Extracting prog: 19m53.685763058s
Minimizing prog: 1h32m56.098464918s
Simplifying prog options: 18m29.597007558s
Extracting C: 6m3.424282126s
Simplifying C: 0s
extracting reproducer from 25 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): write$auto-mmap$auto-prctl$auto-mlockall$auto-mmap$auto-select$auto-faccessat2$auto
detailed listing:
executing program 0:
write$auto(0x4, 0x0, 0x100082)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x0, 0x3, 0x2a)
mlockall$auto(0x7)
mmap$auto(0x6000000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
select$auto(0x8, 0x0, 0x0, 0x0, 0x0)
faccessat2$auto(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x100, 0x1ff)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-sendmsg$auto_SMC_NETLINK_REMOVE_UEID-socket-connect$auto-prctl$auto-sendfile$auto-recvmmsg$auto-sendmmsg$auto-prctl$auto-ioctl$auto_NS_GET_PID_IN_PIDNS-socket$nl_generic-openat$auto_snd_pcm_oss_f_reg_pcm_oss-ioctl$auto_SNDCTL_DSP_GETODELAY-openat$auto_split_huge_pages_fops_huge_memory-mmap$auto-sendmsg$auto_NBD_CMD_DISCONNECT-kexec_load$auto-mmap$auto-mmap$auto-close_range$auto-socket$nl_generic-openat$auto_evdev_fops_evdev-ioctl$auto_EVIOCGMASK-ioctl$auto-ioctl$auto-prctl$auto-openat$auto_v4l2_fops_v4l2_dev-ioctl$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x200000000000404, 0x0)
sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x20000000)
socket(0x2, 0x3, 0xa)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100)
ioctl$auto_NS_GET_PID_IN_PIDNS(r0, 0x8004b708, &(0x7f00000000c0)=0x33a)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1\x00', 0x1, 0x0)
ioctl$auto_SNDCTL_DSP_GETODELAY(r1, 0x80045017, &(0x7f0000000c00))
openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x2404c800)
kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
ioctl$auto_EVIOCGMASK(r3, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x105})
ioctl$auto(r2, 0x80004509, 0x10000000000402)
ioctl$auto(0x3, 0x800005411, 0x38)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev1\x00', 0x0, 0x0)
ioctl$auto(r4, 0xc0945662, r4)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-fchdir$auto-mmap$auto-sysfs$auto-openat$auto_uinput_fops_uinput-rename$auto-socket-openat$auto_nsim_dev_health_break_fops_health-write$auto-sendmsg$auto_NL80211_CMD_GET_REG-syz_genetlink_get_family_id$auto_ethtool-ioctl$auto-socketpair$auto-syz_genetlink_get_family_id$auto_tcp_metrics-ioctl$auto_SNDRV_PCM_IOCTL_CHANNEL_INFO
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
fchdir$auto(r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
rename$auto(&(0x7f0000000040)='./cgroup\x00', 0x0)
r2 = socket(0x10, 0x2, 0x0)
r3 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r3, 0x0, 0x1ff)
sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='$\x00', @ANYBLOB=']'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), r2)
ioctl$auto(r1, 0xf, r0)
r4 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000180), r4)
ioctl$auto_SNDRV_PCM_IOCTL_CHANNEL_INFO(r4, 0x80184132, &(0x7f00000000c0)={0x7fe, 0xb9f, 0x8001, 0x3f})
program crashed: INFO: task hung in remove_one
single: successfully extracted reproducer
found reproducer with 15 syscalls
minimizing guilty program
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-fchdir$auto-mmap$auto-sysfs$auto-openat$auto_uinput_fops_uinput-rename$auto-socket-openat$auto_nsim_dev_health_break_fops_health-write$auto-sendmsg$auto_NL80211_CMD_GET_REG-syz_genetlink_get_family_id$auto_ethtool-ioctl$auto-socketpair$auto-syz_genetlink_get_family_id$auto_tcp_metrics
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
fchdir$auto(r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
rename$auto(&(0x7f0000000040)='./cgroup\x00', 0x0)
r2 = socket(0x10, 0x2, 0x0)
r3 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r3, 0x0, 0x1ff)
sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='$\x00', @ANYBLOB=']'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), r2)
ioctl$auto(r1, 0xf, r0)
r4 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000180), r4)
program crashed: INFO: task hung in remove_one
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-fchdir$auto-mmap$auto-sysfs$auto-openat$auto_uinput_fops_uinput-rename$auto-socket-openat$auto_nsim_dev_health_break_fops_health-write$auto-sendmsg$auto_NL80211_CMD_GET_REG-syz_genetlink_get_family_id$auto_ethtool-ioctl$auto-socketpair$auto
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
fchdir$auto(r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
rename$auto(&(0x7f0000000040)='./cgroup\x00', 0x0)
r2 = socket(0x10, 0x2, 0x0)
r3 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r3, 0x0, 0x1ff)
sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='$\x00', @ANYBLOB=']'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), r2)
ioctl$auto(r1, 0xf, r0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
program crashed: INFO: task hung in remove_one
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-fchdir$auto-mmap$auto-sysfs$auto-openat$auto_uinput_fops_uinput-rename$auto-socket-openat$auto_nsim_dev_health_break_fops_health-write$auto-sendmsg$auto_NL80211_CMD_GET_REG-syz_genetlink_get_family_id$auto_ethtool-ioctl$auto
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
fchdir$auto(r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
rename$auto(&(0x7f0000000040)='./cgroup\x00', 0x0)
r2 = socket(0x10, 0x2, 0x0)
r3 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r3, 0x0, 0x1ff)
sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='$\x00', @ANYBLOB=']'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), r2)
ioctl$auto(r1, 0xf, r0)
program crashed: INFO: task hung in remove_one
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-fchdir$auto-mmap$auto-sysfs$auto-openat$auto_uinput_fops_uinput-rename$auto-socket-openat$auto_nsim_dev_health_break_fops_health-write$auto-sendmsg$auto_NL80211_CMD_GET_REG-syz_genetlink_get_family_id$auto_ethtool
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
fchdir$auto(r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
rename$auto(&(0x7f0000000040)='./cgroup\x00', 0x0)
r1 = socket(0x10, 0x2, 0x0)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r2, 0x0, 0x1ff)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='$\x00', @ANYBLOB=']'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), r1)
program crashed: INFO: task hung in remove_one
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-fchdir$auto-mmap$auto-sysfs$auto-openat$auto_uinput_fops_uinput-rename$auto-socket-openat$auto_nsim_dev_health_break_fops_health-write$auto-sendmsg$auto_NL80211_CMD_GET_REG
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
fchdir$auto(r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
rename$auto(&(0x7f0000000040)='./cgroup\x00', 0x0)
r1 = socket(0x10, 0x2, 0x0)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r2, 0x0, 0x1ff)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='$\x00', @ANYBLOB=']'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)
program crashed: INFO: task hung in remove_one
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-fchdir$auto-mmap$auto-sysfs$auto-openat$auto_uinput_fops_uinput-rename$auto-socket-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
fchdir$auto(r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
rename$auto(&(0x7f0000000040)='./cgroup\x00', 0x0)
socket(0x10, 0x2, 0x0)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r1, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-fchdir$auto-mmap$auto-sysfs$auto-openat$auto_uinput_fops_uinput-rename$auto-socket-openat$auto_nsim_dev_health_break_fops_health
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
fchdir$auto(r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
rename$auto(&(0x7f0000000040)='./cgroup\x00', 0x0)
socket(0x10, 0x2, 0x0)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
program did not crash
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-fchdir$auto-mmap$auto-sysfs$auto-openat$auto_uinput_fops_uinput-rename$auto-socket-write$auto
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
fchdir$auto(r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
rename$auto(&(0x7f0000000040)='./cgroup\x00', 0x0)
socket(0x10, 0x2, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x1ff)
program did not crash
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-fchdir$auto-mmap$auto-sysfs$auto-openat$auto_uinput_fops_uinput-rename$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
fchdir$auto(r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
rename$auto(&(0x7f0000000040)='./cgroup\x00', 0x0)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r1, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-fchdir$auto-mmap$auto-sysfs$auto-openat$auto_uinput_fops_uinput-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
fchdir$auto(r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r1, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-fchdir$auto-mmap$auto-sysfs$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
fchdir$auto(r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sysfs$auto(0x2, 0x0, 0x0)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r1, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-fchdir$auto-mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
fchdir$auto(r0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r1, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-fchdir$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080))
fchdir$auto(r0)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r1, 0x0, 0x1ff)
program did not crash
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
syz_open_procfs$namespace(0x0, &(0x7f0000000080))
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, 0x0, 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program did not crash
extracting C reproducer
testing compiled C program (duration=7m13.075221336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=7m13.075221336s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
extracting C reproducer
testing compiled C program (duration=7m13.075221336s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing program (duration=7m13.075221336s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program did not crash
testing program (duration=7m13.075221336s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
validation run: crashed=true
testing program (duration=7m13.075221336s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
validation run: crashed=true
testing program (duration=7m13.075221336s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
validation run: crashed=true
reproducing took 2h33m16.242778766s
repro crashed as (corrupted=false):
INFO: task kworker/u8:2:36 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:2 state:D stack:23624 pid:36 tgid:36 ppid:2 task_flags:0x4208160 flags:0x00080000
Workqueue: netns cleanup_net
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_timeout+0x257/0x290 kernel/time/sleep_timeout.c:75
do_wait_for_common kernel/sched/completion.c:100 [inline]
__wait_for_common+0x2fc/0x4e0 kernel/sched/completion.c:121
__debugfs_file_removed fs/debugfs/inode.c:770 [inline]
remove_one+0x312/0x420 fs/debugfs/inode.c:777
__simple_recursive_removal+0x15b/0x610 fs/libfs.c:631
debugfs_remove+0x5d/0x80 fs/debugfs/inode.c:800
nsim_dev_health_exit+0x3b/0xe0 drivers/net/netdevsim/health.c:227
nsim_dev_reload_destroy+0x144/0x4d0 drivers/net/netdevsim/dev.c:1710
nsim_dev_reload_down+0x6e/0xd0 drivers/net/netdevsim/dev.c:983
devlink_reload+0x1a1/0x7c0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1a0/0x2b0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0xab0 net/core/net_namespace.c:234
cleanup_net+0x41b/0x8b0 net/core/net_namespace.c:695
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task syz-executor:8963 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:24136 pid:8963 tgid:8963 ppid:1 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x818/0x1060 kernel/locking/mutex.c:760
device_lock include/linux/device.h:914 [inline]
device_del+0xa0/0x9f0 drivers/base/core.c:3840
device_unregister+0x1d/0xc0 drivers/base/core.c:3919
nsim_bus_dev_del drivers/net/netdevsim/bus.c:483 [inline]
del_device_store+0x355/0x4a0 drivers/net/netdevsim/bus.c:244
bus_attr_store+0x74/0xb0 drivers/base/bus.c:172
sysfs_kf_write+0xf2/0x150 fs/sysfs/file.c:142
kernfs_fop_write_iter+0x3af/0x570 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x7d3/0x11d0 fs/read_write.c:686
ksys_write+0x12a/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff89a38e17f
RSP: 002b:00007ffe8bdbcf50 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007ff89a38e17f
RDX: 0000000000000001 RSI: 00007ffe8bdbcfa0 RDI: 0000000000000005
RBP: 00007ff89a4132cb R08: 0000000000000000 R09: 00007ffe8bdbcda7
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 00007ffe8bdbcfa0 R14: 00007ff89b114620 R15: 0000000000000003
INFO: task syz.0.2878:8970 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.2878 state:D stack:27320 pid:8970 tgid:8970 ppid:8403 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x818/0x1060 kernel/locking/mutex.c:760
devlink_health_report+0x6b4/0xb00 net/devlink/health.c:680
nsim_dev_health_break_write+0x166/0x210 drivers/net/netdevsim/health.c:162
full_proxy_write+0x131/0x1a0 fs/debugfs/file.c:388
vfs_write+0x2a0/0x11d0 fs/read_write.c:684
ksys_write+0x12a/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f700058f6c9
RSP: 002b:00007ffd27718d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f70007e5fa0 RCX: 00007f700058f6c9
RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f7000611f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f70007e5fa0 R14: 00007f70007e5fa0 R15: 0000000000000003
INFO: task syz.1.2912:9008 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.2912 state:D stack:28680 pid:9008 tgid:9008 ppid:5949 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
rwsem_down_read_slowpath+0x64b/0xbf0 kernel/locking/rwsem.c:1086
__down_read_common kernel/locking/rwsem.c:1261 [inline]
__down_read kernel/locking/rwsem.c:1274 [inline]
down_read+0xef/0x480 kernel/locking/rwsem.c:1539
inode_lock_shared include/linux/fs.h:995 [inline]
open_last_lookups fs/namei.c:3894 [inline]
path_openat+0x818/0x2cb0 fs/namei.c:4131
do_filp_open+0x20b/0x470 fs/namei.c:4161
do_sys_openat2+0x11b/0x1d0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_openat fs/open.c:1468 [inline]
__se_sys_openat fs/open.c:1463 [inline]
__x64_sys_openat+0x174/0x210 fs/open.c:1463
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7faca258f6c9
RSP: 002b:00007ffc6d5f4d28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007faca27e5fa0 RCX: 00007faca258f6c9
RDX: 0000000000048081 RSI: 0000200000000000 RDI: ffffffffffffff9c
RBP: 00007faca2611f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007faca27e5fa0 R14: 00007faca27e5fa0 R15: 0000000000000004
INFO: task syz.3.2913:9009 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.2913 state:D stack:28424 pid:9009 tgid:9009 ppid:5948 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
rwsem_down_read_slowpath+0x64b/0xbf0 kernel/locking/rwsem.c:1086
__down_read_common kernel/locking/rwsem.c:1261 [inline]
__down_read kernel/locking/rwsem.c:1274 [inline]
down_read+0xef/0x480 kernel/locking/rwsem.c:1539
inode_lock_shared include/linux/fs.h:995 [inline]
open_last_lookups fs/namei.c:3894 [inline]
path_openat+0x818/0x2cb0 fs/namei.c:4131
do_filp_open+0x20b/0x470 fs/namei.c:4161
do_sys_openat2+0x11b/0x1d0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_openat fs/open.c:1468 [inline]
__se_sys_openat fs/open.c:1463 [inline]
__x64_sys_openat+0x174/0x210 fs/open.c:1463
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc78818f6c9
RSP: 002b:00007fff791e4798 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fc7883e5fa0 RCX: 00007fc78818f6c9
RDX: 0000000000048081 RSI: 0000200000000000 RDI: ffffffffffffff9c
RBP: 00007fc788211f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc7883e5fa0 R14: 00007fc7883e5fa0 R15: 0000000000000004
Showing all locks held in the system:
3 locks held by kworker/u8:0/12:
#0: ffff8880b853a4d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:638
#1: ffff8880b8524088 (psi_seq){-.-.}-{0:0}, at: psi_sched_switch kernel/sched/stats.h:220 [inline]
#1: ffff8880b8524088 (psi_seq){-.-.}-{0:0}, at: __schedule+0x1861/0x5de0 kernel/sched/core.c:6923
#2: ffff8880b8525b18 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x127/0x1d0 kernel/time/timer.c:1004
1 lock held by khungtaskd/31:
#0: ffffffff8e3c45e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8e3c45e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#0: ffffffff8e3c45e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775
6 locks held by kworker/u8:2/36:
#0: ffff88801ba9f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3238
#1: ffffc90000ac7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3239
#2: ffffffff900d49d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x8b0 net/core/net_namespace.c:669
#3: ffff8880769470e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:914 [inline]
#3: ffff8880769470e8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
#3: ffff8880769470e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x12c/0x2b0 net/devlink/core.c:506
#4: ffff888033560250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
#4: ffff888033560250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
#4: ffff888033560250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x136/0x2b0 net/devlink/core.c:506
#5: ffff88805f431060 (&sb->s_type->i_mutex_key#3/2){+.+.}-{4:4}, at: inode_lock_nested include/linux/fs.h:1025 [inline]
#5: ffff88805f431060 (&sb->s_type->i_mutex_key#3/2){+.+.}-{4:4}, at: __simple_recursive_removal+0x354/0x610 fs/libfs.c:627
2 locks held by getty/5591:
#0: ffff8880345450a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222
5 locks held by syz-executor/8963:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888028dfa888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
#4: ffff8880769470e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:914 [inline]
#4: ffff8880769470e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa0/0x9f0 drivers/base/core.c:3840
2 locks held by syz.0.2878/8970:
#0: ffff888140ad4420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888033560250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_health_report+0x6b4/0xb00 net/devlink/health.c:680
2 locks held by syz.1.2912/9008:
#0: ffff888140ad4420 (sb_writers#8){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3884 [inline]
#0: ffff888140ad4420 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x1ec8/0x2cb0 fs/namei.c:4131
#1: ffff88805f431060 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:995 [inline]
#1: ffff88805f431060 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3894 [inline]
#1: ffff88805f431060 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 fs/namei.c:4131
2 locks held by syz.3.2913/9009:
#0: ffff888140ad4420 (sb_writers#8){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3884 [inline]
#0: ffff888140ad4420 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x1ec8/0x2cb0 fs/namei.c:4131
#1: ffff88805f431060 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:995 [inline]
#1: ffff88805f431060 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3894 [inline]
#1: ffff88805f431060 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 fs/namei.c:4131
4 locks held by syz-executor/9019:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888078055888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9030:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805ae7cc88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9032:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805bf09888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9054:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888029dd4488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9066:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888032766888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9078:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805a2c0888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9079:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88807422d488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9103:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805acbb888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9115:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805e048088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9127:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff8880574fac88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9129:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888012e2ec88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:332 [inline]
watchdog+0xf3f/0x1170 kernel/hung_task.c:495
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:82
Code: 77 6f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 94 2c 00 fb f4 3c 0a 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6
RAX: 000000000012500d RBX: 0000000000000001 RCX: ffffffff8b5d92a9
RDX: 0000000000000000 RSI: ffffffff8da28d25 RDI: ffffffff8bf075c0
RBP: ffffed1003a5bb58 R08: 0000000000000001 R09: ffffed10170a6655
R10: ffff8880b85332ab R11: 0000000000000001 R12: 0000000000000001
R13: ffff88801d2ddac0 R14: ffffffff908248d0 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff888124b0d000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055848cdfeba8 CR3: 000000007170e000 CR4: 00000000003526f0
Call Trace:
arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:190 [inline]
do_idle+0x38d/0x500 kernel/sched/idle.c:330
cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:428
start_secondary+0x21d/0x2b0 arch/x86/kernel/smpboot.c:315
common_startup_64+0x13e/0x148
final repro crashed as (corrupted=false):
INFO: task kworker/u8:2:36 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:2 state:D stack:23624 pid:36 tgid:36 ppid:2 task_flags:0x4208160 flags:0x00080000
Workqueue: netns cleanup_net
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_timeout+0x257/0x290 kernel/time/sleep_timeout.c:75
do_wait_for_common kernel/sched/completion.c:100 [inline]
__wait_for_common+0x2fc/0x4e0 kernel/sched/completion.c:121
__debugfs_file_removed fs/debugfs/inode.c:770 [inline]
remove_one+0x312/0x420 fs/debugfs/inode.c:777
__simple_recursive_removal+0x15b/0x610 fs/libfs.c:631
debugfs_remove+0x5d/0x80 fs/debugfs/inode.c:800
nsim_dev_health_exit+0x3b/0xe0 drivers/net/netdevsim/health.c:227
nsim_dev_reload_destroy+0x144/0x4d0 drivers/net/netdevsim/dev.c:1710
nsim_dev_reload_down+0x6e/0xd0 drivers/net/netdevsim/dev.c:983
devlink_reload+0x1a1/0x7c0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1a0/0x2b0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0xab0 net/core/net_namespace.c:234
cleanup_net+0x41b/0x8b0 net/core/net_namespace.c:695
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task syz-executor:8963 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:24136 pid:8963 tgid:8963 ppid:1 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x818/0x1060 kernel/locking/mutex.c:760
device_lock include/linux/device.h:914 [inline]
device_del+0xa0/0x9f0 drivers/base/core.c:3840
device_unregister+0x1d/0xc0 drivers/base/core.c:3919
nsim_bus_dev_del drivers/net/netdevsim/bus.c:483 [inline]
del_device_store+0x355/0x4a0 drivers/net/netdevsim/bus.c:244
bus_attr_store+0x74/0xb0 drivers/base/bus.c:172
sysfs_kf_write+0xf2/0x150 fs/sysfs/file.c:142
kernfs_fop_write_iter+0x3af/0x570 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x7d3/0x11d0 fs/read_write.c:686
ksys_write+0x12a/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff89a38e17f
RSP: 002b:00007ffe8bdbcf50 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007ff89a38e17f
RDX: 0000000000000001 RSI: 00007ffe8bdbcfa0 RDI: 0000000000000005
RBP: 00007ff89a4132cb R08: 0000000000000000 R09: 00007ffe8bdbcda7
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 00007ffe8bdbcfa0 R14: 00007ff89b114620 R15: 0000000000000003
INFO: task syz.0.2878:8970 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.2878 state:D stack:27320 pid:8970 tgid:8970 ppid:8403 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x818/0x1060 kernel/locking/mutex.c:760
devlink_health_report+0x6b4/0xb00 net/devlink/health.c:680
nsim_dev_health_break_write+0x166/0x210 drivers/net/netdevsim/health.c:162
full_proxy_write+0x131/0x1a0 fs/debugfs/file.c:388
vfs_write+0x2a0/0x11d0 fs/read_write.c:684
ksys_write+0x12a/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f700058f6c9
RSP: 002b:00007ffd27718d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f70007e5fa0 RCX: 00007f700058f6c9
RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f7000611f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f70007e5fa0 R14: 00007f70007e5fa0 R15: 0000000000000003
INFO: task syz.1.2912:9008 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.2912 state:D stack:28680 pid:9008 tgid:9008 ppid:5949 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
rwsem_down_read_slowpath+0x64b/0xbf0 kernel/locking/rwsem.c:1086
__down_read_common kernel/locking/rwsem.c:1261 [inline]
__down_read kernel/locking/rwsem.c:1274 [inline]
down_read+0xef/0x480 kernel/locking/rwsem.c:1539
inode_lock_shared include/linux/fs.h:995 [inline]
open_last_lookups fs/namei.c:3894 [inline]
path_openat+0x818/0x2cb0 fs/namei.c:4131
do_filp_open+0x20b/0x470 fs/namei.c:4161
do_sys_openat2+0x11b/0x1d0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_openat fs/open.c:1468 [inline]
__se_sys_openat fs/open.c:1463 [inline]
__x64_sys_openat+0x174/0x210 fs/open.c:1463
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7faca258f6c9
RSP: 002b:00007ffc6d5f4d28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007faca27e5fa0 RCX: 00007faca258f6c9
RDX: 0000000000048081 RSI: 0000200000000000 RDI: ffffffffffffff9c
RBP: 00007faca2611f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007faca27e5fa0 R14: 00007faca27e5fa0 R15: 0000000000000004
INFO: task syz.3.2913:9009 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.2913 state:D stack:28424 pid:9009 tgid:9009 ppid:5948 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
rwsem_down_read_slowpath+0x64b/0xbf0 kernel/locking/rwsem.c:1086
__down_read_common kernel/locking/rwsem.c:1261 [inline]
__down_read kernel/locking/rwsem.c:1274 [inline]
down_read+0xef/0x480 kernel/locking/rwsem.c:1539
inode_lock_shared include/linux/fs.h:995 [inline]
open_last_lookups fs/namei.c:3894 [inline]
path_openat+0x818/0x2cb0 fs/namei.c:4131
do_filp_open+0x20b/0x470 fs/namei.c:4161
do_sys_openat2+0x11b/0x1d0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_openat fs/open.c:1468 [inline]
__se_sys_openat fs/open.c:1463 [inline]
__x64_sys_openat+0x174/0x210 fs/open.c:1463
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc78818f6c9
RSP: 002b:00007fff791e4798 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fc7883e5fa0 RCX: 00007fc78818f6c9
RDX: 0000000000048081 RSI: 0000200000000000 RDI: ffffffffffffff9c
RBP: 00007fc788211f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc7883e5fa0 R14: 00007fc7883e5fa0 R15: 0000000000000004
Showing all locks held in the system:
3 locks held by kworker/u8:0/12:
#0: ffff8880b853a4d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:638
#1: ffff8880b8524088 (psi_seq){-.-.}-{0:0}, at: psi_sched_switch kernel/sched/stats.h:220 [inline]
#1: ffff8880b8524088 (psi_seq){-.-.}-{0:0}, at: __schedule+0x1861/0x5de0 kernel/sched/core.c:6923
#2: ffff8880b8525b18 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x127/0x1d0 kernel/time/timer.c:1004
1 lock held by khungtaskd/31:
#0: ffffffff8e3c45e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8e3c45e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#0: ffffffff8e3c45e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775
6 locks held by kworker/u8:2/36:
#0: ffff88801ba9f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3238
#1: ffffc90000ac7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3239
#2: ffffffff900d49d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x8b0 net/core/net_namespace.c:669
#3: ffff8880769470e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:914 [inline]
#3: ffff8880769470e8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
#3: ffff8880769470e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x12c/0x2b0 net/devlink/core.c:506
#4: ffff888033560250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
#4: ffff888033560250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
#4: ffff888033560250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x136/0x2b0 net/devlink/core.c:506
#5: ffff88805f431060 (&sb->s_type->i_mutex_key#3/2){+.+.}-{4:4}, at: inode_lock_nested include/linux/fs.h:1025 [inline]
#5: ffff88805f431060 (&sb->s_type->i_mutex_key#3/2){+.+.}-{4:4}, at: __simple_recursive_removal+0x354/0x610 fs/libfs.c:627
2 locks held by getty/5591:
#0: ffff8880345450a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222
5 locks held by syz-executor/8963:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888028dfa888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
#4: ffff8880769470e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:914 [inline]
#4: ffff8880769470e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa0/0x9f0 drivers/base/core.c:3840
2 locks held by syz.0.2878/8970:
#0: ffff888140ad4420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888033560250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_health_report+0x6b4/0xb00 net/devlink/health.c:680
2 locks held by syz.1.2912/9008:
#0: ffff888140ad4420 (sb_writers#8){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3884 [inline]
#0: ffff888140ad4420 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x1ec8/0x2cb0 fs/namei.c:4131
#1: ffff88805f431060 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:995 [inline]
#1: ffff88805f431060 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3894 [inline]
#1: ffff88805f431060 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 fs/namei.c:4131
2 locks held by syz.3.2913/9009:
#0: ffff888140ad4420 (sb_writers#8){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3884 [inline]
#0: ffff888140ad4420 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x1ec8/0x2cb0 fs/namei.c:4131
#1: ffff88805f431060 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:995 [inline]
#1: ffff88805f431060 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3894 [inline]
#1: ffff88805f431060 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 fs/namei.c:4131
4 locks held by syz-executor/9019:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888078055888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9030:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805ae7cc88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9032:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805bf09888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9054:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888029dd4488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9066:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888032766888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9078:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805a2c0888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9079:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88807422d488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9103:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805acbb888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9115:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805e048088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9127:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff8880574fac88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9129:
#0: ffff8880246c8420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888012e2ec88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff8881447a55a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66ce68 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:332 [inline]
watchdog+0xf3f/0x1170 kernel/hung_task.c:495
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:82
Code: 77 6f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 94 2c 00 fb f4 3c 0a 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6
RAX: 000000000012500d RBX: 0000000000000001 RCX: ffffffff8b5d92a9
RDX: 0000000000000000 RSI: ffffffff8da28d25 RDI: ffffffff8bf075c0
RBP: ffffed1003a5bb58 R08: 0000000000000001 R09: ffffed10170a6655
R10: ffff8880b85332ab R11: 0000000000000001 R12: 0000000000000001
R13: ffff88801d2ddac0 R14: ffffffff908248d0 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff888124b0d000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055848cdfeba8 CR3: 000000007170e000 CR4: 00000000003526f0
Call Trace:
arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:190 [inline]
do_idle+0x38d/0x500 kernel/sched/idle.c:330
cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:428
start_secondary+0x21d/0x2b0 arch/x86/kernel/smpboot.c:315
common_startup_64+0x13e/0x148