INFO: task syz.3.4145:19974 blocked for more than 143 seconds.
Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.4145 state:D stack:25176 pid:19974 tgid:19973 ppid:15592 task_flags:0x400040 flags:0x00000004
Call Trace:
context_switch kernel/sched/core.c:5382 [inline]
__schedule+0x16e2/0x4cd0 kernel/sched/core.c:6767
__schedule_loop kernel/sched/core.c:6845 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6860
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
__mutex_lock_common kernel/locking/mutex.c:678 [inline]
__mutex_lock+0x724/0xe80 kernel/locking/mutex.c:746
device_lock include/linux/device.h:922 [inline]
usbdev_do_ioctl drivers/usb/core/devio.c:2611 [inline]
usbdev_ioctl+0x140/0x20c0 drivers/usb/core/devio.c:2827
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl+0xf9/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4623d8e969
RSP: 002b:00007f4624b75038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f4623fb5fa0 RCX: 00007f4623d8e969
RDX: 0000200000000140 RSI: 000000008038550a RDI: 0000000000000003
RBP: 00007f4623e10ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f4623fb5fa0 R15: 00007f46240dfa28
Showing all locks held in the system:
1 lock held by khungtaskd/31:
#0: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#0: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6764
5 locks held by kworker/u8:3/53:
#0: ffff88801aef6148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
#0: ffff88801aef6148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 kernel/workqueue.c:3319
#1: ffffc90000bf7c60 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
#1: ffffc90000bf7c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 kernel/workqueue.c:3319
#2: ffffffff8f2e7c90 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x145/0xbd0 net/core/net_namespace.c:608
#3: ffffffff8f2f47c8 (rtnl_mutex){+.+.}-{4:4}, at: cleanup_net+0x611/0xbd0 net/core/net_namespace.c:644
#4: ffffffff8df41338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:336 [inline]
#4: ffffffff8df41338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b7/0x730 kernel/rcu/tree_exp.h:998
2 locks held by getty/5577:
#0: ffff88814d5030a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90002ffe2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222
5 locks held by kworker/1:10/11966:
#0: ffff888144ed8148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
#0: ffff888144ed8148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 kernel/workqueue.c:3319
#1: ffffc90004c57c60 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
#1: ffffc90004c57c60 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 kernel/workqueue.c:3319
#2: ffff888027b70198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:922 [inline]
#2: ffff888027b70198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 drivers/usb/core/hub.c:5859
#3: ffff888050841198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:922 [inline]
#3: ffff888050841198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 drivers/base/dd.c:1004
#4: ffff88807f265160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:922 [inline]
#4: ffff88807f265160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 drivers/base/dd.c:1004
5 locks held by kworker/u8:8/12218:
#0: ffff8880b8839b58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140 kernel/sched/core.c:613
#1: ffff8880b8823b08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39e/0x6d0 kernel/sched/psi.c:987
#2: ffff8880b8925558 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x8ee/0xf30 kernel/time/timer.c:1159
#3: ffffffff99a5f0f0 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0xbb/0x420 lib/debugobjects.c:818
#4: ffffffff99a88280 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0xbb/0x420 lib/debugobjects.c:818
6 locks held by kworker/1:12/17543:
#0: ffff888144ed8148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
#0: ffff888144ed8148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 kernel/workqueue.c:3319
#1: ffffc9000b6ffc60 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
#1: ffffc9000b6ffc60 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 kernel/workqueue.c:3319
#2: ffff888027d61198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:922 [inline]
#2: ffff888027d61198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 drivers/usb/core/hub.c:5859
#3: ffff88806f84b198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:922 [inline]
#3: ffff88806f84b198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 drivers/base/dd.c:1004
#4: ffff888050bd9160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:922 [inline]
#4: ffff888050bd9160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 drivers/base/dd.c:1004
#5: ffffffff8dde1ad0 (umhelper_sem){++++}-{4:4}, at: usermodehelper_read_trylock+0xf0/0x2b0 kernel/umh.c:214
1 lock held by syz.3.4145/19974:
#0: ffff888027d61198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:922 [inline]
#0: ffff888027d61198 (&dev->mutex){....}-{4:4}, at: usbdev_do_ioctl drivers/usb/core/devio.c:2611 [inline]
#0: ffff888027d61198 (&dev->mutex){....}-{4:4}, at: usbdev_ioctl+0x140/0x20c0 drivers/usb/core/devio.c:2827
1 lock held by syz.4.4370/20716:
#0: ffff888027d61198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:922 [inline]
#0: ffff888027d61198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x16e/0x760 drivers/usb/core/devio.c:1054
2 locks held by syz.6.4674/21855:
2 locks held by syz.1.4676/21857:
#0: ffff88807ade4408 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:867 [inline]
#0: ffff88807ade4408 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: __sock_release net/socket.c:646 [inline]
#0: ffff88807ade4408 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240 net/socket.c:1391
#1: ffffffff8f2f47c8 (rtnl_mutex){+.+.}-{4:4}, at: raw_release+0x1bb/0x960 net/can/raw.c:417
1 lock held by dhcpcd/21878:
#0: ffff88807b2a8258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1651 [inline]
#0: ffff88807b2a8258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3252
1 lock held by dhcpcd/21879:
#0: ffff888043bb4258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1651 [inline]
#0: ffff888043bb4258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3252
2 locks held by dhcpcd/21880:
#0: ffff888043bb2258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1651 [inline]
#0: ffff888043bb2258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3252
#1: ffffffff8df41338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:336 [inline]
#1: ffffffff8df41338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b7/0x730 kernel/rcu/tree_exp.h:998
1 lock held by dhcpcd/21881:
#0: ffff888043bb0258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1651 [inline]
#0: ffff888043bb0258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3252
1 lock held by dhcpcd/21882:
#0: ffff88804ffea258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1651 [inline]
#0: ffff88804ffea258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3252
1 lock held by dhcpcd/21883:
#0: ffff888060744258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1651 [inline]
#0: ffff888060744258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3252
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
Call Trace:
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]
watchdog+0xfee/0x1030 kernel/hung_task.c:437
kthread+0x70e/0x8a0 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
Workqueue: netns cleanup_net
RIP: 0010:arch_irqs_disabled_flags arch/x86/include/asm/irqflags.h:146 [inline]
RIP: 0010:check_preemption_disabled+0x5c/0x120 lib/smp_processor_id.c:19
Code: 0e 1f 07 48 3b 4c 24 08 0f 85 cc 00 00 00 48 83 c4 10 5b 41 5e 41 5f 5d c3 cc cc cc cc cc 48 c7 04 24 00 00 00 00 9c 8f 04 24 04 24 00 02 00 00 74 c8 65 4c 8b 3c 25 08 50 75 92 41 f6 47 2f
RSP: 0018:ffffc90000bf74f0 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000080000000
RDX: ffff888020695a00 RSI: ffffffff8d935a6f RDI: ffffffff8bc1d1e0
RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: ffffffff825b0d1c R12: 0000000000000246
R13: ffff888020695a00 R14: ffffffff8df3b860 R15: 0000000000000005
FS: 0000000000000000(0000) GS:ffff8881260cb000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7459180178 CR3: 000000007bf28000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 000000000000000c DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
lockdep_recursion_finish kernel/locking/lockdep.c:472 [inline]
lock_is_held_type+0xfe/0x190 kernel/locking/lockdep.c:5939
kernfs_root+0xf6/0x230 fs/kernfs/kernfs-internal.h:74
kernfs_root_is_locked fs/kernfs/kernfs-internal.h:107 [inline]
kernfs_parent+0x51/0x180 fs/kernfs/kernfs-internal.h:125
__kernfs_remove+0x93/0x570 fs/kernfs/dir.c:1481
kernfs_remove_by_name_ns+0xaf/0x130 fs/kernfs/dir.c:1714
kernfs_remove_by_name include/linux/kernfs.h:633 [inline]
remove_files fs/sysfs/group.c:28 [inline]
sysfs_remove_group+0xfc/0x2c0 fs/sysfs/group.c:322
sysfs_remove_groups+0x54/0xb0 fs/sysfs/group.c:346
device_remove_groups drivers/base/core.c:2846 [inline]
device_remove_attrs+0x1aa/0x260 drivers/base/core.c:2976
device_del+0x509/0x8e0 drivers/base/core.c:3880
unregister_netdevice_many_notify+0x1d4f/0x2330 net/core/dev.c:12018
cleanup_net+0x6a3/0xbd0 net/core/net_namespace.c:649
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
kthread+0x70e/0x8a0 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245