syzbot


INFO: task hung in kernfs_fop_readdir

Status: auto-obsoleted due to no activity on 2023/02/13 20:10
Subsystems: kernfs
[Documentation on labels]
First crash: 1071d, last: 1068d
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: task hung in kernfs_fop_readdir (2) kernfs 1 1 460d 460d 0/29 auto-obsoleted due to no activity on 2024/10/03 13:18
upstream INFO: task hung in kernfs_fop_readdir (3) kernfs 1 1 358d 358d 0/29 auto-obsoleted due to no activity on 2025/01/13 08:39

Sample crash report:
INFO: task udevd:2975 blocked for more than 143 seconds.
      Not tainted 6.1.0-rc3-syzkaller-00239-g10d916c86eca #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:udevd           state:D stack:22376 pid:2975  ppid:1      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0x8fc/0xda0 kernel/sched/core.c:6503
 schedule+0xcb/0x190 kernel/sched/core.c:6579
 rwsem_down_read_slowpath+0x5fe/0x950 kernel/locking/rwsem.c:1095
 __down_read_common+0x54/0x2a0 kernel/locking/rwsem.c:1260
 kernfs_fop_readdir+0x577/0x870 fs/kernfs/dir.c:1810
 iterate_dir+0x257/0x5f0
 __do_sys_getdents64 fs/readdir.c:369 [inline]
 __se_sys_getdents64+0x1e9/0x4b0 fs/readdir.c:354
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fc50b2ff097
RSP: 002b:00007fffd24b1a38 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
RAX: ffffffffffffffda RBX: 0000557c351d00d0 RCX: 00007fc50b2ff097
RDX: 0000000000008000 RSI: 0000557c351d0100 RDI: 000000000000000c
RBP: 0000557c351d0100 R08: 0000000000000030 R09: 00007fc50b3f5a60
R10: 0000000000000020 R11: 0000000000000293 R12: fffffffffffffe68
R13: 0000557c351d00d4 R14: 0000000000000016 R15: 0000000000000000
 </TASK>
INFO: task syz-executor.2:3646 blocked for more than 143 seconds.
      Not tainted 6.1.0-rc3-syzkaller-00239-g10d916c86eca #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2  state:D stack:22008 pid:3646  ppid:1      flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0x8fc/0xda0 kernel/sched/core.c:6503
 schedule+0xcb/0x190 kernel/sched/core.c:6579
 rwsem_down_read_slowpath+0x5fe/0x950 kernel/locking/rwsem.c:1095
 __down_read_common+0x54/0x2a0 kernel/locking/rwsem.c:1260
 kernfs_find_and_get_ns+0x6d/0x100 fs/kernfs/dir.c:873
 kernfs_find_and_get include/linux/kernfs.h:597 [inline]
 sysfs_unmerge_group+0x5e/0x130 fs/sysfs/group.c:365
 dpm_sysfs_remove+0x4e/0xb0 drivers/base/power/sysfs.c:833
 device_del+0x2ed/0xbe0 drivers/base/core.c:3681
 device_unregister+0x17/0xb0 drivers/base/core.c:3736
 bdi_unregister+0x511/0x610 mm/backing-dev.c:945
 generic_shutdown_super+0x2ae/0x310 fs/super.c:507
 kill_anon_super+0x36/0x60 fs/super.c:1086
 v9fs_kill_super+0x48/0x90 fs/9p/vfs_super.c:223
 deactivate_locked_super+0xa7/0xf0 fs/super.c:332
 cleanup_mnt+0x494/0x520 fs/namespace.c:1186
 task_work_run+0x243/0x300 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0x134/0x160 kernel/entry/common.c:171
 exit_to_user_mode_prepare+0xad/0x110 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x2e/0x60 kernel/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fc002a8ca17
RSP: 002b:00007ffc961ea788 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fc002a8ca17
RDX: 00007ffc961ea85b RSI: 000000000000000a RDI: 00007ffc961ea850
RBP: 00007ffc961ea850 R08: 00000000ffffffff R09: 00007ffc961ea620
R10: 0000555556de18b3 R11: 0000000000000246 R12: 00007fc002ae5826
R13: 00007ffc961eb910 R14: 0000555556de1810 R15: 00007ffc961eb950
 </TASK>
INFO: task udevd:4690 blocked for more than 144 seconds.
      Not tainted 6.1.0-rc3-syzkaller-00239-g10d916c86eca #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:udevd           state:D stack:24200 pid:4690  ppid:2975   flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0x8fc/0xda0 kernel/sched/core.c:6503
 schedule+0xcb/0x190 kernel/sched/core.c:6579
 rwsem_down_read_slowpath+0x5fe/0x950 kernel/locking/rwsem.c:1095
 __down_read_common+0x54/0x2a0 kernel/locking/rwsem.c:1260
 kernfs_iop_permission+0xa9/0x360 fs/kernfs/inode.c:290
 do_inode_permission fs/namei.c:458 [inline]
 inode_permission+0x22c/0x450 fs/namei.c:525
 may_lookup fs/namei.c:1715 [inline]
 link_path_walk+0x2ef/0xf00 fs/namei.c:2262
 path_openat+0x237/0x2e00 fs/namei.c:3709
 do_filp_open+0x275/0x500 fs/namei.c:3740
 do_sys_openat2+0x13b/0x500 fs/open.c:1310
 do_sys_open fs/open.c:1326 [inline]
 __do_sys_openat fs/open.c:1342 [inline]
 __se_sys_openat fs/open.c:1337 [inline]
 __x64_sys_openat+0x243/0x290 fs/open.c:1337
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fc50b325697
RSP: 002b:00007fffd24a8e80 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000557c351c2120 RCX: 00007fc50b325697
RDX: 0000000000080000 RSI: 00007fffd24a8fb8 RDI: 00000000ffffff9c
RBP: 00007fffd24a8fb8 R08: 0000000000000008 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080000
R13: 0000557c351c2120 R14: 0000000000000001 R15: 0000557c3331f160
 </TASK>
INFO: task kworker/u4:10:5020 blocked for more than 144 seconds.
      Not tainted 6.1.0-rc3-syzkaller-00239-g10d916c86eca #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:10   state:D stack:25784 pid:5020  ppid:2      flags:0x00004000
Workqueue: netns cleanup_net
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0x8fc/0xda0 kernel/sched/core.c:6503
 schedule+0xcb/0x190 kernel/sched/core.c:6579
 rwsem_down_write_slowpath+0xfdc/0x14a0 kernel/locking/rwsem.c:1190
 __down_write_common kernel/locking/rwsem.c:1305 [inline]
 __down_write kernel/locking/rwsem.c:1314 [inline]
 down_write+0x231/0x270 kernel/locking/rwsem.c:1563
 kernfs_remove_by_name_ns+0x76/0x150 fs/kernfs/dir.c:1621
 kernfs_remove_by_name include/linux/kernfs.h:618 [inline]
 remove_files fs/sysfs/group.c:28 [inline]
 sysfs_remove_group+0x102/0x2b0 fs/sysfs/group.c:288
 sysfs_remove_groups+0x5b/0xb0 fs/sysfs/group.c:312
 destroy_gid_attrs drivers/infiniband/core/sysfs.c:1189 [inline]
 ib_free_port_attrs+0xc1/0x400 drivers/infiniband/core/sysfs.c:1409
 remove_one_compat_dev drivers/infiniband/core/device.c:1002 [inline]
 rdma_dev_exit_net+0x1f1/0x360 drivers/infiniband/core/device.c:1140
 ops_exit_list net/core/net_namespace.c:169 [inline]
 cleanup_net+0x758/0xc50 net/core/net_namespace.c:601
 process_one_work+0x81c/0xd10 kernel/workqueue.c:2289
 worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
 kthread+0x266/0x300 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
INFO: task syz-executor.3:5539 blocked for more than 145 seconds.
      Not tainted 6.1.0-rc3-syzkaller-00239-g10d916c86eca #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.3  state:D stack:25496 pid:5539  ppid:3645   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0x8fc/0xda0 kernel/sched/core.c:6503
 schedule+0xcb/0x190 kernel/sched/core.c:6579
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6638
 __mutex_lock_common+0xecf/0x26c0 kernel/locking/mutex.c:679
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:799
 smc_pnet_create_pnetids_list net/smc/smc_pnet.c:805 [inline]
 smc_pnet_net_init+0x173/0x420 net/smc/smc_pnet.c:874
 ops_init+0x353/0x5d0 net/core/net_namespace.c:135
 setup_net+0x4bb/0xc10 net/core/net_namespace.c:332
 copy_net_ns+0x359/0x5b0 net/core/net_namespace.c:478
 create_new_namespaces+0x4db/0x8e0 kernel/nsproxy.c:110
 copy_namespaces+0x333/0x390 kernel/nsproxy.c:178
 copy_process+0x1a55/0x3fc0 kernel/fork.c:2256
 kernel_clone+0x227/0x640 kernel/fork.c:2671
 __do_sys_clone kernel/fork.c:2812 [inline]
 __se_sys_clone kernel/fork.c:2796 [inline]
 __x64_sys_clone+0x276/0x2e0 kernel/fork.c:2796
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f3f8308b5a9
RSP: 002b:00007f3f83e41118 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007f3f831abf80 RCX: 00007f3f8308b5a9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000e5282200
RBP: 00007f3f830e67b0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 00007ffd26e6a61f R14: 00007f3f83e41300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.4:5551 blocked for more than 145 seconds.
      Not tainted 6.1.0-rc3-syzkaller-00239-g10d916c86eca #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4  state:D stack:25912 pid:5551  ppid:3648   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0x8fc/0xda0 kernel/sched/core.c:6503
 schedule+0xcb/0x190 kernel/sched/core.c:6579
 rwsem_down_read_slowpath+0x5fe/0x950 kernel/locking/rwsem.c:1095
 __down_read_common+0x54/0x2a0 kernel/locking/rwsem.c:1260
 kernfs_iop_permission+0xa9/0x360 fs/kernfs/inode.c:290
 do_inode_permission fs/namei.c:458 [inline]
 inode_permission+0x22c/0x450 fs/namei.c:525
 may_lookup fs/namei.c:1715 [inline]
 link_path_walk+0x2ef/0xf00 fs/namei.c:2262
 path_openat+0x237/0x2e00 fs/namei.c:3709
 do_filp_open+0x275/0x500 fs/namei.c:3740
 do_sys_openat2+0x13b/0x500 fs/open.c:1310
 do_sys_open fs/open.c:1326 [inline]
 __do_sys_openat fs/open.c:1342 [inline]
 __se_sys_openat fs/open.c:1337 [inline]
 __x64_sys_openat+0x243/0x290 fs/open.c:1337
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7ff22e88b5a9
RSP: 002b:00007ff22f589168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ff22e9abf80 RCX: 00007ff22e88b5a9
RDX: 0000000000000002 RSI: 0000000020000000 RDI: ffffffffffffff9c
RBP: 00007ff22e8e67b0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffede1a4b4f R14: 00007ff22f589300 R15: 0000000000022000
 </TASK>

Showing all locks held in the system:
1 lock held by rcu_tasks_kthre/12:
 #0: ffffffff8cd1f5b0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00 kernel/rcu/tasks.h:507
1 lock held by rcu_tasks_trace/13:
 #0: ffffffff8cd1fdb0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00 kernel/rcu/tasks.h:507
1 lock held by khungtaskd/28:
 #0: ffffffff8cd1f3e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
3 locks held by kworker/1:2/146:
 #0: ffff88814a508938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x796/0xd10 kernel/workqueue.c:2262
 #1: ffffc90002d8fd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0xd10 kernel/workqueue.c:2264
 #2: ffffffff8ddda848 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x15/0x30 net/ipv6/addrconf.c:4624
2 locks held by udevd/2975:
 #0: ffff88807696eee0 (&type->i_mutex_dir_key#4){++++}-{3:3}, at: iterate_dir+0x121/0x5f0 fs/readdir.c:55
 #1: ffff888012067948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_fop_readdir+0x577/0x870 fs/kernfs/dir.c:1810
2 locks held by getty/3287:
 #0: ffff88814a7b7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:244
 #1: ffffc900031262f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6e8/0x1e50 drivers/tty/n_tty.c:2177
1 lock held by syz-executor.0/3643:
 #0: ffff888012067948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_iop_permission+0xa9/0x360 fs/kernfs/inode.c:290
1 lock held by syz-executor.3/3645:
 #0: ffff888012067948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_iop_permission+0xa9/0x360 fs/kernfs/inode.c:290
1 lock held by syz-executor.2/3646:
 #0: ffff888012067948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_find_and_get_ns+0x6d/0x100 fs/kernfs/dir.c:873
1 lock held by syz-executor.4/3648:
 #0: ffff888012067948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_iop_permission+0xa9/0x360 fs/kernfs/inode.c:290
3 locks held by kworker/0:4/3701:
 #0: ffff88814a508938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x796/0xd10 kernel/workqueue.c:2262
 #1: ffffc90004c8fd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0xd10 kernel/workqueue.c:2264
 #2: ffffffff8ddda848 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x15/0x30 net/ipv6/addrconf.c:4624
1 lock held by udevd/4690:
 #0: ffff888012067948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_iop_permission+0xa9/0x360 fs/kernfs/inode.c:290
4 locks held by kworker/u4:10/5020:
 #0: ffff8880121c3138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x796/0xd10 kernel/workqueue.c:2262
 #1: ffffc90005e67d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0xd10 kernel/workqueue.c:2264
 #2: ffffffff8ddce510 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf0/0xc50 net/core/net_namespace.c:563
 #3: ffff888012067948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_remove_by_name_ns+0x76/0x150 fs/kernfs/dir.c:1621
2 locks held by syz-executor.1/5526:
3 locks held by syz-executor.5/5528:
 #0: ffffffff8ddce510 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x33d/0x5b0 net/core/net_namespace.c:474
 #1: ffffffff8ddda848 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x209/0x700 net/ipv4/ip_tunnel.c:1072
 #2: ffff888012067948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_activate+0x76/0x3a0 fs/kernfs/dir.c:1341
5 locks held by syz-executor.0/5543:
2 locks held by syz-executor.3/5539:
 #0: ffffffff8ddce510 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x33d/0x5b0 net/core/net_namespace.c:474
 #1: ffffffff8ddda848 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:805 [inline]
 #1: ffffffff8ddda848 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x173/0x420 net/smc/smc_pnet.c:874
1 lock held by syz-executor.4/5551:
 #0: ffff888012067948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_iop_permission+0xa9/0x360 fs/kernfs/inode.c:290
1 lock held by syz-executor.5/5559:
 #0: ffff888012067948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_iop_permission+0xa9/0x360 fs/kernfs/inode.c:290
1 lock held by syz-executor.1/5560:
 #0: ffff888012067948 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_iop_permission+0xa9/0x360 fs/kernfs/inode.c:290

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.1.0-rc3-syzkaller-00239-g10d916c86eca #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 nmi_cpu_backtrace+0x4e3/0x560 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x19b/0x3e0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline]
 watchdog+0xcf5/0xd40 kernel/hung_task.c:377
 kthread+0x266/0x300 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 5528 Comm: syz-executor.5 Not tainted 6.1.0-rc3-syzkaller-00239-g10d916c86eca #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:202
Code: e1 da f6 ff 90 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 8e 13 18 f7 48 89 df e8 46 6b 19 f7 e8 01 60 3f f7 fb bf 01 00 00 00 <e8> a6 c6 0b f7 65 8b 05 e7 54 b1 75 85 c0 74 02 5b c3 e8 34 76 af
RSP: 0018:ffffc9001588ed30 EFLAGS: 00000286
RAX: 2cd98ad0bc92d800 RBX: ffff8880120678f0 RCX: ffffffff8169714a
RDX: dffffc0000000000 RSI: ffffffff8aad68a0 RDI: 0000000000000001
RBP: ffffc9001588ef70 R08: dffffc0000000000 R09: fffffbfff1ffb00a
R10: fffffbfff1ffb00a R11: 1ffffffff1ffb009 R12: ffffc900159f6f60
R13: dffffc0000000000 R14: ffff8880120678d8 R15: 0000000000000006
FS:  00007fb3739f5700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f0d64e5e30 CR3: 00000000827ec000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 rwsem_down_write_slowpath+0xedd/0x14a0 kernel/locking/rwsem.c:1166
 __down_write_common kernel/locking/rwsem.c:1305 [inline]
 __down_write kernel/locking/rwsem.c:1314 [inline]
 down_write+0x231/0x270 kernel/locking/rwsem.c:1563
 kernfs_activate+0x76/0x3a0 fs/kernfs/dir.c:1341
 kernfs_add_one+0x465/0x560 fs/kernfs/dir.c:776
 kernfs_create_dir_ns+0x1bf/0x220 fs/kernfs/dir.c:1021
 sysfs_create_dir_ns+0x181/0x390 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:63 [inline]
 kobject_add_internal+0x6dd/0xd10 lib/kobject.c:223
 kobject_add_varg lib/kobject.c:358 [inline]
 kobject_init_and_add+0x123/0x190 lib/kobject.c:441
 netdev_queue_add_kobject net/core/net-sysfs.c:1666 [inline]
 netdev_queue_update_kobjects+0x20c/0x4c0 net/core/net-sysfs.c:1718
 register_queue_kobjects net/core/net-sysfs.c:1779 [inline]
 netdev_register_kobject+0x263/0x310 net/core/net-sysfs.c:2019
 register_netdevice+0x136c/0x1a20 net/core/dev.c:10057
 __ip_tunnel_create+0x2af/0x370 net/ipv4/ip_tunnel.c:267
 ip_tunnel_init_net+0x219/0x700 net/ipv4/ip_tunnel.c:1073
 ops_init+0x353/0x5d0 net/core/net_namespace.c:135
 setup_net+0x4bb/0xc10 net/core/net_namespace.c:332
 copy_net_ns+0x359/0x5b0 net/core/net_namespace.c:478
 create_new_namespaces+0x4db/0x8e0 kernel/nsproxy.c:110
 copy_namespaces+0x333/0x390 kernel/nsproxy.c:178
 copy_process+0x1a55/0x3fc0 kernel/fork.c:2256
 kernel_clone+0x227/0x640 kernel/fork.c:2671
 __do_sys_clone3 kernel/fork.c:2970 [inline]
 __se_sys_clone3+0x372/0x410 kernel/fork.c:2954
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fb372c8b5a9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb3739f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
RAX: ffffffffffffffda RBX: 00007fb372dac120 RCX: 00007fb372c8b5a9
RDX: 0000000000000000 RSI: 0000000000000058 RDI: 00007fb3739f5050
RBP: 00007fb372ce67b0 R08: 0000000000000000 R09: 0000000000000058
R10: 00007fb3739f5050 R11: 0000000000000246 R12: 0000000000000058
R13: 00007ffcc46e871f R14: 00007fb3739f5300 R15: 0000000000022000
 </TASK>

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/11/05 14:08 upstream 10d916c86eca 6d752409 .config console log report info ci-upstream-kasan-gce-smack-root INFO: task hung in kernfs_fop_readdir
2022/11/02 02:20 upstream b229b6ca5abb edac4fd1 .config console log report info ci-upstream-kasan-gce-smack-root INFO: task hung in kernfs_fop_readdir
* Struck through repros no longer work on HEAD.