unregister_netdevice: waiting for lo to become free. Usage count = 3 INFO: task syz-executor5:10301 blocked for more than 120 seconds. Not tainted 4.9.80-g8a174b47 #31 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor5 D28912 10301 1 0x00000004 ffff8801d9490000 ffff8801bffce4c0 ffff8801d6f69f80 ffff8801d906b000 ffff8801db221b98 ffff8801b9457c18 ffffffff838a243b 0000000000000000 0000000000000007 00ff8801d9490000[ 245.364470] unregister_netdevice: waiting for lo to become free. Usage count = 3 ffff8801db222468 ffff8801db222490 [] schedule+0x7f/0x1b0 kernel/sched/core.c:3550 [] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3583 [] __mutex_lock_common kernel/locking/mutex.c:582 [inline] [] mutex_lock_nested+0x312/0x870 kernel/locking/mutex.c:621 [] copy_net_ns+0x155/0x280 net/core/net_namespace.c:387 [] create_new_namespaces+0x37f/0x730 kernel/nsproxy.c:106 [] unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:205 [] SYSC_unshare kernel/fork.c:2244 [inline] [] SyS_unshare+0x3dd/0x6f0 kernel/fork.c:2194 [] entry_SYSCALL_64_fastpath+0x29/0xe8 Showing all locks held in the system: 2 locks held by khungtaskd/514: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x125/0xa70 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x70/0x280 kernel/locking/lockdep.c:4336 1 lock held by rsyslogd/3660: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0x9f/0xc0 fs/file.c:781 2 locks held by getty/3788: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+.+.}, at: [] n_tty_read+0x1f4/0x16c0 drivers/tty/n_tty.c:2133 3 locks held by kworker/u4:4/5378: #0: ("%s""netns"){.+.+.+}, at: [] work_static include/linux/workqueue.h:186 [inline] #0: ("%s""netns"){.+.+.+}, at: [] set_work_data kernel/workqueue.c:617 [inline] #0: ("%s""netns"){.+.+.+}, at: [] set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: ("%s""netns"){.+.+.+}, at: [] process_one_work+0x6f2/0x1610 kernel/workqueue.c:2085 #1: (net_cleanup_work){+.+.+.}, at: [] process_one_work+0x72c/0x1610 kernel/workqueue.c:2089 #2: (net_mutex){+.+.+.}, at: [] cleanup_net+0x13f/0x610 net/core/net_namespace.c:420 1 lock held by syz-executor5/10301: #0: (net_mutex){+.+.+.}, at: [] copy_net_ns+0x155/0x280 net/core/net_namespace.c:387 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 514 Comm: khungtaskd Not tainted 4.9.80-g8a174b47 #31 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d8ed7d00 ffffffff81d94be9 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810bac60 ffff8801d8ed7d38 ffffffff81d9fd0d 0000000000000001 0000000000000000 ffff8801d9490418 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace+0xfd/0x120 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x117/0x190 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6f0/0xa70 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:477 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 6988 Comm: kworker/0:3 Not tainted 4.9.80-g8a174b47 #31 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events defense_work_handlerc task: ffff8801d52cc800 task.stack: ffff8801bcd58000 RIP: 0010:[] c [] rcu_all_qs+0x23/0xa0 kernel/rcu/tree.c:394 RSP: 0018:ffff8801bcd5fc30 EFLAGS: 00000202 RAX: 0000000000000000 RBX: ffff8801d52cc800 RCX: 0000000000001b4c RDX: 1ffff1003aa599a3 RSI: 0000000000000846 RDI: ffff8801d52ccd18 RBP: ffff8801bcd5fc38 R08: ffffffff859ebc08 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801bcd5fcc8 R13: ffff8801c5acc518 R14: ffff8801c5acc500 R15: ffff8801db221200 FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fda5bc8d000 CR3: 00000001b5cc0000 CR4: 0000000000160670 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8801d52cc800c ffff8801bcd5fd50c ffffffff81189924c ffffffff8118976cc ffff8801db221b80c ffff8801c5acc548c ffff8801d9acc000c ffff880100000000c ffff8801c5acc520c ffff8801c5acc510c 1ffff100379abf95c 000000009c6fe4fbc Call Trace: [] process_one_work+0x8e4/0x1610 kernel/workqueue.c:2118 [] worker_thread+0xe0/0x10d0 kernel/workqueue.c:2226 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:477 Code: c0f c1f c84 c00 c00 c00 c00 c00 c55 c48 c89 ce5 c53 c65 c8b c05 c74 c68 cd8 c7e c85 cc0 c75 c16 c65 c8a c05 c22 ced cd8 c7e c84 cc0 c75 c3c c65 c48 cff c05 c3d ceb cd8 c7e c<5b> c5d cc3 c9c c58 c0f c1f c44 c00 c00 c48 c89 cc3 cfa c66 c0f c1f c44 c00 c00 ce8 c