INFO: task syz.3.2349:15749 blocked for more than 147 seconds.
Tainted: G L syzkaller #0
Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.2349 state:D stack:26688 pid:15749 tgid:15748 ppid:5843 task_flags:0x40044c flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5256 [inline]
__schedule+0x149b/0x4fd0 kernel/sched/core.c:6863
__schedule_loop kernel/sched/core.c:6945 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6960
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7017
rwsem_down_read_slowpath+0x5fd/0x8f0 kernel/locking/rwsem.c:1086
__down_read_common kernel/locking/rwsem.c:1261 [inline]
__down_read kernel/locking/rwsem.c:1274 [inline]
down_read+0x99/0x2e0 kernel/locking/rwsem.c:1539
mmap_read_lock include/linux/mmap_lock.h:391 [inline]
exit_mm+0x74/0x230 kernel/exit.c:557
do_exit+0x627/0x22f0 kernel/exit.c:959
do_group_exit+0x21c/0x2d0 kernel/exit.c:1112
get_signal+0x1285/0x1340 kernel/signal.c:3034
arch_do_signal_or_restart+0x9a/0x7a0 arch/x86/kernel/signal.c:337
__exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
exit_to_user_mode_loop+0x87/0x4e0 kernel/entry/common.c:75
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
do_syscall_64+0x2c1/0xf80 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f52cd38f749
RSP: 002b:00007f52ce183038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: 000000000000000c RBX: 00007f52cd5e5fa0 RCX: 00007f52cd38f749
RDX: 0000000000000318 RSI: 00002000000bd000 RDI: 0000000000000004
RBP: 00007f52cd413f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f52cd5e6038 R14: 00007f52cd5e5fa0 R15: 00007f52cd70fa28
Showing all locks held in the system:
1 lock held by kthreadd/2:
4 locks held by kworker/u8:1/13:
2 locks held by kworker/1:0/24:
1 lock held by khungtaskd/31:
#0: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#0: ffffffff8df41aa0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
4 locks held by kworker/1:1/39:
#0: ffff88807eada148 ((wq_completion)wg-kex-wg2#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff88807eada148 ((wq_completion)wg-kex-wg2#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
#1: ffffc90000af7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc90000af7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
#2: ffff88802c7f9308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 drivers/net/wireguard/noise.c:598
#3: ffff888030d6b4c0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4bf/0x900 drivers/net/wireguard/noise.c:632
4 locks held by kworker/u8:3/50:
3 locks held by kworker/u8:4/66:
4 locks held by kworker/u8:5/307:
#0: ffff88807b78b948 ((wq_completion)wg-kex-wg1){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff88807b78b948 ((wq_completion)wg-kex-wg1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
#1: ffffc90003037bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc90003037bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
#2: ffff88807b019308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x105/0x750 drivers/net/wireguard/noise.c:529
#3: ffff888030d6a0f0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x116/0x750 drivers/net/wireguard/noise.c:530
4 locks held by kworker/u8:6/1110:
3 locks held by kworker/u8:7/1313:
3 locks held by kworker/u8:8/1331:
3 locks held by kworker/u8:9/2122:
4 locks held by kworker/u8:12/3077:
2 locks held by kworker/R-bat_e/3411:
2 locks held by kworker/u8:13/3427:
4 locks held by kworker/u8:15/3547:
1 lock held by klogd/5190:
3 locks held by udevd/5201:
1 lock held by dhcpcd/5495:
3 locks held by crond/5570:
2 locks held by getty/5589:
#0: ffff88803065d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc9000331e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x449/0x1460 drivers/tty/n_tty.c:2211
1 lock held by syz-executor/5814:
3 locks held by syz-executor/5842:
2 locks held by kworker/1:3/5867:
4 locks held by kworker/0:3/5877:
4 locks held by kworker/1:5/5897:
2 locks held by kworker/1:8/5927:
4 locks held by kworker/u8:16/6003:
3 locks held by kworker/u8:17/6077:
4 locks held by kworker/u8:18/6657:
5 locks held by kworker/0:9/7031:
3 locks held by kworker/u8:19/7930:
7 locks held by kworker/u8:20/8040:
4 locks held by kworker/u8:21/12405:
4 locks held by kworker/u8:22/12406:
2 locks held by syz-executor/12653:
3 locks held by kworker/u8:23/12893:
3 locks held by kworker/u8:24/13192:
3 locks held by syz.7.1764/13499:
2 locks held by kworker/1:7/13540:
3 locks held by kworker/1:9/13541:
4 locks held by kworker/0:2/13551:
#0: ffff8881443da948 ((wq_completion)wg-kex-wg0#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff8881443da948 ((wq_completion)wg-kex-wg0#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
#1: ffffc90003bafbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc90003bafbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
#2: ffff88803366d308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 drivers/net/wireguard/noise.c:598
#3: ffff888030d68338 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4bf/0x900 drivers/net/wireguard/noise.c:632
3 locks held by kworker/0:12/13556:
#0: ffff8880584e8d48 ((wq_completion)wg-kex-wg0#18){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff8880584e8d48 ((wq_completion)wg-kex-wg0#18){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
#1: ffffc90004b8fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc90004b8fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
#2: ffff88804fb22ad8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_begin_session+0x36/0xbd0 drivers/net/wireguard/noise.c:822
4 locks held by kworker/0:13/13558:
#0: ffff88807eada148 ((wq_completion)wg-kex-wg2#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff88807eada148 ((wq_completion)wg-kex-wg2#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770 kernel/workqueue.c:3340
#1: ffffc90004bafbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc90004bafbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770 kernel/workqueue.c:3340
#2: ffff88802c7f9308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 drivers/net/wireguard/noise.c:598
#3: ffff888030d6b4c0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4bf/0x900 drivers/net/wireguard/noise.c:632
2 locks held by udevd/13751:
6 locks held by syz.6.2340/15724:
2 locks held by syz.7.2347/15742:
1 lock held by syz.3.2349/15748:
#0: ffff88807ebd1bc0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock_killable+0x1d/0x70 include/linux/mmap_lock.h:400
1 lock held by syz.3.2349/15749:
#0: ffff88807ebd1bc0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:391 [inline]
#0: ffff88807ebd1bc0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0x74/0x230 kernel/exit.c:557
5 locks held by syz.3.2349/15752:
1 lock held by syz.3.2349/15753:
#0: ffff88807ebd1bc0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:391 [inline]
#0: ffff88807ebd1bc0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0x74/0x230 kernel/exit.c:557
1 lock held by syz.3.2349/15755:
#0: ffff88807ebd1bc0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock_killable+0x1d/0x70 include/linux/mmap_lock.h:400
4 locks held by kworker/u8:11/15760:
4 locks held by kworker/u8:14/15761:
3 locks held by kworker/u8:25/15762:
3 locks held by kworker/u8:26/15763:
4 locks held by kworker/0:0/15764:
4 locks held by kworker/u8:28/15766:
2 locks held by kworker/1:2/15767:
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
watchdog+0xf95/0xfe0 kernel/hung_task.c:515
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 8040 Comm: kworker/u8:20 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:27 [inline]
RIP: 0010:rcu_lockdep_current_cpu_online+0x9/0x120 kernel/rcu/tree.c:4025
Code: e9 4e ff ff ff 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 41 56 53 <65> 8b 0d d0 cf d8 10 b0 01 f7 c1 00 00 f0 00 0f 85 d5 00 00 00 83
RSP: 0018:ffffc900000071d0 EFLAGS: 00000202
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000080000103
RDX: ffff88802a120000 RSI: ffffffff8bc08340 RDI: ffffffff8bc08300
RBP: ffffc90000007358 R08: ffffc90000007480 R09: ffffc90000007490
R10: ffffc900000072e0 R11: fffff52000000e5e R12: 1ffff1100f54a68c
R13: dffffc0000000000 R14: ffff88806be77000 R15: ffffc90000007458
FS: 0000000000000000(0000) GS:ffff888125e1f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f111490eccc CR3: 000000000dd3a000 CR4: 00000000003526f0
DR0: 000000000000d000 DR1: 0000000000058000 DR2: 00000000eeee0000
DR3: 00000000ffffffff DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
rcu_read_lock_held_common kernel/rcu/update.c:113 [inline]
rcu_read_lock_held+0x1e/0x50 kernel/rcu/update.c:349
__find_rr_leaf+0x345/0x6d0 net/ipv6/route.c:833
find_rr_leaf net/ipv6/route.c:889 [inline]
rt6_select net/ipv6/route.c:933 [inline]
fib6_table_lookup+0x39f/0xa80 net/ipv6/route.c:2244
ip6_pol_route+0x22c/0x11a0 net/ipv6/route.c:2280
pol_lookup_func include/net/ip6_fib.h:617 [inline]
__fib6_rule_action net/ipv6/fib6_rules.c:237 [inline]
fib6_rule_action+0x674/0x7d0 net/ipv6/fib6_rules.c:275
fib_rules_lookup+0x767/0xe90 net/core/fib_rules.c:339
fib6_rule_lookup+0x18e/0x6f0 net/ipv6/fib6_rules.c:112
ip6_route_input_lookup net/ipv6/route.c:2349 [inline]
ip6_route_input+0x6de/0xad0 net/ipv6/route.c:2652
ip6_rcv_finish+0x141/0x2e0 net/ipv6/ip6_input.c:77
NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318
__netif_receive_skb_one_core net/core/dev.c:6139 [inline]
__netif_receive_skb+0xd3/0x380 net/core/dev.c:6252
process_backlog+0x54f/0x1340 net/core/dev.c:6604
__napi_poll+0xae/0x320 net/core/dev.c:7668
napi_poll net/core/dev.c:7731 [inline]
net_rx_action+0x64a/0xe00 net/core/dev.c:7883
handle_softirqs+0x22b/0x7c0 kernel/softirq.c:622
do_softirq+0x76/0xd0 kernel/softirq.c:523
__local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450
local_bh_enable include/linux/bottom_half.h:33 [inline]
__alloc_skb+0x1bc/0x3a0 net/core/skbuff.c:674
alloc_skb include/linux/skbuff.h:1383 [inline]
nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:818 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:875 [inline]
nsim_dev_trap_report_work+0x29a/0xb80 drivers/net/netdevsim/dev.c:921
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246