INFO: task syz.3.2487:11400 blocked for more than 143 seconds.
Not tainted 6.6.100-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.2487 state:D stack:26472 pid:11400 ppid:5789 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5381 [inline]
__schedule+0x14d2/0x44d0 kernel/sched/core.c:6700
schedule+0xbd/0x170 kernel/sched/core.c:6774
schedule_timeout+0x9b/0x280 kernel/time/timer.c:2143
do_wait_for_common kernel/sched/completion.c:95 [inline]
__wait_for_common kernel/sched/completion.c:116 [inline]
wait_for_common kernel/sched/completion.c:127 [inline]
wait_for_completion+0x2bd/0x590 kernel/sched/completion.c:148
__flush_work+0x895/0x9f0 kernel/workqueue.c:3430
__cancel_work_timer+0x3b0/0x520 kernel/workqueue.c:3517
htable_put+0x1dc/0x240 net/netfilter/xt_hashlimit.c:429
cleanup_match net/ipv4/netfilter/ip_tables.c:459 [inline]
cleanup_entry+0x131/0x300 net/ipv4/netfilter/ip_tables.c:644
translate_table+0x1ddf/0x1fe0 net/ipv4/netfilter/ip_tables.c:727
do_replace net/ipv4/netfilter/ip_tables.c:1137 [inline]
do_ipt_set_ctl+0x960/0xcc0 net/ipv4/netfilter/ip_tables.c:1635
nf_setsockopt+0x263/0x280 net/netfilter/nf_sockopt.c:101
do_sock_setsockopt+0x175/0x1a0 net/socket.c:2322
__sys_setsockopt net/socket.c:2345 [inline]
__do_sys_setsockopt net/socket.c:2354 [inline]
__se_sys_setsockopt net/socket.c:2351 [inline]
__x64_sys_setsockopt+0x184/0x200 net/socket.c:2351
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7ff37238e9a9
RSP: 002b:00007ff3732ea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007ff3725b5fa0 RCX: 00007ff37238e9a9
RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003
RBP: 00007ff372410d69 R08: 00000000000003e0 R09: 0000000000000000
R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ff3725b5fa0 R15: 00007ffe1f85df68
</TASK>
Showing all locks held in the system:
2 locks held by kworker/0:0/8:
#0: ffff888017872538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
#0: ffff888017872538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
#1: ffffc900000d7d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
#1: ffffc900000d7d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
5 locks held by kworker/1:0/23:
1 lock held by khungtaskd/29:
#0: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
#0: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
#0: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 kernel/locking/lockdep.c:6633
2 locks held by kworker/1:2/54:
3 locks held by kworker/0:2/1187:
2 locks held by kworker/u4:10/3513:
#0: ffff8880b8e3c458 (&rq->__lock
){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:558
#1: ffff8880b8e288c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39c/0x6d0 kernel/sched/psi.c:998
2 locks held by kworker/u4:12/3563:
2 locks held by getty/5551:
#0: ffff888031f020a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x425/0x1380 drivers/tty/n_tty.c:2217
1 lock held by syz-executor/5787:
3 locks held by kworker/0:4/5842:
#0: ffff888017870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
#0: ffff888017870938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
#1: ffffc9000486fd00 (free_ipc_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
#1: ffffc9000486fd00 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
#2: ffffffff8cd35b78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:292 [inline]
#2: ffffffff8cd35b78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x448/0x830 kernel/rcu/tree_exp.h:1004
1 lock held by syz-executor/12275:
1 lock held by syz.0.3210/13237:
1 lock held by syz.1.3211/13239:
2 locks held by sed/13258:
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.6.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
<TASK>
dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
nmi_cpu_backtrace+0x39b/0x3d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x2f0 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
watchdog+0xf41/0xf80 kernel/hung_task.c:379
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 23 Comm: kworker/1:0 Not tainted 6.6.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_power_efficient htable_gc
RIP: 0010:check_region_inline mm/kasan/generic.c:169 [inline]
RIP: 0010:kasan_check_range+0x12/0x290 mm/kasan/generic.c:187
Code: 0f 0b b8 ea ff ff ff c3 0f 0b b8 ea ff ff ff c3 cc cc cc cc cc cc cc cc 66 0f 1f 00 b0 01 48 85 f6 0f 84 b8 01 00 00 55 41 57 <41> 56 41 55 41 54 53 4c 8d 04 37 49 39 f8 0f 82 5a 02 00 00 49 89
RSP: 0018:ffffc900001f0528 EFLAGS: 00000002
RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff818bf7e8
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8e4a7da8
RBP: ffffc900001f05f0 R08: ffffffff8e4a7daf R09: 1ffffffff1c94fb5
R10: dffffc0000000000 R11: fffffbfff1c94fb6 R12: ffffffff892a6186
R13: ffffffff892a6186 R14: dffffc0000000000 R15: 1ffff9200003e0ac
FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff3732e9f98 CR3: 000000005944a000 CR4: 00000000003506e0
Call Trace:
<IRQ>
instrument_atomic_read include/linux/instrumented.h:68 [inline]
_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
cpumask_test_cpu include/linux/cpumask.h:504 [inline]
cpu_online include/linux/cpumask.h:1082 [inline]
trace_irq_enable+0x28/0xe0 include/trace/events/preemptirq.h:40
trace_hardirqs_on+0x18/0x40 kernel/trace/trace_preemptirq.c:56
__local_bh_enable_ip+0x12e/0x1c0 kernel/softirq.c:411
local_bh_enable include/linux/bottom_half.h:33 [inline]
ip6_pol_route+0xd58/0x1160 net/ipv6/route.c:2295
pol_lookup_func include/net/ip6_fib.h:578 [inline]
fib6_rule_lookup+0x1d7/0x510 net/ipv6/fib6_rules.c:116
ip6_route_input_lookup net/ipv6/route.c:2326 [inline]
ip6_route_input+0x6cf/0xa50 net/ipv6/route.c:2622
ip6_rcv_finish+0x143/0x230 net/ipv6/ip6_input.c:77
NF_HOOK+0x303/0x390 include/linux/netfilter.h:304
__netif_receive_skb_one_core net/core/dev.c:5596 [inline]
__netif_receive_skb+0xcc/0x290 net/core/dev.c:5710
process_backlog+0x380/0x6e0 net/core/dev.c:6038
__napi_poll+0xc0/0x460 net/core/dev.c:6600
napi_poll net/core/dev.c:6667 [inline]
net_rx_action+0x5ea/0xbf0 net/core/dev.c:6803
handle_softirqs+0x280/0x820 kernel/softirq.c:578
do_softirq+0xed/0x180 kernel/softirq.c:479
</IRQ>
<TASK>
__local_bh_enable_ip+0x178/0x1c0 kernel/softirq.c:406
spin_unlock_bh include/linux/spinlock.h:396 [inline]
htable_selective_cleanup+0x286/0x320 net/netfilter/xt_hashlimit.c:374
htable_gc+0x29/0xa0 net/netfilter/xt_hashlimit.c:385
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>