INFO: task kworker/u10:8:11761 blocked for more than 143 seconds.
Tainted: G U L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u10:8 state:D stack:23528 pid:11761 tgid:11761 ppid:2 task_flags:0x4208160 flags:0x00080000
Workqueue: netns cleanup_net
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0xfee/0x60e0 kernel/sched/core.c:6907
__schedule_loop kernel/sched/core.c:6989 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7004
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
caif_exit_net+0x60/0x3a0 net/caif/caif_dev.c:528
ops_exit_list net/core/net_namespace.c:199 [inline]
ops_undo_list+0x2ee/0xab0 net/core/net_namespace.c:252
cleanup_net+0x499/0x920 net/core/net_namespace.c:704
process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275
process_scheduled_works kernel/workqueue.c:3358 [inline]
worker_thread+0x5da/0xe40 kernel/workqueue.c:3439
kthread+0x370/0x450 kernel/kthread.c:467
ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task kworker/0:3:26630 blocked for more than 143 seconds.
Tainted: G U L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:3 state:D stack:25912 pid:26630 tgid:26630 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: events switchdev_deferred_process_work
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0xfee/0x60e0 kernel/sched/core.c:6907
__schedule_loop kernel/sched/core.c:6989 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7004
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275
process_scheduled_works kernel/workqueue.c:3358 [inline]
worker_thread+0x5da/0xe40 kernel/workqueue.c:3439
kthread+0x370/0x450 kernel/kthread.c:467
ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task syz.2.5073:28685 blocked for more than 143 seconds.
Tainted: G U L syzkaller #0
Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.5073 state:D stack:27432 pid:28685 tgid:28685 ppid:26888 task_flags:0x40044c flags:0x00080003
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0xfee/0x60e0 kernel/sched/core.c:6907
__schedule_loop kernel/sched/core.c:6989 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7004
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
tun_detach drivers/net/tun.c:634 [inline]
tun_chr_close+0x38/0x220 drivers/net/tun.c:3436
__fput+0x3ff/0xb40 fs/file_table.c:469
task_work_run+0x150/0x240 kernel/task_work.c:233
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x829/0x2a90 kernel/exit.c:971
do_group_exit+0xd5/0x2a0 kernel/exit.c:1112
get_signal+0x1ec7/0x21e0 kernel/signal.c:3034
arch_do_signal_or_restart+0x91/0x770 arch/x86/kernel/signal.c:337
__exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
exit_to_user_mode_loop+0x86/0x4a0 kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
do_syscall_64+0x668/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa2b919bf79
RSP: 002b:00007fa2b73d50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007fa2b9416098 RCX: 00007fa2b919bf79
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa2b9416098
RBP: 00007fa2b9416090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa2b9416128 R14: 00007ffca99ef5d0 R15: 00007ffca99ef6b8
INFO: task kworker/1:0:29406 blocked for more than 144 seconds.
Tainted: G U L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:0 state:D stack:27144 pid:29406 tgid:29406 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: events_power_efficient reg_check_chans_work
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0xfee/0x60e0 kernel/sched/core.c:6907
__schedule_loop kernel/sched/core.c:6989 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7004
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
class_wiphy_constructor include/net/cfg80211.h:6441 [inline]
reg_leave_invalid_chans net/wireless/reg.c:2452 [inline]
reg_check_chans_work+0x12f/0x11d0 net/wireless/reg.c:2467
process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275
process_scheduled_works kernel/workqueue.c:3358 [inline]
worker_thread+0x5da/0xe40 kernel/workqueue.c:3439
kthread+0x370/0x450 kernel/kthread.c:467
ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task syz-executor:31604 blocked for more than 144 seconds.
Tainted: G U L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:27560 pid:31604 tgid:31604 ppid:1 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0xfee/0x60e0 kernel/sched/core.c:6907
__schedule_loop kernel/sched/core.c:6989 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7004
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
rtnetlink_rcv_msg+0x95e/0xe90 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x159/0x420 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x5aa/0x870 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x8b0/0xda0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
__sys_sendto+0x4aa/0x520 net/socket.c:2206
__do_sys_sendto net/socket.c:2213 [inline]
__se_sys_sendto net/socket.c:2209 [inline]
__x64_sys_sendto+0xe0/0x1c0 net/socket.c:2209
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4a08f5c84e
RSP: 002b:00007ffe0e1c93d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 000055555cf0b500 RCX: 00007f4a08f5c84e
RDX: 0000000000000028 RSI: 00007f4a09d44670 RDI: 0000000000000003
RBP: 0000000000000001 R08: 00007ffe0e1c9454 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f4a09d44670 R15: 0000000000000000
INFO: task syz-executor:31608 blocked for more than 144 seconds.
Tainted: G U L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:27560 pid:31608 tgid:31608 ppid:1 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0xfee/0x60e0 kernel/sched/core.c:6907
__schedule_loop kernel/sched/core.c:6989 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7004
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
rtnetlink_rcv_msg+0x95e/0xe90 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x159/0x420 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x5aa/0x870 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x8b0/0xda0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
__sys_sendto+0x4aa/0x520 net/socket.c:2206
__do_sys_sendto net/socket.c:2213 [inline]
__se_sys_sendto net/socket.c:2209 [inline]
__x64_sys_sendto+0xe0/0x1c0 net/socket.c:2209
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f17fcd5c84e
RSP: 002b:00007ffda65d8928 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 000055555b327500 RCX: 00007f17fcd5c84e
RDX: 0000000000000028 RSI: 00007f17fdb44670 RDI: 0000000000000003
RBP: 0000000000000001 R08: 00007ffda65d89a4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f17fdb44670 R15: 0000000000000000
INFO: task syz-executor:31617 blocked for more than 145 seconds.
Tainted: G U L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:27000 pid:31617 tgid:31617 ppid:1 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0xfee/0x60e0 kernel/sched/core.c:6907
__schedule_loop kernel/sched/core.c:6989 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7004
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
rtnetlink_rcv_msg+0x95e/0xe90 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x159/0x420 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x5aa/0x870 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x8b0/0xda0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
__sys_sendto+0x4aa/0x520 net/socket.c:2206
__do_sys_sendto net/socket.c:2213 [inline]
__se_sys_sendto net/socket.c:2209 [inline]
__x64_sys_sendto+0xe0/0x1c0 net/socket.c:2209
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6a01b5c84e
RSP: 002b:00007ffe558ea278 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00005555702c7500 RCX: 00007f6a01b5c84e
RDX: 0000000000000028 RSI: 00007f6a02944670 RDI: 0000000000000003
RBP: 0000000000000001 R08: 00007ffe558ea2f4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f6a02944670 R15: 0000000000000000
INFO: task syz-executor:31619 blocked for more than 145 seconds.
Tainted: G U L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:27560 pid:31619 tgid:31619 ppid:1 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0xfee/0x60e0 kernel/sched/core.c:6907
__schedule_loop kernel/sched/core.c:6989 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7004
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
rtnetlink_rcv_msg+0x95e/0xe90 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x159/0x420 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x5aa/0x870 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x8b0/0xda0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
__sys_sendto+0x4aa/0x520 net/socket.c:2206
__do_sys_sendto net/socket.c:2213 [inline]
__se_sys_sendto net/socket.c:2209 [inline]
__x64_sys_sendto+0xe0/0x1c0 net/socket.c:2209
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd94f15c84e
RSP: 002b:00007ffcd5346c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 0000555563d07500 RCX: 00007fd94f15c84e
RDX: 0000000000000028 RSI: 00007fd94ff44670 RDI: 0000000000000003
RBP: 0000000000000001 R08: 00007ffcd5346ce4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 0000000000000000 R14: 00007fd94ff44670 R15: 0000000000000000
Showing all locks held in the system:
1 lock held by khungtaskd/30:
#0: ffffffff8e7e92e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
#0: ffffffff8e7e92e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
#0: ffffffff8e7e92e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 kernel/locking/lockdep.c:6775
1 lock held by khugepaged/37:
#0: ffffffff8e9393e8 (lock#5){+.+.}-{4:4}, at: __lru_add_drain_all+0x6a/0x650 mm/swap.c:840
4 locks held by kworker/1:1/47:
#0: ffff888056e14548 ((wq_completion)wg-kex-wg1#18){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90000b77d08 ((work_completion)(&({ do { const void __seg_gs *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff88805a121348 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1c2/0x860 drivers/net/wireguard/noise.c:598
#3: ffff88802a1c9708 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x5ac/0x860 drivers/net/wireguard/noise.c:632
4 locks held by syz-executor/5811:
#0: ffff88801335abc8 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x11d/0x590 mm/mmap_lock.c:310
#1: ffff8880363aa518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x17a/0x440 mm/memory.c:3581
#2: ffff888076d06f08 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:1093 [inline]
#2: ffff888076d06f08 (mapping.invalidate_lock#2){++++}-{4:4}, at: ext4_page_mkwrite+0x36c/0x1980 fs/ext4/inode.c:6618
#3: ffff888076d06bf8 (&ei->i_data_sem){++++}-{4:4}, at: ext4_da_map_blocks fs/ext4/inode.c:1954 [inline]
#3: ffff888076d06bf8 (&ei->i_data_sem){++++}-{4:4}, at: ext4_da_get_block_prep+0x738/0x1240 fs/ext4/inode.c:2020
3 locks held by kworker/0:4/5865:
3 locks held by kworker/0:6/5892:
3 locks held by kworker/u10:3/10806:
#0: ffff8880321b9148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90003a67d08 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#2: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4739
7 locks held by kworker/u11:2/11660:
#0: ffff88807d925148 ((wq_completion)hci6){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc900046d7d08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff888050968ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470 net/bluetooth/hci_sync.c:331
#3: ffff8880509680c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x141/0xb20 net/bluetooth/hci_sync.c:5734
#4: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
#4: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x119/0x360 net/bluetooth/hci_conn.c:1342
#5: ffff888057f03af8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x770 net/bluetooth/l2cap_core.c:1755
#6: ffffffff8e7f4ef8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 kernel/rcu/tree_exp.h:343
4 locks held by kworker/u10:8/11761:
#0: ffff88801c6a6948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90004b87d08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffffffff905f69f0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 net/core/net_namespace.c:675
#3: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: caif_exit_net+0x60/0x3a0 net/caif/caif_dev.c:528
3 locks held by kworker/u10:12/11792:
3 locks held by kworker/u10:20/11800:
2 locks held by getty/21317:
#0: ffff888032a700a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc9000212a2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 drivers/tty/n_tty.c:2211
4 locks held by kworker/u11:0/22941:
#0: ffff888068804948 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90005337d08 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff888035a080c0 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x94/0x9b0 net/bluetooth/hci_event.c:3720
#3: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
#3: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x485/0x9b0 net/bluetooth/hci_event.c:3754
3 locks held by kworker/u10:0/22946:
4 locks held by kworker/u10:2/22951:
3 locks held by kworker/u10:4/22955:
5 locks held by kworker/u10:5/22956:
3 locks held by kworker/u10:6/22957:
2 locks held by kworker/u10:7/22958:
4 locks held by kworker/u10:10/22960:
4 locks held by kworker/u10:11/22961:
4 locks held by kworker/u10:13/22962:
4 locks held by kworker/u10:17/22966:
3 locks held by kworker/u10:25/25331:
3 locks held by kworker/u10:29/25335:
3 locks held by kworker/u10:33/25339:
3 locks held by kworker/u10:35/25341:
3 locks held by kworker/u10:36/25342:
3 locks held by kworker/u10:38/25343:
3 locks held by kworker/0:3/26630:
#0: ffff88813fe5f548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc9000540fd08 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
5 locks held by kworker/u10:39/27278:
2 locks held by kworker/0:5/28064:
1 lock held by syz.2.5073/28685:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 drivers/net/tun.c:3436
4 locks held by kworker/1:0/29406:
#0: ffff88813fe5e148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90004f57d08 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x91/0x11d0 net/wireless/reg.c:2464
#3: ffff888025bc0788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6441 [inline]
#3: ffff888025bc0788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_leave_invalid_chans net/wireless/reg.c:2452 [inline]
#3: ffff888025bc0788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x12f/0x11d0 net/wireless/reg.c:2467
5 locks held by kworker/u11:1/30232:
#0: ffff88807eee3948 ((wq_completion)hci7){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90004d8fd08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff88805b2f4ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470 net/bluetooth/hci_sync.c:331
#3: ffff88805b2f40c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x141/0xb20 net/bluetooth/hci_sync.c:5734
#4: ffffffff8e7f4ef8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 kernel/rcu/tree_exp.h:311
1 lock held by syz.0.5710/31500:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 drivers/net/tun.c:3436
5 locks held by kworker/u11:3/31584:
#0: ffff88807eee5948 ((wq_completion)hci3#2){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90003defd08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff88804efc8ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470 net/bluetooth/hci_sync.c:331
#3: ffff88804efc80c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x141/0xb20 net/bluetooth/hci_sync.c:5734
#4: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
#4: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x119/0x360 net/bluetooth/hci_conn.c:1342
1 lock held by syz.1.5731/31590:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 drivers/net/tun.c:3436
1 lock held by syz.3.5734/31600:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 drivers/net/tun.c:3436
1 lock held by syz-executor/31604:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/31608:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/31617:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/31619:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
4 locks held by kworker/u11:6/31621:
#0: ffff888068805148 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90003ba7d08 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff888058a280c0 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x94/0x9b0 net/bluetooth/hci_event.c:3720
#3: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
#3: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x485/0x9b0 net/bluetooth/hci_event.c:3754
5 locks held by kworker/u11:7/31622:
#0: ffff888056ea1948 ((wq_completion)hci4#3){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc9000578fd08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff8880555a4ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470 net/bluetooth/hci_sync.c:331
#3: ffff8880555a40c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x141/0xb20 net/bluetooth/hci_sync.c:5734
#4: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
#4: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x119/0x360 net/bluetooth/hci_conn.c:1342
1 lock held by syz-executor/31632:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/31636:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/31643:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/31646:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/31652:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/31654:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/31660:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/31662:
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
4 locks held by kworker/u11:8/31664:
#0: ffff888068801948 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90003a07d08 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff888033fb80c0 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x94/0x9b0 net/bluetooth/hci_event.c:3720
#3: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
#3: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x485/0x9b0 net/bluetooth/hci_event.c:3754
4 locks held by kworker/u11:9/31665:
#0: ffff88803440f148 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc900039e7d08 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff888033fbc0c0 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x94/0x9b0 net/bluetooth/hci_event.c:3720
#3: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
#3: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x485/0x9b0 net/bluetooth/hci_event.c:3754
1 lock held by dhcpcd/31669:
#0: ffff88802a1c2260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
#0: ffff88802a1c2260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf50 net/packet/af_packet.c:3198
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full)
Tainted: [U]=USER, [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
nmi_cpu_backtrace.cold+0x12d/0x151 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x1d7/0x230 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x141/0x190 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
watchdog+0xd25/0x1050 kernel/hung_task.c:515
kthread+0x370/0x450 kernel/kthread.c:467
ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 25342 Comm: kworker/u10:36 Tainted: G U L syzkaller #0 PREEMPT(full)
Tainted: [U]=USER, [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: events_unbound cfg80211_wiphy_work
RIP: 0010:__lock_acquire+0x6/0x2630 kernel/locking/lockdep.c:5081
Code: 9c f8 0e 48 c7 c6 28 f6 e4 8d 67 48 0f b9 3a eb ba 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 57 41 56 41 55 <41> 54 55 53 48 83 ec 70 8b 1d 80 75 f5 0e 65 4c 8b 25 6c 4f 28 12
RSP: 0018:ffffc90000006718 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000002
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e7e92e0
RBP: ffffffff8e7e92e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000200 R11: 000000000000b7cb R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88812435a000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4023aa0e9c CR3: 000000000e598000 CR4: 00000000003526f0
Call Trace:
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x1cf/0x380 kernel/locking/lockdep.c:5825
rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
rcu_read_lock include/linux/rcupdate.h:850 [inline]
class_rcu_constructor include/linux/rcupdate.h:1193 [inline]
unwind_next_frame+0xd1/0x1ea0 arch/x86/kernel/unwind_orc.c:495
__unwind_start+0x3d1/0x7f0 arch/x86/kernel/unwind_orc.c:773
unwind_start arch/x86/include/asm/unwind.h:64 [inline]
arch_stack_walk+0x73/0xf0 arch/x86/kernel/stacktrace.c:24
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
kasan_save_track+0x14/0x30 mm/kasan/common.c:78
kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
poison_slab_object mm/kasan/common.c:253 [inline]
__kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285
kasan_slab_free include/linux/kasan.h:235 [inline]
slab_free_hook mm/slub.c:2670 [inline]
slab_free mm/slub.c:6082 [inline]
kmem_cache_free+0x124/0x6a0 mm/slub.c:6212
__skb_ext_put+0x102/0x2f0 net/core/skbuff.c:7239
__skb_ext_del+0xf8/0x380 net/core/skbuff.c:7206
skb_ext_del include/linux/skbuff.h:5073 [inline]
nf_bridge_info_free net/bridge/br_netfilter_hooks.c:156 [inline]
br_nf_dev_queue_xmit+0x7ab/0x2a20 net/bridge/br_netfilter_hooks.c:919
NF_HOOK include/linux/netfilter.h:318 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
br_nf_post_routing+0xcbb/0x16a0 net/bridge/br_netfilter_hooks.c:966
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xbf/0x220 net/netfilter/core.c:623
nf_hook include/linux/netfilter.h:273 [inline]
NF_HOOK include/linux/netfilter.h:316 [inline]
br_forward_finish+0x261/0x4d0 net/bridge/br_forward.c:66
br_nf_hook_thresh+0x30d/0x420 net/bridge/br_netfilter_hooks.c:1167
br_nf_forward_finish+0x693/0xb30 net/bridge/br_netfilter_hooks.c:662
NF_HOOK include/linux/netfilter.h:318 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
br_nf_forward_ip.part.0+0x61e/0x820 net/bridge/br_netfilter_hooks.c:716
br_nf_forward_ip net/bridge/br_netfilter_hooks.c:676 [inline]
br_nf_forward+0xfe5/0x19f0 net/bridge/br_netfilter_hooks.c:773
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xbf/0x220 net/netfilter/core.c:623
nf_hook include/linux/netfilter.h:273 [inline]
NF_HOOK include/linux/netfilter.h:316 [inline]
__br_forward+0x2f6/0x970 net/bridge/br_forward.c:115
deliver_clone net/bridge/br_forward.c:131 [inline]
maybe_deliver+0xf0/0x180 net/bridge/br_forward.c:191
br_flood+0x193/0x650 net/bridge/br_forward.c:238
br_handle_frame_finish+0xf57/0x1f00 net/bridge/br_input.c:229
br_nf_hook_thresh+0x30d/0x420 net/bridge/br_netfilter_hooks.c:1167
br_nf_pre_routing_finish_ipv6+0x769/0xfb0 net/bridge/br_netfilter_ipv6.c:154
NF_HOOK include/linux/netfilter.h:318 [inline]
br_nf_pre_routing_ipv6+0x39c/0x8b0 net/bridge/br_netfilter_ipv6.c:184
br_nf_pre_routing+0x93b/0x1510 net/bridge/br_netfilter_hooks.c:508
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
br_handle_frame+0xcdd/0x1520 net/bridge/br_input.c:442
__netif_receive_skb_core.constprop.0+0x6c5/0x3550 net/core/dev.c:6036
__netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:6147
__netif_receive_skb+0x1f/0x120 net/core/dev.c:6262
process_backlog+0x37a/0x1580 net/core/dev.c:6614
__napi_poll.constprop.0+0xaf/0x450 net/core/dev.c:7678
napi_poll net/core/dev.c:7741 [inline]
net_rx_action+0xa40/0xf20 net/core/dev.c:7893
handle_softirqs+0x1eb/0x9e0 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0xef/0x150 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa3/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:should_failslab+0xa2/0x120 mm/failslab.c:46
Code: 03 7e 6c f6 43 09 40 74 45 48 8d 7b 1c c1 ee 0d 48 b8 00 00 00 00 00 fc ff df 48 89 f9 89 f2 48 c1 e9 03 83 e2 01 0f b6 0c 01 <48> 89 f8 83 e0 07 83 c0 03 38 c8 7c 04 84 c9 75 5c 8b 73 1c 48 c7
RSP: 0018:ffffc900065271d8 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffff88813fe36280 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88813fe3629c
RBP: 0000000000000048 R08: 0000000000000003 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88813fe36280
R13: 0000000000000920 R14: 0000000000000048 R15: ffffffff8adca687
slab_pre_alloc_hook mm/slub.c:4412 [inline]
slab_alloc_node mm/slub.c:4765 [inline]
__do_kmalloc_node mm/slub.c:5176 [inline]
__kmalloc_noprof+0xe0/0x850 mm/slub.c:5189
kmalloc_noprof include/linux/slab.h:966 [inline]
kzalloc_noprof include/linux/slab.h:1204 [inline]
cfg80211_inform_single_bss_data+0x557/0x1e20 net/wireless/scan.c:2345
cfg80211_inform_bss_data+0x237/0x3a00 net/wireless/scan.c:3228
cfg80211_inform_bss_frame_data+0x247/0x790 net/wireless/scan.c:3319
ieee80211_bss_info_update+0x310/0xab0 net/mac80211/scan.c:230
ieee80211_rx_bss_info net/mac80211/ibss.c:1094 [inline]
ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1575 [inline]
ieee80211_ibss_rx_queued_mgmt+0x1919/0x2f80 net/mac80211/ibss.c:1602
ieee80211_iface_process_skb net/mac80211/iface.c:1748 [inline]
ieee80211_iface_work+0xbff/0x13d0 net/mac80211/iface.c:1802
cfg80211_wiphy_work+0x446/0x5c0 net/wireless/core.c:440
process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275
process_scheduled_works kernel/workqueue.c:3358 [inline]
worker_thread+0x5da/0xe40 kernel/workqueue.c:3439
kthread+0x370/0x450 kernel/kthread.c:467
ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245