INFO: task syz-executor.0:991 blocked for more than 143 seconds. Not tainted 5.15.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:29408 pid: 991 ppid: 6561 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0xb44/0x5960 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common kernel/locking/mutex.c:669 [inline] __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729 do_ip_setsockopt net/ipv4/ip_sockglue.c:944 [inline] ip_setsockopt+0x1c8/0x3a60 net/ipv4/ip_sockglue.c:1423 tcp_setsockopt+0x136/0x2530 net/ipv4/tcp.c:3657 __sys_setsockopt+0x2db/0x610 net/socket.c:2176 __do_sys_setsockopt net/socket.c:2187 [inline] __se_sys_setsockopt net/socket.c:2184 [inline] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2184 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f55edd39a39 RSP: 002b:00007f55eb28e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007f55ede3d020 RCX: 00007f55edd39a39 RDX: 0000000000000029 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007f55edd93c5f R08: 0000000000000010 R09: 0000000000000000 R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc3b65057f R14: 00007f55eb28e300 R15: 0000000000022000 INFO: task syz-executor.5:986 blocked for more than 143 seconds. Not tainted 5.15.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.5 state:D stack:28432 pid: 986 ppid: 6854 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0xb44/0x5960 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common kernel/locking/mutex.c:669 [inline] __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729 smc_pnet_create_pnetids_list net/smc/smc_pnet.c:798 [inline] smc_pnet_net_init+0x1f9/0x410 net/smc/smc_pnet.c:867 ops_init+0xaf/0x470 net/core/net_namespace.c:140 setup_net+0x40f/0xa30 net/core/net_namespace.c:326 copy_net_ns+0x319/0x760 net/core/net_namespace.c:470 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xc1/0x1f0 kernel/nsproxy.c:226 ksys_unshare+0x445/0x920 kernel/fork.c:3077 __do_sys_unshare kernel/fork.c:3151 [inline] __se_sys_unshare kernel/fork.c:3149 [inline] __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3149 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f4e12447a39 RSP: 002b:00007f4e0f9bd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00007f4e1254af60 RCX: 00007f4e12447a39 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 RBP: 00007f4e124a1c5f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffed4cca6cf R14: 00007f4e0f9bd300 R15: 0000000000022000 INFO: task syz-executor.5:990 blocked for more than 143 seconds. Not tainted 5.15.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.5 state:D stack:28448 pid: 990 ppid: 6854 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0xb44/0x5960 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common kernel/locking/mutex.c:669 [inline] __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729 smc_pnet_create_pnetids_list net/smc/smc_pnet.c:798 [inline] smc_pnet_net_init+0x1f9/0x410 net/smc/smc_pnet.c:867 ops_init+0xaf/0x470 net/core/net_namespace.c:140 setup_net+0x40f/0xa30 net/core/net_namespace.c:326 copy_net_ns+0x319/0x760 net/core/net_namespace.c:470 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xc1/0x1f0 kernel/nsproxy.c:226 ksys_unshare+0x445/0x920 kernel/fork.c:3077 __do_sys_unshare kernel/fork.c:3151 [inline] __se_sys_unshare kernel/fork.c:3149 [inline] __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3149 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f4e12447a39 RSP: 002b:00007f4e0f99c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00007f4e1254b020 RCX: 00007f4e12447a39 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000048020000 RBP: 00007f4e124a1c5f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffed4cca6cf R14: 00007f4e0f99c300 R15: 0000000000022000 INFO: task syz-executor.5:994 blocked for more than 144 seconds. Not tainted 5.15.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.5 state:D stack:28864 pid: 994 ppid: 6854 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0xb44/0x5960 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common kernel/locking/mutex.c:669 [inline] __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729 dev_ioctl+0x1a7/0xee0 net/core/dev_ioctl.c:586 sock_do_ioctl+0x15a/0x230 net/socket.c:1132 sock_ioctl+0x2f1/0x640 net/socket.c:1235 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f4e12447a39 RSP: 002b:00007f4e0f97b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f4e1254b0e0 RCX: 00007f4e12447a39 RDX: 0000000020000000 RSI: 0000000000008914 RDI: 0000000000000005 RBP: 00007f4e124a1c5f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffed4cca6cf R14: 00007f4e0f97b300 R15: 0000000000022000 INFO: task syz-executor.1:1002 blocked for more than 144 seconds. Not tainted 5.15.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:27976 pid: 1002 ppid: 18644 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0xb44/0x5960 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common kernel/locking/mutex.c:669 [inline] __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5569 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2491 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x86d/0xda0 net/netlink/af_netlink.c:1916 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fb6565f0a39 RSP: 002b:00007fb653b66188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fb6566f3f60 RCX: 00007fb6565f0a39 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 RBP: 00007fb65664ac5f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc47651ccf R14: 00007fb653b66300 R15: 0000000000022000 INFO: task syz-executor.1:1003 blocked for more than 144 seconds. Not tainted 5.15.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:27472 pid: 1003 ppid: 18644 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0xb44/0x5960 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common kernel/locking/mutex.c:669 [inline] __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729 ethnl_default_doit+0x2d3/0xb20 net/ethtool/netlink.c:376 genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:731 genl_family_rcv_msg net/netlink/genetlink.c:775 [inline] genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:792 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2491 genl_rcv+0x24/0x40 net/netlink/genetlink.c:803 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x86d/0xda0 net/netlink/af_netlink.c:1916 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fb6565f0a39 RSP: 002b:00007fb653b45188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fb6566f4020 RCX: 00007fb6565f0a39 RDX: 0000000000000000 RSI: 0000000020000ac0 RDI: 0000000000000007 RBP: 00007fb65664ac5f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc47651ccf R14: 00007fb653b45300 R15: 0000000000022000 INFO: task syz-executor.1:1006 blocked for more than 145 seconds. Not tainted 5.15.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.1 state:D stack:28128 pid: 1006 ppid: 18644 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0xb44/0x5960 kernel/sched/core.c:6287 schedule+0xd3/0x270 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common kernel/locking/mutex.c:669 [inline] __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729 rtnl_lock net/core/rtnetlink.c:72 [inline] rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5569 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2491 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x86d/0xda0 net/netlink/af_netlink.c:1916 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fb6565f0a39 RSP: 002b:00007fb653b24188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fb6566f40e0 RCX: 00007fb6565f0a39 RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000008 RBP: 00007fb65664ac5f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc47651ccf R14: 00007fb653b24300 R15: 0000000000022000 Showing all locks held in the system: 1 lock held by khungtaskd/27: #0: ffffffff8b981ee0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446 1 lock held by in:imklog/6248: #0: ffff888078973270 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:990 4 locks held by kworker/u4:12/16733: #0: ffff88801204b138 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff88801204b138 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff88801204b138 ((wq_completion)netns){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff88801204b138 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] #0: ffff88801204b138 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] #0: ffff88801204b138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x8a3/0x16b0 kernel/workqueue.c:2268 #1: ffffc9000426fdb0 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8d7/0x16b0 kernel/workqueue.c:2272 #2: ffffffff8d0d5990 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9b/0xb00 net/core/net_namespace.c:555 #3: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: cangw_pernet_exit+0xe/0x20 net/can/gw.c:1244 3 locks held by kworker/1:31/31812: #0: ffff888147928138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888147928138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888147928138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888147928138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] #0: ffff888147928138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] #0: ffff888147928138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x8a3/0x16b0 kernel/workqueue.c:2268 #1: ffffc9000a8b7db0 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x8d7/0x16b0 kernel/workqueue.c:2272 #2: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4590 3 locks held by kworker/1:32/31813: #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:634 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline] #0: ffff888010c64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x8a3/0x16b0 kernel/workqueue.c:2268 #1: ffffc9000a8c7db0 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x8d7/0x16b0 kernel/workqueue.c:2272 #2: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 net/switchdev/switchdev.c:74 1 lock held by syz-executor.0/984: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5569 1 lock held by syz-executor.0/991: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: do_ip_setsockopt net/ipv4/ip_sockglue.c:944 [inline] #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: ip_setsockopt+0x1c8/0x3a60 net/ipv4/ip_sockglue.c:1423 1 lock held by syz-executor.0/1019: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: do_ip_setsockopt net/ipv4/ip_sockglue.c:944 [inline] #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: ip_setsockopt+0x1c8/0x3a60 net/ipv4/ip_sockglue.c:1423 1 lock held by syz-executor.0/1020: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5569 1 lock held by syz-executor.0/1021: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5569 1 lock held by syz-executor.0/1023: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: do_ip_setsockopt net/ipv4/ip_sockglue.c:944 [inline] #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: ip_setsockopt+0x1c8/0x3a60 net/ipv4/ip_sockglue.c:1423 2 locks held by syz-executor.5/986: #0: ffffffff8d0d5990 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2f5/0x760 net/core/net_namespace.c:466 #1: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:798 [inline] #1: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x1f9/0x410 net/smc/smc_pnet.c:867 2 locks held by syz-executor.5/990: #0: ffffffff8d0d5990 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2f5/0x760 net/core/net_namespace.c:466 #1: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:798 [inline] #1: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x1f9/0x410 net/smc/smc_pnet.c:867 1 lock held by syz-executor.5/994: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x1a7/0xee0 net/core/dev_ioctl.c:586 2 locks held by syz-executor.5/1000: #0: ffffffff8d0d5990 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2f5/0x760 net/core/net_namespace.c:466 #1: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:798 [inline] #1: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x1f9/0x410 net/smc/smc_pnet.c:867 1 lock held by syz-executor.5/1022: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x1a7/0xee0 net/core/dev_ioctl.c:586 2 locks held by syz-executor.5/1025: #0: ffffffff8d0d5990 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x2f5/0x760 net/core/net_namespace.c:466 #1: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:798 [inline] #1: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x1f9/0x410 net/smc/smc_pnet.c:867 1 lock held by syz-executor.1/1002: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5569 2 locks held by syz-executor.1/1003: #0: ffffffff8d17b4f0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 net/netlink/genetlink.c:802 #1: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_doit+0x2d3/0xb20 net/ethtool/netlink.c:376 1 lock held by syz-executor.1/1006: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5569 1 lock held by syz-executor.1/1010: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5569 1 lock held by syz-executor.1/1011: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5569 2 locks held by syz-executor.1/1035: #0: ffffffff8d17b4f0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 net/netlink/genetlink.c:802 #1: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_doit+0x2d3/0xb20 net/ethtool/netlink.c:376 1 lock held by syz-executor.2/1039: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5569 1 lock held by syz-executor.2/1042: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_add_ifaddr+0x131/0x1c0 net/ipv6/addrconf.c:3047 1 lock held by syz-executor.2/1046: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5569 1 lock held by syz-executor.2/1054: #0: ffffffff8d0e90e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_add_ifaddr+0x131/0x1c0 net/ipv6/addrconf.c:3047 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x1ae/0x220 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0xc1d/0xf50 kernel/hung_task.c:295 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 6249 Comm: rs:main Q:Reg Not tainted 5.15.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:separate_irq_context kernel/locking/lockdep.c:4543 [inline] RIP: 0010:__lock_acquire+0x99f/0x54a0 kernel/locking/lockdep.c:4999 Code: c0 74 77 48 8b 5c 24 28 48 8d 04 80 48 8d 5c c3 d8 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 21 48 89 fa 48 c1 ea 03 0f b6 04 02 <48> 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 cf 38 00 00 49 8d 7c 24 RSP: 0018:ffffc9000c6e7440 EFLAGS: 00000802 RAX: 0000000000000000 RBX: ffff888072a90a98 RCX: ffffffff815be70a RDX: 1ffff1100e552157 RSI: 0000000000000008 RDI: ffff888072a90ab9 RBP: ffff888072a90ae2 R08: 0000000000000000 R09: ffffffff8fd0ca7f R10: fffffbfff1fa194f R11: 0000000000000000 R12: ffff888072a90ac0 R13: ffff888072a90000 R14: 0000000000000000 R15: 1b6aeb819637f5fe FS: 00007f806f30e700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0b04978000 CR3: 000000001d3ea000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_write_lock include/linux/rwlock_api_smp.h:210 [inline] _raw_write_lock+0x2a/0x40 kernel/locking/spinlock.c:300 ext4_es_insert_delayed_block+0x1ff/0x580 fs/ext4/extents_status.c:2004 ext4_insert_delayed_block fs/ext4/inode.c:1671 [inline] ext4_da_map_blocks fs/ext4/inode.c:1766 [inline] ext4_da_get_block_prep+0xcfe/0x1070 fs/ext4/inode.c:1830 ext4_block_write_begin+0x503/0x1110 fs/ext4/inode.c:1078 ext4_da_write_begin+0x3eb/0xad0 fs/ext4/inode.c:2969 generic_perform_write+0x202/0x510 mm/filemap.c:3770 ext4_buffered_write_iter+0x244/0x500 fs/ext4/file.c:269 ext4_file_write_iter+0x423/0x14e0 fs/ext4/file.c:680 call_write_iter include/linux/fs.h:2163 [inline] new_sync_write+0x429/0x660 fs/read_write.c:507 vfs_write+0x7cf/0xae0 fs/read_write.c:594 ksys_write+0x12d/0x250 fs/read_write.c:647 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f8071d521cd Code: c2 20 00 00 75 10 b8 01 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ae fc ff ff 48 89 04 24 b8 01 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 f7 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007f806f30d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f80640277b0 RCX: 00007f8071d521cd RDX: 000000000000046d RSI: 00007f80640277b0 RDI: 000000000000000a RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00007f8064027530 R13: 00007f806f30d5b0 R14: 00005585e1b707c0 R15: 000000000000046d ---------------- Code disassembly (best guess): 0: c0 74 77 48 8b shlb $0x8b,0x48(%rdi,%rsi,2) 5: 5c pop %rsp 6: 24 28 and $0x28,%al 8: 48 8d 04 80 lea (%rax,%rax,4),%rax c: 48 8d 5c c3 d8 lea -0x28(%rbx,%rax,8),%rbx 11: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 18: fc ff df 1b: 48 8d 7b 21 lea 0x21(%rbx),%rdi 1f: 48 89 fa mov %rdi,%rdx 22: 48 c1 ea 03 shr $0x3,%rdx 26: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax * 2a: 48 89 fa mov %rdi,%rdx <-- trapping instruction 2d: 83 e2 07 and $0x7,%edx 30: 38 d0 cmp %dl,%al 32: 7f 08 jg 0x3c 34: 84 c0 test %al,%al 36: 0f 85 cf 38 00 00 jne 0x390b 3c: 49 rex.WB 3d: 8d .byte 0x8d 3e: 7c 24 jl 0x64