Extracting prog: 31m2.228135992s
Minimizing prog: 1h12m40.663649077s
Simplifying prog options: 12m37.572286243s
Extracting C: 5m12.363034837s
Simplifying C: 0s
extracting reproducer from 50 programs
testing a last program of every proc
single: executing 12 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_ovs_datapath-socket$nl_generic-openat$auto_proc_gid_map_operations_base-read$auto_kernfs_file_fops_kernfs_internal-socket-syz_genetlink_get_family_id$auto_ethtool-mmap$auto-mprotect$auto-madvise$auto-msync$auto-socket$nl_generic-madvise$auto-syz_clone-move_pages$auto-ioctl$sock_SIOCGIFINDEX-sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET-openat$auto_v4l2_fops_v4l2_dev-syz_genetlink_get_family_id$auto_nl802154-getpid-process_vm_readv$auto-sendmsg$auto_NL802154_CMD_NEW_INTERFACE-ioctl$auto-read$auto_v4l2_fops_v4l2_dev-syz_genetlink_get_family_id$auto_ovs_datapath-sendmsg$auto_OVS_DP_CMD_NEW-socket-sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET-syz_genetlink_get_family_id$auto_ovs_datapath-sendmsg$auto_NL80211_CMD_GET_SURVEY
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, &(0x7f0000001480)='/proc/thread-self/gid_map\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000200)=""/114, 0x72)
r1 = socket(0x9, 0x1, 0x4)
syz_genetlink_get_family_id$auto_ethtool(0x0, r1)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mprotect$auto(0x5, 0x8000000000000004, 0x5)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
msync$auto(0x0, 0x2000000005, 0x6)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
r3 = syz_clone(0x40040000, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages$auto(r3, 0x1002, 0x0, 0x0, 0x0, 0x5)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x40000000}, 0x0)
r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0)
r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r1)
r6 = getpid()
process_vm_readv$auto(r6, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0)
sendmsg$auto_NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={0x134, r5, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_PID={0x8, 0x1c, r6}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x8}, @NL802154_ATTR_SEC_DEVICE={0xc, 0x2e, 0x0, 0x1, [@typed={0x8, 0xae, 0x0, 0x0, @u32=0xffffffff}]}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'veth0_to_hsr\x00'}, @NL802154_ATTR_SEC_LEVEL={0xd8, 0x2d, 0x0, 0x1, [@nested={0x91, 0xe7, 0x0, 0x1, [@generic="f994f9b391316f24fa09192d3264478cdf0681ef8b848605fa3d7ae821f9f922072f6c873c36fc72f5944680c3ee5f88a4739ad41f30df6df64524d0b81b5892d0a06e8a7818f2cd7f470a7d3749545cedbacb84eac07a5cec6b56b73e28ba4600fbb16180a67f89eff562dc172dfc95dab69ca6f7e96416a8357f4a89024d1eb5b71ada5c", @nested={0x4, 0x114}, @nested={0x4, 0xac}]}, @nested={0x3d, 0x12a, 0x0, 0x1, [@nested={0x4, 0xae}, @generic="2ae72cd7329eba8fbb6c658a945a230f9cd393bb4af723de609699aed3db5cce32d71b41d3a195394f6056bb71", @typed={0x8, 0xb9, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}]}]}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x5}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x6}]}, 0x134}, 0x1, 0x0, 0x0, 0x800}, 0x40800)
ioctl$auto(r4, 0x5646, r4)
read$auto_v4l2_fops_v4l2_dev(r4, &(0x7f0000000080)=""/27, 0x1b)
r7 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r7, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x6a, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80)
r8 = socket(0x10, 0x2, 0x14)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r8, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="100000000714af"], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x24000044)
syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_SURVEY(r8, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000200", @ANYRES16=0x0, @ANYBLOB="04002dbd7000fedbdf2532000000"], 0x14}, 0x1, 0x0, 0x0, 0x8011}, 0x4000)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-syz_clone-syz_genetlink_get_family_id$auto_nl80211-move_pages$auto-mmap$auto-socket-connect$auto-mmap$auto-prctl$auto-socket$nl_generic-personality$auto-socket-ioctl$auto-socket-socket-statmount$auto-sendmsg$auto_OVS_VPORT_CMD_DEL-sendmmsg$auto-socket-mmap$auto-ioctl$auto_CEC_S_MODE-socket$nl_generic-openat$auto_ucma_fops_ucma-close_range$auto-socketpair$auto-pipe$auto-dup2$auto-write$auto-rt_sigprocmask$auto-gettid
detailed listing:
executing program 0:
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff)
move_pages$auto(0x1, 0x2000000000003, 0xffffffffffffffff, 0x0, 0x0, 0x8000000000000000)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
socket(0x2, 0x801, 0x100)
connect$auto(0x3, &(0x7f00000000c0), 0x55)
mmap$auto(0x0, 0x20009, 0x8000000000000001, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
personality$auto(0xfffffffc)
socket(0x25, 0x3, 0x1)
ioctl$auto(0x3, 0x894b, 0x38)
socket(0x11, 0x2, 0x50)
r0 = socket(0x10, 0x2, 0x0)
statmount$auto(0x0, &(0x7f0000000180)={0xfd, 0x1, 0xfffffffffffffff9, 0x7352, 0x3a, 0x694c, 0x1ffde, 0x7, 0x0, 0x80001000, 0x9, 0x8000, 0x6, 0x4, 0xb4, 0x9, 0x4, 0x0, 0x80, 0x7, 0xdb1, 0x8a6, 0x0, 0x2, 0x0, 0x84, [0x0, 0x0, 0x4001, 0x50100000000000, 0x0, 0x2000, 0x0, 0xa, 0x70624ce7, 0x0, 0xfffffffdfffffffc, 0x1, 0x0, 0x1, 0x2, 0x3b37, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x9, 0x0, 0xffffffffffffffff, 0x4, 0x9, 0x1, 0x0, 0x5, 0x400000000005b8, 0x4, 0x5, 0x1000, 0x1, 0x7, 0xffffffffffffffff, 0x1, 0x1, 0xc8, 0xf430, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x2, 0x9, 0x5, 0x2]}, 0x1fe, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)
socket(0x2, 0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto_CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f0000000080)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0)
close_range$auto(0x2, 0xa, 0x0)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
pipe$auto(0x0)
dup2$auto(0x5, 0x4)
write$auto(r1, 0x0, 0xc3)
rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8)
gettid()
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-mmap$auto-close_range$auto-mq_open$auto-socket-socket-open-open_by_handle_at$auto-write$auto-socket-openat$auto_kernfs_file_fops_kernfs_internal-mmap$auto-socketpair$auto-sendmmsg$auto-mmap$auto-madvise$auto-syz_genetlink_get_family_id$auto_nl80211-sendmsg$auto_NL80211_CMD_RADAR_DETECT-sendmsg$auto_NL80211_CMD_STOP_NAN-sendmmsg$auto-sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID-sendmmsg$auto-writev$auto-openat$auto_cachefiles_daemon_fops_internal-readv$auto-pwrite64$auto-mmap$auto-socket-socketpair$auto-close_range$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000)
close_range$auto(0x0, 0xfffffffffffff001, 0x2)
mq_open$auto(&(0x7f00000001c0)='\x00', 0x1000, 0x3, &(0x7f0000000200)={0x77, 0x0, 0x6, 0x949})
socket(0x11, 0x80003, 0x300)
socket(0x29, 0x6158631311ac8c3d, 0x0)
r0 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322cf3)
open_by_handle_at$auto(r0, &(0x7f0000000000)={0x8, 0x2, "8b00000000000000"}, 0x2)
write$auto(0x3, 0x0, 0x9)
socket(0x29, 0x2, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/bus/pci/drivers/dwc3-pci/remove_id\x00', 0x40081, 0x0)
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(r0, 0x0, 0x1, 0x1)
mmap$auto(0xfffffffffffffffd, 0x9, 0x0, 0x411, 0x1000000002, 0x8000)
madvise$auto(0x405, 0xffffffffffff0001, 0x15)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_RADAR_DETECT(0xffffffffffffffff, 0x0, 0x10008000)
sendmsg$auto_NL80211_CMD_STOP_NAN(0xffffffffffffffff, 0x0, 0x815)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, 0x0, 0x4000080)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
writev$auto(r1, 0x0, 0x7)
openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x22080, 0x0)
readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1)
pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRNcmyT\x04\xe9M\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\x85\x8a=\xbaKgn6\xa7\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\t\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9\x1d\xe1\xc6\x8b\xc0\xe8-\x94k\xef\x95\x1c\xcf_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/261, 0x5, 0x3d)
mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x0)
socket(0x10, 0x2, 0xfffffffc)
socketpair$auto(0x4d2cf812, 0x5, 0x8001, 0x0)
close_range$auto(0x2, 0x8, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socketpair$auto-mmap$auto-prctl$auto-rt_sigqueueinfo$auto-mmap$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_GET_MSR_FEATURE_INDEX_LIST-openat$auto_generic-select$auto-connect$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x101b, 0x3, 0x101, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
mmap$auto(0x0, 0x9, 0x3ff57697, 0x9b72, 0x2, 0x8000000000008000)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$auto_KVM_GET_MSR_FEATURE_INDEX_LIST(r0, 0xc004ae0a, 0x0)
openat$auto_generic(0xffffffffffffff9c, &(0x7f0000001500)='/proc/kpagecgroup\x00', 0x101000, 0x0)
select$auto(0x5, &(0x7f0000000080)={[0x20000009, 0xfffffffffffbfffc, 0x9, 0x5, 0xc, 0x3, 0x3, 0x1ffe000, 0x2, 0x2, 0x9, 0xf, 0xa657, 0x202, 0x6, 0x1]}, 0x0, 0x0, 0x0)
connect$auto(0x3, 0x0, 0x55)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-mmap$auto-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-futex$auto-ioctl$auto_UDMABUF_CREATE-socket-writev$auto
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0)
futex$auto(&(0x7f0000000040)=0x100, 0xe, 0x3, &(0x7f0000000100)={0x9, 0x281}, &(0x7f0000000140)=0x6, 0x1ff)
ioctl$auto_UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000080)={0xffffffffffffffff, 0x5, 0x8, 0x3})
socket(0xf, 0x800, 0xbf39)
writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb)
program crashed: INFO: task hung in remove_one
single: successfully extracted reproducer
found reproducer with 10 syscalls
minimizing guilty program
testing program (duration=6m17.629477138s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-mmap$auto-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-futex$auto-ioctl$auto_UDMABUF_CREATE-socket
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0)
futex$auto(&(0x7f0000000040)=0x100, 0xe, 0x3, &(0x7f0000000100)={0x9, 0x281}, &(0x7f0000000140)=0x6, 0x1ff)
ioctl$auto_UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000080)={0xffffffffffffffff, 0x5, 0x8, 0x3})
socket(0xf, 0x800, 0xbf39)
program did not crash
testing program (duration=6m17.629477138s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-mmap$auto-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-futex$auto-ioctl$auto_UDMABUF_CREATE-writev$auto
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0)
futex$auto(&(0x7f0000000040)=0x100, 0xe, 0x3, &(0x7f0000000100)={0x9, 0x281}, &(0x7f0000000140)=0x6, 0x1ff)
ioctl$auto_UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000080)={0xffffffffffffffff, 0x5, 0x8, 0x3})
writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb)
program crashed: INFO: task hung in remove_one
testing program (duration=6m17.629477138s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-mmap$auto-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-futex$auto-writev$auto
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0)
futex$auto(&(0x7f0000000040)=0x100, 0xe, 0x3, &(0x7f0000000100)={0x9, 0x281}, &(0x7f0000000140)=0x6, 0x1ff)
writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb)
program crashed: INFO: task hung in remove_one
testing program (duration=6m17.629477138s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-mmap$auto-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-writev$auto
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0)
writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb)
program crashed: INFO: task hung in remove_one
testing program (duration=6m17.629477138s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-mmap$auto-mmap$auto-close_range$auto-writev$auto
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb)
program did not crash
testing program (duration=6m17.629477138s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-mmap$auto-mmap$auto-openat$auto_nsim_dev_health_break_fops_health-writev$auto
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0)
writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb)
program did not crash
testing program (duration=6m17.629477138s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-writev$auto
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0)
writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb)
program crashed: INFO: task hung in remove_one
testing program (duration=6m17.629477138s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-writev$auto
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0)
writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb)
program crashed: INFO: task hung in remove_one
testing program (duration=6m17.629477138s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-writev$auto
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0)
writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb)
program did not crash
testing program (duration=6m17.629477138s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-writev$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0)
writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb)
program did not crash
testing program (duration=6m17.629477138s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-writev$auto
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x400, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0)
writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb)
program did not crash
testing program (duration=6m17.629477138s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-writev$auto
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, 0x0, 0x101, 0x0)
writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb)
program did not crash
testing program (duration=6m17.629477138s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-writev$auto
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0)
writev$auto(0x0, 0x0, 0xb)
program did not crash
extracting C reproducer
testing compiled C program (duration=6m17.629477138s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-writev$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m17.629477138s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-writev$auto
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0)
writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb)
program crashed: INFO: task hung in remove_one
extracting C reproducer
testing compiled C program (duration=6m17.629477138s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-writev$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing program (duration=6m17.629477138s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_mon_fops_binary_mon_bin-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-writev$auto
detailed listing:
executing program 0:
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0)
mmap$auto(0x0, 0x5, 0xfffffffffffffe01, 0x8011, 0x3, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x101, 0x0)
writev$auto(0x0, &(0x7f0000000000)={0x0, 0x8}, 0xb)
program crashed: lost connection to test machine
a never seen crash title: lost connection to test machine, ignore
reproducing took 2h1m32.942479112s
repro crashed as (corrupted=false):
INFO: task kworker/u8:2:35 blocked for more than 143 seconds.
Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:2 state:D stack:25136 pid:35 tgid:35 ppid:2 task_flags:0x4208060 flags:0x00004000
Workqueue: netns cleanup_net
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5377 [inline]
__schedule+0xf43/0x5890 kernel/sched/core.c:6764
__schedule_loop kernel/sched/core.c:6841 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6856
schedule_timeout+0x244/0x280 kernel/time/sleep_timeout.c:75
do_wait_for_common kernel/sched/completion.c:95 [inline]
__wait_for_common+0x3e1/0x600 kernel/sched/completion.c:116
__debugfs_file_removed fs/debugfs/inode.c:775 [inline]
remove_one+0x30f/0x420 fs/debugfs/inode.c:782
simple_recursive_removal+0x4e2/0x8e0 fs/libfs.c:635
debugfs_remove+0x5d/0x80 fs/debugfs/inode.c:805
nsim_dev_health_exit+0x3b/0xe0 drivers/net/netdevsim/health.c:227
nsim_dev_reload_destroy+0x143/0x4d0 drivers/net/netdevsim/dev.c:1664
nsim_dev_reload_down+0x6e/0xd0 drivers/net/netdevsim/dev.c:968
devlink_reload+0x19a/0x7c0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1a1/0x2b0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:162 [inline]
cleanup_net+0x497/0xbf0 net/core/net_namespace.c:632
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task syz-executor:9633 blocked for more than 143 seconds.
Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:24448 pid:9633 tgid:9633 ppid:1 task_flags:0x400140 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5377 [inline]
__schedule+0xf43/0x5890 kernel/sched/core.c:6764
__schedule_loop kernel/sched/core.c:6841 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6856
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
__mutex_lock_common kernel/locking/mutex.c:662 [inline]
__mutex_lock+0x6bd/0xb10 kernel/locking/mutex.c:730
device_lock include/linux/device.h:1030 [inline]
device_del+0xa1/0x9f0 drivers/base/core.c:3816
device_unregister+0x1d/0xc0 drivers/base/core.c:3895
nsim_bus_dev_del drivers/net/netdevsim/bus.c:462 [inline]
del_device_store+0x346/0x4b0 drivers/net/netdevsim/bus.c:226
bus_attr_store+0x71/0xb0 drivers/base/bus.c:172
sysfs_kf_write+0x117/0x170 fs/sysfs/file.c:139
kernfs_fop_write_iter+0x33d/0x500 fs/kernfs/file.c:334
new_sync_write fs/read_write.c:586 [inline]
vfs_write+0x5ae/0x1150 fs/read_write.c:679
ksys_write+0x12b/0x250 fs/read_write.c:731
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f15ddd8b89f
RSP: 002b:00007ffefd0d2ee0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f15ddd8b89f
RDX: 0000000000000001 RSI: 00007ffefd0d2f30 RDI: 0000000000000005
RBP: 00007f15dde0f4fd R08: 0000000000000000 R09: 00007ffefd0d2d37
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 00007ffefd0d2f30 R14: 00007f15dead4620 R15: 0000000000000003
</TASK>
INFO: task syz.3.3345:9646 blocked for more than 143 seconds.
Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.3345 state:D stack:26848 pid:9646 tgid:9646 ppid:5979 task_flags:0x400140 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5377 [inline]
__schedule+0xf43/0x5890 kernel/sched/core.c:6764
__schedule_loop kernel/sched/core.c:6841 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6856
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
__mutex_lock_common kernel/locking/mutex.c:662 [inline]
__mutex_lock+0x6bd/0xb10 kernel/locking/mutex.c:730
devlink_health_report+0x3c5/0x9d0 net/devlink/health.c:627
nsim_dev_health_break_write+0x167/0x210 drivers/net/netdevsim/health.c:162
full_proxy_write+0x13c/0x200 fs/debugfs/file.c:398
do_loop_readv_writev fs/read_write.c:843 [inline]
do_loop_readv_writev fs/read_write.c:828 [inline]
vfs_writev+0x6da/0xdd0 fs/read_write.c:1052
do_writev+0x133/0x340 fs/read_write.c:1096
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fde48b8cde9
RSP: 002b:00007ffef104da68 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 00007fde48da5fa0 RCX: 00007fde48b8cde9
RDX: 000000000000000b RSI: 0000400000000000 RDI: 0000000000000000
RBP: 00007fde48c0e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fde48da5fa0 R14: 00007fde48da5fa0 R15: 0000000000000003
</TASK>
INFO: task syz.2.3368:9680 blocked for more than 144 seconds.
Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.3368 state:D stack:27472 pid:9680 tgid:9680 ppid:9059 task_flags:0x400140 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5377 [inline]
__schedule+0xf43/0x5890 kernel/sched/core.c:6764
__schedule_loop kernel/sched/core.c:6841 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6856
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
inode_lock_shared include/linux/fs.h:887 [inline]
open_last_lookups fs/namei.c:3749 [inline]
path_openat+0x88a/0x2d80 fs/namei.c:3986
do_filp_open+0x20c/0x470 fs/namei.c:4016
do_sys_openat2+0x17a/0x1e0 fs/open.c:1428
do_sys_open fs/open.c:1443 [inline]
__do_sys_openat fs/open.c:1459 [inline]
__se_sys_openat fs/open.c:1454 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1454
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fed2d58cde9
RSP: 002b:00007ffd6ec99af8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fed2d7a5fa0 RCX: 00007fed2d58cde9
RDX: 0000000000000101 RSI: 00004000000000c0 RDI: ffffffffffffff9c
RBP: 00007fed2d60e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fed2d7a5fa0 R14: 00007fed2d7a5fa0 R15: 0000000000000004
</TASK>
INFO: task syz.0.3367:9681 blocked for more than 144 seconds.
Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.3367 state:D stack:27936 pid:9681 tgid:9681 ppid:8463 task_flags:0x400140 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5377 [inline]
__schedule+0xf43/0x5890 kernel/sched/core.c:6764
__schedule_loop kernel/sched/core.c:6841 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6856
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
inode_lock_shared include/linux/fs.h:887 [inline]
open_last_lookups fs/namei.c:3749 [inline]
path_openat+0x88a/0x2d80 fs/namei.c:3986
do_filp_open+0x20c/0x470 fs/namei.c:4016
do_sys_openat2+0x17a/0x1e0 fs/open.c:1428
do_sys_open fs/open.c:1443 [inline]
__do_sys_openat fs/open.c:1459 [inline]
__se_sys_openat fs/open.c:1454 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1454
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f627c78cde9
RSP: 002b:00007fff4f261bf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f627c9a5fa0 RCX: 00007f627c78cde9
RDX: 0000000000000101 RSI: 00004000000000c0 RDI: ffffffffffffff9c
RBP: 00007f627c80e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f627c9a5fa0 R14: 00007f627c9a5fa0 R15: 0000000000000004
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/30:
#0: ffffffff8e1bcc80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff8e1bcc80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff8e1bcc80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6746
6 locks held by kworker/u8:2/35:
#0: ffff88801bef5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3211
#1: ffffc90000ab7d18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3212
#2: ffffffff8fee2090 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xbf0 net/core/net_namespace.c:606
#3: ffff8880349810e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1030 [inline]
#3: ffff8880349810e8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
#3: ffff8880349810e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x12d/0x2b0 net/devlink/core.c:506
#4: ffff888034982250 (&devlink->lock_key#4){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
#4: ffff888034982250 (&devlink->lock_key#4){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
#4: ffff888034982250 (&devlink->lock_key#4){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x137/0x2b0 net/devlink/core.c:506
#5: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock include/linux/fs.h:877 [inline]
#5: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: simple_recursive_removal+0x2f5/0x8e0 fs/libfs.c:627
2 locks held by getty/5589:
#0: ffff888031a2c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc9000331b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
5 locks held by syz-executor/9633:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff8880325e3c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
#4: ffff8880349810e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1030 [inline]
#4: ffff8880349810e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa1/0x9f0 drivers/base/core.c:3816
2 locks held by syz.3.3345/9646:
#0: ffff88801eabe420 (sb_writers#9){.+.+}-{0:0}, at: do_writev+0x133/0x340 fs/read_write.c:1096
#1: ffff888034982250 (&devlink->lock_key#4){+.+.}-{4:4}, at: devlink_health_report+0x3c5/0x9d0 net/devlink/health.c:627
2 locks held by syz.2.3368/9680:
#0: ffff88801eabe420 (sb_writers#9){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3739 [inline]
#0: ffff88801eabe420 (sb_writers#9){.+.+}-{0:0}, at: path_openat+0x1f64/0x2d80 fs/namei.c:3986
#1: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:887 [inline]
#1: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3749 [inline]
#1: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x88a/0x2d80 fs/namei.c:3986
2 locks held by syz.0.3367/9681:
#0: ffff88801eabe420 (sb_writers#9){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3739 [inline]
#0: ffff88801eabe420 (sb_writers#9){.+.+}-{0:0}, at: path_openat+0x1f64/0x2d80 fs/namei.c:3986
#1: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:887 [inline]
#1: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3749 [inline]
#1: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x88a/0x2d80 fs/namei.c:3986
4 locks held by syz-executor/9694:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff888060d20088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9696:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff888141b2ac88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9697:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff888145bb7c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9720:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff888032cef488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9731:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff888031404488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9733:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff8880341b2888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9738:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff8880341b3888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9761:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff8880334b8888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9781:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff888079a94888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9784:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff8880557f4088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9786:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff8880250a8488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:236 [inline]
watchdog+0xf62/0x12b0 kernel/hung_task.c:399
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:1 Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: bat_events batadv_nc_worker
RIP: 0010:__lock_acquire+0xe8/0x3c40 kernel/locking/lockdep.c:5091
Code: 85 15 14 00 00 44 8b 0d ca 3a cc 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 80 3c 02 00 <0f> 85 96 2c 00 00 49 8b 04 24 48 3d a0 b7 82 93 0f 84 89 0e 00 00
RSP: 0018:ffffc900001178f0 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000002
RDX: 1ffffffff1c37990 RSI: 1ffff92000022f30 RDI: ffffffff8e1bcc80
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff90626517 R11: 0000000000000002 R12: ffffffff8e1bcc80
R13: ffff88801d2c5a00 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f318810d88 CR3: 000000000df80000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851
rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
rcu_read_lock include/linux/rcupdate.h:849 [inline]
batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline]
batadv_nc_worker+0x16a/0x1060 net/batman-adv/network-coding.c:719
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
final repro crashed as (corrupted=false):
INFO: task kworker/u8:2:35 blocked for more than 143 seconds.
Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:2 state:D stack:25136 pid:35 tgid:35 ppid:2 task_flags:0x4208060 flags:0x00004000
Workqueue: netns cleanup_net
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5377 [inline]
__schedule+0xf43/0x5890 kernel/sched/core.c:6764
__schedule_loop kernel/sched/core.c:6841 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6856
schedule_timeout+0x244/0x280 kernel/time/sleep_timeout.c:75
do_wait_for_common kernel/sched/completion.c:95 [inline]
__wait_for_common+0x3e1/0x600 kernel/sched/completion.c:116
__debugfs_file_removed fs/debugfs/inode.c:775 [inline]
remove_one+0x30f/0x420 fs/debugfs/inode.c:782
simple_recursive_removal+0x4e2/0x8e0 fs/libfs.c:635
debugfs_remove+0x5d/0x80 fs/debugfs/inode.c:805
nsim_dev_health_exit+0x3b/0xe0 drivers/net/netdevsim/health.c:227
nsim_dev_reload_destroy+0x143/0x4d0 drivers/net/netdevsim/dev.c:1664
nsim_dev_reload_down+0x6e/0xd0 drivers/net/netdevsim/dev.c:968
devlink_reload+0x19a/0x7c0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1a1/0x2b0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:162 [inline]
cleanup_net+0x497/0xbf0 net/core/net_namespace.c:632
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task syz-executor:9633 blocked for more than 143 seconds.
Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:24448 pid:9633 tgid:9633 ppid:1 task_flags:0x400140 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5377 [inline]
__schedule+0xf43/0x5890 kernel/sched/core.c:6764
__schedule_loop kernel/sched/core.c:6841 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6856
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
__mutex_lock_common kernel/locking/mutex.c:662 [inline]
__mutex_lock+0x6bd/0xb10 kernel/locking/mutex.c:730
device_lock include/linux/device.h:1030 [inline]
device_del+0xa1/0x9f0 drivers/base/core.c:3816
device_unregister+0x1d/0xc0 drivers/base/core.c:3895
nsim_bus_dev_del drivers/net/netdevsim/bus.c:462 [inline]
del_device_store+0x346/0x4b0 drivers/net/netdevsim/bus.c:226
bus_attr_store+0x71/0xb0 drivers/base/bus.c:172
sysfs_kf_write+0x117/0x170 fs/sysfs/file.c:139
kernfs_fop_write_iter+0x33d/0x500 fs/kernfs/file.c:334
new_sync_write fs/read_write.c:586 [inline]
vfs_write+0x5ae/0x1150 fs/read_write.c:679
ksys_write+0x12b/0x250 fs/read_write.c:731
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f15ddd8b89f
RSP: 002b:00007ffefd0d2ee0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f15ddd8b89f
RDX: 0000000000000001 RSI: 00007ffefd0d2f30 RDI: 0000000000000005
RBP: 00007f15dde0f4fd R08: 0000000000000000 R09: 00007ffefd0d2d37
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 00007ffefd0d2f30 R14: 00007f15dead4620 R15: 0000000000000003
</TASK>
INFO: task syz.3.3345:9646 blocked for more than 143 seconds.
Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.3345 state:D stack:26848 pid:9646 tgid:9646 ppid:5979 task_flags:0x400140 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5377 [inline]
__schedule+0xf43/0x5890 kernel/sched/core.c:6764
__schedule_loop kernel/sched/core.c:6841 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6856
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
__mutex_lock_common kernel/locking/mutex.c:662 [inline]
__mutex_lock+0x6bd/0xb10 kernel/locking/mutex.c:730
devlink_health_report+0x3c5/0x9d0 net/devlink/health.c:627
nsim_dev_health_break_write+0x167/0x210 drivers/net/netdevsim/health.c:162
full_proxy_write+0x13c/0x200 fs/debugfs/file.c:398
do_loop_readv_writev fs/read_write.c:843 [inline]
do_loop_readv_writev fs/read_write.c:828 [inline]
vfs_writev+0x6da/0xdd0 fs/read_write.c:1052
do_writev+0x133/0x340 fs/read_write.c:1096
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fde48b8cde9
RSP: 002b:00007ffef104da68 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 00007fde48da5fa0 RCX: 00007fde48b8cde9
RDX: 000000000000000b RSI: 0000400000000000 RDI: 0000000000000000
RBP: 00007fde48c0e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fde48da5fa0 R14: 00007fde48da5fa0 R15: 0000000000000003
</TASK>
INFO: task syz.2.3368:9680 blocked for more than 144 seconds.
Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.3368 state:D stack:27472 pid:9680 tgid:9680 ppid:9059 task_flags:0x400140 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5377 [inline]
__schedule+0xf43/0x5890 kernel/sched/core.c:6764
__schedule_loop kernel/sched/core.c:6841 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6856
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
inode_lock_shared include/linux/fs.h:887 [inline]
open_last_lookups fs/namei.c:3749 [inline]
path_openat+0x88a/0x2d80 fs/namei.c:3986
do_filp_open+0x20c/0x470 fs/namei.c:4016
do_sys_openat2+0x17a/0x1e0 fs/open.c:1428
do_sys_open fs/open.c:1443 [inline]
__do_sys_openat fs/open.c:1459 [inline]
__se_sys_openat fs/open.c:1454 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1454
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fed2d58cde9
RSP: 002b:00007ffd6ec99af8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fed2d7a5fa0 RCX: 00007fed2d58cde9
RDX: 0000000000000101 RSI: 00004000000000c0 RDI: ffffffffffffff9c
RBP: 00007fed2d60e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fed2d7a5fa0 R14: 00007fed2d7a5fa0 R15: 0000000000000004
</TASK>
INFO: task syz.0.3367:9681 blocked for more than 144 seconds.
Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.3367 state:D stack:27936 pid:9681 tgid:9681 ppid:8463 task_flags:0x400140 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5377 [inline]
__schedule+0xf43/0x5890 kernel/sched/core.c:6764
__schedule_loop kernel/sched/core.c:6841 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6856
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
rwsem_down_read_slowpath+0x61e/0xb20 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x124/0x330 kernel/locking/rwsem.c:1526
inode_lock_shared include/linux/fs.h:887 [inline]
open_last_lookups fs/namei.c:3749 [inline]
path_openat+0x88a/0x2d80 fs/namei.c:3986
do_filp_open+0x20c/0x470 fs/namei.c:4016
do_sys_openat2+0x17a/0x1e0 fs/open.c:1428
do_sys_open fs/open.c:1443 [inline]
__do_sys_openat fs/open.c:1459 [inline]
__se_sys_openat fs/open.c:1454 [inline]
__x64_sys_openat+0x175/0x210 fs/open.c:1454
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f627c78cde9
RSP: 002b:00007fff4f261bf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f627c9a5fa0 RCX: 00007f627c78cde9
RDX: 0000000000000101 RSI: 00004000000000c0 RDI: ffffffffffffff9c
RBP: 00007f627c80e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f627c9a5fa0 R14: 00007f627c9a5fa0 R15: 0000000000000004
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/30:
#0: ffffffff8e1bcc80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff8e1bcc80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff8e1bcc80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6746
6 locks held by kworker/u8:2/35:
#0: ffff88801bef5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3211
#1: ffffc90000ab7d18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3212
#2: ffffffff8fee2090 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xbf0 net/core/net_namespace.c:606
#3: ffff8880349810e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1030 [inline]
#3: ffff8880349810e8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
#3: ffff8880349810e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x12d/0x2b0 net/devlink/core.c:506
#4: ffff888034982250 (&devlink->lock_key#4){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
#4: ffff888034982250 (&devlink->lock_key#4){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
#4: ffff888034982250 (&devlink->lock_key#4){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x137/0x2b0 net/devlink/core.c:506
#5: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock include/linux/fs.h:877 [inline]
#5: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: simple_recursive_removal+0x2f5/0x8e0 fs/libfs.c:627
2 locks held by getty/5589:
#0: ffff888031a2c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc9000331b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
5 locks held by syz-executor/9633:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff8880325e3c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
#4: ffff8880349810e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1030 [inline]
#4: ffff8880349810e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa1/0x9f0 drivers/base/core.c:3816
2 locks held by syz.3.3345/9646:
#0: ffff88801eabe420 (sb_writers#9){.+.+}-{0:0}, at: do_writev+0x133/0x340 fs/read_write.c:1096
#1: ffff888034982250 (&devlink->lock_key#4){+.+.}-{4:4}, at: devlink_health_report+0x3c5/0x9d0 net/devlink/health.c:627
2 locks held by syz.2.3368/9680:
#0: ffff88801eabe420 (sb_writers#9){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3739 [inline]
#0: ffff88801eabe420 (sb_writers#9){.+.+}-{0:0}, at: path_openat+0x1f64/0x2d80 fs/namei.c:3986
#1: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:887 [inline]
#1: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3749 [inline]
#1: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x88a/0x2d80 fs/namei.c:3986
2 locks held by syz.0.3367/9681:
#0: ffff88801eabe420 (sb_writers#9){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3739 [inline]
#0: ffff88801eabe420 (sb_writers#9){.+.+}-{0:0}, at: path_openat+0x1f64/0x2d80 fs/namei.c:3986
#1: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:887 [inline]
#1: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3749 [inline]
#1: ffff888074311090 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x88a/0x2d80 fs/namei.c:3986
4 locks held by syz-executor/9694:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff888060d20088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9696:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff888141b2ac88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9697:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff888145bb7c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9720:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff888032cef488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9731:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff888031404488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9733:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff8880341b2888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9738:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff8880341b3888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9761:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff8880334b8888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9781:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff888079a94888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9784:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff8880557f4088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
4 locks held by syz-executor/9786:
#0: ffff888024870420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 fs/read_write.c:731
#1: ffff8880250a8488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 fs/kernfs/file.c:325
#2: ffff8881447dfa58 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f4a29e8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd2/0x4b0 drivers/net/netdevsim/bus.c:216
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:236 [inline]
watchdog+0xf62/0x12b0 kernel/hung_task.c:399
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:1 Not tainted 6.14.0-rc2-syzkaller-00185-g128c8f96eb86 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: bat_events batadv_nc_worker
RIP: 0010:__lock_acquire+0xe8/0x3c40 kernel/locking/lockdep.c:5091
Code: 85 15 14 00 00 44 8b 0d ca 3a cc 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 80 3c 02 00 <0f> 85 96 2c 00 00 49 8b 04 24 48 3d a0 b7 82 93 0f 84 89 0e 00 00
RSP: 0018:ffffc900001178f0 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000002
RDX: 1ffffffff1c37990 RSI: 1ffff92000022f30 RDI: ffffffff8e1bcc80
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff90626517 R11: 0000000000000002 R12: ffffffff8e1bcc80
R13: ffff88801d2c5a00 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f318810d88 CR3: 000000000df80000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851
rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
rcu_read_lock include/linux/rcupdate.h:849 [inline]
batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline]
batadv_nc_worker+0x16a/0x1060 net/batman-adv/network-coding.c:719
process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>