INFO: task kworker/0:2:1051 blocked for more than 143 seconds.
Not tainted 5.15.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:2 state:D stack:20464 pid: 1051 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:4940 [inline]
__schedule+0xc8d/0x1270 kernel/sched/core.c:6287
schedule+0x14b/0x210 kernel/sched/core.c:6366
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425
__mutex_lock_common+0xdff/0x2550 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:743
imon_probe+0x11d/0x3200 drivers/media/rc/imon.c:2418
usb_probe_interface+0x633/0xb40 drivers/usb/core/driver.c:396
call_driver_probe+0x96/0x250
really_probe+0x223/0x9b0 drivers/base/dd.c:596
__driver_probe_device+0x1f8/0x3e0 drivers/base/dd.c:751
driver_probe_device+0x50/0x240 drivers/base/dd.c:781
__device_attach_driver+0x1e1/0x3b0 drivers/base/dd.c:898
bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427
__device_attach+0x310/0x560 drivers/base/dd.c:969
bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487
device_add+0x11c8/0x16d0 drivers/base/core.c:3359
usb_set_configuration+0x1a86/0x2100 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x83/0x140 drivers/usb/core/generic.c:238
usb_probe_device+0x13a/0x260 drivers/usb/core/driver.c:293
call_driver_probe+0x96/0x250
really_probe+0x223/0x9b0 drivers/base/dd.c:596
__driver_probe_device+0x1f8/0x3e0 drivers/base/dd.c:751
driver_probe_device+0x50/0x240 drivers/base/dd.c:781
__device_attach_driver+0x1e1/0x3b0 drivers/base/dd.c:898
bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427
__device_attach+0x310/0x560 drivers/base/dd.c:969
bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487
device_add+0x11c8/0x16d0 drivers/base/core.c:3359
usb_new_device+0x108a/0x1940 drivers/usb/core/hub.c:2563
hub_port_connect+0x1075/0x27d0 drivers/usb/core/hub.c:5348
hub_port_connect_change+0x5f9/0xc20 drivers/usb/core/hub.c:5488
port_event+0xb67/0x1220 drivers/usb/core/hub.c:5634
hub_event+0x4ed/0xe40 drivers/usb/core/hub.c:5716
process_one_work+0x853/0x1140 kernel/workqueue.c:2297
worker_thread+0xac1/0x1320 kernel/workqueue.c:2444
kthread+0x453/0x480 kernel/kthread.c:319
ret_from_fork+0x1f/0x30
INFO: task kworker/0:7:8542 blocked for more than 143 seconds.
Not tainted 5.15.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:7 state:D stack:20272 pid: 8542 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:4940 [inline]
__schedule+0xc8d/0x1270 kernel/sched/core.c:6287
schedule+0x14b/0x210 kernel/sched/core.c:6366
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425
__mutex_lock_common+0xdff/0x2550 kernel/locking/mutex.c:669
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:743
imon_probe+0x11d/0x3200 drivers/media/rc/imon.c:2418
usb_probe_interface+0x633/0xb40 drivers/usb/core/driver.c:396
call_driver_probe+0x96/0x250
really_probe+0x223/0x9b0 drivers/base/dd.c:596
__driver_probe_device+0x1f8/0x3e0 drivers/base/dd.c:751
driver_probe_device+0x50/0x240 drivers/base/dd.c:781
__device_attach_driver+0x1e1/0x3b0 drivers/base/dd.c:898
bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427
__device_attach+0x310/0x560 drivers/base/dd.c:969
bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487
device_add+0x11c8/0x16d0 drivers/base/core.c:3359
usb_set_configuration+0x1a86/0x2100 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x83/0x140 drivers/usb/core/generic.c:238
usb_probe_device+0x13a/0x260 drivers/usb/core/driver.c:293
call_driver_probe+0x96/0x250
really_probe+0x223/0x9b0 drivers/base/dd.c:596
__driver_probe_device+0x1f8/0x3e0 drivers/base/dd.c:751
driver_probe_device+0x50/0x240 drivers/base/dd.c:781
__device_attach_driver+0x1e1/0x3b0 drivers/base/dd.c:898
bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427
__device_attach+0x310/0x560 drivers/base/dd.c:969
bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487
device_add+0x11c8/0x16d0 drivers/base/core.c:3359
usb_new_device+0x108a/0x1940 drivers/usb/core/hub.c:2563
hub_port_connect+0x1075/0x27d0 drivers/usb/core/hub.c:5348
hub_port_connect_change+0x5f9/0xc20 drivers/usb/core/hub.c:5488
port_event+0xb67/0x1220 drivers/usb/core/hub.c:5634
hub_event+0x4ed/0xe40 drivers/usb/core/hub.c:5716
process_one_work+0x853/0x1140 kernel/workqueue.c:2297
worker_thread+0xac1/0x1320 kernel/workqueue.c:2444
kthread+0x453/0x480 kernel/kthread.c:319
ret_from_fork+0x1f/0x30
Showing all locks held in the system:
1 lock held by ksoftirqd/1/19:
#0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:474 [inline]
#0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1317 [inline]
#0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1620 [inline]
#0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x188/0x1270 kernel/sched/core.c:6201
1 lock held by khungtaskd/27:
#0: ffffffff8c91c180 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
6 locks held by kworker/0:2/1051:
#0: ffff888141bbb938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140
#1: ffffc90004dd7d20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272
#2: ffff888146d39220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#2: ffff888146d39220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b2/0xe40 drivers/usb/core/hub.c:5662
#3: ffff888098069220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#3: ffff888098069220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944
#4: ffff88808ae971a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#4: ffff88808ae971a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944
#5: ffffffff8d5084c8 (driver_lock){+.+.}-{3:3}, at: imon_probe+0x11d/0x3200 drivers/media/rc/imon.c:2418
1 lock held by systemd-udevd/2970:
1 lock held by in:imklog/6201:
#0: ffff88801b2f9270 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24e/0x2f0 fs/file.c:990
5 locks held by syz-executor.0/6548:
6 locks held by kworker/0:3/7972:
#0: ffff888141bbb938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140
#1: ffffc9000d85fd20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272
#2: ffff88801f098220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#2: ffff88801f098220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b2/0xe40 drivers/usb/core/hub.c:5662
#3: ffff8880998c0220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#3: ffff8880998c0220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944
#4: ffff888095aa61a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#4: ffff888095aa61a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944
#5: ffffffff8d5084c8 (driver_lock){+.+.}-{3:3}, at: imon_probe+0x11d/0x3200 drivers/media/rc/imon.c:2418
3 locks held by kworker/1:6/8459:
#0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:474 [inline]
#0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1317 [inline]
#0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1620 [inline]
#0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x188/0x1270 kernel/sched/core.c:6201
#1: ffff8880b9d1f888 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x4c1/0x780 kernel/sched/psi.c:880
#2: ffff8880b9d1feb8 (krc.lock){..-.}-{2:2}, at: kfree_rcu_monitor+0x27/0x700 kernel/rcu/tree.c:3334
6 locks held by kworker/0:6/8532:
#0: ffff888141bbb938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140
#1: ffffc90017cffd20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272
#2: ffff888146d50220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#2: ffff888146d50220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b2/0xe40 drivers/usb/core/hub.c:5662
#3: ffff88806e2bb220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#3: ffff88806e2bb220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944
#4: ffff88808cce91a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#4: ffff88808cce91a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944
#5: ffffffff8d5084c8 (driver_lock){+.+.}-{3:3}, at: imon_probe+0x11d/0x3200 drivers/media/rc/imon.c:2418
6 locks held by kworker/0:7/8542:
#0: ffff888141bbb938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140
#1: ffffc90017e3fd20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272
#2: ffff88801f0b0220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#2: ffff88801f0b0220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b2/0xe40 drivers/usb/core/hub.c:5662
#3: ffff88809806e220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#3: ffff88809806e220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944
#4: ffff88808ae961a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#4: ffff88808ae961a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944
#5: ffffffff8d5084c8 (driver_lock){+.+.}-{3:3}, at: imon_probe+0x11d/0x3200 drivers/media/rc/imon.c:2418
3 locks held by systemd-udevd/22191:
#0: ffff8880749a6c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:203 [inline]
#0: ffff8880749a6c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x19b/0x580 fs/kernfs/file.c:242
#1: ffff88807d5ef918 (kn->active#245){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:204 [inline]
#1: ffff88807d5ef918 (kn->active#245){++++}-{0:0}, at: kernfs_fop_read_iter+0x1b3/0x580 fs/kernfs/file.c:242
#2: ffff88806e2bb220 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:765 [inline]
#2: ffff88806e2bb220 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x33/0x3a0 drivers/usb/core/sysfs.c:873
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106
nmi_cpu_backtrace+0x45f/0x490 lib/nmi_backtrace.c:105
nmi_trigger_cpumask_backtrace+0x16a/0x280 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
watchdog+0xc54/0xca0 kernel/hung_task.c:295
kthread+0x453/0x480 kernel/kthread.c:319
ret_from_fork+0x1f/0x30
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 2966 Comm: systemd-journal Not tainted 5.15.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:trace_lock_release+0x43/0x150 include/trace/events/lock.h:58
Code: 89 d8 48 c1 e8 06 48 8d 3c c5 68 f1 db 8d be 08 00 00 00 e8 9f 9a 69 00 48 0f a3 1d 9f bb 77 0c 73 21 65 83 05 f5 b9 9d 7e 01 <48> 8b 05 16 bb 64 0c e8 b1 f4 07 00 85 c0 74 0f 65 ff 0d de b9 9d
RSP: 0018:ffffc90002abf3a0 EFLAGS: 00000282
RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff816435c1
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8ddbf168
RBP: ffffc90002abf4e8 R08: dffffc0000000000 R09: fffffbfff1bb7e2e
R10: fffffbfff1bb7e2e R11: 0000000000000000 R12: dffffc0000000000
R13: 1ffff92000557e84 R14: ffffffff81dfd185 R15: ffff888017dccf80
FS: 00007f87b7e6e8c0(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f87b55b3000 CR3: 000000001dc5b000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
lock_release+0x82/0x810 kernel/locking/lockdep.c:5636
dput+0x271/0x6e0 include/linux/rcupdate.h:720
step_into+0x409/0x1f90 fs/namei.c:1809
walk_component+0x33a/0x790 fs/namei.c:1976
link_path_walk+0x697/0xd00
path_openat+0x25b/0x3670 fs/namei.c:3557
do_filp_open+0x277/0x4f0 fs/namei.c:3588
do_sys_openat2+0x13b/0x500 fs/open.c:1200
do_sys_open fs/open.c:1216 [inline]
__do_sys_open fs/open.c:1224 [inline]
__se_sys_open fs/open.c:1220 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1220
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f87b73fd840
Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
RSP: 002b:00007ffea186b4f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007ffea186b800 RCX: 00007f87b73fd840
RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 000055a85a672650
RBP: 000000000000000d R08: 000000000000ffc0 R09: 00000000ffffffff
R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000055a85a665040 R14: 00007ffea186b7c0 R15: 000055a85a672730
----------------
Code disassembly (best guess):
0: 89 d8 mov %ebx,%eax
2: 48 c1 e8 06 shr $0x6,%rax
6: 48 8d 3c c5 68 f1 db lea -0x72240e98(,%rax,8),%rdi
d: 8d
e: be 08 00 00 00 mov $0x8,%esi
13: e8 9f 9a 69 00 callq 0x699ab7
18: 48 0f a3 1d 9f bb 77 bt %rbx,0xc77bb9f(%rip) # 0xc77bbbf
1f: 0c
20: 73 21 jae 0x43
22: 65 83 05 f5 b9 9d 7e addl $0x1,%gs:0x7e9db9f5(%rip) # 0x7e9dba1f
29: 01
* 2a: 48 8b 05 16 bb 64 0c mov 0xc64bb16(%rip),%rax # 0xc64bb47 <-- trapping instruction
31: e8 b1 f4 07 00 callq 0x7f4e7
36: 85 c0 test %eax,%eax
38: 74 0f je 0x49
3a: 65 gs
3b: ff .byte 0xff
3c: 0d .byte 0xd
3d: de .byte 0xde
3e: b9 .byte 0xb9
3f: 9d popfq