syzbot

INFO: task syz.5.4364:21090 blocked for more than 144 seconds.
      Not tainted 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.4364      state:D stack:27856 pid:21090 tgid:21090 ppid:6457   flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5328 [inline]
 __schedule+0xe55/0x5740 kernel/sched/core.c:6690
 __schedule_loop kernel/sched/core.c:6767 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6782
 schedule_timeout+0x258/0x2a0 kernel/time/timer.c:2591
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common+0x3e1/0x600 kernel/sched/completion.c:116
 __vhost_worker_flush+0x1aa/0x1e0 drivers/vhost/vhost.c:288
 vhost_worker_flush drivers/vhost/vhost.c:295 [inline]
 vhost_dev_flush+0xad/0x120 drivers/vhost/vhost.c:305
 vhost_net_flush+0x1d/0x1b0 drivers/vhost/net.c:1359
 vhost_net_release+0xa3/0x260 drivers/vhost/net.c:1380
 __fput+0x3f6/0xb60 fs/file_table.c:431
 task_work_run+0x14e/0x250 kernel/task_work.c:239
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fede037e719
RSP: 002b:00007ffc200140a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007fede0537a80 RCX: 00007fede037e719
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007fede0537a80 R08: 0000000000000006 R09: 00007ffc2001439f
R10: 00000000003ffd04 R11: 0000000000000246 R12: 0000000000107da4
R13: 00007ffc200141b0 R14: 0000000000000032 R15: ffffffffffffffff
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/30:
 #0: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #0: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6720
2 locks held by kworker/u8:4/66:
 #0: ffff888147e91148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 kernel/workqueue.c:3204
 #1: ffffc900015c7d80 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
3 locks held by kworker/u8:7/3504:
2 locks held by getty/5578:
 #0: ffff8880362c20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc900032532f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
3 locks held by kworker/0:5/19469:
1 lock held by syz-executor/23527:
 #0: ffffffff8e1c3c38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock+0x282/0x3b0 kernel/rcu/tree_exp.h:297

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
 watchdog+0xf0c/0x1240 kernel/hung_task.c:379
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 6149 Comm: kworker/u8:10 Not tainted 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Workqueue: ipv6_addrconf addrconf_dad_work
RIP: 0010:on_stack arch/x86/include/asm/stacktrace.h:60 [inline]
RIP: 0010:stack_access_ok+0x7e/0x200 arch/x86/kernel/unwind_orc.c:393
Code: 85 52 01 00 00 48 89 da 48 8b 4b 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 0b 01 00 00 <8b> 13 85 d2 74 23 49 39 ef 77 1e 48 39 e9 76 19 4a 8d 54 25 00 49
RSP: 0018:ffffc9000b07f2e8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffc9000b07f398 RCX: ffffc9000b080000
RDX: 1ffff9200160fe73 RSI: ffffc9000b07f4c0 RDI: ffffc9000b07f398
RBP: ffffc9000b07f4c0 R08: ffffffff90f5c8e6 R09: ffffffff90f5c8ae
R10: ffffc9000b07f398 R11: 0000000000007949 R12: 0000000000000008
R13: ffffc9000b07f3a8 R14: ffffc9000b07f3a0 R15: ffffc9000b078000
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffec229fa50 CR3: 000000004e3b2000 CR4: 00000000003526f0
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 deref_stack_reg arch/x86/kernel/unwind_orc.c:403 [inline]
 unwind_next_frame+0xac7/0x20c0 arch/x86/kernel/unwind_orc.c:585
 arch_stack_walk+0x95/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:2342 [inline]
 slab_free mm/slub.c:4579 [inline]
 kmem_cache_free+0x152/0x4b0 mm/slub.c:4681
 skb_kfree_head net/core/skbuff.c:1084 [inline]
 skb_kfree_head net/core/skbuff.c:1081 [inline]
 skb_free_head+0x18a/0x1d0 net/core/skbuff.c:1098
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 consume_skb net/core/skbuff.c:1436 [inline]
 consume_skb+0xbf/0x100 net/core/skbuff.c:1430
 netlink_broadcast_filtered+0x3d5/0xef0 net/netlink/af_netlink.c:1542
 nlmsg_multicast_filtered include/net/netlink.h:1125 [inline]
 nlmsg_multicast include/net/netlink.h:1144 [inline]
 nlmsg_notify+0x9e/0x220 net/netlink/af_netlink.c:2594
 inet6_ifa_notify net/ipv6/addrconf.c:5619 [inline]
 __ipv6_ifa_notify+0x26b/0xe20 net/ipv6/addrconf.c:6254
 ipv6_ifa_notify net/ipv6/addrconf.c:6306 [inline]
 addrconf_dad_completed+0x19d/0x1060 net/ipv6/addrconf.c:4322
 addrconf_dad_work+0x7fb/0x14d0 net/ipv6/addrconf.c:4270
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>