a7c6e70 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2ac/0x5e0 net/core/net_namespace.c:478
#1: ffffffff8a7d3d08 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x31c/0x980 net/ipv4/ip_tunnel.c:1071
5 locks held by syz-executor.1/28612:
#0: ffffffff8a7c6e70 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2ac/0x5e0 net/core/net_namespace.c:478
#1: ffffffff8a636d10 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x25e/0x480 drivers/infiniband/core/device.c:1128
#2: ffffffff8a636a90 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x2d1/0x480 drivers/infiniband/core/device.c:1133
#3: ffff88803cde4f30 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0xea/0x800 drivers/infiniband/core/device.c:892
#4: ffffffff8a7d3d08 (rtnl_mutex){+.+.}-{3:3}, at: ib_get_eth_speed+0xeb/0x570 drivers/infiniband/core/verbs.c:1800
2 locks held by syz-executor.0/28646:
#0: ffff888075113c90 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:800 [inline]
#0: ffff888075113c90 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:595
#1: ffffffff8a7d3d08 (rtnl_mutex){+.+.}-{3:3}, at: packet_flush_mclist net/packet/af_packet.c:3641 [inline]
#1: ffffffff8a7d3d08 (rtnl_mutex){+.+.}-{3:3}, at: packet_release+0x3da/0xc90 net/packet/af_packet.c:3044
6 locks held by syz-executor.2/28663:
#0: ffffffff8a7c6e70 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2ac/0x5e0 net/core/net_namespace.c:478
#1: ffffffff8a636d10 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x25e/0x480 drivers/infiniband/core/device.c:1128
#2: ffffffff8a636a90 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x2d1/0x480 drivers/infiniband/core/device.c:1133
#3: ffff888044cf8f30 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0xea/0x800 drivers/infiniband/core/device.c:892
#4: ffff888044cf9168 (&rxe->usdev_lock){+.+.}-{3:3}, at: rxe_query_port+0x129/0x2d0 drivers/infiniband/sw/rxe/rxe_verbs.c:67
#5: ffffffff8a7d3d08 (rtnl_mutex){+.+.}-{3:3}, at: ib_get_eth_speed+0xeb/0x570 drivers/infiniband/core/verbs.c:1800
2 locks held by syz-executor.2/28666:
#0: ffffffff8a7c6e70 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2ac/0x5e0 net/core/net_namespace.c:478
#1: ffffffff8a7d3d08 (rtnl_mutex){+.+.}-{3:3}, at: gtp_net_exit+0x1b5/0x380 drivers/net/gtp.c:1353
2 locks held by syz-executor.3/28677:
#0: ffffffff8a7d3d08 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8a7d3d08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3f9/0xad0 net/core/rtnetlink.c:5561
#1: ffffffff89bd9520 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline]
#1: ffffffff89bd9520 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4e8/0x5f0 kernel/rcu/tree_exp.h:838
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 1156 Comm: khungtaskd Not tainted 5.8.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x18f/0x20d lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1b3/0x223 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline]
watchdog+0xd7d/0x1000 kernel/hung_task.c:295
kthread+0x3b5/0x4a0 kernel/kthread.c:291
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 12415 Comm: kworker/1:15 Not tainted 5.8.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events iterate_cleanup_work
RIP: 0010:lock_release+0x49b/0x8d0 kernel/locking/lockdep.c:4967
Code: 27 5c 08 00 0f 84 a9 01 00 00 48 8b 3c 24 57 9d 0f 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 01 c5 48 c7 45 00 00 00 00 00 <c7> 45 08 00 00 00 00 48 8b 84 24 88 00 00 00 65 48 2b 04 25 28 00
RSP: 0018:ffffc90000da8b80 EFLAGS: 00000086
RAX: dffffc0000000000 RBX: ffff88804b4e80c0 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: ffff8880ae7255d8 RDI: 0000000000000082
RBP: fffff520001b5172 R08: 0000000000000001 R09: ffff88804b4e8988
R10: fffffbfff15619f9 R11: 0000000000000000 R12: 0000000000000003
R13: ffffffff81638759 R14: 0000000000000004 R15: ffff88804b4e80c0
FS: 0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd47a9f3000 CR3: 000000005a317000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_unlock_irqrestore+0x16/0xe0 kernel/locking/spinlock.c:191
__mod_timer+0x669/0xff0 kernel/time/timer.c:1068
call_timer_fn+0x1ac/0x760 kernel/time/timer.c:1415
expire_timers kernel/time/timer.c:1460 [inline]
__run_timers.part.0+0x54c/0xa20 kernel/time/timer.c:1784
__run_timers kernel/time/timer.c:1756 [inline]
run_timer_softirq+0xae/0x1a0 kernel/time/timer.c:1797
__do_softirq+0x34c/0xa60 kernel/softirq.c:292
asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:711
</IRQ>
__run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
do_softirq_own_stack+0x111/0x170 arch/x86/kernel/irq_64.c:77
invoke_softirq kernel/softirq.c:387 [inline]
__irq_exit_rcu kernel/softirq.c:417 [inline]
irq_exit_rcu+0x229/0x270 kernel/softirq.c:429
sysvec_apic_timer_interrupt+0x54/0x120 arch/x86/kernel/apic/apic.c:1091
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:585
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:102 [inline]
RIP: 0010:__local_bh_enable_ip+0x189/0x250 kernel/softirq.c:196
Code: 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 c4 00 00 00 48 83 3d 38 9a 6f 08 00 74 7b fb 66 0f 1f 44 00 00 <65> 8b 05 50 78 bb 7e 85 c0 74 6b 5b 5d 41 5c c3 80 3d e5 69 65 09
RSP: 0018:ffffc90001937ba8 EFLAGS: 00000286
RAX: 1ffffffff136c413 RBX: 0000000000000200 RCX: 0000000000000006
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffffffff81468639
RBP: ffffffff86748c47 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88804b4e80c0
R13: 0000000000001227 R14: 0000000000000000 R15: 0000000000000001
local_bh_enable include/linux/bottom_half.h:32 [inline]
get_next_corpse net/netfilter/nf_conntrack_core.c:2238 [inline]
nf_ct_iterate_cleanup+0x9e/0x330 net/netfilter/nf_conntrack_core.c:2261
nf_ct_iterate_cleanup_net net/netfilter/nf_conntrack_core.c:2346 [inline]
nf_ct_iterate_cleanup_net+0x113/0x170 net/netfilter/nf_conntrack_core.c:2331
iterate_cleanup_work+0x45/0x130 net/netfilter/nf_nat_masquerade.c:216
process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
kthread+0x3b5/0x4a0 kernel/kthread.c:291
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293