Extracting prog: 31m49.093352622s Minimizing prog: 48m24.724696776s Simplifying prog options: 0s Extracting C: 3m10.907006295s Simplifying C: 24m10.246863094s extracting reproducer from 39 programs testing a last program of every proc single: executing 9 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-socketpair$unix-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-sendmmsg$unix-recvmmsg-mmap detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELRULE={0x58, 0x6, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_COMPAT={0x2c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x3c}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x809b}]}]}], {0x14}}, 0x80}}, 0x0) (async) sendmmsg$unix(r2, &(0x7f0000000000), 0x0, 0x0) (async) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-bind$inet-setsockopt$sock_int-connect$inet-sendto-syz_usb_connect-syz_usb_connect$cdc_ncm-socket$packet-ioctl$ifreq_SIOCGIFINDEX_batadv_hard-setsockopt$packet_add_memb-setsockopt$packet_add_memb-ioctl$sock_netrom_SIOCADDRT-socket$nl_generic-mmap-madvise-migrate_pages-syz_genetlink_get_family_id$nl80211-sendmsg$NL80211_CMD_REQ_SET_REG-prctl$PR_SET_SECCOMP-openat$rnullb-sendfile-ioprio_set$pid detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @loopback}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) sendto(r0, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000f2091b080410aa61b4d2010203010902120001e900000009040000000206"], 0x0) syz_usb_connect$cdc_ncm(0x6, 0x16e, &(0x7f0000000700)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x15c, 0x2, 0x1, 0x4, 0x7f03e8a59c0bd627, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x8, 0x24, 0x6, 0x0, 0x1, "1c1a5d"}, {0x5, 0x24, 0x0, 0x84c}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x5, 0x0, 0x3}, {0x6, 0x24, 0x1a, 0x7, 0x32}, [@mbim={0xc, 0x24, 0x1b, 0x401, 0x80, 0x1, 0x10, 0x1, 0xfb}, @mbim_extended={0x8, 0x24, 0x1c, 0x10, 0x7, 0x7}, @call_mgmt={0x5, 0x24, 0x1, 0x3, 0x2}, @country_functional={0x10, 0x24, 0x7, 0x1, 0x6, [0x8, 0x7, 0x4, 0x0, 0x8100]}, @mbim={0xc, 0x24, 0x1b, 0x5, 0x9, 0x63, 0x9, 0x2, 0x1}, @mdlm_detail={0xc8, 0x24, 0x13, 0x8, "408138b7b98b6336139e7bd7b8871e0b76cc440d43daf14e7faab58010313185c953c927c8f119411b7d8fdebad654b930002e0cf5ae19f60c78fd4749969e35ba7d99660178e8c394d6769bacee5e6bdbdf0ca5d51d17a45db0c3888ffccafba97ebda8743997a3080e880e1a54b6b37eb3c3f66abb269430943c700c1a2dc5f2ffab8d658167f9f97302e5c62275f2c5309d670e7ded7363086eccd233859152aa18c6474e11bdc1a97636c211cc926bf135db82ecdb0f2486366634e2ba71e20c856f"}]}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0xe, 0x2, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0x2, 0x7, 0x5c}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0xa, 0xfa, 0x58}}}}}}}]}}, &(0x7f0000000600)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x250, 0x9, 0xf7, 0x5, 0x10, 0x3}, 0x7a, &(0x7f0000000680)={0x5, 0xf, 0x7a, 0x4, [@generic={0x50, 0x10, 0xa, "c7e5a576772534576a6cc694d08637cc125065710502de29c6db4b2942eb02e2ad62febc9eafee8a3348529e4e7b2a92ac1527c8b210f7a81efe20a0df484af33c63ab7804d4357d7373f62c44"}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0xd, 0xf, 0xfffc}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xc, 0x75, 0x1, 0x7ff}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "8f5849bbc88ca09f94a1688ca10a8ec1"}]}, 0x5, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x420}}, {0x22, &(0x7f0000000280)=@string={0x22, 0x3, "1db871123e999ec1348c7b86286983e6965169066b0a0691786c1b076b05d0d2"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x3001}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x1809}}, {0xe0, &(0x7f0000000500)=@string={0xe0, 0x3, "5a8fefcc7b69f8e19d3ad8072c19d4eb6cb092f0ff2a15b30deac55d5b6fe317dc7411d0f17a0c906770bdd1ed2a074cddab30ecceabc1e74050acaf628759ac34d096d5fc925ce1cd37e9b3808a59b7c04d99eff56f7b26fbfc36e6891789305329c0bd67fb689aada4ed1d74c40a76bc697cf371e27fe63b9a2a5d875a6e1fcba7e29903821bc3adc2240a27f691c25a8ec8f4230ae26e0f6b34a9924a96eb5c5ce714991b027e6cfc8476547b206eed6607de324698a2abcc3d8ca4bcc9def2c64cfb3c47a826a36cad4469bf8031ffba5149dc36c5d6a853dbb40b10"}}]}) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={r2, 0x1, 0x6, @broadcast}, 0x10) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000380)={r2, 0x1, 0x0, @random="83f047e9529c"}, 0x10) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000001c0)={0x1, @default, @bpq0, 0x2, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x20004000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000080)=0x272) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_REQ_SET_REG(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="2ba52ebd7000fddbdf251b00000006002100"], 0x1c}, 0x1, 0x0, 0x0, 0x200000c0}, 0x40c0) prctl$PR_SET_SECCOMP(0x4e, 0x2, 0x0) r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) sendfile(r5, r5, 0x0, 0x7ffff000) ioprio_set$pid(0x2, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$dsp-write$dsp-socket-connect$l2tp6-getsockname$l2tp6-openat$rnullb-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-socket$nl_generic-openat$fb0-ioctl$FBIOPUT_CON2FBMAP-sendmsg$NL80211_CMD_NEW_INTERFACE-prctl$PR_SET_THP_DISABLE-mmap-syz_open_dev$dri-ioctl$FS_IOC_RESVSP-syz_open_dev$sndctrl-ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE-socket$inet_tcp-getsockopt$inet_tcp_int-syz_open_dev$sndpcmp-syz_usb_connect-syz_open_dev$char_usb-syz_open_dev$usbmon-mmap-write$char_usb-ioctl$SNDRV_PCM_IOCTL_REWIND-close-openat$rnullb detailed listing: executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000280), 0x109502, 0x0) write$dsp(r0, &(0x7f0000000200)='m', 0x1) r1 = socket(0x15, 0x5, 0x0) connect$l2tp6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x20) getsockname$l2tp6(r1, 0x0, &(0x7f0000000100)) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r3) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$FBIOPUT_CON2FBMAP(r7, 0x4610, &(0x7f0000000000)={0x3a, 0x1}) sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYRESHEX=r2, @ANYRES16=r4, @ANYBLOB="2508007a0000000000030700000008000300", @ANYRES32=r3, @ANYRES8=r5], 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x1) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000003, 0x6031, 0xffffffffffffffff, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x8100) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000080)={0x0, 0x4, 0x2, 0x22855ff7}) r8 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r8, 0x40045532, &(0x7f0000000100)) r9 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r9, 0x6, 0x24, 0x0, &(0x7f00000000c0)) r10 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) r11 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000) r12 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000001, 0x12, r12, 0xc3d33000) write$char_usb(r11, &(0x7f0000001300)='7', 0x1) ioctl$SNDRV_PCM_IOCTL_REWIND(r10, 0xc0844123, &(0x7f0000000180)=0x4) close(r0) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_dev$sg-read-syz_open_dev$vim2m-socket$inet6_tcp-setsockopt$inet6_int-ioctl$vim2m_VIDIOC_CREATE_BUFS-syz_open_dev$ttys-mount detailed listing: executing program 0: syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) read(r0, 0x0, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x2, 0x0, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000002c0)={0x0, 0x8, 0x1, {0x1, @vbi={0x8, 0x6c, 0x0, 0x129b6c7a, [0xffffffff, 0xfffc0000], [0x0, 0xfffffffe]}}}) syz_open_dev$ttys(0xc, 0x2, 0x0) mount(&(0x7f0000000000)=@filename='./cgroup\x00', &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='efivarfs\x00', 0x1002050, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-syz_open_dev$sg-read-syz_open_dev$vim2m-socket$inet6_tcp-setsockopt$inet6_int-ioctl$vim2m_VIDIOC_CREATE_BUFS-syz_open_dev$ttys-mount detailed listing: executing program 0: syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) read(r0, 0x0, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x2, 0x0, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000002c0)={0x0, 0x8, 0x1, {0x1, @vbi={0x8, 0x6c, 0x0, 0x129b6c7a, [0xffffffff, 0xfffc0000], [0x0, 0xfffffffe]}}}) syz_open_dev$ttys(0xc, 0x2, 0x0) mount(&(0x7f0000000000)=@filename='./cgroup\x00', &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='efivarfs\x00', 0x1002050, 0x0) program crashed: lost connection to test machine suppressed program crash: lost connection to test machine testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-ioctl$IOC_PR_RELEASE-userfaultfd-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_API-ioctl$UFFDIO_REGISTER-mremap-mmap detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000000)={0xffffffffffffffa8, 0x9, 0x1}) userfaultfd(0x80001) (async) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) (async) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x3}) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r0, 0x93771000) program crashed: INFO: task hung in userfaultfd_release_all single: successfully extracted reproducer found reproducer with 10 syscalls minimizing guilty program testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-ioctl$IOC_PR_RELEASE-userfaultfd-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_API-ioctl$UFFDIO_REGISTER-mremap detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000000)={0xffffffffffffffa8, 0x9, 0x1}) userfaultfd(0x80001) (async) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) (async) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x3}) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) program crashed: INFO: task hung in userfaultfd_release_all testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-ioctl$IOC_PR_RELEASE-userfaultfd-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_API-ioctl$UFFDIO_REGISTER detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000000)={0xffffffffffffffa8, 0x9, 0x1}) userfaultfd(0x80001) (async) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) (async) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x3}) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-ioctl$IOC_PR_RELEASE-userfaultfd-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_API-mremap detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000000)={0xffffffffffffffa8, 0x9, 0x1}) userfaultfd(0x80001) (async) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) (async) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) program crashed: INFO: task hung in userfaultfd_release_all testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-ioctl$IOC_PR_RELEASE-userfaultfd-userfaultfd-ioctl$UFFDIO_API-mremap detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000000)={0xffffffffffffffa8, 0x9, 0x1}) userfaultfd(0x80001) (async) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) (async) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) program crashed: INFO: task hung in userfaultfd_release_all testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-ioctl$IOC_PR_RELEASE-userfaultfd-userfaultfd-mremap detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000000)={0xffffffffffffffa8, 0x9, 0x1}) userfaultfd(0x80001) (async) userfaultfd(0x80001) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) program crashed: INFO: task hung in userfaultfd_release_all testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-ioctl$IOC_PR_RELEASE-userfaultfd-mremap detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000000)={0xffffffffffffffa8, 0x9, 0x1}) userfaultfd(0x80001) (async) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) program crashed: INFO: task hung in userfaultfd_release_all testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-ioctl$IOC_PR_RELEASE-mremap detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000000)={0xffffffffffffffa8, 0x9, 0x1}) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) program crashed: INFO: task hung in exit_mm testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-mremap detailed listing: executing program 0: openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) program crashed: INFO: task hung in exit_mm testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mremap detailed listing: executing program 0: openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) program crashed: INFO: task hung in exit_mm testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mremap detailed listing: executing program 0: mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mremap detailed listing: executing program 0: openat$rnullb(0xffffffffffffff9c, 0x0, 0x8900, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) program did not crash extracting C reproducer testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mremap program crashed: INFO: task hung in exit_mm simplifying C reproducer testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mremap program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mremap program crashed: INFO: task hung in exit_mm testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mremap program crashed: INFO: task hung in exit_mm testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mremap program crashed: INFO: task hung in exit_mm testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mremap program crashed: INFO: task hung in exit_mm testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mremap program crashed: INFO: task hung in exit_mm testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mremap program crashed: INFO: task hung in exit_mm testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mremap detailed listing: executing program 0: openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) program crashed: INFO: task hung in exit_mm validation run: crashed=true testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mremap detailed listing: executing program 0: openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) program crashed: INFO: task hung in exit_mm validation run: crashed=true testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mremap detailed listing: executing program 0: openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) program crashed: INFO: task hung in exit_mm validation run: crashed=true reproducing took 1h57m21.028280551s repro crashed as (corrupted=false): INFO: task syz.0.16:6056 blocked for more than 143 seconds. Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.16 state:D stack:26920 pid:6056 tgid:6056 ppid:5968 task_flags:0x40004c flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5351 [inline] __schedule+0x1737/0x4d30 kernel/sched/core.c:6954 __schedule_loop kernel/sched/core.c:7036 [inline] schedule+0x165/0x360 kernel/sched/core.c:7051 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7108 rwsem_down_read_slowpath+0x5fd/0x8f0 kernel/locking/rwsem.c:1088 __down_read_common kernel/locking/rwsem.c:1263 [inline] __down_read kernel/locking/rwsem.c:1276 [inline] down_read+0x98/0x2e0 kernel/locking/rwsem.c:1541 mmap_read_lock include/linux/mmap_lock.h:412 [inline] exit_mm+0xcc/0x2c0 kernel/exit.c:557 do_exit+0x648/0x2300 kernel/exit.c:947 do_group_exit+0x21c/0x2d0 kernel/exit.c:1100 __do_sys_exit_group kernel/exit.c:1111 [inline] __se_sys_exit_group kernel/exit.c:1109 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1109 x64_sys_call+0x21f7/0x2200 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fa26898e9a9 RSP: 002b:00007fffd0e1f308 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa26898e9a9 RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 00000002d0e1f3ff R09: 00007fa268b80260 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fa268b80260 R14: 0000000000000003 R15: 00007fffd0e1f3c0 Showing all locks held in the system: 1 lock held by khungtaskd/31: #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6770 3 locks held by kworker/u8:2/36: #0: ffff88801a889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline] #0: ffff88801a889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319 #1: ffffc90000ac7bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline] #1: ffffc90000ac7bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319 #2: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:303 2 locks held by getty/5609: #0: ffff8880334aa0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243 #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4} , at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222 1 lock held by syz.0.16/6056: #0: ffff8880309d01e0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff8880309d01e0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557 2 locks held by syz.0.16/6057: 1 lock held by syz.1.17/6107: #0: ffff88807c3c4d20 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff88807c3c4d20 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557 1 lock held by syz.1.17/6108: 1 lock held by syz.2.18/6137: #0: ffff88807f2062a0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff88807f2062a0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557 2 locks held by syz.2.18/6138: 1 lock held by syz.3.19/6159: #0: ffff88807c3c37a0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff88807c3c37a0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557 1 lock held by syz.3.19/6160: 1 lock held by syz.4.20/6190: #0: ffff888020a89760 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff888020a89760 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557 6 locks held by syz.4.20/6191: 1 lock held by syz.5.21/6227: #0: ffff888024a5a220 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff888024a5a220 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557 1 lock held by syz.5.21/6228: 1 lock held by syz.6.22/6257: #0: ffff888024a59760 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff888024a59760 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557 1 lock held by syz.6.22/6258: 3 locks held by syz-executor/6261: #0: ffffffff8f0c03e0 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #0: ffffffff8f0c03e0 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #0: ffffffff8f0c03e0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 net/core/rtnetlink.c:570 #1: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline] #1: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline] #1: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056 #2: ffffffff8e543338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:311 [inline] #2: ffffffff8e543338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730 kernel/rcu/tree_exp.h:967 ============================================= NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline] watchdog+0xf93/0xfe0 kernel/hung_task.c:491 kthread+0x70e/0x8a0 kernel/kthread.c:463 ret_from_fork+0x3f9/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Workqueue: events_unbound cfg80211_wiphy_work RIP: 0010:__preempt_count_add kernel/rcu/tree.c:747 [inline] RIP: 0010:rcu_is_watching+0x6/0xb0 kernel/rcu/tree.c:750 Code: e8 3f fe 5e 03 eb cc 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 <41> 56 53 65 ff 05 20 99 40 11 e8 4b d7 d8 09 89 c3 83 f8 08 73 65 RSP: 0018:ffffc90000a086c8 EFLAGS: 00000297 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000002 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e53d8a0 RBP: ffffffff81730195 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc90000a08898 R11: ffffffff81ac9660 R12: 0000000000000002 R13: ffffffff8e53d8a0 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8881258ab000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000557baf2be0a8 CR3: 00000000227e6000 CR4: 00000000003526f0 Call Trace: trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x5f/0x360 kernel/locking/lockdep.c:5834 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:841 [inline] class_rcu_constructor include/linux/rcupdate.h:1155 [inline] unwind_next_frame+0xc2/0x2390 arch/x86/kernel/unwind_orc.c:479 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2417 [inline] slab_free mm/slub.c:4680 [inline] kfree+0x18e/0x440 mm/slub.c:4879 slab_free_after_rcu_debug+0x60/0x2a0 mm/slub.c:4717 rcu_do_batch kernel/rcu/tree.c:2605 [inline] rcu_core+0xca5/0x1710 kernel/rcu/tree.c:2861 handle_softirqs+0x286/0x870 kernel/softirq.c:579 do_softirq+0xec/0x180 kernel/softirq.c:480 __local_bh_enable_ip+0x17d/0x1c0 kernel/softirq.c:407 spin_unlock_bh include/linux/spinlock.h:396 [inline] cfg80211_inform_single_bss_data+0x13d2/0x1ac0 net/wireless/scan.c:2395 cfg80211_inform_bss_data+0x1fb/0x3b20 net/wireless/scan.c:3234 cfg80211_inform_bss_frame_data+0x3d7/0x730 net/wireless/scan.c:3325 ieee80211_bss_info_update+0x746/0x9e0 net/mac80211/scan.c:226 ieee80211_rx_bss_info net/mac80211/ibss.c:1094 [inline] ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1573 [inline] ieee80211_ibss_rx_queued_mgmt+0xa36/0x2ae0 net/mac80211/ibss.c:1600 ieee80211_iface_process_skb net/mac80211/iface.c:1699 [inline] ieee80211_iface_work+0x85f/0x12d0 net/mac80211/iface.c:1753 cfg80211_wiphy_work+0x2bb/0x470 net/wireless/core.c:435 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:463 ret_from_fork+0x3f9/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 final repro crashed as (corrupted=false): INFO: task syz.0.16:6056 blocked for more than 143 seconds. Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.16 state:D stack:26920 pid:6056 tgid:6056 ppid:5968 task_flags:0x40004c flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5351 [inline] __schedule+0x1737/0x4d30 kernel/sched/core.c:6954 __schedule_loop kernel/sched/core.c:7036 [inline] schedule+0x165/0x360 kernel/sched/core.c:7051 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7108 rwsem_down_read_slowpath+0x5fd/0x8f0 kernel/locking/rwsem.c:1088 __down_read_common kernel/locking/rwsem.c:1263 [inline] __down_read kernel/locking/rwsem.c:1276 [inline] down_read+0x98/0x2e0 kernel/locking/rwsem.c:1541 mmap_read_lock include/linux/mmap_lock.h:412 [inline] exit_mm+0xcc/0x2c0 kernel/exit.c:557 do_exit+0x648/0x2300 kernel/exit.c:947 do_group_exit+0x21c/0x2d0 kernel/exit.c:1100 __do_sys_exit_group kernel/exit.c:1111 [inline] __se_sys_exit_group kernel/exit.c:1109 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1109 x64_sys_call+0x21f7/0x2200 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fa26898e9a9 RSP: 002b:00007fffd0e1f308 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa26898e9a9 RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 00000002d0e1f3ff R09: 00007fa268b80260 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fa268b80260 R14: 0000000000000003 R15: 00007fffd0e1f3c0 Showing all locks held in the system: 1 lock held by khungtaskd/31: #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6770 3 locks held by kworker/u8:2/36: #0: ffff88801a889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline] #0: ffff88801a889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319 #1: ffffc90000ac7bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline] #1: ffffc90000ac7bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319 #2: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:303 2 locks held by getty/5609: #0: ffff8880334aa0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243 #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4} , at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222 1 lock held by syz.0.16/6056: #0: ffff8880309d01e0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff8880309d01e0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557 2 locks held by syz.0.16/6057: 1 lock held by syz.1.17/6107: #0: ffff88807c3c4d20 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff88807c3c4d20 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557 1 lock held by syz.1.17/6108: 1 lock held by syz.2.18/6137: #0: ffff88807f2062a0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff88807f2062a0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557 2 locks held by syz.2.18/6138: 1 lock held by syz.3.19/6159: #0: ffff88807c3c37a0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff88807c3c37a0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557 1 lock held by syz.3.19/6160: 1 lock held by syz.4.20/6190: #0: ffff888020a89760 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff888020a89760 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557 6 locks held by syz.4.20/6191: 1 lock held by syz.5.21/6227: #0: ffff888024a5a220 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff888024a5a220 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557 1 lock held by syz.5.21/6228: 1 lock held by syz.6.22/6257: #0: ffff888024a59760 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline] #0: ffff888024a59760 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557 1 lock held by syz.6.22/6258: 3 locks held by syz-executor/6261: #0: ffffffff8f0c03e0 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #0: ffffffff8f0c03e0 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #0: ffffffff8f0c03e0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 net/core/rtnetlink.c:570 #1: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline] #1: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline] #1: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056 #2: ffffffff8e543338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:311 [inline] #2: ffffffff8e543338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730 kernel/rcu/tree_exp.h:967 ============================================= NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline] watchdog+0xf93/0xfe0 kernel/hung_task.c:491 kthread+0x70e/0x8a0 kernel/kthread.c:463 ret_from_fork+0x3f9/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Workqueue: events_unbound cfg80211_wiphy_work RIP: 0010:__preempt_count_add kernel/rcu/tree.c:747 [inline] RIP: 0010:rcu_is_watching+0x6/0xb0 kernel/rcu/tree.c:750 Code: e8 3f fe 5e 03 eb cc 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 <41> 56 53 65 ff 05 20 99 40 11 e8 4b d7 d8 09 89 c3 83 f8 08 73 65 RSP: 0018:ffffc90000a086c8 EFLAGS: 00000297 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000002 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e53d8a0 RBP: ffffffff81730195 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc90000a08898 R11: ffffffff81ac9660 R12: 0000000000000002 R13: ffffffff8e53d8a0 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8881258ab000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000557baf2be0a8 CR3: 00000000227e6000 CR4: 00000000003526f0 Call Trace: trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x5f/0x360 kernel/locking/lockdep.c:5834 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:841 [inline] class_rcu_constructor include/linux/rcupdate.h:1155 [inline] unwind_next_frame+0xc2/0x2390 arch/x86/kernel/unwind_orc.c:479 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2417 [inline] slab_free mm/slub.c:4680 [inline] kfree+0x18e/0x440 mm/slub.c:4879 slab_free_after_rcu_debug+0x60/0x2a0 mm/slub.c:4717 rcu_do_batch kernel/rcu/tree.c:2605 [inline] rcu_core+0xca5/0x1710 kernel/rcu/tree.c:2861 handle_softirqs+0x286/0x870 kernel/softirq.c:579 do_softirq+0xec/0x180 kernel/softirq.c:480 __local_bh_enable_ip+0x17d/0x1c0 kernel/softirq.c:407 spin_unlock_bh include/linux/spinlock.h:396 [inline] cfg80211_inform_single_bss_data+0x13d2/0x1ac0 net/wireless/scan.c:2395 cfg80211_inform_bss_data+0x1fb/0x3b20 net/wireless/scan.c:3234 cfg80211_inform_bss_frame_data+0x3d7/0x730 net/wireless/scan.c:3325 ieee80211_bss_info_update+0x746/0x9e0 net/mac80211/scan.c:226 ieee80211_rx_bss_info net/mac80211/ibss.c:1094 [inline] ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1573 [inline] ieee80211_ibss_rx_queued_mgmt+0xa36/0x2ae0 net/mac80211/ibss.c:1600 ieee80211_iface_process_skb net/mac80211/iface.c:1699 [inline] ieee80211_iface_work+0x85f/0x12d0 net/mac80211/iface.c:1753 cfg80211_wiphy_work+0x2bb/0x470 net/wireless/core.c:435 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:463 ret_from_fork+0x3f9/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245