INFO: task hung in tap

ID	Workflow	Result	Correct	Bug	Created	Started	Finished	Revision	Error
ef9b5b65-0070-4d92-990f-cb36e78f1008	repro		❓	INFO: task hung in tap_release	2026/03/10 13:35	2026/03/10 17:12	2026/03/10 17:53	86914af9098a80da53c3c5d46be980c572ee29f8

INFO: task syz.4.1698:13176 blocked for more than 143 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.1698 state:D stack:27544 pid:13176 tgid:13176 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2c5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e5fa0 RCX: 00007f394c3c2085 RDX: 00007f394d2c5fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6038 R14: 00007f394c5e5fa0 R15: 00007fff0ad7aed8 </TASK> INFO: task kworker/u10:31:13726 blocked for more than 144 seconds. Tainted: G L syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u10:31 state:D stack:25480 pid:13726 tgid:13726 ppid:2 task_flags:0x4208160 flags:0x00080000 Workqueue: ipv6_addrconf addrconf_verify_work Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 rtnl_net_lock include/linux/rtnetlink.h:130 [inline] addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4734 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257 process_scheduled_works kernel/workqueue.c:3340 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 </TASK> INFO: task syz.4.1811:13738 blocked for more than 144 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.1811 state:D stack:27544 pid:13738 tgid:13738 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2c5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e5fa0 RCX: 00007f394c3c2085 RDX: 00007f394d2c5fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6038 R14: 00007f394c5e5fa0 R15: 00007fff0ad7aed8 </TASK> INFO: task syz.4.1838:13845 blocked for more than 144 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.1838 state:D stack:27544 pid:13845 tgid:13845 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2c5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e5fa0 RCX: 00007f394c3c2085 RDX: 00007f394d2c5fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6038 R14: 00007f394c5e5fa0 R15: 00007fff0ad7aed8 </TASK> INFO: task syz.4.1848:13886 blocked for more than 144 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.1848 state:D stack:27544 pid:13886 tgid:13886 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2c5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e5fa0 RCX: 00007f394c3c2085 RDX: 00007f394d2c5fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6038 R14: 00007f394c5e5fa0 R15: 00007fff0ad7aed8 </TASK> INFO: task syz.4.1895:14063 blocked for more than 145 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.1895 state:D stack:27544 pid:14063 tgid:14063 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2c5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e5fa0 RCX: 00007f394c3c2085 RDX: 00007f394d2c5fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6038 R14: 00007f394c5e5fa0 R15: 00007fff0ad7aed8 </TASK> INFO: task syz.4.1934:14220 blocked for more than 145 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.1934 state:D stack:27544 pid:14220 tgid:14220 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2c5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e5fa0 RCX: 00007f394c3c2085 RDX: 00007f394d2c5fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6038 R14: 00007f394c5e5fa0 R15: 00007fff0ad7aed8 </TASK> INFO: task syz.4.1997:14456 blocked for more than 145 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.1997 state:D stack:27544 pid:14456 tgid:14456 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2c5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e5fa0 RCX: 00007f394c3c2085 RDX: 00007f394d2c5fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6038 R14: 00007f394c5e5fa0 R15: 00007fff0ad7aed8 </TASK> INFO: task syz.4.2020:14559 blocked for more than 146 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.2020 state:D stack:27544 pid:14559 tgid:14559 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2c5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e5fa0 RCX: 00007f394c3c2085 RDX: 00007f394d2c5fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6038 R14: 00007f394c5e5fa0 R15: 00007fff0ad7aed8 </TASK> INFO: task syz.4.2052:14711 blocked for more than 146 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.2052 state:D stack:27544 pid:14711 tgid:14711 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2a4f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e6090 RCX: 00007f394c3c2085 RDX: 00007f394d2a4fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6128 R14: 00007f394c5e6090 R15: 00007fff0ad7aed8 </TASK> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings INFO: task syz.4.2086:14847 blocked for more than 146 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.2086 state:D stack:27544 pid:14847 tgid:14847 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2c5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e5fa0 RCX: 00007f394c3c2085 RDX: 00007f394d2c5fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6038 R14: 00007f394c5e5fa0 R15: 00007fff0ad7aed8 </TASK> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings INFO: task syz.4.2134:15063 blocked for more than 147 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.2134 state:D stack:27544 pid:15063 tgid:15063 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2c5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e5fa0 RCX: 00007f394c3c2085 RDX: 00007f394d2c5fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6038 R14: 00007f394c5e5fa0 R15: 00007fff0ad7aed8 </TASK> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings INFO: task syz.4.2178:15255 blocked for more than 147 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.2178 state:D stack:27544 pid:15255 tgid:15255 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2c5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e5fa0 RCX: 00007f394c3c2085 RDX: 00007f394d2c5fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6038 R14: 00007f394c5e5fa0 R15: 00007fff0ad7aed8 </TASK> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings INFO: task syz.0.2227:15495 blocked for more than 148 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.2227 state:D stack:27544 pid:15495 tgid:15495 ppid:14927 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fc88b7c2085 RSP: 002b:00007fc88c61ef80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007fc88b9e5fa0 RCX: 00007fc88b7c2085 RDX: 00007fc88c61efc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fc88b813f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007fc88b9e6038 R14: 00007fc88b9e5fa0 R15: 00007fff90bbf268 </TASK> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings INFO: task syz.1.2236:15535 blocked for more than 148 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.1.2236 state:D stack:27544 pid:15535 tgid:15535 ppid:15370 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff0cbfc2085 RSP: 002b:00007ff0ccf05f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007ff0cc1e5fa0 RCX: 00007ff0cbfc2085 RDX: 00007ff0ccf05fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007ff0cc013f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007ff0cc1e6038 R14: 00007ff0cc1e5fa0 R15: 00007ffeefe91c18 </TASK> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings INFO: task syz.1.2245:15580 blocked for more than 149 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.1.2245 state:D stack:27544 pid:15580 tgid:15580 ppid:15370 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff0cbfc2085 RSP: 002b:00007ff0ccf05f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007ff0cc1e5fa0 RCX: 00007ff0cbfc2085 RDX: 00007ff0ccf05fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007ff0cc013f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007ff0cc1e6038 R14: 00007ff0cc1e5fa0 R15: 00007ffeefe91c18 </TASK> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings INFO: task syz.4.2261:15649 blocked for more than 149 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.2261 state:D stack:27544 pid:15649 tgid:15649 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2c5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e5fa0 RCX: 00007f394c3c2085 RDX: 00007f394d2c5fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6038 R14: 00007f394c5e5fa0 R15: 00007fff0ad7aed8 </TASK> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings INFO: task syz.4.2281:15734 blocked for more than 149 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.2281 state:D stack:27544 pid:15734 tgid:15734 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2c5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e5fa0 RCX: 00007f394c3c2085 RDX: 00007f394d2c5fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6038 R14: 00007f394c5e5fa0 R15: 00007fff0ad7aed8 </TASK> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings INFO: task syz.4.2297:15795 blocked for more than 150 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.2297 state:D stack:27544 pid:15795 tgid:15795 ppid:11581 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f394c3c2085 RSP: 002b:00007f394d2c5f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007f394c5e5fa0 RCX: 00007f394c3c2085 RDX: 00007f394d2c5fc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f394c413f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007f394c5e6038 R14: 00007f394c5e5fa0 R15: 00007fff0ad7aed8 </TASK> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings INFO: task syz.0.2315:15871 blocked for more than 150 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.2315 state:D stack:27528 pid:15871 tgid:15871 ppid:14927 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fc88b7c2085 RSP: 002b:00007fc88c61ef80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007fc88b9e5fa0 RCX: 00007fc88b7c2085 RDX: 00007fc88c61efc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fc88b813f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007fc88b9e6038 R14: 00007fc88b9e5fa0 R15: 00007fff90bbf268 </TASK> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings INFO: task syz.0.2326:15918 blocked for more than 150 seconds. Tainted: G L syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.2326 state:D stack:27544 pid:15918 tgid:15918 ppid:14927 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5260 [inline] __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867 __schedule_loop kernel/sched/core.c:6949 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6964 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 tap_put_queue drivers/net/tap.c:163 [inline] tap_release+0x3e/0x450 drivers/net/tap.c:516 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fc88b7c2085 RSP: 002b:00007fc88c5fdf80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: fffffffffffffdfc RBX: 00007fc88b9e6090 RCX: 00007fc88b7c2085 RDX: 00007fc88c5fdfc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fc88b813f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 00007fc88b9e6128 R14: 00007fc88b9e6090 R15: 00007fff90bbf268 </TASK> Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings Showing all locks held in the system: 1 lock held by pool_workqueue_/3: #0: ffffffff8e3d4bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 kernel/rcu/tree_exp.h:343 3 locks held by kworker/0:0/9: #0: ffff88805c8bc148 ((wq_completion)wg-kex-wg2#16){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232 #1: ffffc900000e7c90 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233 #2: ffff88807b4ed278 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_begin_session+0x30/0xe80 drivers/net/wireguard/noise.c:822 2 locks held by kworker/0:1/10: 1 lock held by khungtaskd/31: #0: ffffffff8e3c94a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #0: ffffffff8e3c94a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline] #0: ffffffff8e3c94a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775 4 locks held by kworker/1:2/854: #0: ffff88805c8bc148 ((wq_completion)wg-kex-wg2#16){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232 #1: ffffc90003897c90 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233 #2: ffff88807765d308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1c2/0x880 drivers/net/wireguard/noise.c:598 #3: ffff88807b4ed278 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x5ac/0x880 drivers/net/wireguard/noise.c:632 4 locks held by kworker/1:3/5836: #0: ffff88805d9f0d48 ((wq_completion)wg-kex-wg1#13){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232 #1: ffffc90004197c90 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233 #2: ffff888079c91308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x1c2/0x880 drivers/net/wireguard/noise.c:598 #3: ffff88807b4e8d20 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x5ac/0x880 drivers/net/wireguard/noise.c:632 3 locks held by kworker/0:4/5893: 4 locks held by kworker/0:7/6391: 3 locks held by kworker/u10:0/8329: 3 locks held by kworker/u10:2/8336: 4 locks held by kworker/u10:3/8337: 2 locks held by kworker/u10:8/8350: 5 locks held by kworker/u11:1/8358: #0: ffff88807a786148 ((wq_completion)hci7){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232 #1: ffffc90002f37c90 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233 #2: ffff88802d848ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x175/0x470 net/bluetooth/hci_sync.c:331 #3: ffff88802d8480c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x13f/0xb20 net/bluetooth/hci_sync.c:5703 #4: ffffffff8e3d4bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 kernel/rcu/tree_exp.h:343 3 locks held by kworker/u10:12/8379: 2 locks held by kworker/u10:14/8384: 3 locks held by kworker/u10:16/8682: 4 locks held by kworker/u10:20/10339: #0: ffff88814d642948 ((wq_completion)ext4-rsv-conversion){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232 #1: ffffc90004a97c90 ((work_completion)(&ei->i_rsv_conversion_work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233 #2: ffff88814d916950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e7/0x1410 fs/jbd2/transaction.c:444 #3: ffff8880769575f0 (&ei->i_data_sem){++++}-{4:4}, at: ext4_map_blocks+0x475/0x1350 fs/ext4/inode.c:815 2 locks held by getty/11066: #0: ffff888031c6c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243 #1: ffffc900032662f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x1510 drivers/tty/n_tty.c:2211 6 locks held by kworker/u10:22/12191: 1 lock held by syz.4.1698/13176: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 2 locks held by kworker/u10:23/13718: #0: ffff88813ff69148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232 #1: ffffc9000c13fc90 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233 4 locks held by kworker/u10:24/13719: 3 locks held by kworker/u10:27/13722: 3 locks held by kworker/u10:28/13723: 3 locks held by kworker/u10:29/13724: 3 locks held by kworker/u10:31/13726: #0: ffff88814c576948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232 #1: ffffc9000bb87c90 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233 #2: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline] #2: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4734 5 locks held by kworker/u10:32/13727: 2 locks held by kworker/u10:34/13729: 4 locks held by kworker/u10:35/13730: 4 locks held by kworker/u10:36/13731: #0: ffff88801badf148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232 #1: ffffc9000ba7fc90 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233 #2: ffffffff9012f010 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x830 net/core/net_namespace.c:670 #3: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_pernet_exit+0x17/0x120 net/wireless/core.c:1693 3 locks held by kworker/u10:37/13732: 1 lock held by syz.4.1811/13738: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.4.1838/13845: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.4.1848/13886: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.4.1895/14063: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.4.1934/14220: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.4.1997/14456: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.4.2020/14559: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.4.2052/14711: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.4.2086/14847: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.4.2134/15063: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.4.2178/15255: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.0.2227/15495: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.1.2236/15535: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.1.2245/15580: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.4.2261/15649: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.4.2281/15734: #0: ffffffff90145ae8 ( rtnl_mutex ){+.+.}-{4:4} , at: tap_put_queue drivers/net/tap.c:163 [inline] , at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.4.2297/15795: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.0.2315/15871: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.0.2326/15918: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_put_queue drivers/net/tap.c:163 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tap_release+0x3e/0x450 drivers/net/tap.c:516 1 lock held by syz.1.2586/17104: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3436 1 lock held by modprobe/17119: 1 lock held by syz.0.2589/17123: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3436 1 lock held by syz.4.2590/17133: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3436 3 locks held by kworker/0:8/17137: 4 locks held by kworker/0:10/17140: #0: ffff88813ff56948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232 #1: ffffc9000b98fc90 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233 #2: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x91/0x1190 net/wireless/reg.c:2453 #3: ffff888078d10788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6363 [inline] #3: ffff888078d10788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_leave_invalid_chans net/wireless/reg.c:2441 [inline] #3: ffff888078d10788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x11b/0x1190 net/wireless/reg.c:2456 1 lock held by syz.2.2593/17144: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3436 4 locks held by kworker/0:12/17156: 1 lock held by syz-executor/17158: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:978 2 locks held by kworker/0:14/17175: 3 locks held by kworker/0:16/17177: 2 locks held by kworker/0:17/17184: 3 locks held by kworker/0:18/17193: #0: ffff88813ff55948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232 #1: ffffc90003177c90 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233 #2: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104 1 lock held by syz-executor/17199: #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline] #0: ffffffff90145ae8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 net/ipv4/devinet.c:978 1 lock held by syz-executor/17200: #0: ffff8880b3e50ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_open+0x22/0xb0 net/bluetooth/hci_core.c:428 1 lock held by syz-executor/17205: #0: ffff888037d98ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_open+0x22/0xb0 net/bluetooth/hci_core.c:428 ============================================= NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline] __sys_info lib/sys_info.c:157 [inline] sys_info+0x133/0x180 lib/sys_info.c:165 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline] watchdog+0xe66/0x1180 kernel/hung_task.c:515 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 </TASK> Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 13720 Comm: kworker/u10:25 Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker RIP: 0010:get_current arch/x86/include/asm/current.h:25 [inline] RIP: 0010:rcu_preempt_read_exit kernel/rcu/tree_plugin.h:398 [inline] RIP: 0010:__rcu_read_unlock+0x43/0x5a0 kernel/rcu/tree_plugin.h:435 Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 45 02 00 00 <65> 4c 8b 25 8d b1 0e 12 49 8d bc 24 84 04 00 00 8b 9d 84 04 00 00 RSP: 0018:ffffc90000006828 EFLAGS: 00000246 RAX: 0000000000000007 RBX: ffffc90000006cd0 RCX: ffffc90000006814 RDX: 0000000000000000 RSI: ffffffff8daa5da7 RDI: ffff888035b16004 RBP: ffff888035b15b80 R08: 0000000000000001 R09: 0000000039529a68 R10: 0000000000000002 R11: 0000000000011c0b R12: ffffc90000006900 R13: ffffc900000068c0 R14: ffffc90000006cb0 R15: ffffc900000068f4 FS: 0000000000000000(0000) GS:ffff8881248f8000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3b88414e9c CR3: 000000000e184000 CR4: 00000000003526f0 Call Trace: <IRQ> rcu_read_unlock include/linux/rcupdate.h:899 [inline] class_rcu_destructor include/linux/rcupdate.h:1195 [inline] unwind_next_frame+0x3fe/0x20b0 arch/x86/kernel/unwind_orc.c:495 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122 kasan_save_stack+0x33/0x60 mm/kasan/common.c:57 kasan_save_track+0x14/0x30 mm/kasan/common.c:78 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:584 poison_slab_object mm/kasan/common.c:253 [inline] __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:2540 [inline] slab_free mm/slub.c:6670 [inline] kmem_cache_free+0x2d8/0x770 mm/slub.c:6781 __skb_ext_put+0x102/0x2c0 net/core/skbuff.c:7203 __skb_ext_del+0xf3/0x340 net/core/skbuff.c:7170 skb_ext_del include/linux/skbuff.h:5057 [inline] nf_bridge_info_free net/bridge/br_netfilter_hooks.c:156 [inline] br_nf_dev_queue_xmit+0x7a0/0x2b00 net/bridge/br_netfilter_hooks.c:919 NF_HOOK include/linux/netfilter.h:318 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] br_nf_post_routing+0x8e7/0x1190 net/bridge/br_netfilter_hooks.c:966 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_slow+0xbe/0x200 net/netfilter/core.c:623 nf_hook+0x45e/0x780 include/linux/netfilter.h:273 NF_HOOK include/linux/netfilter.h:316 [inline] br_forward_finish+0xcd/0x130 net/bridge/br_forward.c:66 br_nf_hook_thresh+0x307/0x410 net/bridge/br_netfilter_hooks.c:1167 br_nf_forward_finish+0x66a/0xba0 net/bridge/br_netfilter_hooks.c:662 NF_HOOK include/linux/netfilter.h:318 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] br_nf_forward_ip.part.0+0x609/0x810 net/bridge/br_netfilter_hooks.c:716 br_nf_forward_ip net/bridge/br_netfilter_hooks.c:676 [inline] br_nf_forward+0xf0f/0x1be0 net/bridge/br_netfilter_hooks.c:773 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_slow+0xbe/0x200 net/netfilter/core.c:623 nf_hook+0x45e/0x780 include/linux/netfilter.h:273 NF_HOOK include/linux/netfilter.h:316 [inline] __br_forward+0x1be/0x5b0 net/bridge/br_forward.c:115 deliver_clone net/bridge/br_forward.c:131 [inline] maybe_deliver+0xf1/0x180 net/bridge/br_forward.c:191 br_flood+0x17c/0x650 net/bridge/br_forward.c:238 br_handle_frame_finish+0x1117/0x1f00 net/bridge/br_input.c:229 br_nf_hook_thresh+0x307/0x410 net/bridge/br_netfilter_hooks.c:1167 br_nf_pre_routing_finish_ipv6+0x76a/0xfc0 net/bridge/br_netfilter_ipv6.c:154 NF_HOOK include/linux/netfilter.h:318 [inline] br_nf_pre_routing_ipv6+0x3cd/0x8c0 net/bridge/br_netfilter_ipv6.c:184 br_nf_pre_routing+0x860/0x15b0 net/bridge/br_netfilter_hooks.c:508 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_bridge_pre net/bridge/br_input.c:291 [inline] br_handle_frame+0xb28/0x14e0 net/bridge/br_input.c:442 __netif_receive_skb_core.constprop.0+0x6b3/0x35b0 net/core/dev.c:6039 __netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:6150 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6265 process_backlog+0x4ab/0x1650 net/core/dev.c:6617 __napi_poll.constprop.0+0xb3/0x540 net/core/dev.c:7681 napi_poll net/core/dev.c:7744 [inline] net_rx_action+0x9f9/0xfa0 net/core/dev.c:7896 handle_softirqs+0x219/0x950 kernel/softirq.c:622 do_softirq kernel/softirq.c:523 [inline] do_softirq+0xb2/0xf0 kernel/softirq.c:510 </IRQ> <TASK> __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:450 local_bh_enable include/linux/bottom_half.h:33 [inline] fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline] kernel_fpu_end arch/x86/kernel/fpu/core.c:506 [inline] kernel_fpu_end+0x5e/0x70 arch/x86/kernel/fpu/core.c:499

Crashes (1):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2026/01/19 11:48	upstream	24d479d26b25	d1b870e1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-qemu-gce-upstream-auto	INFO: task hung in tap_release

Crashes (1):

Assets (help?)