INFO: task kworker/u8:1:13 blocked for more than 146 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:1 state:D stack:25784 pid:13 tgid:13 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0xfee/0x6120 kernel/sched/core.c:6908
__schedule_loop kernel/sched/core.c:6990 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7005
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7062
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
addrconf_dad_work+0x11f/0x1360 net/ipv6/addrconf.c:4198
process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275
process_scheduled_works kernel/workqueue.c:3358 [inline]
worker_thread+0x5da/0xe40 kernel/workqueue.c:3439
kthread+0x370/0x450 kernel/kthread.c:467
ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task syz-executor:5825 blocked for more than 146 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:22768 pid:5825 tgid:5825 ppid:5820 task_flags:0x400140 flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0xfee/0x6120 kernel/sched/core.c:6908
__schedule_loop kernel/sched/core.c:6990 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7005
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7062
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
genl_lock net/netlink/genetlink.c:35 [inline]
genl_op_lock net/netlink/genetlink.c:60 [inline]
genl_op_lock net/netlink/genetlink.c:57 [inline]
genl_rcv_msg+0x57b/0x800 net/netlink/genetlink.c:1208
netlink_rcv_skb+0x159/0x420 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1218
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x5aa/0x870 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x8b0/0xda0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
__sys_sendto+0x4aa/0x520 net/socket.c:2206
__do_sys_sendto net/socket.c:2213 [inline]
__se_sys_sendto net/socket.c:2209 [inline]
__x64_sys_sendto+0xe0/0x1c0 net/socket.c:2209
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f50af95cfce
RSP: 002b:00007ffecd79d5a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 000055558150d500 RCX: 00007f50af95cfce
RDX: 0000000000000028 RSI: 00007f50b0744670 RDI: 0000000000000003
RBP: 0000000000000001 R08: 00007ffecd79d624 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 00007ffecd79d678 R14: 00007f50b0744670 R15: 0000000000000000
INFO: task syz.3.6:5931 blocked for more than 146 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.6 state:D stack:23832 pid:5931 tgid:5930 ppid:5824 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0xfee/0x6120 kernel/sched/core.c:6908
__schedule_loop kernel/sched/core.c:6990 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7005
__lock_sock+0x147/0x270 net/core/sock.c:3188
lock_sock_nested+0xda/0xf0 net/core/sock.c:3785
lock_sock include/net/sock.h:1709 [inline]
sk_wait_data+0x253/0x510 net/core/sock.c:3264
tcp_recvmsg_locked+0x7af/0x28e0 net/ipv4/tcp.c:2828
tcp_recvmsg+0x138/0x630 net/ipv4/tcp.c:2979
inet_recvmsg+0x129/0x6a0 net/ipv4/af_inet.c:891
sock_recvmsg_nosec net/socket.c:1078 [inline]
sock_recvmsg+0x1b2/0x250 net/socket.c:1100
__sys_recvfrom+0x200/0x300 net/socket.c:2256
__do_sys_recvfrom net/socket.c:2271 [inline]
__se_sys_recvfrom net/socket.c:2267 [inline]
__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2267
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5714f9c799
RSP: 002b:00007f5715d8b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
RAX: ffffffffffffffda RBX: 00007f5715215fa0 RCX: 00007f5714f9c799
RDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f5715032bd9 R08: 0000000000000000 R09: ffffffff81000000
R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5715216038 R14: 00007f5715215fa0 R15: 00007fff4207c808
INFO: task kworker/1:6:5934 blocked for more than 146 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:6 state:D stack:30152 pid:5934 tgid:5934 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: events switchdev_deferred_process_work
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0xfee/0x6120 kernel/sched/core.c:6908
__schedule_loop kernel/sched/core.c:6990 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7005
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7062
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275
process_scheduled_works kernel/workqueue.c:3358 [inline]
worker_thread+0x5da/0xe40 kernel/workqueue.c:3439
kthread+0x370/0x450 kernel/kthread.c:467
ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Showing all locks held in the system:
2 locks held by kthreadd/2:
3 locks held by kworker/0:0/9:
3 locks held by kworker/u8:0/12:
3 locks held by kworker/u8:1/13:
#0: ffff8880327e6148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90000127d08 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffffffff90613928 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#2: ffffffff90613928 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x11f/0x1360 net/ipv6/addrconf.c:4198
1 lock held by kworker/R-mm_pe/14:
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2749 [inline]
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xb78/0x1490 kernel/workqueue.c:3610
3 locks held by kworker/1:0/24:
1 lock held by khungtaskd/31:
#0: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
#0: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
#0: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 kernel/locking/lockdep.c:6775
3 locks held by kworker/u8:2/36:
4 locks held by kworker/u8:3/49:
#0: ffff88807f3ec148 ((wq_completion)wg-kex-wg2#3){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90000b97d08 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff88807e83d348 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0xec/0x610 drivers/net/wireguard/noise.c:529
#3: ffff88805bbcd278 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x100/0x610 drivers/net/wireguard/noise.c:530
7 locks held by kworker/u9:0/51:
#0: ffff888023ad5948 ((wq_completion)hci3){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90000bb7d08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff88807f1d0ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470 net/bluetooth/hci_sync.c:331
#3: ffff88807f1d00c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x141/0xb20 net/bluetooth/hci_sync.c:5734
#4: ffffffff908ab928 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
#4: ffffffff908ab928 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x119/0x360 net/bluetooth/hci_conn.c:1342
#5: ffff888023ad2af8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x770 net/bluetooth/l2cap_core.c:1755
#6: ffffffff8e7f4e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 kernel/rcu/tree_exp.h:311
3 locks held by kworker/u8:4/58:
3 locks held by kworker/u8:5/80:
6 locks held by kworker/u8:6/666:
3 locks held by kworker/u8:7/669:
2 locks held by kworker/1:2/797:
3 locks held by kworker/u8:8/1313:
2 locks held by kworker/0:2/1548:
4 locks held by kworker/R-mld/3181:
6 locks held by kworker/R-bat_e/3407:
5 locks held by kworker/u9:1/5141:
#0: ffff88807f30f948 ((wq_completion)hci1){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90006457d08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff88807f684ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470 net/bluetooth/hci_sync.c:331
#3: ffff88807f6840c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x141/0xb20 net/bluetooth/hci_sync.c:5734
#4: ffffffff908ab928 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
#4: ffffffff908ab928 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x119/0x360 net/bluetooth/hci_conn.c:1342
1 lock held by udevd/5191:
3 locks held by dhcpcd/5485:
2 locks held by dhcpcd/5486:
2 locks held by crond/5567:
2 locks held by getty/5583:
#0: ffff88803240b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 drivers/tty/n_tty.c:2211
2 locks held by syz-executor/5811:
3 locks held by kworker/0:3/5818:
#0: ffff88813fe63548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90003b37d08 (reg_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffffffff90613928 (rtnl_mutex){+.+.}-{4:4}, at: reg_todo+0x1c/0x800 net/wireless/reg.c:3198
6 locks held by syz-executor/5823:
2 locks held by syz-executor/5825:
#0: ffffffff906bfab0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1217
#1: ffffffff906bfb68 (genl_mutex){+.+.}-{4:4}, at: genl_lock net/netlink/genetlink.c:35 [inline]
#1: ffffffff906bfb68 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:60 [inline]
#1: ffffffff906bfb68 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:57 [inline]
#1: ffffffff906bfb68 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x57b/0x800 net/netlink/genetlink.c:1208
1 lock held by syz-executor/5826:
3 locks held by kworker/1:3/5828:
5 locks held by kworker/u9:3/5835:
#0: ffff88807abcd148 ((wq_completion)hci2){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc900044e7d08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff88807f2acec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470 net/bluetooth/hci_sync.c:331
#3: ffff88807f2ac0c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x141/0xb20 net/bluetooth/hci_sync.c:5734
#4: ffffffff908ab928 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
#4: ffffffff908ab928 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x119/0x360 net/bluetooth/hci_conn.c:1342
5 locks held by kworker/u9:6/5838:
#0: ffff88807abcf948 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90004517d08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff888035604ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470 net/bluetooth/hci_sync.c:331
#3: ffff8880356040c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x141/0xb20 net/bluetooth/hci_sync.c:5734
#4: ffffffff908ab928 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
#4: ffffffff908ab928 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x119/0x360 net/bluetooth/hci_conn.c:1342
1 lock held by kworker/R-wg-cr/5852:
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2691
1 lock held by kworker/R-wg-cr/5853:
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2749 [inline]
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xb78/0x1490 kernel/workqueue.c:3610
1 lock held by kworker/R-wg-cr/5854:
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2691
1 lock held by kworker/R-wg-cr/5857:
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2749 [inline]
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xb78/0x1490 kernel/workqueue.c:3610
1 lock held by kworker/R-wg-cr/5858:
1 lock held by kworker/R-wg-cr/5859:
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2691
1 lock held by kworker/R-wg-cr/5860:
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2691
1 lock held by kworker/R-wg-cr/5862:
1 lock held by kworker/R-wg-cr/5863:
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2749 [inline]
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xb78/0x1490 kernel/workqueue.c:3610
1 lock held by kworker/R-wg-cr/5864:
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2749 [inline]
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xb78/0x1490 kernel/workqueue.c:3610
1 lock held by kworker/R-wg-cr/5865:
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2749 [inline]
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xb78/0x1490 kernel/workqueue.c:3610
3 locks held by kworker/0:4/5866:
#0: ffff8880329d7d48 ((wq_completion)wg-kex-wg1#2){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc900046afd08 ((work_completion)(&({ do { const void __seg_gs *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff88805bbcacc0 (&cookie->lock){++++}-{4:4}, at: wg_cookie_add_mac_to_packet+0x37/0x1c0 drivers/net/wireguard/cookie.c:162
1 lock held by kworker/R-wg-cr/5867:
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2749 [inline]
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xb78/0x1490 kernel/workqueue.c:3610
3 locks held by kworker/1:4/5883:
3 locks held by kworker/1:5/5897:
#0: ffff88813fe62148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90004d3fd08 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffffffff90613928 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x91/0x11d0 net/wireless/reg.c:2462
3 locks held by kworker/0:5/5915:
6 locks held by syz.0.5/5929:
1 lock held by syz.3.6/5931:
#0: ffff88802e4d3560 (sk_lock-AF_INET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
#0: ffff88802e4d3560 (sk_lock-AF_INET){+.+.}-{0:0}, at: sk_wait_data+0x253/0x510 net/core/sock.c:3264
2 locks held by syz.3.6/5932:
3 locks held by kworker/1:6/5934:
#0: ffff88813fe63548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90004ecfd08 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffffffff90613928 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
3 locks held by kworker/u8:9/5935:
1 lock held by kworker/u8:10/5936:
#0: ffffffff8e696b88 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2691
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
nmi_cpu_backtrace.cold+0x12d/0x151 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x1d7/0x230 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x141/0x190 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
watchdog+0xd25/0x1050 kernel/hung_task.c:515
kthread+0x370/0x450 kernel/kthread.c:467
ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 3407 Comm: kworker/R-bat_e Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: bat_events batadv_tt_purge
RIP: 0010:check_kcov_mode kernel/kcov.c:183 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x17/0x70 kernel/kcov.c:217
Code: 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 8b 05 45 31 05 12 48 8b 34 24 65 48 8b 15 21 31 05 12 00 01 ff 00 74 1b f6 c4 01 74 07 a9 00 00 ff 00 74 05 e9 d1 5c
RSP: 0018:ffffc90000a07968 EFLAGS: 00000212
RAX: 0000000080000101 RBX: 0000000000000001 RCX: ffffffff8a36d62f
RDX: ffff888033b81e80 RSI: ffffffff8a36d639 RDI: ffff888033b81e80
RBP: ffff888034af80c8 R08: 0000000000000004 R09: 0000000000000039
R10: 000000000000000d R11: 0000000000000000 R12: 000000000000000d
R13: 0000000000000003 R14: 0000000000000039 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff88812444c000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000916000 CR3: 000000000e598000 CR4: 00000000003526f0
Call Trace:
rt6_score_route+0x99/0xa60 net/ipv6/route.c:756
find_match net/ipv6/route.c:785 [inline]
__find_rr_leaf+0x270/0x1070 net/ipv6/route.c:868
find_rr_leaf net/ipv6/route.c:889 [inline]
rt6_select net/ipv6/route.c:933 [inline]
fib6_table_lookup+0x50f/0xa10 net/ipv6/route.c:2246
ip6_pol_route+0x1cc/0x1230 net/ipv6/route.c:2282
pol_lookup_func include/net/ip6_fib.h:617 [inline]
fib6_rule_lookup+0x52f/0x720 net/ipv6/fib6_rules.c:120
ip6_route_input_lookup net/ipv6/route.c:2351 [inline]
ip6_route_input+0x662/0xc50 net/ipv6/route.c:2654
ip6_rcv_finish_core.isra.0+0x1a9/0x5a0 net/ipv6/ip6_input.c:66
ip6_rcv_finish+0x130/0x550 net/ipv6/ip6_input.c:77
ip_sabotage_in+0x21e/0x290 net/bridge/br_netfilter_hooks.c:990
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_slow+0xbf/0x220 net/netfilter/core.c:623
nf_hook.constprop.0+0x2a6/0x750 include/linux/netfilter.h:273
NF_HOOK include/linux/netfilter.h:316 [inline]
ipv6_rcv+0xa4/0x610 net/ipv6/ip6_input.c:311
__netif_receive_skb_one_core+0x12d/0x1e0 net/core/dev.c:6167
__netif_receive_skb+0x1f/0x120 net/core/dev.c:6280
netif_receive_skb_internal net/core/dev.c:6366 [inline]
netif_receive_skb+0x139/0x820 net/core/dev.c:6425
NF_HOOK include/linux/netfilter.h:318 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
br_pass_frame_up+0x346/0x490 net/bridge/br_input.c:70
br_handle_frame_finish+0x84f/0x1f00 net/bridge/br_input.c:235
br_nf_hook_thresh+0x30d/0x420 net/bridge/br_netfilter_hooks.c:1167
br_nf_pre_routing_finish_ipv6+0x769/0xfb0 net/bridge/br_netfilter_ipv6.c:154
NF_HOOK include/linux/netfilter.h:318 [inline]
br_nf_pre_routing_ipv6+0x39c/0x8b0 net/bridge/br_netfilter_ipv6.c:184
br_nf_pre_routing+0x93b/0x1510 net/bridge/br_netfilter_hooks.c:508
nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
br_handle_frame+0xcdd/0x1520 net/bridge/br_input.c:442
__netif_receive_skb_core.constprop.0+0x6c5/0x3550 net/core/dev.c:6054
__netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:6165
__netif_receive_skb+0x1f/0x120 net/core/dev.c:6280
process_backlog+0x37a/0x1580 net/core/dev.c:6631
__napi_poll.constprop.0+0xaf/0x450 net/core/dev.c:7695
napi_poll net/core/dev.c:7758 [inline]
net_rx_action+0xa40/0xf20 net/core/dev.c:7910
handle_softirqs+0x1eb/0x9e0 kernel/softirq.c:622
do_softirq kernel/softirq.c:523 [inline]
do_softirq+0xac/0xe0 kernel/softirq.c:510
__local_bh_enable_ip+0xf8/0x120 kernel/softirq.c:450
spin_unlock_bh include/linux/spinlock.h:395 [inline]
batadv_tt_local_purge+0x21c/0x3d0 net/batman-adv/translation-table.c:1315
batadv_tt_purge+0x8b/0xbd0 net/batman-adv/translation-table.c:3509
process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275
process_scheduled_works kernel/workqueue.c:3358 [inline]
rescuer_thread+0x902/0x1490 kernel/workqueue.c:3582
kthread+0x370/0x450 kernel/kthread.c:467
ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245