INFO: task syz-executor.2:9700 blocked for more than 150 seconds.
Not tainted 6.8.0-rc2-next-20240202-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2 state:D stack:25112 pid:9700 tgid:9700 ppid:5110 flags:0x00004006
Call Trace:
context_switch kernel/sched/core.c:5400 [inline]
__schedule+0x17df/0x4a40 kernel/sched/core.c:6727
__schedule_loop kernel/sched/core.c:6804 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6819
schedule_timeout+0xb0/0x310 kernel/time/timer.c:2159
do_wait_for_common kernel/sched/completion.c:95 [inline]
__wait_for_common kernel/sched/completion.c:116 [inline]
wait_for_common kernel/sched/completion.c:127 [inline]
wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
__flush_workqueue+0x730/0x1630 kernel/workqueue.c:3617
drain_workqueue+0xc9/0x390 kernel/workqueue.c:3730
destroy_workqueue+0xba/0xc40 kernel/workqueue.c:5319
hci_release_dev+0x136/0x1670 net/bluetooth/hci_core.c:2807
bt_host_release+0x83/0x90 net/bluetooth/hci_sysfs.c:94
device_release+0x99/0x1c0
kobject_cleanup lib/kobject.c:682 [inline]
kobject_release lib/kobject.c:716 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x1f5/0x430 lib/kobject.c:733
hci_uart_tty_close+0x1c1/0x290 drivers/bluetooth/hci_ldisc.c:552
tty_ldisc_kill+0xa3/0x1a0 drivers/tty/tty_ldisc.c:607
tty_ldisc_release+0x174/0x200 drivers/tty/tty_ldisc.c:775
tty_release_struct+0x2b/0xe0 drivers/tty/tty_io.c:1696
tty_release+0xd0c/0x12c0 drivers/tty/tty_io.c:1867
__fput+0x429/0x8a0 fs/file_table.c:376
__do_sys_close fs/open.c:1554 [inline]
__se_sys_close fs/open.c:1539 [inline]
__x64_sys_close+0x7f/0x110 fs/open.c:1539
do_syscall_64+0xfb/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f796a07cc9a
RSP: 002b:00007ffc68eecdd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f796a07cc9a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 00007f796a1ad980 R08: 0000001b32420000 R09: 00000000000001ee
R10: 00000000894089db R11: 0000000000000293 R12: 00000000000837a8
R13: ffffffffffffffff R14: 00007f7969c00000 R15: 000000000008302e
INFO: task syz-executor.0:9713 blocked for more than 152 seconds.
Not tainted 6.8.0-rc2-next-20240202-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0 state:D stack:24944 pid:9713 tgid:9713 ppid:5096 flags:0x00004006
Call Trace:
context_switch kernel/sched/core.c:5400 [inline]
__schedule+0x17df/0x4a40 kernel/sched/core.c:6727
__schedule_loop kernel/sched/core.c:6804 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6819
schedule_timeout+0xb0/0x310 kernel/time/timer.c:2159
do_wait_for_common kernel/sched/completion.c:95 [inline]
__wait_for_common kernel/sched/completion.c:116 [inline]
wait_for_common kernel/sched/completion.c:127 [inline]
wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
__flush_workqueue+0x730/0x1630 kernel/workqueue.c:3617
drain_workqueue+0xc9/0x390 kernel/workqueue.c:3730
destroy_workqueue+0xba/0xc40 kernel/workqueue.c:5319
hci_release_dev+0x136/0x1670 net/bluetooth/hci_core.c:2807
bt_host_release+0x83/0x90 net/bluetooth/hci_sysfs.c:94
device_release+0x99/0x1c0
kobject_cleanup lib/kobject.c:682 [inline]
kobject_release lib/kobject.c:716 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x1f5/0x430 lib/kobject.c:733
hci_uart_tty_close+0x1c1/0x290 drivers/bluetooth/hci_ldisc.c:552
tty_ldisc_kill+0xa3/0x1a0 drivers/tty/tty_ldisc.c:607
tty_ldisc_release+0x174/0x200 drivers/tty/tty_ldisc.c:775
tty_release_struct+0x2b/0xe0 drivers/tty/tty_io.c:1696
tty_release+0xd0c/0x12c0 drivers/tty/tty_io.c:1867
__fput+0x429/0x8a0 fs/file_table.c:376
__do_sys_close fs/open.c:1554 [inline]
__se_sys_close fs/open.c:1539 [inline]
__x64_sys_close+0x7f/0x110 fs/open.c:1539
do_syscall_64+0xfb/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7efc93a7cc9a
RSP: 002b:00007ffc236dc900 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007efc93a7cc9a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 00007efc93bad980 R08: 0000001b32120000 R09: 0000000000000164
R10: 000000008b64c6dc R11: 0000000000000293 R12: 0000000000084432
R13: ffffffffffffffff R14: 00007efc93600000 R15: 00000000000840f1
INFO: task syz-executor.1:9724 blocked for more than 153 seconds.
Not tainted 6.8.0-rc2-next-20240202-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1 state:D stack:23792 pid:9724 tgid:9724 ppid:5097 flags:0x00004006
Call Trace:
context_switch kernel/sched/core.c:5400 [inline]
__schedule+0x17df/0x4a40 kernel/sched/core.c:6727
__schedule_loop kernel/sched/core.c:6804 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6819
schedule_timeout+0xb0/0x310 kernel/time/timer.c:2159
do_wait_for_common kernel/sched/completion.c:95 [inline]
__wait_for_common kernel/sched/completion.c:116 [inline]
wait_for_common kernel/sched/completion.c:127 [inline]
wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
__flush_workqueue+0x730/0x1630 kernel/workqueue.c:3617
drain_workqueue+0xc9/0x390 kernel/workqueue.c:3730
destroy_workqueue+0xba/0xc40 kernel/workqueue.c:5319
hci_release_dev+0x136/0x1670 net/bluetooth/hci_core.c:2807
bt_host_release+0x83/0x90 net/bluetooth/hci_sysfs.c:94
device_release+0x99/0x1c0
kobject_cleanup lib/kobject.c:682 [inline]
kobject_release lib/kobject.c:716 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x1f5/0x430 lib/kobject.c:733
hci_uart_tty_close+0x1c1/0x290 drivers/bluetooth/hci_ldisc.c:552
tty_ldisc_kill+0xa3/0x1a0 drivers/tty/tty_ldisc.c:607
tty_ldisc_release+0x174/0x200 drivers/tty/tty_ldisc.c:775
tty_release_struct+0x2b/0xe0 drivers/tty/tty_io.c:1696
tty_release+0xd0c/0x12c0 drivers/tty/tty_io.c:1867
__fput+0x429/0x8a0 fs/file_table.c:376
__do_sys_close fs/open.c:1554 [inline]
__se_sys_close fs/open.c:1539 [inline]
__x64_sys_close+0x7f/0x110 fs/open.c:1539
do_syscall_64+0xfb/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7fad01e7cc9a
RSP: 002b:00007ffcca939a60 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fad01e7cc9a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 00007fad01fad980 R08: 0000001b32320000 R09: 000000000000016a
R10: 00000000893a24d0 R11: 0000000000000293 R12: 0000000000084fcf
R13: ffffffffffffffff R14: 00007fad01a00000 R15: 00000000000846a3
Showing all locks held in the system:
1 lock held by khungtaskd/29:
#0: ffffffff8e130d60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
#0: ffffffff8e130d60 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
#0: ffffffff8e130d60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6614
2 locks held by getty/4824:
#0: ffff88802e8ea0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 drivers/tty/n_tty.c:2201
3 locks held by kworker/u4:9/5639:
1 lock held by syz-executor.2/9700:
#0: ffff8880319be0a0 (&tty->ldisc_sem){++++}-{0:0}, at: __tty_ldisc_lock drivers/tty/tty_ldisc.c:289 [inline]
#0: ffff8880319be0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock_pair_timeout drivers/tty/tty_ldisc.c:352 [inline]
#0: ffff8880319be0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock_pair drivers/tty/tty_ldisc.c:366 [inline]
#0: ffff8880319be0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0x110/0x200 drivers/tty/tty_ldisc.c:774
1 lock held by syz-executor.0/9713:
#0: ffff888031a1c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: __tty_ldisc_lock drivers/tty/tty_ldisc.c:289 [inline]
#0: ffff888031a1c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock_pair_timeout drivers/tty/tty_ldisc.c:352 [inline]
#0: ffff888031a1c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock_pair drivers/tty/tty_ldisc.c:366 [inline]
#0: ffff888031a1c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0x110/0x200 drivers/tty/tty_ldisc.c:774
1 lock held by syz-executor.1/9724:
#0: ffff888041bb50a0 (&tty->ldisc_sem){++++}-{0:0}, at: __tty_ldisc_lock drivers/tty/tty_ldisc.c:289 [inline]
#0: ffff888041bb50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock_pair_timeout drivers/tty/tty_ldisc.c:352 [inline]
#0: ffff888041bb50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock_pair drivers/tty/tty_ldisc.c:366 [inline]
#0: ffff888041bb50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0x110/0x200 drivers/tty/tty_ldisc.c:774
1 lock held by syz-executor.3/11516:
2 locks held by syz-executor.1/11544:
#0: ffff888021d000e0 (&type->s_umount_key#58){++++}-{3:3}, at: __super_lock fs/super.c:56 [inline]
#0: ffff888021d000e0 (&type->s_umount_key#58){++++}-{3:3}, at: super_lock+0x196/0x400 fs/super.c:120
#1: ffffffff8e15aa88 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock include/linux/cgroup.h:368 [inline]
#1: ffffffff8e15aa88 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_do_get_tree+0x19d/0x390 kernel/cgroup/cgroup.c:2187
7 locks held by syz-executor.0/11540:
#0: ffff888079d960c8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x259/0x320 fs/file.c:1191
#1: ffff888021d00420 (sb_writers#10){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2801 [inline]
#1: ffff888021d00420 (sb_writers#10){.+.+}-{0:0}, at: vfs_writev+0x2d9/0xbb0 fs/read_write.c:969
#2: ffff8880337a0888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 fs/kernfs/file.c:325
#3: ffffffff8e15aa88 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_lock include/linux/cgroup.h:368 [inline]
#3: ffffffff8e15aa88 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_kn_lock_live+0xe6/0x290 kernel/cgroup/cgroup.c:1662
#4: ffffffff8dfcc7f0 (cpu_hotplug_lock){++++}-{0:0}, at: cgroup_attach_lock kernel/cgroup/cgroup.c:2413 [inline]
#4: ffffffff8dfcc7f0 (cpu_hotplug_lock){++++}-{0:0}, at: cgroup_procs_write_start+0x1a0/0x660 kernel/cgroup/cgroup.c:2917
#5: ffffffff8e15ac70 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: cgroup_attach_lock kernel/cgroup/cgroup.c:2415 [inline]
#5: ffffffff8e15ac70 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: cgroup_procs_write_start+0x1b5/0x660 kernel/cgroup/cgroup.c:2917
#6: ffffffff8e1360f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:291 [inline]
#6: ffffffff8e1360f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x39a/0x820 kernel/rcu/tree_exp.h:939
1 lock held by syz-executor.4/11549:
#0: ffffffff8e1360f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:323 [inline]
#0: ffffffff8e1360f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x463/0x820 kernel/rcu/tree_exp.h:939
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 29 Comm: khungtaskd Not tainted 6.8.0-rc2-next-20240202-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
watchdog+0xfb0/0xff0 kernel/hung_task.c:379
kthread+0x2f0/0x390 kernel/kthread.c:388
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:242
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 9907 Comm: syz-executor.1 Not tainted 6.8.0-rc2-next-20240202-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
RIP: 0033:0x7f20f9c27189
Code: 00 00 00 0f 29 a4 24 90 00 00 00 0f 29 ac 24 a0 00 00 00 0f 29 b4 24 b0 00 00 00 0f 29 bc 24 c0 00 00 00 80 3d 3d e5 ca 00 00 <74> 56 e8 e0 54 01 00 48 8b 3d d1 83 15 00 48 89 de 48 8d 54 24 08
RSP: 002b:00007fffccd77da0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 00007f20f9cc96aa RCX: 0000000000000002
RDX: 000000000000000a RSI: 00007f20f9ccab4a RDI: 00007f20f9cc96aa
RBP: 0000000000000003 R08: 00007fffccd77eac R09: 0079746972756365
R10: 00007fffccd77f10 R11: 0000000000000212 R12: 00007f20f9d7ab40
R13: 00007fffccd77eac R14: 0000000000000000 R15: 00007f20f9d7cd00
FS: 0000555556f7a480 GS: 0000000000000000