INFO: task syz.5.3744:18652 blocked for more than 143 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.3744 state:D stack:26376 pid:18652 tgid:18650 ppid:18045 task_flags:0x400040 flags:0x00080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5352 [inline]
__schedule+0x1665/0x5590 kernel/sched/core.c:6964
__schedule_loop kernel/sched/core.c:7047 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7062
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7119
rwsem_down_read_slowpath+0x6d9/0x940 kernel/locking/rwsem.c:1114
__down_read_common kernel/locking/rwsem.c:1291 [inline]
__down_read kernel/locking/rwsem.c:1304 [inline]
down_read+0x99/0x2e0 kernel/locking/rwsem.c:1570
mmap_read_lock include/linux/mmap_lock.h:592 [inline]
collapse_huge_page mm/khugepaged.c:1119 [inline]
collapse_scan_pmd mm/khugepaged.c:1417 [inline]
collapse_single_pmd+0x1bd1/0x4510 mm/khugepaged.c:2427
madvise_collapse+0x34c/0x820 mm/khugepaged.c:2859
madvise_vma_behavior+0x10ce/0x44d0 mm/madvise.c:1362
madvise_walk_vmas+0x573/0xae0 mm/madvise.c:1711
madvise_do_behavior+0x386/0x540 mm/madvise.c:1927
do_madvise+0x1fa/0x2e0 mm/madvise.c:2020
__do_sys_madvise mm/madvise.c:2029 [inline]
__se_sys_madvise mm/madvise.c:2027 [inline]
__x64_sys_madvise+0xa6/0xc0 mm/madvise.c:2027
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7febde79c799
RSP: 002b:00007febdf705028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00007febdea16090 RCX: 00007febde79c799
RDX: 0000000000000019 RSI: 0000000000800000 RDI: 0000200000800000
RBP: 00007febde832c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007febdea16128 R14: 00007febdea16090 R15: 00007fff818c6f58
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/30:
#0: ffffffff8eb5d6e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
#0: ffffffff8eb5d6e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
#0: ffffffff8eb5d6e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
2 locks held by getty/15047:
#0: ffff88803781f0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90004d9b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211
4 locks held by kworker/u8:9/15919:
1 lock held by syz.5.3744/18652:
#0: ffff88813fe2ce38 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:592 [inline]
#0: ffff88813fe2ce38 (&mm->mmap_lock){++++}-{4:4}, at: collapse_huge_page mm/khugepaged.c:1119 [inline]
#0: ffff88813fe2ce38 (&mm->mmap_lock){++++}-{4:4}, at: collapse_scan_pmd mm/khugepaged.c:1417 [inline]
#0: ffff88813fe2ce38 (&mm->mmap_lock){++++}-{4:4}, at: collapse_single_pmd+0x1bd1/0x4510 mm/khugepaged.c:2427
1 lock held by syz.4.3915/19358:
#0: ffff888037d9e738 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock_killable+0x1d/0x70 include/linux/mmap_lock.h:601
1 lock held by syz.4.3915/19369:
#0: ffff888037d9e738 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:592 [inline]
#0: ffff888037d9e738 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0x73/0x250 kernel/exit.c:557
1 lock held by syz.4.3915/19376:
#0: ffff888037d9e738 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:592 [inline]
#0: ffff888037d9e738 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0x73/0x250 kernel/exit.c:557
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
watchdog+0x1002/0x1060 kernel/hung_task.c:561
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 5826 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:check_preemption_disabled+0x6/0xe0 lib/smp_processor_id.c:14
Code: c7 c6 e0 86 4a 8c eb 1c 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 56 53 <65> 8b 05 a7 11 a4 07 65 8b 0d 9c 11 a4 07 f7 c1 ff ff ff 7f 74 0c
RSP: 0018:ffffc900037d7978 EFLAGS: 00000046
RAX: 6a9fa6634f80d171 RBX: 0000000000000206 RCX: 0000000080000201
RDX: 0000000000000001 RSI: ffffffff8e4d2edc RDI: ffffffff8c4a8700
RBP: ffff888037470b78 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff520006faf2c R12: 0000000000000001
R13: 0000000000000001 R14: ffff888031a401e8 R15: ffff888037470000
FS: 000055555f58d540(0000) GS:ffff888124de1000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f29bade99b8 CR3: 000000007717e000 CR4: 00000000003526f0
Call Trace:
<TASK>
lockdep_recursion_finish kernel/locking/lockdep.c:470 [inline]
lock_release+0x259/0x3d0 kernel/locking/lockdep.c:5891
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:194 [inline]
_raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210
lock_sock include/net/sock.h:1713 [inline]
tcp_recvmsg+0x1e4/0x7e0 net/ipv4/tcp.c:2960
sock_recvmsg_nosec+0xee/0x140 net/socket.c:1151
sock_recvmsg net/socket.c:1173 [inline]
sock_read_iter+0x296/0x360 net/socket.c:1243
new_sync_read fs/read_write.c:493 [inline]
vfs_read+0x582/0xa70 fs/read_write.c:574
ksys_read+0x150/0x270 fs/read_write.c:717
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2090357917
Code: 48 89 fa 4c 89 df e8 a8 56 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007fff527cba80 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 000055555f58d540 RCX: 00007f2090357917
RDX: 0000000000000004 RSI: 00007fff527cbadc RDI: 0000000000000003
RBP: 00007fff527cbf80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004
R13: 00007fff527cbadc R14: 00007fff527cbb70 R15: 0000000000000000
</TASK>