unregister_netdevice: waiting for lo to become free. Usage count = 4 INFO: task syz-executor0:8199 blocked for more than 120 seconds. Not tainted 4.9.67-gf26d3c7 #106 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor0 D29392 8199 1 0x00000004 ffff8801a8293000 0000000000000000 ffff8801aa754a80 ffff8801da29b000 ffff8801db321418 ffff8801d5f1fc18 ffffffff838981cb 0000000000000000 0000000000000007 00ff8801a8293000 ffff8801db321ce8 ffff8801db321d10 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3550 [] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3583 [] __mutex_lock_common kernel/locking/mutex.c:582 [inline] [] mutex_lock_nested+0x312/0x870 kernel/locking/mutex.c:621 unregister_netdevice: waiting for lo to become free. Usage count = 4 [] copy_net_ns+0x155/0x280 net/core/net_namespace.c:387 [] create_new_namespaces+0x37f/0x730 kernel/nsproxy.c:106 [] unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:205 [] SYSC_unshare kernel/fork.c:2238 [inline] [] SyS_unshare+0x3dd/0x6f0 kernel/fork.c:2188 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Showing all locks held in the system: 2 locks held by khungtaskd/514: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x125/0xa70 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x70/0x280 kernel/locking/lockdep.c:4336 2 locks held by getty/3237: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+.+.}, at: [] n_tty_read+0x1f4/0x16c0 drivers/tty/n_tty.c:2133 3 locks held by kworker/u4:9/6142: #0: ("%s""netns"){.+.+.+}, at: [] __write_once_size include/linux/compiler.h:272 [inline] #0: ("%s""netns"){.+.+.+}, at: [] atomic64_set arch/x86/include/asm/atomic64_64.h:33 [inline] #0: ("%s""netns"){.+.+.+}, at: [] atomic_long_set include/asm-generic/atomic-long.h:56 [inline] #0: ("%s""netns"){.+.+.+}, at: [] set_work_data kernel/workqueue.c:616 [inline] #0: ("%s""netns"){.+.+.+}, at: [] set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ("%s""netns"){.+.+.+}, at: [] process_one_work+0x6a9/0x15f0 kernel/workqueue.c:2083 #1: (net_cleanup_work){+.+.+.}, at: [] process_one_work+0x6db/0x15f0 kernel/workqueue.c:2087 #2: (net_mutex){+.+.+.}, at: [] cleanup_net+0x13f/0x610 net/core/net_namespace.c:420 1 lock held by syz-executor0/8199: #0: (net_mutex){+.+.+.}, at: [] copy_net_ns+0x155/0x280 net/core/net_namespace.c:387 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 514 Comm: khungtaskd Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d897fd00 ffffffff81d906e9 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ffffffff810ba170 ffff8801d897fd38 ffffffff81d9b80d 0000000000000000 0000000000000000 ffff8801a8293418 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace+0xfd/0x120 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x117/0x190 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6f0/0xa70 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 6142 Comm: kworker/u4:9 Not tainted 4.9.67-gf26d3c7 #106 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_netc task: ffff8801ce60b000 task.stack: ffff8801d85a0000 RIP: 0010:[] c [] validate_chain kernel/locking/lockdep.c:2235 [inline] RIP: 0010:[] c [] __lock_acquire+0x849/0x3640 kernel/locking/lockdep.c:3345 RSP: 0018:ffff8801d85a7010 EFLAGS: 00000046 RAX: dffffc0000000000 RBX: ffff8801ce60b978 RCX: 1ffff10039cc1733 RDX: 1ffffffff09a7f63 RSI: 000000008372c5cd RDI: ffffffff84d3fb18 RBP: ffff8801d85a71d0 R08: 1ffff10039cc172e R09: 0000000000000001 R10: 0000000000000000 R11: ffff8801ce60b000 R12: ffffffff84d3fb08 R13: 00000000bfb9ea4c R14: 689ca9db8372c5cd R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5c46a099b8 CR3: 00000001cf364000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8801d85a7080c ffff8801d85a7058c ffff8801da163da0c ffff8801da163e40c 0000000041b58ab3c ffffffff841889ddc ffffffff811fc4c0c ffff8801d85a7088c 0000000000004117c 0000000000002571c 0000000000002571c 0000000000000367c Call Trace: [] lock_acquire+0x12e/0x410 kernel/locking/lockdep.c:3756 [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:112 [inline] [] _raw_spin_lock_irqsave+0x4e/0x70 kernel/locking/spinlock.c:159 [] load_balance+0x6d2/0x2e90 kernel/sched/fair.c:9421 [] idle_balance kernel/sched/fair.c:9689 [inline] [] pick_next_task_fair+0x711/0x1fe0 kernel/sched/fair.c:7506 [] pick_next_task kernel/sched/core.c:3355 [inline] [] __schedule+0x288/0x1ba0 kernel/sched/core.c:3477 [] schedule+0x7f/0x1b0 kernel/sched/core.c:3550 [] schedule_timeout+0x643/0x1220 kernel/time/timer.c:1770 [] do_wait_for_common kernel/sched/completion.c:75 [inline] [] __wait_for_common kernel/sched/completion.c:93 [inline] [] wait_for_common kernel/sched/completion.c:101 [inline] [] wait_for_completion+0x20e/0x2e0 kernel/sched/completion.c:122 [] _rcu_barrier+0x249/0x330 kernel/rcu/tree.c:3701 [] rcu_barrier+0x10/0x20 kernel/rcu/tree_plugin.h:692 [] netdev_wait_allrefs net/core/dev.c:7423 [inline] [] netdev_run_todo+0x2a5/0x6b0 net/core/dev.c:7511 [] rtnl_unlock+0xe/0x10 net/core/rtnetlink.c:104 [] default_device_exit_batch+0x358/0x410 net/core/dev.c:8311 [] ops_exit_list.isra.4+0x100/0x150 net/core/net_namespace.c:139 [] cleanup_net+0x31d/0x610 net/core/net_namespace.c:454 [] process_one_work+0x78f/0x15f0 kernel/workqueue.c:2090 [] worker_thread+0xe0/0x10d0 kernel/workqueue.c:2224 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433 Code: c00 cfc cff cdf c48 cc1 cea c03 c0f cb6 c04 c02 c84 cc0 c74 c08 c3c c03 c0f c8e c8f c29 c00 c00 c8b c43 c20 c25 c00 c80 c04 c00 c3d c00 c00 c04 c00 c0f c84 cf0 c09 c00 c00 c<48> cc7 cc2 c00 c97 c64 c84 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c48 cc1 cea c03 c