syzbot

 sign-in | mailing list | source | docs
🐞 Open [405]
🐞 Fixed [20]
🐞 Invalid [105]
Missing Backports [14]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: task hung in __tun_chr_ioctl

Status: upstream: reported on 2025/12/16 10:17
Reported-by: syzbot+8d1cb0b5aee33ab20776@syzkaller.appspotmail.com
First crash: 3d09h, last: 3d09h
Similar bugs (8)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 INFO: task hung in __tun_chr_ioctl 1 8 550d 576d 0/3 auto-obsoleted due to no activity on 2024/09/25 13:24
upstream INFO: task hung in __tun_chr_ioctl (4) net 1 1 989d 989d 0/29 auto-obsoleted due to no activity on 2023/07/04 14:00
upstream INFO: task hung in __tun_chr_ioctl net 1 2 2599d 2832d 0/29 closed as dup on 2018/03/19 06:35
linux-5.15 INFO: task hung in __tun_chr_ioctl 1 2 541d 560d 0/3 auto-obsoleted due to no activity on 2024/10/03 23:39
upstream INFO: task hung in __tun_chr_ioctl (5) net 1 1 693d 693d 0/29 auto-obsoleted due to no activity on 2024/04/24 22:34
upstream INFO: task hung in __tun_chr_ioctl (6) net 1 76 317d 560d 0/29 auto-obsoleted due to no activity on 2025/04/16 11:29
upstream INFO: task hung in __tun_chr_ioctl (3) net 1 2 1181d 1269d 0/29 auto-obsoleted due to no activity on 2023/01/03 09:42
upstream INFO: task hung in __tun_chr_ioctl (2) wireguard 1 1 1633d 1633d 0/29 auto-closed as invalid on 2021/09/27 23:09

Sample crash report:
INFO: task syz.5.2819:16442 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.2819      state:D stack:27208 pid:16442 ppid:10324  flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 schedule+0xbd/0x170 kernel/sched/core.c:6773
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6832
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x6b7/0xcc0 kernel/locking/mutex.c:747
 __tun_chr_ioctl+0x3b9/0x1fd0 drivers/net/tun.c:3121
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fc38d18f749
RSP: 002b:00007fc38e045038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fc38d3e5fa0 RCX: 00007fc38d18f749
RDX: 0000200000000040 RSI: 00000000400454ca RDI: 0000000000000004
RBP: 00007fc38d213f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc38d3e6038 R14: 00007fc38d3e5fa0 R15: 00007ffc27ee4998
 </TASK>
INFO: task syz.5.2819:16443 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.2819      state:D stack:29064 pid:16443 ppid:10324  flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 schedule+0xbd/0x170 kernel/sched/core.c:6773
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6832
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x6b7/0xcc0 kernel/locking/mutex.c:747
 tun_detach drivers/net/tun.c:698 [inline]
 tun_chr_close+0x41/0x1c0 drivers/net/tun.c:3511
 __fput+0x234/0x970 fs/file_table.c:384
 __do_sys_close fs/open.c:1573 [inline]
 __se_sys_close+0x15f/0x220 fs/open.c:1558
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fc38d18f749
RSP: 002b:00007fc38e024038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 00007fc38d3e6090 RCX: 00007fc38d18f749
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007fc38d213f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc38d3e6128 R14: 00007fc38d3e6090 R15: 00007ffc27ee4998
 </TASK>
INFO: task syz.5.2819:16444 blocked for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.2819      state:D stack:27176 pid:16444 ppid:10324  flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 schedule+0xbd/0x170 kernel/sched/core.c:6773
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6832
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x6b7/0xcc0 kernel/locking/mutex.c:747
 dev_ioctl+0x7d2/0x1170 net/core/dev_ioctl.c:785
 sock_do_ioctl+0x226/0x2f0 net/socket.c:1236
 sock_ioctl+0x623/0x7a0 net/socket.c:1341
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fc38d18f749
RSP: 002b:00007fc38e003038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fc38d3e6180 RCX: 00007fc38d18f749
RDX: 00002000000000c0 RSI: 0000000000008914 RDI: 0000000000000003
RBP: 00007fc38d213f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc38d3e6218 R14: 00007fc38d3e6180 R15: 00007ffc27ee4998
 </TASK>
INFO: task syz.5.2819:16447 blocked for more than 150 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.2819      state:D stack:25832 pid:16447 ppid:10324  flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 schedule+0xbd/0x170 kernel/sched/core.c:6773
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6832
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x6b7/0xcc0 kernel/locking/mutex.c:747
 tun_detach drivers/net/tun.c:698 [inline]
 tun_chr_close+0x41/0x1c0 drivers/net/tun.c:3511
 __fput+0x234/0x970 fs/file_table.c:384
 __do_sys_close fs/open.c:1573 [inline]
 __se_sys_close+0x15f/0x220 fs/open.c:1558
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fc38d18f749
RSP: 002b:00007fc38dfe2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 00007fc38d3e6270 RCX: 00007fc38d18f749
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a
RBP: 00007fc38d213f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc38d3e6308 R14: 00007fc38d3e6270 R15: 00007ffc27ee4998
 </TASK>
INFO: task syz.5.2819:16448 blocked for more than 152 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.2819      state:D stack:27304 pid:16448 ppid:10324  flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 schedule+0xbd/0x170 kernel/sched/core.c:6773
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6832
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x6b7/0xcc0 kernel/locking/mutex.c:747

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/16 10:16 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: task hung in __tun_chr_ioctl
* Struck through repros no longer work on HEAD.