[syzbot] [net?] INFO: task hung in new_device_store (5)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit: 97d8894b6f4c Merge tag 'riscv-for-linus-6.12-mw1' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12416a27980000
kernel config: https://syzkaller.appspot.com/x/.config?x=bc30a30374b0753
dashboard link: https://syzkaller.appspot.com/bug?extid=05f9cecd28e356241aba
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/bd119f4fdc08/disk-97d8894b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/4d0bfed66f93/vmlinux-97d8894b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0f9223ac9bfb/bzImage-97d8894b.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+05f9ce...@syzkaller.appspotmail.com

INFO: task syz-executor:9916 blocked for more than 143 seconds.
Not tainted 6.11.0-syzkaller-10045-g97d8894b6f4c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:21104 pid:9916 tgid:9916 ppid:1 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]
__schedule+0x1895/0x4b30 kernel/sched/core.c:6674
__schedule_loop kernel/sched/core.c:6751 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6766
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6823
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752
new_device_store+0x1b4/0x890 drivers/net/netdevsim/bus.c:166
kernfs_fop_write_iter+0x3a2/0x500 fs/kernfs/file.c:334
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0xa6f/0xc90 fs/read_write.c:683
ksys_write+0x183/0x2b0 fs/read_write.c:736
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8310d7c9df
RSP: 002b:00007ffe830a52e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f8310d7c9df
RDX: 0000000000000003 RSI: 00007ffe830a5330 RDI: 0000000000000005
RBP: 00007f8310df1c39 R08: 0000000000000000 R09: 00007ffe830a5137
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 00007ffe830a5330 R14: 00007f8311a64620 R15: 0000000000000003
</TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/30:
#0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6701
2 locks held by dhcpcd/4889:
#0: ffffffff8fcb2768 (vlan_ioctl_mutex){+.+.}-{3:3}, at: sock_ioctl+0x661/0x8e0 net/socket.c:1309
#1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: vlan_ioctl_handler+0x112/0x9d0 net/8021q/vlan.c:553
2 locks held by getty/4987:
#0: ffff88802e9670a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 drivers/tty/n_tty.c:2211
3 locks held by kworker/u9:3/5233:
#0: ffff888056ad8948 ((wq_completion)hci11){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff888056ad8948 ((wq_completion)hci11){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003ea7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003ea7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff88807d3c8d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
3 locks held by kworker/u9:7/5244:
#0: ffff88806a282148 ((wq_completion)hci8){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88806a282148 ((wq_completion)hci8){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003dd7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003dd7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff88807da48d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
3 locks held by kworker/0:5/5288:
5 locks held by kworker/u8:22/5927:
#0: ffff88801bae5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801bae5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003f87d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003f87d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 net/core/net_namespace.c:580
#3: ffff88805dd75428 (&wg->device_update_lock){+.+.}-{3:3}, at: wg_destruct+0x110/0x2e0 drivers/net/wireguard/device.c:249
#4: ffffffff8e93d478 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:329 [inline]
#4: ffffffff8e93d478 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 kernel/rcu/tree_exp.h:976
2 locks held by kworker/u8:25/6021:
2 locks held by syz.1.563/8002:
4 locks held by syz-executor/9916:
#0: ffff88807ca86420 (sb_writers#8){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2930 [inline]
#0: ffff88807ca86420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90 fs/read_write.c:679
#1: ffff88802e71e488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500 fs/kernfs/file.c:325
#2: ffff888144ff5968 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f56d3e8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890 drivers/net/netdevsim/bus.c:166
7 locks held by syz-executor/9976:
#0: ffff88807ca86420 (sb_writers#8){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2930 [inline]
#0: ffff88807ca86420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90 fs/read_write.c:679
#1: ffff88807abc2888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500 fs/kernfs/file.c:325
#2: ffff888144ff5a58 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f56d3e8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480 drivers/net/netdevsim/bus.c:216
#4: ffff888060f5a0e8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff888060f5a0e8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff888060f5a0e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1293
#5: ffff888060f5b250 (&devlink->lock_key#40){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160 drivers/net/netdevsim/dev.c:1672
#6: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x71/0x5c0 drivers/net/netdevsim/netdev.c:773
2 locks held by syz-executor/10321:
#0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:490
#1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: cangw_pernet_exit_batch+0x20/0x90 net/can/gw.c:1257
2 locks held by syz-executor/10324:
#0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:490
#1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: mpls_net_exit+0x7d/0x2a0 net/mpls/af_mpls.c:2706
2 locks held by syz-executor/10327:
#0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:490
#1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: mpls_net_exit+0x7d/0x2a0 net/mpls/af_mpls.c:2706
2 locks held by syz-executor/10333:
#0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:490
#1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xaa0 net/core/dev.c:11930
2 locks held by syz-executor/10354:
#0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:490
#1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: ppp_exit_net+0xe3/0x3d0 drivers/net/ppp/ppp_generic.c:1146
1 lock held by syz-executor/10357:
#0: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48c/0x2400 drivers/net/tun.c:3121
2 locks held by syz-executor/10362:
#0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:490
#1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1f/0x1e0 drivers/net/wireguard/device.c:414
2 locks held by syz-executor/10366:
#0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:490
#1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1f/0x1e0 drivers/net/wireguard/device.c:414
2 locks held by syz-executor/10368:
#0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:490
#1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1f/0x1e0 drivers/net/wireguard/device.c:414
2 locks held by syz-executor/10371:
#0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:490
#1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1f/0x1e0 drivers/net/wireguard/device.c:414
5 locks held by kworker/u9:0/10373:
#0: ffff888056f3b948 ((wq_completion)hci9){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff888056f3b948 ((wq_completion)hci9){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90004127d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90004127d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff88806eb10d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
#3: ffff88806eb10078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5567
#4: ffffffff8fe3a428 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1957 [inline]
#4: ffffffff8fe3a428 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x15d/0x300 net/bluetooth/hci_conn.c:1262
2 locks held by syz-executor/10378:
#0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 net/core/net_namespace.c:490
#1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 net/ipv4/ip_tunnel.c:1159
1 lock held by syz-executor/10386:
#0: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
#0: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6643

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-10045-g97d8894b6f4c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xff4/0x1040 kernel/hung_task.c:379
kthread+0x2f2/0x390 kernel/kthread.c:389
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 5288 Comm: kworker/0:5 Not tainted 6.11.0-syzkaller-10045-g97d8894b6f4c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Workqueue: events_power_efficient neigh_periodic_work
RIP: 0010:check_preemption_disabled+0x19/0x120 lib/smp_processor_id.c:14
Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 57 41 56 41 54 53 48 83 ec 10 65 48 8b 04 25 28 00 00 00 48 89 44 24 08 <65> 8b 1d 4c 35 40 74 65 8b 05 41 35 40 74 a9 ff ff ff 7f 74 26 65
RSP: 0018:ffffc90000007948 EFLAGS: 00000086
RAX: 8ad5e30e88cbef00 RBX: 0000000000000000 RCX: ffffffff81701614
RDX: 0000000000000000 RSI: ffffffff8c60efa0 RDI: ffffffff8c60ef60
RBP: ffffc90000007ae8 R08: ffffffff901ca4af R09: 1ffffffff2039495
R10: dffffc0000000000 R11: fffffbfff2039496 R12: 1ffff92000000f3c
R13: dffffc0000000000 R14: 0000000000000000 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2fb1bff8 CR3: 000000000e734000 CR4: 0000000000350ef0
Call Trace:
<NMI>
</NMI>
<IRQ>
rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline]
rcu_is_watching+0x15/0xb0 kernel/rcu/tree.c:737
trace_lock_acquire include/trace/events/lock.h:24 [inline]
lock_acquire+0xe3/0x550 kernel/locking/lockdep.c:5793
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
debug_object_active_state+0x15d/0x360 lib/debugobjects.c:936
debug_rcu_head_unqueue kernel/rcu/rcu.h:233 [inline]
rcu_do_batch kernel/rcu/tree.c:2559 [inline]
rcu_core+0xa21/0x17a0 kernel/rcu/tree.c:2823
handle_softirqs+0x2c7/0x980 kernel/softirq.c:554
do_softirq+0x11b/0x1e0 kernel/softirq.c:455
</IRQ>
<TASK>
__local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382
neigh_periodic_work+0xb35/0xd50 net/core/neighbour.c:1019
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f2/0x390 kernel/kthread.c:389
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

[Eric Dumazet]

> new_device_store+0x1b4/0x890 :166

> kernfs_fop_write_iter+0x3a2/0x500 fs/kernfs/file.c:334
> new_sync_write fs/read_write.c:590 [inline]
> vfs_write+0xa6f/0xc90 fs/read_write.c:683
> ksys_write+0x183/0x2b0 fs/read_write.c:736
> do_syscall_x64 arch/x86/entry/common.c:52 [inline]
> do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f8310d7c9df
> RSP: 002b:00007ffe830a52e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
> RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f8310d7c9df
> RDX: 0000000000000003 RSI: 00007ffe830a5330 RDI: 0000000000000005
> RBP: 00007f8310df1c39 R08: 0000000000000000 R09: 00007ffe830a5137
> R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
> R13: 00007ffe830a5330 R14: 00007f8311a64620 R15: 0000000000000003
> </TASK>

typical sysfs deadlock ?

diff --git a/drivers/net/netdevsim/bus.c b/drivers/net/netdevsim/bus.c
index 64c0cdd31bf85468ce4fa2b2af5c8aff4cfba897..3bf0ce52d71653fd9b8c752d52d0b5b7e19042d8
100644
--- a/drivers/net/netdevsim/bus.c
+++ b/drivers/net/netdevsim/bus.c
@@ -163,7 +163,9 @@ new_device_store(const struct bus_type *bus, const
char *buf, size_t count)
return -EINVAL;
}

- mutex_lock(&nsim_bus_dev_list_lock);
+ if (!mutex_trylock(&nsim_bus_dev_list_lock))
+ return restart_syscall();
+
/* Prevent to use resource before initialization. */
if (!smp_load_acquire(&nsim_bus_enable)) {
err = -EBUSY;

[Hillf Danton]

On Thu, 26 Sep 2024 22:14:14 +0200 Eric Dumazet <edum...@google.com>

...

> > 4 locks held by syz-executor/9916:
> > #0: ffff88807ca86420 (sb_writers#8){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2930 [inline]
> > #0: ffff88807ca86420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90 fs/read_write.c:679
> > #1: ffff88802e71e488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500 fs/kernfs/file.c:325
> > #2: ffff888144ff5968 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500 fs/kernfs/file.c:326
> > #3: ffffffff8f56d3e8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890 drivers/net/netdevsim/bus.c:166

syz-executor/9916 is lock waiter, and

> > 7 locks held by syz-executor/9976:
> > #0: ffff88807ca86420 (sb_writers#8){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2930 [inline]
> > #0: ffff88807ca86420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90 fs/read_write.c:679
> > #1: ffff88807abc2888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500 fs/kernfs/file.c:325
> > #2: ffff888144ff5a58 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500 fs/kernfs/file.c:326
> > #3: ffffffff8f56d3e8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480 drivers/net/netdevsim/bus.c:216
> > #4: ffff888060f5a0e8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
> > #4: ffff888060f5a0e8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
> > #4: ffff888060f5a0e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1293
> > #5: ffff888060f5b250 (&devlink->lock_key#40){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160 drivers/net/netdevsim/dev.c:1672
> > #6: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x71/0x5c0 drivers/net/netdevsim/netdev.c:773

syz-executor/9976 is lock owner. Given both waiter and owner printed,
the proposed trylock looks like the typical paperover at least from a
hoofed skull because of no real deadlock detected.

[Eric Dumazet]

I suggest you look at why we have to use rtnl_trylock()

If you know better, please send patches to remove all instances.

[Eric Dumazet]

The real bug is that drivers/net/netdevsim uses sysfs to create and
delete network devices, this was a poor choice.

[Hillf Danton]

On Fri, 27 Sep 2024 13:24:54 +0200 Eric Dumazet <edum...@google.com>

> I suggest you look at why we have to use rtnl_trylock()
>
> If you know better, please send patches to remove all instances.

No patch is needed before you show us deadlock. I suspect you could
spot a case where lockdep fails to report deadlock.

[Eric Dumazet]

Please try to not educate maintainers about their stuff.

lockdep is usually right. And here there is an actua syzbot report.

[Hillf Danton]

On Fri, 27 Sep 2024 13:54:59 +0200 Eric Dumazet <edum...@google.com>

> On Fri, Sep 27, 2024 at 1:44 PM Hillf Danton <hda...@sina.com> wrote:
> >
> > On Fri, 27 Sep 2024 13:24:54 +0200 Eric Dumazet <edum...@google.com>
> > > I suggest you look at why we have to use rtnl_trylock()
> > >
> > > If you know better, please send patches to remove all instances.
> >
> > No patch is needed before you show us deadlock. I suspect you could
> > spot a case where lockdep fails to report deadlock.
>
> Please try to not educate maintainers about their stuff.
>

Is this the typical dude style in Paris when showing deadlock?

> lockdep is usually right. And here there is an actua syzbot report.

The word maintainer is abused in this case.

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit: 5b7c893ed5ed Merge tag 'ntfs3_for_6.12' of https://github...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11c09f9f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=7cd9e7e4a8a0a15b

dashboard link: https://syzkaller.appspot.com/bug?extid=05f9cecd28e356241aba
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1635f707980000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/508d25adbdbb/disk-5b7c893e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ecd795cf996e/vmlinux-5b7c893e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d5433a3025f3/bzImage-5b7c893e.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+05f9ce...@syzkaller.appspotmail.com

INFO: task syz-executor:5469 blocked for more than 143 seconds.
Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0

"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

task:syz-executor state:D stack:21680 pid:5469 tgid:5469 ppid:5459 flags:0x00000000

Call Trace:
<TASK>
context_switch kernel/sched/core.c:5315 [inline]

__schedule+0x1895/0x4b30 kernel/sched/core.c:6675
__schedule_loop kernel/sched/core.c:6752 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6767
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6824

__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752
new_device_store+0x1b4/0x890 drivers/net/netdevsim/bus.c:166

kernfs_fop_write_iter+0x3a0/0x500 fs/kernfs/file.c:334
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0xa6d/0xc90 fs/read_write.c:683

ksys_write+0x183/0x2b0 fs/read_write.c:736
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f

RIP: 0033:0x7f5edcf7cadf
RSP: 002b:00007f5edd25f220 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f5edcf7cadf
RDX: 0000000000000003 RSI: 00007f5edd25f270 RDI: 0000000000000005
RBP: 00007f5edcff13d2 R08: 0000000000000000 R09: 00007f5edd25f077

R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003

R13: 00007f5edd25f270 R14: 00007f5eddc64620 R15: 0000000000000003

</TASK>

Showing all locks held in the system:

2 locks held by kworker/u8:0/11:
2 locks held by kworker/u8:1/12:

1 lock held by khungtaskd/30:

#0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6720
3 locks held by kworker/u8:3/52:
5 locks held by kworker/u9:0/54:
#0: ffff888218331148 ((wq_completion)hci6){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff888218331148 ((wq_completion)hci6){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90000bf7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90000bf7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff88802a7b0d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
#3: ffff88802a7b0078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5567
#4: ffffffff8fe3e668 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1957 [inline]
#4: ffffffff8fe3e668 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x15d/0x300 net/bluetooth/hci_conn.c:1262
1 lock held by kswapd1/89:
3 locks held by kworker/u8:5/1060:
#0: ffff88814b89a948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88814b89a948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003ee7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003ee7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd1dc8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 net/ipv6/addrconf.c:4196
3 locks held by kworker/1:2/1852:
3 locks held by kworker/u8:8/2936:
4 locks held by kworker/u8:12/3063:
#0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90009ce7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90009ce7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcc52d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 net/core/net_namespace.c:580
#3: ffffffff8fcd1dc8 (rtnl_mutex){+.+.}-{3:3}, at: wg_destruct+0x25/0x2e0 drivers/net/wireguard/device.c:246
1 lock held by klogd/4679:
2 locks held by udevd/4690:
1 lock held by dhcpcd/4903:
2 locks held by getty/4995:
#0: ffff88802e5950a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 drivers/tty/n_tty.c:2211
3 locks held by kworker/1:3/5284:
#0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003fc7d00 ((crda_timeout).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003fc7d00 ((crda_timeout).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd1dc8 (rtnl_mutex){+.+.}-{3:3}, at: crda_timeout_work+0x15/0x50 net/wireless/reg.c:540
5 locks held by kworker/u9:5/5333:
#0: ffff888175b57948 ((wq_completion)hci8){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff888175b57948 ((wq_completion)hci8){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003da7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003da7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff88807caccd80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
#3: ffff88807cacc078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5567
#4: ffffffff8fe3e668 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1957 [inline]
#4: ffffffff8fe3e668 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x15d/0x300 net/bluetooth/hci_conn.c:1262
6 locks held by kworker/u9:6/5335:
#0: ffff888219140948 ((wq_completion)hci7){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff888219140948 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003c27d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003c27d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff88804a2e4d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
#3: ffff88804a2e4078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5567
#4: ffffffff8fe3e668 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1957 [inline]
#4: ffffffff8fe3e668 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x15d/0x300 net/bluetooth/hci_conn.c:1262
#5: ffffffff8e93d378 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:297 [inline]
#5: ffffffff8e93d378 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 kernel/rcu/tree_exp.h:976
5 locks held by kworker/u9:7/5337:
#0: ffff888218333948 ((wq_completion)hci5){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff888218333948 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003c07d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003c07d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff88807edc8d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 net/bluetooth/hci_sync.c:327
#3: ffff88807edc8078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 net/bluetooth/hci_sync.c:5567
#4: ffffffff8fe3e668 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1957 [inline]
#4: ffffffff8fe3e668 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x15d/0x300 net/bluetooth/hci_conn.c:1262
3 locks held by kworker/1:5/5405:
4 locks held by kworker/0:5/5438:
#0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc9000360fd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc9000360fd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd1dc8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 net/wireless/reg.c:2480
#3: ffff8880787d0768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:6014 [inline]
#3: ffff8880787d0768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: reg_leave_invalid_chans net/wireless/reg.c:2468 [inline]
#3: ffff8880787d0768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: reg_check_chans_work+0x164/0xfd0 net/wireless/reg.c:2483
1 lock held by syz-executor/5463:
#0: ffffffff8fcd1dc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
#0: ffffffff8fcd1dc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6643
1 lock held by syz-executor/5464:
#0: ffffffff8fcd1dc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
#0: ffffffff8fcd1dc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6643
3 locks held by syz-executor/5465:
4 locks held by syz-executor/5469:
#0: ffff8880322e8420 (sb_writers#8){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2931 [inline]
#0: ffff8880322e8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90 fs/read_write.c:679
#1: ffff888085516888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500 fs/kernfs/file.c:325
#2: ffff8880272140f8 (kn->active#56){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f56fea8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890 drivers/net/netdevsim/bus.c:166
7 locks held by syz-executor/5470:
#0: ffff8880322e8420 (sb_writers#8){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2931 [inline]
#0: ffff8880322e8420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90 fs/read_write.c:679
#1: ffff888084d7e888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500 fs/kernfs/file.c:325
#2: ffff8880272141e8 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f56fea8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480 drivers/net/netdevsim/bus.c:216
#4: ffff88807fb830e8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88807fb830e8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff88807fb830e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1293
#5: ffff88807fb84250 (&devlink->lock_key#4){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160 drivers/net/netdevsim/dev.c:1672
#6: ffffffff8fcd1dc8 (rtnl_mutex){+.+.}-{3:3}, at: unregister_nexthop_notifier+0x17/0x40 net/ipv4/nexthop.c:3913

=============================================

NMI backtrace for cpu 0

CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024

Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xff4/0x1040 kernel/hung_task.c:379

kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 0 to CPUs 1:

NMI backtrace for cpu 1

CPU: 1 UID: 0 PID: 4690 Comm: udevd Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:mark_lock+0x3/0x360 kernel/locking/lockdep.c:4686
Code: 04 ff ff ff e8 9e b9 54 0a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 <41> 56 41 55 41 54 53 48 83 ec 10 49 89 f7 48 89 3c 24 49 bd 00 00
RSP: 0018:ffffc9000305f2c8 EFLAGS: 00000006
RAX: 000000000005054b RBX: ffff88807eb664e0 RCX: ffffffff9a3cc903
RDX: 0000000000000003 RSI: ffff88807eb664e0 RDI: ffff88807eb65a00
RBP: ffffc9000305f388 R08: ffffffff901cee2f R09: 1ffffffff2039dc5
R10: dffffc0000000000 R11: fffffbfff2039dc6 R12: ffff88807eb66500
R13: 0000000000000000 R14: ffff88807eb664d8 R15: 1ffff1100fd6cc9b
FS: 00007efdac2c9c80(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000

CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: 000000c00091d660 CR3: 000000007e158000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
mark_held_locks kernel/locking/lockdep.c:4321 [inline]
__trace_hardirqs_on_caller kernel/locking/lockdep.c:4339 [inline]
lockdep_hardirqs_on_prepare+0x282/0x780 kernel/locking/lockdep.c:4406
trace_hardirqs_on+0x28/0x40 kernel/trace/trace_preemptirq.c:61
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
_raw_spin_unlock_irqrestore+0x8f/0x140 kernel/locking/spinlock.c:194
__debug_check_no_obj_freed lib/debugobjects.c:998 [inline]
debug_check_no_obj_freed+0x561/0x580 lib/debugobjects.c:1019
free_pages_prepare mm/page_alloc.c:1115 [inline]
free_unref_page+0x41b/0xf20 mm/page_alloc.c:2638
discard_slab mm/slub.c:2677 [inline]
__put_partials+0xeb/0x130 mm/slub.c:3145
put_cpu_partial+0x17c/0x250 mm/slub.c:3220
__slab_free+0x2ea/0x3d0 mm/slub.c:4449
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
kasan_slab_alloc include/linux/kasan.h:247 [inline]
slab_post_alloc_hook mm/slub.c:4085 [inline]
slab_alloc_node mm/slub.c:4134 [inline]
kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4141
anon_vma_chain_alloc mm/rmap.c:143 [inline]
anon_vma_fork+0x1fa/0x580 mm/rmap.c:365
dup_mmap kernel/fork.c:713 [inline]
dup_mm kernel/fork.c:1674 [inline]
copy_mm+0xd7c/0x1f40 kernel/fork.c:1723
copy_process+0x1845/0x3d50 kernel/fork.c:2372
kernel_clone+0x226/0x8f0 kernel/fork.c:2784
__do_sys_clone kernel/fork.c:2927 [inline]
__se_sys_clone kernel/fork.c:2911 [inline]
__x64_sys_clone+0x258/0x2a0 kernel/fork.c:2911

do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f

RIP: 0033:0x7efdabefca12
Code: 41 5d 41 5e 41 5f c3 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 10 48 8b 15 e7 43 0f 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffde4edde98 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000559c91bf0801 RCX: 00007efdabefca12
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000559c91be0910
R10: 00007efdac2c9f50 R11: 0000000000000246 R12: 0000559c91c06ae0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000559c91be0910
</TASK>


---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit: 8f0b4cce4481 Linux 6.19-rc1
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=156eb09a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=8a8594efdc14f07a
dashboard link: https://syzkaller.appspot.com/bug?extid=05f9cecd28e356241aba
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=177f9758580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14b2ab92580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cd4f5f43efc8/disk-8f0b4cce.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/aafb35ac3a3c/vmlinux-8f0b4cce.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d221fae4ab17/Image-8f0b4cce.gz.xz

Bisection is inconclusive: the first bad commit could be any of:

949090eaf0a3 sched/eevdf: Remove min_vruntime_copy
8e2e13ac6122 sched/fair: Cleanup pick_task_fair() vs throttle

bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10491fd0580000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+05f9ce...@syzkaller.appspotmail.com

INFO: task syz-executor:6714 blocked for more than 144 seconds.
Not tainted syzkaller #0

"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

task:syz-executor state:D stack:0 pid:6714 tgid:6714 ppid:1 task_flags:0x400140 flags:0x00000001
Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x1250/0x2a7c kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:6960
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
__mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
__mutex_lock kernel/locking/mutex.c:776 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828
new_device_store+0x128/0x594 drivers/net/netdevsim/bus.c:184
bus_attr_store+0x80/0xa4 drivers/base/bus.c:172
sysfs_kf_write+0x1a8/0x23c fs/sysfs/file.c:142
kernfs_fop_write_iter+0x33c/0x4d0 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x540/0xa3c fs/read_write.c:686
ksys_write+0x120/0x210 fs/read_write.c:738
__do_sys_write fs/read_write.c:749 [inline]
__se_sys_write fs/read_write.c:746 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:746
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
INFO: task syz-executor:6720 blocked for more than 144 seconds.
Not tainted syzkaller #0

"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

task:syz-executor state:D stack:0 pid:6720 tgid:6720 ppid:1 task_flags:0x400140 flags:0x00000011
Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x1250/0x2a7c kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:6960
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
__mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
__mutex_lock kernel/locking/mutex.c:776 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828
device_lock include/linux/device.h:895 [inline]
device_del+0xa4/0x808 drivers/base/core.c:3840
device_unregister+0x2c/0xf4 drivers/base/core.c:3919
nsim_bus_dev_del drivers/net/netdevsim/bus.c:483 [inline]
del_device_store+0x27c/0x31c drivers/net/netdevsim/bus.c:244
bus_attr_store+0x80/0xa4 drivers/base/bus.c:172
sysfs_kf_write+0x1a8/0x23c fs/sysfs/file.c:142
kernfs_fop_write_iter+0x33c/0x4d0 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x540/0xa3c fs/read_write.c:686
ksys_write+0x120/0x210 fs/read_write.c:738
__do_sys_write fs/read_write.c:749 [inline]
__se_sys_write fs/read_write.c:746 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:746
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
INFO: task syz-executor:6724 blocked for more than 146 seconds.
Not tainted syzkaller #0

"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

task:syz-executor state:D stack:0 pid:6724 tgid:6724 ppid:6719 task_flags:0x400140 flags:0x00800000
Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x1250/0x2a7c kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:6960
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
__mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
__mutex_lock kernel/locking/mutex.c:776 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828
del_device_store+0xd4/0x31c drivers/net/netdevsim/bus.c:234
bus_attr_store+0x80/0xa4 drivers/base/bus.c:172
sysfs_kf_write+0x1a8/0x23c fs/sysfs/file.c:142
kernfs_fop_write_iter+0x33c/0x4d0 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x540/0xa3c fs/read_write.c:686
ksys_write+0x120/0x210 fs/read_write.c:738
__do_sys_write fs/read_write.c:749 [inline]
__se_sys_write fs/read_write.c:746 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:746
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

Showing all locks held in the system:

3 locks held by kworker/u8:1/13:
2 locks held by kworker/1:1/26:
1 lock held by khungtaskd/32:
#0: ffff80008fa5b520 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 include/linux/rcupdate.h:330
3 locks held by kworker/u8:2/41:
1 lock held by pr/ttyAMA-1/43:
6 locks held by kworker/u8:5/155:
3 locks held by kworker/u8:7/713:
#0: ffff0000d55b1948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231
#1: ffff80009d0f7be0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231
#2: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
2 locks held by kworker/u8:8/1023:
6 locks held by kworker/u8:9/1342:
#0: ffff0000c1843148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231
#1: ffff80009ed07be0 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231
#2: ffff800092ad71f0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf0/0x638 net/core/net_namespace.c:670
#3: ffff0000da33f0e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#3: ffff0000da33f0e8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
#3: ffff0000da33f0e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0xe4/0x380 net/devlink/core.c:506
#4: ffff0000c7b48250 (&devlink->lock_key){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
#4: ffff0000c7b48250 (&devlink->lock_key){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
#4: ffff0000c7b48250 (&devlink->lock_key){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0xf0/0x380 net/devlink/core.c:506
#5: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
3 locks held by kworker/u8:10/1512:
2 locks held by kworker/0:2/3988:
3 locks held by kworker/u8:14/4835:
3 locks held by kworker/u8:15/5060:
#0: ffff0000c0031948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231
#1: ffff8000a4817be0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231
#2: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
3 locks held by kworker/u8:16/5722:
3 locks held by udevd/6209:
3 locks held by dhcpcd/6265:
2 locks held by getty/6351:
#0: ffff0000d5dd30a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
#1: ffff800099f1e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x34c/0xfc8 drivers/tty/n_tty.c:2211
2 locks held by kworker/1:3/6704:
4 locks held by syz-executor/6714:
#0: ffff0000dc442420 (sb_writers#6){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2681 [inline]
#0: ffff0000dc442420 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x24c/0xa3c fs/read_write.c:682
#1: ffff0000d4d40888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1b4/0x4d0 fs/kernfs/file.c:343
#2: ffff0000ce348878 (kn->active#56){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff0000ce348878 (kn->active#56){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x1f4/0x4d0 fs/kernfs/file.c:344
#3: ffff800091bf3648 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: new_device_store+0x128/0x594 drivers/net/netdevsim/bus.c:184
5 locks held by syz-executor/6720:
#0: ffff0000dc442420 (sb_writers#6){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2681 [inline]
#0: ffff0000dc442420 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x24c/0xa3c fs/read_write.c:682
#1: ffff0000d6511488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1b4/0x4d0 fs/kernfs/file.c:343
#2: ffff0000ce348968 (kn->active#55){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff0000ce348968 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x1f4/0x4d0 fs/kernfs/file.c:344
#3: ffff800091bf3648 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd4/0x31c drivers/net/netdevsim/bus.c:234
#4: ffff0000da33f0e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#4: ffff0000da33f0e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa4/0x808 drivers/base/core.c:3840
4 locks held by syz-executor/6724:
#0: ffff0000dc442420 (sb_writers#6){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2681 [inline]
#0: ffff0000dc442420 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x24c/0xa3c fs/read_write.c:682
#1: ffff0000d6512888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1b4/0x4d0 fs/kernfs/file.c:343
#2: ffff0000ce348968 (kn->active#55){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff0000ce348968 (kn->active#55){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x1f4/0x4d0 fs/kernfs/file.c:344
#3: ffff800091bf3648 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd4/0x31c drivers/net/netdevsim/bus.c:234
4 locks held by kworker/0:4/6772:
#0: ffff0000c0029948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231
#1: ffff8000a3f67be0 ((work_completion)(&helper->damage_work)){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231
#2: ffff0000ca9f5280 (&helper->lock){+.+.}-{4:4}, at: drm_fb_helper_fb_dirty drivers/gpu/drm/drm_fb_helper.c:333 [inline]
#2: ffff0000ca9f5280 (&helper->lock){+.+.}-{4:4}, at: drm_fb_helper_damage_work+0xa8/0x568 drivers/gpu/drm/drm_fb_helper.c:369
#3: ffff0000caeb8128 (&dev->master_mutex){+.+.}-{4:4}, at: drm_master_internal_acquire+0x24/0x78 drivers/gpu/drm/drm_auth.c:435
2 locks held by syz.0.17/6788:
4 locks held by kworker/0:8/6796:
#0: ffff0000d54fcd48 ((wq_completion)mld){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231
#1: ffff8000a3ef7be0 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231
#2: ffff0000dcc68538 (&idev->mc_lock){+.+.}-{4:4}, at: mld_ifc_work+0x38/0xc38 net/ipv6/mcast.c:2692
#3: ffff80008f916b20 (sched_map-wait-type-override){+.+.}-{3:3}, at: sched_submit_work+0x14/0x144 kernel/sched/core.c:6893
5 locks held by syz-executor/6797:
2 locks held by syz-executor/6802:
2 locks held by syz-executor/6804:

=============================================

[syzbot]

For archival purposes, forwarding an incoming command email to
syzkall...@googlegroups.com.

***

Subject: Re: [syzbot] [net?] INFO: task hung in new_device_store (5)
Author: penguin...@i-love.sakura.ne.jp

#syz test

diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index 58d22e2b85fc..b6b79972b50b 100644
--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -982,6 +982,15 @@ static bool __fdb_mark_active(struct net_bridge_fdb_entry *fdb)
test_and_clear_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags));
}

+static bool ratelimit_1hz(unsigned long *stamp)
+{
+ const unsigned long now = data_race(READ_ONCE(jiffies));
+ const unsigned long prev = data_race(READ_ONCE(*stamp));
+
+ return !time_in_range_open(now, prev, prev + HZ) &&
+ cmpxchg(stamp, prev, now) == prev;
+}
+
void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source,
const unsigned char *addr, u16 vid, unsigned long flags)
{
@@ -995,7 +1004,9 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source,
if (likely(fdb)) {
/* attempt to update an entry for a local interface */
if (unlikely(test_bit(BR_FDB_LOCAL, &fdb->flags))) {
- if (net_ratelimit())
+ static unsigned long stamp;
+
+ if (ratelimit_1hz(&stamp))
br_warn(br, "received packet on %s with own address as source address (addr:%pM, vlan:%u)\n",
source->dev->name, addr, vid);
} else {

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in rtnl_lock

INFO: task kworker/u8:5:363 blocked for more than 144 seconds.

Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

task:kworker/u8:5 state:D stack:0 pid:363 tgid:363 ppid:2 task_flags:0x4208060 flags:0x00000010
Workqueue: events_power_efficient crda_timeout_work

Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x1250/0x2a7c kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:6960
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
__mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
__mutex_lock kernel/locking/mutex.c:776 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828

rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
crda_timeout_work+0x20/0x94 net/wireless/reg.c:541
process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257
process_scheduled_works kernel/workqueue.c:3340 [inline]
worker_thread+0x958/0xed8 kernel/workqueue.c:3421
kthread+0x5fc/0x75c kernel/kthread.c:463
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
INFO: task kworker/u8:19:5598 blocked for more than 144 seconds.

Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

task:kworker/u8:19 state:D stack:0 pid:5598 tgid:5598 ppid:2 task_flags:0x4208060 flags:0x00000010
Workqueue: ipv6_addrconf addrconf_dad_work

Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x1250/0x2a7c kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:6960
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
__mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
__mutex_lock kernel/locking/mutex.c:776 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828

rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
addrconf_dad_work+0x100/0x10cc net/ipv6/addrconf.c:4194
process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257
process_scheduled_works kernel/workqueue.c:3340 [inline]
worker_thread+0x958/0xed8 kernel/workqueue.c:3421
kthread+0x5fc/0x75c kernel/kthread.c:463
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
INFO: task syz-executor:7102 blocked for more than 144 seconds.

Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

task:syz-executor state:D stack:0 pid:7102 tgid:7102 ppid:7101 task_flags:0x400140 flags:0x00000010

Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x1250/0x2a7c kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:6960
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
__mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
__mutex_lock kernel/locking/mutex.c:776 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828

rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
wiphy_register+0x172c/0x2460 net/wireless/core.c:1033
ieee80211_register_hw+0x283c/0x337c net/mac80211/main.c:1590
mac80211_hwsim_new_radio+0x257c/0x4434 drivers/net/wireless/virtual/mac80211_hwsim.c:5810
hwsim_new_radio_nl+0xa68/0x1644 drivers/net/wireless/virtual/mac80211_hwsim.c:6504
genl_family_rcv_msg_doit+0x1d8/0x2bc net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x450/0x624 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2550
genl_rcv+0x38/0x50 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
__sys_sendto+0x36c/0x4f4 net/socket.c:2206
__do_sys_sendto net/socket.c:2213 [inline]
__se_sys_sendto net/socket.c:2209 [inline]
__arm64_sys_sendto+0xd8/0xf8 net/socket.c:2209

__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

INFO: task syz-executor:7105 blocked for more than 144 seconds.

Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

task:syz-executor state:D stack:0 pid:7105 tgid:7105 ppid:7097 task_flags:0x400140 flags:0x00000000

Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x1250/0x2a7c kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:6960
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
__mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
__mutex_lock kernel/locking/mutex.c:776 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828

rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
nl80211_pre_doit+0x70/0x760 net/wireless/nl80211.c:17932
genl_family_rcv_msg_doit+0x18c/0x2bc net/netlink/genetlink.c:1110
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x450/0x624 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2550
genl_rcv+0x38/0x50 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
__sys_sendto+0x36c/0x4f4 net/socket.c:2206
__do_sys_sendto net/socket.c:2213 [inline]
__se_sys_sendto net/socket.c:2209 [inline]
__arm64_sys_sendto+0xd8/0xf8 net/socket.c:2209

__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

INFO: task kworker/1:8:7515 blocked for more than 144 seconds.

Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

task:kworker/1:8 state:D stack:0 pid:7515 tgid:7515 ppid:2 task_flags:0x4208060 flags:0x00000010
Workqueue: events reg_todo

Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:741 (T)
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x1250/0x2a7c kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:6960
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
__mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
__mutex_lock kernel/locking/mutex.c:776 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828

class_wiphy_constructor include/net/cfg80211.h:6363 [inline]
reg_process_self_managed_hints+0x98/0x1dc net/wireless/reg.c:3179
reg_todo+0x81c/0x98c net/wireless/reg.c:3192
process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257
process_scheduled_works kernel/workqueue.c:3340 [inline]
worker_thread+0x958/0xed8 kernel/workqueue.c:3421
kthread+0x5fc/0x75c kernel/kthread.c:463
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844

Showing all locks held in the system:

3 locks held by kworker/u8:0/12:

1 lock held by khungtaskd/32:
#0: ffff80008fa5b520 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 include/linux/rcupdate.h:330
3 locks held by kworker/u8:2/41:

3 locks held by kworker/u8:3/42:
#0: ffff0000c0032148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231
#1: ffff800097ff7be0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231

#2: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80

4 locks held by pr/ttyAMA-1/43:
4 locks held by kworker/u8:4/149:
3 locks held by kworker/u8:5/363:
#0: ffff0000c0032148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231
#1: ffff80009ca77be0 ((crda_timeout).work){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231

#2: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80

3 locks held by kworker/u8:6/525:
3 locks held by kworker/u8:8/2097:
3 locks held by kworker/u8:10/3199:
2 locks held by kworker/u8:14/4544:
3 locks held by kworker/u8:15/4865:
3 locks held by kworker/u8:16/5181:
3 locks held by kworker/u8:17/5476:
3 locks held by kworker/u8:18/5563:
3 locks held by kworker/u8:19/5598:
#0: ffff0000d5ed3948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231
#1: ffff80009c2b7be0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231

#2: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80

3 locks held by kworker/u8:20/5802:
3 locks held by kworker/u8:21/6142:
1 lock held by klogd/6200:
2 locks held by udevd/6211:
2 locks held by crond/6341:
2 locks held by getty/6353:
#0: ffff0000d62830a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340

#1: ffff800099f1e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x34c/0xfc8 drivers/tty/n_tty.c:2211

2 locks held by kworker/1:6/6706:
2 locks held by udevd/7031:
1 lock held by syz-executor/7098:
1 lock held by syz-executor/7099:
#0: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
1 lock held by syz-executor/7100:
#0: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
3 locks held by syz-executor/7102:
#0: ffff800092b49830 (cb_lock){++++}-{4:4}, at: genl_rcv+0x28/0x50 net/netlink/genetlink.c:1218
#1: ffff800092b49648 (genl_mutex){+.+.}-{4:4}, at: genl_lock net/netlink/genetlink.c:35 [inline]
#1: ffff800092b49648 (genl_mutex){+.+.}-{4:4}, at: genl_op_lock net/netlink/genetlink.c:60 [inline]
#1: ffff800092b49648 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0xf4/0x624 net/netlink/genetlink.c:1209

#2: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80

2 locks held by syz-executor/7105:
#0: ffff800092b49830 (cb_lock){++++}-{4:4}, at: genl_rcv+0x28/0x50 net/netlink/genetlink.c:1218
#1: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
4 locks held by kworker/1:8/7515:

#0: ffff0000c0029948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231

#1: ffff80009ca57be0 (reg_work){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231

#2: ffff800092ae4168 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80

#3: ffff0000db640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6363 [inline]
#3: ffff0000db640788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_process_self_managed_hints+0x98/0x1dc net/wireless/reg.c:3179
4 locks held by sed/7547:
1 lock held by syz-executor/7567:

=============================================



Tested on:

commit: 8f0b4cce Linux 6.19-rc1

git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci

console output: https://syzkaller.appspot.com/x/log.txt?x=139d3bb4580000

kernel config: https://syzkaller.appspot.com/x/.config?x=8a8594efdc14f07a
dashboard link: https://syzkaller.appspot.com/bug?extid=05f9cecd28e356241aba
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64

patch: https://syzkaller.appspot.com/x/patch.diff?x=108ac12a580000

[syzbot]

For archival purposes, forwarding an incoming command email to
syzkall...@googlegroups.com.

***

Subject: Re: [syzbot] [net?] INFO: task hung in new_device_store (5)
Author: penguin...@i-love.sakura.ne.jp

#syz test

diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
index 2d4c5bab5af8..13b7a921cc3a 100644
--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
@@ -792,12 +792,6 @@ static void lockdep_print_held_locks(struct task_struct *p)
else
printk("%d lock%s held by %s/%d:\n", depth,
str_plural(depth), p->comm, task_pid_nr(p));
- /*
- * It's not reliable to print a task's held locks if it's not sleeping
- * and it's not the current task.
- */
- if (p != current && task_is_running(p))
- return;
for (i = 0; i < depth; i++) {
printk(" #%d: ", i);
print_lock(p->held_locks + i);
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index 58d22e2b85fc..b2abc5b65443 100644

--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -982,6 +982,15 @@ static bool __fdb_mark_active(struct net_bridge_fdb_entry *fdb)
test_and_clear_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags));
}

+static bool ratelimit_05hz(unsigned long *stamp)

+{
+ const unsigned long now = data_race(READ_ONCE(jiffies));
+ const unsigned long prev = data_race(READ_ONCE(*stamp));
+

+ return !time_in_range_open(now, prev, prev + HZ * 2) &&

+ cmpxchg(stamp, prev, now) == prev;
+}
+
void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source,
const unsigned char *addr, u16 vid, unsigned long flags)
{
@@ -995,7 +1004,9 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source,
if (likely(fdb)) {
/* attempt to update an entry for a local interface */
if (unlikely(test_bit(BR_FDB_LOCAL, &fdb->flags))) {
- if (net_ratelimit())
+ static unsigned long stamp;
+

+ if (ratelimit_05hz(&stamp))

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

SYZFAIL: failed to recv rpc

SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)


Warning: Permanently added '10.128.1.196' (ED25519) to the list of known hosts.
1970/01/01 00:00:27 parsed 1 programs
[ 28.587108][ T6579] cgroup: Unknown subsys name 'net'
[ 28.756941][ T6579] cgroup: Unknown subsys name 'cpuset'
[ 28.758813][ T6579] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 28.919971][ T6579] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS
[ 35.516222][ T6589] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linu...@kvack.org if you depend on this functionality.
[ 35.978864][ T159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 35.978895][ T159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 36.044988][ T6166] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 36.047088][ T6166] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 36.055304][ T6166] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 36.058255][ T6166] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 36.071648][ T6166] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 36.125812][ T159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 36.125845][ T159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 36.374877][ T6626] chnl_net:caif_netlink_parms(): no params data found
[ 36.592412][ T6626] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.593249][ T6626] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.593313][ T6626] bridge_slave_0: entered allmulticast mode
[ 36.593796][ T6626] bridge_slave_0: entered promiscuous mode
[ 36.596258][ T6626] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.596305][ T6626] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.596352][ T6626] bridge_slave_1: entered allmulticast mode
[ 36.596819][ T6626] bridge_slave_1: entered promiscuous mode
[ 36.619108][ T6626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 36.621721][ T6626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 36.634265][ T6626] team0: Port device team_slave_0 added
[ 36.636612][ T6626] team0: Port device team_slave_1 added
[ 36.644107][ T6626] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 36.645329][ T6626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 36.649731][ T6626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 36.652386][ T6626] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 36.653590][ T6626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 36.655666][ T6626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 36.666248][ T6626] hsr_slave_0: entered promiscuous mode
[ 36.666595][ T6626] hsr_slave_1: entered promiscuous mode
[ 36.753120][ T6626] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 36.756203][ T6626] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 36.758279][ T6626] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 36.760667][ T6626] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 36.803479][ T6626] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.803528][ T6626] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 36.803722][ T6626] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.803750][ T6626] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 36.854884][ T6626] 8021q: adding VLAN 0 to HW filter on device bond0
[ 36.859993][ T159] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.861382][ T159] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.865187][ T6626] 8021q: adding VLAN 0 to HW filter on device team0
[ 36.867643][ T3491] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.867695][ T3491] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 36.870433][ T545] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.870471][ T545] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 36.934955][ T6626] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 37.167588][ T6626] veth0_vlan: entered promiscuous mode
[ 37.175536][ T6626] veth1_vlan: entered promiscuous mode
[ 37.191057][ T6626] veth0_macvtap: entered promiscuous mode
[ 37.192370][ T6626] veth1_macvtap: entered promiscuous mode
[ 37.196843][ T6626] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 37.197846][ T6626] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 37.200875][ T159] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 37.200992][ T159] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 37.201141][ T159] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 37.201185][ T159] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
1970/01/01 00:00:37 executed programs: 0
[ 37.309306][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 37.309684][ T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 37.309883][ T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 37.310161][ T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 37.310337][ T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 37.514704][ T1366] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 37.554267][ T6682] chnl_net:caif_netlink_parms(): no params data found
[ 37.564112][ T1366] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 37.581915][ T6682] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.581991][ T6682] bridge0: port 1(bridge_slave_0) entered disabled state
[ 37.582049][ T6682] bridge_slave_0: entered allmulticast mode
[ 37.582474][ T6682] bridge_slave_0: entered promiscuous mode
[ 37.583268][ T6682] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.583307][ T6682] bridge0: port 2(bridge_slave_1) entered disabled state
[ 37.583350][ T6682] bridge_slave_1: entered allmulticast mode
[ 37.583760][ T6682] bridge_slave_1: entered promiscuous mode
[ 37.595348][ T6682] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 37.596932][ T6682] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 37.604100][ T6682] team0: Port device team_slave_0 added
[ 37.604832][ T6682] team0: Port device team_slave_1 added
[ 37.617153][ T1366] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 37.619414][ T6682] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 37.619437][ T6682] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 37.619457][ T6682] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 37.622039][ T6682] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 37.622049][ T6682] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 37.622061][ T6682] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 37.639284][ T6682] hsr_slave_0: entered promiscuous mode
[ 37.639597][ T6682] hsr_slave_1: entered promiscuous mode
[ 37.639790][ T6682] debugfs: 'hsr0' already exists in 'hsr'
[ 37.639826][ T6682] Cannot create hsr debugfs directory
[ 37.665722][ T1366] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 38.106033][ T53] Bluetooth: hci0: command tx timeout
[ 39.385559][ T53] Bluetooth: hci1: command tx timeout
[ 40.185525][ T53] Bluetooth: hci0: command tx timeout
[ 40.385032][ T1366] bridge_slave_1: left allmulticast mode
[ 40.386305][ T1366] bridge_slave_1: left promiscuous mode
[ 40.386610][ T1366] bridge0: port 2(bridge_slave_1) entered disabled state
[ 40.390053][ T1366] bridge_slave_0: left allmulticast mode
[ 40.390074][ T1366] bridge_slave_0: left promiscuous mode
[ 40.390267][ T1366] bridge0: port 1(bridge_slave_0) entered disabled state
[ 40.539319][ T1366] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 40.567429][ T1366] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 40.596300][ T1366] bond0 (unregistering): Released all slaves
[ 40.649297][ T1366] hsr_slave_0: left promiscuous mode
[ 40.650623][ T1366] hsr_slave_1: left promiscuous mode
[ 40.651942][ T1366] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 40.653153][ T1366] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 40.655644][ T1366] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 40.656846][ T1366] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 40.666436][ T1366] veth1_macvtap: left promiscuous mode
[ 40.667483][ T1366] veth0_macvtap: left promiscuous mode
[ 40.668746][ T1366] veth1_vlan: left promiscuous mode
[ 40.669606][ T1366] veth0_vlan: left promiscuous mode
[ 40.790081][ T1366] team0 (unregistering): Port device team_slave_1 removed
[ 40.796560][ T1366] team0 (unregistering): Port device team_slave_0 removed
[ 41.003460][ T6682] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 41.007225][ T6682] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 41.009214][ T6682] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 41.011410][ T6682] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 41.037855][ T6682] 8021q: adding VLAN 0 to HW filter on device bond0
[ 41.040503][ T6682] 8021q: adding VLAN 0 to HW filter on device team0
[ 41.043546][ T3491] bridge0: port 1(bridge_slave_0) entered blocking state
[ 41.043578][ T3491] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 41.045430][ T3491] bridge0: port 2(bridge_slave_1) entered blocking state
[ 41.045446][ T3491] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 41.053400][ T6682] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 41.053432][ T6682] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 41.096928][ T6682] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 41.127286][ T6682] veth0_vlan: entered promiscuous mode
[ 41.131983][ T6682] veth1_vlan: entered promiscuous mode
[ 41.142065][ T6682] veth0_macvtap: entered promiscuous mode
[ 41.143005][ T6682] veth1_macvtap: entered promiscuous mode
[ 41.146977][ T6682] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 41.147898][ T6682] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 41.150332][ T3491] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 41.150452][ T3491] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 41.150552][ T3491] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 41.150686][ T3491] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 41.172012][ T3491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 41.173623][ T3491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 41.182043][ T6042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 41.182068][ T6042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3690632989=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at d6526ea3e
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=arm64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" -o ./bin/linux_arm64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_arm64
aarch64-linux-gnu-g++ -o ./bin/linux_arm64/syz-executor executor/executor.cc \
-O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_arm64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d6526ea3e6ad9081c902859bbb80f9f840377cb4\"
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/bin/ld: /tmp/cctOvHer.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0xd8): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null

Tested on:

commit: 8f0b4cce Linux 6.19-rc1
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci

kernel config: https://syzkaller.appspot.com/x/.config?x=8a8594efdc14f07a
dashboard link: https://syzkaller.appspot.com/bug?extid=05f9cecd28e356241aba
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64

patch: https://syzkaller.appspot.com/x/patch.diff?x=15d0f894580000

[syzbot]

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

a
[ 4.120562][ T1] usbcore: registered new interface driver usbhid
[ 4.121529][ T1] usbhid: USB HID core driver
[ 4.124225][ T1] usbcore: registered new interface driver es2_ap_driver
[ 4.125241][ T1] comedi: version 0.7.76 - http://www.comedi.org
[ 4.127010][ T1] comedi comedi0: comedi_test: 1000000 microvolt, 100000 microsecond waveform attached
[ 4.134045][ T1] comedi comedi0: driver 'comedi_test' has successfully auto-configured 'comedi_test'.
[ 4.136499][ T1] usbcore: registered new interface driver dt9812
[ 4.137832][ T1] usbcore: registered new interface driver ni6501
[ 4.138039][ T1] usbcore: registered new interface driver usbdux
[ 4.138282][ T1] usbcore: registered new interface driver usbduxfast
[ 4.138471][ T1] usbcore: registered new interface driver usbduxsigma
[ 4.138653][ T1] usbcore: registered new interface driver vmk80xx
[ 4.139062][ T1] greybus: registered new driver hid
[ 4.139316][ T1] greybus: registered new driver gbphy
[ 4.139447][ T1] gb_gbphy: registered new driver usb
[ 4.139453][ T1] Driver 'bcm2835-audio' was unable to register with bus_type 'vchiq-bus' because the bus was not initialized.
[ 4.156997][ T1] SPI driver st-magn-spi has no spi_device_id for st,lis3mdl-magn
[ 4.157026][ T1] SPI driver st-magn-spi has no spi_device_id for st,lsm303agr-magn
[ 4.157033][ T1] SPI driver st-magn-spi has no spi_device_id for st,lsm9ds1-magn
[ 4.157037][ T1] SPI driver st-magn-spi has no spi_device_id for st,lsm303c-magn
[ 4.162014][ T1] No ACPI PMU IRQ for CPU0
[ 4.162599][ T1] No ACPI PMU IRQ for CPU1
[ 4.165169][ T1] cs_system_cfg: CoreSight Configuration manager initialised
[ 4.172887][ T1] gnss: GNSS driver registered with major 480
[ 4.174764][ T1] usbcore: registered new interface driver gnss-usb
[ 4.179308][ T1] usbcore: registered new interface driver hdm_usb
[ 4.209551][ T1] usbcore: registered new interface driver snd-usb-audio
[ 4.210933][ T1] usbcore: registered new interface driver snd-ua101
[ 4.212173][ T1] usbcore: registered new interface driver snd-usb-caiaq
[ 4.213547][ T1] usbcore: registered new interface driver snd-usb-6fire
[ 4.214831][ T1] usbcore: registered new interface driver snd-usb-hiface
[ 4.216078][ T1] usbcore: registered new interface driver snd-bcd2000
[ 4.217398][ T1] usbcore: registered new interface driver snd_usb_pod
[ 4.218695][ T1] usbcore: registered new interface driver snd_usb_podhd
[ 4.220024][ T1] usbcore: registered new interface driver snd_usb_toneport
[ 4.221390][ T1] usbcore: registered new interface driver snd_usb_variax
[ 4.246436][ T1] NET: Registered PF_LLC protocol family
[ 4.248560][ T1] GACT probability on
[ 4.249222][ T1] Mirror/redirect action on
[ 4.250037][ T1] Simple TC action Loaded
[ 4.252240][ T1] netem: version 1.3
[ 4.252980][ T1] u32 classifier
[ 4.253525][ T1] Performance counters on
[ 4.254239][ T1] input device check on
[ 4.254951][ T1] Actions configured
[ 4.259129][ T1] xt_time: kernel timezone is -0000
[ 4.260259][ T1] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[ 4.261273][ T1] IPVS: Connection hash table configured (size=4096, memory=32Kbytes)
[ 4.262778][ T1] IPVS: ipvs loaded.
[ 4.263397][ T1] IPVS: [rr] scheduler registered.
[ 4.264148][ T1] IPVS: [wrr] scheduler registered.
[ 4.264909][ T1] IPVS: [lc] scheduler registered.
[ 4.265669][ T1] IPVS: [wlc] scheduler registered.
[ 4.266440][ T1] IPVS: [fo] scheduler registered.
[ 4.269245][ T1] IPVS: [ovf] scheduler registered.
[ 4.270028][ T1] IPVS: [lblc] scheduler registered.
[ 4.270824][ T1] IPVS: [lblcr] scheduler registered.
[ 4.271601][ T1] IPVS: [dh] scheduler registered.
[ 4.272343][ T1] IPVS: [sh] scheduler registered.
[ 4.273090][ T1] IPVS: [mh] scheduler registered.
[ 4.273841][ T1] IPVS: [sed] scheduler registered.
[ 4.274591][ T1] IPVS: [nq] scheduler registered.
[ 4.275330][ T1] IPVS: [twos] scheduler registered.
[ 4.276219][ T1] IPVS: [sip] pe registered.
[ 4.276982][ T1] ipip: IPv4 and MPLS over IPv4 tunneling driver
[ 4.279537][ T1] gre: GRE over IPv4 demultiplexer driver
[ 4.280435][ T1] ip_gre: GRE over IPv4 tunneling driver
[ 4.284631][ T1] IPv4 over IPsec tunneling driver
[ 4.287162][ T1] Initializing XFRM netlink socket
[ 4.288053][ T1] IPsec XFRM device driver
[ 4.288955][ T1] NET: Registered PF_INET6 protocol family
[ 4.313437][ T1] Segment Routing with IPv6
[ 4.313461][ T1] RPL Segment Routing with IPv6
[ 4.313550][ T1] In-situ OAM (IOAM) with IPv6
[ 4.313665][ T1] mip6: Mobile IPv6
[ 4.315144][ T1] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 4.318091][ T1] ip6_gre: GRE over IPv6 tunneling driver
[ 4.319618][ T1] NET: Registered PF_PACKET protocol family
[ 4.319641][ T1] PFKEY is deprecated and scheduled to be removed in 2027, please contact the netdev mailing list
[ 4.319667][ T1] NET: Registered PF_KEY protocol family
[ 4.319842][ T1] Bridge firewalling registered
[ 4.330815][ T1] NET: Registered PF_X25 protocol family
[ 4.330889][ T1] X25: Linux Version 0.2
[ 4.335006][ T1] NET: Registered PF_NETROM protocol family
[ 4.345214][ T1] NET: Registered PF_ROSE protocol family
[ 4.345342][ T1] NET: Registered PF_AX25 protocol family
[ 4.345374][ T1] can: controller area network core
[ 4.345486][ T1] NET: Registered PF_CAN protocol family
[ 4.345492][ T1] can: raw protocol
[ 4.345516][ T1] can: broadcast manager protocol
[ 4.345530][ T1] can: netlink gateway - max_hops=1
[ 4.345564][ T1] can: SAE J1939
[ 4.345575][ T1] can: isotp protocol (max_pdu_size 8300)
[ 4.346327][ T1] Bluetooth: RFCOMM TTY layer initialized
[ 4.346338][ T1] Bluetooth: RFCOMM socket layer initialized
[ 4.346376][ T1] Bluetooth: RFCOMM ver 1.11
[ 4.346399][ T1] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 4.346403][ T1] Bluetooth: BNEP filters: protocol multicast
[ 4.346412][ T1] Bluetooth: BNEP socket layer initialized
[ 4.346416][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 4.346424][ T1] Bluetooth: HIDP socket layer initialized
[ 4.359008][ T1] NET: Registered PF_RXRPC protocol family
[ 4.359032][ T1] Key type rxrpc registered
[ 4.359037][ T1] Key type rxrpc_s registered
[ 4.370108][ T1] NET: Registered PF_KCM protocol family
[ 4.381241][ T1] lec:lane_module_init: lec.c: initialized
[ 4.381257][ T1] mpoa:atm_mpoa_init: mpc.c: initialized
[ 4.381329][ T1] l2tp_core: L2TP core driver, V2.0
[ 4.381344][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0
[ 4.381349][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 4.381394][ T1] l2tp_netlink: L2TP netlink interface
[ 4.381490][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 4.381494][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 4.381571][ T1] NET: Registered PF_PHONET protocol family
[ 4.381648][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 4.381762][ T1] sctp: Hash tables configured (bind 32/56)
[ 4.393148][ T1] NET: Registered PF_RDS protocol family
[ 4.403453][ T1] Registered RDS/infiniband transport
[ 4.403821][ T1] Registered RDS/tcp transport
[ 4.403830][ T1] tipc: Activated (version 2.0.0)
[ 4.404053][ T1] NET: Registered PF_TIPC protocol family
[ 4.404399][ T1] tipc: Started in single node mode
[ 4.414974][ T1] smc: adding smcd device lo without pnetid
[ 4.415301][ T1] NET: Registered PF_SMC protocol family
[ 4.416237][ T1] 9pnet: Installing 9P2000 support
[ 4.416447][ T1] NET: Registered PF_CAIF protocol family
[ 4.419368][ T1] NET: Registered PF_IEEE802154 protocol family
[ 4.419507][ T1] Key type dns_resolver registered
[ 4.419545][ T1] Key type ceph registered
[ 4.429787][ T1] libceph: loaded (mon/osd proto 15/24)
[ 4.440408][ T1] batman_adv: B.A.T.M.A.N. advanced 2025.5 (compatibility version 15) loaded
[ 4.440508][ T1] openvswitch: Open vSwitch switching datapath
[ 4.442501][ T1] NET: Registered PF_VSOCK protocol family
[ 4.442637][ T1] mpls_gso: MPLS GSO support
[ 4.822713][ T1] registered taskstats version 1
[ 4.822898][ T1] Loading compiled-in X.509 certificates
[ 4.832493][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 811f05b8217b01507947d03032dd71bd9ac93532'
[ 4.953881][ T1] zswap: loaded using pool 842
[ 4.955557][ T1] Demotion targets for Node 0: null
[ 4.955597][ T1] debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers
[ 4.956478][ T1] page_owner is disabled
[ 4.956892][ T1] Key type .fscrypt registered
[ 4.956897][ T1] Key type fscrypt-provisioning registered
[ 4.958198][ T1] kAFS: Red Hat AFS client v0.1 registering.
[ 4.967262][ T1] Btrfs loaded, assert=on, zoned=yes, fsverity=yes
[ 4.967540][ T1] Key type big_key registered
[ 4.967567][ T1] Key type encrypted registered
[ 4.967589][ T1] ima: No TPM chip found, activating TPM-bypass!
[ 4.967606][ T1] Loading compiled-in module X.509 certificates
[ 4.975004][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 811f05b8217b01507947d03032dd71bd9ac93532'
[ 4.975026][ T1] ima: Allocated hash algorithm: sha256
[ 4.975115][ T1] ima: No architecture policies found
[ 4.975292][ T1] evm: Initialising EVM extended attributes:
[ 4.975295][ T1] evm: security.selinux (disabled)
[ 4.975298][ T1] evm: security.SMACK64
[ 4.975301][ T1] evm: security.SMACK64EXEC
[ 4.975303][ T1] evm: security.SMACK64TRANSMUTE
[ 4.975306][ T1] evm: security.SMACK64MMAP
[ 4.975309][ T1] evm: security.apparmor (disabled)
[ 4.975311][ T1] evm: security.ima
[ 4.975314][ T1] evm: security.capability
[ 4.975316][ T1] evm: HMAC attrs: 0x1
[ 4.977446][ T1] netconsole: network logging started
[ 4.977752][ T1] gtp: GTP module loaded (pdp ctx size 128 bytes)
[ 4.980673][ T1] rdma_rxe: loaded
[ 4.981002][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 4.982330][ T1] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 4.982751][ T1] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
[ 4.983244][ T2357] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[ 4.983254][ T2357] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[ 4.983868][ T1] clk: Disabling unused clocks
[ 4.983891][ T1] PM: genpd: Disabling unused power domains
[ 4.983909][ T1] ALSA device list:
[ 4.983914][ T1] #0: Dummy 1
[ 4.983919][ T1] #1: Loopback 1
[ 4.983924][ T1] #2: Virtual MIDI Card 1
[ 4.988889][ T1] check access for rdinit=/init failed: -2, ignoring
[ 4.988904][ T1] md: Skipping autodetection of RAID arrays. (raid=autodetect will force)
[ 5.031288][ T1] EXT4-fs (nvme0n1p2): orphan cleanup on readonly fs
[ 5.032013][ T1] EXT4-fs (nvme0n1p2): mounted filesystem f6b31226-d4d2-43c8-8f9b-5c8c4754e6f3 ro with ordered data mode. Quota mode: none.
[ 5.032125][ T1] VFS: Mounted root (ext4 filesystem) readonly on device 259:2.
[ 5.032915][ T1] devtmpfs: mounted
[ 5.036012][ T1] Freeing unused kernel memory: 4608K
[ 5.036341][ T1] Run /sbin/init as init process
[ 5.128162][ T6179] EXT4-fs (nvme0n1p2): re-mounted f6b31226-d4d2-43c8-8f9b-5c8c4754e6f3 r/w.
mount: mounting devtmpfs on /dev failed: Device or resource busy
mount: mounting selinuxfs on /sys/fs/selinux failed: No such file or directory
Starting syslogd: OK
Starting klogd: OK
Running sysctl: OK
Populating /dev using udev: [ 5.511544][ T6210] udevd[6210]: starting version 3.2.14
[ 5.542428][ T6211] udevd[6211]: starting eudev-3.2.14
done
Starting network: OK
Starting dhcpcd...
dhcpcd-10.2.0 starting
dev: loaded udev
no interfaces have a carrier
[ 10.409439][ T6266] 8021q: adding VLAN 0 to HW filter on device bond0
[ 10.412537][ T6266] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: OK
Starting sshd: OK


syzkaller

syzkaller login: [ 69.619848][ T2357] cfg80211: failed to load regulatory.db

GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1943484986=/tmp/go-build -gno-record-gcc-switches'

/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/bin/ld: /tmp/ccokLx97.o: in function `Connection::Connect(char const*, char const*)':

executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0xd8): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null

Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1596fc9a580000

Tested on:

commit: 8f0b4cce Linux 6.19-rc1
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
kernel config: https://syzkaller.appspot.com/x/.config?x=8a8594efdc14f07a
dashboard link: https://syzkaller.appspot.com/bug?extid=05f9cecd28e356241aba
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64

patch: https://syzkaller.appspot.com/x/patch.diff?x=1233349a580000

[syzbot]

For archival purposes, forwarding an incoming command email to
syzkall...@googlegroups.com.

***

Subject: Re: [syzbot] [net?] INFO: task hung in new_device_store (5)
Author: penguin...@i-love.sakura.ne.jp

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in rtnl_lock

INFO: task kworker/u8:14:4104 blocked for more than 145 seconds.

Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

task:kworker/u8:14 state:D
stack:0 pid:4104 tgid:4104 ppid:2 task_flags:0x4208060 flags:0x00000010

Workqueue: ipv6_addrconf addrconf_dad_work
Call trace:

__switch_to+0x418/0x87c arch/arm64/kernel/process.c:742 (T)

context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x1250/0x2a7c kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:6960
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
__mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
__mutex_lock kernel/locking/mutex.c:776 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828
rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
addrconf_dad_work+0x100/0x10cc net/ipv6/addrconf.c:4194
process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257
process_scheduled_works kernel/workqueue.c:3340 [inline]
worker_thread+0x958/0xed8 kernel/workqueue.c:3421
kthread+0x5fc/0x75c kernel/kthread.c:463
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844

INFO: task kworker/0:3:6622 blocked for more than 149 seconds.

Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

task:kworker/0:3 state:D stack:0 pid:6622 tgid:6622 ppid:2 task_flags:0x4208060 flags:0x00000010

Workqueue: events reg_todo
Call trace:

__switch_to+0x418/0x87c arch/arm64/kernel/process.c:742 (T)

context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x1250/0x2a7c kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:6960
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
__mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
__mutex_lock kernel/locking/mutex.c:776 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828
class_wiphy_constructor include/net/cfg80211.h:6363 [inline]
reg_process_self_managed_hints+0x98/0x1dc net/wireless/reg.c:3179
reg_todo+0x81c/0x98c net/wireless/reg.c:3192
process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257
process_scheduled_works kernel/workqueue.c:3340 [inline]
worker_thread+0x958/0xed8 kernel/workqueue.c:3421
kthread+0x5fc/0x75c kernel/kthread.c:463
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844

Showing all locks held in the system:
3 locks held by kworker/u8:0/12:

#0: ffff0000c0031948 ((wq_completion)events_unbound#2
){+.+.}-{0:0}, at: raw_spin_rq_lock_nested kernel/sched/core.c:639 [inline]
){+.+.}-{0:0}, at: raw_spin_rq_lock kernel/sched/sched.h:1558 [inline]
){+.+.}-{0:0}, at: rq_lock kernel/sched/sched.h:1885 [inline]
){+.+.}-{0:0}, at: __schedule+0x370/0x2a7c kernel/sched/core.c:6768
#1: ffff00019bc0c588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x6c/0x6dc kernel/sched/psi.c:933
#2: ffff00019bc0de98 (&base->lock){-.-.}-{2:2}, at: lock_timer_base kernel/time/timer.c:1004 [inline]
#2: ffff00019bc0de98 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x19c/0xd00 kernel/time/timer.c:1085
2 locks held by kworker/u8:1/13:
#0: ffff0000d5d53948 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231
#1: ffff800097d07be0 ((work_completion)(&(&bat_priv->tt.work)->work)){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231

1 lock held by khungtaskd/32:

#0: ffff80008fa5b5a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x4/0x48 include/linux/rcupdate.h:330
2 locks held by kworker/u8:3/42:

#0: ffff0000c0032148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231

#1: ffff800097ff7be0 ((work_completion)(&(&gc_work->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231
3 locks held by kworker/u8:6/713:

#0: ffff0000c0032148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231

#1: ffff80009da57be0 ((crda_timeout).work){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231
#2: ffff800092ae45e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:80
3 locks held by kworker/u8:7/1561:
#0: ffff0000c0031948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x63c/0x1558 kernel/workqueue.c:3231
#1: ffff8000a0627be0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x6d0/0x1558 kernel/workqueue.c:3231


Tested on:

commit: 8640b745 Merge tag 'kbuild-fixes-6.19-1' of git://git...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1664c422580000

kernel config: https://syzkaller.appspot.com/x/.config?x=8a8594efdc14f07a
dashboard link: https://syzkaller.appspot.com/bug?extid=05f9cecd28e356241aba
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64

patch: https://syzkaller.appspot.com/x/patch.diff?x=149bbb92580000

[syzbot]

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:

INFO: task hung in del_device_store

INFO: task syz-executor:7100 blocked for more than 143 seconds.

Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

task:syz-executor state:D stack:0 pid:7100 tgid:7100 ppid:7099 task_flags:0x400140 flags:0x00000010

Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:742 (T)
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x1250/0x2a7c kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:6960
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
__mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
__mutex_lock kernel/locking/mutex.c:776 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828

device_lock include/linux/device.h:895 [inline]
device_del+0xa4/0x808 drivers/base/core.c:3840
device_unregister+0x2c/0xf4 drivers/base/core.c:3919
nsim_bus_dev_del drivers/net/netdevsim/bus.c:483 [inline]
del_device_store+0x27c/0x31c drivers/net/netdevsim/bus.c:244
bus_attr_store+0x80/0xa4 drivers/base/bus.c:172
sysfs_kf_write+0x1a8/0x23c fs/sysfs/file.c:142
kernfs_fop_write_iter+0x33c/0x4d0 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x540/0xa3c fs/read_write.c:686
ksys_write+0x120/0x210 fs/read_write.c:738
__do_sys_write fs/read_write.c:749 [inline]
__se_sys_write fs/read_write.c:746 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:746

__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

INFO: task syz-executor:7102 blocked for more than 143 seconds.

Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

task:syz-executor state:D stack:0 pid:7102 tgid:7102 ppid:1 task_flags:0x400140 flags:0x00000001

Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:742 (T)
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x1250/0x2a7c kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:6960
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
__mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
__mutex_lock kernel/locking/mutex.c:776 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828

del_device_store+0xd4/0x31c drivers/net/netdevsim/bus.c:234
bus_attr_store+0x80/0xa4 drivers/base/bus.c:172
sysfs_kf_write+0x1a8/0x23c fs/sysfs/file.c:142
kernfs_fop_write_iter+0x33c/0x4d0 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x540/0xa3c fs/read_write.c:686
ksys_write+0x120/0x210 fs/read_write.c:738
__do_sys_write fs/read_write.c:749 [inline]
__se_sys_write fs/read_write.c:746 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:746

__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

INFO: task syz-executor:7113 blocked for more than 151 seconds.

Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

task:syz-executor state:D stack:0 pid:7113 tgid:7113 ppid:7112 task_flags:0x400140 flags:0x00800000

Call trace:
__switch_to+0x418/0x87c arch/arm64/kernel/process.c:742 (T)
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x1250/0x2a7c kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0xb4/0x230 kernel/sched/core.c:6960
schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7017
__mutex_lock_common+0xd04/0x2678 kernel/locking/mutex.c:692
__mutex_lock kernel/locking/mutex.c:776 [inline]
mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:828

del_device_store+0xd4/0x31c drivers/net/netdevsim/bus.c:234
bus_attr_store+0x80/0xa4 drivers/base/bus.c:172
sysfs_kf_write+0x1a8/0x23c fs/sysfs/file.c:142
kernfs_fop_write_iter+0x33c/0x4d0 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x540/0xa3c fs/read_write.c:686
ksys_write+0x120/0x210 fs/read_write.c:738

Tested on:

commit: 8640b745 Merge tag 'kbuild-fixes-6.19-1' of git://git...
git tree: upstream

console output: https://syzkaller.appspot.com/x/log.txt?x=170a7bb4580000

kernel config: https://syzkaller.appspot.com/x/.config?x=8a8594efdc14f07a
dashboard link: https://syzkaller.appspot.com/bug?extid=05f9cecd28e356241aba
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64

patch: https://syzkaller.appspot.com/x/patch.diff?x=1002c422580000

[Tetsuo Handa]

If we ratelimit

"received packet on %s with own address as source address (addr:%pM, vlan:%u)\n",

message with up to once per 2 second [1], this problem is shown as "task hung in rtnl_lock".
If we ratelimit this message with up to 10 times per 5 second [2], this problem is shown as
"INFO: task hung in del_device_store".

This difference suggests that this task hung is caused by out of CPU time for making
forward progress due to spending too much CPU time for printk() operation from interrupt
context. We might want to ratelimit more aggressively.

Link: https://lkml.kernel.org/r/69533402.050a022...@google.com [1]
Link: https://lkml.kernel.org/r/695347ee.050a022...@google.com [2]

[Hillf Danton]

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

--- x/kernel/hung_task.c
+++ y/kernel/hung_task.c
@@ -510,6 +510,7 @@ static int watchdog(void *dummy)
interval = min_t(unsigned long, interval, timeout);
t = hung_timeout_jiffies(hung_last_checked, interval);
if (t <= 0) {
+ timeout = 100;
if (!atomic_xchg(&reset_hung_task, 0) &&
!hung_detector_suspended)
check_hung_uninterruptible_tasks(timeout);
--

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

SYZFAIL: failed to recv rpc

SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)

Warning: Permanently added '10.128.1.232' (ED25519) to the list of known hosts.
1970/01/01 00:00:31 parsed 1 programs
[ 32.471623][ T6575] cgroup: Unknown subsys name 'net'
[ 32.602037][ T6575] cgroup: Unknown subsys name 'cpuset'
[ 32.604289][ T6575] cgroup: Unknown subsys name 'rlimit'

Setting up swapspace version 1, size = 127995904 bytes

[ 32.779944][ T6575] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS
[ 36.840617][ T6590] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linu...@kvack.org if you depend on this functionality.
[ 36.909920][ T599] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 36.911765][ T599] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 36.968895][ T6612] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 36.970758][ T6612] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 36.972197][ T6612] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 36.973473][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 36.973485][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 36.978733][ T6612] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 36.999923][ T6612] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 37.087028][ T6617] chnl_net:caif_netlink_parms(): no params data found
[ 37.291730][ T6617] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.293670][ T6617] bridge0: port 1(bridge_slave_0) entered disabled state
[ 37.295614][ T6617] bridge_slave_0: entered allmulticast mode
[ 37.297924][ T6617] bridge_slave_0: entered promiscuous mode
[ 37.313046][ T6617] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.314522][ T6617] bridge0: port 2(bridge_slave_1) entered disabled state
[ 37.314662][ T6617] bridge_slave_1: entered allmulticast mode
[ 37.317432][ T6617] bridge_slave_1: entered promiscuous mode
[ 37.342493][ T6617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 37.364082][ T6617] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 37.393439][ T6617] team0: Port device team_slave_0 added
[ 37.445234][ T6617] team0: Port device team_slave_1 added
[ 37.530482][ T6617] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 37.530542][ T6617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 37.530571][ T6617] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 37.531578][ T6617] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 37.531585][ T6617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 37.531597][ T6617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 37.613066][ T6617] hsr_slave_0: entered promiscuous mode
[ 37.613546][ T6617] hsr_slave_1: entered promiscuous mode
[ 37.935809][ T6617] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 37.938615][ T6617] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 37.944230][ T6617] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 37.955917][ T6617] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 37.986946][ T6617] 8021q: adding VLAN 0 to HW filter on device bond0
[ 37.994296][ T6617] 8021q: adding VLAN 0 to HW filter on device team0
[ 37.996204][ T3257] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.996240][ T3257] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 38.001927][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 38.001962][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 38.157489][ T6617] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 38.225710][ T6617] veth0_vlan: entered promiscuous mode
[ 38.227497][ T6617] veth1_vlan: entered promiscuous mode
[ 38.234578][ T6617] veth0_macvtap: entered promiscuous mode
[ 38.235624][ T6617] veth1_macvtap: entered promiscuous mode
[ 38.239734][ T6617] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 38.240999][ T6617] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 38.245343][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 38.246933][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 38.248857][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 38.251096][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
1970/01/01 00:00:38 executed programs: 0
[ 38.386255][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 38.388034][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 38.389544][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 38.391680][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 38.393243][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 38.625250][ T6681] chnl_net:caif_netlink_parms(): no params data found
[ 38.878994][ T3257] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 38.881792][ T6681] bridge0: port 1(bridge_slave_0) entered blocking state
[ 38.881870][ T6681] bridge0: port 1(bridge_slave_0) entered disabled state
[ 38.881988][ T6681] bridge_slave_0: entered allmulticast mode
[ 38.882458][ T6681] bridge_slave_0: entered promiscuous mode
[ 38.883287][ T6681] bridge0: port 2(bridge_slave_1) entered blocking state
[ 38.883307][ T6681] bridge0: port 2(bridge_slave_1) entered disabled state
[ 38.883360][ T6681] bridge_slave_1: entered allmulticast mode
[ 38.883761][ T6681] bridge_slave_1: entered promiscuous mode
[ 38.896150][ T6681] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 38.897081][ T6681] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 38.905934][ T6681] team0: Port device team_slave_0 added
[ 38.907754][ T6681] team0: Port device team_slave_1 added
[ 38.915307][ T6681] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 38.915331][ T6681] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 38.915350][ T6681] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 38.915856][ T6681] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 38.915862][ T6681] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 38.915874][ T6681] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 38.936180][ T6681] hsr_slave_0: entered promiscuous mode
[ 38.936515][ T6681] hsr_slave_1: entered promiscuous mode
[ 38.936718][ T6681] debugfs: 'hsr0' already exists in 'hsr'
[ 38.936758][ T6681] Cannot create hsr debugfs directory
[ 38.943893][ T3257] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 38.985257][ T3257] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 39.035979][ T3257] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 40.430477][ T53] Bluetooth: hci0: command tx timeout
[ 41.570853][ T3257] bridge_slave_1: left allmulticast mode
[ 41.572709][ T3257] bridge_slave_1: left promiscuous mode
[ 41.574227][ T3257] bridge0: port 2(bridge_slave_1) entered disabled state
[ 41.577301][ T3257] bridge_slave_0: left allmulticast mode
[ 41.577324][ T3257] bridge_slave_0: left promiscuous mode
[ 41.577479][ T3257] bridge0: port 1(bridge_slave_0) entered disabled state
[ 41.722713][ T3257] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 41.771484][ T3257] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 41.790991][ T3257] bond0 (unregistering): Released all slaves
[ 41.865272][ T3257] hsr_slave_0: left promiscuous mode
[ 41.866254][ T3257] hsr_slave_1: left promiscuous mode
[ 41.866541][ T3257] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 41.866558][ T3257] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 41.867038][ T3257] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 41.867047][ T3257] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 41.872015][ T3257] veth1_macvtap: left promiscuous mode
[ 41.872060][ T3257] veth0_macvtap: left promiscuous mode
[ 41.872108][ T3257] veth1_vlan: left promiscuous mode
[ 41.872153][ T3257] veth0_vlan: left promiscuous mode
[ 41.995869][ T3257] team0 (unregistering): Port device team_slave_1 removed
[ 42.002376][ T3257] team0 (unregistering): Port device team_slave_0 removed
[ 42.386710][ T6681] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 42.391513][ T6681] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 42.394382][ T6681] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 42.397224][ T6681] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 42.435096][ T6681] 8021q: adding VLAN 0 to HW filter on device bond0
[ 42.446667][ T6681] 8021q: adding VLAN 0 to HW filter on device team0
[ 42.451278][ T819] bridge0: port 1(bridge_slave_0) entered blocking state
[ 42.451317][ T819] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 42.453888][ T666] bridge0: port 2(bridge_slave_1) entered blocking state
[ 42.453907][ T666] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 42.500707][ T53] Bluetooth: hci0: command tx timeout
[ 42.511046][ T6681] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 42.521729][ T6681] veth0_vlan: entered promiscuous mode
[ 42.524564][ T6681] veth1_vlan: entered promiscuous mode
[ 42.533888][ T6681] veth0_macvtap: entered promiscuous mode
[ 42.534904][ T6681] veth1_macvtap: entered promiscuous mode
[ 42.538062][ T6681] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 42.541051][ T6681] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 42.544378][ T819] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 42.545881][ T819] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 42.547594][ T819] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 42.548994][ T819] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 42.575303][ T819] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 42.577497][ T819] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 42.585352][ T666] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 42.586324][ T666] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50

SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)

GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1911780612=/tmp/go-build -gno-record-gcc-switches'

/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/bin/ld: /tmp/ccHJUo9o.o: in function `Connection::Connect(char const*, char const*)':

executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0xd8): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null

Tested on:

commit: 8640b745 Merge tag 'kbuild-fixes-6.19-1' of git://git...
git tree: upstream

kernel config: https://syzkaller.appspot.com/x/.config?x=8a8594efdc14f07a
dashboard link: https://syzkaller.appspot.com/bug?extid=05f9cecd28e356241aba
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64

patch: https://syzkaller.appspot.com/x/patch.diff?x=1067949a580000

[syzbot]

For archival purposes, forwarding an incoming command email to
syzkall...@googlegroups.com.

***

Subject: Re: [syzbot] [net?] INFO: task hung in new_device_store (5)
Author: penguin...@i-love.sakura.ne.jp

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
index 2d4c5bab5af8..13b7a921cc3a 100644
--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
@@ -792,12 +792,6 @@ static void lockdep_print_held_locks(struct task_struct *p)
else
printk("%d lock%s held by %s/%d:\n", depth,
str_plural(depth), p->comm, task_pid_nr(p));
- /*
- * It's not reliable to print a task's held locks if it's not sleeping
- * and it's not the current task.
- */
- if (p != current && task_is_running(p))
- return;
for (i = 0; i < depth; i++) {
printk(" #%d: ", i);
print_lock(p->held_locks + i);

diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index 58d22e2b85fc..5c4df843b177 100644
--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -995,9 +995,6 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source,

if (likely(fdb)) {
/* attempt to update an entry for a local interface */
if (unlikely(test_bit(BR_FDB_LOCAL, &fdb->flags))) {
- if (net_ratelimit())

- br_warn(br, "received packet on %s with own address as source address (addr:%pM, vlan:%u)\n",
- source->dev->name, addr, vid);
} else {
unsigned long now = jiffies;
bool fdb_modified = false;

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

SYZFAIL: failed to recv rpc

SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)

Warning: Permanently added '10.128.10.21' (ED25519) to the list of known hosts.
1970/01/01 00:00:33 parsed 1 programs
[ 34.595053][ T6574] cgroup: Unknown subsys name 'net'
[ 34.745068][ T6574] cgroup: Unknown subsys name 'cpuset'
[ 34.746978][ T6574] cgroup: Unknown subsys name 'rlimit'

Setting up swapspace version 1, size = 127995904 bytes

[ 34.917455][ T6574] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS
[ 42.237282][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 42.239113][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 42.240666][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 42.242510][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 42.244658][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 42.318133][ T6589] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linu...@kvack.org if you depend on this functionality.
[ 42.330851][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 42.330883][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 42.358127][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 42.359482][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 42.936079][ T6631] chnl_net:caif_netlink_parms(): no params data found
[ 43.065956][ T6631] bridge0: port 1(bridge_slave_0) entered blocking state
[ 43.067590][ T6631] bridge0: port 1(bridge_slave_0) entered disabled state
[ 43.069087][ T6631] bridge_slave_0: entered allmulticast mode
[ 43.070758][ T6631] bridge_slave_0: entered promiscuous mode
[ 43.105741][ T6631] bridge0: port 2(bridge_slave_1) entered blocking state
[ 43.107034][ T6631] bridge0: port 2(bridge_slave_1) entered disabled state
[ 43.108357][ T6631] bridge_slave_1: entered allmulticast mode
[ 43.109850][ T6631] bridge_slave_1: entered promiscuous mode
[ 43.130851][ T6631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 43.138345][ T6631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 43.198443][ T6631] team0: Port device team_slave_0 added
[ 43.200373][ T6631] team0: Port device team_slave_1 added
[ 43.230111][ T6631] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 43.231292][ T6631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 43.237324][ T6631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 43.255103][ T6631] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 43.259539][ T6631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 43.264470][ T6631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 43.307858][ T6631] hsr_slave_0: entered promiscuous mode
[ 43.309501][ T6631] hsr_slave_1: entered promiscuous mode
[ 43.528843][ T6631] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 43.533089][ T6631] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 43.538635][ T6631] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 43.541207][ T6631] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 43.567146][ T6631] 8021q: adding VLAN 0 to HW filter on device bond0
[ 43.572525][ T6631] 8021q: adding VLAN 0 to HW filter on device team0
[ 43.578588][ T5188] bridge0: port 1(bridge_slave_0) entered blocking state
[ 43.578639][ T5188] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 43.581070][ T41] bridge0: port 2(bridge_slave_1) entered blocking state
[ 43.581088][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 43.710104][ T6631] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 43.730903][ T6631] veth0_vlan: entered promiscuous mode
[ 43.734344][ T6631] veth1_vlan: entered promiscuous mode
[ 43.741716][ T6631] veth0_macvtap: entered promiscuous mode
[ 43.744783][ T6631] veth1_macvtap: entered promiscuous mode
[ 43.749309][ T6631] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 43.752345][ T6631] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 43.824087][ T825] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 43.883955][ T825] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 43.885487][ T825] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 43.903861][ T825] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
1970/01/01 00:00:43 executed programs: 0
[ 43.991539][ T6162] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 43.993239][ T6162] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 43.995049][ T6162] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 43.996597][ T6162] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 43.998242][ T6162] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 44.063365][ T6685] chnl_net:caif_netlink_parms(): no params data found
[ 44.087212][ T6685] bridge0: port 1(bridge_slave_0) entered blocking state
[ 44.087293][ T6685] bridge0: port 1(bridge_slave_0) entered disabled state
[ 44.087344][ T6685] bridge_slave_0: entered allmulticast mode
[ 44.087767][ T6685] bridge_slave_0: entered promiscuous mode
[ 44.088930][ T6685] bridge0: port 2(bridge_slave_1) entered blocking state
[ 44.088978][ T6685] bridge0: port 2(bridge_slave_1) entered disabled state
[ 44.089023][ T6685] bridge_slave_1: entered allmulticast mode
[ 44.089448][ T6685] bridge_slave_1: entered promiscuous mode
[ 44.102408][ T6685] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 44.103304][ T6685] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 44.128118][ T6685] team0: Port device team_slave_0 added
[ 44.129165][ T6685] team0: Port device team_slave_1 added
[ 44.135876][ T6685] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 44.135901][ T6685] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 44.135918][ T6685] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 44.136432][ T6685] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 44.136438][ T6685] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 44.136448][ T6685] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 44.159247][ T6685] hsr_slave_0: entered promiscuous mode
[ 44.160734][ T6685] hsr_slave_1: entered promiscuous mode
[ 44.162193][ T6685] debugfs: 'hsr0' already exists in 'hsr'
[ 44.163441][ T6685] Cannot create hsr debugfs directory
[ 44.204803][ T6685] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 44.207252][ T6685] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 44.209729][ T6685] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 44.211719][ T6685] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 44.220229][ T6685] bridge0: port 2(bridge_slave_1) entered blocking state
[ 44.220269][ T6685] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 44.220414][ T6685] bridge0: port 1(bridge_slave_0) entered blocking state
[ 44.220438][ T6685] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 44.233479][ T6685] 8021q: adding VLAN 0 to HW filter on device bond0
[ 44.236569][ T5188] bridge0: port 1(bridge_slave_0) entered disabled state
[ 44.237964][ T5188] bridge0: port 2(bridge_slave_1) entered disabled state
[ 44.241410][ T6685] 8021q: adding VLAN 0 to HW filter on device team0
[ 44.245743][ T2746] bridge0: port 1(bridge_slave_0) entered blocking state
[ 44.245790][ T2746] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 44.248261][ T2746] bridge0: port 2(bridge_slave_1) entered blocking state
[ 44.248276][ T2746] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 44.299372][ T6685] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 44.309235][ T6685] veth0_vlan: entered promiscuous mode
[ 44.311035][ T6685] veth1_vlan: entered promiscuous mode
[ 44.319349][ T6685] veth0_macvtap: entered promiscuous mode
[ 44.320292][ T6685] veth1_macvtap: entered promiscuous mode
[ 44.323850][ T6685] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 44.325162][ T6685] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 44.327601][ T2746] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 44.327691][ T2746] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 44.327709][ T2746] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 44.327725][ T2746] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 44.352754][ T825] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 44.352779][ T825] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 44.365715][ T825] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 44.365742][ T825] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50

GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1018672540=/tmp/go-build -gno-record-gcc-switches'

/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/bin/ld: /tmp/ccCZ6pDV.o: in function `Connection::Connect(char const*, char const*)':

executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0xd8): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null



Tested on:

commit: 8640b745 Merge tag 'kbuild-fixes-6.19-1' of git://git...
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=8a8594efdc14f07a
dashboard link: https://syzkaller.appspot.com/bug?extid=05f9cecd28e356241aba
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64

patch: https://syzkaller.appspot.com/x/patch.diff?x=11ed749a580000