INFO: task udevd:2854 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:udevd state:R
running task
stack:23752 pid:2854 tgid:2854 ppid:1 task_flags:0x400140 flags:0x00080000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5298 [inline]
__schedule+0xeb1/0x4220 kernel/sched/core.c:6911
__schedule_loop kernel/sched/core.c:6993 [inline]
schedule+0xdd/0x390 kernel/sched/core.c:7008
schedule_hrtimeout_range_clock+0x21b/0x320 kernel/time/sleep_timeout.c:216
ep_poll fs/eventpoll.c:2028 [inline]
do_epoll_wait+0xdc3/0x1020 fs/eventpoll.c:2462
__do_sys_epoll_wait fs/eventpoll.c:2470 [inline]
__se_sys_epoll_wait fs/eventpoll.c:2465 [inline]
__x64_sys_epoll_wait+0x194/0x290 fs/eventpoll.c:2465
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x106/0x7b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f402a1c0407
RSP: 002b:00007fffaa855e20 EFLAGS: 00000202
ORIG_RAX: 00000000000000e8
RAX: ffffffffffffffda RBX: 00007f402a0d2880 RCX: 00007f402a1c0407
RDX: 0000000000000008 RSI: 00007fffaa855f80 RDI: 000000000000000b
RBP: 00005650e86312a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000bb8 R11: 0000000000000202 R12: 0000000000000000
R13: 00005650ca54b100 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/29:
#0:
ffffffff896de6e0
(
rcu_read_lock
){....}-{1:3}
, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
, at: debug_show_all_locks+0x3d/0x184 kernel/locking/lockdep.c:6775
7 locks held by kworker/1:1/36:
4 locks held by kworker/u8:3/43:
#0:
ffff888101299148
(
(wq_completion)netns
){+.+.}-{0:0}
, at: process_one_work+0x1310/0x19a0 kernel/workqueue.c:3251
#1:
ffffc900004e7d18
(
net_cleanup_work
){+.+.}-{0:0}
, at: process_one_work+0x988/0x19a0 kernel/workqueue.c:3252
#2:
ffffffff8aae1bf0
(
pernet_ops_rwsem
){++++}-{4:4}
, at: cleanup_net+0xb8/0x9e0 net/core/net_namespace.c:675
#3:
ffffffff8aafa128
(
rtnl_mutex
){+.+.}-{4:4}
, at: ops_exit_rtnl_list net/core/net_namespace.c:173 [inline]
, at: ops_undo_list+0x7ec/0xab0 net/core/net_namespace.c:248
3 locks held by kworker/0:2/352:
#0:
ffff88810006b148
(
(wq_completion)events
){+.+.}-{0:0}
, at: process_one_work+0x1310/0x19a0 kernel/workqueue.c:3251
#1:
ffffc9000182fd18
(
free_ipc_work
){+.+.}-{0:0}
, at: process_one_work+0x988/0x19a0 kernel/workqueue.c:3252
#2:
ffffffff896ea2f8
(
rcu_state.exp_mutex
){+.+.}-{4:4}
, at: exp_funnel_lock+0x19e/0x3c0 kernel/rcu/tree_exp.h:343
5 locks held by kworker/1:2/1119:
2 locks held by acpid/2839:
#0:
ffff8881228cd118
(
&evdev->mutex
){+.+.}-{4:4}
, at: evdev_close_device drivers/input/evdev.c:402 [inline]
, at: evdev_release+0x29e/0x420 drivers/input/evdev.c:447
#1:
ffff88811c5262c0
(
&dev->mutex
#2
){+.+.}-{4:4}
, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
, at: input_close_device+0x46/0x2b0 drivers/input/input.c:646
2 locks held by getty/2917:
#0:
ffff8881127100a0
(
&tty->ldisc_sem
){++++}-{0:0}
, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1:
ffffc900000432f0
(
&ldata->atomic_read_lock
){+.+.}-{4:4}
, at: n_tty_read+0x419/0x1500 drivers/tty/n_tty.c:2211
2 locks held by udevd/5231:
#0:
ffff88811aadc118
(
&evdev->mutex
){+.+.}-{4:4}
, at: evdev_close_device drivers/input/evdev.c:402 [inline]
, at: evdev_release+0x29e/0x420 drivers/input/evdev.c:447
#1:
ffff88811aadd2c0
(
&dev->mutex
#2
){+.+.}-{4:4}
, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
, at: input_close_device+0x46/0x2b0 drivers/input/input.c:646
2 locks held by kworker/1:4/5251:
3 locks held by kworker/1:6/5647:
3 locks held by kworker/1:5/9236:
8 locks held by kworker/1:0/11868:
2 locks held by kworker/1:8/12199:
1 lock held by syz-executor/12254:
#0:
ffffffff8aafa128
(
rtnl_mutex
){+.+.}-{4:4}
, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
, at: rtnl_newlink+0x8c9/0x2300 net/core/rtnetlink.c:4071
1 lock held by syz-executor/12255:
#0:
ffffffff8aafa128
(
rtnl_mutex
){+.+.}-{4:4}
, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
, at: rtnl_newlink+0x8c9/0x2300 net/core/rtnetlink.c:4071
1 lock held by syz-executor/13315:
#0: ffffffff8aafa128 (rtnl_mutex){+.+.}-{4:4}
, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/13317:
#0:
ffffffff8aafa128
(
rtnl_mutex
){+.+.}-{4:4}
, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/13321:
#0:
ffffffff8aafa128
(
rtnl_mutex
){+.+.}-{4:4}
, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/13323:
#0:
ffffffff8aafa128
(
rtnl_mutex
){+.+.}-{4:4}
, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/13326:
#0:
ffffffff8aafa128
(
rtnl_mutex
){+.+.}-{4:4}
, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
nmi_cpu_backtrace.cold+0x12d/0x151 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x1d7/0x230 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x141/0x190 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
watchdog+0xd25/0x1050 kernel/hung_task.c:515
kthread+0x370/0x450 kernel/kthread.c:436
ret_from_fork+0x6c3/0xcb0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Sending NMI from CPU 0 to CPUs 1:
yealink 4-1:36.0: urb_irq_callback - urb status -71
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 11868 Comm: kworker/1:0 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: events free_obj_work
RIP: 0010:check_kcov_mode kernel/kcov.c:183 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x17/0x70 kernel/kcov.c:217
Code: 01 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 8b 05 05 3b 43 0b 48 8b 34 24 65 48 8b 15 e1 3a 43 0b <a9> 00 01 ff 00 74 1b f6 c4 01 74 07 a9 00 00 ff 00 74 05 e9 91 25
RSP: 0018:ffffc900001a8448 EFLAGS: 00000046
RAX: 0000000080000102 RBX: 0000000000000000 RCX: ffffffff8321a79e
RDX: ffff888116d50000 RSI: ffffffff83201d67 RDI: ffffffff941b36c0
RBP: ffffffff941b36c0 R08: 0000000000000001 R09: 000000000000000a
R10: 0000000000000031 R11: 0000000000000000 R12: 0000000000000003
R13: 0000000000000031 R14: 0000000000000010 R15: ffffffff83201d50
FS: 0000000000000000(0000) GS:ffff8882687ce000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdadabd1000 CR3: 00000001189c6000 CR4: 00000000003506f0
Call Trace:
<IRQ>
io_serial_out+0x17/0xb0 drivers/tty/serial/8250/8250_port.c:405
serial_port_out include/linux/serial_core.h:811 [inline]
serial8250_console_putchar drivers/tty/serial/8250/8250_port.c:3192 [inline]
serial8250_console_fifo_write drivers/tty/serial/8250/8250_port.c:3264 [inline]
serial8250_console_write+0xde8/0x1900 drivers/tty/serial/8250/8250_port.c:3342
console_emit_next_record kernel/printk/printk.c:3183 [inline]
console_flush_one_record+0x790/0xe50 kernel/printk/printk.c:3269
console_flush_all kernel/printk/printk.c:3343 [inline]
__console_flush_and_unlock kernel/printk/printk.c:3373 [inline]
console_unlock+0x103/0x260 kernel/printk/printk.c:3413
vprintk_emit+0x407/0x6b0 kernel/printk/printk.c:2479
dev_vprintk_emit+0x394/0x3e0 drivers/base/core.c:4913
dev_printk_emit+0xd2/0x10d drivers/base/core.c:4924
__dev_printk+0xcb/0x100 drivers/base/core.c:4936
_dev_err+0xef/0x127 drivers/base/core.c:4979
urb_irq_callback.cold+0x41/0xfd drivers/input/misc/yealink.c:418
__usb_hcd_giveback_urb+0x38d/0x610 drivers/usb/core/hcd.c:1657
usb_hcd_giveback_urb+0x3ca/0x4a0 drivers/usb/core/hcd.c:1741
dummy_timer+0xd85/0x3670 drivers/usb/gadget/udc/dummy_hcd.c:1995
__run_hrtimer kernel/time/hrtimer.c:1785 [inline]
__hrtimer_run_queues+0x50e/0xa70 kernel/time/hrtimer.c:1849
hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1866
handle_softirqs+0x1de/0x9d0 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0xed/0x150 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0x8f/0xb0 arch/x86/kernel/apic/apic.c:1056
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_acquire+0x5e/0x380 kernel/locking/lockdep.c:5872
Code: 05 3b 44 66 0b 83 f8 07 0f 87 f0 00 00 00 48 0f a3 05 c6 20 61 09 0f 82 c2 02 00 00 8b 35 6e 30 61 09 85 f6 0f 85 dd 00 00 00 <48> 8b 44 24 30 65 48 2b 05 dd 43 66 0b 0f 85 02 03 00 00 48 83 c4
RSP: 0018:ffffc90012947690 EFLAGS: 00000206
RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000002
RDX: 0000000000000000 RSI: ffffffff890010b3 RDI: ffffffff87afc6a0
RBP: ffffffff896de6e0 R08: 000000002d532367 R09: 0000000000000007
R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
rcu_read_lock include/linux/rcupdate.h:850 [inline]
class_rcu_constructor include/linux/rcupdate.h:1193 [inline]
unwind_next_frame+0xd1/0x1ea0 arch/x86/kernel/unwind_orc.c:495
arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
kasan_save_track+0x14/0x30 mm/kasan/common.c:78
kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
poison_slab_object mm/kasan/common.c:253 [inline]
__kasan_slab_free+0x43/0x70 mm/kasan/common.c:285
kasan_slab_free include/linux/kasan.h:235 [inline]
slab_free_hook mm/slub.c:2685 [inline]
slab_free mm/slub.c:6165 [inline]
kmem_cache_free+0x105/0x640 mm/slub.c:6295
free_object_list.isra.0+0xf8/0x2a0 lib/debugobjects.c:326
free_obj_work+0x19d/0x3d0 lib/debugobjects.c:530
process_one_work+0xa23/0x19a0 kernel/workqueue.c:3276
process_scheduled_works kernel/workqueue.c:3359 [inline]
worker_thread+0x5ef/0xe50 kernel/workqueue.c:3440
kthread+0x370/0x450 kernel/kthread.c:436
ret_from_fork+0x6c3/0xcb0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>