INFO: task hung in __lru_add_drain

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-5.15	INFO: task hung in __lru_add_drain_all (3)	1				1	52m	51m	0/3	upstream: reported on 2026/05/01 08:27
linux-6.6	INFO: task hung in __lru_add_drain_all	1				1	178d	178d	0/2	auto-obsoleted due to no activity on 2026/02/12 06:31
linux-6.1	INFO: task hung in __lru_add_drain_all (2)	1				1	333d	333d	0/3	auto-obsoleted due to no activity on 2025/09/09 22:30
linux-5.15	INFO: task hung in __lru_add_drain_all	1				1	1104d	1104d	0/3	auto-obsoleted due to no activity on 2023/08/21 02:18
linux-6.1	INFO: task hung in __lru_add_drain_all	1				1	713d	713d	0/3	auto-obsoleted due to no activity on 2024/08/25 20:43
upstream	INFO: task hung in __lru_add_drain_all (2) mm	1	syz	error		272	375d	713d	0/29	auto-obsoleted due to no activity on 2025/06/29 18:01
upstream	INFO: task hung in __lru_add_drain_all net	1	C	done	error	71	900d	1701d	0/29	auto-obsoleted due to no activity on 2024/02/20 10:46
linux-5.15	INFO: task hung in __lru_add_drain_all (2)	1				1	644d	644d	0/3	auto-obsoleted due to no activity on 2024/11/03 03:56
android-6-12	INFO: task hung in __lru_add_drain_all	1				1	178d	178d	0/1	auto-obsoleted due to no activity on 2026/02/01 19:21

INFO: task khugepaged:35 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:khugepaged state:D stack:28784 pid:35 ppid:2 flags:0x00004000 Call Trace: <TASK> context_switch kernel/sched/core.c:5245 [inline] __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562 schedule+0xb9/0x180 kernel/sched/core.c:6638 schedule_timeout+0xbd/0x2d0 kernel/time/timer.c:2144 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x2c7/0x5a0 kernel/sched/completion.c:138 __flush_work+0x952/0xae0 kernel/workqueue.c:3076 __lru_add_drain_all+0x6a0/0x800 mm/swap.c:910 khugepaged_do_scan mm/khugepaged.c:2453 [inline] khugepaged+0x183/0x19a0 mm/khugepaged.c:2522 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> INFO: task kworker/1:5:4310 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:5 state:D stack:22448 pid:4310 ppid:2 flags:0x00004000 Workqueue: events_power_efficient crda_timeout_work Call Trace: <TASK> context_switch kernel/sched/core.c:5245 [inline] __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562 schedule+0xb9/0x180 kernel/sched/core.c:6638 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6697 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x562/0xaf0 kernel/locking/mutex.c:747 crda_timeout_work+0x11/0x50 net/wireless/reg.c:539 process_one_work+0x8a2/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1270 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> INFO: task kworker/u4:9:4592 blocked for more than 144 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:9 state:D stack:26224 pid:4592 ppid:2 flags:0x00004000 Workqueue: events_unbound fsnotify_mark_destroy_workfn Call Trace: <TASK> context_switch kernel/sched/core.c:5245 [inline] __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562 schedule+0xb9/0x180 kernel/sched/core.c:6638 schedule_timeout+0xbd/0x2d0 kernel/time/timer.c:2144 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x2c7/0x5a0 kernel/sched/completion.c:138 __synchronize_srcu+0x2b9/0x350 kernel/rcu/srcutree.c:1243 fsnotify_mark_destroy_workfn+0x106/0x2f0 fs/notify/mark.c:924 process_one_work+0x8a2/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1270 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> INFO: task kworker/u4:10:4627 blocked for more than 144 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u4:10 state:D stack:26384 pid:4627 ppid:2 flags:0x00004000 Workqueue: events_unbound fsnotify_connector_destroy_workfn Call Trace: <TASK> context_switch kernel/sched/core.c:5245 [inline] __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562 schedule+0xb9/0x180 kernel/sched/core.c:6638 schedule_timeout+0xbd/0x2d0 kernel/time/timer.c:2144 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x2c7/0x5a0 kernel/sched/completion.c:138 __synchronize_srcu+0x2b9/0x350 kernel/rcu/srcutree.c:1243 fsnotify_connector_destroy_workfn+0x40/0xa0 fs/notify/mark.c:234 process_one_work+0x8a2/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1270 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> INFO: task syz.2.139:4838 blocked for more than 145 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.2.139 state:D stack:26736 pid:4838 ppid:4278 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5245 [inline] __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562 schedule+0xb9/0x180 kernel/sched/core.c:6638 synchronize_rcu_expedited+0x6e6/0x890 kernel/rcu/tree_exp.h:977 netif_napi_del include/linux/netdevice.h:2645 [inline] tun_napi_del drivers/net/tun.c:291 [inline] __tun_detach+0x198/0x1500 drivers/net/tun.c:645 tun_detach drivers/net/tun.c:701 [inline] tun_chr_close+0x109/0x1b0 drivers/net/tun.c:3492 __fput+0x22c/0x920 fs/file_table.c:320 task_work_run+0x1d0/0x260 kernel/task_work.c:203 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210 __syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline] syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:303 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f0b4399cdd9 RSP: 002b:00007f0b447ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 00007f0b43c15fa0 RCX: 00007f0b4399cdd9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007f0b43a32d69 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f0b43c16038 R14: 00007f0b43c15fa0 R15: 00007fff7fb9baa8 </TASK> INFO: task syz.2.139:4840 blocked for more than 145 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.2.139 state:D stack:27632 pid:4840 ppid:4278 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5245 [inline] __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562 schedule+0xb9/0x180 kernel/sched/core.c:6638 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6697 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x562/0xaf0 kernel/locking/mutex.c:747 register_nexthop_notifier+0x84/0x240 net/ipv4/nexthop.c:3619 ops_init+0x355/0x5f0 net/core/net_namespace.c:138 setup_net+0x4f2/0xbd0 net/core/net_namespace.c:336 copy_net_ns+0x348/0x5b0 net/core/net_namespace.c:508 create_new_namespaces+0x3d3/0x6f0 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0x116/0x160 kernel/nsproxy.c:226 ksys_unshare+0x503/0x8c0 kernel/fork.c:3282 __do_sys_unshare kernel/fork.c:3353 [inline] __se_sys_unshare kernel/fork.c:3351 [inline] __x64_sys_unshare+0x34/0x40 kernel/fork.c:3351 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f0b4399cdd9 RSP: 002b:00007f0b447a9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00007f0b43c16090 RCX: 00007f0b4399cdd9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000062040200 RBP: 00007f0b43a32d69 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f0b43c16128 R14: 00007f0b43c16090 R15: 00007fff7fb9baa8 </TASK> INFO: task syz.2.139:4841 blocked for more than 146 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.2.139 state:D stack:26384 pid:4841 ppid:4278 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5245 [inline] __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562 schedule+0xb9/0x180 kernel/sched/core.c:6638 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6697 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x562/0xaf0 kernel/locking/mutex.c:747 nl80211_pre_doit+0x5b/0x930 net/wireless/nl80211.c:16369 genl_family_rcv_msg_doit+0x1e3/0x330 net/netlink/genetlink.c:751 genl_family_rcv_msg net/netlink/genetlink.c:833 [inline] genl_rcv_msg+0x604/0x790 net/netlink/genetlink.c:850 netlink_rcv_skb+0x1fb/0x450 net/netlink/af_netlink.c:2511 genl_rcv+0x24/0x40 net/netlink/genetlink.c:861 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x74d/0x8d0 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x8ad/0xbd0 net/netlink/af_netlink.c:1872 sock_sendmsg_nosec net/socket.c:718 [inline] __sock_sendmsg net/socket.c:730 [inline] ____sys_sendmsg+0x5be/0x970 net/socket.c:2518 ___sys_sendmsg+0x2a2/0x360 net/socket.c:2572 __sys_sendmsg net/socket.c:2601 [inline] __do_sys_sendmsg net/socket.c:2610 [inline] __se_sys_sendmsg+0x1bb/0x2a0 net/socket.c:2608 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f0b4399cdd9 RSP: 002b:00007f0b44788028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f0b43c16180 RCX: 00007f0b4399cdd9 RDX: 0000000004000000 RSI: 0000200000000200 RDI: 0000000000000006 RBP: 00007f0b43a32d69 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f0b43c16218 R14: 00007f0b43c16180 R15: 00007fff7fb9baa8 </TASK> INFO: task syz.1.140:4843 blocked for more than 146 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.1.140 state:D stack:27856 pid:4843 ppid:4269 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5245 [inline] __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562 schedule+0xb9/0x180 kernel/sched/core.c:6638 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6697 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x562/0xaf0 kernel/locking/mutex.c:747 __tun_chr_ioctl+0x3fc/0x1e60 drivers/net/tun.c:3104 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f8f7419cdd9 RSP: 002b:00007f8f7512e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f8f74415fa0 RCX: 00007f8f7419cdd9 RDX: 0000200000000040 RSI: 00000000400454ca RDI: 0000000000000003 RBP: 00007f8f74232d69 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f8f74416038 R14: 00007f8f74415fa0 R15: 00007ffccbb534c8 </TASK> INFO: task syz.1.140:4854 blocked for more than 147 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.1.140 state:D stack:26864 pid:4854 ppid:4269 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5245 [inline] __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562 schedule+0xb9/0x180 kernel/sched/core.c:6638 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6697 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x562/0xaf0 kernel/locking/mutex.c:747 rtnl_lock net/core/rtnetlink.c:74 [inline] rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 netlink_rcv_skb+0x1fb/0x450 net/netlink/af_netlink.c:2511 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x74d/0x8d0 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x8ad/0xbd0 net/netlink/af_netlink.c:1872 sock_sendmsg_nosec net/socket.c:718 [inline] __sock_sendmsg net/socket.c:730 [inline] ____sys_sendmsg+0x5be/0x970 net/socket.c:2518 ___sys_sendmsg+0x2a2/0x360 net/socket.c:2572 __sys_sendmsg net/socket.c:2601 [inline] __do_sys_sendmsg net/socket.c:2610 [inline] __se_sys_sendmsg+0x1bb/0x2a0 net/socket.c:2608 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f8f7419cdd9 RSP: 002b:00007f8f750cb028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f8f74416270 RCX: 00007f8f7419cdd9 RDX: 0000000000000000 RSI: 0000200000001200 RDI: 0000000000000006 RBP: 00007f8f74232d69 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f8f74416308 R14: 00007f8f74416270 R15: 00007ffccbb534c8 </TASK> INFO: task syz.4.141:4844 blocked for more than 148 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.141 state:D stack:26224 pid:4844 ppid:4268 flags:0x00004004 Call Trace: <TASK> context_switch kernel/sched/core.c:5245 [inline] __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562 schedule+0xb9/0x180 kernel/sched/core.c:6638 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6697 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x562/0xaf0 kernel/locking/mutex.c:747 tun_detach drivers/net/tun.c:698 [inline] tun_chr_close+0x3d/0x1b0 drivers/net/tun.c:3492 __fput+0x22c/0x920 fs/file_table.c:320 task_work_run+0x1d0/0x260 kernel/task_work.c:203 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210 __syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline] syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:303 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f74b819cdd9 RSP: 002b:00007ffd46003168 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 RAX: 0000000000000000 RBX: 00007f74b8417da0 RCX: 00007f74b819cdd9 RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 RBP: 00007f74b8417da0 R08: 0000000000000006 R09: 0000000000000000 R10: 00007f74b8417cb0 R11: 0000000000000246 R12: 000000000001e99e R13: 00007f74b841609c R14: 000000000001e706 R15: 00007ffd46003270 </TASK> Showing all locks held in the system: 2 locks held by kworker/u4:1/11: 1 lock held by rcu_tasks_kthre/12: #0: ffffffff8cb2df70 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 kernel/rcu/tasks.h:517 1 lock held by rcu_tasks_trace/13: #0: ffffffff8cb2e790 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00 kernel/rcu/tasks.h:517 3 locks held by kworker/1:0/22: #0: ffff88802f746938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #1: ffffc900001c7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #2: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x15/0x30 net/ipv6/addrconf.c:4672 1 lock held by khungtaskd/27: #0: ffffffff8cb2d5e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline] #0: ffffffff8cb2d5e0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline] #0: ffffffff8cb2d5e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 kernel/locking/lockdep.c:6513 1 lock held by khugepaged/35: #0: ffffffff8cbd46a8 (lock#3){+.+.}-{3:3}, at: __lru_add_drain_all+0x66/0x800 mm/swap.c:865 5 locks held by kworker/u4:4/75: #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0} , at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #1: ffffc900020afd00 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #2: ffff888054f187a8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:5693 [inline] #2: ffff888054f187a8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wiphy_work+0x31/0x260 net/wireless/core.c:420 #3: ffff88807cdecd40 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1114 [inline] #3: ffff88807cdecd40 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0xa8/0x10f0 net/mac80211/ibss.c:1680 #4: ffff888054f19760 (&local->sta_mtx){+.+.}-{3:3}, at: ieee80211_ibss_sta_expire net/mac80211/ibss.c:1256 [inline] #4: ffff888054f19760 (&local->sta_mtx){+.+.}-{3:3}, at: ieee80211_sta_merge_ibss net/mac80211/ibss.c:1299 [inline] #4: ffff888054f19760 (&local->sta_mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x57f/0x10f0 net/mac80211/ibss.c:1708 2 locks held by getty/4030: #0: ffff88814cd77098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:244 #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x429/0x1390 drivers/tty/n_tty.c:2198 3 locks held by kworker/1:5/4310: #0: ffff888017471938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #1: ffffc900040a7d00 ((crda_timeout).work){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #2: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: crda_timeout_work+0x11/0x50 net/wireless/reg.c:539 3 locks held by kworker/1:6/4314: #0: ffff888017471938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #1: ffffc900040d7d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #2: ffffffff8dd47f68 (rtnl_mutex ){+.+.}-{3:3} , at: reg_check_chans_work+0x8e/0xda0 net/wireless/reg.c:2499 2 locks held by kworker/u4:5/4319: 5 locks held by kworker/u4:6/4324: #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #1: ffffc90004127d00 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #2: ffff88801f3a87a8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:5693 [inline] #2: ffff88801f3a87a8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wiphy_work+0x31/0x260 net/wireless/core.c:420 #3: ffff888079a40d40 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1114 [inline] #3: ffff888079a40d40 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0xa8/0x10f0 net/mac80211/ibss.c:1680 #4: ffff88801f3a9760 (&local->sta_mtx){+.+.}-{3:3}, at: ieee80211_ibss_sta_expire net/mac80211/ibss.c:1256 [inline] #4: ffff88801f3a9760 (&local->sta_mtx){+.+.}-{3:3}, at: ieee80211_sta_merge_ibss net/mac80211/ibss.c:1299 [inline] #4: ffff88801f3a9760 (&local->sta_mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x57f/0x10f0 net/mac80211/ibss.c:1708 5 locks held by kworker/u4:7/4335: #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #1: ffffc90004187d00 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #2: ffff8880549b87a8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:5693 [inline] #2: ffff8880549b87a8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wiphy_work+0x31/0x260 net/wireless/core.c:420 #3: ffff88801a2bcd40 (&wdev->mtx){+.+.}-{3:3} , at: sdata_lock net/mac80211/ieee80211_i.h:1114 [inline] , at: ieee80211_ibss_work+0xa8/0x10f0 net/mac80211/ibss.c:1680 #4: ffff8880549b9760 (&local->sta_mtx){+.+.}-{3:3}, at: ieee80211_ibss_sta_expire net/mac80211/ibss.c:1256 [inline] (&local->sta_mtx){+.+.}-{3:3}, at: ieee80211_sta_merge_ibss net/mac80211/ibss.c:1299 [inline] (&local->sta_mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x57f/0x10f0 net/mac80211/ibss.c:1708 4 locks held by udevd/4345: #0: ffff88802fc26418 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xad/0xd50 fs/seq_file.c:182 #1: ffff8880593a1c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_seq_start+0x58/0x410 fs/kernfs/file.c:172 #2: ffff88807d08bcb8 (kn->active#30){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline] #2: ffff88807d08bcb8 (kn->active#30){.+.+}-{0:0}, at: kernfs_seq_start+0xae/0x410 fs/kernfs/file.c:173 #3: ffff88801e65e190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:845 [inline] #3: ffff88801e65e190 (&dev->mutex){....}-{3:3}, at: manufacturer_show+0x22/0x90 drivers/usb/core/sysfs.c:141 6 locks held by kworker/0:7/4347: 5 locks held by kworker/u4:8/4374: #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #1: ffffc90004297d00 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #2: ffff8880768e87a8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:5693 [inline] #2: ffff8880768e87a8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wiphy_work+0x31/0x260 net/wireless/core.c:420 #3: ffff8880557a8d40 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1114 [inline] #3: ffff8880557a8d40 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0xa8/0x10f0 net/mac80211/ibss.c:1680 #4: ffff8880768e9760 (&local->sta_mtx){+.+.}-{3:3}, at: ieee80211_ibss_sta_expire net/mac80211/ibss.c:1256 [inline] #4: ffff8880768e9760 (&local->sta_mtx){+.+.}-{3:3}, at: ieee80211_sta_merge_ibss net/mac80211/ibss.c:1299 [inline] #4: ffff8880768e9760 (&local->sta_mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x57f/0x10f0 net/mac80211/ibss.c:1708 2 locks held by kworker/u4:9/4592: #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #1: ffffc90004e0fd00 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 2 locks held by kworker/u4:10/4627: #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 #1: ffffc90004a77d00 ( connector_reaper_work ){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 kernel/workqueue.c:2267 2 locks held by syz.2.139/4838: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3d/0x1b0 drivers/net/tun.c:3492 #1: ffffffff8cb332b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:291 [inline] ffffffff8cb332b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x2ec/0x890 kernel/rcu/tree_exp.h:962 2 locks held by syz.2.139/4840: #0: ffffffff8dd3b090 ( pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x32e/0x5b0 net/core/net_namespace.c:504 #1: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x240 net/ipv4/nexthop.c:3619 2 locks held by syz.2.139/4841: #0: ffffffff8dda8350 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 net/netlink/genetlink.c:860 #1: ffffffff8dd47f68 (rtnl_mutex ){+.+.}-{3:3} , at: nl80211_pre_doit+0x5b/0x930 net/wireless/nl80211.c:16369 1 lock held by syz.1.140/4843: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x3fc/0x1e60 drivers/net/tun.c:3104 1 lock held by syz.1.140/4854: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz.4.141/4844: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: tun_detach drivers/net/tun.c:698 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3d/0x1b0 drivers/net/tun.c:3492 2 locks held by syz.4.141/4853: #0: ffffffff8dda8350 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 net/netlink/genetlink.c:860 #1: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3} , at: nl80211_pre_doit+0x5b/0x930 net/wireless/nl80211.c:16369 2 locks held by syz.0.143/4857: #0: ffff888068468810 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline] #0: ffff888068468810 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: __sock_release net/socket.c:653 [inline] #0: ffff888068468810 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x90/0x240 net/socket.c:1399 #1: ffffffff8cb332b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:323 [inline] #1: ffffffff8cb332b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3c0/0x890 kernel/rcu/tree_exp.h:962 1 lock held by syz.0.143/4858: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz.3.145/4866: #0: ffffffff8c9ebb28 (sched_core_mutex){+.+.}-{3:3}, at: sched_core_get+0x49/0x1c0 kernel/sched/core.c:399 1 lock held by syz.3.145/4870: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz-executor/4877: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz-executor/4879: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz-executor/4881: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz-executor/4883: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz-executor/4886: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by dhcpcd/4888: #0: ffff8880547c8130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1805 [inline] #0: ffff8880547c8130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xce0 net/packet/af_packet.c:3249 1 lock held by dhcpcd/4889: #0: ffff8881417a4130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1805 [inline] #0: ffff8881417a4130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xce0 net/packet/af_packet.c:3249 1 lock held by dhcpcd/4890: #0: ffff8881417a2130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1805 [inline] #0: ffff8881417a2130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xce0 net/packet/af_packet.c:3249 1 lock held by dhcpcd/4891: #0: ffff888053cfa130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1805 [inline] #0: ffff888053cfa130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xce0 net/packet/af_packet.c:3249 1 lock held by dhcpcd/4892: #0: ffff888053cfe130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1805 [inline] #0: ffff888053cfe130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xce0 net/packet/af_packet.c:3249 1 lock held by dhcpcd/4893: #0: ffff88801fb76130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1805 [inline] #0: ffff88801fb76130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xce0 net/packet/af_packet.c:3249 1 lock held by syz-executor/4898: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz-executor/4900: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz-executor/4902: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz-executor/4903: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz-executor/4907: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz-executor/4913: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz-executor/4915: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz-executor/4917: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz-executor/4918: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 1 lock held by syz-executor/4922: #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline] #0: ffffffff8dd47f68 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0 net/core/rtnetlink.c:6154 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 Call Trace: <TASK> dump_stack_lvl+0x188/0x24e lib/dump_stack.c:106 nmi_cpu_backtrace+0x3e6/0x460 lib/nmi_backtrace.c:111 nmi_trigger_cpumask_backtrace+0x1d4/0x450 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline] watchdog+0xeee/0xf30 kernel/hung_task.c:377 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 4347 Comm: kworker/0:7 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 Workqueue: usb_hub_wq hub_event RIP: 0010:io_serial_out+0x78/0xb0 drivers/tty/serial/8250/8250_port.c:468 Code: d0 ff fc 44 89 f9 d3 e5 49 83 c6 40 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 a0 dc 50 fd 41 03 2e 89 d8 89 ea ee <5b> 41 5c 41 5e 41 5f 5d c3 44 89 f9 80 e1 07 38 c1 7c aa 4c 89 ff RSP: 0018:ffffc90003de5f90 EFLAGS: 00000002 RAX: 0000000000000020 RBX: 0000000000000020 RCX: 0000000000000000 RDX: 00000000000003f8 RSI: 00000000000fffff RDI: 0000000000100000 RBP: 00000000000003f8 R08: ffff888024620237 R09: 1ffff110048c4046 R10: dffffc0000000000 R11: ffffed10048c4047 R12: dffffc0000000000 R13: ffffffff96c42e03 R14: ffffffff96f87520 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055b733b50000 CR3: 000000007e73f000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> serial_out drivers/tty/serial/8250/8250.h:122 [inline] serial8250_console_fifo_write drivers/tty/serial/8250/8250_port.c:-1 [inline] serial8250_console_write+0x114b/0x17f0 drivers/tty/serial/8250/8250_port.c:3479 call_console_driver kernel/printk/printk.c:1977 [inline] console_emit_next_record+0x79e/0xba0 kernel/printk/printk.c:2777 console_flush_all kernel/printk/printk.c:-1 [inline] console_unlock+0x223/0x630 kernel/printk/printk.c:2906 vprintk_emit+0x4b3/0x6a0 kernel/printk/printk.c:2303 dev_vprintk_emit+0x34e/0x400 drivers/base/core.c:4933 dev_printk_emit+0xeb/0x139 drivers/base/core.c:4944 _dev_err+0x11b/0x16c drivers/base/core.c:4999 parse_uac2_sample_rate_range+0x992/0xc60 sound/usb/format.c:401 parse_audio_format_rates_v2v3+0x3c7/0x16c0 sound/usb/format.c:636 parse_audio_format_ii sound/usb/format.c:778 [inline] snd_usb_parse_audio_format+0x4ae/0x740 sound/usb/format.c:799 snd_usb_get_audioformat_uac12 sound/usb/stream.c:854 [inline] __snd_usb_parse_audio_interface+0x18b1/0x4b00 sound/usb/stream.c:1196 snd_usb_parse_audio_interface+0x36/0xb0 sound/usb/stream.c:1274 create_standard_audio_quirk+0x59/0x120 sound/usb/quirks.c:100 snd_usb_create_quirk sound/usb/quirks.c:539 [inline] create_composite_quirk+0x1ec/0x4e0 sound/usb/quirks.c:48 usb_audio_probe+0xb97/0x1d90 sound/usb/card.c:885 usb_probe_interface+0x5c5/0xb20 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:-1 [inline] really_probe+0x2aa/0xc70 drivers/base/dd.c:639 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:785 driver_probe_device+0x4f/0x420 drivers/base/dd.c:815 __device_attach_driver+0x2c6/0x510 drivers/base/dd.c:943 bus_for_each_drv+0x184/0x210 drivers/base/bus.c:429 __device_attach+0x2a8/0x480 drivers/base/dd.c:1015 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489 device_add+0xa00/0xfb0 drivers/base/core.c:3697 usb_set_configuration+0x1991/0x1fd0 drivers/usb/core/message.c:2223 usb_generic_driver_probe+0x89/0x150 drivers/usb/core/generic.c:238 usb_probe_device+0x139/0x270 drivers/usb/core/driver.c:293 call_driver_probe drivers/base/dd.c:-1 [inline] really_probe+0x2aa/0xc70 drivers/base/dd.c:639 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:785 driver_probe_device+0x4f/0x420 drivers/base/dd.c:815 __device_attach_driver+0x2c6/0x510 drivers/base/dd.c:943 bus_for_each_drv+0x184/0x210 drivers/base/bus.c:429 __device_attach+0x2a8/0x480 drivers/base/dd.c:1015 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489 device_add+0xa00/0xfb0 drivers/base/core.c:3697 usb_new_device+0xd66/0x1650 drivers/usb/core/hub.c:2659 hub_port_connect drivers/usb/core/hub.c:5517 [inline] hub_port_connect_change drivers/usb/core/hub.c:5657 [inline] port_event drivers/usb/core/hub.c:5817 [inline] hub_event+0x2dcf/0x5560 drivers/usb/core/hub.c:5899 process_one_work+0x8a2/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1270 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK>

Crashes (4):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2026/04/27 20:17	linux-6.1.y	7c87defbd336	0f700595	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	INFO: task hung in __lru_add_drain_all
2026/04/26 23:22	linux-6.1.y	7c87defbd336	9c2d0995	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	INFO: task hung in __lru_add_drain_all
2026/04/13 09:20	linux-6.1.y	8e8fc038cad5	38c8e246	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	INFO: task hung in __lru_add_drain_all
2026/03/10 22:54	linux-6.1.y	f2ddafa93a25	4683d576	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	INFO: task hung in __lru_add_drain_all

Crashes (4):

Assets (help?)