INFO: task kworker/1:0:18 blocked for more than 140 seconds. Not tainted 4.14.305-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/1:0 D27352 18 2 0x80000000 Workqueue: ipv6_addrconf addrconf_verify_work Call Trace: context_switch kernel/sched/core.c:2811 [inline] __schedule+0x88b/0x1de0 kernel/sched/core.c:3386 schedule+0x8d/0x1b0 kernel/sched/core.c:3430 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3488 __mutex_lock_common kernel/locking/mutex.c:833 [inline] __mutex_lock+0x669/0x1310 kernel/locking/mutex.c:893 addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4421 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406 Showing all locks held in the system: 3 locks held by kworker/1:0/18: #0: ("%s"("ipv6_addrconf")){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((addr_chk_work).work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (rtnl_mutex){+.+.}, at: [] addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4421 1 lock held by khungtaskd/1533: #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a kernel/locking/lockdep.c:4548 3 locks held by kworker/1:2/3139: #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: (deferred_process_work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 #2: (rtnl_mutex){+.+.}, at: [] switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:150 1 lock held by in:imklog/7658: #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0x1fb/0x2b0 fs/file.c:819 1 lock held by syz-executor.5/8015: #0: (rtnl_mutex){+.+.}, at: [] tun_detach drivers/net/tun.c:593 [inline] #0: (rtnl_mutex){+.+.}, at: [] tun_chr_close+0x34/0x60 drivers/net/tun.c:2732 2 locks held by syz-executor.2/11493: #0: (net_mutex){+.+.}, at: [] copy_net_ns+0x156/0x440 net/core/net_namespace.c:413 #1: (rtnl_mutex){+.+.}, at: [] ip_tunnel_init_net+0x238/0x4f0 net/ipv4/ip_tunnel.c:1036 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1533 Comm: khungtaskd Not tainted 4.14.305-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 nmi_cpu_backtrace.cold+0x57/0x93 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x13a/0x180 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:140 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:195 [inline] watchdog+0x5b9/0xb40 kernel/hung_task.c:274 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 5646 Comm: systemd-timesyn Not tainted 4.14.305-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 task: ffff8880a35ca480 task.stack: ffff8880a35d0000 RIP: 0010:pvclock_scale_delta arch/x86/include/asm/pvclock.h:73 [inline] RIP: 0010:__pvclock_read_cycles arch/x86/include/asm/pvclock.h:85 [inline] RIP: 0010:pvclock_clocksource_read+0x190/0x4f0 arch/x86/kernel/pvclock.c:87 RSP: 0018:ffff8880ba407830 EFLAGS: 00000086 RAX: 0000000000000000 RBX: ffff88823fff7000 RCX: 00000000ffffffff RDX: 00000000ffffffff RSI: 0000006f029193c0 RDI: 0000000000000001 RBP: dffffc0000000000 R08: ffff88823fff7018 R09: ffff88823fff700f R10: ffff88823fff7017 R11: ffff88823fff701b R12: ffff88823fff7003 R13: ffffed1047ffee01 R14: ffff88823fff701d R15: ffff88823fff7010 FS: 00007f239aaad8c0(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f35a1a66030 CR3: 00000000a2359000 CR4: 00000000003426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kvm_clock_read+0x1f/0x30 arch/x86/kernel/kvmclock.c:88 tk_clock_read kernel/time/timekeeping.c:145 [inline] timekeeping_get_delta kernel/time/timekeeping.c:239 [inline] timekeeping_get_ns kernel/time/timekeeping.c:345 [inline] ktime_get_with_offset+0x1af/0x320 kernel/time/timekeeping.c:806 alarmtimer_fired+0x25a/0x590 kernel/time/alarmtimer.c:225 __run_hrtimer kernel/time/hrtimer.c:1223 [inline] __hrtimer_run_queues+0x2fe/0xc70 kernel/time/hrtimer.c:1287 hrtimer_interrupt+0x1b9/0x470 kernel/time/hrtimer.c:1321 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1079 [inline] smp_apic_timer_interrupt+0x117/0x5e0 arch/x86/kernel/apic/apic.c:1104 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:796 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline] RIP: 0010:kmem_cache_free+0x173/0x2b0 mm/slab.c:3759 RSP: 0018:ffff8880ba407b88 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000007 RBX: ffff8880b4639400 RCX: 1ffff110146b95a5 RDX: 0000000000000000 RSI: ffff8880a35cad58 RDI: 0000000000000286 RBP: ffff88823a8223c0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000286 R13: ffffffff85befe48 R14: ffff888079992284 R15: ffff888079992280 kfree_skbmem+0x98/0x100 net/core/skbuff.c:595 __kfree_skb net/core/skbuff.c:655 [inline] consume_skb+0xed/0x380 net/core/skbuff.c:714 can_receive+0x2f5/0x4b0 net/can/af_can.c:712 canfd_rcv+0xfc/0x180 net/can/af_can.c:764 __netif_receive_skb_core+0x15ee/0x2a30 net/core/dev.c:4474 __netif_receive_skb+0x27/0x1a0 net/core/dev.c:4512 process_backlog+0x218/0x6f0 net/core/dev.c:5195 napi_poll net/core/dev.c:5604 [inline] net_rx_action+0x466/0xfd0 net/core/dev.c:5670 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:796 RIP: 0010:qlink_to_object mm/kasan/quarantine.c:136 [inline] RIP: 0010:qlink_free mm/kasan/quarantine.c:141 [inline] RIP: 0010:qlist_free_all+0x32/0x140 mm/kasan/quarantine.c:166 RSP: 0018:ffff8880a35d7a68 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000000 RBX: ffff888067899340 RCX: ffffea00019e29df RDX: 0000000000000000 RSI: ffff8880a35cad30 RDI: ffff888067899340 RBP: 0000000000000000 R08: 00000000000000d8 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88806789bbc0 R13: ffff8880a35d7aa0 R14: ffff88823a8223c0 R15: 0000000000000286 quarantine_reduce+0x185/0x200 mm/kasan/quarantine.c:259 kasan_kmalloc+0xa2/0x160 mm/kasan/kasan.c:536 slab_post_alloc_hook mm/slab.h:442 [inline] slab_alloc mm/slab.c:3390 [inline] kmem_cache_alloc+0x111/0x3c0 mm/slab.c:3550 ep_insert fs/eventpoll.c:1443 [inline] SYSC_epoll_ctl fs/eventpoll.c:2117 [inline] SyS_epoll_ctl+0x770/0x2780 fs/eventpoll.c:2002 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f2399ea22aa RSP: 002b:00007fffb01e7858 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 RAX: ffffffffffffffda RBX: 000055b5cbe54fa0 RCX: 00007f2399ea22aa RDX: 000000000000000d RSI: 0000000000000001 RDI: 0000000000000004 RBP: 0000000000000001 R08: 000055b5ca3c2b80 R09: 0000000000000100 R10: 00007fffb01e786c R11: 0000000000000246 R12: 000055b5cbe52690 R13: 000000000000000d R14: 000055b5ca3c2b80 R15: 000055b5cbe52630 Code: d9 83 e1 07 40 38 ce 40 0f 9e c7 40 84 f6 0f 95 c1 40 84 cf 0f 85 56 02 00 00 89 d1 48 89 c6 f7 d9 48 d3 ee 89 d1 48 d3 e0 85 d2 <8b> 53 18 4c 89 d1 48 0f 48 c6 4c 89 fe 48 c1 e9 03 48 f7 e2 48