bisecting fixing commit since 7e96bf476270aecea66740a083e51b38c1371cd2 building syzkaller on c585c7b0ea16dc4326bf5e8f2f00cc6638e2feb1 testing commit 7e96bf476270aecea66740a083e51b38c1371cd2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7135110cc54110305d1293c4c638b36319897e25d62f2d3f7b594842115c2fba run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor637043323" "root@10.128.1.40:./syz-executor637043323"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.1.40 port 22 timed out lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor019154048" "root@10.128.15.192:./syz-executor019154048"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.15.192 port 22 timed out lost connection run #2: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor611481055" "root@10.128.10.9:./syz-executor611481055"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.10.9 port 22 timed out lost connection run #3: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor872204722" "root@10.128.10.62:./syz-executor872204722"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.10.62 port 22 timed out lost connection run #4: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor258560873" "root@10.128.15.194:./syz-executor258560873"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.15.194 port 22 timed out lost connection run #5: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor987623597" "root@10.128.1.231:./syz-executor987623597"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.1.231 port 22 timed out lost connection run #6: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor513853480" "root@10.128.0.116:./syz-executor513853480"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.0.116 port 22 timed out lost connection run #7: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor222705562" "root@10.128.0.205:./syz-executor222705562"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.0.205 port 22 timed out lost connection run #8: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor110242353" "root@10.128.15.205:./syz-executor110242353"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.15.205 port 22 timed out lost connection run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor783159662" "root@10.128.15.201:./syz-executor783159662"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.15.201 port 22 timed out lost connection run #10: OK run #11: OK run #12: crashed: WARNING in send_hsr_supervision_frame run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK reproducer seems to be flaky testing current HEAD 1fc596a56b334f4d593a2b49e5ff55af6aaa0816 testing commit 1fc596a56b334f4d593a2b49e5ff55af6aaa0816 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fbc3ab54864ae1b88fc35ce433ffc1c69483aa7726944acb62ac945f2da0147c run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor531389188" "root@10.128.0.93:./syz-executor531389188"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.0.93 port 22 timed out lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor950688915" "root@10.128.0.214:./syz-executor950688915"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.0.214 port 22 timed out lost connection run #2: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor996162423" "root@10.128.10.46:./syz-executor996162423"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.10.46 port 22 timed out lost connection run #3: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor447030078" "root@10.128.15.197:./syz-executor447030078"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.15.197 port 22 timed out lost connection run #4: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor525142816" "root@10.128.0.118:./syz-executor525142816"]: exit status 1 Warning: Permanently added '10.128.0.118' (ECDSA) to the list of known hosts. lost connection run #5: OK run #6: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor127778388" "root@10.128.15.194:./syz-executor127778388"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.15.194 port 22 timed out lost connection run #7: OK run #8: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor758709926" "root@10.128.1.21:./syz-executor758709926"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.1.21 port 22 timed out lost connection run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor469763533" "root@10.128.1.40:./syz-executor469763533"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.1.40 port 22 timed out lost connection run #10: OK run #11: crashed: INFO: task hung in synchronize_rcu run #12: OK run #13: crashed: INFO: task hung in synchronize_rcu run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK Reproducer flagged being flaky revisions tested: 2, total time: 27m15.344224714s (build: 13m31.1113846s, test: 13m4.706430124s) the crash still happens on HEAD commit msg: Merge tag 'trace-v5.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace crash: INFO: task hung in synchronize_rcu INFO: task kworker/u4:1:10 blocked for more than 143 seconds. Not tainted 5.15.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:1 state:D stack:24928 pid: 10 ppid: 2 flags:0x00004000 Workqueue: events_unbound fsnotify_connector_destroy_workfn Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_timeout+0x19d/0x250 kernel/time/timer.c:1857 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x176/0x280 kernel/sched/completion.c:138 __synchronize_srcu+0x1f4/0x290 kernel/rcu/srcutree.c:930 fsnotify_connector_destroy_workfn+0x4a/0xa0 fs/notify/mark.c:164 process_one_work+0x87f/0x1450 kernel/workqueue.c:2297 worker_thread+0x598/0x1040 kernel/workqueue.c:2444 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 INFO: task kworker/u4:5:1222 blocked for more than 143 seconds. Not tainted 5.15.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:5 state:D stack:22912 pid: 1222 ppid: 2 flags:0x00004000 Workqueue: events_unbound fsnotify_mark_destroy_workfn Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_timeout+0x19d/0x250 kernel/time/timer.c:1857 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x176/0x280 kernel/sched/completion.c:138 __synchronize_srcu+0x1f4/0x290 kernel/rcu/srcutree.c:930 fsnotify_mark_destroy_workfn+0xeb/0x330 fs/notify/mark.c:861 process_one_work+0x87f/0x1450 kernel/workqueue.c:2297 worker_thread+0x598/0x1040 kernel/workqueue.c:2444 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 INFO: task syz-executor.0:7028 blocked for more than 143 seconds. Not tainted 5.15.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:24328 pid: 7028 ppid: 1 flags:0x00004006 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 exp_funnel_lock kernel/rcu/tree_exp.h:313 [inline] synchronize_rcu_expedited+0x5ac/0x620 kernel/rcu/tree_exp.h:837 namespace_unlock+0x19b/0x3c0 fs/namespace.c:1448 drop_collected_mounts fs/namespace.c:1935 [inline] put_mnt_ns fs/namespace.c:4344 [inline] put_mnt_ns+0xc6/0xf0 fs/namespace.c:4340 free_nsproxy+0x35/0x340 kernel/nsproxy.c:191 do_exit+0x9d3/0x24b0 kernel/exit.c:824 do_group_exit+0xe7/0x290 kernel/exit.c:922 get_signal+0x3b2/0x1ce0 kernel/signal.c:2855 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:865 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x41936c RSP: 002b:00007ffe2c8781d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: fffffffffffffe00 RBX: 00007ffe2c878290 RCX: 000000000041936c RDX: 0000000000000050 RSI: 0000000000568020 RDI: 00000000000000f9 RBP: 0000000000000003 R08: 0000000000000000 R09: 0079746972756365 R10: 00000000005436a0 R11: 0000000000000246 R12: 0000000003172810 R13: 000000000317286b R14: 0000000000000000 R15: 00007ffe2c8782d0 INFO: task syz-executor.1:7031 blocked for more than 144 seconds. Not tainted 5.15.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:24104 pid: 7031 ppid: 1 flags:0x00004006 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 exp_funnel_lock kernel/rcu/tree_exp.h:313 [inline] synchronize_rcu_expedited+0x5ac/0x620 kernel/rcu/tree_exp.h:837 namespace_unlock+0x19b/0x3c0 fs/namespace.c:1448 drop_collected_mounts fs/namespace.c:1935 [inline] put_mnt_ns fs/namespace.c:4344 [inline] put_mnt_ns+0xc6/0xf0 fs/namespace.c:4340 free_nsproxy+0x35/0x340 kernel/nsproxy.c:191 do_exit+0x9d3/0x24b0 kernel/exit.c:824 do_group_exit+0xe7/0x290 kernel/exit.c:922 get_signal+0x3b2/0x1ce0 kernel/signal.c:2855 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:865 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x41936c RSP: 002b:00007ffd25d70440 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: fffffffffffffe00 RBX: 00007ffd25d70500 RCX: 000000000041936c RDX: 0000000000000050 RSI: 0000000000568020 RDI: 00000000000000f9 RBP: 0000000000000003 R08: 0000000000000000 R09: 0079746972756365 R10: 00000000005436a0 R11: 0000000000000246 R12: 0000000002c34810 R13: 0000000002c3486b R14: 0000000000000000 R15: 00007ffd25d70540 INFO: task syz-executor.3:7034 blocked for more than 144 seconds. Not tainted 5.15.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:24248 pid: 7034 ppid: 1 flags:0x00000002 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 exp_funnel_lock kernel/rcu/tree_exp.h:313 [inline] synchronize_rcu_expedited+0x5ac/0x620 kernel/rcu/tree_exp.h:837 namespace_unlock+0x19b/0x3c0 fs/namespace.c:1448 drop_collected_mounts fs/namespace.c:1935 [inline] put_mnt_ns fs/namespace.c:4344 [inline] put_mnt_ns+0xc6/0xf0 fs/namespace.c:4340 free_nsproxy+0x35/0x340 kernel/nsproxy.c:191 do_exit+0x9d3/0x24b0 kernel/exit.c:824 do_group_exit+0xe7/0x290 kernel/exit.c:922 __do_sys_exit_group kernel/exit.c:933 [inline] __se_sys_exit_group kernel/exit.c:931 [inline] __x64_sys_exit_group+0x35/0x40 kernel/exit.c:931 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665e9 RSP: 002b:00007ffccacf9ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007ffccacfa090 RCX: 00000000004665e9 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000043 RBP: 0000000000000000 R08: 00000000ffffffff R09: 00007ffccacfa090 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004bfca5 R13: 0000000000000006 R14: 0000000000000000 R15: 00007ffccacfa0d0 INFO: task syz-executor.5:7035 blocked for more than 144 seconds. Not tainted 5.15.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.5 state:D stack:24208 pid: 7035 ppid: 1 flags:0x00004006 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 synchronize_rcu_expedited+0x473/0x620 kernel/rcu/tree_exp.h:853 namespace_unlock+0x19b/0x3c0 fs/namespace.c:1448 drop_collected_mounts fs/namespace.c:1935 [inline] put_mnt_ns fs/namespace.c:4344 [inline] put_mnt_ns+0xc6/0xf0 fs/namespace.c:4340 free_nsproxy+0x35/0x340 kernel/nsproxy.c:191 do_exit+0x9d3/0x24b0 kernel/exit.c:824 do_group_exit+0xe7/0x290 kernel/exit.c:922 get_signal+0x3b2/0x1ce0 kernel/signal.c:2855 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:865 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x41936c RSP: 002b:00007fffa76835b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: fffffffffffffe00 RBX: 00007fffa7683670 RCX: 000000000041936c RDX: 0000000000000050 RSI: 0000000000568020 RDI: 00000000000000f9 RBP: 0000000000000003 R08: 0000000000000000 R09: 0079746972756365 R10: 00000000005436a0 R11: 0000000000000246 R12: 0000000001ed1810 R13: 0000000001ed186b R14: 0000000000000000 R15: 00007fffa76836b0 INFO: task syz-executor.2:7036 blocked for more than 145 seconds. Not tainted 5.15.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.2 state:D stack:23896 pid: 7036 ppid: 1 flags:0x00004006 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common kernel/locking/mutex.c:669 [inline] __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729 exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline] synchronize_rcu_expedited+0x2d5/0x620 kernel/rcu/tree_exp.h:837 namespace_unlock+0x19b/0x3c0 fs/namespace.c:1448 drop_collected_mounts fs/namespace.c:1935 [inline] put_mnt_ns fs/namespace.c:4344 [inline] put_mnt_ns+0xc6/0xf0 fs/namespace.c:4340 free_nsproxy+0x35/0x340 kernel/nsproxy.c:191 do_exit+0x9d3/0x24b0 kernel/exit.c:824 do_group_exit+0xe7/0x290 kernel/exit.c:922 get_signal+0x3b2/0x1ce0 kernel/signal.c:2855 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:865 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x41936c RSP: 002b:00007ffc1c461720 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: fffffffffffffe00 RBX: 00007ffc1c4617e0 RCX: 000000000041936c RDX: 0000000000000050 RSI: 0000000000568020 RDI: 00000000000000f9 RBP: 0000000000000003 R08: 0000000000000000 R09: 0079746972756365 R10: 00000000005436a0 R11: 0000000000000246 R12: 000000000150a810 R13: 000000000150a86b R14: 0000000000000000 R15: 00007ffc1c461820 INFO: task syz-executor.4:9155 blocked for more than 145 seconds. Not tainted 5.15.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.4 state:D stack:25536 pid: 9155 ppid: 7038 flags:0x00004006 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0x90d/0x26c0 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 exp_funnel_lock kernel/rcu/tree_exp.h:313 [inline] synchronize_rcu_expedited+0x5ac/0x620 kernel/rcu/tree_exp.h:837 namespace_unlock+0x19b/0x3c0 fs/namespace.c:1448 drop_collected_mounts fs/namespace.c:1935 [inline] put_mnt_ns fs/namespace.c:4344 [inline] put_mnt_ns+0xc6/0xf0 fs/namespace.c:4340 free_nsproxy+0x35/0x340 kernel/nsproxy.c:191 do_exit+0x9d3/0x24b0 kernel/exit.c:824 do_group_exit+0xe7/0x290 kernel/exit.c:922 get_signal+0x3b2/0x1ce0 kernel/signal.c:2855 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:865 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665e9 RSP: 002b:00007f9657e58188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: fffffffffffffff4 RBX: 000000000056c038 RCX: 00000000004665e9 RDX: 0000000000000040 RSI: 0000000020011fd4 RDI: 0000000000000000 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 R13: 00007fff1a74300f R14: 00007f9657e58300 R15: 0000000000022000 Showing all locks held in the system: 2 locks held by kworker/u4:1/10: #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a4/0x1450 kernel/workqueue.c:2268 #1: ffffc90000cf7db8 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x7d1/0x1450 kernel/workqueue.c:2272 1 lock held by khungtaskd/27: #0: ffffffff8ab76880 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446 1 lock held by khugepaged/33: #0: ffffffff8ac53ae8 (lock#5){+.+.}-{3:3}, at: __lru_add_drain_all+0x5a/0x6e0 mm/swap.c:782 2 locks held by kworker/u4:5/1222: #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a4/0x1450 kernel/workqueue.c:2268 #1: ffffc90004f9fdb8 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x7d1/0x1450 kernel/workqueue.c:2272 3 locks held by kworker/1:5/2980: 1 lock held by in:imklog/6225: #0: ffff88801898a370 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x9c/0xb0 fs/file.c:990 1 lock held by syz-executor.5/7035: #0: ffffffff8ab7fbe8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline] #0: ffffffff8ab7fbe8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4fc/0x620 kernel/rcu/tree_exp.h:837 1 lock held by syz-executor.2/7036: #0: ffffffff8ab7fbe8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline] #0: ffffffff8ab7fbe8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x2d5/0x620 kernel/rcu/tree_exp.h:837 1 lock held by syz-executor721/9185: #0: ffffffff8ac3c408 (perf_sched_mutex){+.+.}-{3:3}, at: account_event kernel/events/core.c:11412 [inline] #0: ffffffff8ac3c408 (perf_sched_mutex){+.+.}-{3:3}, at: perf_event_alloc+0x2835/0x31f0 kernel/events/core.c:11645 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 nmi_cpu_backtrace.cold+0x30/0xc0 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x11a/0x160 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0x88c/0xbf0 kernel/hung_task.c:295 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 710 Comm: kworker/u4:3 Not tainted 5.15.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_purge_orig RIP: 0010:validate_chain kernel/locking/lockdep.c:3796 [inline] RIP: 0010:__lock_acquire+0xcf4/0x5410 kernel/locking/lockdep.c:5015 Code: 00 0f 84 b5 08 00 00 48 c7 c2 8c 5f 7f 8c 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 0f b6 14 02 48 c7 c0 8c 5f 7f 8c 83 e0 07 <83> c0 03 38 d0 7c 08 84 d2 0f 85 26 37 00 00 8b 35 23 92 2c 0b 85 RSP: 0018:ffffc90003ccf9c8 EFLAGS: 00000002 RAX: 0000000000000004 RBX: ffffffff8e1d1160 RCX: ffffffff8152d60d RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8e1d1178 RBP: 000000000000b884 R08: 0000000000000000 R09: ffffffff8ee07a17 R10: fffffbfff1dc0f42 R11: 000000000007a089 R12: ffff888018fe42c8 R13: ffff888018fe3880 R14: 0000000000000000 R15: 5c3b4bccda6b59c5 FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb03841f090 CR3: 000000000a88e000 CR4: 0000000000350ee0 Call Trace: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:368 [inline] batadv_purge_orig_ref+0x152/0x1070 net/batman-adv/originator.c:1243 batadv_purge_orig+0x11/0x60 net/batman-adv/originator.c:1272 process_one_work+0x87f/0x1450 kernel/workqueue.c:2297 worker_thread+0x598/0x1040 kernel/workqueue.c:2444 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 ---------------- Code disassembly (best guess): 0: 00 0f add %cl,(%rdi) 2: 84 b5 08 00 00 48 test %dh,0x48000008(%rbp) 8: c7 c2 8c 5f 7f 8c mov $0x8c7f5f8c,%edx e: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 15: fc ff df 18: 48 c1 ea 03 shr $0x3,%rdx 1c: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx 20: 48 c7 c0 8c 5f 7f 8c mov $0xffffffff8c7f5f8c,%rax 27: 83 e0 07 and $0x7,%eax * 2a: 83 c0 03 add $0x3,%eax <-- trapping instruction 2d: 38 d0 cmp %dl,%al 2f: 7c 08 jl 0x39 31: 84 d2 test %dl,%dl 33: 0f 85 26 37 00 00 jne 0x375f 39: 8b 35 23 92 2c 0b mov 0xb2c9223(%rip),%esi # 0xb2c9262 3f: 85 .byte 0x85