BUG: sleeping function called from invalid context at kernel/locking/mutex.c:908
in_atomic(): 1, irqs_disabled(): 0, pid: 15850, name: udevd
3 locks held by udevd/15850:
#0: 00000000db20d4bf (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x173/0x230 mm/util.c:355
#1: 00000000f8fe4e76 (&(&mm->page_table_lock)->rlock){+.+.}, at: spin_lock include/linux/spinlock.h:329 [inline]
#1: 00000000f8fe4e76 (&(&mm->page_table_lock)->rlock){+.+.}, at: browse_rb mm/mmap.c:320 [inline]
#1: 00000000f8fe4e76 (&(&mm->page_table_lock)->rlock){+.+.}, at: validate_mm+0x32f/0x620 mm/mmap.c:387
#2: 0000000047395c16 ((&sp->resync_t)){+.-.}, at: lockdep_copy_map include/linux/lockdep.h:168 [inline]
#2: 0000000047395c16 ((&sp->resync_t)){+.-.}, at: call_timer_fn+0xda/0x720 kernel/time/timer.c:1316
Preemption disabled at:
[<ffffffff8197167f>] spin_lock include/linux/spinlock.h:329 [inline]
[<ffffffff8197167f>] browse_rb mm/mmap.c:320 [inline]
[<ffffffff8197167f>] validate_mm+0x32f/0x620 mm/mmap.c:387
CPU: 0 PID: 15850 Comm: udevd Not tainted 4.19.101-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
___might_sleep.cold+0x1bd/0x1f6 kernel/sched/core.c:6192
__might_sleep+0x95/0x190 kernel/sched/core.c:6145
__mutex_lock_common kernel/locking/mutex.c:908 [inline]
__mutex_lock+0xc8/0x1300 kernel/locking/mutex.c:1072
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123
resync_tnc+0x1b6/0x320 drivers/net/hamradio/6pack.c:522
call_timer_fn+0x18d/0x720 kernel/time/timer.c:1326
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers kernel/time/timer.c:1684 [inline]
__run_timers kernel/time/timer.c:1652 [inline]
run_timer_softirq+0x64f/0x16a0 kernel/time/timer.c:1697
__do_softirq+0x25c/0x921 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x180/0x1d0 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893
</IRQ>
RIP: 0010:check_kcov_mode kernel/kcov.c:67 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x18/0x50 kernel/kcov.c:101
Code: e9 ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 48 8b 75 08 65 48 8b 04 25 40 ee 01 00 65 8b 15 58 e2 96 7e <81> e2 00 01 1f 00 75 2b 8b 90 d0 12 00 00 83 fa 02 75 20 48 8b 88
RSP: 0018:ffff8880498c7af0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: ffff88804d7526c0 RBX: 0000000000000000 RCX: ffffffff819716bb
RDX: 0000000080000001 RSI: ffffffff819716c9 RDI: 0000000000000006
RBP: ffff8880498c7af0 R08: ffff88804d7526c0 R09: ffffed1009a60f2f
R10: ffffed1009a60f2e R11: ffff88804d307973 R12: ffff8880991b4758
R13: 0000000000000000 R14: ffff8880991b4740 R15: ffff8880991b4738
spin_unlock include/linux/spinlock.h:369 [inline]
browse_rb mm/mmap.c:327 [inline]
validate_mm+0x379/0x620 mm/mmap.c:387
vma_link+0x117/0x180 mm/mmap.c:626
mmap_region+0x119e/0x1760 mm/mmap.c:1780
do_mmap+0x8e2/0x1080 mm/mmap.c:1530
do_mmap_pgoff include/linux/mm.h:2314 [inline]
vm_mmap_pgoff+0x1c5/0x230 mm/util.c:357
ksys_mmap_pgoff+0xf7/0x630 mm/mmap.c:1580
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline]
__x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f184e4c5d0a
Code: b8 ff ff ff ff e9 fa fe ff ff 48 63 fb b8 03 00 00 00 0f 05 b8 ff ff ff ff e9 e6 fe ff ff 90 90 49 89 ca b8 09 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d fe c0 2a 00 31 d2 48 29 c2 64
RSP: 002b:00007ffe270d94d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 0000000001f56c70 RCX: 00007f184e4c5d0a
RDX: 0000000000000003 RSI: 0000000000001000 RDI: 0000000000000000
RBP: 0000000000001000 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000420724
R13: 0000000000000002 R14: 0000000000420724 R15: 0000000000420724
================================
WARNING: inconsistent lock state
4.19.101-syzkaller #0 Tainted: G W
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
udevd/15850 [HC0[0]:SC1[1]:HE1:SE0] takes:
000000005b105f36 (&tpk_port.port_write_mutex){+.?.}, at: tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123
{SOFTIRQ-ON-W} state was registered at:
lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3903
__mutex_lock_common kernel/locking/mutex.c:925 [inline]
__mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123
tnc_init drivers/net/hamradio/6pack.c:536 [inline]
sixpack_open+0x9d3/0xbf5 drivers/net/hamradio/6pack.c:632
tty_ldisc_open.isra.0+0x89/0xd0 drivers/tty/tty_ldisc.c:469
tty_set_ldisc+0x2d7/0x690 drivers/tty/tty_ldisc.c:594
tiocsetd drivers/tty/tty_io.c:2359 [inline]
tty_ioctl+0x65e/0x1510 drivers/tty/tty_io.c:2603
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xd5f/0x1380 fs/ioctl.c:688
ksys_ioctl+0xab/0xd0 fs/ioctl.c:705
__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:710
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
irq event stamp: 650324
hardirqs last enabled at (650324): [<ffffffff81006693>] trace_hardirqs_on_thunk+0x1a/0x1c
hardirqs last disabled at (650323): [<ffffffff810066af>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last enabled at (645232): [<ffffffff87800633>] __do_softirq+0x633/0x921 kernel/softirq.c:318
softirqs last disabled at (650213): [<ffffffff81403860>] invoke_softirq kernel/softirq.c:372 [inline]
softirqs last disabled at (650213): [<ffffffff81403860>] irq_exit+0x180/0x1d0 kernel/softirq.c:412
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&tpk_port.port_write_mutex);
<Interrupt>
lock(&tpk_port.port_write_mutex);
*** DEADLOCK ***
3 locks held by udevd/15850:
#0: 00000000db20d4bf (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x173/0x230 mm/util.c:355
#1: 00000000f8fe4e76 (&(&mm->page_table_lock)->rlock){+.+.}, at: spin_lock include/linux/spinlock.h:329 [inline]
#1: 00000000f8fe4e76 (&(&mm->page_table_lock)->rlock){+.+.}, at: browse_rb mm/mmap.c:320 [inline]
#1: 00000000f8fe4e76 (&(&mm->page_table_lock)->rlock){+.+.}, at: validate_mm+0x32f/0x620 mm/mmap.c:387
#2: 0000000047395c16 ((&sp->resync_t)){+.-.}, at: lockdep_copy_map include/linux/lockdep.h:168 [inline]
#2: 0000000047395c16 ((&sp->resync_t)){+.-.}, at: call_timer_fn+0xda/0x720 kernel/time/timer.c:1316
stack backtrace:
CPU: 0 PID: 15850 Comm: udevd Tainted: G W 4.19.101-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
print_usage_bug.cold+0x330/0x42a kernel/locking/lockdep.c:2540
valid_state kernel/locking/lockdep.c:2553 [inline]
mark_lock_irq kernel/locking/lockdep.c:2747 [inline]
mark_lock+0xd1b/0x1370 kernel/locking/lockdep.c:3127
mark_irqflags kernel/locking/lockdep.c:3005 [inline]
__lock_acquire+0xc62/0x49c0 kernel/locking/lockdep.c:3368
lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3903
__mutex_lock_common kernel/locking/mutex.c:925 [inline]
__mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123
resync_tnc+0x1b6/0x320 drivers/net/hamradio/6pack.c:522
call_timer_fn+0x18d/0x720 kernel/time/timer.c:1326
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers kernel/time/timer.c:1684 [inline]
__run_timers kernel/time/timer.c:1652 [inline]
run_timer_softirq+0x64f/0x16a0 kernel/time/timer.c:1697
__do_softirq+0x25c/0x921 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x180/0x1d0 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893
</IRQ>
RIP: 0010:check_kcov_mode kernel/kcov.c:67 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x18/0x50 kernel/kcov.c:101
Code: e9 ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 48 8b 75 08 65 48 8b 04 25 40 ee 01 00 65 8b 15 58 e2 96 7e <81> e2 00 01 1f 00 75 2b 8b 90 d0 12 00 00 83 fa 02 75 20 48 8b 88
RSP: 0018:ffff8880498c7af0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: ffff88804d7526c0 RBX: 0000000000000000 RCX: ffffffff819716bb
RDX: 0000000080000001 RSI: ffffffff819716c9 RDI: 0000000000000006
RBP: ffff8880498c7af0 R08: ffff88804d7526c0 R09: ffffed1009a60f2f
R10: ffffed1009a60f2e R11: ffff88804d307973 R12: ffff8880991b4758
R13: 0000000000000000 R14: ffff8880991b4740 R15: ffff8880991b4738
spin_unlock include/linux/spinlock.h:369 [inline]
browse_rb mm/mmap.c:327 [inline]
validate_mm+0x379/0x620 mm/mmap.c:387
vma_link+0x117/0x180 mm/mmap.c:626
mmap_region+0x119e/0x1760 mm/mmap.c:1780
do_mmap+0x8e2/0x1080 mm/mmap.c:1530
do_mmap_pgoff include/linux/mm.h:2314 [inline]
vm_mmap_pgoff+0x1c5/0x230 mm/util.c:357
ksys_mmap_pgoff+0xf7/0x630 mm/mmap.c:1580
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline]
__x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f184e4c5d0a
Code: b8 ff ff ff ff e9 fa fe ff ff 48 63 fb b8 03 00 00 00 0f 05 b8 ff ff ff ff e9 e6 fe ff ff 90 90 49 89 ca b8 09 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d fe c0 2a 00 31 d2 48 29 c2 64
RSP: 002b:00007ffe270d94d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 0000000001f56c70 RCX: 00007f184e4c5d0a
RDX: 0000000000000003 RSI: 0000000000001000 RDI: 0000000000000000
RBP: 0000000000001000 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000420724
R13: 0000000000000002 R14: 0000000000420724 R15: 0000000000420724
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:908
in_atomic(): 1, irqs_disabled(): 0, pid: 15850, name: udevd
INFO: lockdep is turned off.
Preemption disabled at:
[<ffffffff8197167f>] spin_lock include/linux/spinlock.h:329 [inline]
[<ffffffff8197167f>] browse_rb mm/mmap.c:320 [inline]
[<ffffffff8197167f>] validate_mm+0x32f/0x620 mm/mmap.c:387
CPU: 0 PID: 15850 Comm: udevd Tainted: G W 4.19.101-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
___might_sleep.cold+0x1bd/0x1f6 kernel/sched/core.c:6192
__might_sleep+0x95/0x190 kernel/sched/core.c:6145
__mutex_lock_common kernel/locking/mutex.c:908 [inline]
__mutex_lock+0xc8/0x1300 kernel/locking/mutex.c:1072
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123
resync_tnc+0x22e/0x320 drivers/net/hamradio/6pack.c:523
call_timer_fn+0x18d/0x720 kernel/time/timer.c:1326
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers kernel/time/timer.c:1684 [inline]
__run_timers kernel/time/timer.c:1652 [inline]
run_timer_softirq+0x64f/0x16a0 kernel/time/timer.c:1697
__do_softirq+0x25c/0x921 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x180/0x1d0 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893
</IRQ>
RIP: 0010:check_kcov_mode kernel/kcov.c:67 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x18/0x50 kernel/kcov.c:101
Code: e9 ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 48 8b 75 08 65 48 8b 04 25 40 ee 01 00 65 8b 15 58 e2 96 7e <81> e2 00 01 1f 00 75 2b 8b 90 d0 12 00 00 83 fa 02 75 20 48 8b 88
RSP: 0018:ffff8880498c7af0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: ffff88804d7526c0 RBX: 0000000000000000 RCX: ffffffff819716bb
RDX: 0000000080000001 RSI: ffffffff819716c9 RDI: 0000000000000006
RBP: ffff8880498c7af0 R08: ffff88804d7526c0 R09: ffffed1009a60f2f
R10: ffffed1009a60f2e R11: ffff88804d307973 R12: ffff8880991b4758
R13: 0000000000000000 R14: ffff8880991b4740 R15: ffff8880991b4738
spin_unlock include/linux/spinlock.h:369 [inline]
browse_rb mm/mmap.c:327 [inline]
validate_mm+0x379/0x620 mm/mmap.c:387
vma_link+0x117/0x180 mm/mmap.c:626
mmap_region+0x119e/0x1760 mm/mmap.c:1780
do_mmap+0x8e2/0x1080 mm/mmap.c:1530
do_mmap_pgoff include/linux/mm.h:2314 [inline]
vm_mmap_pgoff+0x1c5/0x230 mm/util.c:357
ksys_mmap_pgoff+0xf7/0x630 mm/mmap.c:1580
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline]
__x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f184e4c5d0a
Code: b8 ff ff ff ff e9 fa fe ff ff 48 63 fb b8 03 00 00 00 0f 05 b8 ff ff ff ff e9 e6 fe ff ff 90 90 49 89 ca b8 09 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d fe c0 2a 00 31 d2 48 29 c2 64
RSP: 002b:00007ffe270d94d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 0000000001f56c70 RCX: 00007f184e4c5d0a
RDX: 0000000000000003 RSI: 0000000000001000 RDI: 0000000000000000
RBP: 0000000000001000 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000420724
R13: 0000000000000002 R14: 0000000000420724 R15: 0000000000420724
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 19323 Comm: syz-executor.0 Tainted: G W 4.19.101-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0xa/0x1b lib/fault-inject.c:149
__should_failslab+0x121/0x190 mm/failslab.c:32
should_failslab+0x9/0x14 mm/slab_common.c:1558
slab_pre_alloc_hook mm/slab.h:424 [inline]
slab_alloc mm/slab.c:3383 [inline]
kmem_cache_alloc+0x47/0x700 mm/slab.c:3557
__build_skb+0x3e/0x310 net/core/skbuff.c:281
__napi_alloc_skb+0x1d2/0x310 net/core/skbuff.c:486
napi_alloc_skb include/linux/skbuff.h:2707 [inline]
napi_get_frags net/core/dev.c:5657 [inline]
napi_get_frags+0x65/0x140 net/core/dev.c:5652
tun_napi_alloc_frags drivers/net/tun.c:1456 [inline]
tun_get_user+0x16d4/0x4c90 drivers/net/tun.c:1800
tun_chr_write_iter+0xbd/0x156 drivers/net/tun.c:1989
call_write_iter include/linux/fs.h:1820 [inline]
do_iter_readv_writev+0x558/0x830 fs/read_write.c:681
do_iter_write fs/read_write.c:960 [inline]
do_iter_write+0x184/0x5f0 fs/read_write.c:941
vfs_writev+0x1b3/0x2f0 fs/read_write.c:1005
do_writev+0x15e/0x370 fs/read_write.c:1040
__do_sys_writev fs/read_write.c:1113 [inline]
__se_sys_writev fs/read_write.c:1110 [inline]
__x64_sys_writev+0x75/0xb0 fs/read_write.c:1110
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45b251
Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 b7 fb ff c3 48 83 ec 08 e8 fa 2c 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 43 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007f7191a1aba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 000000000000007a RCX: 000000000045b251
RDX: 0000000000000001 RSI: 00007f7191a1ac00 RDI: 00000000000000f0
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000064 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000b7a R14: 00000000004cc5a6 R15: 0000000000000000
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:908
in_atomic(): 1, irqs_disabled(): 0, pid: 10651, name: kworker/u4:8
INFO: lockdep is turned off.
Preemption disabled at:
[<ffffffff878000f3>] __do_softirq+0xf3/0x921 kernel/softirq.c:269
CPU: 0 PID: 10651 Comm: kworker/u4:8 Tainted: G W 4.19.101-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
___might_sleep.cold+0x1bd/0x1f6 kernel/sched/core.c:6192
__might_sleep+0x95/0x190 kernel/sched/core.c:6145
__mutex_lock_common kernel/locking/mutex.c:908 [inline]
__mutex_lock+0xc8/0x1300 kernel/locking/mutex.c:1072
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123
resync_tnc+0x1b6/0x320 drivers/net/hamradio/6pack.c:522
call_timer_fn+0x18d/0x720 kernel/time/timer.c:1326
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers kernel/time/timer.c:1684 [inline]
__run_timers kernel/time/timer.c:1652 [inline]
run_timer_softirq+0x64f/0x16a0 kernel/time/timer.c:1697
__do_softirq+0x25c/0x921 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x180/0x1d0 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893
</IRQ>
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:99 [inline]
RIP: 0010:__local_bh_enable_ip+0x18e/0x270 kernel/softirq.c:196
Code: 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 df 00 00 00 48 83 3d 17 35 b2 07 00 0f 84 8f 00 00 00 fb 66 0f 1f 44 00 00 <65> 8b 05 7b cb c1 7e 85 c0 74 7f 5b 41 5c 41 5d 5d c3 80 3d fb aa
RSP: 0018:ffff888048c6f6b0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff11e4aeb RBX: 0000000000000200 RCX: 1ffffffff1278af8
RDX: dffffc0000000000 RSI: ffffffff8170472e RDI: ffffffff8140221a
RBP: ffff888048c6f6c8 R08: ffff8880490e0480 R09: fffffbfff11cc98e
R10: fffffbfff11cc98d R11: ffffffff88e64c6b R12: ffffffff85f4aae1
R13: ffffffff88e64c68 R14: 0000000000000001 R15: dffffc0000000000
local_bh_enable include/linux/bottom_half.h:32 [inline]
get_next_corpse net/netfilter/nf_conntrack_core.c:1928 [inline]
nf_ct_iterate_cleanup+0x217/0x4e0 net/netfilter/nf_conntrack_core.c:1951
nf_ct_iterate_cleanup_net net/netfilter/nf_conntrack_core.c:2036 [inline]
nf_ct_iterate_cleanup_net+0x133/0x190 net/netfilter/nf_conntrack_core.c:2021
masq_device_event+0xb5/0xe0 net/ipv6/netfilter/nf_nat_masquerade_ipv6.c:77
notifier_call_chain+0xc2/0x230 kernel/notifier.c:93
__raw_notifier_call_chain kernel/notifier.c:394 [inline]
raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:401
call_netdevice_notifiers_info+0x3f/0x90 net/core/dev.c:1748
call_netdevice_notifiers net/core/dev.c:1766 [inline]
dev_close_many+0x33f/0x6f0 net/core/dev.c:1518
rollback_registered_many+0x33f/0xda0 net/core/dev.c:8157
unregister_netdevice_many.part.0+0x1b/0x1f0 net/core/dev.c:9294
unregister_netdevice_many net/core/dev.c:9293 [inline]
default_device_exit_batch+0x34e/0x410 net/core/dev.c:9765
ops_exit_list.isra.0+0xfc/0x150 net/core/net_namespace.c:156
cleanup_net+0x404/0x960 net/core/net_namespace.c:553
process_one_work+0x989/0x1750 kernel/workqueue.c:2153
worker_thread+0x98/0xe40 kernel/workqueue.c:2296
kthread+0x354/0x420 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415