./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3854921219 <...> Warning: Permanently added '10.128.1.159' (ED25519) to the list of known hosts. execve("./syz-executor3854921219", ["./syz-executor3854921219"], 0x7ffc6b1aa060 /* 10 vars */) = 0 brk(NULL) = 0x55557c2a9000 brk(0x55557c2a9d00) = 0x55557c2a9d00 arch_prctl(ARCH_SET_FS, 0x55557c2a9380) = 0 set_tid_address(0x55557c2a9650) = 5846 set_robust_list(0x55557c2a9660, 24) = 0 rseq(0x55557c2a9ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3854921219", 4096) = 28 getrandom("\xe9\x60\x6e\xb0\x08\xcc\xe2\x4f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557c2a9d00 brk(0x55557c2cad00) = 0x55557c2cad00 brk(0x55557c2cb000) = 0x55557c2cb000 mprotect(0x7f59125b3000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5847 attached [pid 5847] set_robust_list(0x55557c2a9660, 24 [pid 5846] <... clone resumed>, child_tidptr=0x55557c2a9650) = 5847 [pid 5847] <... set_robust_list resumed>) = 0 [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5847] setpgid(0, 0) = 0 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5847] write(3, "1000", 4) = 4 [pid 5847] close(3) = 0 [pid 5847] write(1, "executing program\n", 18executing program ) = 18 [pid 5847] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 3 [pid 5847] ioctl(3, KDSKBENT, {kb_table=K_NORMTAB, kb_index=127, kb_value=0x20f /* K_SAK */}) = 0 [pid 5847] ioctl(-1, EVIOCSFF, {type=0x16ed /* FF_??? */, id=0, direction=2, ...}) = -1 EBADF (Bad file descriptor) [pid 5847] openat(AT_FDCWD, "/dev/input/event2", O_WRONLY|O_NOCTTY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW|FASYNC|0x800000) = 4 [pid 5847] write(4, "\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x0f\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4824) = 4080 [pid 5847] exit_group(0) = ? [pid 5846] kill(-5847, SIGKILL) = 0 [pid 5846] kill(5847, SIGKILL) = 0 [pid 5846] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5846] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5846] getdents64(3, 0x55557c2aa6f0 /* 2 entries */, 32768) = 48 [pid 5846] getdents64(3, 0x55557c2aa6f0 /* 0 entries */, 32768) = 0 [pid 5846] close(3) = 0 [ 118.353234][ T24] [ 118.353256][ T24] ====================================================== [ 118.353268][ T24] WARNING: possible circular locking dependency detected [ 118.353308][ T24] 6.16.0-rc3-next-20250625-syzkaller #0 Not tainted [ 118.353335][ T24] ------------------------------------------------------ [ 118.353347][ T24] kworker/1:0/24 is trying to acquire lock: [ 118.353366][ T24] ffff88801a4a10b8 (&buf->lock){+.+.}-{4:4}, at: tty_buffer_flush+0x74/0x2b0 [ 118.353566][ T24] [ 118.353566][ T24] but task is already holding lock: [ 118.353573][ T24] ffffffff8e130200 (console_lock){+.+.}-{0:0}, at: vc_SAK+0x28/0x220 [ 118.353637][ T24] [ 118.353637][ T24] which lock already depends on the new lock. [ 118.353637][ T24] [ 118.353644][ T24] [ 118.353644][ T24] the existing dependency chain (in reverse order) is: [ 118.353652][ T24] [ 118.353652][ T24] -> #3 (console_lock){+.+.}-{0:0}: [ 118.353687][ T24] lock_acquire+0x120/0x360 [ 118.353753][ T24] console_lock+0x164/0x1b0 [ 118.353790][ T24] serial_core_register_port+0xc73/0x2700 [ 118.353821][ T24] serial8250_register_8250_port+0x16db/0x2050 [ 118.353850][ T24] serial_pnp_probe+0x527/0x790 [ 118.353875][ T24] pnp_device_probe+0x30b/0x4c0 [ 118.353915][ T24] really_probe+0x26d/0x9a0 [ 118.353970][ T24] __driver_probe_device+0x18c/0x2f0 [ 118.353992][ T24] driver_probe_device+0x4f/0x430 [ 118.354016][ T24] __driver_attach+0x452/0x700 [ 118.354038][ T24] bus_for_each_dev+0x233/0x2b0 [ 118.354054][ T24] bus_add_driver+0x345/0x640 [ 118.354070][ T24] driver_register+0x23a/0x320 [ 118.354096][ T24] serial8250_init+0xc2/0x1c0 [ 118.354161][ T24] do_one_initcall+0x233/0x820 [ 118.354289][ T24] do_initcall_level+0x137/0x1f0 [ 118.354316][ T24] do_initcalls+0x69/0xd0 [ 118.354333][ T24] kernel_init_freeable+0x3d9/0x570 [ 118.354346][ T24] kernel_init+0x1d/0x1d0 [ 118.354417][ T24] ret_from_fork+0x3fc/0x770 [ 118.354449][ T24] ret_from_fork_asm+0x1a/0x30 [ 118.354463][ T24] [ 118.354463][ T24] -> #2 (&port->mutex){+.+.}-{4:4}: [ 118.354488][ T24] lock_acquire+0x120/0x360 [ 118.354509][ T24] __mutex_lock+0x182/0xe80 [ 118.354536][ T24] uart_set_termios+0x82/0x6f0 [ 118.354564][ T24] tty_set_termios+0xca5/0x17e0 [ 118.354588][ T24] set_termios+0x516/0x6c0 [ 118.354612][ T24] tty_mode_ioctl+0x47e/0x740 [ 118.354640][ T24] tty_ioctl+0x9c3/0xde0 [ 118.354684][ T24] __se_sys_ioctl+0xf9/0x170 [ 118.354734][ T24] do_syscall_64+0xfa/0x3b0 [ 118.354782][ T24] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.354805][ T24] [ 118.354805][ T24] -> #1 (&tty->termios_rwsem){++++}-{4:4}: [ 118.354827][ T24] lock_acquire+0x120/0x360 [ 118.354843][ T24] down_read+0x46/0x2e0 [ 118.354857][ T24] n_tty_receive_buf_common+0x84/0x12f0 [ 118.354873][ T24] tty_port_default_receive_buf+0x6e/0xa0 [ 118.354886][ T24] flush_to_ldisc+0x24a/0x720 [ 118.354897][ T24] process_scheduled_works+0xade/0x17b0 [ 118.354926][ T24] worker_thread+0x8a0/0xda0 [ 118.354944][ T24] kthread+0x711/0x8a0 [ 118.354961][ T24] ret_from_fork+0x3fc/0x770 [ 118.354978][ T24] ret_from_fork_asm+0x1a/0x30 [ 118.354991][ T24] [ 118.354991][ T24] -> #0 (&buf->lock){+.+.}-{4:4}: [ 118.355011][ T24] validate_chain+0xb9b/0x2140 [ 118.355029][ T24] __lock_acquire+0xab9/0xd20 [ 118.355045][ T24] lock_acquire+0x120/0x360 [ 118.355060][ T24] __mutex_lock+0x182/0xe80 [ 118.355078][ T24] tty_buffer_flush+0x74/0x2b0 [ 118.355097][ T24] tty_ldisc_flush+0x6b/0xc0 [ 118.355115][ T24] __do_SAK+0x138/0x6d0 [ 118.355125][ T24] vc_SAK+0x78/0x220 [ 118.355141][ T24] process_scheduled_works+0xade/0x17b0 [ 118.355158][ T24] worker_thread+0x8a0/0xda0 [ 118.355175][ T24] kthread+0x711/0x8a0 [ 118.355186][ T24] ret_from_fork+0x3fc/0x770 [ 118.355202][ T24] ret_from_fork_asm+0x1a/0x30 [ 118.355215][ T24] [ 118.355215][ T24] other info that might help us debug this: [ 118.355215][ T24] [ 118.355220][ T24] Chain exists of: [ 118.355220][ T24] &buf->lock --> &port->mutex --> console_lock [ 118.355220][ T24] [ 118.355249][ T24] Possible unsafe locking scenario: [ 118.355249][ T24] [ 118.355257][ T24] CPU0 CPU1 [ 118.355262][ T24] ---- ---- [ 118.355267][ T24] lock(console_lock); [ 118.355278][ T24] lock(&port->mutex); [ 118.355289][ T24] lock(console_lock); [ 118.355300][ T24] lock(&buf->lock); [ 118.355310][ T24] [ 118.355310][ T24] *** DEADLOCK *** [ 118.355310][ T24] [ 118.355317][ T24] 4 locks held by kworker/1:0/24: [ 118.355334][ T24] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 118.355391][ T24] #1: ffffc900001e7bc0 ((work_completion)(&vc_cons[currcons].SAK_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 118.355460][ T24] #2: ffffffff8e130200 (console_lock){+.+.}-{0:0}, at: vc_SAK+0x28/0x220 [ 118.355501][ T24] #3: ffff88814d6210a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_flush+0x20/0xc0 [ 118.355545][ T24] [ 118.355545][ T24] stack backtrace: [ 118.355563][ T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 PREEMPT(full) [ 118.355583][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.355594][ T24] Workqueue: events vc_SAK [ 118.355620][ T24] Call Trace: [ 118.355630][ T24] [ 118.355640][ T24] dump_stack_lvl+0x189/0x250 [ 118.355671][ T24] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.355697][ T24] ? __pfx__printk+0x10/0x10 [ 118.355722][ T24] ? print_lock_name+0xde/0x100 [ 118.355739][ T24] print_circular_bug+0x2ee/0x310 [ 118.355764][ T24] check_noncircular+0x134/0x160 [ 118.355789][ T24] validate_chain+0xb9b/0x2140 [ 118.355822][ T24] __lock_acquire+0xab9/0xd20 [ 118.355842][ T24] ? tty_buffer_flush+0x74/0x2b0 [ 118.355864][ T24] lock_acquire+0x120/0x360 [ 118.355882][ T24] ? tty_buffer_flush+0x74/0x2b0 [ 118.355910][ T24] __mutex_lock+0x182/0xe80 [ 118.355931][ T24] ? tty_buffer_flush+0x74/0x2b0 [ 118.355953][ T24] ? __lock_acquire+0xab9/0xd20 [ 118.355974][ T24] ? tty_buffer_flush+0x74/0x2b0 [ 118.355997][ T24] ? __pfx___mutex_lock+0x10/0x10 [ 118.356018][ T24] ? do_raw_spin_lock+0x121/0x290 [ 118.356036][ T24] ? ldsem_down_read_trylock+0x137/0x1a0 [ 118.356053][ T24] ? tty_ldisc_flush+0x20/0xc0 [ 118.356073][ T24] ? __pfx_ldsem_down_read_trylock+0x10/0x10 [ 118.356092][ T24] tty_buffer_flush+0x74/0x2b0 [ 118.356117][ T24] tty_ldisc_flush+0x6b/0xc0 [ 118.356139][ T24] __do_SAK+0x138/0x6d0 [ 118.356155][ T24] vc_SAK+0x78/0x220 [ 118.356186][ T24] ? process_scheduled_works+0x9ef/0x17b0 [ 118.356207][ T24] process_scheduled_works+0xade/0x17b0 [ 118.356237][ T24] ? __pfx_process_scheduled_works+0x10/0x10 [ 118.356263][ T24] worker_thread+0x8a0/0xda0 [ 118.356293][ T24] kthread+0x711/0x8a0 [ 118.356308][ T24] ? __pfx_worker_thread+0x10/0x10 [ 118.356332][ T24] ? __pfx_kthread+0x10/0x10 [ 118.356347][ T24] ? _raw_spin_unlock_irq+0x23/0x50 [ 118.356366][ T24] ? lockdep_hardirqs_on+0x9c/0x150 [ 118.356386][ T24] ? __pfx_kthread+0x10/0x10 [ 118.356400][ T24] ret_from_fork+0x3fc/0x770 [ 118.356420][ T24] ? __pfx_ret_from_fork+0x10/0x10 [ 118.356442][ T24] ? __switch_to_asm+0x39/0x70 [ 118.356456][ T24] ? __switch_to_asm+0x33/0x70 [ 118.356469][ T24] ? __pfx_kthread+0x10/0x10 [ 118.356483][ T24] ret_from_fork_asm+0x1a/0x30 [ 118.356504][ T24] [ 288.483045][ T31] INFO: task kworker/1:0:24 blocked for more than 143 seconds. [ 288.483190][ T31] Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 [ 288.483205][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 288.483212][ T31] task:kworker/1:0 state:D stack:25704 pid:24 tgid:24 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 288.483305][ T31] Workqueue: events vc_SAK [ 288.483412][ T31] Call Trace: [ 288.483419][ T31] [ 288.483430][ T31] __schedule+0x16f5/0x4d00 [ 288.483466][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 288.483489][ T31] ? schedule+0x165/0x360 [ 288.483507][ T31] ? __pfx___schedule+0x10/0x10 [ 288.483525][ T31] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 288.483545][ T31] ? lock_release+0x4b/0x3e0 [ 288.483576][ T31] ? rcu_is_watching+0x15/0xb0 [ 288.483613][ T31] schedule+0x165/0x360 [ 288.483631][ T31] schedule_preempt_disabled+0x13/0x30 [ 288.483649][ T31] __mutex_lock+0x724/0xe80 [ 288.483668][ T31] ? __lock_acquire+0xab9/0xd20 [ 288.483685][ T31] ? __mutex_lock+0x51b/0xe80 [ 288.483705][ T31] ? tty_buffer_flush+0x74/0x2b0 [ 288.483748][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 288.483768][ T31] ? do_raw_spin_lock+0x121/0x290 [ 288.483785][ T31] ? ldsem_down_read_trylock+0x137/0x1a0 [ 288.483801][ T31] ? tty_ldisc_flush+0x20/0xc0 [ 288.483821][ T31] ? __pfx_ldsem_down_read_trylock+0x10/0x10 [ 288.483839][ T31] tty_buffer_flush+0x74/0x2b0 [ 288.483864][ T31] tty_ldisc_flush+0x6b/0xc0 [ 288.483885][ T31] __do_SAK+0x138/0x6d0 [ 288.483901][ T31] vc_SAK+0x78/0x220 [ 288.483920][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 288.483942][ T31] process_scheduled_works+0xade/0x17b0 [ 288.483971][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 288.483995][ T31] worker_thread+0x8a0/0xda0 [ 288.484023][ T31] kthread+0x711/0x8a0 [ 288.484039][ T31] ? __pfx_worker_thread+0x10/0x10 [ 288.484073][ T31] ? __pfx_kthread+0x10/0x10 [ 288.484087][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 288.484124][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.484152][ T31] ? __pfx_kthread+0x10/0x10 [ 288.484167][ T31] ret_from_fork+0x3fc/0x770 [ 288.484192][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 288.484226][ T31] ? __switch_to_asm+0x39/0x70 [ 288.484245][ T31] ? __switch_to_asm+0x33/0x70 [ 288.484259][ T31] ? __pfx_kthread+0x10/0x10 [ 288.484274][ T31] ret_from_fork_asm+0x1a/0x30 [ 288.484296][ T31] [ 288.484600][ T31] INFO: task kworker/1:2:3079 blocked for more than 143 seconds. [ 288.484612][ T31] Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 [ 288.484622][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 288.484630][ T31] task:kworker/1:2 state:D stack:27816 pid:3079 tgid:3079 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 288.484683][ T31] Workqueue: events console_callback [ 288.484707][ T31] Call Trace: [ 288.484713][ T31] [ 288.484721][ T31] __schedule+0x16f5/0x4d00 [ 288.484746][ T31] ? do_raw_spin_lock+0x121/0x290 [ 288.484762][ T31] ? schedule+0x165/0x360 [ 288.484784][ T31] ? __pfx___schedule+0x10/0x10 [ 288.484809][ T31] ? schedule+0x91/0x360 [ 288.484829][ T31] schedule+0x165/0x360 [ 288.484854][ T31] schedule_timeout+0x9a/0x270 [ 288.484872][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 288.484894][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 288.484914][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.484936][ T31] __down_common+0x319/0x6a0 [ 288.484954][ T31] ? __pfx___down_common+0x10/0x10 [ 288.484968][ T31] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 288.484992][ T31] down+0x80/0xd0 [ 288.485022][ T31] console_lock+0x145/0x1b0 [ 288.485052][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 288.485073][ T31] console_callback+0x69/0x440 [ 288.485097][ T31] ? __pfx_console_callback+0x10/0x10 [ 288.485120][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 288.485140][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 288.485161][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 288.485183][ T31] process_scheduled_works+0xade/0x17b0 [ 288.485219][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 288.485259][ T31] worker_thread+0x8a0/0xda0 [ 288.485281][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 288.485305][ T31] ? __kthread_parkme+0x7b/0x200 [ 288.485330][ T31] kthread+0x711/0x8a0 [ 288.485350][ T31] ? __pfx_worker_thread+0x10/0x10 [ 288.485374][ T31] ? __pfx_kthread+0x10/0x10 [ 288.485389][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 288.485408][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.485428][ T31] ? __pfx_kthread+0x10/0x10 [ 288.485446][ T31] ret_from_fork+0x3fc/0x770 [ 288.485467][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 288.485509][ T31] ? __switch_to_asm+0x39/0x70 [ 288.485525][ T31] ? __switch_to_asm+0x33/0x70 [ 288.485540][ T31] ? __pfx_kthread+0x10/0x10 [ 288.485555][ T31] ret_from_fork_asm+0x1a/0x30 [ 288.485577][ T31] [ 288.485605][ T31] INFO: task kworker/u8:8:3484 blocked for more than 143 seconds. [ 288.485616][ T31] Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 [ 288.485625][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 288.485633][ T31] task:kworker/u8:8 state:D stack:22472 pid:3484 tgid:3484 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 288.485682][ T31] Workqueue: events_unbound flush_to_ldisc [ 288.485697][ T31] Call Trace: [ 288.485703][ T31] [ 288.485711][ T31] __schedule+0x16f5/0x4d00 [ 288.485731][ T31] ? arch_stack_walk+0x11c/0x150 [ 288.485769][ T31] ? schedule+0x165/0x360 [ 288.485789][ T31] ? __lock_acquire+0xab9/0xd20 [ 288.485808][ T31] ? __pfx___schedule+0x10/0x10 [ 288.485834][ T31] ? schedule+0x91/0x360 [ 288.485855][ T31] schedule+0x165/0x360 [ 288.485883][ T31] schedule_timeout+0x9a/0x270 [ 288.485901][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 288.485923][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 288.485943][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.485965][ T31] __down_common+0x319/0x6a0 [ 288.485983][ T31] ? __pfx___down_common+0x10/0x10 [ 288.485996][ T31] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 288.486018][ T31] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 288.486044][ T31] down+0x80/0xd0 [ 288.486067][ T31] console_lock+0x145/0x1b0 [ 288.486092][ T31] con_flush_chars+0x70/0x280 [ 288.486116][ T31] ? __pfx_con_flush_chars+0x10/0x10 [ 288.486140][ T31] n_tty_receive_buf_common+0xc8b/0x12f0 [ 288.486172][ T31] tty_port_default_receive_buf+0x6e/0xa0 [ 288.486189][ T31] flush_to_ldisc+0x24a/0x720 [ 288.486214][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 288.486236][ T31] process_scheduled_works+0xade/0x17b0 [ 288.486271][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 288.486298][ T31] worker_thread+0x8a0/0xda0 [ 288.486321][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 288.486345][ T31] ? __kthread_parkme+0x7b/0x200 [ 288.486371][ T31] kthread+0x711/0x8a0 [ 288.486387][ T31] ? __pfx_worker_thread+0x10/0x10 [ 288.486408][ T31] ? __pfx_kthread+0x10/0x10 [ 288.486424][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 288.486443][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.486464][ T31] ? __pfx_kthread+0x10/0x10 [ 288.486479][ T31] ret_from_fork+0x3fc/0x770 [ 288.486501][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 288.486523][ T31] ? __switch_to_asm+0x39/0x70 [ 288.486538][ T31] ? __switch_to_asm+0x33/0x70 [ 288.486553][ T31] ? __pfx_kthread+0x10/0x10 [ 288.486568][ T31] ret_from_fork_asm+0x1a/0x30 [ 288.486590][ T31] [ 288.486642][ T31] INFO: task syz-executor385:5847 blocked for more than 143 seconds. [ 288.486651][ T31] Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 [ 288.486659][ T31] Blocked by coredump. [ 288.486664][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 288.486670][ T31] task:syz-executor385 state:D stack:26344 pid:5847 tgid:5847 ppid:5846 task_flags:0x40014c flags:0x00004002 [ 288.486711][ T31] Call Trace: [ 288.486716][ T31] [ 288.486723][ T31] __schedule+0x16f5/0x4d00 [ 288.486743][ T31] ? is_bpf_text_address+0x292/0x2b0 [ 288.486778][ T31] ? rcu_is_watching+0x15/0xb0 [ 288.486797][ T31] ? schedule+0x165/0x360 [ 288.486822][ T31] ? __pfx___schedule+0x10/0x10 [ 288.486843][ T31] ? schedule+0x91/0x360 [ 288.486859][ T31] ? rcu_is_watching+0x15/0xb0 [ 288.486879][ T31] ? lock_release+0x4b/0x3e0 [ 288.486897][ T31] schedule+0x165/0x360 [ 288.486914][ T31] schedule_timeout+0x9a/0x270 [ 288.486929][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 288.486946][ T31] ? rcu_is_watching+0x15/0xb0 [ 288.486966][ T31] ? rcu_is_watching+0x15/0xb0 [ 288.486985][ T31] __ldsem_down_write_nested+0x304/0x730 [ 288.487003][ T31] ? __ldsem_down_write_nested+0x27a/0x730 [ 288.487018][ T31] ? tty_ldisc_release+0x110/0x200 [ 288.487038][ T31] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 288.487054][ T31] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 288.487075][ T31] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 288.487097][ T31] tty_ldisc_release+0x110/0x200 [ 288.487118][ T31] tty_release_struct+0x2a/0xd0 [ 288.487140][ T31] tty_release+0xcb0/0x1640 [ 288.487163][ T31] ? evm_file_release+0x108/0x1e0 [ 288.487213][ T31] ? __pfx_tty_release+0x10/0x10 [ 288.487231][ T31] __fput+0x449/0xa70 [ 288.487258][ T31] task_work_run+0x1d4/0x260 [ 288.487274][ T31] ? __pfx_task_work_run+0x10/0x10 [ 288.487291][ T31] do_exit+0x6b5/0x2300 [ 288.487315][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 288.487330][ T31] ? __pfx_do_exit+0x10/0x10 [ 288.487343][ T31] ? rcu_is_watching+0x15/0xb0 [ 288.487363][ T31] ? rcu_is_watching+0x15/0xb0 [ 288.487382][ T31] do_group_exit+0x21c/0x2d0 [ 288.487398][ T31] __x64_sys_exit_group+0x3f/0x40 [ 288.487412][ T31] x64_sys_call+0x21ba/0x21c0 [ 288.487425][ T31] do_syscall_64+0xfa/0x3b0 [ 288.487448][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.487463][ T31] ? clear_bhb_loop+0x60/0xb0 [ 288.487479][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.487520][ T31] RIP: 0033:0x7f591253dd89 [ 288.487536][ T31] RSP: 002b:00007fff1a6b6c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 288.487554][ T31] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f591253dd89 [ 288.487564][ T31] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 288.487573][ T31] RBP: 00007f59125b9390 R08: ffffffffffffffb8 R09: 0000000000000006 [ 288.487583][ T31] R10: 000000000000000f R11: 0000000000000246 R12: 00007f59125b9390 [ 288.487592][ T31] R13: 0000000000000000 R14: 00007f59125b9de0 R15: 00007f591250c020 [ 288.487607][ T31] [ 288.487617][ T31] INFO: lockdep is turned off. [ 288.487648][ T31] NMI backtrace for cpu 1 [ 288.487689][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 PREEMPT(full) [ 288.487722][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 288.487731][ T31] Call Trace: [ 288.487741][ T31] [ 288.487746][ T31] dump_stack_lvl+0x189/0x250 [ 288.487768][ T31] ? __wake_up_klogd+0xd9/0x110 [ 288.487782][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.487802][ T31] ? __pfx__printk+0x10/0x10 [ 288.487818][ T31] ? show_trace_log_lvl+0x4fb/0x550 [ 288.487846][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 288.487867][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 288.487882][ T31] ? _printk+0xcf/0x120 [ 288.487894][ T31] ? put_task_stack+0xf1/0x210 [ 288.487920][ T31] ? __pfx__printk+0x10/0x10 [ 288.487934][ T31] ? lock_release+0x4b/0x3e0 [ 288.487949][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 288.487973][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 288.487990][ T31] watchdog+0xfee/0x1030 [ 288.488020][ T31] ? watchdog+0x1de/0x1030 [ 288.488037][ T31] kthread+0x711/0x8a0 [ 288.488050][ T31] ? __pfx_watchdog+0x10/0x10 [ 288.488064][ T31] ? __pfx_kthread+0x10/0x10 [ 288.488077][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 288.488094][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.488112][ T31] ? __pfx_kthread+0x10/0x10 [ 288.488124][ T31] ret_from_fork+0x3fc/0x770 [ 288.488143][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 288.488162][ T31] ? __switch_to_asm+0x39/0x70 [ 288.488175][ T31] ? __switch_to_asm+0x33/0x70 [ 288.488187][ T31] ? __pfx_kthread+0x10/0x10 [ 288.488204][ T31] ret_from_fork_asm+0x1a/0x30 [ 288.488223][ T31] [ 288.488228][ T31] Sending NMI from CPU 1 to CPUs 0: [ 288.488296][ C0] NMI backtrace for cpu 0 [ 288.488335][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 PREEMPT(full) [ 288.488353][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 288.488362][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 288.488389][ C0] Code: 43 dd 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d a3 89 19 00 f3 0f 1e fa fb f4 18 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 288.488407][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c6 [ 288.488421][ C0] RAX: 5c6830114ac63f00 RBX: ffffffff8196c478 RCX: 5c6830114ac63f00 [ 288.488433][ C0] RDX: 0000000000000001 RSI: ffffffff8be31c60 RDI: ffffffff8196c478 [ 288.488451][ C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3 [ 288.488463][ C0] R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fa18d30 [ 288.488474][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50 [ 288.488484][ C0] FS: 0000000000000000(0000) GS:ffff888125c21000(0000) knlGS:0000000000000000 [ 288.488497][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 288.488507][ C0] CR2: 0000558ffe5d0168 CR3: 000000000df36000 CR4: 00000000003526f0 [ 288.488520][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 288.488529][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 288.488539][ C0] Call Trace: [ 288.488549][ C0] [ 288.488554][ C0] default_idle+0x13/0x20 [ 288.488568][ C0] default_idle_call+0x74/0xb0 [ 288.488582][ C0] do_idle+0x1e8/0x510 [ 288.488617][ C0] ? __pfx_do_idle+0x10/0x10 [ 288.488641][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.488663][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 288.488682][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 288.488704][ C0] cpu_startup_entry+0x44/0x60 [ 288.488726][ C0] rest_init+0x2de/0x300 [ 288.488741][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 288.488773][ C0] start_kernel+0x47d/0x500 [ 288.488793][ C0] x86_64_start_reservations+0x24/0x30 [ 288.488813][ C0] x86_64_start_kernel+0x143/0x1c0 [ 288.488833][ C0] common_startup_64+0x13e/0x147 [ 288.488864][ C0] [ 288.489276][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 288.489295][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 PREEMPT(full) [ 288.489316][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 288.489327][ T31] Call Trace: [ 288.489334][ T31] [ 288.489341][ T31] dump_stack_lvl+0x99/0x250 [ 288.489374][ T31] ? __asan_memcpy+0x40/0x70 [ 288.489420][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.489447][ T31] ? __pfx__printk+0x10/0x10 [ 288.489471][ T31] panic+0x2db/0x790 [ 288.489497][ T31] ? __pfx_panic+0x10/0x10 [ 288.489521][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 288.489556][ T31] ? irq_work_queue+0xc3/0x140 [ 288.489582][ T31] watchdog+0x102d/0x1030 [ 288.489605][ T31] ? watchdog+0x1de/0x1030 [ 288.489629][ T31] kthread+0x711/0x8a0 [ 288.489648][ T31] ? __pfx_watchdog+0x10/0x10 [ 288.489666][ T31] ? __pfx_kthread+0x10/0x10 [ 288.489681][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 288.489703][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 288.489724][ T31] ? __pfx_kthread+0x10/0x10 [ 288.489740][ T31] ret_from_fork+0x3fc/0x770 [ 288.489771][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 288.489799][ T31] ? __switch_to_asm+0x39/0x70 [ 288.489817][ T31] ? __switch_to_asm+0x33/0x70 [ 288.489834][ T31] ? __pfx_kthread+0x10/0x10 [ 288.489852][ T31] ret_from_fork_asm+0x1a/0x30 [ 288.489878][ T31] [ 288.490351][ T31] Kernel Offset: disabled