INFO: task syz.5.3350:17312 blocked for more than 143 seconds. Tainted: G L syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.5.3350 state:D stack:27200 pid:17312 tgid:17288 ppid:14515 task_flags:0x400040 flags:0x00080002 Call Trace: context_switch kernel/sched/core.c:5510 [inline] __schedule+0x16dc/0x5500 kernel/sched/core.c:7234 __schedule_loop kernel/sched/core.c:7311 [inline] schedule+0x164/0x2b0 kernel/sched/core.c:7326 request_wait_answer fs/fuse/dev.c:743 [inline] __fuse_request_send fs/fuse/dev.c:757 [inline] fuse_chan_send+0x1068/0x1ad0 fs/fuse/dev.c:833 fuse_simple_request fs/fuse/fuse_i.h:1012 [inline] fuse_send_open fs/fuse/file.c:51 [inline] fuse_file_open+0x559/0x950 fs/fuse/file.c:162 fuse_do_open fs/fuse/file.c:192 [inline] fuse_open+0x364/0x780 fs/fuse/file.c:281 do_dentry_open+0x849/0x1420 fs/open.c:947 vfs_open+0x3b/0x350 fs/open.c:1052 do_open fs/namei.c:4700 [inline] path_openat+0x2e60/0x3850 fs/namei.c:4859 do_file_open+0x23e/0x4a0 fs/namei.c:4888 do_sys_openat2+0x115/0x200 fs/open.c:1368 do_sys_open fs/open.c:1374 [inline] __do_sys_openat fs/open.c:1390 [inline] __se_sys_openat fs/open.c:1385 [inline] __x64_sys_openat+0x138/0x170 fs/open.c:1385 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fcba1b3ce59 RSP: 002b:00007fcb9f7a8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007fcba1db6270 RCX: 00007fcba1b3ce59 RDX: 00000000000c5001 RSI: 0000200000000100 RDI: ffffffffffffff9c RBP: 00007fcba1bd2e6f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000104 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fcba1db6308 R14: 00007fcba1db6270 R15: 00007ffd2548dc78 Showing all locks held in the system: 4 locks held by kworker/u8:0/12: #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #1: ffffc90000117c40 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #1: ffffc90000117c40 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #2: ffffffff8de51b30 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_enable+0x12/0x20 kernel/jump_label.c:222 #3: ffffffff8e0981d8 (jump_label_mutex){+.+.}-{4:4}, at: jump_label_lock kernel/jump_label.c:27 [inline] #3: ffffffff8e0981d8 (jump_label_mutex){+.+.}-{4:4}, at: static_key_enable_cpuslocked+0xcb/0x240 kernel/jump_label.c:207 4 locks held by pr/legacy/17: 1 lock held by khungtaskd/37: #0: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline] #0: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline] #0: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775 6 locks held by kworker/u8:2/41: #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #1: ffffc90000b27c40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #1: ffffc90000b27c40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #2: ffff88803a560310 (&devlink->lock_key#7){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xcb0 drivers/net/netdevsim/dev.c:909 #3: ffff888060aeb920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #3: ffff888060aeb920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:862 [inline] #3: ffff888060aeb920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1e0/0xcb0 drivers/net/netdevsim/dev.c:922 #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline] #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline] #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline] #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57 #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue_buddy mm/page_alloc.c:3223 [inline] #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue mm/page_alloc.c:3415 [inline] #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcc4/0x26a0 mm/page_alloc.c:3943 5 locks held by kworker/u9:0/60: 3 locks held by kworker/u8:4/67: 8 locks held by kworker/u8:5/100: 4 locks held by kworker/u8:7/1069: #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #1: ffffc90006337c40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #1: ffffc90006337c40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #2: ffff8880627508d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6884 [inline] #2: ffff8880627508d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x420 net/wireless/core.c:524 #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue_buddy mm/page_alloc.c:3223 [inline] #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue mm/page_alloc.c:3415 [inline] #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcc4/0x26a0 mm/page_alloc.c:3943 3 locks held by kworker/u8:13/3681: #0: ffff888032bf3938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #0: ffff888032bf3938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #1: ffffc9000e9f7c40 ((work_completion)(&(&forw_packet_aggr->delayed_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #1: ffffc9000e9f7c40 ((work_completion)(&(&forw_packet_aggr->delayed_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #2: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #2: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue_buddy mm/page_alloc.c:3223 [inline] #2: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue mm/page_alloc.c:3415 [inline] #2: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcc4/0x26a0 mm/page_alloc.c:3943 2 locks held by udevd/4962: 2 locks held by getty/5352: #0: ffff88802b1070a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243 #1: ffffc90003cc62e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x460/0x1360 drivers/tty/n_tty.c:2211 13 locks held by kworker/0:6/5866: 4 locks held by kworker/u8:15/6238: #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #1: ffffc90003ddfc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #1: ffffc90003ddfc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #2: ffff888064bb08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6884 [inline] #2: ffff888064bb08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x420 net/wireless/core.c:524 #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue_buddy mm/page_alloc.c:3223 [inline] #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue mm/page_alloc.c:3415 [inline] #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcc4/0x26a0 mm/page_alloc.c:3943 6 locks held by kworker/u8:16/6239: #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #1: ffffc9000507fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #1: ffffc9000507fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #2: ffff88805e0ec310 (&devlink->lock_key#12){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xcb0 drivers/net/netdevsim/dev.c:909 #3: ffff88804e49b520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #3: ffff88804e49b520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:862 [inline] #3: ffff88804e49b520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1e0/0xcb0 drivers/net/netdevsim/dev.c:922 #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline] #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline] #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline] #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57 #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue_buddy mm/page_alloc.c:3223 [inline] #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue mm/page_alloc.c:3415 [inline] #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcc4/0x26a0 mm/page_alloc.c:3943 13 locks held by kworker/1:7/6326: #0: ffff888024829938 ((wq_completion)wg-crypt-wg0#10){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #0: ffff888024829938 ((wq_completion)wg-crypt-wg0#10){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #1: ffffc90002f6fc40 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #1: ffffc90002f6fc40 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #2: ffffffff8de591e0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163 #3: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163 #4: ffff8880255ba240 (&peer->endpoint_lock){++..}-{3:3}, at: read_lock_bh include/linux/rwlock_rt.h:45 [inline] #4: ffff8880255ba240 (&peer->endpoint_lock){++..}-{3:3}, at: wg_socket_send_skb_to_peer+0x6e/0x200 drivers/net/wireguard/socket.c:172 #5: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline] #5: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline] #5: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rt_read_lock+0x277/0x4b0 kernel/locking/spinlock_rt.c:251 #6: ffffffff8de591e0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163 #7: ffffffff8dfc3020 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline] #7: ffffffff8dfc3020 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:893 [inline] #7: ffffffff8dfc3020 (rcu_read_lock_bh){....}-{1:3}, at: send4+0x217/0xec0 drivers/net/wireguard/socket.c:38 #8: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline] #8: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline] #8: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: ip_output+0x5a/0x450 net/ipv4/ip_output.c:432 #9: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline] #9: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline] #9: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: ip_finish_output2+0x3de/0x1100 net/ipv4/ip_output.c:229 #10: ffffffff8de591e0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163 #11: ffffffff8dfc3020 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline] #11: ffffffff8dfc3020 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:893 [inline] #11: ffffffff8dfc3020 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x291/0x3890 net/core/dev.c:4793 #12: ffff888061f54230 (&sch->root_lock_key#38){+...}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #12: ffff888061f54230 (&sch->root_lock_key#38){+...}-{3:3}, at: __dev_xmit_skb net/core/dev.c:4249 [inline] #12: ffff888061f54230 (&sch->root_lock_key#38){+...}-{3:3}, at: __dev_queue_xmit+0xdb1/0x3890 net/core/dev.c:4833 8 locks held by kworker/1:1H/8853: 6 locks held by kworker/u8:14/16092: #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #1: ffffc90003c8fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #1: ffffc90003c8fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #2: ffff888029f82310 (&devlink->lock_key#11){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xcb0 drivers/net/netdevsim/dev.c:909 #3: ffff8880617f5d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #3: ffff8880617f5d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:862 [inline] #3: ffff8880617f5d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1e0/0xcb0 drivers/net/netdevsim/dev.c:922 #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline] #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline] #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline] #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57 #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue_buddy mm/page_alloc.c:3223 [inline] #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue mm/page_alloc.c:3415 [inline] #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcc4/0x26a0 mm/page_alloc.c:3943 3 locks held by udevd/16951: #0: ffffffff8e6fd498 (tomoyo_ss){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:187 [inline] #0: ffffffff8e6fd498 (tomoyo_ss){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:294 [inline] #0: ffffffff8e6fd498 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_read_lock security/tomoyo/common.h:1112 [inline] #0: ffffffff8e6fd498 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_path_perm+0x251/0x560 security/tomoyo/file.c:826 #1: ffffffff8e107450 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:187 [inline] #1: ffffffff8e107450 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 include/linux/srcu.h:294 #2: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #2: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 mm/page_alloc.c:1555 6 locks held by kworker/u8:19/17144: #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #1: ffffc90005b9fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #1: ffffc90005b9fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #2: ffff888025582310 (&devlink->lock_key#10){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xcb0 drivers/net/netdevsim/dev.c:909 #3: ffff888060f3f120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #3: ffff888060f3f120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:862 [inline] #3: ffff888060f3f120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1e0/0xcb0 drivers/net/netdevsim/dev.c:922 #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline] #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline] #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline] #4: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57 #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue_buddy mm/page_alloc.c:3223 [inline] #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue mm/page_alloc.c:3415 [inline] #5: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcc4/0x26a0 mm/page_alloc.c:3943 4 locks held by kworker/u8:23/18401: #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #0: ffff88801a084138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #1: ffffc9000435fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3297 [inline] #1: ffffc9000435fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa20/0x14e0 kernel/workqueue.c:3405 #2: ffff888039c708d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6884 [inline] #2: ffff888039c708d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x420 net/wireless/core.c:524 #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue_buddy mm/page_alloc.c:3223 [inline] #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue mm/page_alloc.c:3415 [inline] #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcc4/0x26a0 mm/page_alloc.c:3943 2 locks held by syz.2.3837/18871: #0: ffff8880320947b0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_trylock include/linux/mmap_lock.h:611 [inline] #0: ffff8880320947b0 (&mm->mmap_lock){++++}-{4:4}, at: get_mmap_lock_carefully mm/mmap_lock.c:441 [inline] #0: ffff8880320947b0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x36/0x340 mm/mmap_lock.c:501 #1: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #1: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue_buddy mm/page_alloc.c:3223 [inline] #1: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue mm/page_alloc.c:3415 [inline] #1: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcc4/0x26a0 mm/page_alloc.c:3943 3 locks held by syz.4.3901/19035: 6 locks held by syz-executor/19043: 2 locks held by syz.3.3904/19044: #0: ffff888089e20858 (&ep->mtx){+.+.}-{4:4}, at: eventpoll_release_file+0xac/0x240 fs/eventpoll.c:1403 #1: ffff88801bacb868 (&k->list_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #1: ffff88801bacb868 (&k->list_lock){+.+.}-{3:3}, at: class_to_subsys+0x41/0x120 drivers/base/class.c:50 1 lock held by syz.3.3904/19046: #0: ffff8880b883b920 (&rq->__lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0xb2/0x160 kernel/sched/core.c:675 4 locks held by syz.0.3905/19045: #0: ffff88805e261a88 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 mm/mmap_lock.c:310 #1: ffff8880b8842d98 (&pcp->lock){+.+.}-{3:3}, at: rmqueue_pcplist mm/page_alloc.c:3368 [inline] #1: ffff8880b8842d98 (&pcp->lock){+.+.}-{3:3}, at: rmqueue mm/page_alloc.c:3409 [inline] #1: ffff8880b8842d98 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x8a5/0x26a0 mm/page_alloc.c:3943 #2: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline] #2: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline] #2: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: __rt_spin_trylock kernel/locking/spinlock_rt.c:127 [inline] #2: ffffffff8dfc2fc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x10c/0x2b0 kernel/locking/spinlock_rt.c:135 #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: rmqueue_bulk mm/page_alloc.c:2535 [inline] #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: __rmqueue_pcplist+0x4aa/0x1b10 mm/page_alloc.c:3341 1 lock held by syz.6.3906/19049: #0: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline] #0: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 mm/page_alloc.c:1555 ============================================= NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 37 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:122 nmi_trigger_cpumask_backtrace+0x17a/0x380 lib/nmi_backtrace.c:65 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline] __sys_info lib/sys_info.c:157 [inline] sys_info+0x135/0x170 lib/sys_info.c:165 check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline] watchdog+0xfd7/0x1030 kernel/hung_task.c:561 kthread+0x388/0x470 kernel/kthread.c:436 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 19046 Comm: syz.3.3904 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 RIP: 0010:__raw_callee_save___pv_queued_spin_unlock+0x10/0x18 Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 52 b8 01 00 00 00 31 d2 f0 0f b0 17 <75> 06 5a c3 cc cc cc cc 56 0f b6 f0 e8 9f ff ff ff 5e 5a e9 d8 39 RSP: 0018:ffffc900073677e0 EFLAGS: 00000046 RAX: 0000000000000001 RBX: ffffffff99a66820 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff99a66820 RBP: 1ffffffff334cd05 R08: ffffffff99a66823 R09: 1ffffffff334cd04 R10: dffffc0000000000 R11: fffffbfff334cd05 R12: dffffc0000000000 R13: 1ffffffff334cd06 R14: ffffffff99a66830 R15: ffffffff99a66828 FS: 00007f30005de6c0(0000) GS:ffff888126211000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000200000002000 CR3: 000000001a7b8000 CR4: 00000000003526f0 Call Trace: pv_queued_spin_unlock arch/x86/include/asm/paravirt-spinlock.h:40 [inline] queued_spin_unlock arch/x86/include/asm/paravirt-spinlock.h:72 [inline] do_raw_spin_unlock+0xf5/0x210 kernel/locking/spinlock_debug.c:142 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:177 [inline] _raw_spin_unlock_irqrestore+0x23/0x80 kernel/locking/spinlock.c:198 debug_object_assert_init+0x1fe/0x310 lib/debugobjects.c:1072 debug_timer_assert_init kernel/time/timer.c:803 [inline] debug_assert_init kernel/time/timer.c:848 [inline] __mod_timer+0x4b/0xf10 kernel/time/timer.c:1025 schedule_timeout+0x14d/0x2c0 kernel/time/sleep_timeout.c:98 snd_rawmidi_write+0x3ba/0xbc0 sound/core/rawmidi.c:1616 do_loop_readv_writev fs/read_write.c:851 [inline] vfs_writev+0x4c4/0x990 fs/read_write.c:1060 do_writev+0x15a/0x2e0 fs/read_write.c:1104 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f300238ce59 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f30005de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 00007f3002605fa0 RCX: 00007f300238ce59 RDX: 0000000000000002 RSI: 0000200000000840 RDI: 0000000000000007 RBP: 00007f3002422e6f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f3002606038 R14: 00007f3002605fa0 R15: 00007fff744e8878