INFO: task syz.0.1095:10223 blocked for more than 145 seconds.
Not tainted 6.11.0-rc5-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.1095 state:D stack:24368 pid:10223 tgid:10215 ppid:6118 flags:0x00004004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5188 [inline]
__schedule+0x17ae/0x4a10 kernel/sched/core.c:6529
__schedule_loop kernel/sched/core.c:6606 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6621
io_schedule+0x8d/0x110 kernel/sched/core.c:7401
folio_wait_bit_common+0x882/0x12b0 mm/filemap.c:1307
__filemap_get_folio+0xb7/0xc10 mm/filemap.c:1898
iomap_get_folio fs/iomap/buffered-io.c:609 [inline]
__iomap_get_folio fs/iomap/buffered-io.c:755 [inline]
iomap_write_begin+0x529/0x16f0 fs/iomap/buffered-io.c:798
iomap_write_iter fs/iomap/buffered-io.c:956 [inline]
iomap_file_buffered_write+0x61c/0xdc0 fs/iomap/buffered-io.c:1039
blkdev_buffered_write block/fops.c:668 [inline]
blkdev_write_iter+0x406/0x5d0 block/fops.c:718
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0xa72/0xc90 fs/read_write.c:590
ksys_write+0x1a0/0x2c0 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbc6ad79e79
RSP: 002b:00007fbc6a7ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fbc6af16130 RCX: 00007fbc6ad79e79
RDX: 0000000000000133 RSI: 00000000200007c0 RDI: 0000000000000003
RBP: 00007fbc6ade793e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fbc6af16130 R15: 00007ffde88b0068
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/30:
#0: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:326 [inline]
#0: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
#0: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6626
3 locks held by kswapd0/91:
3 locks held by kworker/0:2/944:
#0: ffff888015480948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
#0: ffff888015480948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
#1: ffffc90003ccfd00 (deferred_process_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
#1: ffffc90003ccfd00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
#2: ffffffff8fa72588 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
6 locks held by kworker/u8:8/2555:
#0: ffff8880162e3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
#0: ffff8880162e3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
#1: ffffc900093e7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
#1: ffffc900093e7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
#2: ffffffff8fa659d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 net/core/net_namespace.c:594
#3: ffffffff8fa72588 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 net/core/dev.c:11883
#4: ffff88807eab4d40 (team->team_lock_key#17){+.+.}-{3:3}, at: team_del_slave+0x32/0x1d0 drivers/net/team/team_core.c:1990
#5: ffffffff8e73d6f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:296 [inline]
#5: ffffffff8e73d6f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 kernel/rcu/tree_exp.h:958
2 locks held by dhcpcd/4885:
#0: ffff8881ccbe3678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x790 net/netlink/af_netlink.c:2404
#1: ffffffff8fa72588 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
#1: ffffffff8fa72588 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x99/0x200 net/core/rtnetlink.c:6506
2 locks held by getty/4975:
#0: ffff88802ff090a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00 drivers/tty/n_tty.c:2211
3 locks held by kworker/u8:13/7268:
#0: ffff88802ab88148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
#0: ffff88802ab88148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
#1: ffffc9000929fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
#1: ffffc9000929fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
#2: ffffffff8fa72588 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 net/ipv6/addrconf.c:4194
2 locks held by syz.4.962/9574:
3 locks held by kworker/u8:19/9810:
#0: ffff888015489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
#0: ffff888015489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
#1: ffffc9000cc67d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
#1: ffffc9000cc67d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
#2: ffffffff8fa72588 (
rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:276
1 lock held by syz-executor/10870:
#0: ffffffff8fa72588 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
#0: ffffffff8fa72588 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6644
4 locks held by syz-executor/10895:
#0: ffff88803018e420 (sb_writers#8){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2881 [inline]
#0: ffff88803018e420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 fs/read_write.c:586
#1: ffff888030025888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 fs/kernfs/file.c:325
#2: ffff888022fd3698 (kn->active#51){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 fs/kernfs/file.c:326
#3: ffffffff8f30eb48 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890 drivers/net/netdevsim/bus.c:166
7 locks held by syz-executor/10900:
#0: ffff88803018e420 (sb_writers#8){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2881 [inline]
#0: ffff88803018e420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 fs/read_write.c:586
#1: ffff88807120a488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 fs/kernfs/file.c:325
#2: ffff888022fd3788 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 fs/kernfs/file.c:326
#3: ffffffff8f30eb48 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480 drivers/net/netdevsim/bus.c:216
#4: ffff88814f7360e8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1009 [inline]
#4: ffff88814f7360e8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1094 [inline]
#4: ffff88814f7360e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1292
#5: ffff88814f732250 (&devlink->lock_key#17){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160 drivers/net/netdevsim/dev.c:1672
#6: ffffffff8fa72588 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x71/0x5c0 drivers/net/netdevsim/netdev.c:773
1 lock held by syz-executor/11056:
#0: ffffffff8fa72588 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
#0: ffffffff8fa72588 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6644
1 lock held by syz-executor/11080:
#0: ffffffff8fa72588 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
#0: ffffffff8fa72588 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 net/core/rtnetlink.c:6644
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:93 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xff4/0x1040 kernel/hung_task.c:379
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 9574 Comm: syz.4.962 Not tainted 6.11.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:__lock_acquire+0x434/0x2040 kernel/locking/lockdep.c:5079
Code: 24 58 0f b6 04 30 84 c0 48 89 7c 24 18 0f 85 7c 13 00 00 31 c0 83 bc 24 e8 00 00 00 00 0f 95 c0 31 c9 83 3f 00 0f 95 c1 09 cb <c1> e3 0d 44 09 c3 8b 4c 24 54 c1 e1 0f 0f b7 c9 09 d9 8b 7c 24 68
RSP: 0018:ffffc9000ac165f0 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000003 RSI: dffffc0000000000 RDI: ffff888021538ac4
RBP: 000000000000000f R08: 0000000000000027 R09: ffff888021538ae0
R10: dffffc0000000000 R11: fffffbfff1fed976 R12: ffff888021538000
R13: 0000000000000027 R14: 0000000000000000 R15: ffff88823fff7f50
FS: 00007fbb43afb6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055bc785ba043 CR3: 0000000071684000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759
seqcount_lockdep_reader_access+0xed/0x1e0 include/linux/seqlock.h:72
read_seqbegin include/linux/seqlock.h:772 [inline]
zone_span_seqbegin include/linux/memory_hotplug.h:151 [inline]
page_outside_zone_boundaries mm/page_alloc.c:434 [inline]
bad_range+0x5f/0x270 mm/page_alloc.c:453
expand+0x73/0x220 mm/page_alloc.c:1351
__rmqueue_smallest mm/page_alloc.c:1537 [inline]
__rmqueue mm/page_alloc.c:2238 [inline]
rmqueue_bulk mm/page_alloc.c:2264 [inline]
__rmqueue_pcplist+0xaee/0x22c0 mm/page_alloc.c:2957
rmqueue_pcplist mm/page_alloc.c:2999 [inline]
rmqueue mm/page_alloc.c:3036 [inline]
get_page_from_freelist+0x85a/0x2f10 mm/page_alloc.c:3436
__alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695
alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2263
alloc_pages_noprof mm/mempolicy.c:2343 [inline]
folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2350
filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1008
page_cache_ra_unbounded+0x1f4/0x7f0 mm/readahead.c:248
do_sync_mmap_readahead+0x49c/0x970
filemap_fault+0x828/0x1760 mm/filemap.c:3314
__do_fault+0x135/0x460 mm/memory.c:4655
do_shared_fault mm/memory.c:5121 [inline]
do_fault mm/memory.c:5195 [inline]
do_pte_missing mm/memory.c:3947 [inline]
handle_pte_fault+0x1176/0x6fc0 mm/memory.c:5521
__handle_mm_fault mm/memory.c:5664 [inline]
handle_mm_fault+0xf70/0x1880 mm/memory.c:5832
do_user_addr_fault arch/x86/mm/fault.c:1389 [inline]
handle_page_fault arch/x86/mm/fault.c:1481 [inline]
exc_page_fault+0x2b9/0x8c0 arch/x86/mm/fault.c:1539
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:rep_movs_alternative+0x4a/0x70 arch/x86/lib/copy_user_64.S:71
Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1
RSP: 0018:ffffc9000ac17af8 EFLAGS: 00050246
RAX: ffffffff84a60501 RBX: 0000000000000040 RCX: 0000000000000040
RDX: 0000000000000000 RSI: ffffc9000ac17d40 RDI: 0000000020000600
RBP: ffffc9000ac17c70 R08: ffffc9000ac17d7f R09: 1ffff92001582faf
R10: dffffc0000000000 R11: fffff52001582fb0 R12: 1ffff92001582fc9
R13: 0000000020000600 R14: ffffc9000ac17e48 R15: ffffc9000ac17d40
copy_user_generic arch/x86/include/asm/uaccess_64.h:110 [inline]
raw_copy_to_user arch/x86/include/asm/uaccess_64.h:131 [inline]
copy_to_user_iter lib/iov_iter.c:25 [inline]
iterate_ubuf include/linux/iov_iter.h:29 [inline]
iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
iterate_and_advance include/linux/iov_iter.h:271 [inline]
_copy_to_iter+0x26b/0x1960 lib/iov_iter.c:185
copy_to_iter include/linux/uio.h:196 [inline]
get_random_bytes_user+0x1e5/0x420 drivers/char/random.c:464
__do_sys_getrandom drivers/char/random.c:1406 [inline]
__se_sys_getrandom drivers/char/random.c:1380 [inline]
__x64_sys_getrandom+0x152/0x250 drivers/char/random.c:1380
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbb42d79e79
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbb43afb038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e
RAX: ffffffffffffffda RBX: 00007fbb42f15f80 RCX: 00007fbb42d79e79
RDX: 0000000000000000 RSI: 00000000ffffff4f RDI: 0000000020000600
RBP: 00007fbb42de793e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fbb42f15f80 R15: 00007ffed01e7c18
</TASK>