syzbot

INFO: task syz.3.8820:31977 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.8820      state:D stack:27800 pid:31977 tgid:31975 ppid:13426  task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5387 [inline]
 __schedule+0x10e9/0x6820 kernel/sched/core.c:7188
 __schedule_loop kernel/sched/core.c:7267 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7282
 schedule_timeout+0x1b2/0x280 kernel/time/sleep_timeout.c:75
 ___down_common kernel/locking/semaphore.c:289 [inline]
 __down_common+0x371/0x8a0 kernel/locking/semaphore.c:314
 down+0x74/0xa0 kernel/locking/semaphore.c:100
 console_lock+0x5b/0xa0 kernel/printk/printk.c:2896
 class_console_lock_constructor include/linux/console.h:736 [inline]
 con_install+0x99/0x620 drivers/tty/vt/vt.c:3700
 tty_driver_install_tty drivers/tty/tty_io.c:1295 [inline]
 tty_init_dev.part.0+0x9e/0x470 drivers/tty/tty_io.c:1407
 tty_init_dev include/linux/err.h:78 [inline]
 tty_open_by_driver drivers/tty/tty_io.c:2073 [inline]
 tty_open+0xa63/0xfa0 drivers/tty/tty_io.c:2120
 chrdev_open+0x234/0x6a0 fs/char_dev.c:411
 do_dentry_open+0x6d8/0x1660 fs/open.c:947
 vfs_open+0x82/0x3f0 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x208c/0x31a0 fs/namei.c:4858
 do_file_open+0x20e/0x430 fs/namei.c:4887
 do_sys_openat2+0x10d/0x1e0 fs/open.c:1364
 do_sys_open fs/open.c:1370 [inline]
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __x64_sys_openat+0x12d/0x210 fs/open.c:1381
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3b6379c819
RSP: 002b:00007f3b64576028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f3b63a15fa0 RCX: 00007f3b6379c819
RDX: 0000000000000102 RSI: 0000200000000180 RDI: ffffffffffffff9c
RBP: 00007f3b63832c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f3b63a16038 R14: 00007f3b63a15fa0 R15: 00007fffaf245018
 </TASK>
INFO: task syz.3.8820:31980 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.8820      state:D stack:28008 pid:31980 tgid:31975 ppid:13426  task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5387 [inline]
 __schedule+0x10e9/0x6820 kernel/sched/core.c:7188
 __schedule_loop kernel/sched/core.c:7267 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7282
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7339
 __mutex_lock_common kernel/locking/mutex.c:712 [inline]
 __mutex_lock+0xced/0x1b10 kernel/locking/mutex.c:806
 tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
 chrdev_open+0x234/0x6a0 fs/char_dev.c:411
 do_dentry_open+0x6d8/0x1660 fs/open.c:947
 vfs_open+0x82/0x3f0 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x208c/0x31a0 fs/namei.c:4858
 do_file_open+0x20e/0x430 fs/namei.c:4887
 do_sys_openat2+0x10d/0x1e0 fs/open.c:1364
 do_sys_open fs/open.c:1370 [inline]
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __x64_sys_openat+0x12d/0x210 fs/open.c:1381
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3b6379c819
RSP: 002b:00007f3b619f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f3b63a16090 RCX: 00007f3b6379c819
RDX: 0000000000101e81 RSI: 0000200000000400 RDI: ffffffffffffff9c
RBP: 00007f3b63832c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f3b63a16128 R14: 00007f3b63a16090 R15: 00007fffaf245018
 </TASK>
INFO: task syz.2.8830:32022 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.8830      state:D stack:27512 pid:32022 tgid:32021 ppid:5834   task_flags:0x400140 flags:0x00080006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5387 [inline]
 __schedule+0x10e9/0x6820 kernel/sched/core.c:7188
 __schedule_loop kernel/sched/core.c:7267 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7282
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7339
 __mutex_lock_common kernel/locking/mutex.c:712 [inline]
 __mutex_lock+0xced/0x1b10 kernel/locking/mutex.c:806
 tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
 chrdev_open+0x234/0x6a0 fs/char_dev.c:411
 do_dentry_open+0x6d8/0x1660 fs/open.c:947
 vfs_open+0x82/0x3f0 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x208c/0x31a0 fs/namei.c:4858
 do_file_open+0x20e/0x430 fs/namei.c:4887
 do_sys_openat2+0x10d/0x1e0 fs/open.c:1364
 do_sys_open fs/open.c:1370 [inline]
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __x64_sys_openat+0x12d/0x210 fs/open.c:1381
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f785059c819
RSP: 002b:00007f78513a1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f7850815fa0 RCX: 00007f785059c819
RDX: 0000000000040001 RSI: 00002000000011c0 RDI: ffffffffffffff9c
RBP: 00007f7850632c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f7850816038 R14: 00007f7850815fa0 R15: 00007ffd876f9448
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8e7e6ce0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffffffff8e7e6ce0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffffffff8e7e6ce0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 kernel/locking/lockdep.c:6775
3 locks held by kworker/0:4/5847:
2 locks held by kworker/u10:0/15971:
 #0: ffff88801e70b140 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
 #1: ffffc900050b7d08 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
2 locks held by kworker/u10:1/15973:
 #0: ffff88801e70b140 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
 #1: ffffc900050d7d08 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
2 locks held by kworker/u10:3/16003:
 #0: ffff88801e70b140 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
 #1: ffffc90005287d08 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
2 locks held by kworker/u10:6/17237:
2 locks held by kworker/u10:7/20265:
 #0: ffff88813fe2c940 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 kernel/workqueue.c:3277
 #1: ffffc90006effd08 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 kernel/workqueue.c:3278
2 locks held by getty/25464:
 #0: ffff888034f240a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000390b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14f0 drivers/tty/n_tty.c:2211
2 locks held by syz.4.8601/31200:
 #0: ffffffff906d7d08 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1217
 #1: ffffffff8ec611a0 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x6c1/0xc00 fs/nfsd/nfsctl.c:1607
2 locks held by syz.5.8776/31829:
2 locks held by syz.3.8820/31977:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
 #1: ffff8880993531b0 (&tty->legacy_mutex){+.+.}-{4:4}, at: tty_init_dev.part.0+0x39/0x470 drivers/tty/tty_io.c:1406
1 lock held by syz.3.8820/31980:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.2.8830/32022:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.8.8864/32209:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.6.8886/32290:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.6.8886/32291:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.7.8892/32317:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.9.8893/32319:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
4 locks held by kworker/u10:10/32544:
1 lock held by syz.1.8910/32557:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.0.8915/32672:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.0.8915/32673:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.5.8917/32682:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
2 locks held by syz.4.8923/32729:
 #0: ffffffff8e83e080 (acct_on_mutex){+.+.}-{4:4}, at: __do_sys_acct kernel/acct.c:301 [inline]
 #0: ffffffff8e83e080 (acct_on_mutex){+.+.}-{4:4}, at: __se_sys_acct kernel/acct.c:293 [inline]
 #0: ffffffff8e83e080 (acct_on_mutex){+.+.}-{4:4}, at: __x64_sys_acct+0x79/0x1e0 kernel/acct.c:293
 #1: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #1: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.3.8925/32735:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: ptmx_open drivers/tty/pty.c:798 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: ptmx_open+0x11a/0x370 drivers/tty/pty.c:765
1 lock held by syz.3.8925/32736:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: ptmx_open drivers/tty/pty.c:798 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: ptmx_open+0x11a/0x370 drivers/tty/pty.c:765
1 lock held by udevd/32744:
1 lock held by syz.2.8929/323:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.8.8927/344:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
3 locks held by kworker/u10:12/386:
1 lock held by syz.6.8934/401:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.7.8938/417:
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ff800 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by modprobe/441:

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 nmi_cpu_backtrace.cold+0x12d/0x151 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x1d7/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x141/0x190 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xd18/0x1040 kernel/hung_task.c:515
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>