INFO: task syz.3.60:6115 blocked for more than 145 seconds.
Not tainted 6.13.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.60 state:D
stack:27888 pid:6115 tgid:6115 ppid:5811 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5369 [inline]
__schedule+0xe58/0x5ad0 kernel/sched/core.c:6756
__schedule_loop kernel/sched/core.c:6833 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6848
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6905
__mutex_lock_common kernel/locking/mutex.c:665 [inline]
__mutex_lock+0x62b/0xa60 kernel/locking/mutex.c:735
unregister_netdev+0x12/0x30 net/core/dev.c:11626
slip_close+0x165/0x1c0 drivers/net/slip/slip.c:906
tty_ldisc_close+0x111/0x1a0 drivers/tty/tty_ldisc.c:455
tty_ldisc_kill+0x8e/0x150 drivers/tty/tty_ldisc.c:613
tty_ldisc_release+0x17b/0x2a0 drivers/tty/tty_ldisc.c:781
tty_release_struct+0x23/0xe0 drivers/tty/tty_io.c:1690
tty_release+0xe25/0x1410 drivers/tty/tty_io.c:1861
__fput+0x3f8/0xb60 fs/file_table.c:450
task_work_run+0x14e/0x250 kernel/task_work.c:239
exit_task_work include/linux/task_work.h:43 [inline]
do_exit+0xad8/0x2d70 kernel/exit.c:938
do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
get_signal+0x24ed/0x26c0 kernel/signal.c:3036
arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1af2bb85e5
RSP: 002b:00007f1af398ef80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: fffffffffffffdfc RBX: 00007f1af2d76160 RCX: 00007f1af2bb85e5
RDX: 00007f1af398efc0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f1af2c01b08 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f1af2d76160 R15: 00007fff95fb5918
</TASK>
Showing all locks held in the system:
3 locks held by kworker/u8:0/11:
#0: ffff88801b081148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3211
#1: ffffc90000107d80 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3212
#2: ffffffff8fee0048 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 net/core/link_watch.c:285
1 lock held by khungtaskd/30:
#0: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6744
3 locks held by kworker/u8:2/35:
#0: ffff8880310fc148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3211
#1: ffffc90000ab7d80 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3212
#2: ffffffff8fee0048 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4755
3 locks held by kworker/1:2/970:
#0: ffff88801b078948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3211
#1: ffffc90003ac7d80 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3212
#2: ffffffff8fee0048 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
1 lock held by klogd/5177:
4 locks held by dhcpcd/5482:
2 locks held by getty/5574:
#0: ffff888035f220a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
2 locks held by syz-executor/5800:
1 lock held by syz-executor/5810:
#0: ffffffff8fee0048 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:698 [inline]
#0: ffffffff8fee0048 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3517
1 lock held by syz-executor/5822:
#0: ffffffff8fee0048 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:698 [inline]
#0: ffffffff8fee0048 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3517
4 locks held by kworker/u8:7/5874:
3 locks held by syz.3.60/6115:
#0: ffff88807adc50a0 (&tty->ldisc_sem){++++}-{0:0}, at: __tty_ldisc_lock drivers/tty/tty_ldisc.c:289 [inline]
#0: ffff88807adc50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock_pair_timeout drivers/tty/tty_ldisc.c:352 [inline]
#0: ffff88807adc50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock_pair drivers/tty/tty_ldisc.c:366 [inline]
#0: ffff88807adc50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0x159/0x2a0 drivers/tty/tty_ldisc.c:780
#1: ffffffff8fee0048 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdev+0x12/0x30 net/core/dev.c:11626
#2: ffffffff8e1c7238 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x282/0x3b0 kernel/rcu/tree_exp.h:297
1 lock held by syz.3.233/6705:
#0: ffffffff8e1c7100 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x700 kernel/rcu/tree.c:4565
1 lock held by syz.4.574/7911:
#0: ffffffff8fee0048 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:698 [inline]
#0: ffffffff8fee0048 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 drivers/net/tun.c:3517
2 locks held by syz-executor/7980:
1 lock held by syz-executor/7982:
1 lock held by syz-executor/7983:
1 lock held by syz-executor/7985:
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:234 [inline]
watchdog+0xf14/0x1240 kernel/hung_task.c:397
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 5188 Comm: udevd Not tainted 6.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:remove_partial mm/slub.c:2737 [inline]
RIP: 0010:__slab_free+0x466/0x4d0 mm/slub.c:4518
Code: 48 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 4c 89 ff 49 89 47 10 48 83 c0 22 49 89 47 18 e8 ff 85 ff ff f0 80 60 01 fd <49> 83 6d 40 01 48 8b 34 24 4c 89 ef e8 b9 70 3a 09 48 8b 7c 24 30
RSP: 0018:ffffc90004d277b0 EFLAGS: 00000046
RAX: ffffea000624ba00 RBX: ffff8881892ef001 RCX: 1ffffd40011ab8c3
RDX: ffffea0008d5c610 RSI: ffffea000624ba10 RDI: ffffea000624ba00
RBP: ffffc90004d27860 R08: 0000000000000001 R09: fffff520009a4ee4
R10: 0000000000000003 R11: 0000000000000002 R12: ffff8881892ef800
R13: ffff888140400840 R14: 0000000000100000 R15: ffffea000624ba00
FS: 00007f69ffbad280(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd99c572060 CR3: 0000000079fe4000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
__kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
kasan_kmalloc include/linux/kasan.h:260 [inline]
__do_kmalloc_node mm/slub.c:4298 [inline]
__kmalloc_noprof+0x21c/0x510 mm/slub.c:4310
kmalloc_noprof include/linux/slab.h:905 [inline]
kzalloc_noprof include/linux/slab.h:1037 [inline]
tomoyo_encode2+0x100/0x3e0 security/tomoyo/realpath.c:45
tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
tomoyo_realpath_from_path+0x19d/0x720 security/tomoyo/realpath.c:283
tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
tomoyo_path_perm+0x276/0x460 security/tomoyo/file.c:822
security_inode_getattr+0x116/0x290 security/security.c:2372
vfs_getattr fs/stat.c:243 [inline]
vfs_statx_path+0x2b/0x310 fs/stat.c:283
vfs_statx+0x11f/0x1c0 fs/stat.c:347
vfs_fstatat+0x7b/0xf0 fs/stat.c:366
__do_sys_newfstatat+0xa2/0x130 fs/stat.c:530
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f69ff7165f4
Code: 64 c7 00 09 00 00 00 83 c8 ff c3 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 00 00 00 00 41 89 ca b8 06 01 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 10 48 8b 15 03 a8 0d 00 f7 d8 41 83 c8
RSP: 002b:00007fff893b0e88 EFLAGS: 00000246 ORIG_RAX: 0000000000000106
RAX: ffffffffffffffda RBX: 0000561cca3076e0 RCX: 00007f69ff7165f4
RDX: 00007fff893b0e98 RSI: 0000561cca2f7897 RDI: 00000000ffffff9c
RBP: 0000561cdcaf8e38 R08: 00062305ed946d00 R09: 00007f69ffcb3000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00062305ed946d00 R15: 0000561cca2fbdca
</TASK>