INFO: task kworker/u4:2:324 blocked for more than 140 seconds. Not tainted 4.14.231-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:2 D26288 324 2 0x80000000 Workqueue: netns cleanup_net Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3384 schedule+0x8d/0x1b0 kernel/sched/core.c:3428 schedule_timeout+0x80a/0xe90 kernel/time/timer.c:1724 do_wait_for_common kernel/sched/completion.c:91 [inline] __wait_for_common kernel/sched/completion.c:112 [inline] wait_for_common+0x272/0x430 kernel/sched/completion.c:123 flush_workqueue+0x3ce/0x1310 kernel/workqueue.c:2676 flush_scheduled_work include/linux/workqueue.h:578 [inline] tipc_exit_net+0x38/0x60 net/tipc/core.c:96 ops_exit_list+0xa5/0x150 net/core/net_namespace.c:142 cleanup_net+0x3b3/0x840 net/core/net_namespace.c:484 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 INFO: task kworker/1:2:3624 blocked for more than 140 seconds. Not tainted 4.14.231-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/1:2 D25824 3624 2 0x80000000 Workqueue: usb_hub_wq hub_event Call Trace: context_switch kernel/sched/core.c:2808 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3384 schedule+0x8d/0x1b0 kernel/sched/core.c:3428 usb_kill_urb.part.0+0x125/0x190 drivers/usb/core/urb.c:691 usb_kill_urb+0x7c/0x90 drivers/usb/core/urb.c:686 usb_start_wait_urb+0x209/0x440 drivers/usb/core/message.c:62 usb_internal_control_msg drivers/usb/core/message.c:100 [inline] usb_control_msg+0x302/0x450 drivers/usb/core/message.c:151 hub_port_init+0xfdc/0x2970 drivers/usb/core/hub.c:4555 hub_port_connect drivers/usb/core/hub.c:4905 [inline] hub_port_connect_change drivers/usb/core/hub.c:5088 [inline] port_event drivers/usb/core/hub.c:5194 [inline] hub_event+0x18fd/0x3d70 drivers/usb/core/hub.c:5274 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 Showing all locks held in the system: 3 locks held by kworker/u4:2/324: #0: ("%s""netns"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: (net_cleanup_work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 #2: (net_mutex){+.+.}, at: [] cleanup_net+0x110/0x840 net/core/net_namespace.c:450 1 lock held by khungtaskd/1533: #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548 5 locks held by kworker/1:2/3624: #0: ("usb_hub_wq"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&hub->events)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 #2: (&dev->mutex){....}, at: [] device_lock include/linux/device.h:1081 [inline] #2: (&dev->mutex){....}, at: [] hub_event+0x108/0x3d70 drivers/usb/core/hub.c:5220 #3: (&port_dev->status_lock){+.+.}, at: [] usb_lock_port drivers/usb/core/hub.c:2934 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_port_connect drivers/usb/core/hub.c:4904 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_port_connect_change drivers/usb/core/hub.c:5088 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] port_event drivers/usb/core/hub.c:5194 [inline] #3: (&port_dev->status_lock){+.+.}, at: [] hub_event+0x18e8/0x3d70 drivers/usb/core/hub.c:5274 #4: (hcd->address0_mutex){+.+.}, at: [] hub_port_init+0x15b/0x2970 drivers/usb/core/hub.c:4429 2 locks held by agetty/6788: #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284 #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e3/0x1680 drivers/tty/n_tty.c:2156 3 locks held by kworker/0:2/12019: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&smc->tcp_listen_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 #2: (&smc->clcsock_release_lock){+.+.}, at: [] smc_clcsock_accept net/smc/af_smc.c:600 [inline] #2: (&smc->clcsock_release_lock){+.+.}, at: [] smc_tcp_listen_work+0x6ac/0xb80 net/smc/af_smc.c:935 3 locks held by kworker/1:4/740: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&smc->tcp_listen_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 #2: (&smc->clcsock_release_lock){+.+.}, at: [] smc_clcsock_accept net/smc/af_smc.c:600 [inline] #2: (&smc->clcsock_release_lock){+.+.}, at: [] smc_tcp_listen_work+0x6ac/0xb80 net/smc/af_smc.c:935 1 lock held by syz-executor.1/6224: #0: (net_mutex){+.+.}, at: [] copy_net_ns+0x156/0x440 net/core/net_namespace.c:410 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1533 Comm: khungtaskd Not tainted 4.14.231-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline] watchdog+0x5b9/0xb40 kernel/hung_task.c:274 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 15872 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff888021648440 task.stack: ffff88800ec88000 RIP: 0010:cpus_share_cache kernel/sched/core.c:1855 [inline] RIP: 0010:ttwu_queue kernel/sched/core.c:1865 [inline] RIP: 0010:try_to_wake_up+0x621/0x1100 kernel/sched/core.c:2087 RSP: 0018:ffff8880ba507d88 EFLAGS: 00000806 RAX: 000000000001e738 RBX: 1ffff110174a0fb9 RCX: 0000000000000001 RDX: ffff8880ba51e738 RSI: 000000000002a300 RDI: dffffc0000000000 RBP: 0000000000000001 R08: ffff88823fff7058 R09: 0000000000000000 R10: dffffc0000000000 R11: 1ffffffff11987ad R12: 0000000000000000 R13: ffff88809bf125c0 R14: ffffffff88cc3d68 R15: ffff88809bf12d88 FS: 00007f3f036d8700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2e02d000 CR3: 000000005213d000 CR4: 00000000001426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: hrtimer_wakeup+0x43/0x60 kernel/time/hrtimer.c:1441 __run_hrtimer kernel/time/hrtimer.c:1223 [inline] __hrtimer_run_queues+0x30b/0xc80 kernel/time/hrtimer.c:1287 hrtimer_interrupt+0x1e6/0x5e0 kernel/time/hrtimer.c:1321 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1079 [inline] smp_apic_timer_interrupt+0x117/0x5e0 arch/x86/kernel/apic/apic.c:1104 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x50 kernel/kcov.c:60 RSP: 0018:ffff88800ec8ed10 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: dffffc0000000000 RBX: ffff88804b396c40 RCX: ffffc90012ea7000 RDX: 1ffff11009672ddf RSI: ffffffff81634d6d RDI: ffff88804b396ef8 RBP: ffff88800ec8ee00 R08: ffff8880ba526b80 R09: ffffe8ffffd8cf68 R10: ffff88800ec8f040 R11: ffff888021648440 R12: ffff88804b396c40 R13: ffff88800ec8ee00 R14: dffffc0000000000 R15: 0000000000000000 perf_tp_filter_match kernel/events/core.c:8018 [inline] perf_tp_event_match kernel/events/core.c:8035 [inline] perf_tp_event_match.constprop.0+0xc2/0x1d0 kernel/events/core.c:8023 perf_tp_event+0x51e/0x6e0 kernel/events/core.c:8084 perf_trace_run_bpf_submit+0x119/0x200 kernel/events/core.c:8055 perf_trace_ext4_getfsmap_class+0x424/0x710 include/trace/events/ext4.h:2573 trace_ext4_getfsmap_mapping include/trace/events/ext4.h:2606 [inline] ext4_getfsmap_format+0x34c/0x4f0 fs/ext4/ioctl.c:556 ext4_getfsmap_helper+0x5eb/0x13f0 fs/ext4/fsmap.c:184 ext4_getfsmap_datadev_helper+0x600/0x900 fs/ext4/fsmap.c:265 ext4_mballoc_query_range+0x405/0x740 fs/ext4/mballoc.c:5397 ext4_getfsmap_datadev+0x5ba/0x11d0 fs/ext4/fsmap.c:550 ext4_getfsmap+0x5f6/0x8c0 fs/ext4/fsmap.c:721 ext4_ioc_getfsmap+0x251/0x830 fs/ext4/ioctl.c:603 ext4_ioctl+0x248/0x3870 fs/ext4/ioctl.c:663 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x4665f9 RSP: 002b:00007f3f036d8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 RDX: 00000000200001c0 RSI: 00000000c0c0583b RDI: 0000000000000007 RBP: 00000000004bfbb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007fff620b87ff R14: 00007f3f036d8300 R15: 0000000000022000 Code: eb 03 43 80 3c 13 00 0f 85 23 09 00 00 4a 03 14 cd 60 3d cc 88 48 bf 00 00 00 00 00 fc ff df 49 89 d1 49 c1 e9 03 45 0f b6 0c 39 <48> 89 d7 83 e7 07 83 c7 03 44 38 cf 7c 09 45 84 c9 0f 85 65 07