INFO: task syz.3.420:7547 blocked for more than 167 seconds.
      Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.420       state:D stack:27712 pid:7547  tgid:7547  ppid:5823   flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0xe58/0x5ad0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6848
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6905
 __mutex_lock_common kernel/locking/mutex.c:665 [inline]
 __mutex_lock+0x62b/0xa60 kernel/locking/mutex.c:735
 class_mutex_constructor include/linux/mutex.h:201 [inline]
 serio_unregister_port+0x1b/0x40 drivers/input/serio/serio.c:676
 userio_char_release+0x91/0xe0 drivers/input/serio/userio.c:105
 __fput+0x3f8/0xb60 fs/file_table.c:450
 task_work_run+0x14e/0x250 kernel/task_work.c:239
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd919785d29
RSP: 002b:00007ffd23233e68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 000000000002fc81 RCX: 00007fd919785d29
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007fd919977ba0 R08: 0000000000000001 R09: 00007ffd2323415f
R10: 00007fd919600000 R11: 0000000000000246 R12: 000000000002fcef
R13: 00007fd919975fa0 R14: 0000000000000032 R15: ffffffffffffffff
 </TASK>
INFO: task syz.2.419:7550 blocked for more than 148 seconds.
      Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.419       state:D stack:26944 pid:7550  tgid:7549  ppid:5828   flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0xe58/0x5ad0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6848
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6905
 __mutex_lock_common kernel/locking/mutex.c:665 [inline]
 __mutex_lock+0x62b/0xa60 kernel/locking/mutex.c:735
 class_mutex_constructor include/linux/mutex.h:201 [inline]
 serio_unregister_port+0x1b/0x40 drivers/input/serio/serio.c:676
 userio_char_release+0x91/0xe0 drivers/input/serio/userio.c:105
 __fput+0x3f8/0xb60 fs/file_table.c:450
 task_work_run+0x14e/0x250 kernel/task_work.c:239
 get_signal+0x1d3/0x26c0 kernel/signal.c:2790
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbb45b85d29
RSP: 002b:00007fbb46967038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: fffffffffffffe00 RBX: 00007fbb45d75fa0 RCX: 00007fbb45b85d29
RDX: 000000000000005d RSI: 00000000200001c0 RDI: 0000000000000007
RBP: 00007fbb45c01b08 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fbb45d75fa0 R15: 00007ffe811450e8
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/0:1/9:
 #0: ffff88802169cd48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3211
 #1: ffffc900000e7d80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3212
 #2: ffff888144f6e190 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
 #2: ffff888144f6e190 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c1/0x4e10 drivers/usb/core/hub.c:5851
4 locks held by kdevtmpfs/27:
1 lock held by khungtaskd/30:
 #0: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #0: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6744
2 locks held by kswapd0/89:
9 locks held by kworker/1:2/969:
4 locks held by kworker/u9:1/5127:
 #0: ffff888061aed948 ((wq_completion)hci5){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3211
 #1: ffffc900105f7d80 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3212
 #2: ffff888030e94d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x170/0x410 net/bluetooth/hci_sync.c:331
 #3: ffff888030e94078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x14e/0xfe0 net/bluetooth/hci_sync.c:5585
1 lock held by acpid/5174:
1 lock held by dhcpcd/5482:
2 locks held by getty/5569:
 #0: ffff8880349d00a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
1 lock held by syz-executor/5811:
4 locks held by kworker/u9:3/5817:
 #0: ffff8880615a4948 ((wq_completion)hci6){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3211
 #1: ffffc9000417fd80 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3212
 #2: ffff888031340d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x170/0x410 net/bluetooth/hci_sync.c:331
 #3: ffff888031340078 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x14e/0xfe0 net/bluetooth/hci_sync.c:5585
1 lock held by syz.3.420/7547:
 #0: ffffffff8f720c68 (serio_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:201 [inline]
 #0: ffffffff8f720c68 (serio_mutex){+.+.}-{4:4}, at: serio_unregister_port+0x1b/0x40 drivers/input/serio/serio.c:676
1 lock held by syz.2.419/7550:
 #0: ffffffff8f720c68 (serio_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:201 [inline]
 #0: ffffffff8f720c68 (serio_mutex){+.+.}-{4:4}, at: serio_unregister_port+0x1b/0x40 drivers/input/serio/serio.c:676
2 locks held by syz.0.432/7600:
 #0: ffff88802a9b4d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 net/bluetooth/hci_core.c:480
 #1: ffff88802a9b4078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ab/0x11a0 net/bluetooth/hci_sync.c:5201
1 lock held by syz-executor/7659:
 #0: ffffffff8e1c7238 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a4/0x3b0 kernel/rcu/tree_exp.h:329
2 locks held by syz-executor/7678:
2 locks held by syz-executor/7846:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:234 [inline]
 watchdog+0xf14/0x1240 kernel/hung_task.c:397
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 101 PID: 5482 Comm: dhcpcd Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:filter_irq_stacks+0x24/0x90 kernel/stacktrace.c:397
Code: 90 90 90 90 90 90 f3 0f 1e fa 85 f6 74 61 53 31 c0 48 bb 00 00 00 00 00 fc ff df 48 83 ec 10 48 89 fa 48 c1 ea 03 80 3c 1a 00 <75> 4a 48 8b 17 48 81 fa 30 02 40 8b 72 16 48 81 fa 70 16 40 8b 73
RSP: 0018:ffffc900046ef440 EFLAGS: 00000246
RAX: 000000000000000d RBX: dffffc0000000000 RCX: 0000000000000001
RDX: 1ffff920008ddea9 RSI: 0000000000000010 RDI: ffffc900046ef548
RBP: 0000000000000001 R08: ffffc900046ef3c4 R09: ffffffff91a41ce0
R10: ffffc900046ef390 R11: 00000000000a29c4 R12: 0000000000002800
R13: ffffc900046ef4e0 R14: dffffc0000000000 R15: 0000000000000000
FS:  00007f77e14ab740(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2ea01f6d00 CR3: 00000000348ee000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 stack_depot_save_flags+0x28/0x9c0 lib/stackdepot.c:609
 save_stack+0x16f/0x1f0 mm/page_owner.c:157
 __reset_page_owner+0x8d/0x400 mm/page_owner.c:297
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_unref_page+0x661/0x1080 mm/page_alloc.c:2659
 __put_partials+0x14c/0x170 mm/slub.c:3157
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4119 [inline]
 slab_alloc_node mm/slub.c:4168 [inline]
 __do_kmalloc_node mm/slub.c:4297 [inline]
 __kmalloc_node_track_caller_noprof+0x1d3/0x510 mm/slub.c:4317
 kmalloc_reserve+0xef/0x2c0 net/core/skbuff.c:609
 __alloc_skb+0x164/0x380 net/core/skbuff.c:678
 alloc_skb include/linux/skbuff.h:1323 [inline]
 alloc_skb_with_frags+0xe4/0x850 net/core/skbuff.c:6612
 sock_alloc_send_pskb+0x7f1/0x980 net/core/sock.c:2884
 unix_dgram_sendmsg+0x4b8/0x19e0 net/unix/af_unix.c:2027
 sock_sendmsg_nosec net/socket.c:711 [inline]
 __sock_sendmsg net/socket.c:726 [inline]
 sock_write_iter+0x4fe/0x5b0 net/socket.c:1147
 new_sync_write fs/read_write.c:586 [inline]
 vfs_write+0x5ae/0x1150 fs/read_write.c:679
 ksys_write+0x207/0x250 fs/read_write.c:731
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f77e1575bf2
Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffc9e88f6d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f77e14ab6c0 RCX: 00007f77e1575bf2
RDX: 000000000000003b RSI: 00007ffc9e88f6f0 RDI: 0000000000000005
RBP: 00007ffc9e88f6f0 R08: 0000000000000000 R09: 0000000000000000
R10: 000055ccd148b110 R11: 0000000000000246 R12: 000055ccd14856ea
R13: 00007ffc9e88fb20 R14: 00007ffc9e890050 R15: 00007ffc9e88fc08
 </TASK>