INFO: task syz.2.2878:16820 blocked for more than 143 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.2878 state:D stack:27944 pid:16820 tgid:16819 ppid:5844 task_flags:0x400040 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5260 [inline]
__schedule+0x14ef/0x4fb0 kernel/sched/core.c:6867
__schedule_loop kernel/sched/core.c:6949 [inline]
schedule+0x164/0x360 kernel/sched/core.c:6964
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
device_lock include/linux/device.h:895 [inline]
usbdev_open+0x182/0x770 drivers/usb/core/devio.c:1054
chrdev_open+0x4cd/0x5e0 fs/char_dev.c:414
do_dentry_open+0x7ce/0x1420 fs/open.c:962
vfs_open+0x3b/0x340 fs/open.c:1094
do_open fs/namei.c:4637 [inline]
path_openat+0x3486/0x3e20 fs/namei.c:4796
do_filp_open+0x22d/0x490 fs/namei.c:4823
do_sys_openat2+0x12f/0x220 fs/open.c:1430
do_sys_open fs/open.c:1436 [inline]
__do_sys_openat fs/open.c:1452 [inline]
__se_sys_openat fs/open.c:1447 [inline]
__x64_sys_openat+0x138/0x170 fs/open.c:1447
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6eafb5b58e
RSP: 002b:00007f6eb0b06b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f6eb0b076c0 RCX: 00007f6eafb5b58e
RDX: 0000000000109301 RSI: 00007f6eb0b06c00 RDI: ffffffffffffff9c
RBP: 00007f6eb0b06c00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
R13: 00007f6eafe16038 R14: 00007f6eafe15fa0 R15: 00007f6eaff3fa48
INFO: task syz.2.2878:16821 blocked for more than 143 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.2878 state:D stack:28184 pid:16821 tgid:16819 ppid:5844 task_flags:0x400040 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5260 [inline]
__schedule+0x14ef/0x4fb0 kernel/sched/core.c:6867
__schedule_loop kernel/sched/core.c:6949 [inline]
schedule+0x164/0x360 kernel/sched/core.c:6964
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
device_lock include/linux/device.h:895 [inline]
usbdev_open+0x182/0x770 drivers/usb/core/devio.c:1054
chrdev_open+0x4cd/0x5e0 fs/char_dev.c:414
do_dentry_open+0x7ce/0x1420 fs/open.c:962
vfs_open+0x3b/0x340 fs/open.c:1094
do_open fs/namei.c:4637 [inline]
path_openat+0x3486/0x3e20 fs/namei.c:4796
do_filp_open+0x22d/0x490 fs/namei.c:4823
do_sys_openat2+0x12f/0x220 fs/open.c:1430
do_sys_open fs/open.c:1436 [inline]
__do_sys_openat fs/open.c:1452 [inline]
__se_sys_openat fs/open.c:1447 [inline]
__x64_sys_openat+0x138/0x170 fs/open.c:1447
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6eafb5b58e
RSP: 002b:00007f6eb0ae5b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f6eb0ae66c0 RCX: 00007f6eafb5b58e
RDX: 0000000000109301 RSI: 00007f6eb0ae5c00 RDI: ffffffffffffff9c
RBP: 00007f6eb0ae5c00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
R13: 00007f6eafe16128 R14: 00007f6eafe16090 R15: 00007f6eaff3fa48
INFO: task syz.5.2915:16950 blocked for more than 144 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.2915 state:D stack:28184 pid:16950 tgid:16949 ppid:8607 task_flags:0x400040 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5260 [inline]
__schedule+0x14ef/0x4fb0 kernel/sched/core.c:6867
__schedule_loop kernel/sched/core.c:6949 [inline]
schedule+0x164/0x360 kernel/sched/core.c:6964
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7021
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
device_lock include/linux/device.h:895 [inline]
usbdev_open+0x182/0x770 drivers/usb/core/devio.c:1054
chrdev_open+0x4cd/0x5e0 fs/char_dev.c:414
do_dentry_open+0x7ce/0x1420 fs/open.c:962
vfs_open+0x3b/0x340 fs/open.c:1094
do_open fs/namei.c:4637 [inline]
path_openat+0x3486/0x3e20 fs/namei.c:4796
do_filp_open+0x22d/0x490 fs/namei.c:4823
do_sys_openat2+0x12f/0x220 fs/open.c:1430
do_sys_open fs/open.c:1436 [inline]
__do_sys_openat fs/open.c:1452 [inline]
__se_sys_openat fs/open.c:1447 [inline]
__x64_sys_openat+0x138/0x170 fs/open.c:1447
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9f4fd5b58e
RSP: 002b:00007f9f50be0b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f9f50be16c0 RCX: 00007f9f4fd5b58e
RDX: 0000000000000000 RSI: 00007f9f50be0c00 RDI: ffffffffffffff9c
RBP: 00007f9f50be0c00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
R13: 00007f9f50016038 R14: 00007f9f50015fa0 R15: 00007f9f5013fa48
Showing all locks held in the system:
2 locks held by ksoftirqd/1/23:
#0: ffff8880b863a918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xa9/0x140 kernel/sched/core.c:647
#1: ffff8880b8724588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 kernel/sched/psi.c:933
1 lock held by khungtaskd/31:
#0: ffffffff8e35a360 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8e35a360 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#0: ffffffff8e35a360 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
3 locks held by kworker/u8:5/1112:
#0: ffff88813fe29948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff88813fe29948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
#1: ffffc90003a4fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc90003a4fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
#2: ffffffff8f7a9d88 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 net/core/link_watch.c:303
2 locks held by pvrusb2-context/2346:
#0: ffff888055b54188 (&hdw->big_lock_mutex){+.+.}-{4:4}, at: pvr2_hdw_initialize+0xe4/0x3c50 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2326
#1: ffffffff8e1f7790 (umhelper_sem){++++}-{4:4}, at: usermodehelper_read_trylock+0xfc/0x2c0 kernel/umh.c:214
2 locks held by getty/5582:
#0: ffff8880308850a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211
6 locks held by kworker/1:5/5917:
#0: ffff888020af7548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff888020af7548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
#1: ffffc9000b037bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc9000b037bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
#2: ffff888028e83198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#2: ffff888028e83198 (&dev->mutex){....}-{4:4}, at: hub_event+0x17f/0x4f30 drivers/usb/core/hub.c:5899
#3: ffff88802a15d198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#3: ffff88802a15d198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x990 drivers/usb/core/hub.c:2336
#4: ffff888033154160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#4: ffff888033154160 (&dev->mutex){....}-{4:4}, at: __device_driver_lock drivers/base/dd.c:1106 [inline]
#4: ffff888033154160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x860 drivers/base/dd.c:1304
#5: ffff888055b54188 (&hdw->big_lock_mutex){+.+.}-{4:4}, at: pvr2_hdw_disconnect+0x6d/0x500 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2710
4 locks held by udevd/6170:
#0: ffff888061b52c30 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10 fs/seq_file.c:182
#1: ffff888056658088 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x5c/0x420 fs/kernfs/file.c:172
#2: ffff888040483a58 (kn->active#21){++++}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888040483a58 (kn->active#21){++++}-{0:0}, at: kernfs_seq_start+0xb2/0x420 fs/kernfs/file.c:173
#3: ffff88802a15d198 (&dev->mutex){....}-{4:4}, at: device_lock_interruptible include/linux/device.h:900 [inline]
#3: ffff88802a15d198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0 drivers/usb/core/sysfs.c:142
7 locks held by kworker/u8:10/11770:
#0: ffff88801b29f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3232 [inline]
#0: ffff88801b29f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 kernel/workqueue.c:3340
#1: ffffc900137d7bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3233 [inline]
#1: ffffc900137d7bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 kernel/workqueue.c:3340
#2: ffffffff8f79b410 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xfe/0x7b0 net/core/net_namespace.c:670
#3: ffff88807d3550e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#3: ffff88807d3550e8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
#3: ffff88807d3550e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x117/0x3f0 net/devlink/core.c:506
#4: ffff888078d9c250 (&devlink->lock_key#11){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
#4: ffff888078d9c250 (&devlink->lock_key#11){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
#4: ffff888078d9c250 (&devlink->lock_key#11){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x129/0x3f0 net/devlink/core.c:506
#5: ffffffff8f7a9d88 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0xed/0x680 drivers/net/netdevsim/netdev.c:1175
#6: ffffffff8e360c78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
#6: ffffffff8e360c78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770 kernel/rcu/tree_exp.h:956
1 lock held by syz.2.2878/16820:
#0: ffff888028e83198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#0: ffff888028e83198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x182/0x770 drivers/usb/core/devio.c:1054
1 lock held by syz.2.2878/16821:
#0: ffff888028e83198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#0: ffff888028e83198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x182/0x770 drivers/usb/core/devio.c:1054
1 lock held by syz.5.2915/16950:
#0: ffff888028e83198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#0: ffff888028e83198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x182/0x770 drivers/usb/core/devio.c:1054
3 locks held by syz-executor/17369:
#0: ffff888053e7cec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
#0: ffff888053e7cec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x5a0 net/bluetooth/hci_core.c:2715
#1: ffff888053e7c0c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x640/0x10e0 net/bluetooth/hci_sync.c:5315
#2: ffffffff8e360c78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:311 [inline]
#2: ffffffff8e360c78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770 kernel/rcu/tree_exp.h:956
1 lock held by syz.3.3192/18068:
#0: ffff888028e83198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#0: ffff888028e83198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x182/0x770 drivers/usb/core/devio.c:1054
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
Call Trace:
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
watchdog+0xf90/0xfe0 kernel/hung_task.c:515
kthread+0x726/0x8b0 kernel/kthread.c:463
ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 17213 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:26 [inline]
RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:109 [inline]
RIP: 0010:check_preemption_disabled+0x29/0xe0 lib/smp_processor_id.c:19
Code: 90 55 41 57 41 56 53 65 8b 05 c7 d6 56 07 65 8b 0d bc d6 56 07 f7 c1 ff ff ff 7f 74 0c 5b 41 5e 41 5f 5d e9 59 c7 02 00 cc 9c <59> f7 c1 00 02 00 00 74 ea 65 4c 8b 3d 6e d6 56 07 41 f6 47 2f 04
RSP: 0018:ffffc9000dda73a0 EFLAGS: 00000046
RAX: 0000000000000001 RBX: 0000000000000202 RCX: 0000000080000000
RDX: ffffc9000dda7501 RSI: ffffffff8daeca7c RDI: ffffffff8be73880
RBP: dffffc0000000000 R08: ffffc9000dda7f38 R09: 0000000000000000
R10: ffffc9000dda7558 R11: fffff52001bb4ead R12: ffffc9000dda7f48
R13: ffffffff8174c0e5 R14: ffffffff8e35a360 R15: ffff88807a958000
FS: 0000000000000000(0000) GS:ffff888125a26000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f51ae947e20 CR3: 0000000065bf6000 CR4: 00000000003526f0
Call Trace:
lockdep_recursion_inc kernel/locking/lockdep.c:465 [inline]
lock_release+0xa1/0x3a0 kernel/locking/lockdep.c:5888
rcu_lock_release include/linux/rcupdate.h:341 [inline]
rcu_read_unlock include/linux/rcupdate.h:897 [inline]
class_rcu_destructor include/linux/rcupdate.h:1195 [inline]
unwind_next_frame+0x1aaa/0x23c0 arch/x86/kernel/unwind_orc.c:695
arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
kasan_save_stack mm/kasan/common.c:57 [inline]
kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584
poison_slab_object mm/kasan/common.c:253 [inline]
__kasan_slab_free+0x5c/0x80 mm/kasan/common.c:285
kasan_slab_free include/linux/kasan.h:235 [inline]
slab_free_hook mm/slub.c:2540 [inline]
slab_free mm/slub.c:6674 [inline]
kmem_cache_free+0x195/0x610 mm/slub.c:6785
anon_vma_chain_free mm/rmap.c:146 [inline]
unlink_anon_vmas+0x2cc/0x670 mm/rmap.c:420
free_pgtables+0x596/0xa00 mm/memory.c:399
exit_mmap+0x449/0xb30 mm/mmap.c:1288
__mmput+0x118/0x430 kernel/fork.c:1173
exit_mm+0x168/0x220 kernel/exit.c:581
do_exit+0x62e/0x2310 kernel/exit.c:959
do_group_exit+0x21b/0x2d0 kernel/exit.c:1112
__do_sys_exit_group kernel/exit.c:1123 [inline]
__se_sys_exit_group kernel/exit.c:1121 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121
x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f51adb9acb9
Code: Unable to access opcode bytes at 0x7f51adb9ac8f.
RSP: 002b:00007f51adf3fc98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f51adc0ab9c RCX: 00007f51adb9acb9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
RBP: 00007f51adc0abae R08: 0000000000000000 R09: 00000000000927c0
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 00000000000927c0 R14: 0000000000103ce8 R15: 00007f51adf3fe40