INFO: task kworker/u4:4:1116 blocked for more than 143 seconds.
Not tainted 5.15.0-rc5-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:4 state:D stack:23776 pid: 1116 ppid: 2 flags:0x00004000
Workqueue: netns cleanup_net
Call Trace:
context_switch kernel/sched/core.c:4940 [inline]
__schedule+0xb44/0x5960 kernel/sched/core.c:6287
schedule+0xd3/0x270 kernel/sched/core.c:6366
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425
__mutex_lock_common kernel/locking/mutex.c:669 [inline]
__mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729
devlink_pernet_pre_exit+0x84/0x370 net/core/devlink.c:11506
ops_pre_exit_list net/core/net_namespace.c:158 [inline]
cleanup_net+0x451/0xb00 net/core/net_namespace.c:581
process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297
worker_thread+0x658/0x11f0 kernel/workqueue.c:2444
kthread+0x3e5/0x4d0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task kworker/0:22:1886 blocked for more than 143 seconds.
Not tainted 5.15.0-rc5-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:22 state:D stack:27680 pid: 1886 ppid: 2 flags:0x00004000
Workqueue: events nsim_dev_trap_report_work
Call Trace:
context_switch kernel/sched/core.c:4940 [inline]
__schedule+0xb44/0x5960 kernel/sched/core.c:6287
schedule+0xd3/0x270 kernel/sched/core.c:6366
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425
__mutex_lock_common kernel/locking/mutex.c:669 [inline]
__mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729
nsim_dev_trap_report_work+0x5d/0xbc0 drivers/net/netdevsim/dev.c:757
process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297
worker_thread+0x658/0x11f0 kernel/workqueue.c:2444
kthread+0x3e5/0x4d0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task syz-executor.0:2467 blocked for more than 143 seconds.
Not tainted 5.15.0-rc5-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0 state:D stack:26264 pid: 2467 ppid: 6567 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:4940 [inline]
__schedule+0xb44/0x5960 kernel/sched/core.c:6287
schedule+0xd3/0x270 kernel/sched/core.c:6366
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425
__mutex_lock_common kernel/locking/mutex.c:669 [inline]
__mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729
devlink_pernet_pre_exit+0x84/0x370 net/core/devlink.c:11506
ops_pre_exit_list net/core/net_namespace.c:158 [inline]
setup_net+0x587/0xa30 net/core/net_namespace.c:343
copy_net_ns+0x319/0x760 net/core/net_namespace.c:470
create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0xc1/0x1f0 kernel/nsproxy.c:226
ksys_unshare+0x445/0x920 kernel/fork.c:3077
__do_sys_unshare kernel/fork.c:3151 [inline]
__se_sys_unshare kernel/fork.c:3149 [inline]
__x64_sys_unshare+0x2d/0x40 kernel/fork.c:3149
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f28f4f13a39
RSP: 002b:00007f28f2468188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007f28f5017020 RCX: 00007f28f4f13a39
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
RBP: 00007f28f4f6dc5f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff23b767df R14: 00007f28f2468300 R15: 0000000000022000
INFO: task syz-executor.0:2475 blocked for more than 143 seconds.
Not tainted 5.15.0-rc5-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0 state:D stack:25864 pid: 2475 ppid: 6567 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:4940 [inline]
__schedule+0xb44/0x5960 kernel/sched/core.c:6287
schedule+0xd3/0x270 kernel/sched/core.c:6366
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425
__mutex_lock_common kernel/locking/mutex.c:669 [inline]
__mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729
ip_tunnel_init_net+0x2d5/0x9d0 net/ipv4/ip_tunnel.c:1069
ops_init+0xaf/0x470 net/core/net_namespace.c:140
setup_net+0x40f/0xa30 net/core/net_namespace.c:326
copy_net_ns+0x319/0x760 net/core/net_namespace.c:470
create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0xc1/0x1f0 kernel/nsproxy.c:226
ksys_unshare+0x445/0x920 kernel/fork.c:3077
__do_sys_unshare kernel/fork.c:3151 [inline]
__se_sys_unshare kernel/fork.c:3149 [inline]
__x64_sys_unshare+0x2d/0x40 kernel/fork.c:3149
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f28f4f13a39
RSP: 002b:00007f28f2447188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007f28f50170e0 RCX: 00007f28f4f13a39
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
RBP: 00007f28f4f6dc5f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff23b767df R14: 00007f28f2447300 R15: 0000000000022000
INFO: task syz-executor.4:2462 blocked for more than 144 seconds.
Not tainted 5.15.0-rc5-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4 state:D stack:26544 pid: 2462 ppid: 6589 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:4940 [inline]
__schedule+0xb44/0x5960 kernel/sched/core.c:6287
schedule+0xd3/0x270 kernel/sched/core.c:6366
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425
__mutex_lock_common kernel/locking/mutex.c:669 [inline]
__mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729
wg_netns_pre_exit+0x15/0x190 drivers/net/wireguard/device.c:402
ops_pre_exit_list net/core/net_namespace.c:158 [inline]
setup_net+0x587/0xa30 net/core/net_namespace.c:343
copy_net_ns+0x319/0x760 net/core/net_namespace.c:470
create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0xc1/0x1f0 kernel/nsproxy.c:226
ksys_unshare+0x445/0x920 kernel/fork.c:3077
__do_sys_unshare kernel/fork.c:3151 [inline]
__se_sys_unshare kernel/fork.c:3149 [inline]
__x64_sys_unshare+0x2d/0x40 kernel/fork.c:3149
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efea23a0a39
RSP: 002b:00007efe9f8f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007efea24a4020 RCX: 00007efea23a0a39
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c060000
RBP: 00007efea23fac5f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdd830169f R14: 00007efe9f8f5300 R15: 0000000000022000
INFO: task syz-executor.1:2556 blocked for more than 144 seconds.
Not tainted 5.15.0-rc5-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1 state:D stack:28480 pid: 2556 ppid: 6569 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:4940 [inline]
__schedule+0xb44/0x5960 kernel/sched/core.c:6287
schedule+0xd3/0x270 kernel/sched/core.c:6366
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425
__mutex_lock_common kernel/locking/mutex.c:669 [inline]
__mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729
genl_lock net/netlink/genetlink.c:33 [inline]
genl_rcv_msg+0x3e0/0x580 net/netlink/genetlink.c:790
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2491
genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x86d/0xda0 net/netlink/af_netlink.c:1916
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:724
__sys_sendto+0x21c/0x320 net/socket.c:2036
__do_sys_sendto net/socket.c:2048 [inline]
__se_sys_sendto net/socket.c:2044 [inline]
__x64_sys_sendto+0xdd/0x1b0 net/socket.c:2044
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f8afca8f7fc
RSP: 002b:00007f8af9fac020 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f8af9fac110 RCX: 00007f8afca8f7fc
RDX: 0000000000000020 RSI: 00007f8af9fac160 RDI: 0000000000000007
RBP: 0000000000000000 R08: 00007f8af9fac074 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 00007f8af9fac0c8
R13: 00007f8af9fac160 R14: 0000000000000007 R15: 0000000000000000
INFO: task syz-executor.1:2557 blocked for more than 144 seconds.
Not tainted 5.15.0-rc5-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1 state:D stack:28008 pid: 2557 ppid: 6569 flags:0x00000004
Call Trace:
context_switch kernel/sched/core.c:4940 [inline]
__schedule+0xb44/0x5960 kernel/sched/core.c:6287
schedule+0xd3/0x270 kernel/sched/core.c:6366
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425
__mutex_lock_common kernel/locking/mutex.c:669 [inline]
__mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729
genl_lock net/netlink/genetlink.c:33 [inline]
genl_rcv_msg+0x3e0/0x580 net/netlink/genetlink.c:790
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2491
genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x86d/0xda0 net/netlink/af_netlink.c:1916
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:724
____sys_sendmsg+0x6e8/0x810 net/socket.c:2409
___sys_sendmsg+0xf3/0x170 net/socket.c:2463
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2492
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f8afcadca39
RSP: 002b:00007f8af9f8c188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f8afcbe03e0 RCX: 00007f8afcadca39
RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000006
RBP: 00007f8afcb36c5f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc393b4bdf R14: 00007f8af9f8c300 R15: 0000000000022000
Showing all locks held in the system:
1 lock held by ksoftirqd/0/13:
#0: ffff8880b9c31a58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2b/0x120 kernel/sched/core.c:474
1 lock held by khungtaskd/26:
#0: ffffffff8b981ee0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446
4 locks held by kworker/u4:4/1116:
#0: ffff888144193138 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888144193138 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888144193138 ((wq_completion)netns){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
#0: ffff888144193138 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline]
#0: ffff888144193138 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline]
#0: ffff888144193138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x8a3/0x16b0 kernel/workqueue.c:2268
#1: ffffc90004dafdb0 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8d7/0x16b0 kernel/workqueue.c:2272
#2: ffffffff8d0d5990 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9b/0xb00 net/core/net_namespace.c:555
#3: ffffffff8d115388 (devlink_mutex){+.+.}-{3:3}, at: devlink_pernet_pre_exit+0x84/0x370 net/core/devlink.c:11506
2 locks held by kworker/u4:5/1216:
#0: ffff8880b9c31a58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2b/0x120 kernel/sched/core.c:474
#1: ffff8880b9c1f9c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39d/0x480 kernel/sched/psi.c:880
1 lock held by in:imklog/6261:
#0: ffff8880260f74f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:990
3 locks held by kworker/0:20/18043:
#0: ffff888024eb7d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888024eb7d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888024eb7d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
#0: ffff888024eb7d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline]
#0: ffff888024eb7d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline]
#0: ffff888024eb7d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x8a3/0x16b0 kernel/workqueue.c:2268
#1: ffffc90008d6fdb0 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x8d7/0x16b0 kernel/workqueue.c:2272
#2: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4590
3 locks held by kworker/1:21/18696:
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x8a3/0x16b0 kernel/workqueue.c:2268
#1: ffffc90004dbfdb0 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x8d7/0x16b0 kernel/workqueue.c:2272
#2: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:74
3 locks held by kworker/0:22/1886:
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline]
#0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x8a3/0x16b0 kernel/workqueue.c:2268
#1: ffffc90005a6fdb0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8d7/0x16b0 kernel/workqueue.c:2272
#2: ffff888078384400 (&nsim_dev->port_list_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x5d/0xbc0 drivers/net/netdevsim/dev.c:757
2 locks held by syz-executor.0/2467:
#0: ffffffff8d0d5990 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2f5/0x760 net/core/net_namespace.c:466
#1: ffffffff8d115388 (devlink_mutex){+.+.}-{3:3}, at: devlink_pernet_pre_exit+0x84/0x370 net/core/devlink.c:11506
2 locks held by syz-executor.0/2475:
#0: ffffffff8d0d5990 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2f5/0x760 net/core/net_namespace.c:466
#1: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x2d5/0x9d0 net/ipv4/ip_tunnel.c:1069
2 locks held by syz-executor.4/2462:
#0: ffffffff8d0d5990 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2f5/0x760 net/core/net_namespace.c:466
#1: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x15/0x190 drivers/net/wireguard/device.c:402
6 locks held by syz-executor.1/2528:
#0: ffffffff8d17b4f0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 net/netlink/genetlink.c:802
#1: ffffffff8d17b5a8 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline]
#1: ffffffff8d17b5a8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 net/netlink/genetlink.c:790
#2: ffffffff8d115388 (devlink_mutex){+.+.}-{3:3}, at: devlink_nl_pre_doit+0x2b/0xa00 net/core/devlink.c:575
#3: ffff888078381658 (&nsim_bus_dev->nsim_bus_reload_lock){+.+.}-{3:3}, at: nsim_dev_reload_down+0x4d/0x180 drivers/net/netdevsim/dev.c:870
#4: ffff888078384400 (&nsim_dev->port_list_lock){+.+.}-{3:3}, at: nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1359 [inline]
#4: ffff888078384400 (&nsim_dev->port_list_lock){+.+.}-{3:3}, at: nsim_dev_reload_destroy+0x13d/0x2f0 drivers/net/netdevsim/dev.c:1555
#5: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x35/0x190 drivers/net/netdevsim/netdev.c:381
2 locks held by syz-executor.1/2556:
#0: ffffffff8d17b4f0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 net/netlink/genetlink.c:802
#1: ffffffff8d17b5a8 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline]
#1: ffffffff8d17b5a8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 net/netlink/genetlink.c:790
2 locks held by syz-executor.1/2557:
#0: ffffffff8d17b4f0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 net/netlink/genetlink.c:802
#1: ffffffff8d17b5a8 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline]
#1: ffffffff8d17b5a8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 net/netlink/genetlink.c:790
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 26 Comm: khungtaskd Not tainted 5.15.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:105
nmi_trigger_cpumask_backtrace+0x1ae/0x220 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
watchdog+0xc1d/0xf50 kernel/hung_task.c:295
kthread+0x3e5/0x4d0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 254 Comm: kworker/u4:3 Not tainted 5.15.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bond4 bond_mii_monitor
RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x69/0x70 kernel/kcov.c:293
Code: 3c cd 28 00 00 00 48 39 fe 72 1f 48 83 c2 01 4c 89 44 38 e8 48 c7 44 38 e0 07 00 00 00 48 89 4c 38 f0 4e 89 54 c8 20 48 89 10 <c3> 66 0f 1f 44 00 00 49 89 f8 bf 03 00 00 00 4c 8b 14 24 48 89 f1
RSP: 0018:ffffc90001f6fa48 EFLAGS: 00000046
RAX: 0000000000000000 RBX: ffff8880b9c20240 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff888018068000 RDI: 0000000000000003
RBP: ffff888075f4cf28 R08: 0000000000000000 R09: 0000000000000003
R10: ffffffff8166355d R11: 0000000000000000 R12: ffff8880b9c20288
R13: ffff8880b9c20240 R14: 0000000000000000 R15: 00000000ffffffff
FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f40b9e52018 CR3: 000000001bcbd000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
forward_timer_base kernel/time/timer.c:911 [inline]
__mod_timer+0x74d/0xe30 kernel/time/timer.c:1046
__queue_delayed_work+0x1a7/0x270 kernel/workqueue.c:1677
queue_delayed_work_on+0x105/0x120 kernel/workqueue.c:1702
queue_delayed_work include/linux/workqueue.h:516 [inline]
bond_mii_monitor+0xb5b/0x1af0 drivers/net/bonding/bond_main.c:2759
process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297
worker_thread+0x658/0x11f0 kernel/workqueue.c:2444
kthread+0x3e5/0x4d0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
----------------
Code disassembly (best guess):
0: 3c cd cmp $0xcd,%al
2: 28 00 sub %al,(%rax)
4: 00 00 add %al,(%rax)
6: 48 39 fe cmp %rdi,%rsi
9: 72 1f jb 0x2a
b: 48 83 c2 01 add $0x1,%rdx
f: 4c 89 44 38 e8 mov %r8,-0x18(%rax,%rdi,1)
14: 48 c7 44 38 e0 07 00 movq $0x7,-0x20(%rax,%rdi,1)
1b: 00 00
1d: 48 89 4c 38 f0 mov %rcx,-0x10(%rax,%rdi,1)
22: 4e 89 54 c8 20 mov %r10,0x20(%rax,%r9,8)
27: 48 89 10 mov %rdx,(%rax)
* 2a: c3 retq <-- trapping instruction
2b: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
31: 49 89 f8 mov %rdi,%r8
34: bf 03 00 00 00 mov $0x3,%edi
39: 4c 8b 14 24 mov (%rsp),%r10
3d: 48 89 f1 mov %rsi,%rcx