From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0AAF1CF11FD for ; Thu, 10 Oct 2024 15:19:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 82F396B0085; Thu, 10 Oct 2024 11:19:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7DEB36B0088; Thu, 10 Oct 2024 11:19:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6A6176B0089; Thu, 10 Oct 2024 11:19:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 474A66B0085 for ; Thu, 10 Oct 2024 11:19:31 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id A382D140714 for ; Thu, 10 Oct 2024 15:19:27 +0000 (UTC) X-FDA: 82658051700.11.3F4189B Received: from mail-il1-f199.google.com (mail-il1-f199.google.com [209.85.166.199]) by imf10.hostedemail.com (Postfix) with ESMTP id 77011C001A for ; Thu, 10 Oct 2024 15:19:28 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=none; spf=pass (imf10.hostedemail.com: domain of 3gPAHZwkbAL8x34pfqqjwfuuni.lttlqjzxjwhtsyjsy.htr@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.199 as permitted sender) smtp.mailfrom=3gPAHZwkbAL8x34pfqqjwfuuni.lttlqjzxjwhtsyjsy.htr@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728573431; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=1cjQiQK7nE78xUqILL1tAmI6YNCYGVzss9R+s3qwO2Y=; b=S9vdn9SCTmDSQozPrKsVyszt9xBWT6MM7r+D6xXzbqO4l3r4qwGECYYtrvLM85bM9ePc8U +mSlUFaEsjAewoWithYrC8doIkR4hOWZ5tyT18MnG5PBO5BAQEW69Bx5+4dvBSYH0OFaw3 jbxD5tc/5kGavV/JLhroPAQMmN2XkgM= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728573431; a=rsa-sha256; cv=none; b=z9My8UE5F7X1eDyqLB5KtRemY77ZOHLyAg60FwB+eLzUva/PXRjUFnCnoEWQ5Am53r1NRD faww5zJdYevMVKrJN2oTIhbaO6Aw4VQKeESdcMYaSbXdYb9xjPpBNQwjuCQ/dY3Zgc0IB3 T6I9+vLLxNybIZmZ9HD/8u6012vXvNE= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=none; spf=pass (imf10.hostedemail.com: domain of 3gPAHZwkbAL8x34pfqqjwfuuni.lttlqjzxjwhtsyjsy.htr@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.199 as permitted sender) smtp.mailfrom=3gPAHZwkbAL8x34pfqqjwfuuni.lttlqjzxjwhtsyjsy.htr@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none) Received: by mail-il1-f199.google.com with SMTP id e9e14a558f8ab-3a3b457f6aeso1908105ab.0 for ; Thu, 10 Oct 2024 08:19:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728573568; x=1729178368; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=1cjQiQK7nE78xUqILL1tAmI6YNCYGVzss9R+s3qwO2Y=; b=Od+BXq90PzOAQrCE0sOk4RLhCuC/AwbiLYzZ8h7OAvrGQ80lXze+wfRg4CQIL9pvle WJiPIIMXqcy62NUqlcr6uqhiSgAqdu5db1E9NBkue1V9cS/73emkPRQR4M8kMIZUWqQe egqON0xiXW7/J6sCA3/eLHtKv78yITM78bWSCM9OXBhaJQfZSbCVEOjLGVH7cmsCl0z/ g+2Wl41mTLreqWQqIQE2YCjlHRQdfsyPvcOO0ivHz/zZ03HK5Kh0CBF+uKqSL1eM+5LM oIsP3CtJNSMhbxYhQW7nChwbJ1u/6MreWQpx/ECWzANPOwBI2IJSE4jMC2hJwlgpreZX n6Cg== X-Forwarded-Encrypted: i=1; AJvYcCViwpJSKIhsXLNnpGO138z90HuYzASp9n1LjeXrhherxxm5OMAZZqe+mcqPcuXT5sxhg2p1urTfDg==@kvack.org X-Gm-Message-State: AOJu0YzLAh0nl8C7RCgCF/XLTWNWPXBr2vuEQKoGuh5IthsBIvcUnjGh PQ+8b5IJtDqaxZ0lFiWqWUdzLRq8lIcwryu8k3dLwTUdgjgulf1vLa4b/mr1IyuWZXOZuJOXKNw H80PnQs3KyJAXNCJpsBElZj1RXQ7ytRAjyPMio5fvMJLe9tSgM91/BsI= X-Google-Smtp-Source: AGHT+IHAa3H6wW63bp9W/bpmf25TE8UApuulSHN4TurJpSTXuQalXXBw5tzM00V8RupHzE4lrz86aFLblkhJ34gEratfdo6D6p1I MIME-Version: 1.0 X-Received: by 2002:a05:6e02:3b09:b0:3a0:8e7c:b4ae with SMTP id e9e14a558f8ab-3a3a70a3d43mr24647545ab.2.1728573568156; Thu, 10 Oct 2024 08:19:28 -0700 (PDT) Date: Thu, 10 Oct 2024 08:19:28 -0700 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <6707f080.050a0220.64b99.001c.GAE@google.com> Subject: [syzbot] [mm?] INFO: task hung in exit_mmap From: syzbot To: Liam.Howlett@oracle.com, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, syzkaller-bugs@googlegroups.com, vbabka@suse.cz Content-Type: text/plain; charset="UTF-8" X-Stat-Signature: giga999onh9jj9jk3thcxswhfrn9fyzr X-Rspamd-Queue-Id: 77011C001A X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1728573568-312566 X-HE-Meta: U2FsdGVkX196oMYk36ixhWnfbFLx3EviGvdeN0OXJaJguqmhZeJesLwRKNolJhywWeRLvfAzTunC6DQmHnvyx6MFbQSxfdivj7xCpPXIPGkP0znqoIcJCWrDsdmCpr6BZ4C1i29UszW1JmwqHMCtM+rWuQaoulZ/IKvEOSlJql394YoFH6jE1OYEm6K75Pw5TXPa7fd/v3i9bhr4E3UyD+9LM4EbtqUOjTPfJg4oInaHQAD6u7dYyudozMM71ITpm8p8U08Ntlsmbx9zjP/w2DOfJ7Kimi5kLyzXwqG33Gd2r6BtV3AgTuE5Ppusc/AIkRiD5lG1NZOh1S3mCd5LQUAM0eB7F962CgdG/N+tfj0aM69+e5WK/3wGx+RO4WuJiNsJFOz1iXGXFBwIzVu3irfXcbZSXhy2Uo8cnn6u9OnZg6La6KIaL9h16Zo2S9ySuFEZtx7F4BOSS6ov2K3Etd2hYZz/bsInLFdMPsYT7vEtHyTGBvPO7QLX/dtg9l4CQddSSLlDWP2JqPXpJAgHBXHwAgUCzyYrn8Xn3iyOkyeUYrvePj2uwU/6suTjb8TgeemmhfwvbxahrqPnj9SOK9iTUgvWQYAMqLSME6i/jRYEdYWCqytny5AbodIgivzNKQKICEjVeaSClt98auBAar20+KY5W4NnKK7hravSDC5Grs1SNtkp2txlrmWbUYPDWZxoqX2e85u1286Ga5pjLvCTu2ZmQv9eT1ZDsatFMN4gRn/X9D2SMnU2A4QDUIhxI+y0HagsU5yN0R6BGQbyWRjFX13hNGbdy39wGTFxQIorsswnxY856tHVYEocxJQeRQFmJA6kMVrY1R14Ta28ZLBbnQi4VBoYuMg0g/vq9uKvFLL3nLMRLhbVgIVXXW59cpY4S4IVarfshzeEozthK8PjU69aFr3r+tNRbTIXuoTbiaPmQRN37zX+efxfpdDiW5dJCXSejt+AzsZvQ4m sl069itS n5gauJ2Sol/dTrkH9deJ5RPUiO4WFO598UtwxL/m8sDNVFSXoG6fySD6gz6ykzBDVrXVyJ3SL9ZTgJ1MccGjn1d7dP8yjScmnRTOlMD9CtNSwLacGraVUt0ra92mC8fyIAtphRyqTtanV+7WmZYGkwxw3PsdZsECfUU9Yt5GCZst5GP4cjpjFJcZ55gazijZBysWnXZn/rSWvshOUYTb/LmxpUIfxwwYri+WFa5UmqQUmwo1qo5pexxYjb3jmGKD2ZEL6UptmrN47rxggrjJWEe2NsfoPB/13ikt7Df9V/+Jpnw/0Miyvp/ybQ5+ikHaXaWRhv7PcSJexs/X+SQeHonZq/Fl0FRJvPJTs1c/U+lumAZFjEKfYe5MqPoZlziSZm6zvBY6nXyPhr0FbaCpSqbSld8h8FAwKnS+SuVQP9wULMgFwKRlQQvxx8oQHPxm4MddIdhWv/UKmGqc0T1q5GcdLSMS95ACQia5L5ksaZOMNyypG9IwEfscFfdumtiEIbEcJIzq9q3VzsPqpq3+IbogYnlZJozi9YRj3J8u5PMZzbvkFR5nY6/17S2EPqmFlAAnEsYkFXby5XX+mG2XbXfkVMrFd21rh+GEmSvtiRhSoB0/q2/qJyB1thEm82fay6K25GEaT/VDLPyOJ448aa05sXw0MlKJ0TSRk4qIog5Pb5fo3A0Wh7RdBPG4KcLIZIbL2Uobk/v6syBzYapVv8hHrS81TrDLRAMyqEl8FR6HxcPzHlvWw+tVCXIw90qWTyGlGTmS2lNbVcP1rb22qSsQxA+VEB51GRV0vzsXwrbho8iyZv8sIMKCYspxrzszRXao5lhyYZW1Aa8JneP5NmDV1bCg24F21o5hAfMUbuOjR/RzzA7VpJUXskzHgzYBd1lKaRyu1jNl37jrc1Zez9FgkLBo3CJbBEVxg3JxsaUXsFG6gGtydBZKPSLNy+i/Kpxs+Fqa0HXfKIvmwzcnQrqlR4+jv JMwpEc+T 2e4etsq30zZkKP/Updkwsxilk2n4195/qlll1JfD/WSOiRNkQeQSn9ITWDabxMXVac+r6TL5rbhpdduBAaLUorAGVs1S3OU/89WBQQ2jufO/K+lAWKBKZVtCn4MbsiB55JyplSTrkzGs2urmPlHMQa42xnf+6tfv56X7Oby6ciEX80jpHcAY4uGyUfBL6+0niP63Jb7FxCWdv1893uAxy5uD271ATVAK0hm1AuDDxXaraHO5ejFEXeYOD1QVs4Kih6dDAT4U0jRSnHnnFN/A8j5N/ssGKERNyManu00yjLEekR0Gk8wZzqpNwC8uim30Cv9cbmKv5UEdEAD73GOljDDJ/pORyz2yMwxYMuGwexyhGcDkU/PZRgUiN56h0v6H9XDA8bd3UBugXLoPFMRMDet7TZBAGY3s X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hello, syzbot found the following issue on: HEAD commit: d3d1556696c1 Merge tag 'mm-hotfixes-stable-2024-10-09-15-4.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=10416fd0580000 kernel config: https://syzkaller.appspot.com/x/.config?x=7a3fccdd0bb995 dashboard link: https://syzkaller.appspot.com/bug?extid=39bc767144c55c8db0ea compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/0600b551e610/disk-d3d15566.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/d59d43ed3976/vmlinux-d3d15566.xz kernel image: https://storage.googleapis.com/syzbot-assets/e686a3e7e0d6/bzImage-d3d15566.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+39bc767144c55c8db0ea@syzkaller.appspotmail.com INFO: task syz.3.917:7739 blocked for more than 146 seconds. Not tainted 6.12.0-rc2-syzkaller-00074-gd3d1556696c1 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.3.917 state:D stack:23808 pid:7739 tgid:7739 ppid:5232 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5322 [inline] __schedule+0x1843/0x4ae0 kernel/sched/core.c:6682 __schedule_loop kernel/sched/core.c:6759 [inline] schedule+0x14b/0x320 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6831 rwsem_down_write_slowpath+0xeee/0x13b0 kernel/locking/rwsem.c:1176 __down_write_common kernel/locking/rwsem.c:1304 [inline] __down_write kernel/locking/rwsem.c:1313 [inline] down_write+0x1d7/0x220 kernel/locking/rwsem.c:1578 mmap_write_lock include/linux/mmap_lock.h:106 [inline] exit_mmap+0x2bd/0xc40 mm/mmap.c:1872 __mmput+0x115/0x380 kernel/fork.c:1347 exit_mm+0x220/0x310 kernel/exit.c:571 do_exit+0x9b2/0x28e0 kernel/exit.c:926 do_group_exit+0x207/0x2c0 kernel/exit.c:1088 __do_sys_exit_group kernel/exit.c:1099 [inline] __se_sys_exit_group kernel/exit.c:1097 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097 x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f4688f7dff9 RSP: 002b:00007ffea64ebf18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4688f7dff9 RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007ffea64ebf6c R08: 00007ffea64ebfff R09: 0000000000028eb6 R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000032 R13: 0000000000028eb6 R14: 0000000000028d0c R15: 00007ffea64ebfc0 INFO: task syz.0.828:7756 blocked for more than 152 seconds. Not tainted 6.12.0-rc2-syzkaller-00074-gd3d1556696c1 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.828 state:D stack:22384 pid:7756 tgid:7755 ppid:7346 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5322 [inline] __schedule+0x1843/0x4ae0 kernel/sched/core.c:6682 __schedule_loop kernel/sched/core.c:6759 [inline] schedule+0x14b/0x320 kernel/sched/core.c:6774 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6831 rwsem_down_write_slowpath+0xeee/0x13b0 kernel/locking/rwsem.c:1176 __down_write_common kernel/locking/rwsem.c:1304 [inline] __down_write kernel/locking/rwsem.c:1313 [inline] down_write+0x1d7/0x220 kernel/locking/rwsem.c:1578 mmap_write_lock include/linux/mmap_lock.h:106 [inline] exit_mmap+0x2bd/0xc40 mm/mmap.c:1872 __mmput+0x115/0x380 kernel/fork.c:1347 exit_mm+0x220/0x310 kernel/exit.c:571 do_exit+0x9b2/0x28e0 kernel/exit.c:926 do_group_exit+0x207/0x2c0 kernel/exit.c:1088 get_signal+0x16a3/0x1740 kernel/signal.c:2917 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff5c377dff9 RSP: 002b:00007ff5c45800e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007ff5c3935f88 RCX: 00007ff5c377dff9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff5c3935f88 RBP: 00007ff5c3935f80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff5c3935f8c R13: 0000000000000000 R14: 00007ffe0400b7d0 R15: 00007ffe0400b8b8 Showing all locks held in the system: 1 lock held by pool_workqueue_/3: #0: ffffffff8e93d378 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline] #0: ffffffff8e93d378 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 kernel/rcu/tree_exp.h:976 1 lock held by khungtaskd/30: #0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6720 1 lock held by klogd/4662: #0: ffff888072fda798 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:106 [inline] #0: ffff888072fda798 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x2bd/0xc40 mm/mmap.c:1872 1 lock held by dhcpcd/4887: #0: ffff888032585718 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:122 [inline] #0: ffff888032585718 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x17c/0x3d0 mm/util.c:586 2 locks held by getty/4982: #0: ffff88814b9860a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243 #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 drivers/tty/n_tty.c:2211 3 locks held by kworker/1:5/5270: 3 locks held by kworker/0:5/5300: #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310 #1: ffffc90004037d00 (xfrm_state_gc_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline] #1: ffffc90004037d00 (xfrm_state_gc_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310 #2: ffffffff8e93d378 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline] #2: ffffffff8e93d378 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 kernel/rcu/tree_exp.h:976 1 lock held by syz.3.917/7739: #0: ffff888020fc5718 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:106 [inline] #0: ffff888020fc5718 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x2bd/0xc40 mm/mmap.c:1872 1 lock held by syz.0.828/7756: #0: ffff888062c33a98 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock include/linux/mmap_lock.h:106 [inline] #0: ffff888062c33a98 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x2bd/0xc40 mm/mmap.c:1872 3 locks held by kworker/u8:21/7787: #0: ffff88801b367148 ((wq_completion)cfg80211){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline] #0: ffff88801b367148 ((wq_completion)cfg80211){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310 #1: ffffc900015b7d00 ((work_completion)(&(&rdev->dfs_update_channels_wk)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline] #1: ffffc900015b7d00 ((work_completion)(&(&rdev->dfs_update_channels_wk)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310 #2: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: cfg80211_dfs_channels_update_work+0xbf/0x610 net/wireless/mlme.c:1021 3 locks held by kworker/u8:30/7796: #0: ffff88814b6a6948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline] #0: ffff88814b6a6948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310 #1: ffffc90002e9fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline] #1: ffffc90002e9fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310 #2: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 net/ipv6/addrconf.c:4196 3 locks held by kworker/u8:32/7798: #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310 #1: ffffc90003ad7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline] #1: ffffc90003ad7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310 #2: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:276 5 locks held by kworker/u8:50/9743: #0: ffff88801baeb148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline] #0: ffff88801baeb148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310 #1: ffffc90003f57d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline] #1: ffffc90003f57d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310 #2: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 net/core/net_namespace.c:580 #3: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2c0 net/mac80211/main.c:1662 #4: ffff888059fc8768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:6014 [inline] #4: ffff888059fc8768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_stop+0x3e9/0x4a0 net/mac80211/iface.c:777 1 lock held by syz.1.2163/11123: ============================================= NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-syzkaller-00074-gd3d1556696c1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline] watchdog+0xff4/0x1040 kernel/hung_task.c:379 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 11132 Comm: syz-executor Not tainted 6.12.0-rc2-syzkaller-00074-gd3d1556696c1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:preempt_count_sub+0x66/0x170 kernel/sched/core.c:5829 Code: c1 81 e1 ff ff ff 7f 39 d9 7c 27 81 fb fe 00 00 00 77 07 0f b6 c0 85 c0 74 5f 65 8b 05 cb 99 a0 7e f7 db 65 01 1d c2 99 a0 7e <5b> 41 5e c3 cc cc cc cc 90 e8 ec af 4c 03 85 c0 74 3a 48 c7 c0 30 RSP: 0018:ffffc9000335f8c8 EFLAGS: 00000093 RAX: 0000000080000002 RBX: 00000000ffffffff RCX: 0000000000000002 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 RBP: ffffc9000335f970 R08: ffffffff9a5fe1f3 R09: 1ffffffff34bfc3e R10: dffffc0000000000 R11: fffffbfff34bfc3f R12: dffffc0000000000 R13: 1ffff9200066bf1c R14: dffffc0000000000 R15: 0000000000000046 FS: 0000555588e89500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000110c310254 CR3: 00000000581ae000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0xdd/0x140 kernel/locking/spinlock.c:194 __debug_check_no_obj_freed lib/debugobjects.c:998 [inline] debug_check_no_obj_freed+0x561/0x580 lib/debugobjects.c:1019 slab_free_hook mm/slub.c:2273 [inline] slab_free mm/slub.c:4579 [inline] kmem_cache_free+0x11f/0x420 mm/slub.c:4681 __sigqueue_free kernel/signal.c:451 [inline] collect_signal kernel/signal.c:594 [inline] __dequeue_signal+0x4ac/0x5c0 kernel/signal.c:616 dequeue_signal+0x1e0/0x680 kernel/signal.c:637 get_signal+0x604/0x1740 kernel/signal.c:2797 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fae9a37c911 Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d 3a fc 18 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25 RSP: 002b:00007ffcb450afb0 EFLAGS: 00000202 RAX: 0000000000000003 RBX: 0000000000000002 RCX: 00007fae9a37c911 RDX: 0000000000000002 RSI: 00007fae9a3f033b RDI: 00000000ffffff9c RBP: 00007fae9a3f033b R08: 00000000000000da R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 IPVS: wlc: UDP 224.0.0.2:0 - no destination available --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup