RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000ec001000 RBP: 00007f6886b4a08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcc3d1a4ff R14: 00007f6885423300 R15: 0000000000022000 INFO: task syz-executor.3:10836 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D26888 10836 10585 0x00000000 Dead loop on virtual device ip6_vti0, fix it urgently! Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 vti_init_net+0x2a/0x370 net/ipv4/ip_vti.c:520 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 Mem-Info: active_anon:229856 inactive_anon:47123 isolated_anon:0 active_file:137 inactive_file:232 isolated_file:8 unevictable:0 dirty:3 writeback:0 unstable:0 slab_reclaimable:55008 slab_unreclaimable:1138545 mapped:59288 shmem:46686 pagetables:65506 bounce:0 free:26879 free_pcp:114 free_cma:0 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 Dead loop on virtual device ip6_vti0, fix it urgently! copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 Node 0 active_anon:910852kB inactive_anon:188464kB active_file:644kB inactive_file:356kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:237052kB dirty:8kB writeback:0kB shmem:184532kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 202752kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Mem-Info: active_anon:229856 inactive_anon:47123 isolated_anon:0 active_file:162 inactive_file:90 isolated_file:0 unevictable:0 dirty:3 writeback:0 unstable:0 slab_reclaimable:55008 slab_unreclaimable:1138545 mapped:59263 shmem:46686 pagetables:65506 bounce:0 free:27131 free_pcp:9 free_cma:0 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe Node 1 active_anon:8572kB inactive_anon:28kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:2212kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes RIP: 0033:0x7f6886aefeb9 Node 0 active_anon:910852kB inactive_anon:188464kB active_file:352kB inactive_file:532kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:236888kB dirty:8kB writeback:0kB shmem:184532kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 202752kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Code: Bad RIP value. Node 0 DMA free:10856kB min:204kB low:252kB high:300kB active_anon:2048kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:288kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB RSP: 002b:00007f6885423168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6886c03100 RCX: 00007f6886aefeb9 Node 1 active_anon:8572kB inactive_anon:28kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:2212kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000ec001000 RBP: 00007f6886b4a08d R08: 0000000000000000 R09: 0000000000000000 Dead loop on virtual device ip6_vti0, fix it urgently! lowmem_reserve[]: 0 2693 2695 2695 2695 Node 0 DMA32 free:44376kB min:35996kB low:44992kB high:53988kB active_anon:908804kB inactive_anon:188464kB active_file:460kB inactive_file:476kB unevictable:0kB writepending:8kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:29056kB pagetables:83164kB bounce:0kB free_pcp:1048kB local_pcp:340kB free_cma:0kB R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcc3d1a4ff R14: 00007f6885423300 R15: 0000000000022000 Node 0 DMA free:10856kB min:204kB low:252kB high:300kB active_anon:2048kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:288kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB INFO: task syz-executor.3:12329 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. lowmem_reserve[]: 0 0 1 1 1 syz-executor.3 D26792 12329 11577 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 lowmem_reserve[]: 0 2693 2695 2695 2695 Node 0 DMA32 free:41356kB min:35996kB low:44992kB high:53988kB active_anon:908804kB inactive_anon:188464kB active_file:260kB inactive_file:3000kB unevictable:0kB writepending:8kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:29056kB pagetables:83164kB bounce:0kB free_pcp:460kB local_pcp:380kB free_cma:0kB Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 lowmem_reserve[]: 0 0 1 1 1 Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 1 Normal free:53712kB min:53876kB low:67344kB high:80812kB active_anon:8572kB inactive_anon:28kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:4kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:101760kB pagetables:178572kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB Dead loop on virtual device ip6_vti0, fix it urgently! lowmem_reserve[]: 0 0 0 0 0 Node 1 Normal free:53712kB min:53876kB low:67344kB high:80812kB active_anon:8572kB inactive_anon:28kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:4kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:101760kB pagetables:178572kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 2*4kB (U) 4*8kB (UE) 4*16kB (UE) 2*32kB (UE) 5*64kB (UE) 1*128kB (U) 2*256kB (UE) 1*512kB (E) 3*1024kB (UE) 1*2048kB (E) 1*4096kB (M) = 10856kB ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 Node 0 DMA32: 1429*4kB (UME) 1415*8kB (UME) 621*16kB (UME) 370*32kB (UM) 51*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 42076kB lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 2*4kB (U) 4*8kB (UE) 4*16kB (UE) 2*32kB (UE) 5*64kB (UE) 1*128kB (U) 2*256kB (UE) 1*512kB (E) 3*1024kB (UE) 1*2048kB (E) 1*4096kB (M) = 10856kB setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB Node 0 DMA32: 1428*4kB (ME) 1411*8kB (UME) 607*16kB (UME) 370*32kB (UM) 51*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 41816kB Node 1 Normal: 1700*4kB (UM) 418*8kB (UM) 123*16kB (UME) 406*32kB (UME) 25*64kB (UM) 7*128kB (UM) 4*256kB (UME) 7*512kB (UM) 3*1024kB (UME) 1*2048kB (U) 4*4096kB (M) = 53712kB create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 Normal: 1700*4kB (UM) 418*8kB (UM) 123*16kB (UME) 406*32kB (UME) 25*64kB (UM) 7*128kB (UM) 4*256kB (UME) 7*512kB (UM) 3*1024kB (UME) 1*2048kB (U) 4*4096kB (M) = 53712kB copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 Dead loop on virtual device ip6_vti0, fix it urgently! Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6886aefeb9 Code: Bad RIP value. 46728 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 RSP: 002b:00007f6885423168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6886c03100 RCX: 00007f6886aefeb9 Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Free swap = 0kB Total swap = 0kB 2097051 pages RAM 46925 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000ec001000 RBP: 00007f6886b4a08d R08: 0000000000000000 R09: 0000000000000000 0 pages HighMem/MovableOnly 369649 pages reserved 0 pages cma reserved Free swap = 0kB Total swap = 0kB 2097051 pages RAM R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 Unreclaimable slab info: R13: 00007ffcc3d1a4ff R14: 00007f6885423300 R15: 0000000000022000 0 pages HighMem/MovableOnly 369649 pages reserved 0 pages cma reserved INFO: task syz-executor.3:12397 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. Name Used Total pid_13 3KB 7KB syz-executor.3 D26928 12397 11606 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 pid_12 13KB 18KB pid_11 42KB 48KB Dead loop on virtual device ip6_vti0, fix it urgently! pid_10 78KB 82KB pid_9 112KB 116KB pid_8 98KB 104KB schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6886aefeb9 Code: Bad RIP value. RSP: 002b:00007f6885423168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6886c03100 RCX: 00007f6886aefeb9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000ec001000 RBP: 00007f6886b4a08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcc3d1a4ff R14: 00007f6885423300 R15: 0000000000022000 INFO: task syz-executor.3:12418 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D26736 12418 11362 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6886aefeb9 Code: Bad RIP value. RSP: 002b:00007f6885423168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6886c03100 RCX: 00007f6886aefeb9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000ec001000 RBP: 00007f6886b4a08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcc3d1a4ff R14: 00007f6885423300 R15: 0000000000022000 INFO: task syz-executor.3:12429 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D26928 12429 11291 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6886aefeb9 Code: Bad RIP value. RSP: 002b:00007f6885423168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6886c03100 RCX: 00007f6886aefeb9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000ec001000 RBP: 00007f6886b4a08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcc3d1a4ff R14: 00007f6885423300 R15: 0000000000022000 INFO: task syz-executor.3:13196 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D26888 13196 11904 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6886aefeb9 Code: Bad RIP value. RSP: 002b:00007f6885423168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6886c03100 RCX: 00007f6886aefeb9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000ec001000 RBP: 00007f6886b4a08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcc3d1a4ff R14: 00007f6885423300 R15: 0000000000022000 INFO: task syz-executor.3:13617 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D26784 13617 10961 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6886aefeb9 Code: Bad RIP value. RSP: 002b:00007f6885423168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6886c03100 RCX: 00007f6886aefeb9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000ec001000 RBP: 00007f6886b4a08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcc3d1a4ff R14: 00007f6885423300 R15: 0000000000022000 INFO: task syz-executor.3:13720 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D26776 13720 11363 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6886aefeb9 Code: Bad RIP value. RSP: 002b:00007f6885423168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6886c03100 RCX: 00007f6886aefeb9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000ec001000 RBP: 00007f6886b4a08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcc3d1a4ff R14: 00007f6885423300 R15: 0000000000022000 INFO: task syz-executor.3:14379 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D26744 14379 12117 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6886aefeb9 Code: Bad RIP value. RSP: 002b:00007f6885423168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6886c03100 RCX: 00007f6886aefeb9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000ec001000 RBP: 00007f6886b4a08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcc3d1a4ff R14: 00007f6885423300 R15: 0000000000022000 INFO: task syz-executor.3:14868 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.3 D26888 14868 13034 0x00000000 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 ops_init+0xb3/0x410 net/core/net_namespace.c:129 setup_net+0x2c2/0x720 net/core/net_namespace.c:316 copy_net_ns+0x1f7/0x340 net/core/net_namespace.c:439 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107 copy_namespaces+0x325/0x3c0 kernel/nsproxy.c:165 copy_process.part.0+0x3a59/0x8260 kernel/fork.c:1916 copy_process kernel/fork.c:1710 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2219 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f6886aefeb9 Code: Bad RIP value. RSP: 002b:00007f6885423168 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f6886c03100 RCX: 00007f6886aefeb9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000ec001000 RBP: 00007f6886b4a08d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcc3d1a4ff R14: 00007f6885423300 R15: 0000000000022000 Showing all locks held in the system: 5 locks held by kworker/u4:3/1036: 1 lock held by khungtaskd/1570: #0: 00000000cb3b0e0d (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 3 locks held by kswapd0/1968: 3 locks held by systemd-journal/4688: 4 locks held by in:imklog/7777: 2 locks held by login/7819: #0: 00000000162f49ad (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272 #1: 00000000f8ccaa3d (&tty->atomic_write_lock){+.+.}, at: tty_write_lock drivers/tty/tty_io.c:886 [inline] #1: 00000000f8ccaa3d (&tty->atomic_write_lock){+.+.}, at: do_tty_write drivers/tty/tty_io.c:909 [inline] #1: 00000000f8ccaa3d (&tty->atomic_write_lock){+.+.}, at: tty_write+0x24e/0x810 drivers/tty/tty_io.c:1044 3 locks held by syz-fuzzer/8108: 7 locks held by kworker/u4:5/8925: 3 locks held by kworker/1:3/9351: #0: 00000000da8681f4 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 0000000088eea595 ((addr_chk_work).work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 000000002d706c69 (rtnl_mutex){+.+.}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4476 2 locks held by syz-executor.3/10585: #0: 000000009ff043f5 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000002d706c69 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.3/10606: pid_7 79KB 84KB Dead loop on virtual device ip6_vti0, fix it urgently! Dead loop on virtual device ip6_vti0, fix it urgently! #0: 000000009ff043f5 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000002d706c69 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.3/10627: #0: 000000009ff043f5 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000002d706c69 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.3/10672: #0: 000000009ff043f5 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000002d706c69 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.3/10685: #0: 000000009ff043f5 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000002d706c69 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.3/10706: Dead loop on virtual device ip6_vti0, fix it urgently! #0: 000000009ff043f5 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000002d706c69 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857 2 locks held by syz-executor.3/10763: #0: 000000009ff043f5 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000002d706c69 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.3/10836: #0: 000000009ff043f5 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000002d706c69 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.3/10845: #0: 000000009ff043f5 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000002d706c69 (rtnl_mutex){+.+.}, at: ip_tunnel_init_net+0x321/0x990 net/ipv4/ip_tunnel.c:1034 2 locks held by syz-executor.3/10874: Dead loop on virtual device ip6_vti0, fix it urgently! #0: 000000009ff043f5 (pernet_ops_rwsem){++++}, at: copy_net_ns+0x1d8/0x340 net/core/net_namespace.c:435 #1: 000000002d706c69 (rtnl_mutex){+.+.}, at: register_netdev+0x11/0x50 net/core/dev.c:8857