INFO: task syz-executor.4:9883 can't die for more than 143 seconds. syz-executor.4 D23992 9883 7248 0x00004004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x8f3/0x1f80 kernel/sched/core.c:4155 schedule+0xd0/0x2a0 kernel/sched/core.c:4230 synchronize_rcu_expedited+0x45a/0x620 kernel/rcu/tree_exp.h:854 namespace_unlock+0x1c8/0x4f0 fs/namespace.c:1451 put_mnt_ns fs/namespace.c:3871 [inline] put_mnt_ns+0x5f/0x80 fs/namespace.c:3867 free_nsproxy+0x43/0x4a0 kernel/nsproxy.c:196 switch_task_namespaces+0xaa/0xc0 kernel/nsproxy.c:254 do_exit+0xb59/0x2e00 kernel/exit.c:804 do_group_exit+0x125/0x340 kernel/exit.c:903 get_signal+0x47b/0x24f0 kernel/signal.c:2739 do_signal+0x81/0x2240 arch/x86/kernel/signal.c:810 exit_to_usermode_loop arch/x86/entry/common.c:212 [inline] __prepare_exit_to_usermode+0x175/0x220 arch/x86/entry/common.c:246 do_syscall_64+0x6c/0xe0 arch/x86/entry/common.c:368 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45ca69 Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f43eaf63c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: 00000000002a1000 RBX: 000000000050d1c0 RCX: 000000000045ca69 RDX: 00000000fffffc41 RSI: 0000000020001440 RDI: 0000000000000005 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000cff R14: 00000000004cf567 R15: 00007f43eaf646d4 Showing all locks held in the system: 2 locks held by kworker/1:1/23: #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x844/0x1690 kernel/workqueue.c:2239 #1: ffffc90000df7dc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x878/0x1690 kernel/workqueue.c:2243 1 lock held by khungtaskd/1146: #0: ffffffff89bbde00 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:5779 6 locks held by kworker/0:1H/2426: 2 locks held by kworker/1:3/2695: #0: ffff8880aa036538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880aa036538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff8880aa036538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff8880aa036538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff8880aa036538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline] #0: ffff8880aa036538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x844/0x1690 kernel/workqueue.c:2239 #1: ffffc90008a4fdc0 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x878/0x1690 kernel/workqueue.c:2243 1 lock held by in:imklog/6512: #0: ffff888093b4b5f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:826 2 locks held by syz-executor.4/9883: #0: ffffffff8a7b06e8 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:704 [inline] #0: ffffffff8a7b06e8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3a/0x180 drivers/net/tun.c:3415 #1: ffffffff89bc2420 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline] #1: ffffffff89bc2420 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x501/0x620 kernel/rcu/tree_exp.h:838 =============================================