Bluetooth: hci5: command 0x0406 tx timeout ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 INFO: task kworker/1:2:3400 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/1:2 D26208 3400 2 0x80000000 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 addrconf_dad_work+0x9c/0x10a0 net/ipv6/addrconf.c:3989 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INFO: task kworker/0:0:22942 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/0:0 D26208 22942 2 0x80000000 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 addrconf_dad_work+0x9c/0x10a0 net/ipv6/addrconf.c:3989 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INFO: task syz-executor.2:12819 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D27152 12819 16651 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 start_sync_thread+0x109/0x24a0 net/netfilter/ipvs/ip_vs_sync.c:1775 do_ip_vs_set_ctl+0x34b/0xec0 net/netfilter/ipvs/ip_vs_ctl.c:2380 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x6f/0xc0 net/netfilter/nf_sockopt.c:115 ip_setsockopt net/ipv4/ip_sockglue.c:1258 [inline] ip_setsockopt+0xd8/0xf0 net/ipv4/ip_sockglue.c:1238 raw_setsockopt+0xd8/0x100 net/ipv4/raw.c:861 __sys_setsockopt+0x14d/0x240 net/socket.c:2013 __do_sys_setsockopt net/socket.c:2024 [inline] __se_sys_setsockopt net/socket.c:2021 [inline] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2021 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f88207d70c9 Code: Bad RIP value. RSP: 002b:00007f881ed49168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007f88208f6f80 RCX: 00007f88207d70c9 RDX: 000000000000048b RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007f8820832ae9 R08: 0000000000000018 R09: 0000000000000000 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff49d5fdcf R14: 00007f881ed49300 R15: 0000000000022000 INFO: task syz-executor.2:12831 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.2 D29488 12831 16651 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_mroute_setsockopt+0xab/0xe60 net/ipv4/ipmr.c:1384 do_ip_setsockopt.constprop.0+0x43d/0x3ba0 net/ipv4/ip_sockglue.c:638 ip_setsockopt+0x44/0xf0 net/ipv4/ip_sockglue.c:1246 raw_setsockopt+0xd8/0x100 net/ipv4/raw.c:861 __sys_setsockopt+0x14d/0x240 net/socket.c:2013 __do_sys_setsockopt net/socket.c:2024 [inline] __se_sys_setsockopt net/socket.c:2021 [inline] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2021 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f88207d70c9 Code: Bad RIP value. RSP: 002b:00007f881ed28168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007f88208f7050 RCX: 00007f88207d70c9 RDX: 00000000000000cb RSI: 0000000000000000 RDI: 0000000000000007 RBP: 00007f8820832ae9 R08: 0000000000000010 R09: 0000000000000000 R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff49d5fdcf R14: 00007f881ed28300 R15: 0000000000022000 INFO: task syz-executor.0:12825 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28952 12825 10863 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 rtnl_lock net/core/rtnetlink.c:77 [inline] rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227 __sys_sendmsg net/socket.c:2265 [inline] __do_sys_sendmsg net/socket.c:2274 [inline] __se_sys_sendmsg net/socket.c:2272 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f496e7c20c9 Code: Bad RIP value. RSP: 002b:00007f496cd34168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f496e8e1f80 RCX: 00007f496e7c20c9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 00007f496e81dae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdc7b8716f R14: 00007f496cd34300 R15: 0000000000022000 INFO: task syz-executor.0:12828 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28952 12828 10863 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 rtnl_lock net/core/rtnetlink.c:77 [inline] rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227 __sys_sendmsg net/socket.c:2265 [inline] __do_sys_sendmsg net/socket.c:2274 [inline] __se_sys_sendmsg net/socket.c:2272 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f496e7c20c9 Code: Bad RIP value. RSP: 002b:00007f496cd13168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f496e8e2050 RCX: 00007f496e7c20c9 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000007 RBP: 00007f496e81dae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdc7b8716f R14: 00007f496cd13300 R15: 0000000000022000 INFO: task syz-executor.0:12833 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.0 D28952 12833 10863 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 rtnl_lock net/core/rtnetlink.c:77 [inline] rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227 __sys_sendmsg net/socket.c:2265 [inline] __do_sys_sendmsg net/socket.c:2274 [inline] __se_sys_sendmsg net/socket.c:2272 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f496e7c20c9 Code: Bad RIP value. RSP: 002b:00007f496ccf2168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f496e8e2120 RCX: 00007f496e7c20c9 RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005 RBP: 00007f496e81dae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdc7b8716f R14: 00007f496ccf2300 R15: 0000000000022000 INFO: task syz-executor.4:12824 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D29776 12824 26957 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 do_ip_setsockopt.constprop.0+0x11c/0x3ba0 net/ipv4/ip_sockglue.c:642 ip_setsockopt+0x44/0xf0 net/ipv4/ip_sockglue.c:1246 raw_setsockopt+0xd8/0x100 net/ipv4/raw.c:861 __sys_setsockopt+0x14d/0x240 net/socket.c:2013 __do_sys_setsockopt net/socket.c:2024 [inline] __se_sys_setsockopt net/socket.c:2021 [inline] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2021 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f586a1ae0c9 Code: Bad RIP value. RSP: 002b:00007f5868720168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007f586a2cdf80 RCX: 00007f586a1ae0c9 RDX: 0000000000000029 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007f586a209ae9 R08: 0000000000000034 R09: 0000000000000000 R10: 00000000200004c0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd9f7d16ef R14: 00007f5868720300 R15: 0000000000022000 INFO: task syz-executor.4:12827 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D29488 12827 26957 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 ip_mroute_setsockopt+0xab/0xe60 net/ipv4/ipmr.c:1384 do_ip_setsockopt.constprop.0+0x43d/0x3ba0 net/ipv4/ip_sockglue.c:638 ip_setsockopt+0x44/0xf0 net/ipv4/ip_sockglue.c:1246 raw_setsockopt+0xd8/0x100 net/ipv4/raw.c:861 __sys_setsockopt+0x14d/0x240 net/socket.c:2013 __do_sys_setsockopt net/socket.c:2024 [inline] __se_sys_setsockopt net/socket.c:2021 [inline] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2021 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f586a1ae0c9 Code: Bad RIP value. RSP: 002b:00007f58686ff168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007f586a2ce050 RCX: 00007f586a1ae0c9 RDX: 00000000000000ca RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007f586a209ae9 R08: 0000000000000010 R09: 0000000000000000 R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd9f7d16ef R14: 00007f58686ff300 R15: 0000000000022000 INFO: task syz-executor.1:12830 blocked for more than 140 seconds. Not tainted 4.19.211-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.1 D28224 12830 13214 0x00000004 Call Trace: context_switch kernel/sched/core.c:2828 [inline] __schedule+0x887/0x2040 kernel/sched/core.c:3517 schedule+0x8d/0x1b0 kernel/sched/core.c:3561 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:3619 __mutex_lock_common kernel/locking/mutex.c:1016 [inline] __mutex_lock+0x5f0/0x1190 kernel/locking/mutex.c:1078 vlan_ioctl_handler+0xb7/0xf00 net/8021q/vlan.c:547 sock_ioctl+0x39e/0x5d0 net/socket.c:1113 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7feb685060c9 Code: Bad RIP value. RSP: 002b:00007feb66a57168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007feb68626050 RCX: 00007feb685060c9 RDX: 0000000020000100 RSI: 0000000000008982 RDI: 0000000000000007 RBP: 00007feb68561ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc61aa34df R14: 00007feb66a57300 R15: 0000000000022000 Showing all locks held in the system: 5 locks held by kworker/u4:1/23: 1 lock held by khungtaskd/1570: #0: 00000000d262cd13 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 kernel/locking/lockdep.c:4441 3 locks held by kworker/1:2/3400: #0: 00000000687ef78d ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 000000005f42fe73 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 0000000028e67034 (rtnl_mutex){+.+.}, at: addrconf_dad_work+0x9c/0x10a0 net/ipv6/addrconf.c:3989 1 lock held by systemd-journal/4686: 1 lock held by systemd-udevd/4702: 1 lock held by systemd-timesyn/6153: 2 locks held by in:imklog/7796: 3 locks held by syz-fuzzer/8086: 3 locks held by syz-fuzzer/8093: 3 locks held by syz-fuzzer/12574: 3 locks held by kworker/u4:6/9480: 5 locks held by kworker/u4:8/9532: 4 locks held by kworker/u4:9/11393: 5 locks held by kworker/u4:11/11439: 5 locks held by kworker/u4:12/14228: 3 locks held by kworker/0:0/22942: #0: 00000000687ef78d ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 000000005ee66dfe ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 0000000028e67034 (rtnl_mutex){+.+.}, at: addrconf_dad_work+0x9c/0x10a0 net/ipv6/addrconf.c:3989 2 locks held by kworker/1:1/27166: 3 locks held by kworker/u4:0/30267: 2 locks held by kworker/u4:3/9345: 3 locks held by kworker/u4:5/9421: 3 locks held by kworker/0:1/9673: 3 locks held by kworker/u4:7/10151: 1 lock held by syz-executor.2/12819: #0: 0000000028e67034 (rtnl_mutex){+.+.}, at: start_sync_thread+0x109/0x24a0 net/netfilter/ipvs/ip_vs_sync.c:1775 1 lock held by syz-executor.2/12831: #0: 0000000028e67034 (rtnl_mutex){+.+.}, at: ip_mroute_setsockopt+0xab/0xe60 net/ipv4/ipmr.c:1384 1 lock held by syz-executor.0/12825: #0: 0000000028e67034 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: 0000000028e67034 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779 1 lock held by syz-executor.0/12828: #0: 0000000028e67034 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: 0000000028e67034 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779 1 lock held by syz-executor.0/12833: #0: 0000000028e67034 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: 0000000028e67034 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x3fe/0xb80 net/core/rtnetlink.c:4779 1 lock held by syz-executor.4/12824: #0: 0000000028e67034 (rtnl_mutex){+.+.}, at: do_ip_setsockopt.constprop.0+0x11c/0x3ba0 net/ipv4/ip_sockglue.c:642 1 lock held by syz-executor.4/12827: #0: 0000000028e67034 (rtnl_mutex){+.+.}, at: ip_mroute_setsockopt+0xab/0xe60 net/ipv4/ipmr.c:1384 1 lock held by syz-executor.1/12818: 2 locks held by syz-executor.1/12830: #0: 000000002471bdf9 (vlan_ioctl_mutex){+.+.}, at: sock_ioctl+0x385/0x5d0 net/socket.c:1111 #1: 0000000028e67034 (rtnl_mutex){+.+.}, at: vlan_ioctl_handler+0xb7/0xf00 net/8021q/vlan.c:547 1 lock held by syz-executor.5/12826: #0: 0000000028e67034 (rtnl_mutex){+.+.}, at: do_ip_setsockopt.constprop.0+0x11c/0x3ba0 net/ipv4/ip_sockglue.c:642 1 lock held by syz-executor.5/12829: #0: 0000000028e67034 (rtnl_mutex){+.+.}, at: ip_mroute_setsockopt+0xab/0xe60 net/ipv4/ipmr.c:1384 1 lock held by syz-executor.5/12834: #0: 0000000028e67034 (rtnl_mutex){+.+.}, at: start_sync_thread+0x109/0x24a0 net/netfilter/ipvs/ip_vs_sync.c:1775 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1570 Comm: khungtaskd Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x63/0xa2 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1a6/0x1f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:203 [inline] watchdog+0x991/0xe60 kernel/hung_task.c:287 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 7796 Comm: in:imklog Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 RIP: 0010:gfpflags_to_migratetype include/linux/gfp.h:318 [inline] RIP: 0010:gfp_to_alloc_flags mm/page_alloc.c:3891 [inline] RIP: 0010:__alloc_pages_slowpath mm/page_alloc.c:4108 [inline] RIP: 0010:__alloc_pages_nodemask+0x6d9/0x2890 mm/page_alloc.c:4419 Code: 89 85 ec fd ff ff 89 d8 83 cf 40 25 00 00 01 00 89 bd fc fd ff ff 89 85 30 fe ff ff 89 f0 0f 45 c7 83 e0 bf 89 85 f8 fd ff ff <89> d8 c1 e8 03 83 e0 03 83 bd 94 fe ff ff 03 89 85 f4 fd ff ff b8 RSP: 0018:ffff8880ba007998 EFLAGS: 00000002 RAX: 0000000000000020 RBX: 00000000000d4220 RCX: ffffffff817f00f6 RDX: 0000000000000004 RSI: 0000000000000070 RDI: 0000000000000060 RBP: ffff8880ba007bb0 R08: 0000000000000000 R09: 0000000000000a97 R10: ffff88813fffb667 R11: 0000000000000000 R12: 0000000000000001 R13: ffff88813fffe5d0 R14: ffff888091dc6400 R15: ffff88813bff0940 FS: 00007f280535a700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fab997adffc CR3: 00000000b13b0000 CR4: 00000000003406f0 DR0: 0000000000000001 DR1: 0000000000000001 DR2: 0000000000000001 DR3: 0000000000000001 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: __alloc_pages include/linux/gfp.h:496 [inline] __alloc_pages_node include/linux/gfp.h:509 [inline] kmem_getpages mm/slab.c:1412 [inline] cache_grow_begin+0xa4/0x8a0 mm/slab.c:2682 cache_alloc_refill+0x273/0x340 mm/slab.c:3049 ____cache_alloc mm/slab.c:3132 [inline] slab_alloc_node mm/slab.c:3327 [inline] kmem_cache_alloc_node_trace+0x39e/0x3b0 mm/slab.c:3666 __do_kmalloc_node mm/slab.c:3688 [inline] __kmalloc_node_track_caller+0x38/0x70 mm/slab.c:3703 __kmalloc_reserve net/core/skbuff.c:137 [inline] __alloc_skb+0xae/0x560 net/core/skbuff.c:205 alloc_skb include/linux/skbuff.h:995 [inline] bcm_can_tx+0x259/0x800 net/can/bcm.c:287 bcm_tx_timeout_tsklet+0x1f0/0x3a0 net/can/bcm.c:414 tasklet_action_common.constprop.0+0x265/0x360 kernel/softirq.c:522 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:qlink_to_object mm/kasan/quarantine.c:136 [inline] RIP: 0010:qlink_free mm/kasan/quarantine.c:141 [inline] RIP: 0010:qlist_free_all+0x32/0x140 mm/kasan/quarantine.c:166 Code: 55 53 48 8b 1f 48 85 db 0f 84 08 01 00 00 48 89 f5 49 89 fd 48 85 ed 49 89 ee 0f 84 8b 00 00 00 49 63 86 fc 00 00 00 4c 8b 23 <48> 29 c3 48 83 3d 93 10 59 08 00 0f 84 e6 00 00 00 9c 58 0f 1f 44 RSP: 0018:ffff888090b777b8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000000 RBX: ffff88802edc4d00 RCX: ffffea0000bb7087 RDX: 0000000000000000 RSI: ffffffff812b5eca RDI: 0000000000000007 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000007 R11: 0000000000000000 R12: ffff88802edc3340 R13: ffff888090b777f0 R14: ffff8880b5b8fd80 R15: 0000000000000286 quarantine_reduce+0x1a9/0x230 mm/kasan/quarantine.c:259 kasan_kmalloc+0xa2/0x160 mm/kasan/kasan.c:538 kmem_cache_alloc_trace+0x12f/0x380 mm/slab.c:3625 kmalloc include/linux/slab.h:515 [inline] syslog_print kernel/printk/printk.c:1337 [inline] do_syslog.part.0+0x24f/0x1510 kernel/printk/printk.c:1505 do_syslog+0x49/0x60 kernel/printk/printk.c:1486 kmsg_read+0x8a/0xb0 fs/proc/kmsg.c:40 proc_reg_read+0x1bd/0x2d0 fs/proc/inode.c:231 __vfs_read+0xf7/0x750 fs/read_write.c:416 vfs_read+0x194/0x3c0 fs/read_write.c:452 ksys_read+0x12b/0x2a0 fs/read_write.c:579 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f280799d22d Code: c1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 4e fc ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 97 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007f2805339580 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f280799d22d RDX: 0000000000001fa0 RSI: 00007f2805339da0 RDI: 0000000000000004 RBP: 00005635a0c689d0 R08: 0000000000000000 R09: 0000000004000001 R10: 0000000000000001 R11: 0000000000000293 R12: 00007f2805339da0 R13: 0000000000001fa0 R14: 0000000000001f9f R15: 00007f2805339e20