INFO: task syz.4.689:8876 blocked for more than 143 seconds.
Not tainted 6.1.131-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.689 state:D stack:23872 pid:8876 ppid:7545 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5243 [inline]
__schedule+0x143f/0x4570 kernel/sched/core.c:6560
schedule+0xbf/0x180 kernel/sched/core.c:6636
io_schedule+0x88/0x100 kernel/sched/core.c:8788
folio_wait_bit_common+0x878/0x1290 mm/filemap.c:1324
folio_put_wait_locked mm/filemap.c:1493 [inline]
do_read_cache_folio+0xb9/0x810 mm/filemap.c:3608
erofs_bread+0x19d/0x6b0 fs/erofs/data.c:50
erofs_find_target_block fs/erofs/namei.c:102 [inline]
erofs_namei+0x278/0xef0 fs/erofs/namei.c:175
erofs_lookup+0x1d6/0x4d0 fs/erofs/namei.c:204
__lookup_slow+0x27e/0x3d0 fs/namei.c:1690
lookup_slow+0x53/0x70 fs/namei.c:1707
walk_component+0x2d0/0x400 fs/namei.c:1998
lookup_last fs/namei.c:2455 [inline]
path_lookupat+0x16f/0x450 fs/namei.c:2479
filename_lookup+0x251/0x600 fs/namei.c:2508
user_path_at_empty+0x3e/0x60 fs/namei.c:2905
user_path_at include/linux/namei.h:57 [inline]
do_mount fs/namespace.c:3396 [inline]
__do_sys_mount fs/namespace.c:3607 [inline]
__se_sys_mount+0x296/0x3c0 fs/namespace.c:3584
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7efcadb8d169
RSP: 002b:00007efcae96d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007efcadda5fa0 RCX: 00007efcadb8d169
RDX: 0000400000000b80 RSI: 0000400000000040 RDI: 0000000000000000
RBP: 00007efcadc0e2a0 R08: 0000400000000580 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007efcadda5fa0 R15: 00007ffed8348938
</TASK>
INFO: task syz.4.689:8878 blocked for more than 144 seconds.
Not tainted 6.1.131-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.689 state:D stack:26120 pid:8878 ppid:7545 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5243 [inline]
__schedule+0x143f/0x4570 kernel/sched/core.c:6560
schedule+0xbf/0x180 kernel/sched/core.c:6636
io_schedule+0x88/0x100 kernel/sched/core.c:8788
folio_wait_bit_common+0x878/0x1290 mm/filemap.c:1324
lock_page include/linux/pagemap.h:995 [inline]
pickup_page_for_submission fs/erofs/zdata.c:1348 [inline]
z_erofs_submit_queue fs/erofs/zdata.c:1541 [inline]
z_erofs_runqueue+0xa59/0x1e10 fs/erofs/zdata.c:1613
z_erofs_readahead+0xc26/0x1030 fs/erofs/zdata.c:1760
read_pages+0x17f/0x830 mm/readahead.c:161
page_cache_ra_unbounded+0x68b/0x7b0 mm/readahead.c:270
do_page_cache_ra mm/readahead.c:300 [inline]
force_page_cache_ra+0x2a3/0x300 mm/readahead.c:331
force_page_cache_readahead mm/internal.h:125 [inline]
generic_fadvise+0x553/0x7b0 mm/fadvise.c:107
vfs_fadvise mm/fadvise.c:185 [inline]
ksys_fadvise64_64 mm/fadvise.c:199 [inline]
__do_sys_fadvise64 mm/fadvise.c:214 [inline]
__se_sys_fadvise64 mm/fadvise.c:212 [inline]
__x64_sys_fadvise64+0x138/0x180 mm/fadvise.c:212
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7efcadb8d169
RSP: 002b:00007efcae94c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd
RAX: ffffffffffffffda RBX: 00007efcadda6080 RCX: 00007efcadb8d169
RDX: 0000000000004101 RSI: 0000000000e0ffff RDI: 0000000000000005
RBP: 00007efcadc0e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007efcadda6080 R15: 00007ffed8348938
</TASK>
Showing all locks held in the system:
2 locks held by kworker/u4:0/9:
3 locks held by kworker/u4:1/11:
#0: ffff888017c79138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x806/0x1260 kernel/workqueue.c:2267
#1: ffffc90000107d20 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x806/0x1260 kernel/workqueue.c:2267
#2: ffffffff8d333cf8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:323 [inline]
#2: ffffffff8d333cf8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x360/0x930 kernel/rcu/tree_exp.h:962
1 lock held by rcu_tasks_kthre/12:
#0: ffffffff8d32e890 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 kernel/rcu/tasks.h:517
1 lock held by rcu_tasks_trace/13:
#0: ffffffff8d32f090 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 kernel/rcu/tasks.h:517
1 lock held by khungtaskd/28:
#0: ffffffff8d32e6c0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
#0: ffffffff8d32e6c0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
#0: ffffffff8d32e6c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 kernel/locking/lockdep.c:6510
1 lock held by udevd/3622:
2 locks held by dhcpcd/3915:
#0: ffffffff8e535fa8 (vlan_ioctl_mutex){+.+.}-{3:3}, at: sock_ioctl+0x526/0x770 net/socket.c:1283
#1: ffffffff8e5505a8 (rtnl_mutex){+.+.}-{3:3}, at: vlan_ioctl_handler+0x114/0x980 net/8021q/vlan.c:554
2 locks held by getty/4005:
#0: ffff88814cffb098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:244
#1: ffffc9000325e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x54a/0x1620 drivers/tty/n_tty.c:2198
2 locks held by kworker/0:6/4301:
#0: ffff888017c72138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x806/0x1260 kernel/workqueue.c:2267
#1: ffffc90003fd7d20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x806/0x1260 kernel/workqueue.c:2267
5 locks held by kworker/u4:18/4610:
5 locks held by kworker/u4:25/8088:
#0: ffff888017e16938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x806/0x1260 kernel/workqueue.c:2267
#1: ffffc9000355fd20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x806/0x1260 kernel/workqueue.c:2267
#2: ffffffff8e543a50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x166/0xd20 net/core/net_namespace.c:594
#3: ffff888073eda2f8 (&devlink->lock_key#17){+.+.}-{3:3}, at: devlink_pernet_pre_exit+0x132/0x2f0 net/devlink/leftover.c:12500
#4: ffffffff8e5505a8 (rtnl_mutex){+.+.}-{3:3}, at: devlink_nl_port_fill+0x1bc/0x920 net/devlink/leftover.c:1276
3 locks held by kworker/u4:26/8165:
#0: ffff888017c79138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x806/0x1260 kernel/workqueue.c:2267
#1: ffffc90003887d20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x806/0x1260 kernel/workqueue.c:2267
#2: ffffffff8e5505a8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 net/core/link_watch.c:263
1 lock held by syz.4.689/8876:
#0: ffff888059e49c50 (&type->i_mutex_dir_key#20){.+.+}-{3:3}, at: inode_lock_shared include/linux/fs.h:768 [inline]
#0: ffff888059e49c50 (&type->i_mutex_dir_key#20){.+.+}-{3:3}, at: lookup_slow+0x45/0x70 fs/namei.c:1706
1 lock held by syz.4.689/8878:
#0: ffff888059e49df0 (mapping.invalidate_lock#5){.+.+}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:813 [inline]
#0: ffff888059e49df0 (mapping.invalidate_lock#5){.+.+}-{3:3}, at: page_cache_ra_unbounded+0xed/0x7b0 mm/readahead.c:226
1 lock held by syz-executor/9614:
#0: ffffffff8d333cf8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:323 [inline]
#0: ffffffff8d333cf8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x360/0x930 kernel/rcu/tree_exp.h:962
1 lock held by syz.5.820/10154:
#0: ffffffff8e5505a8 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline]
#0: ffffffff8e5505a8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3a/0x1b0 drivers/net/tun.c:3492
1 lock held by syz-executor/10204:
#0: ffffffff8e5505a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline]
#0: ffffffff8e5505a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7cb/0x1000 net/core/rtnetlink.c:6147
2 locks held by syz-executor/10262:
#0: ffffffff8e543a50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x338/0x590 net/core/net_namespace.c:504
#1: ffffffff8e5505a8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xf/0x50 net/core/dev.c:10318
1 lock held by syz.6.841/10291:
#0: ffffffff8e5505a8 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x4a9/0x2320 drivers/net/tun.c:3104
1 lock held by syz.6.841/10295:
#0: ffffffff8e5505a8 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x4a9/0x2320 drivers/net/tun.c:3104
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.1.131-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
nmi_cpu_backtrace+0x4e1/0x560 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x1ca/0x430 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline]
watchdog+0xf88/0xfd0 kernel/hung_task.c:377
kthread+0x28d/0x320 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
NMI backtrace for cpu 0 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
NMI backtrace for cpu 0 skipped: idling at acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]
NMI backtrace for cpu 0 skipped: idling at acpi_idle_do_entry+0x10f/0x340 drivers/acpi/processor_idle.c:567