INFO: task kworker/1:2:488 blocked for more than 143 seconds.
Not tainted 6.9.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:2 state:D stack:14176 pid:488 tgid:488 ppid:2 flags:0x00004000
Workqueue: events p9_write_work
Call Trace:
context_switch kernel/sched/core.c:5409 [inline]
__schedule+0x416/0xab0 kernel/sched/core.c:6746
__schedule_loop kernel/sched/core.c:6823 [inline]
schedule+0x25/0x110 kernel/sched/core.c:6838
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x51d/0x9c0 kernel/locking/mutex.c:752
pipe_write+0x4c/0x730 fs/pipe.c:455
__kernel_write_iter+0x135/0x2a0 fs/read_write.c:523
__kernel_write fs/read_write.c:543 [inline]
kernel_write fs/read_write.c:564 [inline]
kernel_write+0xf8/0x220 fs/read_write.c:554
p9_fd_write net/9p/trans_fd.c:432 [inline]
p9_write_work+0x82/0x2c0 net/9p/trans_fd.c:483
process_one_work+0x22d/0x6c0 kernel/workqueue.c:3254
process_scheduled_works kernel/workqueue.c:3335 [inline]
worker_thread+0x1c2/0x380 kernel/workqueue.c:3416
kthread+0xd6/0x100 kernel/kthread.c:388
ret_from_fork+0x2c/0x50 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Showing all locks held in the system:
3 locks held by kworker/0:1/9:
#0: ffff888100072548 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x440/0x6c0 kernel/workqueue.c:3229
#1: ffffc90000053e58 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ea/0x6c0 kernel/workqueue.c:3230
#2: ffff88810537e868 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
1 lock held by khungtaskd/28:
#0: ffffffff833ded40 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
#0: ffffffff833ded40 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
#0: ffffffff833ded40 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x36/0x120 kernel/locking/lockdep.c:6614
3 locks held by kworker/1:1/35:
#0: ffff888100072548 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x440/0x6c0 kernel/workqueue.c:3229
#1: ffffc9000012fe58 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ea/0x6c0 kernel/workqueue.c:3230
#2: ffff888108fb1468 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
3 locks held by kworker/0:2/206:
#0: ffff888100072548 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x440/0x6c0 kernel/workqueue.c:3229
#1: ffffc90000f3be58 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ea/0x6c0 kernel/workqueue.c:3230
#2: ffff888102b24268 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
3 locks held by kworker/1:2/488:
#0: ffff888100072548 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x440/0x6c0 kernel/workqueue.c:3229
#1: ffffc900018b3e58 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ea/0x6c0 kernel/workqueue.c:3230
#2: ffff888103f4aa68 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
2 locks held by getty/1614:
#0: ffff888100ede8a0 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x23/0x60 drivers/tty/tty_ldisc.c:243
#1: ffffc900035272f0 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0x52a/0x680 drivers/tty/n_tty.c:2201
2 locks held by syz.3.16/3509:
#0: ffff888103f4aa68 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
#1: ffff88817d2382f0 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
#1: ffff88817d2382f0 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x1e7/0xe20 mm/filemap.c:3296
2 locks held by syz.4.17/3928:
#0: ffff88810537e868 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
#1: ffff88817d3d82f0 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
#1: ffff88817d3d82f0 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x1e7/0xe20 mm/filemap.c:3296
2 locks held by syz.5.18/4347:
#0: ffff888102b24268 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
#1: ffff88817d3d8848 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
#1: ffff88817d3d8848 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x1e7/0xe20 mm/filemap.c:3296
3 locks held by kworker/0:3/4349:
#0: ffff888100072548 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x440/0x6c0 kernel/workqueue.c:3229
#1: ffffc90002dfbe58 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ea/0x6c0 kernel/workqueue.c:3230
#2: ffff888103b25668 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
2 locks held by syz.6.19/4768:
#0: ffff888103b25668 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
#1: ffff88817d3d8da0 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
#1: ffff88817d3d8da0 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x1e7/0xe20 mm/filemap.c:3296
3 locks held by kworker/0:4/4769:
#0: ffff888100072548 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x440/0x6c0 kernel/workqueue.c:3229
#1: ffffc9000361fe58 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ea/0x6c0 kernel/workqueue.c:3230
#2: ffff8881791cf668 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
2 locks held by syz.7.20/5188:
#0: ffff888108fb1468 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
#1: ffff88817d238848 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
#1: ffff88817d238848 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x1e7/0xe20 mm/filemap.c:3296
3 locks held by kworker/1:3/5189:
#0: ffff888100072548 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x440/0x6c0 kernel/workqueue.c:3229
#1: ffffc90003dcfe58 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ea/0x6c0 kernel/workqueue.c:3230
#2: ffff8881791c0e68 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
3 locks held by kworker/0:5/5190:
#0: ffff888100072548 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x440/0x6c0 kernel/workqueue.c:3229
#1: ffffc90003e07e58 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ea/0x6c0 kernel/workqueue.c:3230
#2: ffff888108fb1e68 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
2 locks held by syz.8.21/5609:
#0: ffff888108fb1e68 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
#1: ffff88817d238da0 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
#1: ffff88817d238da0 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x1e7/0xe20 mm/filemap.c:3296
2 locks held by syz.9.22/6028:
#0: ffff8881791c0e68 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
#1: ffff88817d3d92f8 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
#1: ffff88817d3d92f8 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x1e7/0xe20 mm/filemap.c:3296
3 locks held by kworker/1:4/6030:
#0: ffff888100072548 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x440/0x6c0 kernel/workqueue.c:3229
#1: ffffc90004dc7e58 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ea/0x6c0 kernel/workqueue.c:3230
#2: ffff888104b9c468 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
2 locks held by syz.0.23/6449:
#0: ffff8881791cf668 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
#1: ffff88817d3d9850 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
#1: ffff88817d3d9850 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x1e7/0xe20 mm/filemap.c:3296
3 locks held by kworker/0:6/6450:
#0: ffff888100072548 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x440/0x6c0 kernel/workqueue.c:3229
#1: ffffc9000560fe58 ((work_completion)(&m->wq)){....}-{0:0}, at: process_one_work+0x1ea/0x6c0 kernel/workqueue.c:3230
#2: ffff8881791ec668 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
2 locks held by syz.1.24/6869:
#0: ffff888104b9c468 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
#1: ffff88817d2392f8 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
#1: ffff88817d2392f8 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x1e7/0xe20 mm/filemap.c:3296
2 locks held by syz.2.25/7290:
#0: ffff8881791ec668 (&pipe->mutex){....}-{3:3}, at: pipe_write+0x4c/0x730 fs/pipe.c:455
#1: ffff88817d3d9da8 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:850 [inline]
#1: ffff88817d3d9da8 (mapping.invalidate_lock#3){....}-{3:3}, at: filemap_fault+0x1e7/0xe20 mm/filemap.c:3296
6 locks held by modprobe/7336:
#0: ffff888237d2fe98 (&rq->__lock){....}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:559 [inline]
#0: ffff888237d2fe98 (&rq->__lock){....}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1387 [inline]
#0: ffff888237d2fe98 (&rq->__lock){....}-{2:2}, at: rq_lock kernel/sched/sched.h:1701 [inline]
#0: ffff888237d2fe98 (&rq->__lock){....}-{2:2}, at: __schedule+0xd3/0xab0 kernel/sched/core.c:6654
#1: ffff888101afe058 (&sighand->siglock){....}-{2:2}, at: do_notify_parent+0x23e/0x330 kernel/signal.c:2115
#2: ffff888101e84b38 (&sig->wait_chldexit){....}-{2:2}, at: __wake_up_common_lock kernel/sched/wait.c:105 [inline]
#2: ffff888101e84b38 (&sig->wait_chldexit){....}-{2:2}, at: __wake_up_sync_key+0x1c/0x50 kernel/sched/wait.c:173
#3: ffff8881046d0990 (&p->pi_lock){....}-{2:2}, at: class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:553 [inline]
#3: ffff8881046d0990 (&p->pi_lock){....}-{2:2}, at: try_to_wake_up+0x51/0x730 kernel/sched/core.c:4262
#4: ffff88810ceff818 (ptlock_ptr(ptdesc)#2){....}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#4: ffff88810ceff818 (ptlock_ptr(ptdesc)#2){....}-{2:2}, at: __pte_offset_map_lock+0x68/0x110 mm/pgtable-generic.c:373
#5: ffffffff833ded40 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
#5: ffffffff833ded40 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
#5: ffffffff833ded40 (rcu_read_lock){....}-{1:2}, at: page_ext_get+0x1f/0xd0 mm/page_ext.c:508
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.9.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x5a/0x90 lib/dump_stack.c:114
nmi_cpu_backtrace+0xd4/0x110 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0xd5/0x140 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0x61d/0x650 kernel/hung_task.c:380
kthread+0xd6/0x100 kernel/kthread.c:388
ret_from_fork+0x2c/0x50 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 7375 Comm: modprobe Not tainted 6.9.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
RIP: 0010:rcu_is_watching+0x24/0x50 kernel/rcu/tree.c:700
Code: 90 90 90 90 90 90 f3 0f 1e fa 53 65 ff 05 8c e2 ef 7e e8 7f 1f 42 01 48 c7 c3 28 9b 02 00 89 c0 48 03 1c c5 20 8a 05 83 8b 03 e8 02 83 e0 01 65 ff 0d 67 e2 ef 7e 74 06 5b c3 cc cc cc cc 0f
RSP: 0018:ffffc90006597ba0 EFLAGS: 00000286
RAX: 00000000000735e4 RBX: ffff888237d29b28 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffffffff82ec0424 RDI: ffffffff82eca136
RBP: ffff888104e80000 R08: 0000000000020020 R09: ffff88816866cd48
R10: 0000000000000000 R11: fefefefefefefeff R12: 000000023fe21025
R13: ffffea0008ff8840 R14: 00007f247e8d4000 R15: ffffc90006597dc0
FS: 0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f247e7ad440 CR3: 000000011163e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
rcu_read_lock_held_common kernel/rcu/update.c:109 [inline]
rcu_read_lock_held+0x1e/0x40 kernel/rcu/update.c:349
lookup_page_ext mm/page_ext.c:240 [inline]
page_ext_get+0x82/0xd0 mm/page_ext.c:509
page_table_check_clear.part.0+0x1f/0x1e0 mm/page_table_check.c:72
page_table_check_pte_clear include/linux/page_table_check.h:49 [inline]
ptep_get_and_clear_full arch/x86/include/asm/pgtable.h:1295 [inline]
get_and_clear_full_ptes include/linux/pgtable.h:634 [inline]
zap_present_folio_ptes mm/memory.c:1479 [inline]
zap_present_ptes mm/memory.c:1563 [inline]
zap_pte_range mm/memory.c:1605 [inline]
zap_pmd_range mm/memory.c:1722 [inline]
zap_pud_range mm/memory.c:1751 [inline]
zap_p4d_range mm/memory.c:1772 [inline]
unmap_page_range+0xc8a/0x13f0 mm/memory.c:1793
unmap_vmas+0xe7/0x1c0 mm/memory.c:1883
exit_mmap+0x100/0x470 mm/mmap.c:3267
__mmput+0x3a/0x120 kernel/fork.c:1346
exit_mm kernel/exit.c:569 [inline]
do_exit+0x2a7/0xb70 kernel/exit.c:865
do_group_exit+0x31/0x90 kernel/exit.c:1027
__do_sys_exit_group kernel/exit.c:1038 [inline]
__se_sys_exit_group kernel/exit.c:1036 [inline]
__x64_sys_exit_group+0x13/0x20 kernel/exit.c:1036
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x6f/0x180 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f247e86ba90
Code: Unable to access opcode bytes at 0x7f247e86ba66.
RSP: 002b:00007ffeb941eef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f247e95c860 RCX: 00007f247e86ba90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007f247e95c860 R08: 0000000000000000 R09: d7596182f7d9c979
R10: 00007ffeb941edb0 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f247e960658 R15: 0000000000000001