INFO: task kworker/1:0:31 blocked for more than 123 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:0 state:D stack:0 pid:31 tgid:31 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:5945 [inline]
__schedule+0x1322/0x1df0 kernel/sched/core.c:7791
__schedule_loop kernel/sched/core.c:7872 [inline]
schedule+0xc6/0x240 kernel/sched/core.c:7887
schedule_timeout+0xb2/0x3a0 kernel/time/timer.c:2595
do_wait_for_common kernel/sched/completion.c:95 [inline]
__wait_for_common kernel/sched/completion.c:116 [inline]
wait_for_common+0x359/0x630 kernel/sched/completion.c:127
wait_for_completion+0x1c/0x40 kernel/sched/completion.c:148
rcu_barrier+0x415/0x530 kernel/rcu/tree.c:4657
scsi_host_dev_release+0xae/0x2f0 drivers/scsi/hosts.c:344
device_release+0xab/0x1e0 drivers/base/core.c:-1
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x1aa/0x2a0 lib/kobject.c:737
put_device+0x23/0x40 drivers/base/core.c:3800
scsi_host_put+0x20/0x30 drivers/scsi/hosts.c:625
release_everything+0x1f8/0x210 drivers/usb/storage/usb.c:971
usb_stor_probe2+0x2ff/0xbd0 drivers/usb/storage/usb.c:1168
datafab_probe+0x189/0x1f0 drivers/usb/storage/datafab.c:739
usb_probe_interface+0x696/0xc00 drivers/usb/core/driver.c:403
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x2d3/0x890 drivers/base/dd.c:657
__driver_probe_device+0x198/0x280 drivers/base/dd.c:799
driver_probe_device+0x54/0x3f0 drivers/base/dd.c:829
__device_attach_driver+0x2f1/0x4b0 drivers/base/dd.c:957
bus_for_each_drv+0x260/0x2f0 drivers/base/bus.c:459
__device_attach+0x2bd/0x3a0 drivers/base/dd.c:1029
device_initial_probe+0x1e/0x30 drivers/base/dd.c:1078
bus_probe_device+0x18b/0x270 drivers/base/bus.c:534
device_add+0x80c/0xc00 drivers/base/core.c:3692
usb_set_configuration+0x1ad4/0x20b0 drivers/usb/core/message.c:2210
usb_generic_driver_probe+0x95/0x160 drivers/usb/core/generic.c:254
usb_probe_device+0x1d4/0x380 drivers/usb/core/driver.c:298
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x2d3/0x890 drivers/base/dd.c:657
__driver_probe_device+0x198/0x280 drivers/base/dd.c:799
driver_probe_device+0x54/0x3f0 drivers/base/dd.c:829
__device_attach_driver+0x2f1/0x4b0 drivers/base/dd.c:957
bus_for_each_drv+0x260/0x2f0 drivers/base/bus.c:459
__device_attach+0x2bd/0x3a0 drivers/base/dd.c:1029
device_initial_probe+0x1e/0x30 drivers/base/dd.c:1078
bus_probe_device+0x18b/0x270 drivers/base/bus.c:534
device_add+0x80c/0xc00 drivers/base/core.c:3692
usb_new_device+0x9ed/0x1590 drivers/usb/core/hub.c:2690
hub_port_connect drivers/usb/core/hub.c:5561 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5701 [inline]
port_event drivers/usb/core/hub.c:5865 [inline]
hub_event+0x2c81/0x4270 drivers/usb/core/hub.c:5947
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x7d5/0x1020 kernel/workqueue.c:3319
worker_thread+0xc58/0x1250 kernel/workqueue.c:3400
kthread+0x2c7/0x370 kernel/kthread.c:389
ret_from_fork+0x64/0xa0 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
INFO: task syz.5.4056:12611 blocked for more than 127 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.4056 state:D stack:0 pid:12611 tgid:12610 ppid:11372 flags:0x00004000
Call Trace:
context_switch kernel/sched/core.c:5945 [inline]
__schedule+0x1322/0x1df0 kernel/sched/core.c:7791
__schedule_loop kernel/sched/core.c:7872 [inline]
schedule+0xc6/0x240 kernel/sched/core.c:7887
schedule_timeout+0xb2/0x3a0 kernel/time/timer.c:2595
do_wait_for_common kernel/sched/completion.c:95 [inline]
__wait_for_common kernel/sched/completion.c:116 [inline]
wait_for_common+0x359/0x630 kernel/sched/completion.c:127
wait_for_completion+0x1c/0x40 kernel/sched/completion.c:148
exit_aio+0x2df/0x3b0 fs/aio.c:927
__mmput+0x30/0x320 kernel/fork.c:1346
mmput+0x55/0x170 kernel/fork.c:1372
exit_mm kernel/exit.c:574 [inline]
do_exit+0x918/0x2630 kernel/exit.c:940
do_group_exit+0x22a/0x300 kernel/exit.c:1095
get_signal+0x139d/0x14f0 kernel/signal.c:2933
arch_do_signal_or_restart+0x96/0x720 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x58/0xb0 kernel/entry/common.c:218
do_syscall_64+0x64/0xf0 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f645fb8ebe9
RSP: 002b:00007f645e5e30e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000001 RBX: 00007f645fdc5fa8 RCX: 00007f645fb8ebe9
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f645fdc5fac
RBP: 00007f645fdc5fa0 R08: 7fffffffffffffff R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 00007f645fdc6038 R14: 00007ffdd37f74f0 R15: 00007ffdd37f75d8
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 37 Comm: khungtaskd Not tainted syzkaller #0 6e508aa732f414f9d300b832ff15c50b3cf7cfdc
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
__dump_stack+0x21/0x30 lib/dump_stack.c:94
dump_stack_lvl+0x10c/0x190 lib/dump_stack.c:120
dump_stack+0x19/0x20 lib/dump_stack.c:129
nmi_cpu_backtrace+0x2bf/0x2d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x142/0x2c0 lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:41
trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:267 [inline]
watchdog+0xd8f/0xed0 kernel/hung_task.c:423
kthread+0x2c7/0x370 kernel/kthread.c:389
ret_from_fork+0x64/0xa0 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 12701 Comm: syz-executor Not tainted syzkaller #0 6e508aa732f414f9d300b832ff15c50b3cf7cfdc
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:rol32 include/linux/bitops.h:127 [inline]
RIP: 0010:jhash2 include/linux/jhash.h:129 [inline]
RIP: 0010:hash_stack lib/stackdepot.c:514 [inline]
RIP: 0010:stack_depot_save_flags+0xad/0x800 lib/stackdepot.c:614
Code: 44 29 e1 31 cf 41 01 c4 29 f8 41 89 f8 41 c1 c0 06 41 31 c0 44 01 e7 45 89 c1 41 c1 c1 08 45 29 c4 45 31 e1 41 01 f8 44 29 cf <44> 89 c9 c1 c1 10 31 f9 45 01 c1 89 c8 c1 c0 13 41 29 c8 44 31 c0
RSP: 0018:ffffc90004b76f20 EFLAGS: 00000282
RAX: 000000006afbabcb RBX: 0000000000002800 RCX: 00000000efa722f3
RDX: ffffc90004b77028 RSI: 000000000000000e RDI: 00000000898b9f73
RBP: ffffc90004b76f80 R08: 00000000d733f19e R09: 000000006391bf83
R10: 0000000000000010 R11: ffffffff81744330 R12: 0000000075031769
R13: 1ffff9200096edf8 R14: ffffc90004b76fe0 R15: 1ffff110262e4ca0
FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2db17f84c0 CR3: 0000000107b8a000 CR4: 00000000003526b0
Call Trace:
stack_depot_save+0x12/0x20 lib/stackdepot.c:686
save_stack+0x106/0x1f0 mm/page_owner.c:175
__reset_page_owner+0x79/0x450 mm/page_owner.c:315
reset_page_owner include/linux/page_owner.h:28 [inline]
free_pages_prepare mm/page_alloc.c:1352 [inline]
free_unref_folios+0xcfe/0x1680 mm/page_alloc.c:2901
folios_put_refs+0x4c9/0x5c0 mm/swap.c:1038
free_pages_and_swap_cache+0x272/0x460 mm/swap_state.c:333
__tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline]
tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]
tlb_flush_mmu+0x7ce/0xaf0 mm/mmu_gather.c:373
tlb_finish_mmu+0xcf/0x1d0 mm/mmu_gather.c:465
exit_mmap+0x405/0xb60 mm/mmap.c:1976
__mmput+0x93/0x320 kernel/fork.c:1349
mmput+0x55/0x170 kernel/fork.c:1372
exec_mmap+0x37c/0x420 fs/exec.c:1020
begin_new_exec+0x11f0/0x1ee0 fs/exec.c:1287
load_elf_binary+0x806/0x2b40 fs/binfmt_elf.c:994
search_binary_handler fs/exec.c:1790 [inline]
exec_binprm fs/exec.c:1832 [inline]
bprm_execve+0x6e9/0x1380 fs/exec.c:1884
do_execveat_common+0x929/0xa80 fs/exec.c:1989
do_execve fs/exec.c:2063 [inline]
__do_sys_execve fs/exec.c:2139 [inline]
__se_sys_execve fs/exec.c:2134 [inline]
__x64_sys_execve+0x96/0xb0 fs/exec.c:2134
x64_sys_call+0x12c4/0x2ee0 arch/x86/include/generated/asm/syscalls_64.h:60
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x58/0xf0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f1378dc22b7
Code: Unable to access opcode bytes at 0x7f1378dc228d.
RSP: 002b:00007f1379bb6df8 EFLAGS: 00000206 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00007fffdedb7ef2 RCX: 00007f1378dc22b7
RDX: 00007fffdedb63f0 RSI: 00007fffdedb6630 RDI: 00007fffdedb7ef2
RBP: 00007f1379bb6e70 R08: 00007f1379bb6f20 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000206 R12: 00007fffdedb6630
R13: 00007fffdedb63f0 R14: 0000000000000000 R15: 0000000000000000
net_ratelimit: 154839 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:a6:9f:f2:60:31:19, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:a6:9f:f2:60:31:19, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)