INFO: task syz.2.249:7427 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.249 state:D stack:24832 pid:7427 tgid:7424 ppid:5797 task_flags:0x400140 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x145f/0x5070 kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7241
rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
__rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
__rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
rt_mutex_slowlock+0x2a8/0x6b0 kernel/locking/rtmutex.c:1800
__rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
__mutex_lock_common kernel/locking/rtmutex_api.c:534 [inline]
mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:552
ni_lock fs/ntfs3/ntfs_fs.h:1127 [inline]
ntfs_read_folio+0xba/0x200 fs/ntfs3/inode.c:728
filemap_read_folio+0x117/0x380 mm/filemap.c:2496
filemap_create_folio mm/filemap.c:2634 [inline]
filemap_get_pages+0xc54/0x1ee0 mm/filemap.c:2696
filemap_read+0x3f9/0x11a0 mm/filemap.c:2800
copy_splice_read+0x5da/0xa60 fs/splice.c:363
do_splice_read fs/splice.c:981 [inline]
splice_direct_to_actor+0x4db/0xcd0 fs/splice.c:1086
do_splice_direct_actor fs/splice.c:1204 [inline]
do_splice_direct+0x187/0x270 fs/splice.c:1230
do_sendfile+0x4ec/0x7f0 fs/read_write.c:1370
__do_sys_sendfile64 fs/read_write.c:1431 [inline]
__se_sys_sendfile64+0x13e/0x190 fs/read_write.c:1417
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5731bcf749
RSP: 002b:00007f572fe2e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f5731e25fa0 RCX: 00007f5731bcf749
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005
RBP: 00007f5731c53f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000080000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5731e26038 R14: 00007f5731e25fa0 R15: 00007ffcba692678
</TASK>
INFO: task syz.2.249:7436 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.249 state:D stack:26112 pid:7436 tgid:7424 ppid:5797 task_flags:0x400140 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x145f/0x5070 kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6960
io_schedule+0x81/0xe0 kernel/sched/core.c:7789
folio_wait_bit_common+0x6b5/0xb90 mm/filemap.c:1323
__folio_lock mm/filemap.c:1699 [inline]
folio_lock include/linux/pagemap.h:1159 [inline]
__filemap_get_folio_mpol+0x16d/0xa50 mm/filemap.c:1954
__filemap_get_folio include/linux/pagemap.h:763 [inline]
attr_make_nonresident+0x87f/0xbe0 fs/ntfs3/attrib.c:294
attr_set_size_res fs/ntfs3/attrib.c:373 [inline]
attr_set_size+0x1f9f/0x2c70 fs/ntfs3/attrib.c:434
ntfs_set_size+0x164/0x200 fs/ntfs3/inode.c:863
ntfs_extend+0x1d9/0x970 fs/ntfs3/file.c:434
ntfs_setattr+0x2e8/0xbe0 fs/ntfs3/file.c:853
notify_change+0xc18/0xf60 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
vfs_truncate+0x493/0x520 fs/open.c:118
do_sys_truncate+0xdb/0x190 fs/open.c:141
__do_sys_truncate fs/open.c:153 [inline]
__se_sys_truncate fs/open.c:151 [inline]
__x64_sys_truncate+0x5b/0x70 fs/open.c:151
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5731bcf749
RSP: 002b:00007f572fdec038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007f5731e26180 RCX: 00007f5731bcf749
RDX: 0000000000000000 RSI: 00000000000006e8 RDI: 0000200000000a80
RBP: 00007f5731c53f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5731e26218 R14: 00007f5731e26180 R15: 00007ffcba692678
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/38:
#0: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#0: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
3 locks held by kworker/u8:4/69:
#0: ffff8880306a7138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff8880306a7138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
#1: ffffc9000154fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc9000154fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
#2: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#2: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x119/0x15a0 net/ipv6/addrconf.c:4194
3 locks held by kworker/u8:8/1323:
#0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
#1: ffffc9000532fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc9000532fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
#2: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:303
4 locks held by kworker/u8:12/3452:
#0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
#1: ffffc9000e347bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc9000e347bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
#2: ffffffff8e898780 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x7b0 net/core/net_namespace.c:670
#3: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xdc/0x9e0 net/core/dev.c:13022
1 lock held by dhcpcd/5461:
#0: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
#0: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
#0: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8ec/0x1c90 net/core/rtnetlink.c:4071
2 locks held by getty/5556:
#0: ffff88814e43d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90003e7e2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x44f/0x1460 drivers/tty/n_tty.c:2211
2 locks held by syz.2.249/7427:
#0: ffff88803dc13b48 (mapping.invalidate_lock#7){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:1092 [inline]
#0: ffff88803dc13b48 (mapping.invalidate_lock#7){++++}-{4:4}, at: filemap_create_folio mm/filemap.c:2625 [inline]
#0: ffff88803dc13b48 (mapping.invalidate_lock#7){++++}-{4:4}, at: filemap_get_pages+0xb01/0x1ee0 mm/filemap.c:2696
#1: ffff88803dc136c0 (&ni->ni_lock#3/5){+.+.}-{4:4}, at: ni_lock fs/ntfs3/ntfs_fs.h:1127 [inline]
#1: ffff88803dc136c0 (&ni->ni_lock#3/5){+.+.}-{4:4}, at: ntfs_read_folio+0xba/0x200 fs/ntfs3/inode.c:728
4 locks held by syz.2.249/7436:
#0: ffff88801f746480 (sb_writers#21){++++}-{0:0}, at: mnt_want_write+0x41/0x90 fs/namespace.c:499
#1: ffff88803dc13978 (&sb->s_type->i_mutex_key#32){+.+.}-{4:4}, at: inode_lock_killable include/linux/fs.h:1032 [inline]
#1: ffff88803dc13978 (&sb->s_type->i_mutex_key#32){+.+.}-{4:4}, at: do_truncate+0x171/0x220 fs/open.c:63
#2: ffff88803dc136c0 (&ni->ni_lock#3/5){+.+.}-{4:4}, at: ni_lock fs/ntfs3/ntfs_fs.h:1127 [inline]
#2: ffff88803dc136c0 (&ni->ni_lock#3/5){+.+.}-{4:4}, at: ntfs_set_size+0x131/0x200 fs/ntfs3/inode.c:860
#3: ffff88803dc13760 (&ni->file.run_lock#3){++++}-{4:4}, at: ntfs_set_size+0x140/0x200 fs/ntfs3/inode.c:861
1 lock held by syz-executor/7926:
#0: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: inet6_rtm_newaddr+0x5b7/0xd20 net/ipv6/addrconf.c:5027
1 lock held by syz-executor/7933:
#0: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
#0: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
#0: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8ec/0x1c90 net/core/rtnetlink.c:4071
4 locks held by syz-executor/7970:
#0: ffff8880323a8480 (sb_writers#7){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2681 [inline]
#0: ffff8880323a8480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x217/0xb40 fs/read_write.c:682
#1: ffff8880320b1078 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 fs/kernfs/file.c:343
#2: ffff88814478a3c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff88814478a3c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 fs/kernfs/file.c:344
#3: ffffffff8e12c678 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 drivers/net/netdevsim/bus.c:234
7 locks held by syz-executor/7974:
#0: ffff8880323a8480 (sb_writers#7){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2681 [inline]
#0: ffff8880323a8480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x217/0xb40 fs/read_write.c:682
#1: ffff88805c3e1478 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 fs/kernfs/file.c:343
#2: ffff88814478a3c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff88814478a3c8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 fs/kernfs/file.c:344
#3: ffffffff8e12c678 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x360 drivers/net/netdevsim/bus.c:234
#4: ffff8880502b20d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#4: ffff8880502b20d8 (&dev->mutex){....}-{4:4}, at: __device_driver_lock drivers/base/dd.c:1104 [inline]
#4: ffff8880502b20d8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x800 drivers/base/dd.c:1302
#5: ffff8880502b0300 (&devlink->lock_key#14){+.+.}-{4:4}, at: nsim_drv_remove+0x50/0x160 drivers/net/netdevsim/dev.c:1777
#6: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#6: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_dev_lock+0x257/0x2f0 net/core/dev.c:2143
1 lock held by syz-executor/8033:
#0: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
#0: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
#0: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8ec/0x1c90 net/core/rtnetlink.c:4071
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
watchdog+0xf95/0xfe0 kernel/hung_task.c:515
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
</TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:82
Code: c3 c2 03 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 c7 16 00 f3 0f 1e fa fb f4 <e9> 98 c2 03 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffffff8d207dc0 EFLAGS: 000002c6
RAX: 00000000000c239b RBX: ffffffff8195d75e RCX: 0000000080000001
RDX: 0000000000000001 RSI: ffffffff8ce0bbc5 RDI: ffffffff8b3f57e0
RBP: ffffffff8d207eb0 R08: ffff8880b8833c5b R09: 1ffff1101710678b
R10: dffffc0000000000 R11: ffffed101710678c R12: ffffffff8edb3470
R13: 1ffffffff1a60668 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff888126cef000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558d7ba0d000 CR3: 000000000d3a8000 CR4: 00000000003526f0
Call Trace:
<TASK>
arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x73/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:191 [inline]
do_idle+0x1be/0x4d0 kernel/sched/idle.c:332
cpu_startup_entry+0x44/0x60 kernel/sched/idle.c:430
rest_init+0x2de/0x300 init/main.c:757
start_kernel+0x381/0x3d0 init/main.c:1206
x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:291
common_startup_64+0x13e/0x147
</TASK>