INFO: task kworker/1:2:1204 blocked for more than 143 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:2 state:D stack:22424 pid:1204 tgid:1204 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0xfee/0x60e0 kernel/sched/core.c:6907
__schedule_loop kernel/sched/core.c:6989 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7004
schedule_timeout+0x1b2/0x280 kernel/time/sleep_timeout.c:75
do_wait_for_common kernel/sched/completion.c:100 [inline]
__wait_for_common+0x2e7/0x4c0 kernel/sched/completion.c:121
i2c_del_adapter+0x62d/0x820 drivers/i2c/i2c-core-base.c:1814
dvb_usb_i2c_exit+0x9f/0xf0 drivers/media/usb/dvb-usb/dvb-usb-i2c.c:46
dvb_usb_exit drivers/media/usb/dvb-usb/dvb-usb-init.c:144 [inline]
dvb_usb_device_exit+0x313/0x520 drivers/media/usb/dvb-usb/dvb-usb-init.c:338
cxusb_probe.cold+0x4d/0xc2 drivers/media/usb/dvb-usb/cxusb.c:1663
usb_probe_interface+0x303/0x8f0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:583 [inline]
really_probe+0x241/0xa60 drivers/base/dd.c:661
__driver_probe_device+0x1de/0x400 drivers/base/dd.c:803
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:833
__device_attach_driver+0x1ff/0x3e0 drivers/base/dd.c:961
bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:500
__device_attach+0x1e4/0x4d0 drivers/base/dd.c:1033
device_initial_probe+0xaf/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x64/0x160 drivers/base/bus.c:574
device_add+0x11d9/0x1950 drivers/base/core.c:3689
usb_set_configuration+0xd97/0x1c60 drivers/usb/core/message.c:2208
usb_generic_driver_probe+0xa1/0xe0 drivers/usb/core/generic.c:250
usb_probe_device+0xef/0x400 drivers/usb/core/driver.c:291
call_driver_probe drivers/base/dd.c:583 [inline]
really_probe+0x241/0xa60 drivers/base/dd.c:661
__driver_probe_device+0x1de/0x400 drivers/base/dd.c:803
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:833
__device_attach_driver+0x1ff/0x3e0 drivers/base/dd.c:961
bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:500
__device_attach+0x1e4/0x4d0 drivers/base/dd.c:1033
device_initial_probe+0xaf/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x64/0x160 drivers/base/bus.c:574
device_add+0x11d9/0x1950 drivers/base/core.c:3689
usb_new_device.cold+0x685/0x115c drivers/usb/core/hub.c:2695
hub_port_connect drivers/usb/core/hub.c:5567 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x314d/0x4af0 drivers/usb/core/hub.c:5953
process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275
process_scheduled_works kernel/workqueue.c:3358 [inline]
worker_thread+0x5da/0xe40 kernel/workqueue.c:3439
kthread+0x370/0x450 kernel/kthread.c:467
ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task syz.1.141:6457 blocked for more than 144 seconds.
Tainted: G L syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.141 state:D stack:28792 pid:6457 tgid:6439 ppid:5811 task_flags:0x400040 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5295 [inline]
__schedule+0xfee/0x60e0 kernel/sched/core.c:6907
__schedule_loop kernel/sched/core.c:6989 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7004
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
__mutex_lock_common kernel/locking/mutex.c:692 [inline]
__mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
device_lock include/linux/device.h:895 [inline]
usbdev_open+0x1b6/0x870 drivers/usb/core/devio.c:1054
chrdev_open+0x234/0x6a0 fs/char_dev.c:411
do_dentry_open+0x6d8/0x1660 fs/open.c:949
vfs_open+0x82/0x3f0 fs/open.c:1081
do_open fs/namei.c:4671 [inline]
path_openat+0x208c/0x31a0 fs/namei.c:4830
do_file_open+0x20e/0x430 fs/namei.c:4859
do_sys_openat2+0x10d/0x1e0 fs/open.c:1366
do_sys_open fs/open.c:1372 [inline]
__do_sys_openat fs/open.c:1388 [inline]
__se_sys_openat fs/open.c:1383 [inline]
__x64_sys_openat+0x12d/0x210 fs/open.c:1383
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fea83b5cece
RSP: 002b:00007fea84995b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fea849966c0 RCX: 00007fea83b5cece
RDX: 0000000000103301 RSI: 00007fea84995c00 RDI: ffffffffffffff9c
RBP: 00007fea84995c00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
R13: 00007fea83e16128 R14: 00007fea83e16090 R15: 00007ffcfc9f0a58
Showing all locks held in the system:
3 locks held by kworker/u8:0/12:
#0: ffff88813fe9c148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc90000117d08 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffffffff9060f268 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 net/core/link_watch.c:313
3 locks held by kworker/1:0/24:
#0: ffff88813fe63548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc900001e7d08 (xfrm_state_gc_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffffffff8e7f4ff8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 kernel/rcu/tree_exp.h:311
1 lock held by khungtaskd/31:
#0: ffffffff8e7e93e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
#0: ffffffff8e7e93e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
#0: ffffffff8e7e93e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 kernel/locking/lockdep.c:6775
5 locks held by kworker/1:2/1204:
#0: ffff888022efd948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
#1: ffffc900047f7d08 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
#2: ffff88802b38b198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#2: ffff88802b38b198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1bd/0x4af0 drivers/usb/core/hub.c:5899
#3: ffff888077e50198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#3: ffff888077e50198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4d0 drivers/base/dd.c:1008
#4: ffff888045135160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#4: ffff888045135160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4d0 drivers/base/dd.c:1008
2 locks held by getty/5563:
#0: ffff88803903a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 drivers/tty/n_tty.c:2211
2 locks held by syz-executor/5802:
3 locks held by syz-executor/5816:
1 lock held by syz.1.141/6457:
#0: ffff88802b38b198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
#0: ffff88802b38b198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x1b6/0x870 drivers/usb/core/devio.c:1054
2 locks held by syz.0.677/8607:
#0: ffffffff9060f268 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline]
#0: ffffffff9060f268 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 drivers/net/tun.c:3436
#1: ffffffff8e7f4ff8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 kernel/rcu/tree_exp.h:343
1 lock held by syz.2.680/8624:
#0: ffffffff9060f268 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x4a2/0x47c0 drivers/net/tun.c:3078
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
nmi_cpu_backtrace.cold+0x12d/0x151 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x1d7/0x230 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x141/0x190 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
watchdog+0xd25/0x1050 kernel/hung_task.c:515
kthread+0x370/0x450 kernel/kthread.c:467
ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 5802 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:81 [inline]
RIP: 0010:__orc_find+0x70/0xf0 arch/x86/kernel/unwind_orc.c:103
Code: ec 72 4e 4c 89 e2 48 29 ea 48 89 d6 48 c1 ea 3f 48 c1 fe 02 48 01 f2 48 d1 fa 48 8d 5c 95 00 48 89 da 48 c1 ea 03 0f b6 34 0a <48> 89 da 83 e2 07 83 c2 03 40 38 f2 7c 05 40 84 f6 75 4b 48 63 13
RSP: 0018:ffffc90003d5f2e0 EFLAGS: 00000a07
RAX: ffffffff9188c9a4 RBX: ffffffff90fc96ec RCX: dffffc0000000000
RDX: 1ffffffff21f92dd RSI: 0000000000000000 RDI: ffffffff90fc96cc
RBP: ffffffff90fc96cc R08: ffffffff9188ca10 R09: 0000000000000007
R10: 0000000000000200 R11: 0000000000018e05 R12: ffffffff90fc9710
R13: ffffffff828e0535 R14: ffffffff90fc96cc R15: ffffffff90fc96cc
FS: 00005555796f0500(0000) GS:ffff88812444a000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f27577e82f8 CR3: 0000000061842000 CR4: 00000000003526f0
Call Trace:
orc_find arch/x86/kernel/unwind_orc.c:238 [inline]
unwind_next_frame+0x2ec/0x1ea0 arch/x86/kernel/unwind_orc.c:510
arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
save_stack+0x162/0x1e0 mm/page_owner.c:165
__reset_page_owner+0x84/0x190 mm/page_owner.c:320
reset_page_owner include/linux/page_owner.h:25 [inline]
__free_pages_prepare mm/page_alloc.c:1433 [inline]
free_unref_folios+0xaea/0x1790 mm/page_alloc.c:3040
folios_put_refs+0x53c/0x840 mm/swap.c:1002
folio_batch_release include/linux/pagevec.h:101 [inline]
shmem_undo_range+0x5e5/0x1570 mm/shmem.c:1149
shmem_truncate_range mm/shmem.c:1277 [inline]
shmem_evict_inode+0x39e/0xbd0 mm/shmem.c:1407
evict+0x3c2/0xad0 fs/inode.c:846
iput_final fs/inode.c:1966 [inline]
iput.part.0+0x605/0xf50 fs/inode.c:2015
iput+0x35/0x40 fs/inode.c:1981
filename_unlinkat+0x466/0x730 fs/namei.c:5544
__do_sys_unlink fs/namei.c:5575 [inline]
__se_sys_unlink fs/namei.c:5572 [inline]
__x64_sys_unlink+0x46/0x70 fs/namei.c:5572
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f418379b717
Code: 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffdd0c108e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f418379b717
RDX: 00007ffdd0c10910 RSI: 00007ffdd0c109a0 RDI: 00007ffdd0c109a0
RBP: 00007ffdd0c109a0 R08: 00007ffdd0c119a0 R09: 00000000ffffffff
R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffdd0c11a30
R13: 00007f4183831ef0 R14: 000000000003e9e2 R15: 00007ffdd0c11a70