INFO: task syz.1.12717:8471 blocked for more than 143 seconds.
Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.12717 state:D stack:27528 pid:8471 tgid:8470 ppid:1387 task_flags:0x400040 flags:0x00004004
Call Trace:
context_switch kernel/sched/core.c:5396 [inline]
__schedule+0x16f5/0x4d00 kernel/sched/core.c:6785
__schedule_loop kernel/sched/core.c:6863 [inline]
schedule+0x165/0x360 kernel/sched/core.c:6878
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6935
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0x724/0xe80 kernel/locking/mutex.c:747
bdev_open+0xe0/0xd30 block/bdev.c:945
blkdev_open+0x3a8/0x510 block/fops.c:676
do_dentry_open+0xdf3/0x1970 fs/open.c:964
vfs_open+0x3b/0x340 fs/open.c:1094
do_open fs/namei.c:3896 [inline]
path_openat+0x2ee5/0x3830 fs/namei.c:4055
do_filp_open+0x1fa/0x410 fs/namei.c:4082
do_sys_openat2+0x121/0x1c0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_openat fs/open.c:1468 [inline]
__se_sys_openat fs/open.c:1463 [inline]
__x64_sys_openat+0x138/0x170 fs/open.c:1463
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f797778d290
RSP: 002b:00007f7978689b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f797778d290
RDX: 0000000000000000 RSI: 00007f7978689c10 RDI: 00000000ffffff9c
RBP: 00007f7978689c10 R08: 0000000000000000 R09: 002364626e2f7665
R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
R13: 0000000000000000 R14: 00007f79779b5fa0 R15: 00007ffd4f8fba28
Showing all locks held in the system:
1 lock held by khungtaskd/31:
#0: ffffffff8e33eda0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8e33eda0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
#0: ffffffff8e33eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6770
2 locks held by getty/5596:
#0: ffff888030a260a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90002fee2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222
6 locks held by kworker/0:4/5897:
#0: ffff8880216d3548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
#0: ffff8880216d3548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3321
#1: ffffc90004da7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
#1: ffffc90004da7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3321
#2: ffff888028953198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline]
#2: ffff888028953198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 drivers/usb/core/hub.c:5863
#3: ffff888021a94198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline]
#3: ffff888021a94198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 drivers/base/dd.c:1004
#4: ffff88805fe77160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline]
#4: ffff88805fe77160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 drivers/base/dd.c:1004
#5: ffffffff8f1a5be8 (input_mutex){+.+.}-{4:4}, at: class_mutex_intr_constructor include/linux/mutex.h:227 [inline]
#5: ffffffff8f1a5be8 (input_mutex){+.+.}-{4:4}, at: input_register_device+0xa74/0x10b0 drivers/input/input.c:2408
7 locks held by kworker/0:7/5932:
#0: ffff8880216d3548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3213 [inline]
#0: ffff8880216d3548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3321
#1: ffffc90005257bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3214 [inline]
#1: ffffc90005257bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3321
#2: ffff88802862b198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline]
#2: ffff88802862b198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 drivers/usb/core/hub.c:5863
#3: ffff88805fd98198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline]
#3: ffff88805fd98198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 drivers/base/dd.c:1004
#4: ffff88805fd9a160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:884 [inline]
#4: ffff88805fd9a160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 drivers/base/dd.c:1004
#5: ffffffff8f1a5be8 (input_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:225 [inline]
#5: ffffffff8f1a5be8 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x2d8/0x5e0 drivers/input/input.c:2221
#6: ffffffff8e3448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:336 [inline]
#6: ffffffff8e3448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:998
1 lock held by udevd/24473:
#0: ffff888142b80358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 block/bdev.c:945
1 lock held by udevd/24474:
#0: ffff888025573358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 block/bdev.c:945
3 locks held by kworker/u8:12/24743:
#0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:606
#1: ffff8880b8623f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39a/0x6d0 kernel/sched/psi.c:987
#2: ffff8880b8625958 (&base->lock){-.-.}-{2:2}, at: lock_timer_base kernel/time/timer.c:1004 [inline]
#2: ffff8880b8625958 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30 kernel/time/timer.c:1085
4 locks held by udevd/24797:
#0: ffff8880685d39e0 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10 fs/seq_file.c:182
#1: ffff8880309c3888 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0 fs/kernfs/file.c:154
#2: ffff888063a0e698 (kn->active#30){++++}-{0:0}, at: kernfs_seq_start+0x75/0x3c0 fs/kernfs/file.c:155
#3: ffff888021a94198 (&dev->mutex){....}-{4:4}, at: device_lock_interruptible include/linux/device.h:889 [inline]
#3: ffff888021a94198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0 drivers/usb/core/sysfs.c:142
4 locks held by udevd/4661:
#0: ffff88805f611e80 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10 fs/seq_file.c:182
#1: ffff888033001488 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0 fs/kernfs/file.c:154
#2: ffff888034a1aa58 (kn->active#30){++++}-{0:0}, at: kernfs_seq_start+0x75/0x3c0 fs/kernfs/file.c:155
#3: ffff88805fd98198 (&dev->mutex){....}-{4:4}, at: device_lock_interruptible include/linux/device.h:889 [inline]
#3: ffff88805fd98198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0 drivers/usb/core/sysfs.c:142
1 lock held by syz.1.12717/8471:
#0: ffff888025573358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 block/bdev.c:945
2 locks held by syz.2.12750/8559:
#0: ffff8880527720e0 (&type->s_umount_key#73/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970 fs/super.c:345
#1: ffff888142b80358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 block/bdev.c:945
2 locks held by syz.5.13510/11944:
#0: ffff8880288520d8 (&nft_net->commit_mutex){+.+.}-{4:4}, at: nf_tables_valid_genid+0x3b/0x100 net/netfilter/nf_tables_api.c:11505
#1: ffffffff8e3448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:336 [inline]
#1: ffffffff8e3448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:998
=============================================
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:307 [inline]
watchdog+0xfee/0x1030 kernel/hung_task.c:470
kthread+0x70e/0x8a0 kernel/kthread.c:464
ret_from_fork+0x3f9/0x770 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 5897 Comm: kworker/0:4 Not tainted 6.16.0-rc2-syzkaller-00278-g3f75bfff44be #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: usb_hub_wq hub_event
RIP: 0010:____rb_erase_color lib/rbtree.c:242 [inline]
RIP: 0010:rb_erase+0x4d6/0xe60 lib/rbtree.c:445
Code: 2c 24 4c 39 eb 4c 89 34 24 0f 84 2c 01 00 00 4d 89 ee 49 c1 ee 03 41 80 3c 2e 00 74 08 4c 89 ef e8 8f 69 bb f6 41 f6 45 00 01 <4c> 89 64 24 08 0f 85 4f 02 00 00 49 8d 5d 10 48 89 d8 48 c1 e8 03
RSP: 0018:ffffc90000007ca8 EFLAGS: 00000002
RAX: 1ffff110170c4f72 RBX: 0000000000000000 RCX: dffffc0000000000
RDX: 0000000000010000 RSI: ffff8880b8627b90 RDI: ffffc9000e6c7d48
RBP: dffffc0000000000 R08: ffffffff8fc22ef7 R09: 1ffffffff1f845de
R10: dffffc0000000000 R11: fffffbfff1f845df R12: ffff8880b8628420
R13: ffffc900052e7d40 R14: 1ffff92000a5cfa8 R15: 1ffff110170c5084
FS: 0000000000000000(0000) GS:ffff888125a1c000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055ec24689820 CR3: 00000000630da000 CR4: 00000000003526f0
DR0: 0000000000000007 DR1: 000000000000000b DR2: 0000000000000002
DR3: 0000000000000009 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
rb_erase_cached include/linux/rbtree.h:126 [inline]
timerqueue_del+0xae/0x100 lib/timerqueue.c:57
__remove_hrtimer kernel/time/hrtimer.c:1121 [inline]
__run_hrtimer kernel/time/hrtimer.c:1741 [inline]
__hrtimer_run_queues+0x364/0xc60 kernel/time/hrtimer.c:1825
hrtimer_interrupt+0x45b/0xaa0 kernel/time/hrtimer.c:1887
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
__sysvec_apic_timer_interrupt+0x10b/0x410 arch/x86/kernel/apic/apic.c:1056
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1050
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:console_trylock_spinning kernel/printk/printk.c:2061 [inline]
RIP: 0010:vprintk_emit+0x58f/0x7a0 kernel/printk/printk.c:2449
Code: 85 32 01 00 00 e8 d1 61 1f 00 41 89 df 4d 85 f6 48 8b 1c 24 75 07 e8 c0 61 1f 00 eb 06 e8 b9 61 1f 00 fb 48 c7 c7 20 30 33 8e <31> f6 ba 01 00 00 00 31 c9 41 b8 01 00 00 00 45 31 c9 53 e8 b9 36
RSP: 0018:ffffc90004da72c0 EFLAGS: 00000283
RAX: ffffffff81a13a97 RBX: ffffffff81a13954 RCX: 0000000000100000
RDX: ffffc90019d6e000 RSI: 0000000000025c7b RDI: ffffffff8e333020
RBP: ffffc90004da73d0 R08: ffffffff8fc22ef7 R09: 1ffffffff1f845de
R10: dffffc0000000000 R11: fffffbfff1f845df R12: dffffc0000000000
R13: 1ffff920009b4e5c R14: 0000000000000200 R15: 0000000000000029
dev_vprintk_emit+0x337/0x3f0 drivers/base/core.c:4917
dev_printk_emit+0xe0/0x130 drivers/base/core.c:4928
_dev_info+0x10a/0x160 drivers/base/core.c:4986
usb_disconnect+0xdd/0x910 drivers/usb/core/hub.c:2298
hub_port_connect drivers/usb/core/hub.c:5375 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5675 [inline]
port_event drivers/usb/core/hub.c:5835 [inline]
hub_event+0x1cdb/0x4a00 drivers/usb/core/hub.c:5917
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
kthread+0x70e/0x8a0 kernel/kthread.c:464
ret_from_fork+0x3f9/0x770 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
appletouch 6-1:1.0: atp_complete: usb_submit_urb failed with result -19