INFO: task syz.4.1270:12240 blocked for more than 143 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.1270 state:D stack:27624 pid:12240 tgid:12228 ppid:11802 task_flags:0x400040 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5258 [inline]
__schedule+0x150e/0x5070 kernel/sched/core.c:6866
__schedule_loop kernel/sched/core.c:6948 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6963
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7020
rwsem_down_write_slowpath+0x872/0xfe0 kernel/locking/rwsem.c:1185
__down_write_common kernel/locking/rwsem.c:1317 [inline]
__down_write kernel/locking/rwsem.c:1326 [inline]
down_write+0x1ab/0x1f0 kernel/locking/rwsem.c:1591
inode_lock include/linux/fs.h:1028 [inline]
process_measurement+0x3d8/0x1a70 security/integrity/ima/ima_main.c:281
ima_file_check+0xd9/0x130 security/integrity/ima/ima_main.c:663
security_file_post_open+0xbb/0x290 security/security.c:2652
do_open fs/namei.c:4629 [inline]
path_openat+0x2e25/0x3840 fs/namei.c:4786
do_filp_open+0x1fa/0x410 fs/namei.c:4813
do_sys_openat2+0x121/0x200 fs/open.c:1391
do_sys_open fs/open.c:1397 [inline]
__do_sys_openat fs/open.c:1413 [inline]
__se_sys_openat fs/open.c:1408 [inline]
__x64_sys_openat+0x138/0x170 fs/open.c:1408
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0997d8f749
RSP: 002b:00007f0998ca5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f0997fe6270 RCX: 00007f0997d8f749
RDX: 0000000000000042 RSI: 0000200000000040 RDI: ffffffffffffff9c
RBP: 00007f0997e13f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0997fe6308 R14: 00007f0997fe6270 R15: 00007ffda23aaeb8
Showing all locks held in the system:
1 lock held by pool_workqueue_/3:
#0: ffff8880b873ab18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:639
1 lock held by khungtaskd/31:
#0: ffffffff8e13f2e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8e13f2e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#0: ffffffff8e13f2e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
5 locks held by kworker/u8:5/475:
#0: ffff88801f2b4948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3254
#1: ffffc90003257b80 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3255
#2: ffff88807e11a0e0 (&type->s_umount_key#32){++++}-{4:4}, at: super_trylock_shared+0x20/0xf0 fs/super.c:563
#3: ffff88807e11cb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: percpu_down_read include/linux/percpu-rwsem.h:77 [inline]
#3: ffff88807e11cb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages_down_read fs/ext4/ext4.h:1820 [inline]
#3: ffff88807e11cb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1ca/0x350 fs/ext4/inode.c:3025
#4: ffff8880599445d0 (&ei->i_data_sem){++++}-{4:4}, at: ext4_map_blocks+0x73f/0x16f0 fs/ext4/inode.c:815
4 locks held by kworker/u8:6/1043:
#0: ffff8880b873ab18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:639
#1: ffff8880b8724588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 kernel/sched/psi.c:933
#2: ffff8880b87260d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base kernel/time/timer.c:1004 [inline]
#2: ffff8880b87260d8 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30 kernel/time/timer.c:1085
#3: ffffffff99cd5978 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x87/0x540 lib/debugobjects.c:818
2 locks held by getty/5585:
#0: ffff888034aef0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x449/0x1460 drivers/tty/n_tty.c:2211
5 locks held by kworker/1:9/6044:
3 locks held by kworker/u8:20/6900:
1 lock held by syz-executor/10462:
#0: ffffffff8e144e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
#0: ffffffff8e144e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:956
3 locks held by kworker/u8:27/10799:
#0: ffff88813fe29948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3254
#1: ffffc90004cc7b80 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3255
#2: ffff888031c10788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6363 [inline]
#2: ffff888031c10788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x450 net/wireless/core.c:424
4 locks held by syz.4.1270/12229:
#0: ffff88807e11a420 (sb_writers#4){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2680 [inline]
#0: ffff88807e11a420 (sb_writers#4){.+.+}-{0:0}, at: vfs_writev+0x288/0x960 fs/read_write.c:1055
#1: ffff888059944740 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline]
#1: ffff888059944740 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: ext4_buffered_write_iter+0x9f/0x3a0 fs/ext4/file.c:294
#2: ffff8880599448e0 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_invalidate_lock include/linux/fs.h:1083 [inline]
#2: ffff8880599448e0 (mapping.invalidate_lock#2){++++}-{4:4}, at: ext4_truncate_failed_write fs/ext4/truncate.h:20 [inline]
#2: ffff8880599448e0 (mapping.invalidate_lock#2){++++}-{4:4}, at: ext4_write_end+0x736/0x9e0 fs/ext4/inode.c:1491
#3: ffff8880599445d0 (&ei->i_data_sem){++++}-{4:4}, at: ext4_truncate+0xab0/0x12e0 fs/ext4/inode.c:4608
1 lock held by syz.4.1270/12240:
#0: ffff888059944740 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline]
#0: ffff888059944740 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: process_measurement+0x3d8/0x1a70 security/integrity/ima/ima_main.c:281
1 lock held by syz-executor/12468:
#0: ffff8880b873ab18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:639
1 lock held by syz.1.1707/14285:
#0: ffffffff8e144e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
#0: ffffffff8e144e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:956
1 lock held by syz.5.1711/14302:
#0: ffffffff8e144d00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 kernel/rcu/tree.c:3816
2 locks held by syz.8.1712/14308:
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:363 [inline]
watchdog+0xe40/0xe90 kernel/hung_task.c:557
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 14308 Comm: syz.8.1712 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:__sanitizer_cov_trace_pc+0x5d/0x70 kernel/kcov.c:235
Code: 48 16 00 00 83 fa 02 75 21 48 8b 91 50 16 00 00 48 8b 32 48 8d 7e 01 8b 89 4c 16 00 00 48 39 cf 73 08 48 89 3a 48 89 44 f2 08 cc cc cc cc cc 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90
RSP: 0018:ffffc90003627418 EFLAGS: 00000293
RAX: ffffffff820d8f07 RBX: ffffea00013bfaf0 RCX: ffff88801b785b80
RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 00000000ff000000
RBP: ffffc900036276f0 R08: ffffea00013bfaf3 R09: 1ffffd4000277f5e
R10: dffffc0000000000 R11: fffff94000277f5f R12: 00007fa464bfc000
R13: 00007fa464bfb000 R14: 00000000ffffffff R15: 0000000000000000
FS: 00007fa46fa596c0(0000) GS:ffff888125d25000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe1aabeecc CR3: 000000005971a000 CR4: 00000000003526f0
Call Trace:
folio_mapcount include/linux/mm.h:-1 [inline]
zap_present_folio_ptes mm/memory.c:1652 [inline]
zap_present_ptes mm/memory.c:1708 [inline]
do_zap_pte_range mm/memory.c:1810 [inline]
zap_pte_range mm/memory.c:1854 [inline]
zap_pmd_range mm/memory.c:1946 [inline]
zap_pud_range mm/memory.c:1975 [inline]
zap_p4d_range mm/memory.c:1996 [inline]
unmap_page_range+0x20f7/0x44e0 mm/memory.c:2017
unmap_single_vma mm/memory.c:2059 [inline]
unmap_vmas+0x399/0x580 mm/memory.c:2101
vms_clear_ptes+0x4e4/0x7c0 mm/vma.c:1231
vms_complete_munmap_vmas+0x206/0x8a0 mm/vma.c:1280
do_vmi_align_munmap+0x364/0x440 mm/vma.c:1539
do_vmi_munmap+0x253/0x2e0 mm/vma.c:1587
__vm_munmap+0x207/0x380 mm/vma.c:3203
__do_sys_munmap mm/mmap.c:1077 [inline]
__se_sys_munmap mm/mmap.c:1074 [inline]
__x64_sys_munmap+0x60/0x70 mm/mmap.c:1074
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa46eb8f7d7
Code: 00 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa46fa58e18 EFLAGS: 00000246 ORIG_RAX: 000000000000000b
RAX: ffffffffffffffda RBX: 0000000001000000 RCX: 00007fa46eb8f7d7
RDX: 0000000000000000 RSI: 0000000008400000 RDI: 00007fa464800000
RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000001274f
R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000003
R13: 00007fa46fa58ef0 R14: 00007fa46fa58eb0 R15: 00007fa464800000