INFO: task syz-executor467:5849 blocked for more than 143 seconds.
Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor467 state:D stack:26936 pid:5849 tgid:5849 ppid:5839 task_flags:0x400040 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5382 [inline]
__schedule+0x16e2/0x4cd0 kernel/sched/core.c:6767
__schedule_loop kernel/sched/core.c:6845 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6860
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
rwsem_down_read_slowpath+0x552/0x880 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x98/0x2e0 kernel/locking/rwsem.c:1526
inode_lock_shared include/linux/fs.h:877 [inline]
blkdev_read_iter+0x2f8/0x440 block/fops.c:808
aio_read+0x30e/0x470 fs/aio.c:1602
__io_submit_one fs/aio.c:-1 [inline]
io_submit_one+0x6ec/0x1240 fs/aio.c:2052
__do_sys_io_submit fs/aio.c:2111 [inline]
__se_sys_io_submit+0x185/0x2f0 fs/aio.c:2081
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbea1957ea9
RSP: 002b:00007ffe0d65d0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 0000200000000080 RCX: 00007fbea1957ea9
RDX: 00002000000000c0 RSI: 00000000000000ca RDI: 00007fbea1910000
RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe0d65d110
R13: 00007ffe0d65d130 R14: 000000000001a993 R15: 00007ffe0d65d10c
</TASK>
INFO: task syz-executor467:5850 blocked for more than 143 seconds.
Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor467 state:D stack:26936 pid:5850 tgid:5850 ppid:5841 task_flags:0x400040 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5382 [inline]
__schedule+0x16e2/0x4cd0 kernel/sched/core.c:6767
__schedule_loop kernel/sched/core.c:6845 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6860
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
rwsem_down_read_slowpath+0x552/0x880 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x98/0x2e0 kernel/locking/rwsem.c:1526
inode_lock_shared include/linux/fs.h:877 [inline]
blkdev_read_iter+0x2f8/0x440 block/fops.c:808
aio_read+0x30e/0x470 fs/aio.c:1602
__io_submit_one fs/aio.c:-1 [inline]
io_submit_one+0x6ec/0x1240 fs/aio.c:2052
__do_sys_io_submit fs/aio.c:2111 [inline]
__se_sys_io_submit+0x185/0x2f0 fs/aio.c:2081
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbea1957ea9
RSP: 002b:00007ffe0d65d0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 0000200000000080 RCX: 00007fbea1957ea9
RDX: 00002000000000c0 RSI: 00000000000000ca RDI: 00007fbea1910000
RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe0d65d110
R13: 00007ffe0d65d130 R14: 000000000001a9ab R15: 00007ffe0d65d10c
</TASK>
INFO: task syz-executor467:5851 blocked for more than 144 seconds.
Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor467 state:D stack:26936 pid:5851 tgid:5851 ppid:5842 task_flags:0x400040 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5382 [inline]
__schedule+0x16e2/0x4cd0 kernel/sched/core.c:6767
__schedule_loop kernel/sched/core.c:6845 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6860
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
rwsem_down_read_slowpath+0x552/0x880 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x98/0x2e0 kernel/locking/rwsem.c:1526
inode_lock_shared include/linux/fs.h:877 [inline]
blkdev_read_iter+0x2f8/0x440 block/fops.c:808
aio_read+0x30e/0x470 fs/aio.c:1602
__io_submit_one fs/aio.c:-1 [inline]
io_submit_one+0x6ec/0x1240 fs/aio.c:2052
__do_sys_io_submit fs/aio.c:2111 [inline]
__se_sys_io_submit+0x185/0x2f0 fs/aio.c:2081
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbea1957ea9
RSP: 002b:00007ffe0d65d0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 0000200000000080 RCX: 00007fbea1957ea9
RDX: 00002000000000c0 RSI: 00000000000000ca RDI: 00007fbea1910000
RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe0d65d110
R13: 00007ffe0d65d130 R14: 000000000001a9b9 R15: 00007ffe0d65d10c
</TASK>
INFO: task syz-executor467:5852 blocked for more than 144 seconds.
Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor467 state:D stack:26936 pid:5852 tgid:5852 ppid:5844 task_flags:0x400040 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5382 [inline]
__schedule+0x16e2/0x4cd0 kernel/sched/core.c:6767
__schedule_loop kernel/sched/core.c:6845 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6860
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
rwsem_down_read_slowpath+0x552/0x880 kernel/locking/rwsem.c:1084
__down_read_common kernel/locking/rwsem.c:1248 [inline]
__down_read kernel/locking/rwsem.c:1261 [inline]
down_read+0x98/0x2e0 kernel/locking/rwsem.c:1526
inode_lock_shared include/linux/fs.h:877 [inline]
blkdev_read_iter+0x2f8/0x440 block/fops.c:808
aio_read+0x30e/0x470 fs/aio.c:1602
__io_submit_one fs/aio.c:-1 [inline]
io_submit_one+0x6ec/0x1240 fs/aio.c:2052
__do_sys_io_submit fs/aio.c:2111 [inline]
__se_sys_io_submit+0x185/0x2f0 fs/aio.c:2081
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbea1957ea9
RSP: 002b:00007ffe0d65d0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 0000200000000080 RCX: 00007fbea1957ea9
RDX: 00002000000000c0 RSI: 00000000000000ca RDI: 00007fbea1910000
RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe0d65d110
R13: 00007ffe0d65d130 R14: 000000000001a9bf R15: 00007ffe0d65d10c
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/31:
#0: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#0: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6764
2 locks held by getty/5585:
#0: ffff88802ffee0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222
2 locks held by syz-executor467/5848:
1 lock held by syz-executor467/5849:
#0: ffff8880228887a0 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:877 [inline]
#0: ffff8880228887a0 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_read_iter+0x2f8/0x440 block/fops.c:808
1 lock held by syz-executor467/5850:
#0: ffff8880228887a0 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:877 [inline]
#0: ffff8880228887a0 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_read_iter+0x2f8/0x440 block/fops.c:808
1 lock held by syz-executor467/5851:
#0: ffff8880228887a0 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:877 [inline]
#0: ffff8880228887a0 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_read_iter+0x2f8/0x440 block/fops.c:808
1 lock held by syz-executor467/5852:
#0: ffff8880228887a0 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:877 [inline]
#0: ffff8880228887a0 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_read_iter+0x2f8/0x440 block/fops.c:808
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]
watchdog+0xfee/0x1030 kernel/hung_task.c:437
kthread+0x70e/0x8a0 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:mark_held_locks kernel/locking/lockdep.c:4323 [inline]
RIP: 0010:__trace_hardirqs_on_caller kernel/locking/lockdep.c:4344 [inline]
RIP: 0010:lockdep_hardirqs_on_prepare+0x107/0x2a0 kernel/locking/lockdep.c:4411
Code: f0 0a 00 00 45 31 ff 4d 89 f4 eb 13 49 ff c7 48 63 83 e8 0a 00 00 49 83 c4 28 49 39 c7 7d 44 49 83 ff 31 73 2d 41 8b 44 24 20 <a9> 00 00 04 00 74 db 25 00 00 03 00 83 f8 01 ba 03 00 00 00 83 da
RSP: 0018:ffffc900001276c0 EFLAGS: 00000087
RAX: 0000000000050003 RBX: ffff88801c6e0000 RCX: ffffffff931e7578
RDX: 0000000000000002 RSI: ffff88801c6e0b18 RDI: ffff88801c6e0000
RBP: ffffc90000127860 R08: ffffffff8f7ed377 R09: 1ffffffff1efda6e
R10: dffffc0000000000 R11: fffffbfff1efda6f R12: ffff88801c6e0b40
R13: dffffc0000000000 R14: ffff88801c6e0af0 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff8881261cc000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564f24f42600 CR3: 000000000dd36000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
trace_hardirqs_on+0x28/0x40 kernel/trace/trace_preemptirq.c:78
smp_call_function_many_cond+0xac1/0x11c0 kernel/smp.c:877
on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1052
on_each_cpu include/linux/smp.h:71 [inline]
text_poke_sync arch/x86/kernel/alternative.c:2455 [inline]
text_poke_bp_batch+0x84d/0x940 arch/x86/kernel/alternative.c:-1
text_poke_flush arch/x86/kernel/alternative.c:2856 [inline]
text_poke_finish+0x30/0x50 arch/x86/kernel/alternative.c:2863
arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
static_key_enable_cpuslocked+0x128/0x250 kernel/jump_label.c:210
static_key_enable+0x1a/0x20 kernel/jump_label.c:223
toggle_allocation_gate+0xad/0x240 mm/kfence/core.c:850
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
kthread+0x70e/0x8a0 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>