INFO: task syz.0.99:7230 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.99 state:D stack:25352 pid:7230 tgid:7188 ppid:5828 task_flags:0x400140 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5352 [inline]
__schedule+0x1665/0x5590 kernel/sched/core.c:6964
__schedule_loop kernel/sched/core.c:7047 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7062
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7119
rwsem_down_write_slowpath+0x883/0x1080 kernel/locking/rwsem.c:1215
__down_write_common kernel/locking/rwsem.c:1347 [inline]
__down_write kernel/locking/rwsem.c:1356 [inline]
down_write+0x1bc/0x200 kernel/locking/rwsem.c:1626
inode_lock include/linux/fs.h:1028 [inline]
btrfs_inode_lock+0x51/0xe0 fs/btrfs/inode.c:368
btrfs_sync_file+0x506/0x1230 fs/btrfs/file.c:1605
generic_write_sync include/linux/fs.h:2640 [inline]
btrfs_do_write_iter+0x72e/0x880 fs/btrfs/file.c:1468
do_iter_readv_writev+0x619/0x8c0 fs/read_write.c:-1
vfs_writev+0x33c/0x990 fs/read_write.c:1059
do_pwritev fs/read_write.c:1155 [inline]
__do_sys_pwritev2 fs/read_write.c:1213 [inline]
__se_sys_pwritev2+0x184/0x2a0 fs/read_write.c:1204
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff16f59c799
RSP: 002b:00007ff17037f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
RAX: ffffffffffffffda RBX: 00007ff16f816450 RCX: 00007ff16f59c799
RDX: 0000000000000001 RSI: 0000200000000240 RDI: 000000000000000b
RBP: 00007ff16f632c99 R08: 0000000000029000 R09: 0000000000000003
R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ff16f8164e8 R14: 00007ff16f816450 R15: 00007ffe49626948
</TASK>
INFO: task syz.0.99:7262 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.99 state:D stack:28800 pid:7262 tgid:7188 ppid:5828 task_flags:0x400140 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5352 [inline]
__schedule+0x1665/0x5590 kernel/sched/core.c:6964
__schedule_loop kernel/sched/core.c:7047 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7062
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7119
rwsem_down_write_slowpath+0x883/0x1080 kernel/locking/rwsem.c:1215
__down_write_common kernel/locking/rwsem.c:1347 [inline]
__down_write kernel/locking/rwsem.c:1356 [inline]
down_write+0x1bc/0x200 kernel/locking/rwsem.c:1626
inode_lock include/linux/fs.h:1028 [inline]
do_lock_mount+0x2b3/0x960 fs/namespace.c:2763
do_loopback+0x286/0x6c0 fs/namespace.c:3012
do_mount fs/namespace.c:4173 [inline]
__do_sys_mount fs/namespace.c:4372 [inline]
__se_sys_mount+0x31d/0x420 fs/namespace.c:4349
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff16f59c799
RSP: 002b:00007ff16c7ee028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ff16f816540 RCX: 00007ff16f59c799
RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000200000000280
RBP: 00007ff16f632c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000005000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ff16f8165d8 R14: 00007ff16f816540 R15: 00007ffe49626948
</TASK>
INFO: task syz.0.99:7265 blocked for more than 145 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.99 state:D stack:27528 pid:7265 tgid:7188 ppid:5828 task_flags:0x400140 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5352 [inline]
__schedule+0x1665/0x5590 kernel/sched/core.c:6964
__schedule_loop kernel/sched/core.c:7047 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7062
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7119
rwsem_down_write_slowpath+0x883/0x1080 kernel/locking/rwsem.c:1215
__down_write_common kernel/locking/rwsem.c:1347 [inline]
__down_write kernel/locking/rwsem.c:1356 [inline]
down_write+0x1bc/0x200 kernel/locking/rwsem.c:1626
inode_lock include/linux/fs.h:1028 [inline]
process_measurement+0x451/0x1c80 security/integrity/ima/ima_main.c:300
ima_file_check+0xe1/0x130 security/integrity/ima/ima_main.c:685
security_file_post_open+0xb3/0x260 security/security.c:2652
do_open fs/namei.c:4695 [inline]
path_openat+0x2e4d/0x3860 fs/namei.c:4852
do_file_open+0x23e/0x4a0 fs/namei.c:4881
do_sys_openat2+0x113/0x200 fs/open.c:1366
do_sys_open fs/open.c:1372 [inline]
__do_sys_open fs/open.c:1380 [inline]
__se_sys_open fs/open.c:1376 [inline]
__x64_sys_open+0x11e/0x150 fs/open.c:1376
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff16f59c799
RSP: 002b:00007ff16c3cb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007ff16f816630 RCX: 00007ff16f59c799
RDX: 00000000000000a0 RSI: 0000000000008000 RDI: 0000200000000000
RBP: 00007ff16f632c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ff16f8166c8 R14: 00007ff16f816630 R15: 00007ffe49626948
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/30:
#0: ffffffff8e75d6a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
#0: ffffffff8e75d6a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
#0: ffffffff8e75d6a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
7 locks held by kworker/0:1H/2266:
#0: ffff8880b863ade0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 kernel/sched/core.c:647
#1: ffff8880b8624588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 kernel/sched/psi.c:933
#2: ffff888055a13128 (semaphore->lock#4){....}-{0:0}, at: up+0x9d/0x160 kernel/locking/semaphore.c:225
#3: ffff888055a14958 (&log->l_flush_wait){....}-{3:3}, at: __wake_up_common_lock+0x2f/0x1f0 kernel/sched/wait.c:124
#4: ffff8880294ec788 (&p->pi_lock){-.-.}-{2:2}, at: class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:571 [inline]
#4: ffff8880294ec788 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0x66/0x1390 kernel/sched/core.c:4183
#5: ffff8880b873ade0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 kernel/sched/core.c:647
#6: ffff8880b8724588 (psi_seq){-.-.}-{0:0}, at: psi_task_change+0xd4/0x340 kernel/sched/psi.c:919
2 locks held by getty/5589:
#0: ffff8880371fb0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc900033332e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211
2 locks held by kworker/0:5/5917:
#0: ffff8880b863ade0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 kernel/sched/core.c:647
#1: ffffffff9a2e4448 (&____s->seqcount#2){----}-{0:0}, at: ktime_get_real_ts64+0xa9/0x3e0 kernel/time/timekeeping.c:943
2 locks held by syz.0.99/7230:
#0: ffff888028746410 (sb_writers#13){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2710 [inline]
#0: ffff888028746410 (sb_writers#13){.+.+}-{0:0}, at: vfs_writev+0x2aa/0x990 fs/read_write.c:1057
#1: ffff88806b497af0 (&sb->s_type->i_mutex_key#25){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline]
#1: ffff88806b497af0 (&sb->s_type->i_mutex_key#25){++++}-{4:4}, at: btrfs_inode_lock+0x51/0xe0 fs/btrfs/inode.c:368
1 lock held by syz.0.99/7262:
#0: ffff88806b497af0 (&sb->s_type->i_mutex_key#25){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline]
#0: ffff88806b497af0 (&sb->s_type->i_mutex_key#25){++++}-{4:4}, at: do_lock_mount+0x2b3/0x960 fs/namespace.c:2763
1 lock held by syz.0.99/7265:
#0: ffff88806b497af0 (&sb->s_type->i_mutex_key#25){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline]
#0: ffff88806b497af0 (&sb->s_type->i_mutex_key#25){++++}-{4:4}, at: process_measurement+0x451/0x1c80 security/integrity/ima/ima_main.c:300
1 lock held by syz-executor/7637:
#0: ffffffff8e7638e8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
#0: ffffffff8e7638e8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770 kernel/rcu/tree_exp.h:961
2 locks held by syz-executor/10297:
#0: ffffffff8fbd5980 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
#0: ffffffff8fbd5980 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
#0: ffffffff8fbd5980 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071
#1: ffff888054899510 (&wg->device_update_lock){+.+.}-{4:4}, at: wg_open+0x227/0x420 drivers/net/wireguard/device.c:50
3 locks held by kworker/u8:12/10412:
#0: ffff88803270a140 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x894/0x1780 kernel/workqueue.c:3261
#1: ffffc9000d5a7c40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1780 kernel/workqueue.c:3262
#2: ffffffff8fbd5980 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
#2: ffffffff8fbd5980 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x11e/0x14c0 net/ipv6/addrconf.c:4198
3 locks held by dhcpcd-run-hook/10667:
#0: ffff8880b863ade0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 kernel/sched/core.c:647
#1: ffff8880b8624588 (psi_seq){-.-.}-{0:0}, at: spin_lock include/linux/spinlock.h:342 [inline]
#1: ffff8880b8624588 (psi_seq){-.-.}-{0:0}, at: __exit_signal kernel/exit.c:169 [inline]
#1: ffff8880b8624588 (psi_seq){-.-.}-{0:0}, at: release_task+0x4e8/0x16f0 kernel/exit.c:265
#2: ffff888036e9ce58 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:342 [inline]
#2: ffff888036e9ce58 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: pte_offset_map_lock+0x13d/0x210 mm/pgtable-generic.c:402
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
watchdog+0x1002/0x1060 kernel/hung_task.c:561
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 10678 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:on_stack arch/x86/include/asm/stacktrace.h:60 [inline]
RIP: 0010:stack_access_ok arch/x86/kernel/unwind_orc.c:409 [inline]
RIP: 0010:deref_stack_regs arch/x86/kernel/unwind_orc.c:434 [inline]
RIP: 0010:unwind_next_frame+0xf53/0x23c0 arch/x86/kernel/unwind_orc.c:611
Code: 04 01 84 c0 0f 85 94 0f 00 00 41 83 3e 00 0f 95 c0 4c 8b 7c 24 18 4d 39 fc 0f 96 c1 20 c1 4c 39 fb 0f 97 c0 20 c8 3c 01 75 1b <49> 8d 87 a8 00 00 00 4c 39 e0 0f 97 c1 48 39 d8 0f 96 c0 84 c1 0f
RSP: 0018:ffffc9000733f178 EFLAGS: 00000246
RAX: 0000000000000001 RBX: ffffc90007340000 RCX: 1ffff92000e67e01
RDX: ffffffff909e195a RSI: 0000000000000003 RDI: ffffffff8c284720
RBP: 1ffff92000e67e4b R08: 0000000000000022 R09: ffffffff8e75d6a0
R10: ffffc9000733f298 R11: ffffffff81b1cb00 R12: ffffc90007338000
R13: ffffc9000733f250 R14: ffffc9000733f248 R15: ffffc9000733ff48
FS: 0000000000000000(0000) GS:ffff888125436000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007efe38f4e286 CR3: 0000000079088000 CR4: 00000000003526f0
Call Trace:
<TASK>
arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
kasan_save_stack+0x3e/0x60 mm/kasan/common.c:57
kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:556
slab_free_hook mm/slub.c:2650 [inline]
slab_free mm/slub.c:6242 [inline]
kmem_cache_free+0x441/0x640 mm/slub.c:6369
tear_down_vmas+0x302/0x520 mm/mmap.c:1264
exit_mmap+0x4b6/0xa10 mm/mmap.c:1322
__mmput+0x118/0x430 kernel/fork.c:1180
exec_mmap+0x5b2/0x630 fs/exec.c:893
begin_new_exec+0x1349/0x24a0 fs/exec.c:1148
load_elf_binary+0xa47/0x2980 fs/binfmt_elf.c:1011
search_binary_handler fs/exec.c:1664 [inline]
exec_binprm fs/exec.c:1696 [inline]
bprm_execve+0x949/0x1470 fs/exec.c:1748
do_execveat_common+0x50d/0x690 fs/exec.c:1846
__do_sys_execve fs/exec.c:1930 [inline]
__se_sys_execve fs/exec.c:1924 [inline]
__x64_sys_execve+0x97/0xc0 fs/exec.c:1924
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7efe38e94107
Code: Unable to access opcode bytes at 0x7efe38e940dd.
RSP: 002b:00007ffec66f3648 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00005645aefb81b8 RCX: 00007efe38e94107
RDX: 00005645aefb81d8 RSI: 00005645aefb81b8 RDI: 00005645aefb8288
RBP: 00005645aefb8288 R08: 00007ffec66f7dad R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000246 R12: 00005645aefb81d8
R13: 00007efe39059e8b R14: 00005645aefb81d8 R15: 0000000000000000
</TASK>