INFO: task syz-executor.2:19030 can't die for more than 143 seconds. syz-executor.2 R running task 26272 19030 7009 0x00004004 Call Trace: context_switch kernel/sched/core.c:3455 [inline] __schedule+0x8e1/0x1eb0 kernel/sched/core.c:4180 preempt_schedule_irq+0xb0/0x150 kernel/sched/core.c:4438 idtentry_exit_cond_resched arch/x86/entry/common.c:621 [inline] idtentry_exit_cond_rcu+0xc0/0xf0 arch/x86/entry/common.c:668 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:596 RIP: 0010:write_comp_data+0x78/0x80 kernel/kcov.c:242 Code: 00 00 4e 8d 0c dd 28 00 00 00 4c 39 ce 72 1b 49 83 c0 01 4a 89 7c 08 e0 4e 89 54 08 e8 4a 89 54 08 f0 4a 89 4c d8 20 4c 89 00 0f 1f 80 00 00 00 00 48 8b 0c 24 40 0f b6 d6 40 0f b6 f7 31 ff RSP: 0000:ffffc900052978b0 EFLAGS: 00000293 RAX: 0000000000000000 RBX: 000000000001a929 RCX: ffffffff86ab5fdc RDX: 000000000001a929 RSI: ffff88804f1340c0 RDI: 0000000000000006 RBP: 000000000001a929 R08: 0000000000000000 R09: ffffffff8c59ca27 R10: 000000000001a929 R11: 0000000000000000 R12: ffffffff8a9739c0 R13: ffffc90005297a20 R14: 000000000000000a R15: dffffc0000000000 inet_twsk_purge+0x4dc/0x7b0 net/ipv4/inet_timewait_sock.c:297 ops_exit_list+0x10d/0x160 net/core/net_namespace.c:189 setup_net+0x502/0x850 net/core/net_namespace.c:364 copy_net_ns+0x2cf/0x5e0 net/core/net_namespace.c:482 create_new_namespaces+0x3f6/0xb10 kernel/nsproxy.c:110 copy_namespaces+0x385/0x470 kernel/nsproxy.c:179 copy_process+0x2b0e/0x6d90 kernel/fork.c:2106 _do_fork+0x12c/0xa70 kernel/fork.c:2448 __do_sys_clone+0xef/0x150 kernel/fork.c:2604 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:359 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45cb19 Code: Bad RIP value. RSP: 002b:00007fdc085cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00000000004db500 RCX: 000000000045cb19 RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000e1004d7c RBP: 000000000078bf00 R08: ffffffffffffffff R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 000000000000007c R14: 00000000004c349a R15: 00007fdc085cc6d4 Showing all locks held in the system: 3 locks held by kworker/u4:4/617: #0: ffff8880a9771938 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880a9771938 ((wq_completion)netns){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff8880a9771938 ((wq_completion)netns){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff8880a9771938 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff8880a9771938 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff8880a9771938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 kernel/workqueue.c:2240 #1: ffffc900028b7da8 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 kernel/workqueue.c:2244 #2: ffffffff8a7aaaf0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9b/0xa00 net/core/net_namespace.c:565 1 lock held by khungtaskd/1152: #0: ffffffff89bc3180 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:5779 1 lock held by in:imklog/6487: #0: ffff88809a7481b0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:928 5 locks held by kworker/0:5/14450: #0: ffff8880ae635e58 (&rq->lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1276 [inline] #0: ffff8880ae635e58 (&rq->lock){-.-.}-{2:2}, at: __schedule+0x22d/0x1eb0 kernel/sched/core.c:4126 #1: ffff8880ae620f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x2fb/0x400 kernel/sched/psi.c:833 #2: ffff8880ae625618 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x55/0x1a0 kernel/time/timer.c:935 #3: ffffffff8cbb20a0 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x12e/0x3e0 lib/debugobjects.c:636 #4: ffffffff8cb70e08 (&obj_hash[i].lock){-.-.}-{2:2}, at: __debug_check_no_obj_freed lib/debugobjects.c:955 [inline] #4: ffffffff8cb70e08 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_check_no_obj_freed+0xc7/0x41c lib/debugobjects.c:998 2 locks held by syz-executor.2/19030: 1 lock held by syz-executor.5/20436: #0: ffffffff8a7aaaf0 (pernet_ops_rwsem){++++}-{3:3}, at: register_netdevice_notifier+0x1e/0x260 net/core/dev.c:1814 1 lock held by syz-executor.5/20453: #0: ffffffff8a7aaaf0 (pernet_ops_rwsem){++++}-{3:3}, at: register_netdevice_notifier+0x1e/0x260 net/core/dev.c:1814 =============================================