INFO: task kworker/u4:46:15873 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:46   state:D stack:22144 pid:15873 ppid:2      flags:0x00004000
Workqueue: events_unbound fsnotify_connector_destroy_workfn
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5244 [inline]
 __schedule+0x10ec/0x40b0 kernel/sched/core.c:6561
 schedule+0xb9/0x180 kernel/sched/core.c:6637
 schedule_timeout+0x97/0x280 kernel/time/timer.c:1941
 do_wait_for_common kernel/sched/completion.c:85 [inline]
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x2b9/0x590 kernel/sched/completion.c:138
 __synchronize_srcu+0x283/0x310 kernel/rcu/srcutree.c:1243
 fsnotify_connector_destroy_workfn+0x40/0xa0 fs/notify/mark.c:234
 process_one_work+0x898/0x1160 kernel/workqueue.c:2292
 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439
 kthread+0x29d/0x330 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
INFO: task kworker/u4:47:15874 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:47   state:D stack:24704 pid:15874 ppid:2      flags:0x00004000
Workqueue: events_unbound fsnotify_mark_destroy_workfn
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5244 [inline]
 __schedule+0x10ec/0x40b0 kernel/sched/core.c:6561
 schedule+0xb9/0x180 kernel/sched/core.c:6637
 schedule_timeout+0x97/0x280 kernel/time/timer.c:1941
 do_wait_for_common kernel/sched/completion.c:85 [inline]
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x2b9/0x590 kernel/sched/completion.c:138
 __synchronize_srcu+0x283/0x310 kernel/rcu/srcutree.c:1243
 fsnotify_mark_destroy_workfn+0xfe/0x2e0 fs/notify/mark.c:924
 process_one_work+0x898/0x1160 kernel/workqueue.c:2292
 process_scheduled_works kernel/workqueue.c:2355 [inline]
 worker_thread+0xd1c/0x1250 kernel/workqueue.c:2444
 kthread+0x29d/0x330 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
INFO: task syz.2.4019:23069 blocked for more than 144 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.4019      state:D stack:26368 pid:23069 ppid:16506  flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5244 [inline]
 __schedule+0x10ec/0x40b0 kernel/sched/core.c:6561
 schedule+0xb9/0x180 kernel/sched/core.c:6637
 schedule_timeout+0x97/0x280 kernel/time/timer.c:1941
 do_wait_for_common kernel/sched/completion.c:85 [inline]
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x2b9/0x590 kernel/sched/completion.c:138
 __flush_work+0x912/0xa60 kernel/workqueue.c:3076
 __lru_add_drain_all+0x6a0/0x800 mm/swap.c:910
 invalidate_bdev+0x8f/0xb0 block/bdev.c:86
 reconfigure_super+0x44f/0x880 fs/super.c:1002
 do_remount fs/namespace.c:2732 [inline]
 path_mount+0xdfd/0x1010 fs/namespace.c:3391
 do_mount fs/namespace.c:3412 [inline]
 __do_sys_mount fs/namespace.c:3620 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3597
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f98e138ebe9
RSP: 002b:00007f98e2160038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f98e15b5fa0 RCX: 00007f98e138ebe9
RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000000
RBP: 00007f98e1411e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000021 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f98e15b6038 R14: 00007f98e15b5fa0 R15: 00007ffdfec68c08
 </TASK>
INFO: task syz.7.4020:23071 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.7.4020      state:D stack:25440 pid:23071 ppid:22677  flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5244 [inline]
 __schedule+0x10ec/0x40b0 kernel/sched/core.c:6561
 schedule+0xb9/0x180 kernel/sched/core.c:6637
 schedule_timeout+0x97/0x280 kernel/time/timer.c:1941
 do_wait_for_common kernel/sched/completion.c:85 [inline]
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x2b9/0x590 kernel/sched/completion.c:138
 __flush_work+0x912/0xa60 kernel/workqueue.c:3076
 flush_work kernel/workqueue.c:3097 [inline]
 flush_delayed_work+0x121/0x170 kernel/workqueue.c:3221
 fsnotify_destroy_group+0x212/0x340 fs/notify/group.c:76
 inotify_release+0x41/0x70 fs/notify/inotify/inotify_user.c:309
 __fput+0x22c/0x920 fs/file_table.c:320
 task_work_run+0x1ca/0x250 kernel/task_work.c:203
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:303
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:87
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f06f4b8ebe9
RSP: 002b:00007ffeb726f008 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007f06f4db7da0 RCX: 00007f06f4b8ebe9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f06f4db7da0 R08: 00000000000007a0 R09: 00000015b726f2ff
R10: 00007f06f4db7cb0 R11: 0000000000000246 R12: 000000000018b712
R13: 00007f06f4db6180 R14: ffffffffffffffff R15: 00007ffeb726f120
 </TASK>
INFO: task syz-executor:23076 blocked for more than 146 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:22144 pid:23076 ppid:1      flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5244 [inline]
 __schedule+0x10ec/0x40b0 kernel/sched/core.c:6561
 schedule+0xb9/0x180 kernel/sched/core.c:6637
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6696
 __mutex_lock_common kernel/locking/mutex.c:679 [inline]
 __mutex_lock+0x555/0xaf0 kernel/locking/mutex.c:747
 __lru_add_drain_all+0x66/0x800 mm/swap.c:865
 invalidate_bdev+0x8f/0xb0 block/bdev.c:86
 ext4_put_super+0x95a/0xe90 fs/ext4/super.c:1282
 generic_shutdown_super+0x130/0x340 fs/super.c:501
 kill_block_super+0x7c/0xe0 fs/super.c:1470
 deactivate_locked_super+0x93/0xf0 fs/super.c:332
 cleanup_mnt+0x463/0x4f0 fs/namespace.c:1182
 task_work_run+0x1ca/0x250 kernel/task_work.c:203
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:303
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:87
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f36b558ff17
RSP: 002b:00007ffd130e1088 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f36b5611c05 RCX: 00007f36b558ff17
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd130e1140
RBP: 00007ffd130e1140 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd130e21d0
R13: 00007f36b5611c05 R14: 000000000018d11d R15: 00007ffd130e2210
 </TASK>

Showing all locks held in the system:
1 lock held by kthreadd/2:
 #0: ffffffff8cb53610 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: copy_process+0x248b/0x4020 kernel/fork.c:2446
1 lock held by rcu_tasks_kthre/12:
 #0: ffffffff8cb2b370 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 kernel/rcu/tasks.h:517
1 lock held by rcu_tasks_trace/13:
 #0: ffffffff8cb2bb90 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 kernel/rcu/tasks.h:517
1 lock held by khungtaskd/27:
 #0: ffffffff8cb2a9e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #0: ffffffff8cb2a9e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #0: ffffffff8cb2a9e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 kernel/locking/lockdep.c:6513
2 locks held by getty/4030:
 #0: ffff88814cc94098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:244
 #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x41b/0x1380 drivers/tty/n_tty.c:2198
1 lock held by kworker/dying/4501:
 #0: ffffffff8cb53610 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: do_exit+0x578/0x2400 kernel/exit.c:827
3 locks held by kworker/u4:19/5271:
 #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267
 #1: ffffc90004a4fd00 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267
 #2: ffffffff8cb53610 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: copy_process+0x248b/0x4020 kernel/fork.c:2446
1 lock held by kworker/dying/15839:
 #0: ffffffff8cb53610 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: do_exit+0x578/0x2400 kernel/exit.c:827
1 lock held by kworker/dying/15858:
 #0: ffffffff8cb53610 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: do_exit+0x578/0x2400 kernel/exit.c:827
2 locks held by kworker/u4:46/15873:
 #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267
 #1: ffffc900038e7d00 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267
2 locks held by kworker/u4:47/15874:
 #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267
 #1: ffffc900038f7d00 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267
3 locks held by kworker/1:0/18782:
 #0: ffff88814c86d938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267
 #1: ffffc9000c997d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267
 #2: ffffffff8dd41ee8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xc4/0x14d0 net/ipv6/addrconf.c:4131
3 locks held by kworker/1:1/22394:
 #0: ffff888017471938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267
 #1: ffffc90004e6fd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267
 #2: ffffffff8dd41ee8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x8b/0xd80 net/wireless/reg.c:2499
1 lock held by syz.0.3990/22985:
1 lock held by syz.3.4011/23067:
2 locks held by syz.2.4019/23069:
 #0: ffff8880531860e0 (&type->s_umount_key#59){++++}-{3:3}, at: do_remount fs/namespace.c:2729 [inline]
 #0: ffff8880531860e0 (&type->s_umount_key#59){++++}-{3:3}, at: path_mount+0xdbb/0x1010 fs/namespace.c:3391
 #1: ffffffff8cbd18a8 (lock#3){+.+.}-{3:3}, at: __lru_add_drain_all+0x66/0x800 mm/swap.c:865
2 locks held by syz-executor/23076:
 #0: ffff888056a020e0 (&type->s_umount_key#32){++++}-{3:3}, at: deactivate_super+0xa0/0xd0 fs/super.c:362
 #1: ffffffff8cbd18a8 (lock#3){+.+.}-{3:3}, at: __lru_add_drain_all+0x66/0x800 mm/swap.c:865
1 lock held by syz-executor/23103:
 #0: ffffffff8cb53610 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: do_exit+0x578/0x2400 kernel/exit.c:827
6 locks held by syz-executor/23107:
3 locks held by syz-executor/23121:
 #0: ffff888078d5c460 (sb_writers#10){.+.+}-{0:0}, at: vfs_write+0x256/0x960 fs/read_write.c:580
 #1: ffff888085a0d088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1e5/0x4c0 fs/kernfs/file.c:325
 #2: ffffffff8cb53428 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock include/linux/cgroup.h:442 [inline]
 #2: ffffffff8cb53428 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_kn_lock_live+0xee/0x230 kernel/cgroup/cgroup.c:1677
4 locks held by syz-executor/23184:
 #0: ffffffff8dda1cf0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 net/netlink/genetlink.c:860
 #1: ffffffff8dda1b08 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline]
 #1: ffffffff8dda1b08 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x103/0x780 net/netlink/genetlink.c:848
 #2: ffffffff8dd41ee8 (rtnl_mutex){+.+.}-{3:3}, at: wg_set_device+0xf2/0x1ee0 drivers/net/wireguard/netlink.c:504
 #3: ffff8880565f53e8 (&wg->device_update_lock){+.+.}-{3:3}, at: wg_set_device+0x109/0x1ee0 drivers/net/wireguard/netlink.c:505
2 locks held by syz.4.4028/23207:
 #0: ffff888054ae40e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x1fa/0x930 fs/super.c:228
 #1: ffffffff8cbd18a8 (lock#3){+.+.}-{3:3}, at: __lru_add_drain_all+0x66/0x800 mm/swap.c:865

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 27 Comm: khungtaskd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x22e lib/dump_stack.c:106
 nmi_cpu_backtrace+0x3f4/0x470 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x1d4/0x450 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline]
 watchdog+0xeee/0xf30 kernel/hung_task.c:377
 kthread+0x29d/0x330 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 23054 Comm: syz.1.4012 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:irq_exit_rcu+0x0/0x20 kernel/softirq.c:691
Code: 89 d9 80 e1 07 80 c1 03 38 c1 7c 81 48 89 df e8 a6 6e 82 00 e9 74 ff ff ff 90 e8 3b d6 c8 08 e9 16 ff ff ff 66 0f 1f 44 00 00 <e8> 1b 00 00 00 48 c7 c7 c0 f9 8a 8a e8 1f da c8 08 65 ff 0d 1c f8
RSP: 0018:ffffc90000007ff0 EFLAGS: 00000086
RAX: 0000000000000000 RBX: ffffc900036afb08 RCX: 4febbe9ff0e22300
RDX: 0000000000000000 RSI: ffffffff8a88e380 RDI: ffffffff8adefae0
RBP: 0000000000000000 R08: dffffc0000000000 R09: fffffbfff1c3ee26
R10: fffffbfff1c3ee26 R11: 1ffffffff1c3ee25 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f241a28f6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fafa454fd58 CR3: 0000000031d65000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
 sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1118
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:202
Code: f5 ff 0f 1f 00 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 8e 18 42 f7 48 89 df e8 e6 dd 42 f7 e8 61 d1 65 f7 fb bf 01 00 00 00 <e8> 46 5b 36 f7 65 8b 05 67 14 e1 75 85 c0 74 02 5b c3 e8 b4 25 df
RSP: 0018:ffffc900036afbb8 EFLAGS: 00000286
RAX: 4febbe9ff0e22300 RBX: ffff888079e41280 RCX: 4febbe9ff0e22300
RDX: dffffc0000000000 RSI: ffffffff8a8c0300 RDI: 0000000000000001
RBP: ffff888079e41718 R08: dffffc0000000000 R09: ffffed100f3c8251
R10: ffffed100f3c8251 R11: 1ffff1100f3c8250 R12: 1ffff1100f3c82e3
R13: 0000000000000021 R14: dffffc0000000000 R15: 0000000000000000
 spin_unlock_irq include/linux/spinlock.h:401 [inline]
 get_signal+0x1163/0x1350 kernel/signal.c:2874
 arch_do_signal_or_restart+0xb0/0x1230 arch/x86/kernel/signal.c:871
 exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:303
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:87
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f241938ebe7
Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
RSP: 002b:00007f241a28f0e8 EFLAGS: 00000246
RAX: 00000000000000ca RBX: 00007f24195b5fa8 RCX: 00007f241938ebe9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f24195b5fa8
RBP: 00007f24195b5fa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f24195b6038 R14: 00007ffc7e9c84b0 R15: 00007ffc7e9c8598
 </TASK>