syzbot

INFO: task syz-executor.3:18178 blocked for more than 143 seconds.
      Not tainted 6.0.0-rc2-syzkaller-00283-g10d4879f9ef0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.3  state:D stack:27368 pid:18178 ppid:  3655 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5182 [inline]
 __schedule+0xadf/0x52b0 kernel/sched/core.c:6494
 schedule+0xda/0x1b0 kernel/sched/core.c:6570
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6629
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0xa44/0x1350 kernel/locking/mutex.c:747
 tls_sw_sendmsg+0x251/0x1820 net/tls/tls_sw.c:942
 inet6_sendmsg+0x99/0xe0 net/ipv6/af_inet6.c:653
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:734
 __sys_sendto+0x236/0x340 net/socket.c:2117
 __do_sys_sendto net/socket.c:2129 [inline]
 __se_sys_sendto net/socket.c:2125 [inline]
 __x64_sys_sendto+0xdd/0x1b0 net/socket.c:2125
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7ff925e89279
RSP: 002b:00007ff926fb1168 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007ff925f9bf80 RCX: 00007ff925e89279
RDX: 0000000000007fd6 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007ff925ee3189 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000c000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ff9264cfb1f R14: 00007ff926fb1300 R15: 0000000000022000
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/0:0/6:
 #0: ffff888011864d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888011864d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888011864d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888011864d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff888011864d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff888011864d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
 #1: ffffc900000b7da8 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
 #2: ffff8880256a30d8 (&ctx->tx_lock){+.+.}-{3:3}, at: tx_work_handler+0x127/0x190 net/tls/tls_sw.c:2417
1 lock held by rcu_tasks_kthre/12:
 #0: ffffffff8bf88770 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 kernel/rcu/tasks.h:507
1 lock held by rcu_tasks_trace/13:
 #0: ffffffff8bf88470 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 kernel/rcu/tasks.h:507
2 locks held by ksoftirqd/0/15:
1 lock held by khungtaskd/28:
 #0: ffffffff8bf892c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6492
2 locks held by getty/3289:
 #0: ffff88814ab96098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:244
 #1: ffffc90002d232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef0/0x13e0 drivers/tty/n_tty.c:2177
4 locks held by syz-fuzzer/7920:
 #0: ffff8880b9a39f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2b/0x120 kernel/sched/core.c:544
 #1: ffff8880b9a277c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x3e7/0x4e0 kernel/sched/psi.c:885
 #2: ffff8880b9a277c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_enqueue kernel/sched/stats.h:136 [inline]
 #2: ffff8880b9a277c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: enqueue_task+0x1ec/0x3a0 kernel/sched/core.c:2062
 #3: ffffffff8bf89260 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x22f/0x3ad0 net/core/dev.c:4173
1 lock held by syz-executor.3/18178:
 #0: ffff8880256a30d8 (&ctx->tx_lock){+.+.}-{3:3}, at: tls_sw_sendmsg+0x251/0x1820 net/tls/tls_sw.c:942

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.0.0-rc2-syzkaller-00283-g10d4879f9ef0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 nmi_cpu_backtrace.cold+0x46/0x14f lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x206/0x250 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
 watchdog+0xc18/0xf50 kernel/hung_task.c:369
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.0.0-rc2-syzkaller-00283-g10d4879f9ef0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
RIP: 0010:check_kcov_mode kernel/kcov.c:166 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x7/0x60 kernel/kcov.c:200
Code: 4b 00 5d be 03 00 00 00 e9 d6 3d 81 02 66 0f 1f 44 00 00 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 65 8b 05 29 64 86 7e <89> c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b 14 25 80 6f 02 00 a9
RSP: 0018:ffffc90000146a70 EFLAGS: 00000286
RAX: 0000000000000100 RBX: ffff888020ba0000 RCX: 0000000000000100
RDX: ffff888011a7bb00 RSI: ffffffff8818ae2f RDI: ffff888020ba0000
RBP: dffffc0000000000 R08: ffffc90000146c68 R09: 000000000000000d
R10: 0000000000000008 R11: 0000000000000001 R12: 0000000000000100
R13: ffffc90000146d60 R14: 0000000000000000 R15: ffff88807f651c00
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c003e433e8 CR3: 0000000047267000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __find_rr_leaf+0xbd/0xd20 net/ipv6/route.c:793
 find_rr_leaf net/ipv6/route.c:850 [inline]
 rt6_select net/ipv6/route.c:894 [inline]
 fib6_table_lookup+0x5ee/0x9c0 net/ipv6/route.c:2182
 ip6_pol_route+0x1c5/0x1190 net/ipv6/route.c:2218
 pol_lookup_func include/net/ip6_fib.h:582 [inline]
 fib6_rule_lookup+0x111/0x6f0 net/ipv6/fib6_rules.c:116
 ip6_route_input_lookup net/ipv6/route.c:2287 [inline]
 ip6_route_input+0x619/0xb90 net/ipv6/route.c:2583
 ip6_rcv_finish_core.constprop.0+0x1a4/0x5d0 net/ipv6/ip6_input.c:66
 ip6_rcv_finish+0x12c/0x2c0 net/ipv6/ip6_input.c:77
 ip_sabotage_in net/bridge/br_netfilter_hooks.c:872 [inline]
 ip_sabotage_in+0x1fa/0x260 net/bridge/br_netfilter_hooks.c:863
 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
 nf_hook_slow+0xc5/0x1f0 net/netfilter/core.c:620
 nf_hook.constprop.0+0x3ac/0x650 include/linux/netfilter.h:262
 NF_HOOK include/linux/netfilter.h:305 [inline]
 ipv6_rcv+0x9e/0x380 net/ipv6/ip6_input.c:309
 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5485
 __netif_receive_skb+0x1f/0x1c0 net/core/dev.c:5599
 netif_receive_skb_internal net/core/dev.c:5685 [inline]
 netif_receive_skb+0x12f/0x8d0 net/core/dev.c:5744
 NF_HOOK include/linux/netfilter.h:307 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 br_pass_frame_up+0x303/0x410 net/bridge/br_input.c:68
 br_handle_frame_finish+0x909/0x1aa0 net/bridge/br_input.c:199
 br_nf_hook_thresh+0x2f8/0x3d0 net/bridge/br_netfilter_hooks.c:1039
 br_nf_pre_routing_finish_ipv6+0x695/0xe20 net/bridge/br_netfilter_ipv6.c:206
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_nf_pre_routing_ipv6+0x417/0x7c0 net/bridge/br_netfilter_ipv6.c:236
 br_nf_pre_routing+0x1496/0x1fe0 net/bridge/br_netfilter_hooks.c:505
 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:255 [inline]
 br_handle_frame+0x9c9/0x12d0 net/bridge/br_input.c:399
 __netif_receive_skb_core+0x9fe/0x38f0 net/core/dev.c:5379
 __netif_receive_skb_one_core+0xae/0x180 net/core/dev.c:5483
 __netif_receive_skb+0x1f/0x1c0 net/core/dev.c:5599
 process_backlog+0x3a0/0x7c0 net/core/dev.c:5927
 __napi_poll+0xb3/0x6d0 net/core/dev.c:6511
 napi_poll net/core/dev.c:6578 [inline]
 net_rx_action+0x9c1/0xd90 net/core/dev.c:6689
 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571
 run_ksoftirqd kernel/softirq.c:934 [inline]
 run_ksoftirqd+0x2d/0x60 kernel/softirq.c:926
 smpboot_thread_fn+0x645/0x9c0 kernel/smpboot.c:164
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
vkms_vblank_simulate: vblank timer overrun