INFO: task syz-executor.3:13166 blocked for more than 143 seconds. Not tainted 5.9.0-rc1-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:28024 pid:13166 ppid: 6842 flags:0x80004006 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x8e5/0x21e0 kernel/sched/core.c:4527 schedule+0xd0/0x2a0 kernel/sched/core.c:4602 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4661 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x3e2/0x10e0 kernel/locking/mutex.c:1103 tun_detach drivers/net/tun.c:705 [inline] tun_chr_close+0x3a/0x180 drivers/net/tun.c:3408 __fput+0x285/0x920 fs/file_table.c:281 task_work_run+0xdd/0x190 kernel/task_work.c:141 exit_task_work include/linux/task_work.h:25 [inline] do_exit+0xb7d/0x29f0 kernel/exit.c:806 do_group_exit+0x125/0x310 kernel/exit.c:903 get_signal+0x428/0x1f00 kernel/signal.c:2757 arch_do_signal+0x82/0x2520 arch/x86/kernel/signal.c:811 exit_to_user_mode_loop kernel/entry/common.c:135 [inline] exit_to_user_mode_prepare+0x15d/0x1c0 kernel/entry/common.c:166 syscall_exit_to_user_mode+0x59/0x2b0 kernel/entry/common.c:241 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45d4d9 Code: Bad RIP value. RSP: 002b:00007facfbc93c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: 0000000000000000 RBX: 0000000000019e00 RCX: 000000000045d4d9 RDX: 0000000020000100 RSI: 00000000400454ca RDI: 0000000000000003 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffda7af545f R14: 00007facfbc949c0 R15: 000000000118cf4c Showing all locks held in the system: 2 locks held by kworker/0:0/5: 2 locks held by kworker/u4:0/7: 2 locks held by kworker/0:1/12: 2 locks held by kworker/1:0/17: 2 locks held by kworker/u4:1/21: 8 locks held by kworker/u4:2/25: 2 locks held by kworker/1:1/38: 1 lock held by khungtaskd/1169: #0: ffffffff89bd6340 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:5825 3 locks held by kworker/0:2/2605: #0: ffff8880aa063d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880aa063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff8880aa063d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff8880aa063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff8880aa063d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff8880aa063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 kernel/workqueue.c:2240 #1: ffffc90008d1fda8 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 kernel/workqueue.c:2244 #2: ffffffff8a7e5c48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xb/0x60 net/core/link_watch.c:250 2 locks held by kworker/0:3/6501: 1 lock held by in:imklog/6520: #0: ffff888097b87b70 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:930 1 lock held by syz-executor.1/6838: #0: ffffffff8a7e5c48 (rtnl_mutex){+.+.}-{3:3}, at: netdev_run_todo+0x705/0xac0 net/core/dev.c:10104 1 lock held by syz-executor.5/6846: #0: ffffffff8a7e5c48 (rtnl_mutex){+.+.}-{3:3}, at: netdev_run_todo+0x705/0xac0 net/core/dev.c:10104 2 locks held by kworker/0:4/7964: 2 locks held by kworker/1:3/8134: 6 locks held by kworker/u4:5/8655: #0: ffff8880a97b5138 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880a97b5138 ((wq_completion)netns){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff8880a97b5138 ((wq_completion)netns){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff8880a97b5138 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff8880a97b5138 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff8880a97b5138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 kernel/workqueue.c:2240 #1: ffffc9001689fda8 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 kernel/workqueue.c:2244 #2: ffffffff8a7d8bf0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9b/0xa00 net/core/net_namespace.c:565 #3: ffffffff8a809688 (devlink_mutex){+.+.}-{3:3}, at: devlink_pernet_pre_exit+0x1c/0x190 net/core/devlink.c:9613 #4: ffff888093f7b370 (&nsim_dev->port_list_lock){+.+.}-{3:3}, at: nsim_dev_port_del_all drivers/net/netdevsim/dev.c:956 [inline] #4: ffff888093f7b370 (&nsim_dev->port_list_lock){+.+.}-{3:3}, at: nsim_dev_reload_destroy+0x9e/0x1e0 drivers/net/netdevsim/dev.c:1135 #5: ffffffff8a7e5c48 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x2b/0x70 drivers/net/netdevsim/netdev.c:338 2 locks held by kworker/1:5/10205: 2 locks held by kworker/0:5/13126: 2 locks held by kworker/1:6/13141: