INFO: task kworker/0:1:10 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:1 state:D
stack:21464 pid:10 tgid:10 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: events free_ipc
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x12fc/0x3b80 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
exp_funnel_lock+0x346/0x3c0 kernel/rcu/tree_exp.h:334
synchronize_rcu_expedited+0x28e/0x460 kernel/rcu/tree_exp.h:957
free_ipc+0xbd/0x290 ipc/namespace.c:178
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x56d/0x700 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task kworker/1:1:37 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:1 state:D
stack:21560 pid:37 tgid:37 ppid:2 task_flags:0x4288060 flags:0x00080000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x12fc/0x3b80 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
rwsem_down_write_slowpath+0x521/0x1310 kernel/locking/rwsem.c:1185
__down_write_common kernel/locking/rwsem.c:1317 [inline]
__down_write kernel/locking/rwsem.c:1326 [inline]
down_write+0x1d6/0x200 kernel/locking/rwsem.c:1591
kernfs_remove_by_name_ns+0x3d/0x110 fs/kernfs/dir.c:1712
kernfs_remove_by_name include/linux/kernfs.h:633 [inline]
remove_files+0x96/0x1c0 fs/sysfs/group.c:28
sysfs_remove_group+0x8b/0x180 fs/sysfs/group.c:322
sysfs_remove_groups fs/sysfs/group.c:346 [inline]
sysfs_remove_groups+0x60/0xa0 fs/sysfs/group.c:338
device_remove_groups drivers/base/core.c:2843 [inline]
device_remove_attrs+0x192/0x290 drivers/base/core.c:2973
device_del+0x38e/0x9f0 drivers/base/core.c:3877
device_unregister+0x1d/0xc0 drivers/base/core.c:3919
usb_remove_ep_devs+0x42/0x80 drivers/usb/core/endpoint.c:189
remove_intf_ep_devs drivers/usb/core/message.c:1266 [inline]
usb_disable_device+0x309/0x7d0 drivers/usb/core/message.c:1417
usb_disconnect+0x2e1/0x9c0 drivers/usb/core/hub.c:2345
hub_port_connect drivers/usb/core/hub.c:5407 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x1aa2/0x5060 drivers/usb/core/hub.c:5953
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x56d/0x700 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task kworker/u8:5:289 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:5 state:D
stack:25448 pid:289 tgid:289 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: netns cleanup_net
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x12fc/0x3b80 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
synchronize_rcu_expedited+0x390/0x460 kernel/rcu/tree_exp.h:972
nf_conntrack_cleanup_net_list+0xa7/0x5e0 net/netfilter/nf_conntrack_core.c:2498
ops_exit_list net/core/net_namespace.c:205 [inline]
ops_undo_list+0x363/0xab0 net/core/net_namespace.c:252
cleanup_net+0x41b/0x8b0 net/core/net_namespace.c:695
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x56d/0x700 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task jbd2/sda1-8:2816 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:jbd2/sda1-8 state:D
stack:26712 pid:2816 tgid:2816 ppid:2 task_flags:0x240040 flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x12fc/0x3b80 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
io_schedule+0xbf/0x130 kernel/sched/core.c:7871
bit_wait_io+0x15/0xe0 kernel/sched/wait_bit.c:250
__wait_on_bit+0x65/0x180 kernel/sched/wait_bit.c:52
out_of_line_wait_on_bit+0xd9/0x110 kernel/sched/wait_bit.c:67
wait_on_bit_io include/linux/wait_bit.h:105 [inline]
__wait_on_buffer+0x64/0x70 fs/buffer.c:123
wait_on_buffer include/linux/buffer_head.h:420 [inline]
journal_wait_on_commit_record fs/jbd2/commit.c:171 [inline]
jbd2_journal_commit_transaction+0x4a85/0x68f0 fs/jbd2/commit.c:881
kjournald2+0x1f4/0x760 fs/jbd2/journal.c:201
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x56d/0x700 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task syz-executor:2970 blocked for more than 143 seconds.
Not tainted syzkaller #0
Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:24552 pid:2970 tgid:2970 ppid:1 task_flags:0x40054c flags:0x00080003
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x12fc/0x3b80 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x818/0x1060 kernel/locking/mutex.c:760
exp_funnel_lock+0x1a3/0x3c0 kernel/rcu/tree_exp.h:343
synchronize_rcu_expedited+0x28e/0x460 kernel/rcu/tree_exp.h:957
namespace_unlock+0x5e8/0x9d0 fs/namespace.c:1718
class_namespace_excl_destructor fs/namespace.c:96 [inline]
put_mnt_ns fs/namespace.c:6063 [inline]
put_mnt_ns+0xf5/0x120 fs/namespace.c:6059
free_nsproxy+0x3a/0x400 kernel/nsproxy.c:188
put_nsproxy include/linux/nsproxy.h:107 [inline]
switch_task_namespaces+0xeb/0x100 kernel/nsproxy.c:241
do_exit+0x86a/0x2bf0 kernel/exit.c:965
do_group_exit+0xd3/0x2a0 kernel/exit.c:1107
get_signal+0x2671/0x26d0 kernel/signal.c:3034
arch_do_signal_or_restart+0x8f/0x7c0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop+0x76/0xe0 kernel/entry/common.c:40
exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
do_syscall_64+0x40f/0x4d0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2d8ff6e09d
RSP: 002b:00007ffe53565c08 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f2d8ff6e09d
RDX: 0000000000000030 RSI: 00007ffe53565ca0 RDI: 00000000000000f9
RBP: 00007ffe53565c4c R08: 000000000000000a R09: 00007ffe53565957
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000000db
R13: 0000000000000036 R14: 0000000000081ab7 R15: 00007ffe53565ca0
INFO: task udevd:5180 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:udevd state:D stack:24552 pid:5180 tgid:5180 ppid:2854 task_flags:0x400140 flags:0x00080001
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x12fc/0x3b80 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
rwsem_down_read_slowpath+0x64b/0xbf0 kernel/locking/rwsem.c:1086
__down_read_common kernel/locking/rwsem.c:1261 [inline]
__down_read kernel/locking/rwsem.c:1274 [inline]
down_read+0xef/0x480 kernel/locking/rwsem.c:1539
kernfs_dop_revalidate+0xa5/0x740 fs/kernfs/dir.c:1180
d_revalidate fs/namei.c:929 [inline]
d_revalidate fs/namei.c:925 [inline]
lookup_fast+0x266/0x610 fs/namei.c:1777
walk_component+0x5b/0x5b0 fs/namei.c:2147
link_path_walk+0x627/0xe20 fs/namei.c:2519
path_openat+0x1b0/0x2cb0 fs/namei.c:4130
do_filp_open+0x20b/0x470 fs/namei.c:4161
do_sys_openat2+0x11b/0x1d0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_openat fs/open.c:1468 [inline]
__se_sys_openat fs/open.c:1463 [inline]
__x64_sys_openat+0x174/0x210 fs/open.c:1463
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4d0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7b205b4407
RSP: 002b:00007ffca529e930 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f7b204c6880 RCX: 00007f7b205b4407
RDX: 0000000000080000 RSI: 00007ffca529eab0 RDI: ffffffffffffff9c
RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 000056493a4817f5
R13: 000056493a4817f5 R14: 0000000000000001 R15: 000056493a49c140
INFO: task udevd:5262 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:udevd state:D
stack:25624 pid:5262 tgid:5262 ppid:2854 task_flags:0x400140 flags:0x00080003
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x12fc/0x3b80 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
rwsem_down_read_slowpath+0x64b/0xbf0 kernel/locking/rwsem.c:1086
__down_read_common kernel/locking/rwsem.c:1261 [inline]
__down_read kernel/locking/rwsem.c:1274 [inline]
down_read+0xef/0x480 kernel/locking/rwsem.c:1539
kernfs_dop_revalidate+0xa5/0x740 fs/kernfs/dir.c:1180
d_revalidate fs/namei.c:929 [inline]
d_revalidate fs/namei.c:925 [inline]
lookup_fast+0x266/0x610 fs/namei.c:1777
walk_component+0x5b/0x5b0 fs/namei.c:2147
link_path_walk+0x627/0xe20 fs/namei.c:2519
path_lookupat+0x15a/0x6d0 fs/namei.c:2675
filename_lookup+0x224/0x5f0 fs/namei.c:2705
vfs_statx+0x101/0x3f0 fs/stat.c:353
vfs_fstatat+0x7b/0xf0 fs/stat.c:375
__do_sys_newfstatat+0x97/0x120 fs/stat.c:542
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4d0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7b2061eb0a
RSP: 002b:00007ffca52a1148 EFLAGS: 00000202 ORIG_RAX: 0000000000000106
RAX: ffffffffffffffda RBX: 000056495aebc851 RCX: 00007f7b2061eb0a
RDX: 00007ffca52a1150 RSI: 00007ffca52a11e0 RDI: 00000000ffffff9c
RBP: 000056495aea5240 R08: 000056495aebc851 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000202 R12: 000056495aea5330
R13: 00007ffca52a11e0 R14: 000056495ae91fec R15: 000056493a488bcc
INFO: task kworker/0:6:5739 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:6 state:D
stack:22600 pid:5739 tgid:5739 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: events fqdir_free_fn
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x12fc/0x3b80 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_timeout+0x257/0x290 kernel/time/sleep_timeout.c:75
do_wait_for_common kernel/sched/completion.c:100 [inline]
__wait_for_common+0x2fc/0x4e0 kernel/sched/completion.c:121
rcu_barrier kernel/rcu/tree.c:3888 [inline]
rcu_barrier+0x330/0x6e0 kernel/rcu/tree.c:3809
fqdir_free_fn+0x32/0x130 net/ipv4/inet_fragment.c:166
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x56d/0x700 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task syz-executor:8989 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D
stack:25976 pid:8989 tgid:8989 ppid:2953 task_flags:0x400000 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x12fc/0x3b80 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
rwsem_down_read_slowpath+0x64b/0xbf0 kernel/locking/rwsem.c:1086
__down_read_common kernel/locking/rwsem.c:1261 [inline]
__down_read kernel/locking/rwsem.c:1274 [inline]
down_read+0xef/0x480 kernel/locking/rwsem.c:1539
kernfs_dop_revalidate+0xa5/0x740 fs/kernfs/dir.c:1180
d_revalidate fs/namei.c:929 [inline]
d_revalidate fs/namei.c:925 [inline]
lookup_fast+0x266/0x610 fs/namei.c:1777
walk_component+0x5b/0x5b0 fs/namei.c:2147
link_path_walk+0x627/0xe20 fs/namei.c:2519
path_openat+0x1b0/0x2cb0 fs/namei.c:4130
do_filp_open+0x20b/0x470 fs/namei.c:4161
do_sys_openat2+0x11b/0x1d0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_openat fs/open.c:1468 [inline]
__se_sys_openat fs/open.c:1463 [inline]
__x64_sys_openat+0x174/0x210 fs/open.c:1463
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4d0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f515c9cde91
RSP: 002b:00007ffdff179c30 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f515c9cde91
RDX: 0000000000000002 RSI: 00007f515ca5200b RDI: 00000000ffffff9c
RBP: 00007f515ca5200b R08: 00000000000000d8 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 0000000000000003 R14: 00007ffdff179f98 R15: 0000000000000000
INFO: task syz-executor:8990 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D
stack:25976 pid:8990 tgid:8990 ppid:2953 task_flags:0x400000 flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x12fc/0x3b80 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
rwsem_down_read_slowpath+0x64b/0xbf0 kernel/locking/rwsem.c:1086
__down_read_common kernel/locking/rwsem.c:1261 [inline]
__down_read kernel/locking/rwsem.c:1274 [inline]
down_read+0xef/0x480 kernel/locking/rwsem.c:1539
kernfs_dop_revalidate+0xa5/0x740 fs/kernfs/dir.c:1180
d_revalidate fs/namei.c:929 [inline]
d_revalidate fs/namei.c:925 [inline]
lookup_fast+0x266/0x610 fs/namei.c:1777
walk_component+0x5b/0x5b0 fs/namei.c:2147
link_path_walk+0x627/0xe20 fs/namei.c:2519
path_openat+0x1b0/0x2cb0 fs/namei.c:4130
do_filp_open+0x20b/0x470 fs/namei.c:4161
do_sys_openat2+0x11b/0x1d0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_openat fs/open.c:1468 [inline]
__se_sys_openat fs/open.c:1463 [inline]
__x64_sys_openat+0x174/0x210 fs/open.c:1463
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4d0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7552cbde91
RSP: 002b:00007ffdcb1ceae0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f7552cbde91
RDX: 0000000000000002 RSI: 00007f7552d4200b RDI: 00000000ffffff9c
RBP: 00007f7552d4200b R08: 00000000000000da R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
R13: 0000000000000003 R14: 00007ffdcb1cee48 R15: 0000000000000000
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
Showing all locks held in the system:
2 locks held by kworker/0:1/10:
#0: ffff888100071948 ((wq_completion)events){+.+.}-{0:0}
, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3238
#1: ffffc900000afd10
(free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3239
7 locks held by kauditd/29:
1 lock held by khungtaskd/30:
#0: ffffffff892c89e0 (rcu_read_lock){....}-{1:3}
, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775
5 locks held by kworker/1:1/37:
#0: ffff888106eab548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}
, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3238
#1: ffffc90000277d10 (
(work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3239
#2: ffff88810b70c198 (&dev->mutex
){....}-{4:4}, at: device_lock include/linux/device.h:914 [inline]
){....}-{4:4}, at: hub_event+0x1be/0x5060 drivers/usb/core/hub.c:5899
#3: ffff88811e90d198 (&dev->mutex){....}-{4:4}
, at: device_lock include/linux/device.h:914 [inline]
, at: usb_disconnect+0x10a/0x9c0 drivers/usb/core/hub.c:2336
#4: ffff888100ac5988 (
&root->kernfs_rwsem
){++++}-{4:4}, at: kernfs_remove_by_name_ns+0x3d/0x110 fs/kernfs/dir.c:1712
4 locks held by kworker/u8:5/289:
#0: ffff888100ac4948 ((wq_completion)netns){+.+.}-{0:0}
, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3238
#1: ffffc900015afd10 (net_cleanup_work
){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3239
#2: ffffffff8a61b6f0
(pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x8b0 net/core/net_namespace.c:669
#3: ffffffff892d3f78 (rcu_state.exp_mutex){+.+.}-{4:4}
, at: exp_funnel_lock+0x1a3/0x3c0 kernel/rcu/tree_exp.h:343
2 locks held by getty/2916:
#0: ffff8881123d60a0 (&tty->ldisc_sem){++++}-{0:0}
, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc900000432f0 (&ldata->atomic_read_lock){+.+.}-{4:4}
, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222
1 lock held by syz-executor/2970:
#0:
ffffffff892d3f78 (rcu_state.exp_mutex){+.+.}-{4:4}
, at: exp_funnel_lock+0x1a3/0x3c0 kernel/rcu/tree_exp.h:343
1 lock held by udevd/5180:
#0: ffff888100ac5988 (
&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_dop_revalidate+0xa5/0x740 fs/kernfs/dir.c:1180
4 locks held by kworker/1:4/5223:
1 lock held by udevd/5262:
#0: ffff888100ac5988 (
&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_dop_revalidate+0xa5/0x740 fs/kernfs/dir.c:1180
2 locks held by kworker/1:5/5298:
3 locks held by kworker/0:6/5739:
#0: ffff888100071948 (
(wq_completion)events
){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3238
#1: ffffc900122ffd10 (
(fqdir_free_work).work){+.+.}-{0:0}
, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3239
#2: ffffffff892d3e40 (
rcu_state.barrier_mutex){+.+.}-{4:4}
, at: rcu_barrier+0x48/0x6e0 kernel/rcu/tree.c:3820
5 locks held by kworker/1:0/7991:
1 lock held by syz-executor/8989:
#0: ffff888100ac5988 (&root->kernfs_rwsem
){++++}-{4:4}
, at: kernfs_dop_revalidate+0xa5/0x740 fs/kernfs/dir.c:1180
1 lock held by syz-executor/8990:
#0: ffff888100ac5988 (
&root->kernfs_rwsem){++++}-{4:4}
, at: kernfs_dop_revalidate+0xa5/0x740 fs/kernfs/dir.c:1180
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:332 [inline]
watchdog+0xf3f/0x1170 kernel/hung_task.c:495
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x56d/0x700 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 29 Comm: kauditd Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:in_softirq_really kernel/kcov.c:171 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:183 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x23/0x70 kernel/kcov.c:217
Code: 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 34 24 65 48 8b 15 a8 b1 19 0b 65 8b 05 b9 b1 19 0b a9 00 01 ff 00 74 1d f6 c4 01 74 43 00 00 0f 00 75 3c a9 00 00 f0 00 75 35 8b 82 74 15 00 00 85 c0
RSP: 0018:ffffc900001a8308 EFLAGS: 00000002
RAX: 0000000000000103 RBX: 0000000000000000 RCX: ffffffff87414ca1
RDX: ffff888102683a00 RSI: ffffffff87414caf RDI: 0000000000000001
RBP: ffffc900001a83b0 R08: 0000000000000001 R09: 0000000000000003
R10: 0000000000000000 R11: 0000000008a9fdc8 R12: 0000000000000400
R13: ffffffff88c60371 R14: ffffc900001a8430 R15: 0000000000000025
FS: 0000000000000000(0000) GS:ffff888268fa0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056495aedac00 CR3: 0000000133d8a000 CR4: 00000000003506f0
Call Trace:
format_decode+0xef/0xd40 lib/vsprintf.c:2671
vsnprintf+0x156/0x1160 lib/vsprintf.c:2869
vscnprintf+0x40/0x90 lib/vsprintf.c:2991
printk_sprint+0x31/0x330 kernel/printk/printk.c:2189
vprintk_store+0x50e/0xbf0 kernel/printk/printk.c:2309
vprintk_emit+0x14d/0x680 kernel/printk/printk.c:2399
_printk+0xc7/0x100 kernel/printk/printk.c:2448
printk_stack_address arch/x86/kernel/dumpstack.c:70 [inline]
show_trace_log_lvl+0x1b5/0x3e0 arch/x86/kernel/dumpstack.c:282
sched_show_task kernel/sched/core.c:7901 [inline]
sched_show_task+0x423/0x630 kernel/sched/core.c:7876
show_state_filter+0xee/0x380 kernel/sched/core.c:7946
k_spec drivers/tty/vt/keyboard.c:666 [inline]
k_spec+0xf0/0x150 drivers/tty/vt/keyboard.c:655
kbd_keycode drivers/tty/vt/keyboard.c:1515 [inline]
kbd_event+0xcd2/0x1820 drivers/tty/vt/keyboard.c:1534
input_handle_events_default+0x119/0x1b0 drivers/input/input.c:2541
input_pass_values+0x74e/0x880 drivers/input/input.c:128
input_event_dispose drivers/input/input.c:342 [inline]
input_handle_event+0xf00/0x14d0 drivers/input/input.c:370
input_repeat_key+0x27b/0x370 drivers/input/input.c:2228
call_timer_fn+0x19a/0x620 kernel/time/timer.c:1747
expire_timers kernel/time/timer.c:1798 [inline]
__run_timers+0x6ef/0x960 kernel/time/timer.c:2372
__run_timer_base kernel/time/timer.c:2384 [inline]
__run_timer_base kernel/time/timer.c:2376 [inline]
run_timer_base+0x114/0x190 kernel/time/timer.c:2393
run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2403
handle_softirqs+0x208/0x8d0 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0xfa/0x160 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1052
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:console_flush_all+0x9a2/0xc60 kernel/printk/printk.c:3200
Code: 00 e8 42 c3 28 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 d0 c8 20 00 48 85 db 0f 85 55 01 00 00 e8 52 cd 20 00 fb 4c 89 e0 <48> c1 e8 03 42 80 3c 38 00 0f 84 11 ff ff ff 4c 89 e7 e8 b7 06 81
RSP: 0018:ffffc900001f79c8 EFLAGS: 00000293
RAX: ffffffff897fd7f8 RBX: 0000000000000000 RCX: ffffffff815d8100
RDX: ffff888102683a00 RSI: ffffffff815d810e RDI: 0000000000000007
RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff897fd7f8
R13: ffffffff897fd7a0 R14: ffffc900001f7a58 R15: dffffc0000000000
__console_flush_and_unlock kernel/printk/printk.c:3258 [inline]
console_unlock+0xd8/0x210 kernel/printk/printk.c:3298
vprintk_emit+0x3d7/0x680 kernel/printk/printk.c:2423
_printk+0xc7/0x100 kernel/printk/printk.c:2448
kauditd_printk_skb kernel/audit.c:583 [inline]
kauditd_hold_skb+0x205/0x250 kernel/audit.c:618
kauditd_send_queue+0x239/0x290 kernel/audit.c:803
kauditd_thread+0x623/0xa70 kernel/audit.c:927
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x56d/0x700 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
walk_component+0x5b/0x5b0 fs/namei.c:2147
link_path_walk+0x627/0xe20 fs/namei.c:2519
path_openat+0x1b0/0x2cb0 fs/namei.c:4130
do_filp_open+0x20b/0x470 fs/namei.c:4161
do_sys_openat2+0x11b/0x1d0 fs/open.c:1437