INFO: task syz.1.3554:20239 blocked for more than 146 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.3554 state:D stack:24824 pid:20239 tgid:20239 ppid:14682 task_flags:0x400040 flags:0x00080003
Call Trace:
context_switch kernel/sched/core.c:5387 [inline]
__schedule+0x169e/0x54f0 kernel/sched/core.c:7188
__schedule_loop kernel/sched/core.c:7267 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7282
request_wait_answer fs/fuse/dev.c:735 [inline]
__fuse_request_send fs/fuse/dev.c:749 [inline]
fuse_chan_send+0x1057/0x1aa0 fs/fuse/dev.c:825
fuse_simple_request fs/fuse/fuse_i.h:922 [inline]
fuse_flush+0x677/0x8b0 fs/fuse/file.c:500
filp_flush+0xc0/0x190 fs/open.c:1467
filp_close+0x1d/0x40 fs/open.c:1480
__range_close fs/file.c:794 [inline]
__do_sys_close_range fs/file.c:855 [inline]
__se_sys_close_range+0x3d7/0x900 fs/file.c:819
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f843931c819
RSP: 002b:00007ffc57a417a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: ffffffffffffffda RBX: 00007ffc57a41890 RCX: 00007f843931c819
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 000000000015d329 R08: 0000000000000001 R09: 0000000000000000
R10: 0000001b31120000 R11: 0000000000000246 R12: 00007ffc57a418d0
R13: 00007f8439595fac R14: 000000000015e882 R15: 00007f8439595fa0
Showing all locks held in the system:
1 lock held by khungtaskd/39:
#0: ffffffff8dfc8100 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#0: ffffffff8dfc8100 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
#0: ffffffff8dfc8100 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6777
5 locks held by kworker/u8:13/2344:
#0: ffff88803354b938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3280 [inline]
#0: ffff88803354b938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0xa2e/0x1910 kernel/workqueue.c:3399
#1: ffffc9000811fc40 ((work_completion)(&(&bat_priv->dat.work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3281 [inline]
#1: ffffc9000811fc40 ((work_completion)(&(&bat_priv->dat.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa69/0x1910 kernel/workqueue.c:3399
#2: ffffffff8de5f260 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
#3: ffffffff8dfc8100 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
#4: ffff888097e23b58 (&hash->list_locks[i]){+...}-{3:3}, at: spin_lock_bh include/linux/spinlock_rt.h:90 [inline]
#4: ffff888097e23b58 (&hash->list_locks[i]){+...}-{3:3}, at: __batadv_dat_purge+0x131/0x400 net/batman-adv/distributed-arp-table.c:173
2 locks held by getty/5576:
#0: ffff88803799b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0 drivers/tty/n_tty.c:2211
4 locks held by kworker/0:6/5909:
#0: ffff88801a053938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3280 [inline]
#0: ffff88801a053938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0xa2e/0x1910 kernel/workqueue.c:3399
#1: ffffc90005167c40 ((work_completion)(&aux->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3281 [inline]
#1: ffffc90005167c40 ((work_completion)(&aux->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa69/0x1910 kernel/workqueue.c:3399
#2: ffffffff8e054638 (pack_mutex){+.+.}-{4:4}, at: bpf_prog_pack_free+0x35/0x420 kernel/bpf/core.c:988
#3: ffffffff8de6e298 (text_mutex){+.+.}-{4:4}, at: text_poke_set+0xa3/0x180 arch/x86/kernel/alternative.c:2752
3 locks held by kworker/u8:14/6666:
#0: ffff88801a094138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3280 [inline]
#0: ffff88801a094138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa2e/0x1910 kernel/workqueue.c:3399
#1: ffffc9000823fc40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3281 [inline]
#1: ffffc9000823fc40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0xa69/0x1910 kernel/workqueue.c:3399
#2: ffffffff8f37f5f8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:313
6 locks held by kworker/u8:2/17841:
#0: ffff88801b296138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3280 [inline]
#0: ffff88801b296138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0xa2e/0x1910 kernel/workqueue.c:3399
#1: ffffc9000e6b7c40 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3281 [inline]
#1: ffffc9000e6b7c40 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa69/0x1910 kernel/workqueue.c:3399
#2: ffffffff8f370ce0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800 net/core/net_namespace.c:673
#3: ffffffff8f37f5f8 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x55/0x2c0 net/mac80211/main.c:1707
#4: ffff888083a308b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6645 [inline]
#4: ffff888083a308b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x132/0x6c0 net/mac80211/iface.c:2487
#5: ffff88801a795148 (subsys mutex#18){+.+.}-{4:4}, at: device_del+0x414/0x900 drivers/base/core.c:3883
5 locks held by kworker/u8:16/17847:
#0: ffff88801a094138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3280 [inline]
#0: ffff88801a094138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa2e/0x1910 kernel/workqueue.c:3399
#1: ffffc9000e8bfc40 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3281 [inline]
#1: ffffc9000e8bfc40 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa69/0x1910 kernel/workqueue.c:3399
#2: ffffffff8de57bf0 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_enable+0x12/0x20 kernel/jump_label.c:222
#3: ffffffff8e09b7d8 (jump_label_mutex){+.+.}-{4:4}, at: jump_label_lock kernel/jump_label.c:27 [inline]
#3: ffffffff8e09b7d8 (jump_label_mutex){+.+.}-{4:4}, at: static_key_enable_cpuslocked+0xcb/0x240 kernel/jump_label.c:207
#4: ffffffff8de6e298 (text_mutex){+.+.}-{4:4}, at: arch_jump_label_transform_apply+0x17/0x30 arch/x86/kernel/jump_label.c:145
3 locks held by kworker/0:10/19120:
#0: ffff88801a053938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3280 [inline]
#0: ffff88801a053938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0xa2e/0x1910 kernel/workqueue.c:3399
#1: ffffc9000660fc40 ((work_completion)(&aux->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3281 [inline]
#1: ffffc9000660fc40 ((work_completion)(&aux->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa69/0x1910 kernel/workqueue.c:3399
#2: ffffffff8e054638 (pack_mutex){+.+.}-{4:4}, at: bpf_prog_pack_free+0x35/0x420 kernel/bpf/core.c:988
2 locks held by syz-executor/21063:
#0: ffffffff8f370ce0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x4f7/0x730 net/core/net_namespace.c:575
#1: ffffffff8f37f5f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock_killable include/linux/rtnetlink.h:145 [inline]
#1: ffffffff8f37f5f8 (rtnl_mutex){+.+.}-{4:4}, at: register_netdev+0x18/0x60 net/core/dev.c:11583
1 lock held by syz-executor/21120:
#0: ffffffff8f37f5f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
#0: ffffffff8f37f5f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
#0: ffffffff8f37f5f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 net/core/rtnetlink.c:4107
1 lock held by syz-executor/21127:
#0: ffffffff8f37f5f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#0: ffffffff8f37f5f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 net/ipv4/devinet.c:978
1 lock held by syz.8.3694/21167:
#0: ffff88801df502e8 (&sb->s_type->i_lock_key){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
#0: ffff88801df502e8 (&sb->s_type->i_lock_key){+.+.}-{3:3}, at: filemap_remove_folio+0xd0/0x200 mm/filemap.c:255
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)}
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call Trace:
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
watchdog+0xfd3/0x1030 kernel/hung_task.c:561
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 21165 Comm: syz.8.3694 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)}
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:get_current arch/x86/include/asm/current.h:25 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:245 [inline]
RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x8/0xa0 kernel/kcov.c:321
Code: 74 0a 18 48 89 44 0a 20 c3 cc cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0d f8 5b b1 10 65 44 8b 05 18 5c b1 10 41 81 e0 00 00 ff
RSP: 0000:ffffc90004797898 EFLAGS: 00000293
RAX: ffffffff8235261c RBX: 0000000000041018 RCX: ffff888027745c40
RDX: 0000000000000000 RSI: 0000000000041018 RDI: 0000000400000000
RBP: ffffea0001040600 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffff940002080c1 R12: 0000000000000001
R13: dffffc0000000000 R14: 0000000000041018 R15: ffff8880404131e8
FS: 00005555827be500(0000) GS:ffff8881260c0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c230000 CR3: 00000000a7718000 CR4: 00000000003526f0
Call Trace:
pfn_valid+0x41c/0x480 include/linux/mmzone.h:2278
page_table_check_set+0x25/0x510 mm/page_table_check.c:105
page_table_check_ptes_set include/linux/page_table_check.h:83 [inline]
set_ptes include/linux/pgtable.h:413 [inline]
set_pte_range+0x84b/0x8a0 mm/memory.c:5621
filemap_map_order0_folio mm/filemap.c:3861 [inline]
filemap_map_pages+0xd1c/0x1d10 mm/filemap.c:3931
do_fault_around mm/memory.c:5851 [inline]
do_read_fault mm/memory.c:5884 [inline]
do_fault mm/memory.c:6027 [inline]
do_pte_missing+0x1646/0x2950 mm/memory.c:4550
handle_pte_fault mm/memory.c:6411 [inline]
__handle_mm_fault mm/memory.c:6549 [inline]
handle_mm_fault+0xdb5/0x14c0 mm/memory.c:6718
do_user_addr_fault+0xa73/0x1340 arch/x86/mm/fault.c:1334
handle_page_fault arch/x86/mm/fault.c:1474 [inline]
exc_page_fault+0x6a/0xc0 arch/x86/mm/fault.c:1527
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7fcb270a10b0
Code: 01 00 48 83 c0 01 48 39 f0 72 ef e9 89 fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 48 8b 0d d1 0f 3a 00 31 c0 48 81 ce ff ff ff 3f <48> 3b 34 c1 74 14 48 83 c0 01 48 83 f8 04 0f 84 39 fe ff ff 48 3b
RSP: 002b:00007fff27ff1d20 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffffffff823910a1 RCX: 000000110c230000
RDX: 00000000000010a1 RSI: ffffffffbfffffff RDI: 0000000000000000
RBP: 0000000000000000 R08: 00007fcb27430000 R09: 00007fcb27432000
R10: 00000000823910a5 R11: 0000000000000000 R12: 00007fcb27446038
R13: 0000000000000000 R14: ffffffff823919cb R15: 00007fcb27f75720