ci starts bisection 2022-11-24 21:50:08.804207545 +0000 UTC m=+20724.187112885 bisecting cause commit starting from 08e8a949f684e1fbc4b1efd2337d72ec8f3613d9 building syzkaller on 62e26685e8dd4632201f7b840fcd1959f3423cb9 ensuring issue is reproducible on original commit 08e8a949f684e1fbc4b1efd2337d72ec8f3613d9 testing commit 08e8a949f684e1fbc4b1efd2337d72ec8f3613d9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a6af02e0d4489b727320ebdeddd483cac6eb70a72dcf18b92e4c8e6eb60ab375 run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in corrupted run #9: crashed: INFO: rcu detected stall in corrupted run #10: crashed: INFO: rcu detected stall in corrupted run #11: crashed: INFO: rcu detected stall in corrupted run #12: crashed: INFO: task hung in nfnetlink_rcv_msg run #13: crashed: INFO: task hung in nfnetlink_rcv_msg run #14: crashed: INFO: task hung in nfnetlink_rcv_msg run #15: crashed: INFO: task hung in nfnetlink_rcv_msg run #16: crashed: INFO: task hung in nfnetlink_rcv_msg run #17: crashed: INFO: task hung in nfnetlink_rcv_msg run #18: crashed: INFO: task hung in nfnetlink_rcv_msg run #19: crashed: INFO: task hung in nfnetlink_rcv_msg testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d0ec0037058f2660517313a3f0f34f35b222bfbcdcd29ccddcb669c033039fe7 run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: task hung in nfnetlink_rcv_msg run #6: crashed: INFO: task hung in nfnetlink_rcv_msg run #7: crashed: INFO: task hung in nfnetlink_rcv_msg run #8: crashed: INFO: task hung in nfnetlink_rcv_msg run #9: crashed: INFO: task hung in nfnetlink_rcv_msg testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8f05c23a8af80b8232f448356684765c2c8c344595f38a6b42d4d44f68f4b526 all runs: crashed: INFO: task hung in nfnetlink_rcv_msg testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 797fa439729dc5a4431417e2b54de489983e80e1d141978094d52fe489cf45e0 all runs: crashed: INFO: task hung in nfnetlink_rcv_msg testing release v5.17 testing commit f443e374ae131c168a065ea1748feac6b2e76613 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 69c3fbc98c1b1833295986249ce85a03fbe58bc091ae088be31b3d156af2ce2a failed: failed to create VM pool: failed to create GCE image: create image operation failed: &{Code:PERMISSIONS_ERROR ErrorDetails:[] Location: Message:Required 'read' permission for 'disks/ci-upstream-net-this-kasan-gce-bisect-job-bisect-job-image.tar.gz' ForceSendFields:[] NullFields:[]}. testing release v5.16 testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 762f714a8a548d352aff3620c030109b3e8c9faacb43992e8569b3edc244a7b7 all runs: crashed: INFO: task hung in nfnetlink_rcv_msg testing release v5.15 testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d68256d1632ea773fafb0fead67214755eb108c655f144e461a58ca4fd1622f6 all runs: crashed: INFO: task hung in nfnetlink_rcv_msg testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 87002f958ddf7cb31a7bba656a6fa08939640e815dbcd4a546fb99ec9fa92427 all runs: crashed: INFO: task hung in nfnetlink_rcv_msg testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c62e9c88a7021ef028f95684884550ff60bf4377f198419e733903a9c11e1b87 all runs: OK # git bisect start 7d2a07b769330c34b4deabeed939325c77a7ec2f 62fb9874f5da54fdb243003b386128037319b219 Bisecting: 7914 revisions left to test after this (roughly 13 steps) [406254918b232db198ed60f5bf1f8b84d96bca00] Merge tag 'perf-tools-for-v5.14-2021-07-01' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux testing commit 406254918b232db198ed60f5bf1f8b84d96bca00 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5388250762a1cb51ce2f5d1bc5eade7ca47ef0c73c021e498c22e20d60e05762 all runs: OK # git bisect good 406254918b232db198ed60f5bf1f8b84d96bca00 Bisecting: 3969 revisions left to test after this (roughly 12 steps) [4ea90317956718e0648e1f87e56530db809a5a04] Merge tag 'for-linus-5.14-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip testing commit 4ea90317956718e0648e1f87e56530db809a5a04 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 40c14e4be3e3fb24c5ecf19b486d7d28f0c4cacbf4a21e38176b84d5baea9ca9 run #0: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #2: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #3: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #4: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #5: boot failed: possible deadlock in fs_reclaim_acquire run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #9: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) # git bisect skip 4ea90317956718e0648e1f87e56530db809a5a04 Bisecting: 3969 revisions left to test after this (roughly 12 steps) [c1b8ac969febc8f413c4d71f0eefe2e107610449] pwm: tegra: Drop an if block with an always false condition testing commit c1b8ac969febc8f413c4d71f0eefe2e107610449 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d8b04893b960389380affd315a2b951ea9876f5da2226d2f26133367d1d0232f all runs: OK # git bisect good c1b8ac969febc8f413c4d71f0eefe2e107610449 Bisecting: 3937 revisions left to test after this (roughly 12 steps) [b5e6d1261e2090df1325e762669c8eab6d4fb2fb] Merge tag 'hwlock-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc testing commit b5e6d1261e2090df1325e762669c8eab6d4fb2fb gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5b420a13c773d70565060efde3692a6977f6538a018cea4c28eb633263d4b217 run #0: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #2: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #3: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #4: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #5: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #9: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) # git bisect skip b5e6d1261e2090df1325e762669c8eab6d4fb2fb Bisecting: 3937 revisions left to test after this (roughly 12 steps) [5a4e0f58e2d959e2de0f0f1ddaa169e60711d2f0] s390/ipl: use register pair instead of register asm testing commit 5a4e0f58e2d959e2de0f0f1ddaa169e60711d2f0 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 34a2eb4e41526658fb1002a4b635f54e3b3e7e582f0b203b8acd957d7382a8ec all runs: OK # git bisect good 5a4e0f58e2d959e2de0f0f1ddaa169e60711d2f0 Bisecting: 3929 revisions left to test after this (roughly 12 steps) [2de7e4f67599affc97132bd07e30e3bd59d0b777] ixgbevf: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops testing commit 2de7e4f67599affc97132bd07e30e3bd59d0b777 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 649f14e1f203a457955186d2d7c29321bb7a793899e393cb5977660fd71fbaab all runs: OK # git bisect good 2de7e4f67599affc97132bd07e30e3bd59d0b777 Bisecting: 3847 revisions left to test after this (roughly 12 steps) [d0fe3f47ef09bf5a74f7d20e129b2d15b4a824d0] Merge tag 'rproc-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc testing commit d0fe3f47ef09bf5a74f7d20e129b2d15b4a824d0 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5b420a13c773d70565060efde3692a6977f6538a018cea4c28eb633263d4b217 run #0: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #1: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #2: boot failed: possible deadlock in fs_reclaim_acquire run #3: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #4: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #5: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #9: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) # git bisect skip d0fe3f47ef09bf5a74f7d20e129b2d15b4a824d0 Bisecting: 3847 revisions left to test after this (roughly 12 steps) [8b95a7d90ce8160ac5cffd5bace6e2eba01a871e] ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1 testing commit 8b95a7d90ce8160ac5cffd5bace6e2eba01a871e gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 331a4a037c37f3cc124abbbf305d9a2ad00a0da24f6d229e367543331c3af6b7 failed: failed to create VM pool: failed to create GCE image: create image operation failed: &{Code:PERMISSIONS_ERROR ErrorDetails:[] Location: Message:Required 'read' permission for 'disks/ci-upstream-net-this-kasan-gce-bisect-job-bisect-job-image.tar.gz' ForceSendFields:[] NullFields:[]}. # git bisect skip 8b95a7d90ce8160ac5cffd5bace6e2eba01a871e Bisecting: 3847 revisions left to test after this (roughly 12 steps) [5ad4df56cd2158965f73416d41fce37906724822] smb3: rc uninitialized in one fallocate path testing commit 5ad4df56cd2158965f73416d41fce37906724822 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 590a8f446aa54b00178b584a4f39d96b9213241e38585356584f0f51ff3015a8 all runs: OK # git bisect good 5ad4df56cd2158965f73416d41fce37906724822 Bisecting: 627 revisions left to test after this (roughly 9 steps) [59cd4f435ee972b8fb87d50ea36d76929aabf3a3] Merge tag 'sound-5.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 59cd4f435ee972b8fb87d50ea36d76929aabf3a3 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: dc5f5c3bd54d5ffe650d921d8d8925589cae5fe526527f70d001ab9bc37d127d all runs: OK # git bisect good 59cd4f435ee972b8fb87d50ea36d76929aabf3a3 Bisecting: 317 revisions left to test after this (roughly 8 steps) [e649e4c806b4ee41120bc51ee6698e87b3edc1fc] Merge tag 'platform-drivers-x86-v5.14-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 testing commit e649e4c806b4ee41120bc51ee6698e87b3edc1fc gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f2f5c88b29bcda6b9643815a7d2e8fa8277884cf2b5977f50d6d63326abf7af9 all runs: crashed: INFO: task hung in nfnetlink_rcv_msg # git bisect bad e649e4c806b4ee41120bc51ee6698e87b3edc1fc Bisecting: 152 revisions left to test after this (roughly 7 steps) [27b2eaa1180ed0e0e3fd0c829e230b6bffd76ba5] Merge tag '5.14-rc5-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 testing commit 27b2eaa1180ed0e0e3fd0c829e230b6bffd76ba5 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1aff15a73bb9b1588d801d7a2b06ee9337342c907e11a0014e8d45023c34c33a all runs: crashed: INFO: task hung in nfnetlink_rcv_msg # git bisect bad 27b2eaa1180ed0e0e3fd0c829e230b6bffd76ba5 Bisecting: 80 revisions left to test after this (roughly 6 steps) [09c7fd521879650e24ab774f717234b6da328678] Merge branch 'fdb-backpressure-fixes' testing commit 09c7fd521879650e24ab774f717234b6da328678 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 493a52d11155c8c5de947af8416de5159302f37323ad936600803b17662027ae all runs: crashed: INFO: task hung in nfnetlink_rcv_msg # git bisect bad 09c7fd521879650e24ab774f717234b6da328678 Bisecting: 37 revisions left to test after this (roughly 5 steps) [d09c548dbf3b31cb07bba562e0f452edfa01efe3] net: sched: act_mirred: Reset ct info when mirror/redirect skb testing commit d09c548dbf3b31cb07bba562e0f452edfa01efe3 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 122f219916815786cecbfd6156c67c78e156cfb143e9e2c2ababe1dc77e6a5b1 all runs: crashed: INFO: task hung in nfnetlink_rcv_msg # git bisect bad d09c548dbf3b31cb07bba562e0f452edfa01efe3 Bisecting: 18 revisions left to test after this (roughly 4 steps) [9c40186488145b57f800de120f0872168772adfe] r8169: change the L0/L1 entrance latencies for RTL8106e testing commit 9c40186488145b57f800de120f0872168772adfe gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1e0e959e6e06a629c8046f6eb3a12f24b00e02532d54f6fd0e06cef2ba6e61ca all runs: crashed: INFO: task hung in nfnetlink_rcv_msg # git bisect bad 9c40186488145b57f800de120f0872168772adfe Bisecting: 9 revisions left to test after this (roughly 3 steps) [269fc69533de73a9065c0b7971bcd109880290b3] netfilter: nfnetlink_hook: translate inet ingress to netdev testing commit 269fc69533de73a9065c0b7971bcd109880290b3 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e89c31d13ce534a59c4302d9f39a1860a8362f62d706e8960e6a0faeb85fe054 all runs: crashed: INFO: task hung in nfnetlink_rcv_msg # git bisect bad 269fc69533de73a9065c0b7971bcd109880290b3 Bisecting: 4 revisions left to test after this (roughly 2 steps) [61e0c2bc555a194ada2632fadac73f2bdb5df9cb] netfilter: nfnetlink_hook: strip off module name from hookfn testing commit 61e0c2bc555a194ada2632fadac73f2bdb5df9cb gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 82151787b75af444744cfb78a6e2766a5cf45a94307c4cc5661d07a909b77e26 all runs: crashed: INFO: task hung in nfnetlink_rcv_msg # git bisect bad 61e0c2bc555a194ada2632fadac73f2bdb5df9cb Bisecting: 1 revision left to test after this (roughly 1 step) [38ea9def5b62f9193f6bad96c5d108e2830ecbde] netfilter: nf_conntrack_bridge: Fix memory leak when error testing commit 38ea9def5b62f9193f6bad96c5d108e2830ecbde gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8611d08b2270a9cc5b824d20fac3571b6cf727770b479ce13247ab91db86129b all runs: crashed: INFO: task hung in nfnetlink_rcv_msg # git bisect bad 38ea9def5b62f9193f6bad96c5d108e2830ecbde Bisecting: 0 revisions left to test after this (roughly 0 steps) [5f7b51bf09baca8e4f80cbe879536842bafb5f31] netfilter: ipset: Limit the maximal range of consecutive elements to add/delete testing commit 5f7b51bf09baca8e4f80cbe879536842bafb5f31 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1598771a87501514759de752064dd73a69ed70ab057b3f8ab61428e923797a1c all runs: crashed: INFO: task hung in nfnetlink_rcv_msg # git bisect bad 5f7b51bf09baca8e4f80cbe879536842bafb5f31 5f7b51bf09baca8e4f80cbe879536842bafb5f31 is the first bad commit commit 5f7b51bf09baca8e4f80cbe879536842bafb5f31 Author: Jozsef Kadlecsik Date: Wed Jul 28 17:01:15 2021 +0200 netfilter: ipset: Limit the maximal range of consecutive elements to add/delete The range size of consecutive elements were not limited. Thus one could define a huge range which may result soft lockup errors due to the long execution time. Now the range size is limited to 2^20 entries. Reported-by: Brad Spengler Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso include/linux/netfilter/ipset/ip_set.h | 3 +++ net/netfilter/ipset/ip_set_hash_ip.c | 9 ++++++++- net/netfilter/ipset/ip_set_hash_ipmark.c | 10 +++++++++- net/netfilter/ipset/ip_set_hash_ipport.c | 3 +++ net/netfilter/ipset/ip_set_hash_ipportip.c | 3 +++ net/netfilter/ipset/ip_set_hash_ipportnet.c | 3 +++ net/netfilter/ipset/ip_set_hash_net.c | 11 ++++++++++- net/netfilter/ipset/ip_set_hash_netiface.c | 10 +++++++++- net/netfilter/ipset/ip_set_hash_netnet.c | 16 +++++++++++++++- net/netfilter/ipset/ip_set_hash_netport.c | 11 ++++++++++- net/netfilter/ipset/ip_set_hash_netportnet.c | 16 +++++++++++++++- 11 files changed, 88 insertions(+), 7 deletions(-) parent commit c7d102232649226a69dddd58a4942cf13cff4f7c wasn't tested testing commit c7d102232649226a69dddd58a4942cf13cff4f7c gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 864f24dc4650b78d1bbe76bff31a5dd97152d5a1988e19c0d51b4322927d7b0f culprit signature: 1598771a87501514759de752064dd73a69ed70ab057b3f8ab61428e923797a1c parent signature: 864f24dc4650b78d1bbe76bff31a5dd97152d5a1988e19c0d51b4322927d7b0f revisions tested: 28, total time: 6h43m17.39555389s (build: 3h19m45.87210532s, test: 3h19m22.666151548s) first bad commit: 5f7b51bf09baca8e4f80cbe879536842bafb5f31 netfilter: ipset: Limit the maximal range of consecutive elements to add/delete recipients (to): ["coreteam@netfilter.org" "davem@davemloft.net" "fw@strlen.de" "kadlec@netfilter.org" "kadlec@netfilter.org" "kuba@kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pablo@netfilter.org" "pablo@netfilter.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: INFO: task hung in nfnetlink_rcv_msg INFO: task syz-executor.4:6248 blocked for more than 143 seconds. Not tainted 5.14.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.4 state:D stack:26848 pid: 6248 ppid: 5817 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4683 [inline] __schedule+0xaff/0x5910 kernel/sched/core.c:5940 schedule+0xd3/0x270 kernel/sched/core.c:6019 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6078 __mutex_lock_common kernel/locking/mutex.c:1036 [inline] __mutex_lock+0x7b6/0x10a0 kernel/locking/mutex.c:1104 nfnl_lock net/netfilter/nfnetlink.c:93 [inline] nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 netlink_rcv_skb+0x118/0x370 net/netlink/af_netlink.c:2504 nfnetlink_rcv+0x143/0x340 net/netfilter/nfnetlink.c:654 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] netlink_unicast+0x42e/0x700 net/netlink/af_netlink.c:1340 netlink_sendmsg+0x704/0xbf0 net/netlink/af_netlink.c:1929 sock_sendmsg_nosec net/socket.c:703 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:723 ____sys_sendmsg+0x5bf/0x7a0 net/socket.c:2392 ___sys_sendmsg+0xd3/0x150 net/socket.c:2446 __sys_sendmsg+0xb2/0x140 net/socket.c:2475 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fe7c8a350d9 RSP: 002b:00007fe7c7da7168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fe7c8b54f80 RCX: 00007fe7c8a350d9 RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 RBP: 00007fe7c8a90ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffd17b8b2f R14: 00007fe7c7da7300 R15: 0000000000022000 INFO: task syz-executor.4:6250 blocked for more than 144 seconds. Not tainted 5.14.0-rc3-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.4 state:D stack:28032 pid: 6250 ppid: 5817 flags:0x00000004 Call Trace: context_switch kernel/sched/core.c:4683 [inline] __schedule+0xaff/0x5910 kernel/sched/core.c:5940 schedule+0xd3/0x270 kernel/sched/core.c:6019 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6078 __mutex_lock_common kernel/locking/mutex.c:1036 [inline] __mutex_lock+0x7b6/0x10a0 kernel/locking/mutex.c:1104 nfnl_lock net/netfilter/nfnetlink.c:93 [inline] nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 netlink_rcv_skb+0x118/0x370 net/netlink/af_netlink.c:2504 nfnetlink_rcv+0x143/0x340 net/netfilter/nfnetlink.c:654 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] netlink_unicast+0x42e/0x700 net/netlink/af_netlink.c:1340 netlink_sendmsg+0x704/0xbf0 net/netlink/af_netlink.c:1929 sock_sendmsg_nosec net/socket.c:703 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:723 ____sys_sendmsg+0x5bf/0x7a0 net/socket.c:2392 ___sys_sendmsg+0xd3/0x150 net/socket.c:2446 __sys_sendmsg+0xb2/0x140 net/socket.c:2475 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fe7c8a350d9 RSP: 002b:00007fe7c7d86168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fe7c8b55050 RCX: 00007fe7c8a350d9 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 RBP: 00007fe7c8a90ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffd17b8b2f R14: 00007fe7c7d86300 R15: 0000000000022000 Showing all locks held in the system: 4 locks held by kworker/u4:5/255: #0: ffff88814011b138 ((wq_completion)netns){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff88814011b138 ((wq_completion)netns){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:620 [inline] #0: ffff88814011b138 ((wq_completion)netns){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff88814011b138 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:617 [inline] #0: ffff88814011b138 ((wq_completion)netns){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: ffff88814011b138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x771/0x13d0 kernel/workqueue.c:2247 #1: ffffc9000178fdb8 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x79e/0x13d0 kernel/workqueue.c:2251 #2: ffffffff8c490810 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x97/0x990 net/core/net_namespace.c:557 #3: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: ip_set_net_exit+0x103/0x440 net/netfilter/ipset/ip_set_core.c:2343 1 lock held by khungtaskd/1635: #0: ffffffff8ad75440 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446 3 locks held by kworker/0:3/3162: #0: ffff8880272ccd38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880272ccd38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:620 [inline] #0: ffff8880272ccd38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff8880272ccd38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:617 [inline] #0: ffff8880272ccd38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: ffff8880272ccd38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x771/0x13d0 kernel/workqueue.c:2247 #1: ffffc90002b27db8 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x79e/0x13d0 kernel/workqueue.c:2251 #2: ffffffff8c4a3188 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0x9f/0x11a0 net/ipv6/addrconf.c:4031 2 locks held by getty/5139: #0: ffff888147a75098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252 #1: ffffc900016062e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x9e1/0xee0 drivers/tty/n_tty.c:2113 3 locks held by kworker/0:5/5481: #0: ffff888010864d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010864d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:620 [inline] #0: ffff888010864d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888010864d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:617 [inline] #0: ffff888010864d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: ffff888010864d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x771/0x13d0 kernel/workqueue.c:2247 #1: ffffc9000177fdb8 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x79e/0x13d0 kernel/workqueue.c:2251 #2: ffff88801cf123c0 (&nsim_dev->port_list_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x58/0xb50 drivers/net/netdevsim/dev.c:757 2 locks held by kworker/0:6/5482: #0: ffff888010866538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010866538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:620 [inline] #0: ffff888010866538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888010866538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:617 [inline] #0: ffff888010866538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: ffff888010866538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x771/0x13d0 kernel/workqueue.c:2247 #1: ffffc9000179fdb8 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x79e/0x13d0 kernel/workqueue.c:2251 3 locks held by kworker/1:4/5924: #0: ffff888010864d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010864d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:620 [inline] #0: ffff888010864d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888010864d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:617 [inline] #0: ffff888010864d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: ffff888010864d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x771/0x13d0 kernel/workqueue.c:2247 #1: ffffc90001befdb8 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x79e/0x13d0 kernel/workqueue.c:2251 #2: ffffffff8c4a3188 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0x5/0x50 net/core/link_watch.c:250 3 locks held by kworker/1:8/5992: #0: ffff8880272ccd38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880272ccd38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:620 [inline] #0: ffff8880272ccd38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff8880272ccd38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:617 [inline] #0: ffff8880272ccd38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: ffff8880272ccd38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x771/0x13d0 kernel/workqueue.c:2247 #1: ffffc9000166fdb8 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x79e/0x13d0 kernel/workqueue.c:2251 #2: ffffffff8c4a3188 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0x9f/0x11a0 net/ipv6/addrconf.c:4031 3 locks held by syz-executor.0/6239: 1 lock held by syz-executor.4/6248: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.4/6250: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.2/6586: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.2/6587: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.3/6809: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.3/6810: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.1/6842: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.1/6843: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.5/6846: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.5/6849: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.0/6852: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.0/6854: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.4/6853: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.4/6855: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.2/6871: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.2/6872: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.3/6894: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.3/6895: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.5/6910: #0: ffffffff8c4a3188 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8c4a3188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x2d2/0x8d0 net/core/rtnetlink.c:5571 1 lock held by syz-executor.0/6914: #0: ffffffff8c4a3188 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8c4a3188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x2d2/0x8d0 net/core/rtnetlink.c:5571 1 lock held by syz-executor.4/6915: #0: ffffffff8c4a3188 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8c4a3188 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x2d2/0x8d0 net/core/rtnetlink.c:5571 8 locks held by syz-executor.2/6940: #0: ffff88802867a460 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0xf4/0x1d0 fs/read_write.c:658 #1: ffff88801f9ecc88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x214/0x460 fs/kernfs/file.c:287 #2: ffff8880149af490 (kn->active#164){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x238/0x460 fs/kernfs/file.c:288 #3: ffffffff8bc21a28 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0x97/0x450 drivers/net/netdevsim/bus.c:340 #4: ffff888046147178 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:754 [inline] #4: ffff888046147178 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1028 [inline] #4: ffff888046147178 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal drivers/base/dd.c:1229 [inline] #4: ffff888046147178 (&dev->mutex){....}-{3:3}, at: device_release_driver+0x17/0x30 drivers/base/dd.c:1255 #5: ffff88801cf123c0 (&nsim_dev->port_list_lock){+.+.}-{3:3}, at: nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1342 [inline] #5: ffff88801cf123c0 (&nsim_dev->port_list_lock){+.+.}-{3:3}, at: nsim_dev_reload_destroy+0x117/0x2d0 drivers/net/netdevsim/dev.c:1544 #6: ffffffff8c4a3188 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x30/0x160 drivers/net/netdevsim/netdev.c:380 #7: ffffffff8ad7e8a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline] #7: ffffffff8ad7e8a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4fc/0x620 kernel/rcu/tree_exp.h:837 1 lock held by syz-executor.1/6947: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 1 lock held by syz-executor.1/6948: #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnl_lock net/netfilter/nfnetlink.c:93 [inline] #0: ffffffff902feb58 (nfnl_subsys_ipset){+.+.}-{3:3}, at: nfnetlink_rcv_msg+0x83b/0xf80 net/netfilter/nfnetlink.c:290 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1635 Comm: khungtaskd Not tainted 5.14.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105 nmi_cpu_backtrace.cold+0x30/0x99 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x11f/0x170 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0x92e/0xc40 kernel/hung_task.c:295 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 10 Comm: kworker/u4:1 Not tainted 5.14.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Workqueue: bat_events batadv_nc_worker RIP: 0010:__preempt_count_dec_and_test arch/x86/include/asm/preempt.h:95 [inline] RIP: 0010:rcu_is_watching+0x7f/0xc0 kernel/rcu/tree.c:1161 Code: 01 00 00 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1f 8b 83 48 01 00 00 d1 e8 83 e0 01 <65> ff 0d 5a 9b a8 7e 74 03 5b 5d c3 e8 2f e7 a6 ff 5b 5d c3 e8 c8 RSP: 0018:ffffc90000cf7c80 EFLAGS: 00000202 RAX: 0000000000000001 RBX: ffff8880b9c528c0 RCX: 6870606ac1602adc RDX: 0000000000000000 RSI: ffffffff893e2e20 RDI: ffff8880b9c52a08 RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8f6b4967 R10: fffffbfff1ed692c R11: ffff8880b9d40288 R12: dffffc0000000000 R13: ffff888029918c00 R14: ffff888029919658 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9b4932d300 CR3: 0000000026c56000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rcu_read_unlock include/linux/rcupdate.h:716 [inline] batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline] batadv_nc_worker+0x5d0/0xcc0 net/batman-adv/network-coding.c:715 process_one_work+0x84c/0x13d0 kernel/workqueue.c:2276 worker_thread+0x598/0x1040 kernel/workqueue.c:2422 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295