INFO: task kworker/u4:1:21 blocked for more than 143 seconds. Not tainted 5.10.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:1 state:D stack:24808 pid: 21 ppid: 2 flags:0x00004000 Workqueue: netns cleanup_net Call Trace: context_switch kernel/sched/core.c:3779 [inline] __schedule+0x92c/0xcb0 kernel/sched/core.c:4528 schedule+0x14b/0x200 kernel/sched/core.c:4606 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4665 __mutex_lock_common+0x122f/0x2f20 kernel/locking/mutex.c:1033 __mutex_lock kernel/locking/mutex.c:1103 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:1118 cangw_pernet_exit+0xe/0x20 net/can/gw.c:1179 ops_exit_list net/core/net_namespace.c:187 [inline] cleanup_net+0x708/0xba0 net/core/net_namespace.c:604 process_one_work+0x789/0xfc0 kernel/workqueue.c:2272 worker_thread+0xaa4/0x1460 kernel/workqueue.c:2418 kthread+0x39a/0x3c0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 INFO: task syz-executor.0:16385 blocked for more than 143 seconds. Not tainted 5.10.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:27576 pid:16385 ppid: 8485 flags:0x00004006 Call Trace: context_switch kernel/sched/core.c:3779 [inline] __schedule+0x92c/0xcb0 kernel/sched/core.c:4528 schedule+0x14b/0x200 kernel/sched/core.c:4606 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4665 __mutex_lock_common+0x122f/0x2f20 kernel/locking/mutex.c:1033 __mutex_lock kernel/locking/mutex.c:1103 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:1118 tun_detach drivers/net/tun.c:687 [inline] tun_chr_close+0x3c/0x130 drivers/net/tun.c:3398 __fput+0x34f/0x7b0 fs/file_table.c:281 task_work_run+0x137/0x1c0 kernel/task_work.c:151 exit_task_work include/linux/task_work.h:30 [inline] do_exit+0x63c/0x22e0 kernel/exit.c:809 do_group_exit+0x161/0x2c0 kernel/exit.c:906 get_signal+0x13da/0x1d90 kernel/signal.c:2758 arch_do_signal+0x33/0x610 arch/x86/kernel/signal.c:811 exit_to_user_mode_loop kernel/entry/common.c:161 [inline] exit_to_user_mode_prepare+0x85/0x170 kernel/entry/common.c:191 syscall_exit_to_user_mode+0x4a/0x170 kernel/entry/common.c:266 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e159 RSP: 002b:00007ff25eacacf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000119c180 RCX: 000000000045e159 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000119c180 RBP: 000000000119c178 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119c184 R13: 00007ffc665f38cf R14: 00007ff25eacb9c0 R15: 000000000119c184 INFO: task syz-executor.2:29611 blocked for more than 144 seconds. Not tainted 5.10.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.2 state:D stack:26232 pid:29611 ppid: 8489 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:3779 [inline] __schedule+0x92c/0xcb0 kernel/sched/core.c:4528 schedule+0x14b/0x200 kernel/sched/core.c:4606 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4665 __mutex_lock_common+0x122f/0x2f20 kernel/locking/mutex.c:1033 __mutex_lock kernel/locking/mutex.c:1103 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:1118 netdev_run_todo+0xe3a/0x1010 net/core/dev.c:10280 ip_tunnel_delete_nets+0x2ea/0x310 net/ipv4/ip_tunnel.c:1117 ops_exit_list net/core/net_namespace.c:190 [inline] setup_net+0x606/0x770 net/core/net_namespace.c:365 copy_net_ns+0x31d/0x520 net/core/net_namespace.c:483 create_new_namespaces+0x4d9/0x9e0 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0x123/0x190 kernel/nsproxy.c:231 ksys_unshare+0x468/0x950 kernel/fork.c:2949 __do_sys_unshare kernel/fork.c:3017 [inline] __se_sys_unshare kernel/fork.c:3015 [inline] __x64_sys_unshare+0x34/0x40 kernel/fork.c:3015 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e159 RSP: 002b:00007ffa07fefc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045e159 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000060000000 RBP: 000000000119bfb0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c R13: 00007ffce0c8460f R14: 00007ffa07ff09c0 R15: 000000000119bf8c INFO: task syz-executor.1:29618 blocked for more than 144 seconds. Not tainted 5.10.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:26680 pid:29618 ppid: 22411 flags:0x00004006 Call Trace: context_switch kernel/sched/core.c:3779 [inline] __schedule+0x92c/0xcb0 kernel/sched/core.c:4528 schedule+0x14b/0x200 kernel/sched/core.c:4606 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4665 __mutex_lock_common+0x122f/0x2f20 kernel/locking/mutex.c:1033 __mutex_lock kernel/locking/mutex.c:1103 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:1118 cangw_pernet_exit+0xe/0x20 net/can/gw.c:1179 ops_exit_list net/core/net_namespace.c:187 [inline] setup_net+0x5a2/0x770 net/core/net_namespace.c:365 copy_net_ns+0x31d/0x520 net/core/net_namespace.c:483 create_new_namespaces+0x4d9/0x9e0 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0x123/0x190 kernel/nsproxy.c:231 ksys_unshare+0x468/0x950 kernel/fork.c:2949 __do_sys_unshare kernel/fork.c:3017 [inline] __se_sys_unshare kernel/fork.c:3015 [inline] __x64_sys_unshare+0x34/0x40 kernel/fork.c:3015 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e159 RSP: 002b:00007f8327b6dc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045e159 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000060000000 RBP: 000000000119bfb0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c R13: 00007ffddbd5d4cf R14: 00007f8327b6e9c0 R15: 000000000119bf8c Showing all locks held in the system: 4 locks held by kworker/u4:1/21: #0: ffff88801126b138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x6f4/0xfc0 kernel/workqueue.c:2245 #1: ffffc90000dbfd78 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x733/0xfc0 kernel/workqueue.c:2247 #2: ffffffff8cc9a6b0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xac/0xba0 net/core/net_namespace.c:566 #3: ffffffff8cca5c48 (rtnl_mutex){+.+.}-{3:3}, at: cangw_pernet_exit+0xe/0x20 net/can/gw.c:1179 1 lock held by khungtaskd/1638: #0: ffffffff8bce6900 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 arch/x86/pci/mmconfig_64.c:151 3 locks held by kworker/0:2/2990: #0: ffff888010464d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x6f4/0xfc0 kernel/workqueue.c:2245 #1: ffffc90001437d78 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x733/0xfc0 kernel/workqueue.c:2247 #2: ffffffff8cca5c48 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:74 1 lock held by in:imklog/8156: #0: ffff888014293c70 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24b/0x2e0 fs/file.c:932 2 locks held by agetty/8396: #0: ffff888014ed3098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:266 #1: ffffc90000f582e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x260/0x1b40 drivers/tty/n_tty.c:2156 3 locks held by kworker/0:5/9948: #0: ffff88814772b938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x6f4/0xfc0 kernel/workqueue.c:2245 #1: ffffc90001c9fd78 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x733/0xfc0 kernel/workqueue.c:2247 #2: ffffffff8cca5c48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4568 1 lock held by syz-executor.0/16385: #0: ffffffff8cca5c48 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:687 [inline] #0: ffffffff8cca5c48 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3c/0x130 drivers/net/tun.c:3398 2 locks held by syz-executor.2/29611: #0: ffffffff8cc9a6b0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x301/0x520 net/core/net_namespace.c:479 #1: ffffffff8cca5c48 (rtnl_mutex){+.+.}-{3:3}, at: netdev_run_todo+0xe3a/0x1010 net/core/dev.c:10280 2 locks held by syz-executor.1/29618: #0: ffffffff8cc9a6b0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x301/0x520 net/core/net_namespace.c:479 #1: ffffffff8cca5c48 (rtnl_mutex){+.+.}-{3:3}, at: cangw_pernet_exit+0xe/0x20 net/can/gw.c:1179 2 locks held by syz-executor.4/29663: ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1638 Comm: khungtaskd Not tainted 5.10.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x137/0x1be lib/dump_stack.c:118 nmi_cpu_backtrace+0x16c/0x190 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x191/0x2f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0xcde/0xd20 kernel/hung_task.c:294 kthread+0x39a/0x3c0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 29235 Comm: kworker/u4:7 Not tainted 5.10.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_nc_worker RIP: 0010:rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:319 [inline] RIP: 0010:rcu_is_watching+0x41/0xb0 kernel/rcu/tree.c:1102 Code: 73 74 49 bf 00 00 00 00 00 fc ff df 4c 8d 34 dd 60 06 7d 8b 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 5f 85 55 00 <48> c7 c3 68 53 03 00 49 03 1e 48 89 d8 48 c1 e8 03 42 8a 04 38 84 RSP: 0018:ffffc9000b46fb58 EFLAGS: 00000246 RAX: 1ffffffff16fa0cc RBX: 0000000000000000 RCX: ffff88801ffe0000 RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 RBP: 0000000000000002 R08: dffffc0000000000 R09: fffffbfff1a1c46e R10: fffffbfff1a1c46e R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: ffffffff8b7d0660 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fdf80b16000 CR3: 000000001142d000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rcu_read_lock_held_common kernel/rcu/update.c:106 [inline] rcu_read_lock_sched_held+0x23/0xb0 kernel/rcu/update.c:121 trace_lock_acquire+0x6b/0x180 include/trace/events/lock.h:13 lock_acquire+0x39/0x5e0 kernel/locking/lockdep.c:5408 rcu_lock_acquire+0x2a/0x30 include/linux/rcupdate.h:248 rcu_read_lock include/linux/rcupdate.h:641 [inline] batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:407 [inline] batadv_nc_worker+0xc8/0x5c0 net/batman-adv/network-coding.c:718 process_one_work+0x789/0xfc0 kernel/workqueue.c:2272 worker_thread+0xaa4/0x1460 kernel/workqueue.c:2418 kthread+0x39a/0x3c0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296