INFO: task syz.3.811:9138 blocked for more than 143 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.811 state:D stack:23368 pid:9138 tgid:9134 ppid:5838 task_flags:0x480140 flags:0x10080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5260 [inline]
__schedule+0x14ea/0x5050 kernel/sched/core.c:6867
__schedule_loop kernel/sched/core.c:6949 [inline]
schedule+0x164/0x360 kernel/sched/core.c:6964
schedule_timeout+0xc3/0x2c0 kernel/time/sleep_timeout.c:75
do_wait_for_common kernel/sched/completion.c:100 [inline]
__wait_for_common kernel/sched/completion.c:121 [inline]
wait_for_common kernel/sched/completion.c:132 [inline]
wait_for_completion+0x2cc/0x5e0 kernel/sched/completion.c:153
i2c_del_adapter+0x5c0/0x790 drivers/i2c/i2c-core-base.c:1814
ttusb_disconnect+0x204/0x340 drivers/media/usb/ttusb-budget/dvb-ttusb-budget.c:1737
usb_unbind_interface+0x26e/0x910 drivers/usb/core/driver.c:458
device_remove drivers/base/dd.c:573 [inline]
__device_release_driver drivers/base/dd.c:1284 [inline]
device_release_driver_internal+0x4d9/0x860 drivers/base/dd.c:1307
bus_remove_device+0x34d/0x440 drivers/base/bus.c:616
device_del+0x527/0x8f0 drivers/base/core.c:3878
usb_disable_device+0x3d4/0x8d0 drivers/usb/core/message.c:1418
usb_disconnect+0x32f/0x990 drivers/usb/core/hub.c:2345
hub_quiesce+0x171/0x330 drivers/usb/core/hub.c:1405
hub_disconnect+0xc8/0x470 drivers/usb/core/hub.c:1811
usb_unbind_interface+0x26e/0x910 drivers/usb/core/driver.c:458
device_remove drivers/base/dd.c:573 [inline]
__device_release_driver drivers/base/dd.c:1284 [inline]
device_release_driver_internal+0x4d9/0x860 drivers/base/dd.c:1307
proc_ioctl+0x294/0x6b0 drivers/usb/core/devio.c:2360
proc_ioctl_default+0xc4/0x110 drivers/usb/core/devio.c:2403
usbdev_do_ioctl drivers/usb/core/devio.c:2767 [inline]
usbdev_ioctl+0x134c/0x2120 drivers/usb/core/devio.c:2827
__do_compat_sys_ioctl fs/ioctl.c:695 [inline]
__se_compat_sys_ioctl fs/ioctl.c:638 [inline]
__ia32_compat_sys_ioctl+0x5ea/0x950 fs/ioctl.c:638
do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
__do_fast_syscall_32+0x1d2/0x540 arch/x86/entry/syscall_32.c:307
do_fast_syscall_32+0x33/0x70 arch/x86/entry/syscall_32.c:332
entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf740d539
RSP: 002b:00000000f53f450c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000c0105512
RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
INFO: task syz.3.811:9141 blocked for more than 144 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.811 state:D stack:28792 pid:9141 tgid:9134 ppid:5838 task_flags:0x400040 flags:0x10080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5260 [inline]
__schedule+0x14ea/0x5050 kernel/sched/core.c:6867
__schedule_loop kernel/sched/core.c:6949 [inline]
schedule+0x164/0x360 kernel/sched/core.c:6964
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
device_lock include/linux/device.h:895 [inline]
usbdev_do_ioctl drivers/usb/core/devio.c:2611 [inline]
usbdev_ioctl+0x140/0x2120 drivers/usb/core/devio.c:2827
__do_compat_sys_ioctl fs/ioctl.c:695 [inline]
__se_compat_sys_ioctl fs/ioctl.c:638 [inline]
__ia32_compat_sys_ioctl+0x5ea/0x950 fs/ioctl.c:638
do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
__do_fast_syscall_32+0x1d2/0x540 arch/x86/entry/syscall_32.c:307
do_fast_syscall_32+0x33/0x70 arch/x86/entry/syscall_32.c:332
entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf740d539
RSP: 002b:00000000f4fd150c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080045505
RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
INFO: task syz.3.811:9143 blocked for more than 144 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.811 state:D stack:28768 pid:9143 tgid:9134 ppid:5838 task_flags:0x400040 flags:0x10080002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5260 [inline]
__schedule+0x14ea/0x5050 kernel/sched/core.c:6867
__schedule_loop kernel/sched/core.c:6949 [inline]
schedule+0x164/0x360 kernel/sched/core.c:6964
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
device_lock include/linux/device.h:895 [inline]
usbdev_do_ioctl drivers/usb/core/devio.c:2611 [inline]
usbdev_ioctl+0x140/0x2120 drivers/usb/core/devio.c:2827
__do_compat_sys_ioctl fs/ioctl.c:695 [inline]
__se_compat_sys_ioctl fs/ioctl.c:638 [inline]
__ia32_compat_sys_ioctl+0x5ea/0x950 fs/ioctl.c:638
do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
__do_fast_syscall_32+0x1d2/0x540 arch/x86/entry/syscall_32.c:307
do_fast_syscall_32+0x33/0x70 arch/x86/entry/syscall_32.c:332
entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf740d539
RSP: 002b:00000000f4bae50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080045505
RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Showing all locks held in the system:
5 locks held by kworker/u8:1/13:
#0: ffff88813fe69148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff88813fe69148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
#1: ffffc90000127bc0 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc90000127bc0 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
#2: ffff8880b86260d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base kernel/time/timer.c:1004 [inline]
#2: ffff8880b86260d8 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30 kernel/time/timer.c:1085
#3: ffffffff9a23eea8 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x83/0x580 lib/debugobjects.c:818
#4: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#4: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#4: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1195 [inline]
#4: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa5/0x23c0 arch/x86/kernel/unwind_orc.c:495
1 lock held by khungtaskd/31:
#0: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#0: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
2 locks held by getty/5576:
#0: ffff8880301ff0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211
4 locks held by syz.3.811/9138:
#0: ffff888027e59198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#0: ffff888027e59198 (&dev->mutex){....}-{4:4}, at: usbdev_do_ioctl drivers/usb/core/devio.c:2611 [inline]
#0: ffff888027e59198 (&dev->mutex){....}-{4:4}, at: usbdev_ioctl+0x140/0x2120 drivers/usb/core/devio.c:2827
#1: ffff888027e5b160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#1: ffff888027e5b160 (&dev->mutex){....}-{4:4}, at: __device_driver_lock drivers/base/dd.c:1106 [inline]
#1: ffff888027e5b160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x860 drivers/base/dd.c:1304
#2: ffff8880573f2198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#2: ffff8880573f2198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x990 drivers/usb/core/hub.c:2336
#3: ffff8880307ed160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#3: ffff8880307ed160 (&dev->mutex){....}-{4:4}, at: __device_driver_lock drivers/base/dd.c:1106 [inline]
#3: ffff8880307ed160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x860 drivers/base/dd.c:1304
1 lock held by syz.3.811/9141:
#0: ffff888027e59198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#0: ffff888027e59198 (&dev->mutex){....}-{4:4}, at: usbdev_do_ioctl drivers/usb/core/devio.c:2611 [inline]
#0: ffff888027e59198 (&dev->mutex){....}-{4:4}, at: usbdev_ioctl+0x140/0x2120 drivers/usb/core/devio.c:2827
1 lock held by syz.3.811/9143:
#0: ffff888027e59198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#0: ffff888027e59198 (&dev->mutex){....}-{4:4}, at: usbdev_do_ioctl drivers/usb/core/devio.c:2611 [inline]
#0: ffff888027e59198 (&dev->mutex){....}-{4:4}, at: usbdev_ioctl+0x140/0x2120 drivers/usb/core/devio.c:2827
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
watchdog+0xf90/0xfe0 kernel/hung_task.c:515
kthread+0x726/0x8b0 kernel/kthread.c:463
ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
</TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 141 Comm: kworker/u8:5 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: events_unbound cfg80211_wiphy_work
RIP: 0010:ieee80211_iface_work+0x11a0/0x12b0 net/mac80211/iface.c:1811
Code: 8b 34 24 49 81 c6 58 10 00 00 4c 89 f0 48 c1 e8 03 0f b6 04 18 84 c0 0f 85 fa 00 00 00 41 8b 1e 48 89 df 48 c7 c6 10 c0 c5 8f <e8> cb b5 bb f6 83 fb 06 7f 27 83 fb 01 74 53 83 fb 02 75 44 e8 37
RSP: 0018:ffffc90002f079b0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88801df38000
RDX: 0000000000000000 RSI: ffffffff8fc5c010 RDI: 0000000000000001
RBP: ffff88801d789b40 R08: ffffffff8fef1b77 R09: 1ffffffff1fde36e
R10: dffffc0000000000 R11: fffffbfff1fde36f R12: ffff88807c801a08
R13: 0000000000000080 R14: ffff88807c802a60 R15: ffff88807c801a20
FS: 0000000000000000(0000) GS:ffff8881256f5000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000003090bff8 CR3: 000000007f560000 CR4: 00000000003526f0
Call Trace:
<TASK>
cfg80211_wiphy_work+0x2ab/0x450 net/wireless/core.c:438
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0xaec/0x17a0 kernel/workqueue.c:3340
worker_thread+0xda6/0x1360 kernel/workqueue.c:3421
kthread+0x726/0x8b0 kernel/kthread.c:463
ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
</TASK>