INFO: task syz.2.315:11243 blocked for more than 426 seconds. Not tainted 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.2.315 state:D stack:0 pid:11243 tgid:11242 ppid:10688 flags:0x00000006 Call Trace: [] context_switch kernel/sched/core.c:5315 [inline] [] __schedule+0xd5a/0x3886 kernel/sched/core.c:6675 [] __schedule_loop kernel/sched/core.c:6752 [inline] [] schedule+0xc4/0x324 kernel/sched/core.c:6767 [] schedule_preempt_disabled+0x16/0x28 kernel/sched/core.c:6824 [] rwsem_down_read_slowpath+0x56a/0x91e kernel/locking/rwsem.c:1084 [] __down_read_common kernel/locking/rwsem.c:1248 [inline] [] __down_read kernel/locking/rwsem.c:1261 [inline] [] down_read+0xe4/0x460 kernel/locking/rwsem.c:1526 [] mmap_read_lock include/linux/mmap_lock.h:144 [inline] [] exit_mm kernel/exit.c:547 [inline] [] do_exit+0x80e/0x2986 kernel/exit.c:926 [] do_group_exit+0xd4/0x26c kernel/exit.c:1088 [] get_signal+0x1e98/0x23b0 kernel/signal.c:2917 [] arch_do_signal_or_restart+0x988/0x1190 arch/riscv/kernel/signal.c:437 [] exit_to_user_mode_loop kernel/entry/common.c:111 [inline] [] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] [] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] [] syscall_exit_to_user_mode+0x2a6/0x31e kernel/entry/common.c:218 [] do_trap_ecall_u+0x86/0x216 arch/riscv/kernel/traps.c:345 [] _new_vmalloc_restore_context_a0+0xc2/0xce Showing all locks held in the system: 1 lock held by kthreadd/2: 2 locks held by kworker/u9:2/35: #0: ff60000011071148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x848/0x1dae kernel/workqueue.c:3204 #1: ff20000000257c90 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x870/0x1dae kernel/workqueue.c:3204 1 lock held by khungtaskd/37: #0: ffffffff87fcc100 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x68/0x2d6 kernel/locking/lockdep.c:6716 1 lock held by kcompactd0/40: 2 locks held by syslogd/2967: 1 lock held by klogd/2971: #0: ff6000001ba68730 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:704 [inline] #0: ff6000001ba68730 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x15a/0xa60 mm/memory.c:6228 1 lock held by dhcpcd/3014: #0: ff6000001c497658 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:704 [inline] #0: ff6000001c497658 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x15a/0xa60 mm/memory.c:6228 1 lock held by dhcpcd/3015: #0: ff6000001ce554a8 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:704 [inline] #0: ff6000001ce554a8 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x15a/0xa60 mm/memory.c:6228 2 locks held by getty/3133: #0: ff600000186df0a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3a/0x46 drivers/tty/tty_ldsem.c:340 #1: ff2000000008b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xd7c/0x129a drivers/tty/n_tty.c:2211 1 lock held by sshd/3168: #0: ff6000001b1f09b8 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:704 [inline] #0: ff6000001b1f09b8 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x15a/0xa60 mm/memory.c:6228 1 lock held by syz-executor/3170: 4 locks held by kworker/0:8/4643: 5 locks held by kworker/1:2/6619: 4 locks held by kworker/1:4/6624: #0: ff600000190cbd48 ((wq_completion)wg-kex-wg0#4){+.+.}-{0:0}, at: process_one_work+0x848/0x1dae kernel/workqueue.c:3204 #1: ff200000029c7c90 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((typeof(*((worker))) *)((worker)))); (typeof((typeof(*((worker))) *)((worker)))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x870/0x1dae kernel/workqueue.c:3204 #2: ff6000002c355208 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x12c/0x904 drivers/net/wireguard/noise.c:598 #3: ff6000001c0cb218 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x4b4/0x904 drivers/net/wireguard/noise.c:632 4 locks held by kworker/1:3/9773: 4 locks held by kworker/0:0/10151: 4 locks held by kworker/0:1/10210: 4 locks held by kworker/1:0/11209: 4 locks held by kworker/0:2/11220: 2 locks held by syz.2.315/11242: 1 lock held by syz.2.315/11243: #0: ff600000190f4588 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:144 [inline] #0: ff600000190f4588 (&mm->mmap_lock){++++}-{3:3}, at: exit_mm kernel/exit.c:547 [inline] #0: ff600000190f4588 (&mm->mmap_lock){++++}-{3:3}, at: do_exit+0x80e/0x2986 kernel/exit.c:926 1 lock held by syz.2.315/11244: #0: ff600000190f4588 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:144 [inline] #0: ff600000190f4588 (&mm->mmap_lock){++++}-{3:3}, at: exit_mm kernel/exit.c:547 [inline] #0: ff600000190f4588 (&mm->mmap_lock){++++}-{3:3}, at: do_exit+0x80e/0x2986 kernel/exit.c:926 ============================================= NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 37 Comm: khungtaskd Not tainted 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130 [] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136 [] __dump_stack lib/dump_stack.c:94 [inline] [] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120 [] dump_stack+0x1c/0x24 lib/dump_stack.c:129 [] nmi_cpu_backtrace+0x39c/0x39e lib/nmi_backtrace.c:113 [] nmi_trigger_cpumask_backtrace+0x2b6/0x456 lib/nmi_backtrace.c:62 [] arch_trigger_cpumask_backtrace+0x2c/0x3c arch/riscv/kernel/smp.c:347 [] trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline] [] watchdog+0xcfa/0x1178 kernel/hung_task.c:379 [] kthread+0x28c/0x3a6 kernel/kthread.c:389 [] ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 2 Comm: kthreadd Not tainted 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0 Hardware name: riscv-virtio,qemu (DT) epc : slab_update_freelist mm/slub.c:740 [inline] epc : __slab_free+0xf2/0x3f6 mm/slub.c:4432 ra : slab_update_freelist mm/slub.c:738 [inline] ra : __slab_free+0x220/0x3f6 mm/slub.c:4432 epc : ffffffff808d8f16 ra : ffffffff808d9044 sp : ff20000000037570 gp : ffffffff897bea80 tp : ff60000012289a40 t0 : ff6000001228a560 t1 : ffebffff0dd865f8 t2 : 0000000000000017 s0 : ff20000000037640 s1 : 0000000000000002 a0 : 0000000000000000 a1 : 0000000000000000 a2 : 0000000000000000 a3 : ffffffff814a8fc2 a4 : 0000000000000001 a5 : 0000000000000000 a6 : 0000000000000003 a7 : 1fec0000024514b0 s2 : 0000000000000006 s3 : ff6000003f3fd500 s4 : 0000000000000000 s5 : ff600000132f7780 s6 : 0000000000000001 s7 : 0000000000000001 s8 : 0000000000000000 s9 : ff6000003f3fd640 s10: 00000000000c0007 s11: ff1c000000fcff40 t3 : 1fec0000024514ab t4 : ffebffff0dd865f8 t5 : ffebffff0dd865f9 t6 : 1fec0000024514b5 status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000001 [] arch_local_irq_restore arch/riscv/include/asm/irqflags.h:51 [inline] [] slab_update_freelist mm/slub.c:738 [inline] [] __slab_free+0xf2/0x3f6 mm/slub.c:4432 [] do_slab_free mm/slub.c:4532 [inline] [] ___cache_free+0x1a6/0x1e0 mm/slub.c:4638 [] qlink_free mm/kasan/quarantine.c:163 [inline] [] qlist_free_all+0x76/0x16c mm/kasan/quarantine.c:179 [] kasan_quarantine_reduce+0x158/0x1ba mm/kasan/quarantine.c:286 [] __kasan_slab_alloc+0x5c/0x82 mm/kasan/common.c:329 [] kasan_slab_alloc include/linux/kasan.h:247 [inline] [] slab_post_alloc_hook mm/slub.c:4086 [inline] [] slab_alloc_node mm/slub.c:4135 [inline] [] __kmalloc_cache_noprof+0x1a4/0x318 mm/slub.c:4291 [] kmalloc_noprof include/linux/slab.h:878 [inline] [] kzalloc_noprof include/linux/slab.h:1014 [inline] [] set_kthread_struct+0xce/0x202 kernel/kthread.c:118 [] copy_process+0x38b6/0x8e32 kernel/fork.c:2303 [] kernel_clone+0x11e/0x92c kernel/fork.c:2787 [] kernel_thread+0xf4/0x126 kernel/fork.c:2849 [] create_kthread kernel/kthread.c:412 [inline] [] kthreadd+0x46e/0x6e8 kernel/kthread.c:765 [] ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326