./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2975903883 <...> Warning: Permanently added '10.128.0.200' (ECDSA) to the list of known hosts. execve("./syz-executor2975903883", ["./syz-executor2975903883"], 0x7ffdc49c57b0 /* 10 vars */) = 0 brk(NULL) = 0x555555a8f000 brk(0x555555a8fc40) = 0x555555a8fc40 arch_prctl(ARCH_SET_FS, 0x555555a8f300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2975903883", 4096) = 28 brk(0x555555ab0c40) = 0x555555ab0c40 brk(0x555555ab1000) = 0x555555ab1000 mprotect(0x7f84eb922000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3629 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "3629", 4) = 4 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a8f5d0) = 3630 ./strace-static-x86_64: Process 3630 attached [pid 3630] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3629] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3630] <... clone resumed>, child_tidptr=0x555555a8f5d0) = 3631 ./strace-static-x86_64: Process 3631 attached [pid 3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3631] setpgid(0, 0) = 0 [pid 3631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 3632 attached [pid 3629] <... clone resumed>, child_tidptr=0x555555a8f5d0) = 3632 [pid 3629] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3632] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3631] close(3 [pid 3629] <... clone resumed>, child_tidptr=0x555555a8f5d0) = 3633 [pid 3629] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3631] <... close resumed>) = 0 [pid 3631] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = 3 [pid 3631] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x5c\x00\x00\x00\x02\x06\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x05\x00\x02\x00\x00\x00\x05\x00\x04\x00\x00\x00\x00\x00\x05\x00\x01\x00\x07\x00\x00\x00\x09\x00\x02\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x0d\x00\x03\x00\x68\x61\x73\x68\x3a\x6e\x65\x74\x00\x00\x00\x00\x14\x00\x07\x80\x05\x00\x15\x00\x07\x00\x00\x00\x08\x00\x11\x00\x00\x00\x00\x00", iov_len=92}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3629] <... clone resumed>, child_tidptr=0x555555a8f5d0) = 3634 [pid 3629] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3631] <... sendmsg resumed>) = 92 [pid 3629] <... clone resumed>, child_tidptr=0x555555a8f5d0) = 3635 [pid 3629] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3631] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER [pid 3632] <... clone resumed>, child_tidptr=0x555555a8f5d0) = 3636 [pid 3631] <... socket resumed>) = 4 [pid 3629] <... clone resumed>, child_tidptr=0x555555a8f5d0) = 3637 ./strace-static-x86_64: Process 3637 attached ./strace-static-x86_64: Process 3633 attached ./strace-static-x86_64: Process 3635 attached [pid 3631] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x44\x00\x00\x00\x09\x06\x01\x04\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x09\x00\x02\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x1c\x00\x07\x80\x0c\x00\x01\x80\x08\x00\x01\x40\xac\x14\x14\x00\x0c\x00\x02\x80\x08\x00\x01\x40\x0a\x01\x01\x00\x05\x00\x01\x00\x07\x00\x00\x00", iov_len=68}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_DONTROUTE}, 0./strace-static-x86_64: Process 3634 attached [pid 3633] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3635] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3637] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3633] <... clone resumed>, child_tidptr=0x555555a8f5d0) = 3639 [pid 3635] <... clone resumed>, child_tidptr=0x555555a8f5d0) = 3638 [pid 3637] <... clone resumed>, child_tidptr=0x555555a8f5d0) = 3640 ./strace-static-x86_64: Process 3638 attached [pid 3638] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 3640 attached [pid 3640] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3638] <... prctl resumed>) = 0 [pid 3638] setpgid(0, 0) = 0 [pid 3638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3640] <... prctl resumed>) = 0 [pid 3640] setpgid(0, 0./strace-static-x86_64: Process 3639 attached ./strace-static-x86_64: Process 3636 attached [pid 3638] <... openat resumed>) = 3 [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3640] <... setpgid resumed>) = 0 [pid 3638] write(3, "1000", 4 [pid 3636] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3638] <... write resumed>) = 4 [pid 3636] <... prctl resumed>) = 0 [pid 3640] <... openat resumed>) = 3 [pid 3638] close(3 [pid 3636] setpgid(0, 0 [pid 3640] write(3, "1000", 4 [pid 3638] <... close resumed>) = 0 [pid 3636] <... setpgid resumed>) = 0 [pid 3640] <... write resumed>) = 4 [pid 3638] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER [pid 3636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3640] close(3 [pid 3638] <... socket resumed>) = 3 [pid 3636] <... openat resumed>) = 3 [pid 3640] <... close resumed>) = 0 [pid 3638] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x5c\x00\x00\x00\x02\x06\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x05\x00\x02\x00\x00\x00\x05\x00\x04\x00\x00\x00\x00\x00\x05\x00\x01\x00\x07\x00\x00\x00\x09\x00\x02\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x0d\x00\x03\x00\x68\x61\x73\x68\x3a\x6e\x65\x74\x00\x00\x00\x00\x14\x00\x07\x80\x05\x00\x15\x00\x07\x00\x00\x00\x08\x00\x11\x00\x00\x00\x00\x00", iov_len=92}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3636] write(3, "1000", 4./strace-static-x86_64: Process 3641 attached [pid 3640] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER [pid 3639] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3636] <... write resumed>) = 4 [pid 3634] <... clone resumed>, child_tidptr=0x555555a8f5d0) = 3641 [pid 3640] <... socket resumed>) = 3 [pid 3636] close(3 [pid 3640] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x5c\x00\x00\x00\x02\x06\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x05\x00\x02\x00\x00\x00\x05\x00\x04\x00\x00\x00\x00\x00\x05\x00\x01\x00\x07\x00\x00\x00\x09\x00\x02\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x0d\x00\x03\x00\x68\x61\x73\x68\x3a\x6e\x65\x74\x00\x00\x00\x00\x14\x00\x07\x80\x05\x00\x15\x00\x07\x00\x00\x00\x08\x00\x11\x00\x00\x00\x00\x00", iov_len=92}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3636] <... close resumed>) = 0 [pid 3636] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = 3 [pid 3636] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x5c\x00\x00\x00\x02\x06\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x05\x00\x02\x00\x00\x00\x05\x00\x04\x00\x00\x00\x00\x00\x05\x00\x01\x00\x07\x00\x00\x00\x09\x00\x02\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x0d\x00\x03\x00\x68\x61\x73\x68\x3a\x6e\x65\x74\x00\x00\x00\x00\x14\x00\x07\x80\x05\x00\x15\x00\x07\x00\x00\x00\x08\x00\x11\x00\x00\x00\x00\x00", iov_len=92}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3639] <... prctl resumed>) = 0 [pid 3639] setpgid(0, 0) = 0 [pid 3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3641] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3639] <... openat resumed>) = 3 [pid 3641] <... prctl resumed>) = 0 [pid 3639] write(3, "1000", 4 [pid 3641] setpgid(0, 0 [pid 3639] <... write resumed>) = 4 [pid 3641] <... setpgid resumed>) = 0 [pid 3639] close(3 [pid 3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3639] <... close resumed>) = 0 [pid 3641] <... openat resumed>) = 3 [pid 3639] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER [pid 3641] write(3, "1000", 4 [pid 3639] <... socket resumed>) = 3 [pid 3641] <... write resumed>) = 4 [pid 3639] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x5c\x00\x00\x00\x02\x06\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x05\x00\x02\x00\x00\x00\x05\x00\x04\x00\x00\x00\x00\x00\x05\x00\x01\x00\x07\x00\x00\x00\x09\x00\x02\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x0d\x00\x03\x00\x68\x61\x73\x68\x3a\x6e\x65\x74\x00\x00\x00\x00\x14\x00\x07\x80\x05\x00\x15\x00\x07\x00\x00\x00\x08\x00\x11\x00\x00\x00\x00\x00", iov_len=92}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3641] close(3) = 0 [pid 3641] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = 3 [pid 3641] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x5c\x00\x00\x00\x02\x06\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x05\x00\x02\x00\x00\x00\x05\x00\x04\x00\x00\x00\x00\x00\x05\x00\x01\x00\x07\x00\x00\x00\x09\x00\x02\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x0d\x00\x03\x00\x68\x61\x73\x68\x3a\x6e\x65\x74\x00\x00\x00\x00\x14\x00\x07\x80\x05\x00\x15\x00\x07\x00\x00\x00\x08\x00\x11\x00\x00\x00\x00\x00", iov_len=92}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 3630] kill(-3631, SIGKILL) = 0 [pid 3630] kill(3631, SIGKILL) = 0 [pid 3632] kill(-3636, SIGKILL) = 0 [pid 3632] kill(3636, SIGKILL) = 0 [pid 3635] kill(-3638, SIGKILL [pid 3633] kill(-3639, SIGKILL [pid 3635] <... kill resumed>) = 0 [pid 3633] <... kill resumed>) = 0 [pid 3637] kill(-3640, SIGKILL [pid 3635] kill(3638, SIGKILL [pid 3633] kill(3639, SIGKILL [pid 3637] <... kill resumed>) = 0 [pid 3635] <... kill resumed>) = 0 [pid 3633] <... kill resumed>) = 0 [pid 3637] kill(3640, SIGKILL) = 0 [pid 3634] kill(-3641, SIGKILL) = 0 [pid 3634] kill(3641, SIGKILL) = 0 [pid 3630] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3630] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3630] getdents64(3, 0x555555a90620 /* 2 entries */, 32768) = 48 [pid 3630] getdents64(3, 0x555555a90620 /* 0 entries */, 32768) = 0 [pid 3630] close(3) = 0 [pid 3635] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3635] fstat(3, [pid 3637] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3637] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3635] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3637] getdents64(3, [pid 3635] getdents64(3, [pid 3632] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3637] <... getdents64 resumed>0x555555a90620 /* 2 entries */, 32768) = 48 [pid 3635] <... getdents64 resumed>0x555555a90620 /* 2 entries */, 32768) = 48 [pid 3632] <... openat resumed>) = 3 [pid 3637] getdents64(3, [pid 3635] getdents64(3, [pid 3632] fstat(3, [pid 3637] <... getdents64 resumed>0x555555a90620 /* 0 entries */, 32768) = 0 [pid 3635] <... getdents64 resumed>0x555555a90620 /* 0 entries */, 32768) = 0 [pid 3632] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3637] close(3 [pid 3635] close(3 [pid 3632] getdents64(3, [pid 3637] <... close resumed>) = 0 [pid 3635] <... close resumed>) = 0 [pid 3632] <... getdents64 resumed>0x555555a90620 /* 2 entries */, 32768) = 48 [pid 3632] getdents64(3, 0x555555a90620 /* 0 entries */, 32768) = 0 [pid 3632] close(3) = 0 [pid 3633] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3633] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3633] getdents64(3, 0x555555a90620 /* 2 entries */, 32768) = 48 [pid 3633] getdents64(3, 0x555555a90620 /* 0 entries */, 32768) = 0 [pid 3633] close(3) = 0 [pid 3634] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3634] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3634] getdents64(3, 0x555555a90620 /* 2 entries */, 32768) = 48 [pid 3634] getdents64(3, 0x555555a90620 /* 0 entries */, 32768) = 0 [pid 3634] close(3) = 0 syzkaller login: [ 75.877388][ T22] cfg80211: failed to load regulatory.db [ 215.396048][ T28] INFO: task syz-executor297:3636 blocked for more than 143 seconds. [ 215.404241][ T28] Not tainted 6.1.0-rc8-syzkaller-00148-g0d1409e4ff08 #0 [ 215.412217][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 215.421078][ T28] task:syz-executor297 state:D stack:27952 pid:3636 ppid:3632 flags:0x00004004 [ 215.430440][ T28] Call Trace: [ 215.433778][ T28] [ 215.437298][ T28] __schedule+0xae9/0x53f0 [ 215.441840][ T28] ? io_schedule_timeout+0x150/0x150 [ 215.447426][ T28] schedule+0xde/0x1b0 [ 215.451550][ T28] schedule_preempt_disabled+0x13/0x20 [ 215.457372][ T28] __mutex_lock+0xa48/0x1360 [ 215.462021][ T28] ? nfnetlink_rcv_msg+0xaae/0x1430 [ 215.467526][ T28] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 215.473122][ T28] ? nfnetlink_rcv_msg+0xa74/0x1430 [ 215.478670][ T28] ? __nla_parse+0x41/0x50 [ 215.483139][ T28] nfnetlink_rcv_msg+0xaae/0x1430 [ 215.488470][ T28] ? nfnetlink_unbind+0x3d0/0x3d0 [ 215.493549][ T28] ? kernel_text_address+0x3d/0x80 [ 215.499011][ T28] ? __kernel_text_address+0xd/0x30 [ 215.504267][ T28] ? __lock_acquire+0xbc3/0x56d0 [ 215.509527][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 215.515551][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 215.522014][ T28] ? netlink_sendmsg+0x9a6/0xe10 [ 215.527173][ T28] ? kasan_save_stack+0x35/0x40 [ 215.532069][ T28] netlink_rcv_skb+0x157/0x430 [ 215.537177][ T28] ? nfnetlink_unbind+0x3d0/0x3d0 [ 215.542243][ T28] ? netlink_ack+0xd60/0xd60 [ 215.547096][ T28] ? ns_capable+0xdd/0x100 [ 215.551549][ T28] nfnetlink_rcv+0x1b0/0x420 [ 215.556478][ T28] ? nfnetlink_rcv_batch+0x2600/0x2600 [ 215.561974][ T28] ? netlink_deliver_tap+0x1b1/0xc50 [ 215.567537][ T28] netlink_unicast+0x547/0x7f0 [ 215.572362][ T28] ? netlink_attachskb+0x890/0x890 [ 215.577826][ T28] ? __virt_addr_valid+0x61/0x2e0 [ 215.582888][ T28] ? __phys_addr_symbol+0x30/0x70 [ 215.588177][ T28] ? __check_object_size+0x2e2/0x5a0 [ 215.593511][ T28] netlink_sendmsg+0x91b/0xe10 [ 215.598604][ T28] ? netlink_unicast+0x7f0/0x7f0 [ 215.603671][ T28] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 215.609192][ T28] ? netlink_unicast+0x7f0/0x7f0 [ 215.614177][ T28] sock_sendmsg+0xd3/0x120 [ 215.618899][ T28] ____sys_sendmsg+0x712/0x8c0 [ 215.623704][ T28] ? copy_msghdr_from_user+0xfc/0x150 [ 215.629349][ T28] ? kernel_sendmsg+0x50/0x50 [ 215.634076][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 215.640533][ T28] ___sys_sendmsg+0x110/0x1b0 [ 215.645268][ T28] ? do_recvmmsg+0x6e0/0x6e0 [ 215.650152][ T28] ? lock_release+0x810/0x810 [ 215.654880][ T28] ? ptrace_stop.part.0+0x49a/0x8c0 [ 215.660431][ T28] ? do_raw_spin_lock+0x124/0x2b0 [ 215.665508][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 215.670782][ T28] ? _raw_spin_lock_irq+0x45/0x50 [ 215.676129][ T28] ? __fget_light+0x20a/0x270 [ 215.680858][ T28] __sys_sendmsg+0xf7/0x1c0 [ 215.685377][ T28] ? __sys_sendmsg_sock+0x40/0x40 [ 215.690713][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 215.695636][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 215.701169][ T28] ? _raw_spin_unlock_irq+0x2e/0x50 [ 215.706625][ T28] ? ptrace_notify+0xfe/0x140 [ 215.711346][ T28] do_syscall_64+0x39/0xb0 [ 215.715780][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 215.722050][ T28] RIP: 0033:0x7f84eb8bcd49 [ 215.727187][ T28] RSP: 002b:00007fff9090b4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 215.735676][ T28] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f84eb8bcd49 [ 215.743979][ T28] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 215.752297][ T28] RBP: 0000000000000000 R08: 0000000000000140 R09: 0000000000000140 [ 215.760636][ T28] R10: 00007fff9090af40 R11: 0000000000000246 R12: 00007fff9090b4e0 [ 215.768843][ T28] R13: 00007fff9090b500 R14: 00007fff9090b5e0 R15: 00007f84eb8f90ba [ 215.777110][ T28] [ 215.780325][ T28] INFO: task syz-executor297:3638 blocked for more than 143 seconds. [ 215.788646][ T28] Not tainted 6.1.0-rc8-syzkaller-00148-g0d1409e4ff08 #0 [ 215.796450][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 215.805229][ T28] task:syz-executor297 state:D stack:27688 pid:3638 ppid:3635 flags:0x00004004 [ 215.814726][ T28] Call Trace: [ 215.818224][ T28] [ 215.821179][ T28] __schedule+0xae9/0x53f0 [ 215.825721][ T28] ? io_schedule_timeout+0x150/0x150 [ 215.831364][ T28] schedule+0xde/0x1b0 [ 215.835480][ T28] schedule_preempt_disabled+0x13/0x20 [ 215.841231][ T28] __mutex_lock+0xa48/0x1360 [ 215.846023][ T28] ? nfnetlink_rcv_msg+0xaae/0x1430 [ 215.851255][ T28] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 215.857071][ T28] ? nfnetlink_rcv_msg+0xa74/0x1430 [ 215.862400][ T28] ? __nla_parse+0x41/0x50 [ 215.867276][ T28] nfnetlink_rcv_msg+0xaae/0x1430 [ 215.872346][ T28] ? nfnetlink_unbind+0x3d0/0x3d0 [ 215.877725][ T28] ? kernel_text_address+0x3d/0x80 [ 215.882892][ T28] ? __kernel_text_address+0xd/0x30 [ 215.888403][ T28] ? __lock_acquire+0xbc3/0x56d0 [ 215.893410][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 215.899682][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 215.905725][ T28] ? netlink_sendmsg+0x9a6/0xe10 [ 215.910926][ T28] ? kasan_save_stack+0x35/0x40 [ 215.916032][ T28] netlink_rcv_skb+0x157/0x430 [ 215.920849][ T28] ? nfnetlink_unbind+0x3d0/0x3d0 [ 215.926140][ T28] ? netlink_ack+0xd60/0xd60 [ 215.930797][ T28] ? ns_capable+0xdd/0x100 [ 215.935238][ T28] nfnetlink_rcv+0x1b0/0x420 [ 215.940243][ T28] ? nfnetlink_rcv_batch+0x2600/0x2600 [ 215.945747][ T28] ? netlink_deliver_tap+0x1b1/0xc50 [ 215.951333][ T28] netlink_unicast+0x547/0x7f0 [ 215.956332][ T28] ? netlink_attachskb+0x890/0x890 [ 215.961486][ T28] ? __virt_addr_valid+0x61/0x2e0 [ 215.966766][ T28] ? __phys_addr_symbol+0x30/0x70 [ 215.971836][ T28] ? __check_object_size+0x2e2/0x5a0 [ 215.977493][ T28] netlink_sendmsg+0x91b/0xe10 [ 215.982286][ T28] ? netlink_unicast+0x7f0/0x7f0 [ 215.987476][ T28] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 215.992788][ T28] ? netlink_unicast+0x7f0/0x7f0 [ 215.998008][ T28] sock_sendmsg+0xd3/0x120 [ 216.002465][ T28] ____sys_sendmsg+0x712/0x8c0 [ 216.007561][ T28] ? copy_msghdr_from_user+0xfc/0x150 [ 216.012962][ T28] ? kernel_sendmsg+0x50/0x50 [ 216.017905][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 216.023919][ T28] ___sys_sendmsg+0x110/0x1b0 [ 216.028796][ T28] ? do_recvmmsg+0x6e0/0x6e0 [ 216.033432][ T28] ? lock_release+0x810/0x810 [ 216.038345][ T28] ? ptrace_stop.part.0+0x49a/0x8c0 [ 216.043583][ T28] ? do_raw_spin_lock+0x124/0x2b0 [ 216.048801][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 216.053768][ T28] ? _raw_spin_lock_irq+0x45/0x50 [ 216.059040][ T28] ? __fget_light+0x20a/0x270 [ 216.063849][ T28] __sys_sendmsg+0xf7/0x1c0 [ 216.068598][ T28] ? __sys_sendmsg_sock+0x40/0x40 [ 216.073672][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 216.078816][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 216.084038][ T28] ? _raw_spin_unlock_irq+0x2e/0x50 [ 216.090628][ T28] ? ptrace_notify+0xfe/0x140 [ 216.095358][ T28] do_syscall_64+0x39/0xb0 [ 216.100003][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 216.106076][ T28] RIP: 0033:0x7f84eb8bcd49 [ 216.110510][ T28] RSP: 002b:00007fff9090b4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 216.119159][ T28] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f84eb8bcd49 [ 216.127304][ T28] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 216.135291][ T28] RBP: 0000000000000000 R08: 0000000000000140 R09: 0000000000000140 [ 216.143535][ T28] R10: 00007fff9090af40 R11: 0000000000000246 R12: 00007fff9090b4e0 [ 216.151745][ T28] R13: 00007fff9090b500 R14: 00007fff9090b5e0 R15: 00007f84eb8f90ba [ 216.159938][ T28] [ 216.163026][ T28] INFO: task syz-executor297:3639 blocked for more than 144 seconds. [ 216.171340][ T28] Not tainted 6.1.0-rc8-syzkaller-00148-g0d1409e4ff08 #0 [ 216.179068][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 216.187902][ T28] task:syz-executor297 state:D stack:27952 pid:3639 ppid:3633 flags:0x00004004 [ 216.197600][ T28] Call Trace: [ 216.200896][ T28] [ 216.203838][ T28] __schedule+0xae9/0x53f0 [ 216.208542][ T28] ? io_schedule_timeout+0x150/0x150 [ 216.213870][ T28] schedule+0xde/0x1b0 [ 216.218174][ T28] schedule_preempt_disabled+0x13/0x20 [ 216.223667][ T28] __mutex_lock+0xa48/0x1360 [ 216.228467][ T28] ? nfnetlink_rcv_msg+0xaae/0x1430 [ 216.233700][ T28] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 216.239495][ T28] ? nfnetlink_rcv_msg+0xa74/0x1430 [ 216.244736][ T28] ? __nla_parse+0x41/0x50 [ 216.249394][ T28] nfnetlink_rcv_msg+0xaae/0x1430 [ 216.254464][ T28] ? nfnetlink_unbind+0x3d0/0x3d0 [ 216.259727][ T28] ? kernel_text_address+0x3d/0x80 [ 216.264873][ T28] ? __kernel_text_address+0xd/0x30 [ 216.270292][ T28] ? __lock_acquire+0xbc3/0x56d0 [ 216.275275][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 216.281488][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 216.287653][ T28] ? netlink_sendmsg+0x9a6/0xe10 [ 216.292613][ T28] ? kasan_save_stack+0x35/0x40 [ 216.297698][ T28] netlink_rcv_skb+0x157/0x430 [ 216.302500][ T28] ? nfnetlink_unbind+0x3d0/0x3d0 [ 216.307876][ T28] ? netlink_ack+0xd60/0xd60 [ 216.312589][ T28] ? ns_capable+0xdd/0x100 [ 216.317254][ T28] nfnetlink_rcv+0x1b0/0x420 [ 216.321879][ T28] ? nfnetlink_rcv_batch+0x2600/0x2600 [ 216.327565][ T28] ? netlink_deliver_tap+0x1b1/0xc50 [ 216.332890][ T28] netlink_unicast+0x547/0x7f0 [ 216.337893][ T28] ? netlink_attachskb+0x890/0x890 [ 216.343041][ T28] ? __virt_addr_valid+0x61/0x2e0 [ 216.348287][ T28] ? __phys_addr_symbol+0x30/0x70 [ 216.353341][ T28] ? __check_object_size+0x2e2/0x5a0 [ 216.358908][ T28] netlink_sendmsg+0x91b/0xe10 [ 216.363795][ T28] ? netlink_unicast+0x7f0/0x7f0 [ 216.369058][ T28] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 216.374378][ T28] ? netlink_unicast+0x7f0/0x7f0 [ 216.379589][ T28] sock_sendmsg+0xd3/0x120 [ 216.384046][ T28] ____sys_sendmsg+0x712/0x8c0 [ 216.389049][ T28] ? copy_msghdr_from_user+0xfc/0x150 [ 216.394452][ T28] ? kernel_sendmsg+0x50/0x50 [ 216.399379][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 216.405402][ T28] ___sys_sendmsg+0x110/0x1b0 [ 216.410272][ T28] ? do_recvmmsg+0x6e0/0x6e0 [ 216.414897][ T28] ? lock_release+0x810/0x810 [ 216.419925][ T28] ? ptrace_stop.part.0+0x49a/0x8c0 [ 216.425176][ T28] ? do_raw_spin_lock+0x124/0x2b0 [ 216.430434][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 216.435397][ T28] ? _raw_spin_lock_irq+0x45/0x50 [ 216.440688][ T28] ? __fget_light+0x20a/0x270 [ 216.445397][ T28] __sys_sendmsg+0xf7/0x1c0 [ 216.450099][ T28] ? __sys_sendmsg_sock+0x40/0x40 [ 216.455234][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 216.460328][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 216.465596][ T28] ? _raw_spin_unlock_irq+0x2e/0x50 [ 216.471040][ T28] ? ptrace_notify+0xfe/0x140 [ 216.475760][ T28] do_syscall_64+0x39/0xb0 [ 216.480433][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 216.486555][ T28] RIP: 0033:0x7f84eb8bcd49 [ 216.490984][ T28] RSP: 002b:00007fff9090b4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 216.499683][ T28] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f84eb8bcd49 [ 216.507913][ T28] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 216.516147][ T28] RBP: 0000000000000000 R08: 0000000000000140 R09: 0000000000000140 [ 216.524143][ T28] R10: 00007fff9090af40 R11: 0000000000000246 R12: 00007fff9090b4e0 [ 216.532535][ T28] R13: 00007fff9090b500 R14: 00007fff9090b5e0 R15: 00007f84eb8f90ba [ 216.540884][ T28] [ 216.543940][ T28] INFO: task syz-executor297:3640 blocked for more than 144 seconds. [ 216.552249][ T28] Not tainted 6.1.0-rc8-syzkaller-00148-g0d1409e4ff08 #0 [ 216.560010][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 216.568900][ T28] task:syz-executor297 state:D stack:27952 pid:3640 ppid:3637 flags:0x00004004 [ 216.578347][ T28] Call Trace: [ 216.581641][ T28] [ 216.584578][ T28] __schedule+0xae9/0x53f0 [ 216.589374][ T28] ? io_schedule_timeout+0x150/0x150 [ 216.594716][ T28] schedule+0xde/0x1b0 [ 216.599277][ T28] schedule_preempt_disabled+0x13/0x20 [ 216.604786][ T28] __mutex_lock+0xa48/0x1360 [ 216.609611][ T28] ? nfnetlink_rcv_msg+0xaae/0x1430 [ 216.614845][ T28] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 216.620647][ T28] ? nfnetlink_rcv_msg+0xa74/0x1430 [ 216.626044][ T28] ? __nla_parse+0x41/0x50 [ 216.630492][ T28] nfnetlink_rcv_msg+0xaae/0x1430 [ 216.635538][ T28] ? nfnetlink_unbind+0x3d0/0x3d0 [ 216.640916][ T28] ? kernel_text_address+0x3d/0x80 [ 216.646335][ T28] ? __kernel_text_address+0xd/0x30 [ 216.651571][ T28] ? __lock_acquire+0xbc3/0x56d0 [ 216.659890][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 216.666061][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 216.672083][ T28] ? netlink_sendmsg+0x9a6/0xe10 [ 216.677233][ T28] ? kasan_save_stack+0x35/0x40 [ 216.682126][ T28] netlink_rcv_skb+0x157/0x430 [ 216.687107][ T28] ? nfnetlink_unbind+0x3d0/0x3d0 [ 216.692170][ T28] ? netlink_ack+0xd60/0xd60 [ 216.697003][ T28] ? ns_capable+0xdd/0x100 [ 216.701453][ T28] nfnetlink_rcv+0x1b0/0x420 [ 216.706707][ T28] ? nfnetlink_rcv_batch+0x2600/0x2600 [ 216.712196][ T28] ? netlink_deliver_tap+0x1b1/0xc50 [ 216.717803][ T28] netlink_unicast+0x547/0x7f0 [ 216.722615][ T28] ? netlink_attachskb+0x890/0x890 [ 216.727949][ T28] ? __virt_addr_valid+0x61/0x2e0 [ 216.733009][ T28] ? __phys_addr_symbol+0x30/0x70 [ 216.738266][ T28] ? __check_object_size+0x2e2/0x5a0 [ 216.743594][ T28] netlink_sendmsg+0x91b/0xe10 [ 216.748582][ T28] ? netlink_unicast+0x7f0/0x7f0 [ 216.753563][ T28] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 216.759201][ T28] ? netlink_unicast+0x7f0/0x7f0 [ 216.764276][ T28] sock_sendmsg+0xd3/0x120 [ 216.768942][ T28] ____sys_sendmsg+0x712/0x8c0 [ 216.773742][ T28] ? copy_msghdr_from_user+0xfc/0x150 [ 216.779333][ T28] ? kernel_sendmsg+0x50/0x50 [ 216.784055][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 216.790299][ T28] ___sys_sendmsg+0x110/0x1b0 [ 216.795003][ T28] ? do_recvmmsg+0x6e0/0x6e0 [ 216.799870][ T28] ? lock_release+0x810/0x810 [ 216.804577][ T28] ? ptrace_stop.part.0+0x49a/0x8c0 [ 216.810120][ T28] ? do_raw_spin_lock+0x124/0x2b0 [ 216.815171][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 216.823664][ T28] ? _raw_spin_lock_irq+0x45/0x50 [ 216.828875][ T28] ? __fget_light+0x20a/0x270 [ 216.833591][ T28] __sys_sendmsg+0xf7/0x1c0 [ 216.838310][ T28] ? __sys_sendmsg_sock+0x40/0x40 [ 216.843446][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 216.848516][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 216.853740][ T28] ? _raw_spin_unlock_irq+0x2e/0x50 [ 216.859183][ T28] ? ptrace_notify+0xfe/0x140 [ 216.863902][ T28] do_syscall_64+0x39/0xb0 [ 216.868665][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 216.874621][ T28] RIP: 0033:0x7f84eb8bcd49 [ 216.879277][ T28] RSP: 002b:00007fff9090b4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 216.887978][ T28] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f84eb8bcd49 [ 216.896140][ T28] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 216.904138][ T28] RBP: 0000000000000000 R08: 0000000000000140 R09: 0000000000000140 [ 216.912338][ T28] R10: 00007fff9090af40 R11: 0000000000000246 R12: 00007fff9090b4e0 [ 216.920502][ T28] R13: 00007fff9090b500 R14: 00007fff9090b5e0 R15: 00007f84eb8f90ba [ 216.928701][ T28] [ 216.931770][ T28] INFO: task syz-executor297:3641 blocked for more than 144 seconds. [ 216.940148][ T28] Not tainted 6.1.0-rc8-syzkaller-00148-g0d1409e4ff08 #0 [ 216.948056][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 216.956979][ T28] task:syz-executor297 state:D stack:27488 pid:3641 ppid:3634 flags:0x00004004 [ 216.966543][ T28] Call Trace: [ 216.969837][ T28] [ 216.972780][ T28] __schedule+0xae9/0x53f0 [ 216.977630][ T28] ? io_schedule_timeout+0x150/0x150 [ 216.982974][ T28] schedule+0xde/0x1b0 [ 216.987495][ T28] schedule_preempt_disabled+0x13/0x20 [ 216.992999][ T28] __mutex_lock+0xa48/0x1360 [ 216.997945][ T28] ? nfnetlink_rcv_msg+0xaae/0x1430 [ 217.003190][ T28] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 217.009019][ T28] ? nfnetlink_rcv_msg+0xa74/0x1430 [ 217.014269][ T28] ? __nla_parse+0x41/0x50 [ 217.019029][ T28] nfnetlink_rcv_msg+0xaae/0x1430 [ 217.024103][ T28] ? nfnetlink_unbind+0x3d0/0x3d0 [ 217.029373][ T28] ? kernel_text_address+0x3d/0x80 [ 217.034522][ T28] ? __kernel_text_address+0xd/0x30 [ 217.040035][ T28] ? __lock_acquire+0xbc3/0x56d0 [ 217.045014][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 217.051275][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 217.060983][ T28] ? netlink_sendmsg+0x9a6/0xe10 [ 217.066247][ T28] ? kasan_save_stack+0x35/0x40 [ 217.071141][ T28] netlink_rcv_skb+0x157/0x430 [ 217.076248][ T28] ? nfnetlink_unbind+0x3d0/0x3d0 [ 217.081310][ T28] ? netlink_ack+0xd60/0xd60 [ 217.086237][ T28] ? ns_capable+0xdd/0x100 [ 217.090689][ T28] nfnetlink_rcv+0x1b0/0x420 [ 217.095294][ T28] ? nfnetlink_rcv_batch+0x2600/0x2600 [ 217.101162][ T28] ? netlink_deliver_tap+0x1b1/0xc50 [ 217.106722][ T28] netlink_unicast+0x547/0x7f0 [ 217.111539][ T28] ? netlink_attachskb+0x890/0x890 [ 217.116993][ T28] ? __virt_addr_valid+0x61/0x2e0 [ 217.122073][ T28] ? __phys_addr_symbol+0x30/0x70 [ 217.127379][ T28] ? __check_object_size+0x2e2/0x5a0 [ 217.132716][ T28] netlink_sendmsg+0x91b/0xe10 [ 217.137831][ T28] ? netlink_unicast+0x7f0/0x7f0 [ 217.142830][ T28] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 217.148397][ T28] ? netlink_unicast+0x7f0/0x7f0 [ 217.153387][ T28] sock_sendmsg+0xd3/0x120 [ 217.158177][ T28] ____sys_sendmsg+0x712/0x8c0 [ 217.162985][ T28] ? copy_msghdr_from_user+0xfc/0x150 [ 217.168744][ T28] ? kernel_sendmsg+0x50/0x50 [ 217.173479][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 217.179732][ T28] ___sys_sendmsg+0x110/0x1b0 [ 217.184435][ T28] ? do_recvmmsg+0x6e0/0x6e0 [ 217.189233][ T28] ? lock_release+0x810/0x810 [ 217.193943][ T28] ? ptrace_stop.part.0+0x49a/0x8c0 [ 217.199570][ T28] ? do_raw_spin_lock+0x124/0x2b0 [ 217.204630][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 217.209791][ T28] ? _raw_spin_lock_irq+0x45/0x50 [ 217.214853][ T28] ? __fget_light+0x20a/0x270 [ 217.219796][ T28] __sys_sendmsg+0xf7/0x1c0 [ 217.224321][ T28] ? __sys_sendmsg_sock+0x40/0x40 [ 217.229601][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 217.234498][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 217.240095][ T28] ? _raw_spin_unlock_irq+0x2e/0x50 [ 217.245423][ T28] ? ptrace_notify+0xfe/0x140 [ 217.250406][ T28] do_syscall_64+0x39/0xb0 [ 217.254861][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 217.261096][ T28] RIP: 0033:0x7f84eb8bcd49 [ 217.265626][ T28] RSP: 002b:00007fff9090b4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 217.274318][ T28] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f84eb8bcd49 [ 217.282530][ T28] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 217.290753][ T28] RBP: 0000000000000000 R08: 0000000000000140 R09: 0000000000000140 [ 217.299014][ T28] R10: 00007fff9090af40 R11: 0000000000000246 R12: 00007fff9090b4e0 [ 217.307306][ T28] R13: 00007fff9090b500 R14: 00007fff9090b5e0 R15: 00007f84eb8f90ba [ 217.315319][ T28] [ 217.318758][ T28] [ 217.318758][ T28] Showing all locks held in the system: [ 217.326968][ T28] 1 lock held by rcu_tasks_kthre/12: [ 217.332271][ T28] #0: ffffffff8c58f070 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 217.343211][ T28] 1 lock held by rcu_tasks_trace/13: [ 217.348701][ T28] #0: ffffffff8c58ed70 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 217.359941][ T28] 2 locks held by kworker/0:1/14: [ 217.364984][ T28] #0: ffff888012066538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710 [ 217.375657][ T28] #1: ffffc90000137da8 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710 [ 217.387336][ T28] 1 lock held by khungtaskd/28: [ 217.392203][ T28] #0: ffffffff8c58fbc0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x57/0x264 [ 217.402343][ T28] 2 locks held by syslogd/2978: [ 217.407421][ T28] 2 locks held by getty/3308: [ 217.412107][ T28] #0: ffff88814b3d0098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 217.422250][ T28] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 217.432808][ T28] 1 lock held by syz-executor297/3631: [ 217.438497][ T28] 1 lock held by syz-executor297/3636: [ 217.443974][ T28] #0: ffffffff91d49cb8 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0xaae/0x1430 [ 217.454460][ T28] 1 lock held by syz-executor297/3638: [ 217.460181][ T28] #0: ffffffff91d49cb8 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0xaae/0x1430 [ 217.470635][ T28] 1 lock held by syz-executor297/3639: [ 217.476306][ T28] #0: ffffffff91d49cb8 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0xaae/0x1430 [ 217.486719][ T28] 1 lock held by syz-executor297/3640: [ 217.492198][ T28] #0: ffffffff91d49cb8 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0xaae/0x1430 [ 217.502615][ T28] 1 lock held by syz-executor297/3641: [ 217.508341][ T28] #0: ffffffff91d49cb8 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0xaae/0x1430 [ 217.518707][ T28] 2 locks held by dhcpcd/3661: [ 217.523488][ T28] #0: ffff88806f429410 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x280 [ 217.534419][ T28] #1: ffffffff8c59a878 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x5df/0x780 [ 217.546156][ T28] [ 217.548541][ T28] ============================================= [ 217.548541][ T28] [ 217.557502][ T28] NMI backtrace for cpu 1 [ 217.561840][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.1.0-rc8-syzkaller-00148-g0d1409e4ff08 #0 [ 217.571637][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 217.581687][ T28] Call Trace: [ 217.584959][ T28] [ 217.587881][ T28] dump_stack_lvl+0xd1/0x138 [ 217.592470][ T28] nmi_cpu_backtrace.cold+0x24/0x18a [ 217.597752][ T28] nmi_trigger_cpumask_backtrace+0x333/0x3c0 [ 217.603729][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 217.608930][ T28] watchdog+0xc75/0xfc0 [ 217.613114][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 217.619107][ T28] kthread+0x2e8/0x3a0 [ 217.623170][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 217.628798][ T28] ret_from_fork+0x1f/0x30 [ 217.633220][ T28] [ 217.636344][ T28] Sending NMI from CPU 1 to CPUs 0: [ 217.641566][ C0] NMI backtrace for cpu 0 [ 217.641575][ C0] CPU: 0 PID: 3631 Comm: syz-executor297 Not tainted 6.1.0-rc8-syzkaller-00148-g0d1409e4ff08 #0 [ 217.641590][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 217.641598][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 [ 217.641622][ C0] Code: 76 96 86 02 66 0f 1f 44 00 00 f3 0f 1e fa 48 8b be a8 01 00 00 e8 b0 ff ff ff 31 c0 c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 0f 1e fa 65 8b 05 75 61 82 7e 89 c1 48 8b 34 24 81 e1 00 01 00 [ 217.641634][ C0] RSP: 0018:ffffc90003b8f000 EFLAGS: 00000287 [ 217.641646][ C0] RAX: 0000000000000000 RBX: 00000000fff00000 RCX: ffffffff881875a6 [ 217.641654][ C0] RDX: ffff88802303d7c0 RSI: 0000000000000000 RDI: 0000000000000004 [ 217.641662][ C0] RBP: 000000000000000c R08: 0000000000000004 R09: 000000001ed00000 [ 217.641670][ C0] R10: 000000001ede0210 R11: 0000000000000000 R12: ffffffff8b639c90 [ 217.641678][ C0] R13: 000000001ede0210 R14: dffffc0000000000 R15: 000000001ed00000 [ 217.641689][ C0] FS: 0000555555a8f300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 217.641702][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 217.641711][ C0] CR2: 00005566a6d2f680 CR3: 00000000209cd000 CR4: 0000000000350ef0 [ 217.641719][ C0] Call Trace: [ 217.641723][ C0] [ 217.641727][ C0] ip_set_range_to_cidr+0xa1/0x160 [ 217.641750][ C0] hash_net4_uadt+0x50c/0x9d0 [ 217.641768][ C0] ? hash_net6_resize+0x1bb0/0x1bb0 [ 217.641789][ C0] ? hash_net4_del_cidr.constprop.0+0x2a0/0x2a0 [ 217.641822][ C0] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 217.641845][ C0] ? __lock_acquire+0x166e/0x56d0 [ 217.641866][ C0] call_ad.constprop.0+0x101/0x760 [ 217.641884][ C0] ? ip_set_dump_done+0x230/0x230 [ 217.641901][ C0] ? nla_get_range_signed+0x520/0x520 [ 217.641922][ C0] ? __nla_parse+0x41/0x50 [ 217.641939][ C0] ip_set_ad.constprop.0.isra.0+0x4c7/0xac0 [ 217.641960][ C0] ? ip_set_type+0x870/0x870 [ 217.641988][ C0] nfnetlink_rcv_msg+0xbca/0x1430 [ 217.642010][ C0] ? nfnetlink_unbind+0x3d0/0x3d0 [ 217.642026][ C0] ? kernel_text_address+0x3d/0x80 [ 217.642044][ C0] ? __kernel_text_address+0xd/0x30 [ 217.642065][ C0] ? __lock_acquire+0xbc3/0x56d0 [ 217.642087][ C0] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 217.642108][ C0] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 217.642129][ C0] ? netlink_sendmsg+0x9a6/0xe10 [ 217.642140][ C0] ? kasan_save_stack+0x35/0x40 [ 217.642159][ C0] netlink_rcv_skb+0x157/0x430 [ 217.642171][ C0] ? nfnetlink_unbind+0x3d0/0x3d0 [ 217.642188][ C0] ? netlink_ack+0xd60/0xd60 [ 217.642201][ C0] ? ns_capable+0xdd/0x100 [ 217.642218][ C0] nfnetlink_rcv+0x1b0/0x420 [ 217.642234][ C0] ? nfnetlink_rcv_batch+0x2600/0x2600 [ 217.642250][ C0] ? netlink_deliver_tap+0x1b1/0xc50 [ 217.642272][ C0] netlink_unicast+0x547/0x7f0 [ 217.642294][ C0] ? netlink_attachskb+0x890/0x890 [ 217.642314][ C0] ? __virt_addr_valid+0x61/0x2e0 [ 217.642331][ C0] ? __phys_addr_symbol+0x30/0x70 [ 217.642347][ C0] ? __check_object_size+0x2e2/0x5a0 [ 217.642368][ C0] netlink_sendmsg+0x91b/0xe10 [ 217.642381][ C0] ? netlink_unicast+0x7f0/0x7f0 [ 217.642403][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 217.642420][ C0] ? netlink_unicast+0x7f0/0x7f0 [ 217.642440][ C0] sock_sendmsg+0xd3/0x120 [ 217.642459][ C0] ____sys_sendmsg+0x712/0x8c0 [ 217.642477][ C0] ? copy_msghdr_from_user+0xfc/0x150 [ 217.642490][ C0] ? kernel_sendmsg+0x50/0x50 [ 217.642510][ C0] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 217.642532][ C0] ___sys_sendmsg+0x110/0x1b0 [ 217.642544][ C0] ? do_recvmmsg+0x6e0/0x6e0 [ 217.642559][ C0] ? lock_release+0x810/0x810 [ 217.642578][ C0] ? ptrace_stop.part.0+0x49a/0x8c0 [ 217.642599][ C0] ? do_raw_spin_lock+0x124/0x2b0 [ 217.642611][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 217.642623][ C0] ? _raw_spin_lock_irq+0x45/0x50 [ 217.642639][ C0] ? __fget_light+0x20a/0x270 [ 217.642656][ C0] __sys_sendmsg+0xf7/0x1c0 [ 217.642668][ C0] ? __sys_sendmsg_sock+0x40/0x40 [ 217.642680][ C0] ? lock_downgrade+0x6e0/0x6e0 [ 217.642702][ C0] ? lockdep_hardirqs_on+0x7d/0x100 [ 217.642715][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 217.642729][ C0] ? ptrace_notify+0xfe/0x140 [ 217.642750][ C0] do_syscall_64+0x39/0xb0 [ 217.642768][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 217.642785][ C0] RIP: 0033:0x7f84eb8bcd49 [ 217.642801][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 217.642812][ C0] RSP: 002b:00007fff9090b4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 217.642824][ C0] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f84eb8bcd49 [ 217.642833][ C0] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 217.642840][ C0] RBP: 0000000000000000 R08: 0000000000000140 R09: 0000000000000140 [ 217.642848][ C0] R10: 0000000000000140 R11: 0000000000000246 R12: 00007fff9090b4e0 [ 217.642856][ C0] R13: 00007fff9090b500 R14: 00007fff9090b5e0 R15: 00007f84eb8f90ba [ 217.642869][ C0] [ 217.646276][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 217.646285][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.1.0-rc8-syzkaller-00148-g0d1409e4ff08 #0 [ 217.646314][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 217.646323][ T28] Call Trace: [ 217.646327][ T28] [ 217.646332][ T28] dump_stack_lvl+0xd1/0x138 [ 217.646354][ T28] panic+0x2cc/0x626 [ 217.646377][ T28] ? panic_print_sys_info.part.0+0x110/0x110 [ 217.646404][ T28] ? preempt_schedule_thunk+0x1a/0x1c [ 217.646431][ T28] ? watchdog.cold+0x130/0x158 [ 217.646455][ T28] watchdog.cold+0x141/0x158 [ 217.646478][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 217.646501][ T28] kthread+0x2e8/0x3a0 [ 217.646514][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 217.646531][ T28] ret_from_fork+0x1f/0x30 [ 217.646560][ T28] [ 217.650734][ T28] Kernel Offset: disabled [ 218.228661][ T28] Rebooting in 86400 seconds..