syzbot

INFO: task kworker/1:18:5362 blocked for more than 151 seconds.
      Not tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:18    state:D stack:21712 pid:5362  tgid:5362  ppid:2      flags:0x00004000
Workqueue: events linkwatch_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5409 [inline]
 __schedule+0xf15/0x5d00 kernel/sched/core.c:6746
 __schedule_loop kernel/sched/core.c:6823 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6838
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895
 __mutex_lock_common kernel/locking/mutex.c:684 [inline]
 __mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752
 linkwatch_event+0x51/0xc0 net/core/link_watch.c:276
 process_one_work+0x9a9/0x1ac0 kernel/workqueue.c:3254
 process_scheduled_works kernel/workqueue.c:3335 [inline]
 worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416
 kthread+0x2c1/0x3a0 kernel/kthread.c:388
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Showing all locks held in the system:
2 locks held by kthreadd/2:
4 locks held by kworker/0:0/7:
4 locks held by kworker/0:1/8:
 #0: ffff88802b784d48 ((wq_completion)wg-kex-wg2#16){+.+.}-{0:0}, at: process_one_work+0x1296/0x1ac0 kernel/workqueue.c:3229
 #1: ffffc900000d7d80 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((typeof(*((worker))) *)((worker)))); (typeof((typeof(*((worker))) *)((worker)))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x906/0x1ac0 kernel/workqueue.c:3230
 #2: ffff88807c219228 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x1c3/0x880 drivers/net/wireguard/noise.c:598
 #3: ffff88802dbaf3b8 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x5ae/0x880 drivers/net/wireguard/noise.c:632
2 locks held by kworker/u8:0/10:
3 locks held by kworker/u8:1/11:
 #0: ffff888029a82148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x1296/0x1ac0 kernel/workqueue.c:3229
 #1: ffffc90000107d80 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x906/0x1ac0 kernel/workqueue.c:3230
 #2: ffffffff8f2ffd88 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4732
2 locks held by kworker/1:0/24:
3 locks held by kworker/u8:2/28:
1 lock held by khungtaskd/30:
 #0: ffffffff8d7b0e20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #0: ffffffff8d7b0e20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #0: ffffffff8d7b0e20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 kernel/locking/lockdep.c:6614
4 locks held by kworker/u8:4/61:
 #0: ffff888063873948 ((wq_completion)wg-kex-wg2#13){+.+.}-{0:0}, at: process_one_work+0x1296/0x1ac0 kernel/workqueue.c:3229
 #1: ffffc900015c7d80 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x906/0x1ac0 kernel/workqueue.c:3230
 #2: ffff88807ca99228 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_create_initiation+0xed/0x650 drivers/net/wireguard/noise.c:529
 #3: ffff88802e34e0f8 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_create_initiation+0x101/0x650 drivers/net/wireguard/noise.c:530
3 locks held by kworker/u8:5/135:
3 locks held by kworker/u8:6/145:
3 locks held by kworker/u8:7/963:
3 locks held by kworker/u8:8/2841:
3 locks held by syslogd/4506:
1 lock held by udevd/4524:
1 lock held by dhcpcd/4737:
2 locks held by dhcpcd/4738:
3 locks held by kworker/0:3/4814:
 #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1296/0x1ac0 kernel/workqueue.c:3229
 #1: ffffc9000345fd80 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x906/0x1ac0 kernel/workqueue.c:3230
 #2: ffffffff8d7bc538 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:291 [inline]
 #2: ffffffff8d7bc538 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x682/0x7a0 kernel/rcu/tree_exp.h:939
2 locks held by getty/4825:
 #0: ffff88823bdae8a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc8/0x1490 drivers/tty/n_tty.c:2201
2 locks held by syz-fuzzer/5083:
4 locks held by syz-fuzzer/5168:
1 lock held by syz-executor.0/5084:
1 lock held by syz-executor.1/5090:
3 locks held by kworker/1:3/5135:
 #0: ffff888015081948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x1296/0x1ac0 kernel/workqueue.c:3229
 #1: ffffc9000357fd80 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x906/0x1ac0 kernel/workqueue.c:3230
 #2: ffffffff8f2ffd88 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x7d/0x10e0 net/wireless/reg.c:2478
5 locks held by kworker/1:5/5137:
4 locks held by kworker/0:4/5140:
3 locks held by kworker/0:6/5171:
4 locks held by kworker/0:7/5330:
4 locks held by kworker/0:8/5331:
3 locks held by kworker/0:9/5342:
3 locks held by kworker/0:10/5343:
2 locks held by kworker/1:8/5349:
4 locks held by kworker/1:9/5350:
 #0: ffff888029273d48 ((wq_completion)wg-kex-wg0#16){+.+.}-{0:0}, at: process_one_work+0x1296/0x1ac0 kernel/workqueue.c:3229
 #1: ffffc900036afd80 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((typeof(*((worker))) *)((worker)))); (typeof((typeof(*((worker))) *)((worker)))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x906/0x1ac0 kernel/workqueue.c:3230
 #2: ffff888060db1228 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x1c3/0x880 drivers/net/wireguard/noise.c:598
 #3: ffff88802e34a8b8 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x5ae/0x880 drivers/net/wireguard/noise.c:632
5 locks held by kworker/1:10/5351:
3 locks held by kworker/1:11/5352:
 #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1296/0x1ac0 kernel/workqueue.c:3229
 #1: ffffc90003737d80 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x906/0x1ac0 kernel/workqueue.c:3230
 #2: ffffffff8f2ffd88 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
4 locks held by kworker/1:14/5356:
 #0: ffff88807eb4a548 ((wq_completion)wg-kex-wg2#14){+.+.}-{0:0}, at: process_one_work+0x1296/0x1ac0 kernel/workqueue.c:3229
 #1: ffffc90003777d80 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((typeof(*((worker))) *)((worker)))); (typeof((typeof(*((worker))) *)((worker)))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x906/0x1ac0 kernel/workqueue.c:3230
 #2: ffff88807ca99228 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x1c3/0x880 drivers/net/wireguard/noise.c:598
 #3: ffff88802e34e0f8 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x5ae/0x880 drivers/net/wireguard/noise.c:632
2 locks held by kworker/1:15/5358:
2 locks held by kworker/1:16/5359:
3 locks held by kworker/1:18/5362:
 #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1296/0x1ac0 kernel/workqueue.c:3229
 #1: ffffc900037dfd80 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x906/0x1ac0 kernel/workqueue.c:3230
 #2: ffffffff8f2ffd88 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0x51/0xc0 net/core/link_watch.c:276
2 locks held by kworker/0:11/5373:
2 locks held by kworker/0:13/5377:
3 locks held by kworker/0:15/5379:
1 lock held by syz-executor.3/6667:
3 locks held by syz-executor.4/7708:
4 locks held by kworker/u8:9/7713:

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
 watchdog+0xf86/0x1240 kernel/hung_task.c:380
 kthread+0x2c1/0x3a0 kernel/kthread.c:388
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 44 Comm: kworker/1:1 Not tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: events nsim_dev_trap_report_work
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:200
Code: be b0 01 00 00 e8 a0 ff ff ff 31 c0 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 65 48 8b 15 24 15 76 7e 65 8b 05 25 15 76 7e a9 00 01
RSP: 0018:ffffc90000a07c28 EFLAGS: 00000286
RAX: 0000000000000000 RBX: ffffc90000a07cb0 RCX: ffffffff813d1891
RDX: ffff88801a6f1e00 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 0000000000000002 R08: 0000000000000007 R09: 0000000000000000
R10: ffffffff897eea1e R11: 0000000000000007 R12: ffffffff897eea1e
R13: 0000000000000000 R14: ffffc90000a07d70 R15: ffffc90000a07ce5
FS:  0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c0001be000 CR3: 0000000077d2e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 orc_find arch/x86/kernel/unwind_orc.c:206 [inline]
 unwind_next_frame+0x1cf/0x23a0 arch/x86/kernel/unwind_orc.c:494
 arch_stack_walk+0x100/0x170 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579
 poison_slab_object mm/kasan/common.c:240 [inline]
 __kasan_slab_free+0x11d/0x1a0 mm/kasan/common.c:256
 kasan_slab_free include/linux/kasan.h:184 [inline]
 slab_free_hook mm/slub.c:2106 [inline]
 slab_free mm/slub.c:4280 [inline]
 kmem_cache_free+0x12e/0x380 mm/slub.c:4344
 kfree_skbmem+0x10e/0x200 net/core/skbuff.c:1159
 __kfree_skb net/core/skbuff.c:1217 [inline]
 kfree_skb_reason+0x13a/0x210 net/core/skbuff.c:1252
 kfree_skb include/linux/skbuff.h:1262 [inline]
 ip6_mc_input+0x7ad/0xfd0 net/ipv6/ip6_input.c:589
 dst_input include/net/dst.h:460 [inline]
 dst_input include/net/dst.h:458 [inline]
 ip6_rcv_finish+0x3a2/0x5b0 net/ipv6/ip6_input.c:79
 ip_sabotage_in+0x21e/0x2a0 net/bridge/br_netfilter_hooks.c:995
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626
 nf_hook.constprop.0+0x42f/0x750 include/linux/netfilter.h:269
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:310
 __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5544
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:5658
 netif_receive_skb_internal net/core/dev.c:5744 [inline]
 netif_receive_skb+0x13f/0x7b0 net/core/dev.c:5804
 NF_HOOK include/linux/netfilter.h:314 [inline]
 NF_HOOK include/linux/netfilter.h:308 [inline]
 br_pass_frame_up+0x346/0x490 net/bridge/br_input.c:70
 br_handle_frame_finish+0xdcd/0x1c80 net/bridge/br_input.c:221
 br_nf_hook_thresh+0x303/0x410 net/bridge/br_netfilter_hooks.c:1172
 br_nf_pre_routing_finish_ipv6+0x76a/0xfb0 net/bridge/br_netfilter_ipv6.c:154
 NF_HOOK include/linux/netfilter.h:314 [inline]
 br_nf_pre_routing_ipv6+0x3ce/0x8c0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x85e/0x15a0 net/bridge/br_netfilter_hooks.c:527
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x9e9/0x1480 net/bridge/br_input.c:424
 __netif_receive_skb_core.constprop.0+0xa16/0x4060 net/core/dev.c:5438
 __netif_receive_skb_one_core+0xb1/0x1e0 net/core/dev.c:5542
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:5658
 process_backlog+0x12f/0x6f0 net/core/dev.c:5987
 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6638
 napi_poll net/core/dev.c:6707 [inline]
 net_rx_action+0x9ad/0xf10 net/core/dev.c:6822
 __do_softirq+0x218/0x922 kernel/softirq.c:554
 do_softirq kernel/softirq.c:455 [inline]
 do_softirq+0xb2/0xf0 kernel/softirq.c:442
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:382
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]
 nsim_dev_trap_report_work+0x870/0xc80 drivers/net/netdevsim/dev.c:850
 process_one_work+0x9a9/0x1ac0 kernel/workqueue.c:3254
 process_scheduled_works kernel/workqueue.c:3335 [inline]
 worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416
 kthread+0x2c1/0x3a0 kernel/kthread.c:388
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>