INFO: task dhcpcd-run-hook:6672 blocked for more than 143 seconds.
      Not tainted syzkaller #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:dhcpcd-run-hook state:D stack:26904 pid:6672  tgid:6672  ppid:6656   task_flags:0x40004c flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x14ea/0x5050 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:6964
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021
 rwsem_down_write_slowpath+0x899/0x1040 kernel/locking/rwsem.c:1185
 __down_write_common kernel/locking/rwsem.c:1317 [inline]
 __down_write kernel/locking/rwsem.c:1326 [inline]
 down_write+0x1bc/0x200 kernel/locking/rwsem.c:1591
 mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 exit_mmap+0x293/0xb30 mm/mmap.c:1285
 __mmput+0x118/0x430 kernel/fork.c:1173
 exit_mm+0x168/0x220 kernel/exit.c:581
 do_exit+0x62e/0x2310 kernel/exit.c:959
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1112
 __do_sys_exit_group kernel/exit.c:1123 [inline]
 __se_sys_exit_group kernel/exit.c:1121 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121
 x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc3c21a96c5
RSP: 002b:00007ffe26f1fc88 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007ffe26f1ff04 RCX: 00007fc3c21a96c5
RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000
RBP: 0000000000000003 R08: 00007ffe26f1fd80 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffe26f1ffc0 R14: 00007fc3c23b9000 R15: 000055a667f0dd98
 </TASK>
INFO: task syz.1.18:6674 blocked for more than 143 seconds.
      Not tainted syzkaller #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.18        state:D stack:27064 pid:6674  tgid:6674  ppid:6369   task_flags:0x40004c flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x14ea/0x5050 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:6964
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021
 rwsem_down_write_slowpath+0x899/0x1040 kernel/locking/rwsem.c:1185
 __down_write_common kernel/locking/rwsem.c:1317 [inline]
 __down_write kernel/locking/rwsem.c:1326 [inline]
 down_write+0x1bc/0x200 kernel/locking/rwsem.c:1591
 mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 exit_mmap+0x293/0xb30 mm/mmap.c:1285
 __mmput+0x118/0x430 kernel/fork.c:1173
 exit_mm+0x168/0x220 kernel/exit.c:581
 do_exit+0x62e/0x2310 kernel/exit.c:959
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1112
 __do_sys_exit_group kernel/exit.c:1123 [inline]
 __se_sys_exit_group kernel/exit.c:1121 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121
 x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb4fe59aef9
RSP: 002b:00007ffc3496b218 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb4fe59aef9
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000003 R08: 0000000000000000 R09: 00007fb4fe7cd280
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fb4fe7cd280 R14: 0000000000000003 R15: 00007ffc3496b2d0
 </TASK>
INFO: task syz.2.28:6677 blocked for more than 143 seconds.
      Not tainted syzkaller #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.28        state:D stack:27368 pid:6677  tgid:6677  ppid:6379   task_flags:0x40004c flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x14ea/0x5050 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:6964
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021
 rwsem_down_write_slowpath+0x899/0x1040 kernel/locking/rwsem.c:1185
 __down_write_common kernel/locking/rwsem.c:1317 [inline]
 __down_write kernel/locking/rwsem.c:1326 [inline]
 down_write+0x1bc/0x200 kernel/locking/rwsem.c:1591
 mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 exit_mmap+0x293/0xb30 mm/mmap.c:1285
 __mmput+0x118/0x430 kernel/fork.c:1173
 exit_mm+0x168/0x220 kernel/exit.c:581
 do_exit+0x62e/0x2310 kernel/exit.c:959
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1112
 __do_sys_exit_group kernel/exit.c:1123 [inline]
 __se_sys_exit_group kernel/exit.c:1121 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121
 x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f90f7d9aef9
RSP: 002b:00007ffd1fa87428 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f90f7d9aef9
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007ffd1fa8748c R08: 0000000000000000 R09: 00000000000927c0
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000004
R13: 00000000000927c0 R14: 000000000001ef63 R15: 00007ffd1fa874e0
 </TASK>
INFO: task syz.4.21:6690 blocked for more than 144 seconds.
      Not tainted syzkaller #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.21        state:D stack:27032 pid:6690  tgid:6690  ppid:6381   task_flags:0x40004c flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x14ea/0x5050 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:6964
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021
 rwsem_down_write_slowpath+0x899/0x1040 kernel/locking/rwsem.c:1185
 __down_write_common kernel/locking/rwsem.c:1317 [inline]
 __down_write kernel/locking/rwsem.c:1326 [inline]
 down_write+0x1bc/0x200 kernel/locking/rwsem.c:1591
 mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 exit_mmap+0x293/0xb30 mm/mmap.c:1285
 __mmput+0x118/0x430 kernel/fork.c:1173
 exit_mm+0x168/0x220 kernel/exit.c:581
 do_exit+0x62e/0x2310 kernel/exit.c:959
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1112
 __do_sys_exit_group kernel/exit.c:1123 [inline]
 __se_sys_exit_group kernel/exit.c:1121 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121
 x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2508b9aef9
RSP: 002b:00007ffd169b4588 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2508b9aef9
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000003 R08: 0000000000000000 R09: 00007f2508dcd280
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2508dcd280 R14: 0000000000000003 R15: 00007ffd169b4640
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #0: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
2 locks held by udevd/5187:
 #0: ffffffff8e624530 (dup_mmap_sem){.+.+}-{0:0}, at: dup_mm kernel/fork.c:1528 [inline]
 #0: ffffffff8e624530 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x130/0x4b0 kernel/fork.c:1581
 #1: ffff88807d20d900 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:353 [inline]
 #1: ffff88807d20d900 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x153/0x1bb0 mm/mmap.c:1726
2 locks held by getty/5575:
 #0: ffff88814d8d10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211
1 lock held by syz-executor/6224:
 #0: ffff88802c7f8f80 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:353 [inline]
 #0: ffff88802c7f8f80 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x234/0x4f0 mm/util.c:579
1 lock held by udevd/6261:
 #0: ffff888071eb7180 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:353 [inline]
 #0: ffff888071eb7180 (&mm->mmap_lock){++++}-{4:4}, at: __vm_munmap+0x163/0x3d0 mm/vma.c:3244
1 lock held by syz-executor/6368:
 #0: ffff888034de4080 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff888034de4080 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz-executor/6369:
 #0: ffff888034de3440 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff888034de3440 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz-executor/6376:
 #0: ffff888034de2800 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff888034de2800 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz-executor/6379:
 #0: ffff888034de0f80 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff888034de0f80 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz-executor/6381:
 #0: ffff888031514080 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff888031514080 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
2 locks held by kworker/u8:7/6632:
 #0: ffff88813fe69148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
 #0: ffff88813fe69148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
 #1: ffffc90003c8fbc0 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
 #1: ffffc90003c8fbc0 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
1 lock held by dhcpcd-run-hook/6672:
 #0: ffff8880719b9bc0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff8880719b9bc0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz.1.18/6674:
 #0: ffff8880719be540 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff8880719be540 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz.2.28/6677:
 #0: ffff8880719bb440 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff8880719bb440 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz.4.21/6690:
 #0: ffff8880719b8340 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff8880719b8340 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz-executor/7795:
 #0: ffff8880353f7180 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff8880353f7180 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz-executor/7853:
 #0: ffff88813fe5b440 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff88813fe5b440 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz.3.689/8097:
 #0: ffff88805f238340 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff88805f238340 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz.5.690/8098:
 #0: ffff88805f23e540 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff88805f23e540 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz.7.696/8115:
 #0: ffff88807cd5b440 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff88807cd5b440 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz.6.695/8118:
 #0: ffff8880703a4080 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff8880703a4080 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz-executor/9138:
 #0: ffff888062708f80 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff888062708f80 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz-executor/9143:
 #0: ffff8880353f3440 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff8880353f3440 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz-executor/9197:
 #0: ffff8880317ee540 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff8880317ee540 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz.8.1335/9481:
 #0: ffff88806270c080 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff88806270c080 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz.2.1336/9482:
 #0: ffff888062708340 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff888062708340 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by modprobe/9483:
 #0: ffff88806270a800 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:353 [inline]
 #0: ffff88806270a800 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x234/0x4f0 mm/util.c:579
1 lock held by syz-executor/9486:
 #0: ffff88806270d900 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff88806270d900 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz-executor/9491:
 #0: ffff88802a158f80 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff88802a158f80 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz-executor/9493:
 #0: ffff88802a15d900 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff88802a15d900 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by syz-executor/9496:
 #0: ffff88802a15e540 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff88802a15e540 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
1 lock held by udevd/9499:
 #0: ffff88802a15f180 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:353 [inline]
 #0: ffff88802a15f180 (&mm->mmap_lock){++++}-{4:4}, at: __vm_munmap+0x163/0x3d0 mm/vma.c:3244
1 lock held by syz.3.1356/9610:
 #0: ffff888031a7ccc0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff888031a7ccc0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285
2 locks held by syz-executor/9614:
 #0: ffffffff8e624530 (dup_mmap_sem){.+.+}-{0:0}, at: dup_mm kernel/fork.c:1528 [inline]
 #0: ffffffff8e624530 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x130/0x4b0 kernel/fork.c:1581
 #1: ffff8880703a0340 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:353 [inline]
 #1: ffff8880703a0340 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x153/0x1bb0 mm/mmap.c:1726
2 locks held by syz-executor/9617:
 #0: ffffffff8e624530 (dup_mmap_sem){.+.+}-{0:0}, at: dup_mm kernel/fork.c:1528 [inline]
 #0: ffffffff8e624530 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x130/0x4b0 kernel/fork.c:1581
 #1: ffff8880703a7180 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:353 [inline]
 #1: ffff8880703a7180 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x153/0x1bb0 mm/mmap.c:1726
2 locks held by syz-executor/9621:
 #0: ffffffff8e624530 (dup_mmap_sem){.+.+}-{0:0}, at: dup_mm kernel/fork.c:1528 [inline]
 #0: ffffffff8e624530 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x130/0x4b0 kernel/fork.c:1581
 #1: ffff8880703a2800 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:353 [inline]
 #1: ffff8880703a2800 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x153/0x1bb0 mm/mmap.c:1726
1 lock held by syz.2.1371/9722:
 #0: ffff888020aae540 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
 #0: ffff888020aae540 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x293/0xb30 mm/mmap.c:1285

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xf90/0xfe0 kernel/hung_task.c:515
 kthread+0x726/0x8b0 kernel/kthread.c:463
 ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 50 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: events_unbound nsim_dev_trap_report_work
RIP: 0010:rcu_is_watching+0x67/0xb0 kernel/rcu/tree.c:752
Code: 89 f7 e8 7c 1c 83 00 48 c7 c3 d8 96 f4 92 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 34 8b 03 65 ff 0d 29 d5 49 11 <74> 11 83 e0 04 c1 e8 02 5b 41 5e 41 5f e9 47 68 f1 09 cc e8 91 0e
RSP: 0018:ffffc90000bb73d0 EFLAGS: 00000282
RAX: 00000000000e02c4 RBX: ffff8880b87336d8 RCX: 0000000080000002
RDX: ffffc90000bb7501 RSI: ffffffff8c0739e0 RDI: ffffffff8c0739a0
RBP: dffffc0000000000 R08: ffffc90000bb7a70 R09: 0000000000000000
R10: ffffc90000bb7578 R11: fffff52000176eb1 R12: ffffc90000bb7a80
R13: ffffffff81757195 R14: ffffffff8df82dd8 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8881257ea000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c008d87010 CR3: 000000000e346000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 trace_lock_release include/trace/events/lock.h:69 [inline]
 lock_release+0x4b/0x3a0 kernel/locking/lockdep.c:5879
 rcu_lock_release include/linux/rcupdate.h:341 [inline]
 rcu_read_unlock include/linux/rcupdate.h:897 [inline]
 class_rcu_destructor include/linux/rcupdate.h:1195 [inline]
 unwind_next_frame+0x1aaa/0x23c0 arch/x86/kernel/unwind_orc.c:695
 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:415
 kasan_kmalloc include/linux/kasan.h:263 [inline]
 __do_kmalloc_node mm/slub.c:5657 [inline]
 __kmalloc_node_track_caller_noprof+0x558/0x7f0 mm/slub.c:5768
 kmalloc_reserve net/core/skbuff.c:635 [inline]
 __alloc_skb+0x2c1/0x7d0 net/core/skbuff.c:713
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
 nsim_dev_trap_report_work+0x29a/0xb80 drivers/net/netdevsim/dev.c:921
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xaec/0x17a0 kernel/workqueue.c:3340
 worker_thread+0xda6/0x1360 kernel/workqueue.c:3421
 kthread+0x726/0x8b0 kernel/kthread.c:463
 ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>