INFO: task syz.2.315:11243 blocked for more than 426 seconds.
Not tainted 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.315 state:D stack:0 pid:11243 tgid:11242 ppid:10688 flags:0x00000006
Call Trace:
[<ffffffff85fe3a74>] context_switch kernel/sched/core.c:5315 [inline]
[<ffffffff85fe3a74>] __schedule+0xd5a/0x3886 kernel/sched/core.c:6675
[<ffffffff85fe6664>] __schedule_loop kernel/sched/core.c:6752 [inline]
[<ffffffff85fe6664>] schedule+0xc4/0x324 kernel/sched/core.c:6767
[<ffffffff85fe6fac>] schedule_preempt_disabled+0x16/0x28 kernel/sched/core.c:6824
[<ffffffff85feff86>] rwsem_down_read_slowpath+0x56a/0x91e kernel/locking/rwsem.c:1084
[<ffffffff85ff09dc>] __down_read_common kernel/locking/rwsem.c:1248 [inline]
[<ffffffff85ff09dc>] __down_read kernel/locking/rwsem.c:1261 [inline]
[<ffffffff85ff09dc>] down_read+0xe4/0x460 kernel/locking/rwsem.c:1526
[<ffffffff800d8d0e>] mmap_read_lock include/linux/mmap_lock.h:144 [inline]
[<ffffffff800d8d0e>] exit_mm kernel/exit.c:547 [inline]
[<ffffffff800d8d0e>] do_exit+0x80e/0x2986 kernel/exit.c:926
[<ffffffff800db3e6>] do_group_exit+0xd4/0x26c kernel/exit.c:1088
[<ffffffff8010db36>] get_signal+0x1e98/0x23b0 kernel/signal.c:2917
[<ffffffff8000bbb8>] arch_do_signal_or_restart+0x988/0x1190 arch/riscv/kernel/signal.c:437
[<ffffffff85fdac04>] exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
[<ffffffff85fdac04>] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
[<ffffffff85fdac04>] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
[<ffffffff85fdac04>] syscall_exit_to_user_mode+0x2a6/0x31e kernel/entry/common.c:218
[<ffffffff85fd9b26>] do_trap_ecall_u+0x86/0x216 arch/riscv/kernel/traps.c:345
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
Showing all locks held in the system:
1 lock held by kthreadd/2:
2 locks held by kworker/u9:2/35:
#0: ff60000011071148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x848/0x1dae kernel/workqueue.c:3204
#1: ff20000000257c90 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x870/0x1dae kernel/workqueue.c:3204
1 lock held by khungtaskd/37:
#0: ffffffff87fcc100 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x68/0x2d6 kernel/locking/lockdep.c:6716
1 lock held by kcompactd0/40:
2 locks held by syslogd/2967:
1 lock held by klogd/2971:
#0: ff6000001ba68730 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:704 [inline]
#0: ff6000001ba68730 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x15a/0xa60 mm/memory.c:6228
1 lock held by dhcpcd/3014:
#0: ff6000001c497658 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:704 [inline]
#0: ff6000001c497658 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x15a/0xa60 mm/memory.c:6228
1 lock held by dhcpcd/3015:
#0: ff6000001ce554a8 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:704 [inline]
#0: ff6000001ce554a8 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x15a/0xa60 mm/memory.c:6228
2 locks held by getty/3133:
#0: ff600000186df0a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3a/0x46 drivers/tty/tty_ldsem.c:340
#1: ff2000000008b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xd7c/0x129a drivers/tty/n_tty.c:2211
1 lock held by sshd/3168:
#0: ff6000001b1f09b8 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:704 [inline]
#0: ff6000001b1f09b8 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x15a/0xa60 mm/memory.c:6228
1 lock held by syz-executor/3170:
4 locks held by kworker/0:8/4643:
5 locks held by kworker/1:2/6619:
4 locks held by kworker/1:4/6624:
#0: ff600000190cbd48 ((wq_completion)wg-kex-wg0#4){+.+.}-{0:0}, at: process_one_work+0x848/0x1dae kernel/workqueue.c:3204
#1: ff200000029c7c90 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((typeof(*((worker))) *)((worker)))); (typeof((typeof(*((worker))) *)((worker)))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x870/0x1dae kernel/workqueue.c:3204
#2: ff6000002c355208 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x12c/0x904 drivers/net/wireguard/noise.c:598
#3: ff6000001c0cb218 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x4b4/0x904 drivers/net/wireguard/noise.c:632
4 locks held by kworker/1:3/9773:
4 locks held by kworker/0:0/10151:
4 locks held by kworker/0:1/10210:
4 locks held by kworker/1:0/11209:
4 locks held by kworker/0:2/11220:
2 locks held by syz.2.315/11242:
1 lock held by syz.2.315/11243:
#0: ff600000190f4588 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:144 [inline]
#0: ff600000190f4588 (&mm->mmap_lock){++++}-{3:3}, at: exit_mm kernel/exit.c:547 [inline]
#0: ff600000190f4588 (&mm->mmap_lock){++++}-{3:3}, at: do_exit+0x80e/0x2986 kernel/exit.c:926
1 lock held by syz.2.315/11244:
#0: ff600000190f4588 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:144 [inline]
#0: ff600000190f4588 (&mm->mmap_lock){++++}-{3:3}, at: exit_mm kernel/exit.c:547 [inline]
#0: ff600000190f4588 (&mm->mmap_lock){++++}-{3:3}, at: do_exit+0x80e/0x2986 kernel/exit.c:926
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 37 Comm: khungtaskd Not tainted 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff85f3faae>] nmi_cpu_backtrace+0x39c/0x39e lib/nmi_backtrace.c:113
[<ffffffff85f3fd66>] nmi_trigger_cpumask_backtrace+0x2b6/0x456 lib/nmi_backtrace.c:62
[<ffffffff80019974>] arch_trigger_cpumask_backtrace+0x2c/0x3c arch/riscv/kernel/smp.c:347
[<ffffffff80432c3c>] trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
[<ffffffff80432c3c>] check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
[<ffffffff80432c3c>] watchdog+0xcfa/0x1178 kernel/hung_task.c:379
[<ffffffff80154e14>] kthread+0x28c/0x3a6 kernel/kthread.c:389
[<ffffffff85ffcbde>] ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 2 Comm: kthreadd Not tainted 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Hardware name: riscv-virtio,qemu (DT)
epc : slab_update_freelist mm/slub.c:740 [inline]
epc : __slab_free+0xf2/0x3f6 mm/slub.c:4432
ra : slab_update_freelist mm/slub.c:738 [inline]
ra : __slab_free+0x220/0x3f6 mm/slub.c:4432
epc : ffffffff808d8f16 ra : ffffffff808d9044 sp : ff20000000037570
gp : ffffffff897bea80 tp : ff60000012289a40 t0 : ff6000001228a560
t1 : ffebffff0dd865f8 t2 : 0000000000000017 s0 : ff20000000037640
s1 : 0000000000000002 a0 : 0000000000000000 a1 : 0000000000000000
a2 : 0000000000000000 a3 : ffffffff814a8fc2 a4 : 0000000000000001
a5 : 0000000000000000 a6 : 0000000000000003 a7 : 1fec0000024514b0
s2 : 0000000000000006 s3 : ff6000003f3fd500 s4 : 0000000000000000
s5 : ff600000132f7780 s6 : 0000000000000001 s7 : 0000000000000001
s8 : 0000000000000000 s9 : ff6000003f3fd640 s10: 00000000000c0007
s11: ff1c000000fcff40 t3 : 1fec0000024514ab t4 : ffebffff0dd865f8
t5 : ffebffff0dd865f9 t6 : 1fec0000024514b5
status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000001
[<ffffffff808d8f16>] arch_local_irq_restore arch/riscv/include/asm/irqflags.h:51 [inline]
[<ffffffff808d8f16>] slab_update_freelist mm/slub.c:738 [inline]
[<ffffffff808d8f16>] __slab_free+0xf2/0x3f6 mm/slub.c:4432
[<ffffffff808dd1c8>] do_slab_free mm/slub.c:4532 [inline]
[<ffffffff808dd1c8>] ___cache_free+0x1a6/0x1e0 mm/slub.c:4638
[<ffffffff80972d66>] qlink_free mm/kasan/quarantine.c:163 [inline]
[<ffffffff80972d66>] qlist_free_all+0x76/0x16c mm/kasan/quarantine.c:179
[<ffffffff80973412>] kasan_quarantine_reduce+0x158/0x1ba mm/kasan/quarantine.c:286
[<ffffffff8096f768>] __kasan_slab_alloc+0x5c/0x82 mm/kasan/common.c:329
[<ffffffff808d6c12>] kasan_slab_alloc include/linux/kasan.h:247 [inline]
[<ffffffff808d6c12>] slab_post_alloc_hook mm/slub.c:4086 [inline]
[<ffffffff808d6c12>] slab_alloc_node mm/slub.c:4135 [inline]
[<ffffffff808d6c12>] __kmalloc_cache_noprof+0x1a4/0x318 mm/slub.c:4291
[<ffffffff8015a022>] kmalloc_noprof include/linux/slab.h:878 [inline]
[<ffffffff8015a022>] kzalloc_noprof include/linux/slab.h:1014 [inline]
[<ffffffff8015a022>] set_kthread_struct+0xce/0x202 kernel/kthread.c:118
[<ffffffff800bd308>] copy_process+0x38b6/0x8e32 kernel/fork.c:2303
[<ffffffff800c2ab0>] kernel_clone+0x11e/0x92c kernel/fork.c:2787
[<ffffffff800c3724>] kernel_thread+0xf4/0x126 kernel/fork.c:2849
[<ffffffff8015ac72>] create_kthread kernel/kthread.c:412 [inline]
[<ffffffff8015ac72>] kthreadd+0x46e/0x6e8 kernel/kthread.c:765
[<ffffffff85ffcbde>] ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326