INFO: task syz.4.4148:29467 blocked for more than 143 seconds.
Tainted: G U syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.4148 state:D stack:27016 pid:29467 tgid:29462 ppid:23268 task_flags:0x400140 flags:0x00004006
Call Trace:
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6961
__schedule_loop kernel/sched/core.c:7043 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7058
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x81b/0x1060 kernel/locking/mutex.c:760
cfg80211_pernet_exit+0x17/0x150 net/wireless/core.c:1668
ops_exit_list net/core/net_namespace.c:198 [inline]
ops_undo_list+0x2ee/0xab0 net/core/net_namespace.c:251
setup_net+0x1f1/0x380 net/core/net_namespace.c:453
copy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:570
create_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218
ksys_unshare+0x45b/0xa40 kernel/fork.c:3127
__do_sys_unshare kernel/fork.c:3198 [inline]
__se_sys_unshare kernel/fork.c:3196 [inline]
__x64_sys_unshare+0x31/0x40 kernel/fork.c:3196
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe52a98ebe9
RSP: 002b:00007fe52b836038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007fe52abc6090 RCX: 00007fe52a98ebe9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
RBP: 00007fe52aa11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fe52abc6128 R14: 00007fe52abc6090 R15: 00007ffc1b8f20e8
INFO: task syz.6.4155:29555 blocked for more than 143 seconds.
Tainted: G U syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.4155 state:D stack:27688 pid:29555 tgid:29553 ppid:27976 task_flags:0x400140 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6961
__schedule_loop kernel/sched/core.c:7043 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7058
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x81b/0x1060 kernel/locking/mutex.c:760
rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
register_netdevice_notifier_net+0x23/0xb0 net/core/dev.c:2082
ops_init+0x1e2/0x5f0 net/core/net_namespace.c:136
setup_net+0x10f/0x380 net/core/net_namespace.c:438
copy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:570
create_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218
ksys_unshare+0x45b/0xa40 kernel/fork.c:3127
__do_sys_unshare kernel/fork.c:3198 [inline]
__se_sys_unshare kernel/fork.c:3196 [inline]
__x64_sys_unshare+0x31/0x40 kernel/fork.c:3196
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5a8438ebe9
RSP: 002b:00007f5a85125038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007f5a845c5fa0 RCX: 00007f5a8438ebe9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
RBP: 00007f5a84411e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5a845c6038 R14: 00007f5a845c5fa0 R15: 00007ffc38594aa8
INFO: task syz.6.4155:29559 blocked for more than 143 seconds.
Tainted: G U syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.4155 state:D stack:27288 pid:29559 tgid:29553 ppid:27976 task_flags:0x400140 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6961
__schedule_loop kernel/sched/core.c:7043 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7058
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x81b/0x1060 kernel/locking/mutex.c:760
rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
register_netdevice_notifier_net+0x23/0xb0 net/core/dev.c:2082
ops_init+0x1e2/0x5f0 net/core/net_namespace.c:136
setup_net+0x10f/0x380 net/core/net_namespace.c:438
copy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:570
create_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218
ksys_unshare+0x45b/0xa40 kernel/fork.c:3127
__do_sys_unshare kernel/fork.c:3198 [inline]
__se_sys_unshare kernel/fork.c:3196 [inline]
__x64_sys_unshare+0x31/0x40 kernel/fork.c:3196
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5a8438ebe9
RSP: 002b:00007f5a825d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007f5a845c6180 RCX: 00007f5a8438ebe9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
RBP: 00007f5a84411e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5a845c6218 R14: 00007f5a845c6180 R15: 00007ffc38594aa8
INFO: task syz.6.4155:29565 blocked for more than 144 seconds.
Tainted: G U syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.4155 state:D stack:28792 pid:29565 tgid:29553 ppid:27976 task_flags:0x400140 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6961
__schedule_loop kernel/sched/core.c:7043 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7058
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x81b/0x1060 kernel/locking/mutex.c:760
resize_platform_label_table net/mpls/af_mpls.c:2549 [inline]
mpls_platform_labels+0x557/0xf00 net/mpls/af_mpls.c:2619
proc_sys_call_handler+0x440/0x570 fs/proc/proc_sysctl.c:600
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x7d0/0x11d0 fs/read_write.c:686
ksys_pwrite64 fs/read_write.c:793 [inline]
__do_sys_pwrite64 fs/read_write.c:801 [inline]
__se_sys_pwrite64 fs/read_write.c:798 [inline]
__x64_sys_pwrite64+0x1eb/0x250 fs/read_write.c:798
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5a8438ebe9
RSP: 002b:00007f5a821b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
RAX: ffffffffffffffda RBX: 00007f5a845c6270 RCX: 00007f5a8438ebe9
RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 00007f5a84411e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5a845c6308 R14: 00007f5a845c6270 R15: 00007ffc38594aa8
INFO: task syz.5.4156:29561 blocked for more than 144 seconds.
Tainted: G U syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.4156 state:D stack:27608 pid:29561 tgid:29560 ppid:19663 task_flags:0x400140 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6961
__schedule_loop kernel/sched/core.c:7043 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7058
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x81b/0x1060 kernel/locking/mutex.c:760
rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
register_netdevice_notifier_net+0x23/0xb0 net/core/dev.c:2082
ops_init+0x1e2/0x5f0 net/core/net_namespace.c:136
setup_net+0x10f/0x380 net/core/net_namespace.c:438
copy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:570
create_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218
ksys_unshare+0x45b/0xa40 kernel/fork.c:3127
__do_sys_unshare kernel/fork.c:3198 [inline]
__se_sys_unshare kernel/fork.c:3196 [inline]
__x64_sys_unshare+0x31/0x40 kernel/fork.c:3196
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f983058ebe9
RSP: 002b:00007f9831425038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007f98307c5fa0 RCX: 00007f983058ebe9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
RBP: 00007f9830611e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f98307c6038 R14: 00007f98307c5fa0 R15: 00007ffc66acb2e8
INFO: task syz.5.4156:29562 blocked for more than 144 seconds.
Tainted: G U syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.4156 state:D stack:26984 pid:29562 tgid:29560 ppid:19663 task_flags:0x400040 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6961
__schedule_loop kernel/sched/core.c:7043 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7058
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x81b/0x1060 kernel/locking/mutex.c:760
tipc_nl_node_dump_monitor+0x1ca/0x320 net/tipc/node.c:2849
genl_dumpit+0x122/0x230 net/netlink/genetlink.c:1027
netlink_dump+0x539/0xd30 net/netlink/af_netlink.c:2327
__netlink_dump_start+0x6d6/0x990 net/netlink/af_netlink.c:2442
genl_family_rcv_msg_dumpit+0x1e2/0x2e0 net/netlink/genetlink.c:1076
genl_family_rcv_msg net/netlink/genetlink.c:1192 [inline]
genl_rcv_msg+0x46e/0x800 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x158/0x420 net/netlink/af_netlink.c:2552
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
netlink_unicast+0x5a7/0x870 net/netlink/af_netlink.c:1346
netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1896
sock_sendmsg_nosec net/socket.c:714 [inline]
__sock_sendmsg net/socket.c:729 [inline]
____sys_sendmsg+0xa98/0xc70 net/socket.c:2614
___sys_sendmsg+0x134/0x1d0 net/socket.c:2668
__sys_sendmsg+0x16d/0x220 net/socket.c:2700
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f983058ebe9
RSP: 002b:00007f9831404038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f98307c6090 RCX: 00007f983058ebe9
RDX: 0000000000008080 RSI: 00002000000083c0 RDI: 0000000000000005
RBP: 00007f9830611e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f98307c6128 R14: 00007f98307c6090 R15: 00007ffc66acb2e8
Showing all locks held in the system:
1 lock held by khungtaskd/31:
#0: ffffffff8e5c10e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8e5c10e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#0: ffffffff8e5c10e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775
2 locks held by syz-executor/5854:
#0: ffff888076a53808 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x11b/0x530 mm/mmap_lock.c:147
#1: ffff88814db64520 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x171/0x380 mm/memory.c:3361
2 locks held by kworker/0:3/5868:
3 locks held by kworker/1:3/5953:
#0: ffff888077b7a148 ((wq_completion)wg-kex-wg2#18){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211
#1: ffffc9000aa17d10 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212
#2:
ffff88802f804890
(
&handshake->lock
){++++}-{4:4}
, at: wg_noise_handshake_begin_session+0x30/0xe80 drivers/net/wireguard/noise.c:822
4 locks held by kworker/1:5/5958:
#0:
ffff88805d36f148
((wq_completion)wg-kex-wg2#16){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211
#1: ffffc9000aa47d10 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212
#2: ffff8880674b9308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1c2/0x880 drivers/net/wireguard/noise.c:598
#3: ffff88807d2020f0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x666/0x880 drivers/net/wireguard/noise.c:643
3 locks held by kworker/u10:6/16164:
3 locks held by kworker/u10:13/16939:
5 locks held by kworker/u10:14/16940:
3 locks held by kworker/u10:18/16944:
2 locks held by kworker/u10:19/16945:
#0: ffff88801b889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211
#1: ffffc9000b0a7d10 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212
3 locks held by kworker/u10:23/16953:
3 locks held by kworker/u10:34/17199:
3 locks held by kworker/u10:40/17205:
2 locks held by kworker/0:0/17615:
3 locks held by kworker/0:5/18264:
#0: ffff88801b880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211
#1: ffffc90002f27d10 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212
#2: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
4 locks held by kworker/u10:0/24859:
2 locks held by kworker/u10:2/24861:
2 locks held by kworker/u10:3/24862:
3 locks held by kworker/u10:4/24863:
4 locks held by kworker/u10:5/24864:
#0: ffff888048100948 ((wq_completion)wg-kex-wg2#17){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211
#1: ffffc90003bbfd10 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212
#2: ffff888054945308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0xec/0x650 drivers/net/wireguard/noise.c:529
#3: ffff88802f804890 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x100/0x650 drivers/net/wireguard/noise.c:530
4 locks held by kworker/u10:11/24868:
3 locks held by kworker/u10:12/24911:
3 locks held by kworker/u10:15/24912:
6 locks held by kworker/u10:17/25018:
3 locks held by kworker/u10:20/25019:
4 locks held by kworker/u10:22/25643:
4 locks held by kworker/u10:24/25644:
3 locks held by kworker/u10:25/25645:
#0: ffff88814c584948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211
#1: ffffc9000d947d10 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212
#2: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#2: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4734
3 locks held by kworker/u10:26/25646:
3 locks held by kworker/u10:28/25649:
2 locks held by kworker/u10:29/25650:
3 locks held by kworker/u10:30/25651:
3 locks held by kworker/u10:31/25652:
3 locks held by kworker/u10:32/25653:
3 locks held by kworker/0:1/27983:
3 locks held by kworker/1:4/28710:
#0: ffff88801b882148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211
#1: ffffc9000b22fd10 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212
#2: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x83/0x1180 net/wireless/reg.c:2483
2 locks held by syz.4.4148/29467:
#0: ffffffff90370b90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:566
#1: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_pernet_exit+0x17/0x150 net/wireless/core.c:1668
2 locks held by syz.6.4155/29555:
#0: ffffffff90370b90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:566
#1: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#1: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x23/0xb0 net/core/dev.c:2082
2 locks held by syz.6.4155/29559:
#0: ffffffff90370b90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:566
#1: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#1: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x23/0xb0 net/core/dev.c:2082
2 locks held by syz.6.4155/29565:
#0: ffff888033c7c428 (sb_writers#3){.+.+}-{0:0}, at: ksys_pwrite64 fs/read_write.c:793 [inline]
#0: ffff888033c7c428 (sb_writers#3){.+.+}-{0:0}, at: __do_sys_pwrite64 fs/read_write.c:801 [inline]
#0: ffff888033c7c428 (sb_writers#3){.+.+}-{0:0}, at: __se_sys_pwrite64 fs/read_write.c:798 [inline]
#0: ffff888033c7c428 (sb_writers#3){.+.+}-{0:0}, at: __x64_sys_pwrite64+0x1eb/0x250 fs/read_write.c:798
#1: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: resize_platform_label_table net/mpls/af_mpls.c:2549 [inline]
#1: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: mpls_platform_labels+0x557/0xf00 net/mpls/af_mpls.c:2619
2 locks held by syz.5.4156/29561:
#0: ffffffff90370b90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0 net/core/net_namespace.c:566
#1: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#1: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x23/0xb0 net/core/dev.c:2082
4 locks held by syz.5.4156/29562:
#0: ffffffff9042a350 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
#1: ffff88804b6da6d0 (nlk_cb_mutex-GENERIC){+.+.}-{4:4}, at: __netlink_dump_start+0x150/0x990 net/netlink/af_netlink.c:2406
#2: ffffffff9042a408 (genl_mutex){+.+.}-{4:4}, at: genl_lock net/netlink/genetlink.c:35 [inline]
#2: ffffffff9042a408 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:60 [inline]
#2: ffffffff9042a408 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:57 [inline]
#2: ffffffff9042a408 (genl_mutex){+.+.}-{4:4}, at: genl_dumpit+0x1a8/0x230 net/netlink/genetlink.c:1026
#3: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: tipc_nl_node_dump_monitor+0x1ca/0x320 net/tipc/node.c:2849
2 locks held by modprobe/29563:
1 lock held by syz-executor/29585:
#0: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
1 lock held by syz-executor/29592:
#0: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
1 lock held by syz-executor/29608:
#0: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
4 locks held by kworker/0:6/29616:
3 locks held by kworker/0:8/29644:
1 lock held by syz-executor/29651:
#0: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
1 lock held by syz-executor/29652:
#0: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
2 locks held by kworker/0:9/29661:
1 lock held by syz-executor/29663:
#0: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
2 locks held by kworker/0:10/29669:
1 lock held by syz-executor/29674:
#0: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff90386e88 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:979
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U syzkaller #0 PREEMPT(full)
Tainted: [U]=USER
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline]
watchdog+0xf0e/0x1260 kernel/hung_task.c:491
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x5d7/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 25018 Comm: kworker/u10:17 Tainted: G U syzkaller #0 PREEMPT(full)
Tainted: [U]=USER
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: bat_events batadv_tt_purge
RIP: 0010:kasan_check_byte include/linux/kasan.h:399 [inline]
RIP: 0010:lock_acquire kernel/locking/lockdep.c:5842 [inline]
RIP: 0010:lock_acquire+0xf4/0x350 kernel/locking/lockdep.c:5825
Code: 44 89 f2 48 89 de e8 5b d0 fe ff 5f 41 58 65 ff 0d b1 9c 3e 12 0f 85 4f ff ff ff e8 d6 f9 94 ff e9 45 ff ff ff 48 8b 74 24 68 <48> 89 df e8 84 df 88 00 8b 0d 92 56 14 0f 85 c9 0f 84 b1 00 00 00
RSP: 0018:ffffc900000071c0 EFLAGS: 00000202
RAX: 0000000000000001 RBX: ffffffff8e5c10e0 RCX: 0000000000000002
RDX: 0000000000000000 RSI: ffffffff816ab581 RDI: ffffffff8df58e60
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000003 R11: 000000000001203b R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8881246c0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4056ed2000 CR3: 000000005f41c000 CR4: 00000000003526f0
Call Trace:
rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
rcu_read_lock include/linux/rcupdate.h:841 [inline]
class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
unwind_next_frame+0xd1/0x20a0 arch/x86/kernel/unwind_orc.c:479
arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
unpoison_slab_object mm/kasan/common.c:330 [inline]
__kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:356
kasan_slab_alloc include/linux/kasan.h:250 [inline]
slab_post_alloc_hook mm/slub.c:4180 [inline]
slab_alloc_node mm/slub.c:4229 [inline]
kmem_cache_alloc_noprof+0x1cb/0x3b0 mm/slub.c:4236
__skb_ext_alloc+0x1a/0x80 net/core/skbuff.c:6976
skb_ext_add+0x232/0x7a0 net/core/skbuff.c:7079
nf_bridge_alloc include/net/netfilter/br_netfilter.h:12 [inline]
br_nf_pre_routing_ipv6+0xca/0x8c0 net/bridge/br_netfilter_ipv6.c:172
br_nf_pre_routing+0x860/0x15b0 net/bridge/br_netfilter_hooks.c:508
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:283 [inline]
br_handle_frame+0xad8/0x14b0 net/bridge/br_input.c:434
__netif_receive_skb_core.constprop.0+0xa25/0x48c0 net/core/dev.c:5878
__netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:5989
__netif_receive_skb+0x1d/0x160 net/core/dev.c:6104
process_backlog+0x442/0x15e0 net/core/dev.c:6456
__napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7506
napi_poll net/core/dev.c:7569 [inline]
net_rx_action+0xa9f/0xfe0 net/core/dev.c:7696
handle_softirqs+0x219/0x8e0 kernel/softirq.c:579
do_softirq kernel/softirq.c:480 [inline]
do_softirq+0xb2/0xf0 kernel/softirq.c:467
__local_bh_enable_ip+0x100/0x120 kernel/softirq.c:407
spin_unlock_bh include/linux/spinlock.h:396 [inline]
batadv_tt_local_purge+0x21c/0x3c0 net/batman-adv/translation-table.c:1315
batadv_tt_purge+0x8b/0xb80 net/batman-adv/translation-table.c:3509
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3319 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x5d7/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245