./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2517355274 <...> Warning: Permanently added '10.128.1.79' (ED25519) to the list of known hosts. execve("./syz-executor2517355274", ["./syz-executor2517355274"], 0x7ffff222b510 /* 10 vars */) = 0 brk(NULL) = 0x55556f8d0000 brk(0x55556f8d0d00) = 0x55556f8d0d00 arch_prctl(ARCH_SET_FS, 0x55556f8d0380) = 0 set_tid_address(0x55556f8d0650) = 5877 set_robust_list(0x55556f8d0660, 24) = 0 rseq(0x55556f8d0ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2517355274", 4096) = 28 getrandom("\xef\x07\x8f\xf1\xb4\xb6\x2b\x04", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556f8d0d00 brk(0x55556f8f1d00) = 0x55556f8f1d00 brk(0x55556f8f2000) = 0x55556f8f2000 mprotect(0x7f5c780fe000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached , child_tidptr=0x55556f8d0650) = 5878 [pid 5878] set_robust_list(0x55556f8d0660, 24) = 0 [pid 5877] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5878] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5879 attached ./strace-static-x86_64: Process 5880 attached [pid 5877] <... clone resumed>, child_tidptr=0x55556f8d0650) = 5880 [pid 5879] set_robust_list(0x55556f8d0660, 24 [pid 5878] <... clone resumed>, child_tidptr=0x55556f8d0650) = 5879 [pid 5880] set_robust_list(0x55556f8d0660, 24 [pid 5877] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5879] <... set_robust_list resumed>) = 0 [pid 5880] <... set_robust_list resumed>) = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 5881 attached [pid 5880] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5877] <... clone resumed>, child_tidptr=0x55556f8d0650) = 5881 [pid 5881] set_robust_list(0x55556f8d0660, 24 [pid 5879] setpgid(0, 0 [pid 5877] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5882 attached [pid 5881] <... set_robust_list resumed>) = 0 [pid 5879] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 5883 attached [pid 5882] set_robust_list(0x55556f8d0660, 24 [pid 5881] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5880] <... clone resumed>, child_tidptr=0x55556f8d0650) = 5882 [pid 5877] <... clone resumed>, child_tidptr=0x55556f8d0650) = 5883 [pid 5883] set_robust_list(0x55556f8d0660, 24) = 0 [pid 5883] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5884 attached [pid 5882] <... set_robust_list resumed>) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5882] setpgid(0, 0) = 0 [pid 5879] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5885 attached [pid 5884] set_robust_list(0x55556f8d0660, 24 [pid 5885] set_robust_list(0x55556f8d0660, 24 [pid 5884] <... set_robust_list resumed>) = 0 [pid 5881] <... clone resumed>, child_tidptr=0x55556f8d0650) = 5884 [pid 5879] write(3, "1000", 4 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5885] <... set_robust_list resumed>) = 0 [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5884] <... prctl resumed>) = 0 [pid 5883] <... clone resumed>, child_tidptr=0x55556f8d0650) = 5885 [pid 5879] <... write resumed>) = 4 [pid 5884] setpgid(0, 0 [pid 5879] close(3 [pid 5885] <... prctl resumed>) = 0 [pid 5884] <... setpgid resumed>) = 0 [pid 5879] <... close resumed>) = 0 [pid 5885] setpgid(0, 0 [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5882] <... openat resumed>) = 3 [pid 5879] write(1, "executing program\n", 18executing program [pid 5885] <... setpgid resumed>) = 0 [pid 5884] <... openat resumed>) = 3 [pid 5879] <... write resumed>) = 18 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5882] write(3, "1000", 4 [pid 5884] write(3, "1000", 4 [pid 5882] <... write resumed>) = 4 [pid 5884] <... write resumed>) = 4 [pid 5882] close(3 [pid 5885] <... openat resumed>) = 3 [pid 5879] openat(AT_FDCWD, "/dev/comedi3", O_RDONLY|O_APPEND [pid 5885] write(3, "1000", 4 [pid 5884] close(3 [pid 5882] <... close resumed>) = 0 [pid 5884] <... close resumed>) = 0 [pid 5882] write(1, "executing program\n", 18executing program [pid 5885] <... write resumed>) = 4 [pid 5884] write(1, "executing program\n", 18 [pid 5882] <... write resumed>) = 18 executing program [pid 5879] <... openat resumed>) = 3 [pid 5885] close(3 [pid 5884] <... write resumed>) = 18 [pid 5882] openat(AT_FDCWD, "/dev/comedi3", O_RDONLY|O_APPEND [pid 5879] ioctl(3, COMEDI_DEVCONFIG [pid 5885] <... close resumed>) = 0 [pid 5884] openat(AT_FDCWD, "/dev/comedi3", O_RDONLY|O_APPEND executing program [pid 5885] write(1, "executing program\n", 18) = 18 [pid 5885] openat(AT_FDCWD, "/dev/comedi3", O_RDONLY|O_APPEND [pid 5878] kill(-5879, SIGKILL) = 0 [pid 5878] kill(5879, SIGKILL) = 0 [pid 5880] kill(-5882, SIGKILL) = 0 [pid 5880] kill(5882, SIGKILL) = 0 [pid 5883] kill(-5885, SIGKILL [pid 5881] kill(-5884, SIGKILL [pid 5883] <... kill resumed>) = 0 [pid 5881] <... kill resumed>) = 0 [pid 5881] kill(5884, SIGKILL [pid 5883] kill(5885, SIGKILL [pid 5881] <... kill resumed>) = 0 [pid 5883] <... kill resumed>) = 0 [pid 5880] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5878] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5883] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5878] <... openat resumed>) = 3 [pid 5883] newfstatat(3, "", [pid 5880] <... openat resumed>) = 3 [pid 5883] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5880] newfstatat(3, "", [pid 5883] getdents64(3, [pid 5880] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5878] newfstatat(3, "", [pid 5881] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5880] getdents64(3, [pid 5881] <... openat resumed>) = 3 [pid 5878] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5883] <... getdents64 resumed>0x55556f8d16f0 /* 2 entries */, 32768) = 48 [pid 5880] <... getdents64 resumed>0x55556f8d16f0 /* 2 entries */, 32768) = 48 [pid 5878] getdents64(3, [pid 5883] getdents64(3, [pid 5881] newfstatat(3, "", [pid 5883] <... getdents64 resumed>0x55556f8d16f0 /* 0 entries */, 32768) = 0 [pid 5881] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5883] close(3 [pid 5881] getdents64(3, [pid 5883] <... close resumed>) = 0 [pid 5880] getdents64(3, [pid 5878] <... getdents64 resumed>0x55556f8d16f0 /* 2 entries */, 32768) = 48 [pid 5881] <... getdents64 resumed>0x55556f8d16f0 /* 2 entries */, 32768) = 48 [pid 5880] <... getdents64 resumed>0x55556f8d16f0 /* 0 entries */, 32768) = 0 [pid 5878] getdents64(3, [pid 5881] getdents64(3, [pid 5880] close(3 [pid 5878] <... getdents64 resumed>0x55556f8d16f0 /* 0 entries */, 32768) = 0 [pid 5881] <... getdents64 resumed>0x55556f8d16f0 /* 0 entries */, 32768) = 0 [pid 5880] <... close resumed>) = 0 [pid 5878] close(3 [pid 5881] close(3) = 0 [pid 5878] <... close resumed>) = 0 [ 430.279731][ T31] INFO: task syz-executor251:5882 blocked for more than 143 seconds. [ 430.290699][ T31] Not tainted 6.16.0-next-20250731-syzkaller #0 [ 430.298736][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 430.309923][ T31] task:syz-executor251 state:D stack:28040 pid:5882 tgid:5882 ppid:5880 task_flags:0x400040 flags:0x00004006 [ 430.325836][ T31] Call Trace: [ 430.329913][ T31] [ 430.333228][ T31] __schedule+0x1798/0x4cc0 [ 430.338135][ T31] ? __lock_acquire+0xab9/0xd20 [ 430.346387][ T31] ? __lock_acquire+0xab9/0xd20 [ 430.352167][ T31] ? __pfx___schedule+0x10/0x10 [ 430.358739][ T31] ? schedule+0x91/0x360 [ 430.365659][ T31] schedule+0x165/0x360 [ 430.370869][ T31] schedule_preempt_disabled+0x13/0x30 [ 430.380025][ T31] __mutex_lock+0x7e6/0x1360 [ 430.385014][ T31] ? __mutex_lock+0x5b6/0x1360 [ 430.392348][ T31] ? comedi_open+0xc0/0x590 [ 430.397867][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 430.404815][ T31] ? __kasan_kmalloc+0x93/0xb0 [ 430.411674][ T31] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 430.418193][ T31] ? comedi_open+0x8b/0x590 [ 430.423783][ T31] comedi_open+0xc0/0x590 [ 430.428704][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 430.436400][ T31] chrdev_open+0x4c9/0x5e0 [ 430.442598][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 430.448138][ T31] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 430.455446][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 430.462425][ T31] do_dentry_open+0x953/0x13f0 [ 430.468727][ T31] vfs_open+0x3b/0x340 [ 430.473505][ T31] ? path_openat+0x2ecd/0x3830 [ 430.480233][ T31] path_openat+0x2ee5/0x3830 [ 430.485950][ T31] ? arch_stack_walk+0xfc/0x150 [ 430.491697][ T31] ? stack_depot_save_flags+0x40/0x860 [ 430.498217][ T31] ? __pfx_path_openat+0x10/0x10 [ 430.504276][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.510990][ T31] do_filp_open+0x1fa/0x410 [ 430.515664][ T31] ? __lock_acquire+0xab9/0xd20 [ 430.521689][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 430.527685][ T31] ? _raw_spin_unlock+0x28/0x50 [ 430.533816][ T31] ? alloc_fd+0x64c/0x6c0 [ 430.538793][ T31] do_sys_openat2+0x121/0x1c0 [ 430.545582][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 430.551815][ T31] __x64_sys_openat+0x138/0x170 [ 430.556991][ T31] do_syscall_64+0xfa/0x3b0 [ 430.562482][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 430.568834][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.575828][ T31] ? clear_bhb_loop+0x60/0xb0 [ 430.581596][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.588849][ T31] RIP: 0033:0x7f5c7808bc29 [ 430.594297][ T31] RSP: 002b:00007ffdd7868978 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 430.603446][ T31] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5c7808bc29 [ 430.612072][ T31] RDX: 0000000000000400 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 430.620661][ T31] RBP: 00000000000f4240 R08: 0000000000000000 R09: 00000000000000a0 [ 430.628968][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 430.638596][ T31] R13: 00007ffdd7868b98 R14: 00007ffdd78689a0 R15: 00007ffdd7868990 [ 430.647511][ T31] [ 430.651775][ T31] INFO: task syz-executor251:5884 blocked for more than 143 seconds. [ 430.660372][ T31] Not tainted 6.16.0-next-20250731-syzkaller #0 [ 430.667266][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 430.676511][ T31] task:syz-executor251 state:D stack:26808 pid:5884 tgid:5884 ppid:5881 task_flags:0x400040 flags:0x00004006 [ 430.689367][ T31] Call Trace: [ 430.692883][ T31] [ 430.695956][ T31] __schedule+0x1798/0x4cc0 [ 430.700909][ T31] ? __lock_acquire+0xab9/0xd20 [ 430.705921][ T31] ? __lock_acquire+0xab9/0xd20 [ 430.711747][ T31] ? __pfx___schedule+0x10/0x10 [ 430.716779][ T31] ? schedule+0x91/0x360 [ 430.721601][ T31] schedule+0x165/0x360 [ 430.725956][ T31] schedule_preempt_disabled+0x13/0x30 [ 430.732191][ T31] __mutex_lock+0x7e6/0x1360 [ 430.737055][ T31] ? __mutex_lock+0x5b6/0x1360 [ 430.742685][ T31] ? comedi_open+0xc0/0x590 [ 430.747316][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 430.753494][ T31] ? __kasan_kmalloc+0x93/0xb0 [ 430.758543][ T31] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 430.765788][ T31] ? comedi_open+0x8b/0x590 [ 430.771090][ T31] comedi_open+0xc0/0x590 [ 430.776852][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 430.783599][ T31] chrdev_open+0x4c9/0x5e0 [ 430.788354][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 430.794442][ T31] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 430.801600][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 430.808152][ T31] do_dentry_open+0x953/0x13f0 [ 430.813807][ T31] vfs_open+0x3b/0x340 [ 430.818683][ T31] ? path_openat+0x2ecd/0x3830 [ 430.825368][ T31] path_openat+0x2ee5/0x3830 [ 430.831881][ T31] ? arch_stack_walk+0xfc/0x150 [ 430.838149][ T31] ? stack_depot_save_flags+0x40/0x860 [ 430.845229][ T31] ? __pfx_path_openat+0x10/0x10 [ 430.850923][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.858437][ T31] do_filp_open+0x1fa/0x410 [ 430.864487][ T31] ? __lock_acquire+0xab9/0xd20 [ 430.872155][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 430.877740][ T31] ? _raw_spin_unlock+0x28/0x50 [ 430.883666][ T31] ? alloc_fd+0x64c/0x6c0 [ 430.888210][ T31] do_sys_openat2+0x121/0x1c0 [ 430.895243][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 430.902127][ T31] __x64_sys_openat+0x138/0x170 [ 430.908125][ T31] do_syscall_64+0xfa/0x3b0 [ 430.914540][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 430.920959][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.927176][ T31] ? clear_bhb_loop+0x60/0xb0 [ 430.932685][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.940661][ T31] RIP: 0033:0x7f5c7808bc29 [ 430.948026][ T31] RSP: 002b:00007ffdd7868978 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 430.958950][ T31] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5c7808bc29 [ 430.968651][ T31] RDX: 0000000000000400 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 430.977818][ T31] RBP: 00000000000f4240 R08: 0000000000000000 R09: 00000000000000a0 [ 430.987773][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 430.996811][ T31] R13: 00007ffdd7868b98 R14: 00007ffdd78689a0 R15: 00007ffdd7868990 [ 431.006695][ T31] [ 431.011074][ T31] INFO: task syz-executor251:5885 blocked for more than 144 seconds. [ 431.021678][ T31] Not tainted 6.16.0-next-20250731-syzkaller #0 [ 431.029221][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 431.039017][ T31] task:syz-executor251 state:D stack:28040 pid:5885 tgid:5885 ppid:5883 task_flags:0x400040 flags:0x00004006 [ 431.054605][ T31] Call Trace: [ 431.058096][ T31] [ 431.061618][ T31] __schedule+0x1798/0x4cc0 [ 431.067132][ T31] ? __lock_acquire+0xab9/0xd20 [ 431.072659][ T31] ? __lock_acquire+0xab9/0xd20 [ 431.080022][ T31] ? __pfx___schedule+0x10/0x10 [ 431.085495][ T31] ? schedule+0x91/0x360 [ 431.092448][ T31] schedule+0x165/0x360 [ 431.097763][ T31] schedule_preempt_disabled+0x13/0x30 [ 431.105873][ T31] __mutex_lock+0x7e6/0x1360 [ 431.112054][ T31] ? __mutex_lock+0x5b6/0x1360 [ 431.118353][ T31] ? comedi_open+0xc0/0x590 [ 431.124025][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 431.132069][ T31] ? __kasan_kmalloc+0x93/0xb0 [ 431.137675][ T31] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 431.144680][ T31] ? comedi_open+0x8b/0x590 [ 431.150429][ T31] comedi_open+0xc0/0x590 [ 431.155345][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 431.162861][ T31] chrdev_open+0x4c9/0x5e0 [ 431.167577][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 431.173952][ T31] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 431.183709][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 431.189041][ T31] do_dentry_open+0x953/0x13f0 [ 431.194978][ T31] vfs_open+0x3b/0x340 [ 431.200468][ T31] ? path_openat+0x2ecd/0x3830 [ 431.205382][ T31] path_openat+0x2ee5/0x3830 [ 431.212283][ T31] ? arch_stack_walk+0xfc/0x150 [ 431.217907][ T31] ? stack_depot_save_flags+0x40/0x860 [ 431.225382][ T31] ? __pfx_path_openat+0x10/0x10 [ 431.231236][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.237709][ T31] do_filp_open+0x1fa/0x410 [ 431.243641][ T31] ? __lock_acquire+0xab9/0xd20 [ 431.249920][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 431.255422][ T31] ? _raw_spin_unlock+0x28/0x50 [ 431.261228][ T31] ? alloc_fd+0x64c/0x6c0 [ 431.265862][ T31] do_sys_openat2+0x121/0x1c0 [ 431.271486][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 431.277388][ T31] __x64_sys_openat+0x138/0x170 [ 431.283353][ T31] do_syscall_64+0xfa/0x3b0 [ 431.288371][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 431.294292][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.300773][ T31] ? clear_bhb_loop+0x60/0xb0 [ 431.305616][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.312973][ T31] RIP: 0033:0x7f5c7808bc29 [ 431.317553][ T31] RSP: 002b:00007ffdd7868978 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 431.326912][ T31] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5c7808bc29 [ 431.335515][ T31] RDX: 0000000000000400 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 431.344157][ T31] RBP: 00000000000f4240 R08: 0000000000000000 R09: 00000000000000a0 [ 431.352945][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 431.361670][ T31] R13: 00007ffdd7868b98 R14: 00007ffdd78689a0 R15: 00007ffdd7868990 [ 431.370903][ T31] [ 431.374031][ T31] [ 431.374031][ T31] Showing all locks held in the system: [ 431.382925][ T31] 1 lock held by khungtaskd/31: [ 431.388015][ T31] #0: ffffffff8e539f20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 431.398747][ T31] 2 locks held by getty/5607: [ 431.404189][ T31] #0: ffff88803017b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 431.414782][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 431.426207][ T31] 2 locks held by syz-executor251/5879: [ 431.432293][ T31] 1 lock held by syz-executor251/5882: [ 431.437907][ T31] #0: ffff88802f3110f8 (&dev->mutex#4){+.+.}-{4:4}, at: comedi_open+0xc0/0x590 [ 431.448888][ T31] 1 lock held by syz-executor251/5884: [ 431.455073][ T31] #0: ffff88802f3110f8 (&dev->mutex#4){+.+.}-{4:4}, at: comedi_open+0xc0/0x590 [ 431.465107][ T31] 1 lock held by syz-executor251/5885: [ 431.471243][ T31] #0: ffff88802f3110f8 (&dev->mutex#4){+.+.}-{4:4}, at: comedi_open+0xc0/0x590 [ 431.481115][ T31] [ 431.483566][ T31] ============================================= [ 431.483566][ T31] [ 431.493259][ T31] NMI backtrace for cpu 0 [ 431.493300][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 431.493329][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 431.493345][ T31] Call Trace: [ 431.493356][ T31] [ 431.493366][ T31] dump_stack_lvl+0x189/0x250 [ 431.493412][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 431.493448][ T31] ? __pfx__printk+0x10/0x10 [ 431.493494][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 431.493529][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 431.493563][ T31] ? __pfx__printk+0x10/0x10 [ 431.493602][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 431.493633][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 431.493668][ T31] watchdog+0xf93/0xfe0 [ 431.493698][ T31] ? watchdog+0x1de/0xfe0 [ 431.493726][ T31] kthread+0x70e/0x8a0 [ 431.493766][ T31] ? __pfx_watchdog+0x10/0x10 [ 431.493786][ T31] ? __pfx_kthread+0x10/0x10 [ 431.493823][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 431.493857][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 431.493890][ T31] ? __pfx_kthread+0x10/0x10 [ 431.493925][ T31] ret_from_fork+0x3fc/0x770 [ 431.493957][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 431.493994][ T31] ? __switch_to_asm+0x39/0x70 [ 431.494028][ T31] ? __switch_to_asm+0x33/0x70 [ 431.494063][ T31] ? __pfx_kthread+0x10/0x10 [ 431.494098][ T31] ret_from_fork_asm+0x1a/0x30 [ 431.494137][ T31] [ 431.494147][ T31] Sending NMI from CPU 0 to CPUs 1: [ 431.646637][ C1] NMI backtrace for cpu 1 [ 431.646656][ C1] CPU: 1 UID: 0 PID: 5879 Comm: syz-executor251 Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 431.646678][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 431.646690][ C1] RIP: 0010:multiq3_attach+0x62a/0x950 [ 431.646720][ C1] Code: 00 74 08 48 89 df e8 15 92 2a f9 8b 13 83 c2 0e b0 01 ee 41 80 3c 2c 00 74 08 48 89 df e8 fe 91 2a f9 8b 13 83 c2 0c 31 c0 ee <41> 80 3c 2c 00 74 08 48 89 df e8 e7 91 2a f9 8b 13 83 c2 0e b0 18 [ 431.646736][ C1] RSP: 0018:ffffc90004287a98 EFLAGS: 00000246 [ 431.646753][ C1] RAX: 0000000000000000 RBX: ffff88802f3111d0 RCX: ffff88802cac3c00 [ 431.646766][ C1] RDX: 0000000000004f33 RSI: 0000000020000004 RDI: 0000000000000000 [ 431.646778][ C1] RBP: dffffc0000000000 R08: 0000000000000dc0 R09: 00000000ffffffff [ 431.646790][ C1] R10: dffffc0000000000 R11: fffffbfff1fc6867 R12: 1ffff11005e6223a [ 431.646803][ C1] R13: 0000000001d84df0 R14: 1ffff11028a51e92 R15: 00000000003b09bf [ 431.646816][ C1] FS: 000055556f8d0380(0000) GS:ffff88812590a000(0000) knlGS:0000000000000000 [ 431.646832][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 431.646844][ C1] CR2: 0000558238ac7168 CR3: 000000007c4b8000 CR4: 00000000003526f0 [ 431.646861][ C1] Call Trace: [ 431.646871][ C1] [ 431.646882][ C1] comedi_device_attach+0x51c/0x720 [ 431.646913][ C1] comedi_unlocked_ioctl+0x5ff/0x1020 [ 431.646937][ C1] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 431.646967][ C1] ? _raw_spin_lock_irq+0xae/0xf0 [ 431.647007][ C1] ? __pfx_ptrace_notify+0x10/0x10 [ 431.647033][ C1] ? bpf_lsm_file_ioctl+0x9/0x20 [ 431.647059][ C1] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 431.647077][ C1] __se_sys_ioctl+0xfc/0x170 [ 431.647107][ C1] do_syscall_64+0xfa/0x3b0 [ 431.647123][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 431.647149][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.647167][ C1] ? clear_bhb_loop+0x60/0xb0 [ 431.647194][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.647212][ C1] RIP: 0033:0x7f5c7808bc29 [ 431.647228][ C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 431.647242][ C1] RSP: 002b:00007ffdd7868978 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 431.647260][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5c7808bc29 [ 431.647272][ C1] RDX: 0000200000000180 RSI: 0000000040946400 RDI: 0000000000000003 [ 431.647284][ C1] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 431.647295][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 431.647305][ C1] R13: 00007ffdd7868b98 R14: 00007ffdd78689a0 R15: 00007ffdd7868990 [ 431.647327][ C1] [ 431.647737][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 431.937465][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-next-20250731-syzkaller #0 PREEMPT(full) [ 431.948530][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 431.959524][ T31] Call Trace: [ 431.963016][ T31] [ 431.966007][ T31] dump_stack_lvl+0x99/0x250 [ 431.970991][ T31] ? __asan_memcpy+0x40/0x70 [ 431.975793][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 431.981019][ T31] ? __pfx__printk+0x10/0x10 [ 431.985648][ T31] vpanic+0x281/0x750 [ 431.989763][ T31] ? __pfx_vpanic+0x10/0x10 [ 431.994498][ T31] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 432.000227][ T31] ? preempt_schedule+0xae/0xc0 [ 432.005218][ T31] ? preempt_schedule_common+0x83/0xd0 [ 432.010821][ T31] panic+0xb9/0xc0 [ 432.014693][ T31] ? __pfx_panic+0x10/0x10 [ 432.019141][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 432.024564][ T31] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 432.031152][ T31] watchdog+0xfd2/0xfe0 [ 432.035445][ T31] ? watchdog+0x1de/0xfe0 [ 432.040021][ T31] kthread+0x70e/0x8a0 [ 432.044241][ T31] ? __pfx_watchdog+0x10/0x10 [ 432.048951][ T31] ? __pfx_kthread+0x10/0x10 [ 432.053570][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 432.058885][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 432.064109][ T31] ? __pfx_kthread+0x10/0x10 [ 432.068820][ T31] ret_from_fork+0x3fc/0x770 [ 432.073443][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 432.078601][ T31] ? __switch_to_asm+0x39/0x70 [ 432.083445][ T31] ? __switch_to_asm+0x33/0x70 [ 432.088295][ T31] ? __pfx_kthread+0x10/0x10 [ 432.092987][ T31] ret_from_fork_asm+0x1a/0x30 [ 432.097798][ T31] [ 432.101206][ T31] Kernel Offset: disabled [ 432.105651][ T31] Rebooting in 86400 seconds..