INFO: task kworker/u8:7:26424 blocked for more than 143 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:7 state:D stack:21416 pid:26424 tgid:26424 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: netns cleanup_net
Call Trace:
context_switch kernel/sched/core.c:5504 [inline]
__schedule+0x1709/0x5530 kernel/sched/core.c:7228
__schedule_loop kernel/sched/core.c:7307 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7322
rxrpc_destroy_all_calls+0x443/0x570 net/rxrpc/call_object.c:754
rxrpc_exit_net+0x6f/0xc0 net/rxrpc/net_ns.c:112
ops_exit_list net/core/net_namespace.c:199 [inline]
ops_undo_list+0x43d/0x8d0 net/core/net_namespace.c:252
cleanup_net+0x575/0x810 net/core/net_namespace.c:702
process_one_work+0x93a/0x12b0 kernel/workqueue.c:3326
process_scheduled_works kernel/workqueue.c:3409 [inline]
worker_thread+0xb05/0x10d0 kernel/workqueue.c:3490
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Showing all locks held in the system:
9 locks held by ktimers/1/30:
#0: ffffffff8de611a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
#1: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
#2: ffff8880b8726260 (&base->expiry_lock){+...}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#2: ffff8880b8726260 (&base->expiry_lock){+...}-{3:3}, at: timer_base_lock_expiry kernel/time/timer.c:1502 [inline]
#2: ffff8880b8726260 (&base->expiry_lock){+...}-{3:3}, at: __run_timer_base+0x11a/0x9b0 kernel/time/timer.c:2384
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
#4: ffffc90000a4fa80 ((&ndev->rs_timer)){+...}-{0:0}, at: call_timer_fn+0xd4/0x5e0 kernel/time/timer.c:1745
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: ndisc_send_skb+0x203/0x1650 net/ipv6/ndisc.c:482
#6: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#6: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#6: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: ip6_output+0x11e/0x540 net/ipv6/ip6_output.c:234
#7: ffff888062b88790 (&dir->lock#2){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#7: ffff888062b88790 (&dir->lock#2){+.+.}-{3:3}, at: ref_tracker_alloc+0x1ec/0x4c0 lib/ref_tracker.c:279
#8: ffff8880b8728458 (hrtimer_bases.lock){-...}-{2:2}, at: class_raw_spinlock_constructor include/linux/spinlock.h:536 [inline]
#8: ffff8880b8728458 (hrtimer_bases.lock){-...}-{2:2}, at: __hrtimer_rearm_deferred+0x99/0x430 kernel/time/hrtimer.c:2153
1 lock held by khungtaskd/38:
#0: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#0: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#0: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6777
2 locks held by kworker/1:2/821:
#0: ffff88813fe4a538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#1: ffffc9000520fc60 ((gc_work).work){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
2 locks held by getty/5358:
#0: ffff8880367730a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90003cc62e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x460/0x1360 drivers/tty/n_tty.c:2211
8 locks held by kworker/u8:44/16772:
#0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#1: ffffc90003dafc60 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#2: ffff888034406310 (&devlink->lock_key#12){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xcb0 drivers/net/netdevsim/dev.c:909
#3: ffff888031c20120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#3: ffff888031c20120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:862 [inline]
#3: ffff888031c20120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1e0/0xcb0 drivers/net/netdevsim/dev.c:922
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
#5: ffffffff8de611a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
#6: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
#7: ffff8880b8739078 ((bh_lock)){+...}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#7: ffff8880b8739078 ((bh_lock)){+...}-{3:3}, at: napi_skb_cache_get+0xbf/0x450 net/core/skbuff.c:289
6 locks held by kworker/u8:45/16773:
#0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#1: ffffc90003d9fc60 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#2: ffff888061008310 (&devlink->lock_key#3){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xcb0 drivers/net/netdevsim/dev.c:909
#3: ffff88804c693520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#3: ffff88804c693520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:862 [inline]
#3: ffff88804c693520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1e0/0xcb0 drivers/net/netdevsim/dev.c:922
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
#5: ffff88813fe1fd58 (&n->list_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#5: ffff88813fe1fd58 (&n->list_lock){+.+.}-{3:3}, at: get_partial_node_bulk mm/slub.c:3770 [inline]
#5: ffff88813fe1fd58 (&n->list_lock){+.+.}-{3:3}, at: __refill_objects_node+0x89/0x5b0 mm/slub.c:7194
6 locks held by kworker/u8:46/16774:
#0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#1: ffffc90003d8fc60 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#2: ffff888059df0310 (&devlink->lock_key#19){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xcb0 drivers/net/netdevsim/dev.c:909
#3: ffff888057d56920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#3: ffff888057d56920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:862 [inline]
#3: ffff888057d56920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1e0/0xcb0 drivers/net/netdevsim/dev.c:922
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1183 [inline]
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0x8f/0x2550 arch/x86/kernel/unwind_orc.c:495
6 locks held by kworker/u8:60/16788:
#0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#1: ffffc90002effc60 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#2: ffff88804d33a310 (&devlink->lock_key#17){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xcb0 drivers/net/netdevsim/dev.c:909
#3: ffff88804d0a9520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#3: ffff88804d0a9520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:862 [inline]
#3: ffff88804d0a9520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1e0/0xcb0 drivers/net/netdevsim/dev.c:922
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
#5: ffff88813fe1fd58 (&n->list_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#5: ffff88813fe1fd58 (&n->list_lock){+.+.}-{3:3}, at: get_partial_node_bulk mm/slub.c:3770 [inline]
#5: ffff88813fe1fd58 (&n->list_lock){+.+.}-{3:3}, at: __refill_objects_node+0x89/0x5b0 mm/slub.c:7194
3 locks held by kworker/u8:7/26424:
#0: ffff88801b696138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#1: ffffc90010fbfc60 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#2: ffffffff8f37dba0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf5/0x810 net/core/net_namespace.c:673
2 locks held by syz-executor/28304:
#0: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#0: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 mm/page_alloc.c:1555
#1: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#1: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#1: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
#1: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
9 locks held by syz-executor/29001:
#0: ffffffff8e09dd70 (dup_mmap_sem){++++}-{0:0}, at: dup_mm kernel/fork.c:1537 [inline]
#0: ffffffff8e09dd70 (dup_mmap_sem){++++}-{0:0}, at: copy_mm+0x10f/0x480 kernel/fork.c:1590
#1: ffff888034031f30 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline]
#1: ffff888034031f30 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x16e/0x1d40 mm/mmap.c:1739
#2: ffff888034032cb0 (&mm->mmap_lock/1){+.+.}-{4:4}, at: mmap_write_lock_nested include/linux/mmap_lock.h:544 [inline]
#2: ffff888034032cb0 (&mm->mmap_lock/1){+.+.}-{4:4}, at: dup_mmap+0x256/0x1d40 mm/mmap.c:1746
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x29/0x200 mm/pgtable-generic.c:290
#4: ffff888036bec658 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#4: ffff888036bec658 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: pte_offset_map_lock+0x13d/0x210 mm/pgtable-generic.c:404
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
#6: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#6: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#6: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x29/0x200 mm/pgtable-generic.c:290
#7: ffff888053cd37d8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_pte_range mm/memory.c:1272 [inline]
#7: ffff888053cd37d8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_pmd_range+0x591/0x53e0 mm/memory.c:1408
#8: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#8: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#8: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
#8: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock_nested+0x1de/0x3f0 kernel/locking/spinlock_rt.c:65
4 locks held by kworker/0:2H/29671:
#0: ffff88813fe4b538 ((wq_completion)events_highpri){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#1: ffffc90005fa7c60 ((work_completion)(&vmidi->output_work)){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#2: ffff8880320650e0 (&grp->list_mutex/1){.+.+}-{4:4}, at: __deliver_to_subscribers sound/core/seq/seq_clientmgr.c:725 [inline]
#2: ffff8880320650e0 (&grp->list_mutex/1){.+.+}-{4:4}, at: deliver_to_subscribers sound/core/seq/seq_clientmgr.c:763 [inline]
#2: ffff8880320650e0 (&grp->list_mutex/1){.+.+}-{4:4}, at: snd_seq_deliver_event+0x287/0xa40 sound/core/seq/seq_clientmgr.c:813
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
6 locks held by kworker/u8:12/29720:
#0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#1: ffffc90006267c60 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#2: ffff888031db4310 (&devlink->lock_key#18){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xcb0 drivers/net/netdevsim/dev.c:909
#3: ffff88807f060920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#3: ffff88807f060920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:862 [inline]
#3: ffff88807f060920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1e0/0xcb0 drivers/net/netdevsim/dev.c:922
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1183 [inline]
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0x8f/0x2550 arch/x86/kernel/unwind_orc.c:495
3 locks held by kworker/u8:17/29726:
#0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#1: ffffc90003f7fc60 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#2: ffff88807a2608d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6884 [inline]
#2: ffff88807a2608d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x420 net/wireless/core.c:524
6 locks held by kworker/u8:19/29729:
#0: ffff88813fe8c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#1: ffffc900062e7c60 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8cd/0x12b0 kernel/workqueue.c:3301
#2: ffff8880298f4310 (&devlink->lock_key#15){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xcb0 drivers/net/netdevsim/dev.c:909
#3: ffff888061108920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#3: ffff888061108920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:862 [inline]
#3: ffff888061108920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1e0/0xcb0 drivers/net/netdevsim/dev.c:922
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
#5: ffff88813fe1fd58 (&n->list_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#5: ffff88813fe1fd58 (&n->list_lock){+.+.}-{3:3}, at: get_partial_node_bulk mm/slub.c:3770 [inline]
#5: ffff88813fe1fd58 (&n->list_lock){+.+.}-{3:3}, at: __refill_objects_node+0x89/0x5b0 mm/slub.c:7194
1 lock held by syz.5.7324/29917:
#0: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#0: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 mm/page_alloc.c:1555
6 locks held by syz.7.7359/30043:
#0: ffffffff8f37dba0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x4e2/0x720 net/core/net_namespace.c:575
#1: ffffffff8f38d138 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xe5/0x9e0 net/core/dev.c:13093
#2: ffff8880b873d158 ((lock)#5){+.+.}-{3:3}, at: trylock_stock+0x103/0x350 mm/memcontrol.c:3171
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __rt_spin_trylock kernel/locking/spinlock_rt.c:110 [inline]
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x10c/0x2b0 kernel/locking/spinlock_rt.c:118
#4: ffff8880b873d018 ((lock)#6){+.+.}-{3:3}, at: refill_stock+0x147/0x9f0 mm/memcontrol.c:2196
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __rt_spin_trylock kernel/locking/spinlock_rt.c:110 [inline]
#5: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x10c/0x2b0 kernel/locking/spinlock_rt.c:118
4 locks held by syz.5.7371/30086:
#0: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#0: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#0: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock_dont_migrate include/linux/rcupdate.h:982 [inline]
#0: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: bpf_test_timer_enter+0xf6/0x260 net/bpf/test_run.c:39
#1: ffffffff8de611a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
#2: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#3: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: netif_receive_skb_list_internal+0x501/0xcf0 net/core/dev.c:6423
1 lock held by syz.0.7372/30087:
#0: ffff8880340311b0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline]
#0: ffff8880340311b0 (&mm->mmap_lock){++++}-{4:4}, at: do_mprotect_pkey+0x260/0xcd0 mm/mprotect.c:867
1 lock held by syz.0.7372/30089:
#0: ffff8880654678c8 (&nft_net->commit_mutex){+.+.}-{4:4}, at: nf_tables_valid_genid+0x3b/0x100 net/netfilter/nf_tables_api.c:11490
5 locks held by syz.0.7372/30090:
#0: ffff888029ca6928 (nlk_cb_mutex-SOCK_DIAG){+.+.}-{4:4}, at: __netlink_dump_start+0xf4/0x7b0 net/netlink/af_netlink.c:2410
#1: ffffffff8de611a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
#2: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
#3: ffffc9000233b018 (&tcp_hashinfo.bhash2[i].lock){+...}-{3:3}, at: spin_lock_bh include/linux/spinlock_rt.h:90 [inline]
#3: ffffc9000233b018 (&tcp_hashinfo.bhash2[i].lock){+...}-{3:3}, at: tcp_diag_dump+0x8f4/0x1ff0 net/ipv4/tcp_diag.c:414
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
#4: ffffffff8dfcb040 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)}
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Call Trace:
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:122
nmi_trigger_cpumask_backtrace+0x17a/0x380 lib/nmi_backtrace.c:65
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
watchdog+0xfd7/0x1030 kernel/hung_task.c:561
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: ktimers/1 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)}
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:netdev_core_pick_tx+0xa6/0x360 net/core/dev.c:4733
Code: 0f 85 6f 02 00 00 41 89 2f eb 0f e8 14 93 bf f8 49 bd 00 00 00 00 00 fc ff df 48 8d 53 28 49 89 d7 49 c1 ef 03 43 0f b6 04 2f <84> c0 0f 85 e6 01 00 00 8b 2a bf 01 00 00 00 89 ee e8 94 97 bf f8
RSP: 0018:ffffc90000a4f408 EFLAGS: 00000a06
RAX: 0000000000000000 RBX: ffff88802b370000 RCX: dffffc0000000000
RDX: ffff88802b370028 RSI: 0000000000000000 RDI: 0000000000000100
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000100
R10: dffffc0000000000 R11: fffffbfff1f19b3f R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88803b75e500 R15: 1ffff1100566e005
FS: 0000000000000000(0000) GS:ffff888125fce000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd42f6056b8 CR3: 000000006540c000 CR4: 00000000003526f0
Call Trace:
__dev_queue_xmit+0x5b4/0x3890 net/core/dev.c:4828
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x337/0x540 net/ipv6/ip6_output.c:246
dst_output include/net/dst.h:489 [inline]
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xcb2/0x1650 net/ipv6/ndisc.c:512
addrconf_rs_timer+0x2d2/0x6c0 net/ipv6/addrconf.c:4066
call_timer_fn+0x192/0x5e0 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2374 [inline]
__run_timer_base+0x67b/0x9b0 kernel/time/timer.c:2386
run_timer_base kernel/time/timer.c:2395 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2405
handle_softirqs+0x1d9/0x6c0 kernel/softirq.c:626
__do_softirq kernel/softirq.c:660 [inline]
run_ktimerd+0x69/0x100 kernel/softirq.c:1155
smpboot_thread_fn+0x57c/0xa80 kernel/smpboot.c:160
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245