INFO: task syz-executor:5828 blocked for more than 143 seconds.
      Not tainted syzkaller #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:19496 pid:5828  tgid:5828  ppid:1      task_flags:0x40014c flags:0x00080001
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x14bc/0x5000 kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6960
 wb_wait_for_completion+0x360/0x680 fs/fs-writeback.c:226
 sync_inodes_sb+0x1c9/0xb40 fs/fs-writeback.c:2894
 sync_filesystem+0x17a/0x230 fs/sync.c:64
 generic_shutdown_super+0x6f/0x2c0 fs/super.c:622
 kill_block_super+0x44/0x90 fs/super.c:1722
 ext4_kill_sb+0x68/0xb0 fs/ext4/super.c:7444
 deactivate_locked_super+0xbc/0x130 fs/super.c:474
 cleanup_mnt+0x425/0x4c0 fs/namespace.c:1318
 task_work_run+0x1d4/0x260 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x6c5/0x2310 kernel/exit.c:971
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1112
 __do_sys_exit_group kernel/exit.c:1123 [inline]
 __se_sys_exit_group kernel/exit.c:1121 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121
 x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f833478f749
RSP: 002b:00007ffe4be45a28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f8334813def RCX: 00007f833478f749
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000010 R08: 00007ffe4be437c6 R09: 00007ffe4be46ce0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe4be46ce0
R13: 00007f8334813d7d R14: 0000555567ba54a8 R15: 00007ffe4be47db0
 </TASK>

Showing all locks held in the system:
2 locks held by ksoftirqd/1/23:
 #0: ffff8880b873a918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:639
 #1: ffff8880b8724588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 kernel/sched/psi.c:933
1 lock held by khungtaskd/31:
 #0: ffffffff8df41a60 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8df41a60 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #0: ffffffff8df41a60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
2 locks held by getty/5582:
 #0: ffff888030d8a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x449/0x1460 drivers/tty/n_tty.c:2211
2 locks held by syz-executor/5828:
 #0: ffff8880227b60e0 (&type->s_umount_key#32){++++}-{4:4}, at: __super_lock fs/super.c:57 [inline]
 #0: ffff8880227b60e0 (&type->s_umount_key#32){++++}-{4:4}, at: __super_lock_excl fs/super.c:72 [inline]
 #0: ffff8880227b60e0 (&type->s_umount_key#32){++++}-{4:4}, at: deactivate_super+0xa9/0xe0 fs/super.c:506
 #1: ffff888024e3a820 (&bdi->wb_switch_rwsem){+.+.}-{4:4}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:397 [inline]
 #1: ffff888024e3a820 (&bdi->wb_switch_rwsem){+.+.}-{4:4}, at: sync_inodes_sb+0x1ad/0xb40 fs/fs-writeback.c:2892
6 locks held by kworker/0:6/5946:
 #0: ffff8881432a4148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3254
 #1: 
ffffc9000ad77b80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3255
 #2: ffff8880b86260d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base kernel/time/timer.c:1004 [inline]
 #2: ffff8880b86260d8 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30 kernel/time/timer.c:1085
 #3: ffffffff99b6f790 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x87/0x540 lib/debugobjects.c:818
 #4: ffff8880288e5098 (&hub->status_mutex){+.+.}-{4:4}, at: hub_ext_port_status+0x53/0x820 drivers/usb/core/hub.c:623
 #5: ffffffff8df41a60 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #5: ffffffff8df41a60 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #5: ffffffff8df41a60 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1195 [inline]
 #5: ffffffff8df41a60 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa5/0x2390 arch/x86/kernel/unwind_orc.c:479
4 locks held by kworker/u8:12/5981:
7 locks held by kworker/0:8/6399:
 #0: ffff8881432a4148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 kernel/workqueue.c:3254
 #1: ffffc90003427b80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 kernel/workqueue.c:3255
 #2: ffff88802851c198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #2: ffff88802851c198 (&dev->mutex){....}-{4:4}, at: hub_event+0x187/0x4ef0 drivers/usb/core/hub.c:5899
 #3: ffff888025fb8198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #3: ffff888025fb8198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x990 drivers/usb/core/hub.c:2336
 #4: ffff88807c4eb160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #4: ffff88807c4eb160 (&dev->mutex){....}-{4:4}, at: __device_driver_lock drivers/base/dd.c:1104 [inline]
 #4: ffff88807c4eb160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x800 drivers/base/dd.c:1302
 #5: ffffffff8ed96108 (input_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #5: ffffffff8ed96108 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x328/0x640 drivers/input/input.c:2187
 #6: ffffffff8df475b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:311 [inline]
 #6: ffffffff8df475b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730 kernel/rcu/tree_exp.h:956
1 lock held by syz.6.305/7537:
 #0: ffffffff8df475b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
 #0: ffffffff8df475b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:956
1 lock held by udevadm/7569:
 #0: ffff8880b873a918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:639

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xf95/0xfe0 kernel/hung_task.c:515
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 2346 Comm: pvrusb2-context Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:__sanitizer_cov_trace_switch+0x74/0x130 kernel/kcov.c:-1
Code: 00 b9 07 00 00 00 48 85 c0 75 13 e9 c2 00 00 00 b9 01 00 00 00 48 85 c0 0f 84 b4 00 00 00 41 57 41 56 41 54 53 48 8b 54 24 20 <65> 4c 8b 04 25 08 b0 7e 92 45 31 c9 eb 08 49 ff c1 4c 39 c8 74 77
RSP: 0018:ffffc90004ad6528 EFLAGS: 00000202
RAX: 0000000000000002 RBX: 0000000000000025 RCX: 0000000000000001
RDX: ffffffff8b576654 RSI: ffffffff8f6946f0 RDI: 0000000000000025
RBP: ffffffff8b6bb960 R08: ffff88802a153d00 R09: 0000000000000002
R10: 0000000000000025 R11: 0000000000000000 R12: ffffffff8b6bb961
R13: ffffc90004ad65f8 R14: 0000000000000001 R15: ffffffff8b6bb960
FS:  0000000000000000(0000) GS:ffff888125e35000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2d51aff8 CR3: 0000000075660000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 format_decode+0x84/0xe10 lib/vsprintf.c:2691
 vsnprintf+0x102/0xee0 lib/vsprintf.c:2889
 sprintf+0xd9/0x120 lib/vsprintf.c:3110
 print_time kernel/printk/printk.c:1357 [inline]
 info_print_prefix+0x155/0x310 kernel/printk/printk.c:1383
 record_print_text+0x154/0x420 kernel/printk/printk.c:1432
 printk_get_next_message+0x26d/0x7b0 kernel/printk/printk.c:3018
 console_emit_next_record kernel/printk/printk.c:3083 [inline]
 console_flush_one_record kernel/printk/printk.c:3215 [inline]
 console_flush_all+0x514/0xb60 kernel/printk/printk.c:3289
 __console_flush_and_unlock kernel/printk/printk.c:3319 [inline]
 console_unlock+0xbb/0x190 kernel/printk/printk.c:3359
 vprintk_emit+0x4f8/0x5f0 kernel/printk/printk.c:2426
 _printk+0xcf/0x120 kernel/printk/printk.c:2451
 get_cx2388x_ident drivers/media/i2c/cx25840/cx25840-core.c:3747 [inline]
 cx25840_probe+0x114b/0x2140 drivers/media/i2c/cx25840/cx25840-core.c:3788
 i2c_device_probe+0x87e/0xc00 drivers/i2c/i2c-core-base.c:592
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x26d/0xad0 drivers/base/dd.c:659
 __driver_probe_device+0x18c/0x320 drivers/base/dd.c:801
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:831
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:959
 bus_for_each_drv+0x251/0x2e0 drivers/base/bus.c:500
 __device_attach+0x2b8/0x430 drivers/base/dd.c:1031
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1086
 bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
 device_add+0x7b6/0xb80 drivers/base/core.c:3689
 i2c_new_client_device+0xa11/0x1150 drivers/i2c/i2c-core-base.c:1019
 v4l2_i2c_new_subdev_board+0x86/0x250 drivers/media/v4l2-core/v4l2-i2c.c:81
 v4l2_i2c_new_subdev+0x14a/0x1e0 drivers/media/v4l2-core/v4l2-i2c.c:136
 pvr2_hdw_load_subdev drivers/media/usb/pvrusb2/pvrusb2-hdw.c:-1 [inline]
 pvr2_hdw_load_modules drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2074 [inline]
 pvr2_hdw_setup_low drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2155 [inline]
 pvr2_hdw_setup drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2261 [inline]
 pvr2_hdw_initialize+0xe18/0x3ac0 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2338
 pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:111 [inline]
 pvr2_context_thread_func+0x487/0xaf0 drivers/media/usb/pvrusb2/pvrusb2-context.c:158
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>