INFO: task kworker/u4:3:49 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:3 state:D stack:22696 pid:49 ppid:2 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_verify_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5381 [inline]
__schedule+0x1553/0x45a0 kernel/sched/core.c:6700
schedule+0xbd/0x170 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747
addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4718
process_one_work kernel/workqueue.c:2653 [inline]
process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>
INFO: task kworker/u4:4:59 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:4 state:D stack:20040 pid:59 ppid:2 flags:0x00004000
Workqueue: events_unbound linkwatch_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5381 [inline]
__schedule+0x1553/0x45a0 kernel/sched/core.c:6700
schedule+0xbd/0x170 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747
linkwatch_event+0xe/0x60 net/core/link_watch.c:286
process_one_work kernel/workqueue.c:2653 [inline]
process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>
INFO: task syz.0.295:7062 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.295 state:D stack:24424 pid:7062 ppid:5771 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5381 [inline]
__schedule+0x1553/0x45a0 kernel/sched/core.c:6700
schedule+0xbd/0x170 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747
tun_detach drivers/net/tun.c:698 [inline]
tun_chr_close+0x41/0x1c0 drivers/net/tun.c:3511
__fput+0x234/0x970 fs/file_table.c:384
task_work_run+0x1d4/0x260 kernel/task_work.c:245
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
do_syscall_64+0x61/0xb0 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7ff4fcf9ce59
RSP: 002b:00007ffdbd916388 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007ff4fd217da0 RCX: 00007ff4fcf9ce59
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007ff4fd217da0 R08: 0000000000000006 R09: 0000000000000000
R10: 00007ff4fd217cb0 R11: 0000000000000246 R12: 0000000000027a75
R13: 00007ff4fd21618c R14: 0000000000027a0b R15: 00007ffdbd916490
</TASK>
INFO: task syz.0.295:7064 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.295 state:D stack:23944 pid:7064 ppid:5771 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5381 [inline]
__schedule+0x1553/0x45a0 kernel/sched/core.c:6700
schedule+0xbd/0x170 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747
wg_netns_pre_exit+0x1c/0x1c0 drivers/net/wireguard/device.c:421
ops_pre_exit_list net/core/net_namespace.c:163 [inline]
setup_net+0x648/0xa30 net/core/net_namespace.c:360
copy_net_ns+0x36d/0x5e0 net/core/net_namespace.c:520
create_new_namespaces+0x3d3/0x6f0 kernel/nsproxy.c:110
copy_namespaces+0x430/0x4a0 kernel/nsproxy.c:179
copy_process+0x1724/0x3dc0 kernel/fork.c:2511
kernel_clone+0x24b/0x8a0 kernel/fork.c:2917
__do_sys_clone kernel/fork.c:3060 [inline]
__se_sys_clone kernel/fork.c:3044 [inline]
__x64_sys_clone+0x1b7/0x230 kernel/fork.c:3044
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7ff4fcf9ce59
RSP: 002b:00007ff4fdef0fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ff4fd215fa0 RCX: 00007ff4fcf9ce59
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000010eb22f000
RBP: 00007ff4fd032d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 00007ff4fd216038 R14: 00007ff4fd215fa0 R15: 00007ffdbd916228
</TASK>
INFO: task syz.0.295:7065 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.295 state:D stack:24616 pid:7065 ppid:5771 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5381 [inline]
__schedule+0x1553/0x45a0 kernel/sched/core.c:6700
schedule+0xbd/0x170 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747
dev_ioctl+0x7a4/0x1140 net/core/dev_ioctl.c:769
sock_do_ioctl+0x239/0x310 net/socket.c:1233
sock_ioctl+0x5ba/0x7e0 net/socket.c:1340
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:871 [inline]
__se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7ff4fcf9ce59
RSP: 002b:00007ff4fded0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ff4fd216090 RCX: 00007ff4fcf9ce59
RDX: 0000200000000000 RSI: 0000000000008924 RDI: 000000000000000b
RBP: 00007ff4fd032d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ff4fd216128 R14: 00007ff4fd216090 R15: 00007ffdbd916228
</TASK>
INFO: task syz.0.295:7069 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.295 state:D stack:24968 pid:7069 ppid:5771 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5381 [inline]
__schedule+0x1553/0x45a0 kernel/sched/core.c:6700
schedule+0xbd/0x170 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747
rtnl_lock net/core/rtnetlink.c:78 [inline]
rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
netlink_rcv_skb+0x241/0x4d0 net/netlink/af_netlink.c:2545
netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
netlink_unicast+0x751/0x8d0 net/netlink/af_netlink.c:1346
netlink_sendmsg+0x8d0/0xbf0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x5ba/0x960 net/socket.c:2594
___sys_sendmsg+0x2a6/0x360 net/socket.c:2648
__sys_sendmsg net/socket.c:2677 [inline]
__do_sys_sendmsg net/socket.c:2686 [inline]
__se_sys_sendmsg+0x1c2/0x2b0 net/socket.c:2684
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7ff4fcf9ce59
RSP: 002b:00007ff4fdeaf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007ff4fd216180 RCX: 00007ff4fcf9ce59
RDX: 0000000000000000 RSI: 0000200000000940 RDI: 000000000000000c
RBP: 00007ff4fd032d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ff4fd216218 R14: 00007ff4fd216180 R15: 00007ffdbd916228
</TASK>
INFO: task syz.3.300:7083 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.300 state:D stack:25960 pid:7083 ppid:6130 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5381 [inline]
__schedule+0x1553/0x45a0 kernel/sched/core.c:6700
schedule+0xbd/0x170 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747
ethnl_default_dumpit+0x78/0x8a0 net/ethtool/netlink.c:494
genl_dumpit+0xff/0x1a0 net/netlink/genetlink.c:883
netlink_dump+0x747/0xe50 net/netlink/af_netlink.c:2264
__netlink_dump_start+0x5f1/0x810 net/netlink/af_netlink.c:2372
genl_family_rcv_msg_dumpit+0x214/0x310 net/netlink/genetlink.c:932
genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline]
genl_rcv_msg+0x5e5/0x7a0 net/netlink/genetlink.c:1066
netlink_rcv_skb+0x241/0x4d0 net/netlink/af_netlink.c:2545
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1075
netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
netlink_unicast+0x751/0x8d0 net/netlink/af_netlink.c:1346
netlink_sendmsg+0x8d0/0xbf0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x5ba/0x960 net/socket.c:2594
___sys_sendmsg+0x2a6/0x360 net/socket.c:2648
__sys_sendmsg net/socket.c:2677 [inline]
__do_sys_sendmsg net/socket.c:2686 [inline]
__se_sys_sendmsg+0x1c2/0x2b0 net/socket.c:2684
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f148e99ce59
RSP: 002b:00007f148f882028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f148ec15fa0 RCX: 00007f148e99ce59
RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009
RBP: 00007f148ea32d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f148ec16038 R14: 00007f148ec15fa0 R15: 00007ffea8731cf8
</TASK>
INFO: task syz.3.300:7084 blocked for more than 145 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.300 state:D stack:25544 pid:7084 ppid:6130 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5381 [inline]
__schedule+0x1553/0x45a0 kernel/sched/core.c:6700
schedule+0xbd/0x170 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747
rtnl_lock net/core/rtnetlink.c:78 [inline]
rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
netlink_rcv_skb+0x241/0x4d0 net/netlink/af_netlink.c:2545
netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
netlink_unicast+0x751/0x8d0 net/netlink/af_netlink.c:1346
netlink_sendmsg+0x8d0/0xbf0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x5ba/0x960 net/socket.c:2594
___sys_sendmsg+0x2a6/0x360 net/socket.c:2648
__sys_sendmsg net/socket.c:2677 [inline]
__do_sys_sendmsg net/socket.c:2686 [inline]
__se_sys_sendmsg+0x1c2/0x2b0 net/socket.c:2684
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f148e99ce59
RSP: 002b:00007f148f861028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f148ec16090 RCX: 00007f148e99ce59
RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000007
RBP: 00007f148ea32d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f148ec16128 R14: 00007f148ec16090 R15: 00007ffea8731cf8
</TASK>
INFO: task syz.3.300:7087 blocked for more than 145 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.300 state:D stack:27880 pid:7087 ppid:6130 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5381 [inline]
__schedule+0x1553/0x45a0 kernel/sched/core.c:6700
schedule+0xbd/0x170 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747
__tun_chr_ioctl+0x400/0x2000 drivers/net/tun.c:3121
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:871 [inline]
__se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f148e99ce59
RSP: 002b:00007f148f840028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f148ec16180 RCX: 00007f148e99ce59
RDX: 0000200000000040 RSI: 00000000400454ca RDI: 000000000000000b
RBP: 00007f148ea32d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f148ec16218 R14: 00007f148ec16180 R15: 00007ffea8731cf8
</TASK>
INFO: task syz.3.300:7088 blocked for more than 145 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.300 state:D stack:29128 pid:7088 ppid:6130 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5381 [inline]
__schedule+0x1553/0x45a0 kernel/sched/core.c:6700
schedule+0xbd/0x170 kernel/sched/core.c:6774
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6833
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x6a9/0xcc0 kernel/locking/mutex.c:747
__tun_chr_ioctl+0x400/0x2000 drivers/net/tun.c:3121
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:871 [inline]
__se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f148e99ce59
RSP: 002b:00007f148f81f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f148ec16270 RCX: 00007f148e99ce59
RDX: 0000000000000301 RSI: 00000000400454cd RDI: 000000000000000b
RBP: 00007f148ea32d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f148ec16308 R14: 00007f148ec16270 R15: 00007ffea8731cf8
</TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
Showing all locks held in the system:
1 lock held by khungtaskd/29:
#0: ffffffff8d132160 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
#0: ffffffff8d132160 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
#0: ffffffff8d132160 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 kernel/locking/lockdep.c:6633
3 locks held by kworker/u4:3/49:
#0: ffff88814cce0d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#0: ffff88814cce0d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#1: ffffc90000ba7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#1: ffffc90000ba7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#2: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4718
3 locks held by kworker/u4:4/59:
#0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#1: ffffc900015b7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#1: ffffc900015b7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#2: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:286
5 locks held by kworker/u4:6/2878:
#0: ffff8880b8e3c098 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:559
#1: ffff8880b8e28a00 (psi_seq){-.-.}-{0:0}, at: psi_sched_switch kernel/sched/stats.h:189 [inline]
#1: ffff8880b8e28a00 (psi_seq){-.-.}-{0:0}, at: __schedule+0x2176/0x45a0 kernel/sched/core.c:6695
#2: ffff888023908768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:5777 [inline]
#2: ffff888023908768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wiphy_work+0x35/0x260 net/wireless/core.c:424
#3: ffffffff97538990 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x6c/0x4f0 lib/debugobjects.c:709
#4: ffffffff8d132160 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
#4: ffffffff8d132160 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
#4: ffffffff8d132160 (rcu_read_lock){....}-{1:2}, at: ieee80211_sta_active_ibss+0xb1/0x320 net/mac80211/ibss.c:657
2 locks held by getty/5525:
#0: ffff88814d23b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 drivers/tty/n_tty.c:2217
3 locks held by kworker/0:3/5777:
#0: ffff888017c71d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#0: ffff888017c71d38 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#1: ffffc900045ffd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#1: ffffc900045ffd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#2: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x92/0xd90 net/wireless/reg.c:2463
1 lock held by syz.0.295/7062:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0 drivers/net/tun.c:3511
2 locks held by syz.0.295/7064:
#0: ffffffff8e3b9990 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x351/0x5e0 net/core/net_namespace.c:516
#1: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1c/0x1c0 drivers/net/wireguard/device.c:421
1 lock held by syz.0.295/7065:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x7a4/0x1140 net/core/dev_ioctl.c:769
1 lock held by syz.0.295/7069:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
1 lock held by syz.2.297/7073:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: dev_ethtool+0x1e2/0x18d0 net/ethtool/ioctl.c:3111
3 locks held by syz.3.300/7083:
#0: ffffffff8e42b8f0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1074
#1: ffff888025c4c690 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}, at: __netlink_dump_start+0xf4/0x810 net/netlink/af_netlink.c:2336
#2: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_dumpit+0x78/0x8a0 net/ethtool/netlink.c:494
1 lock held by syz.3.300/7084:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
1 lock held by syz.3.300/7087:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x400/0x2000 drivers/net/tun.c:3121
1 lock held by syz.3.300/7088:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x400/0x2000 drivers/net/tun.c:3121
3 locks held by syz.1.302/7090:
#0: ffffffff8e42b8f0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1074
#1: ffffffff8e42b708 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline]
#1: ffffffff8e42b708 (genl_mutex){+.+.}-{3:3}, at: genl_op_lock net/netlink/genetlink.c:58 [inline]
#1: ffffffff8e42b708 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x10c/0x7a0 net/netlink/genetlink.c:1065
#2: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_register_hw+0x2f45/0x4250 net/mac80211/main.c:1369
1 lock held by syz-executor/7097:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
1 lock held by syz-executor/7106:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
1 lock held by syz-executor/7108:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
1 lock held by syz-executor/7111:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
1 lock held by syz-executor/7119:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
1 lock held by syz-executor/7125:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
1 lock held by syz-executor/7127:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
1 lock held by syz-executor/7130:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
1 lock held by syz-executor/7139:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
1 lock held by syz-executor/7144:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
1 lock held by syz-executor/7147:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
1 lock held by syz-executor/7150:
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
#0: ffffffff8e3c6988 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6473
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Call Trace:
<TASK>
dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106
nmi_cpu_backtrace+0x3a6/0x3e0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x2f0 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
watchdog+0xf3d/0xf80 kernel/hung_task.c:379
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:pv_native_safe_halt+0xf/0x10 arch/x86/kernel/paravirt.c:148
Code: 88 1f 02 c3 cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 43 e4 3f 00 fb f4 <c3> 66 0f 1f 00 55 41 57 41 56 41 54 53 50 8b 2f eb 2e 41 89 de 80
RSP: 0018:ffffffff8ce07d80 EFLAGS: 000002c2
RAX: 0a1574b19e95e900 RBX: ffffffff8162af3d RCX: 0a1574b19e95e900
RDX: 0000000000000001 RSI: ffffffff8acacbe0 RDI: ffffffff8b1c9c20
RBP: ffffffff8ce07eb8 R08: ffff8880b8e36bab R09: 1ffff110171c6d75
R10: dffffc0000000000 R11: ffffed10171c6d76 R12: 1ffffffff19c0fbc
R13: dffffc0000000000 R14: 1ffffffff19d2688 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d0d5b99000 CR3: 000000001f764000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<TASK>
arch_safe_halt arch/x86/include/asm/paravirt.h:108 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:753
default_idle_call+0x6c/0xa0 kernel/sched/idle.c:97
cpuidle_idle_call kernel/sched/idle.c:178 [inline]
do_idle+0x33d/0x590 kernel/sched/idle.c:302
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:401
rest_init+0x2e2/0x300 init/main.c:744
arch_call_rest_init+0xe/0x10 init/main.c:840
start_kernel+0x459/0x4e0 init/main.c:1085
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:555
x86_64_start_kernel+0x60/0x60 arch/x86/kernel/head64.c:536
secondary_startup_64_no_verify+0x179/0x17b
</TASK>