32-bit node address hash set to 1000000 IPVS: ftp: loaded support on port[0] = 21 chnl_net:caif_netlink_parms(): no params data found INFO: task syz-executor.4:24127 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D25688 24127 8145 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478 blkdev_get+0xb0/0x940 fs/block_dev.c:1627 blkdev_open+0x202/0x290 fs/block_dev.c:1788 do_dentry_open+0x4aa/0x1160 fs/open.c:796 do_last fs/namei.c:3421 [inline] path_openat+0x793/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f549f5aa279 Code: Bad RIP value. RSP: 002b:00007f549df1f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00007f549f6bcf80 RCX: 00007f549f5aa279 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020004240 RBP: 00007f549f604189 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffff08a37ef R14: 00007f549df1f300 R15: 0000000000022000 INFO: task syz-executor.4:24137 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D28464 24137 8145 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478 __blkdev_get+0x84d/0x1480 fs/block_dev.c:1535 blkdev_get+0xb0/0x940 fs/block_dev.c:1627 blkdev_open+0x202/0x290 fs/block_dev.c:1788 do_dentry_open+0x4aa/0x1160 fs/open.c:796 do_last fs/namei.c:3421 [inline] path_openat+0x793/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f549f5aa279 Code: Bad RIP value. RSP: 002b:00007f549defe168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007f549f6bd050 RCX: 00007f549f5aa279 RDX: 000000000000005c RSI: 0000000020002040 RDI: ffffffffffffff9c RBP: 00007f549f604189 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffff08a37ef R14: 00007f549defe300 R15: 0000000000022000 INFO: task systemd-udevd:24159 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 IPVS: ftp: loaded support on port[0] = 21 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. systemd-udevd D28648 24159 4697 0x00000100 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478 bridge0: port 1(bridge_slave_0) entered blocking state blkdev_get+0xb0/0x940 fs/block_dev.c:1627 bridge0: port 1(bridge_slave_0) entered disabled state device bridge_slave_0 entered promiscuous mode blkdev_open+0x202/0x290 fs/block_dev.c:1788 do_dentry_open+0x4aa/0x1160 fs/open.c:796 bridge0: port 2(bridge_slave_1) entered blocking state do_last fs/namei.c:3421 [inline] path_openat+0x793/0x2df0 fs/namei.c:3537 bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_1 entered promiscuous mode do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe bond0: Enslaving bond_slave_0 as an active interface with an up link RIP: 0033:0x7f05599a4840 Code: Bad RIP value. RSP: 002b:00007ffca18fdc58 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 000055b49c0556e0 RCX: 00007f05599a4840 RDX: 000055b49b148fe3 RSI: 00000000000a0800 RDI: 000055b49c05a1b0 RBP: 00007ffca18fddd0 R08: 000055b49b148670 R09: 0000000000000010 bond0: Enslaving bond_slave_1 as an active interface with an up link R10: 000055b49b148d0c R11: 0000000000000246 R12: 00007ffca18fdd20 R13: 000055b49c058880 R14: 0000000000000003 R15: 000000000000000e Showing all locks held in the system: 4 locks held by kworker/u4:4/1008: #0: 00000000bef70e73 ((wq_completion)"%s""netns"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 0000000009e30f3b (net_cleanup_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 00000000f443245b (pernet_ops_rwsem){++++}, at: cleanup_net+0xa8/0x8b0 net/core/net_namespace.c:521 #3: 000000003c19a8a9 (rtnl_mutex){+.+.}, at: ip_tunnel_delete_nets+0x8e/0x580 net/ipv4/ip_tunnel.c:1083 1 lock held by khungtaskd/1553: #0: 00000000b6f953dc (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 1 lock held by in:imklog/7810: #0: 0000000013bbe965 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 2 locks held by kworker/1:5/23607: #0: 000000004721185a ((wq_completion)"rcu_gp"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 000000004f55d0d6 ((work_completion)(&rew.rew_work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 1 lock held by syz-executor.4/24127: #0: 000000000f1da1fd (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478 2 locks held by syz-executor.4/24137: #0: 000000000f1da1fd (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478 #1: 000000000f1da1fd (&bdev->bd_mutex/1){+.+.}, at: __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478 1 lock held by systemd-udevd/24159: #0: 000000000f1da1fd (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478 1 lock held by syz-executor.4/24538: #0: 000000000f1da1fd (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478 1 lock held by syz-executor.4/24540: #0: 000000000f1da1fd (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478 1 lock held by syz-executor.4/26235: #0: 000000003c19a8a9 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: 000000003c19a8a9 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779 1 lock held by syz-executor.1/26237: #0: 000000003c19a8a9 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: 000000003c19a8a9 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1553 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x991/0xe60 kernel/hung_task.c:287 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 1008 Comm: kworker/u4:4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Workqueue: netns cleanup_net RIP: 0010:preempt_count_sub+0x0/0x150 kernel/sched/core.c:3262 Code: 4c 8b 45 c8 48 8b 55 d0 e9 0f fc ff ff 89 4d d0 e8 15 f5 56 00 8b 4d d0 e9 88 fe ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> c7 c0 60 37 24 8d 53 89 fb 48 ba 00 00 00 00 00 fc ff df 48 89 RSP: 0018:ffff8880b3adf718 EFLAGS: 00000046 RAX: 0000000000000000 RBX: 0000000000000200 RCX: ffffffff83771e23 RDX: 0000000000000000 RSI: ffffffff83771e31 RDI: 0000000000000001 RBP: ffffffff86a43e12 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: ffff8880b3ad0280 R13: 0000000000001243 R14: 0000000000000000 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007efd69be0020 CR3: 00000000a0827000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __local_bh_enable_ip+0x154/0x270 kernel/softirq.c:192 local_bh_enable include/linux/bottom_half.h:32 [inline] get_next_corpse net/netfilter/nf_conntrack_core.c:1907 [inline] nf_ct_iterate_cleanup+0x239/0x520 net/netfilter/nf_conntrack_core.c:1930 nf_ct_iterate_cleanup_net net/netfilter/nf_conntrack_core.c:2015 [inline] nf_ct_iterate_cleanup_net+0x113/0x170 net/netfilter/nf_conntrack_core.c:2000 masq_device_event+0xd6/0x110 net/ipv4/netfilter/nf_nat_masquerade_ipv4.c:100 notifier_call_chain+0xc0/0x230 kernel/notifier.c:93 call_netdevice_notifiers net/core/dev.c:1762 [inline] dev_close_many+0x323/0x670 net/core/dev.c:1514 rollback_registered_many+0x2f7/0xe70 net/core/dev.c:8173 unregister_netdevice_many.part.0+0x1a/0x300 net/core/dev.c:9324 unregister_netdevice_many+0x36/0x50 net/core/dev.c:9323 ip_tunnel_delete_nets+0x3d3/0x580 net/ipv4/ip_tunnel.c:1088 ops_exit_list+0xf9/0x150 net/core/net_namespace.c:156 cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:554 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415