INFO: task hung in usb_serial

ID	Workflow	Result	Correct	Bug	Created	Started	Finished	Revision	Error
4959fc23-8038-4407-8f72-62bd51054a3c	repro		❓	INFO: task hung in usb_serial_probe	2026/03/06 17:02	2026/03/06 17:02	2026/03/06 17:09	31e9c887f7dc24e04b3ca70d0d54fc34141844b0

INFO: task kworker/1:0:23 blocked for more than 152 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:0 state:D stack:20936 pid:23 tgid:23 ppid:2 task_flags:0x4208060 flags:0x00080000 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> context_switch kernel/sched/core.c:5256 [inline] __schedule+0x145d/0x4a00 kernel/sched/core.c:6863 __schedule_loop kernel/sched/core.c:6945 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6960 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7017 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 uevent_net_broadcast_untagged lib/kobject_uevent.c:317 [inline] kobject_uevent_net_broadcast lib/kobject_uevent.c:410 [inline] kobject_uevent_env+0xb88/0x1920 lib/kobject_uevent.c:608 device_add+0x1103/0x1980 drivers/base/core.c:3670 usb_serial_probe+0x2f63/0x4160 drivers/usb/serial/usb-serial.c:1150 usb_probe_interface+0x303/0xa80 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:581 [inline] really_probe+0x241/0xb20 drivers/base/dd.c:659 __driver_probe_device+0x1de/0x470 drivers/base/dd.c:801 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:831 __device_attach_driver+0x1df/0x350 drivers/base/dd.c:959 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:500 __device_attach+0x1e4/0x4e0 drivers/base/dd.c:1031 device_initial_probe+0xaa/0xc0 drivers/base/dd.c:1086 bus_probe_device+0x64/0x150 drivers/base/bus.c:574 device_add+0x116e/0x1980 drivers/base/core.c:3689 usb_set_configuration+0x1187/0x1e50 drivers/usb/core/message.c:2210 usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:250 usb_probe_device+0xef/0x400 drivers/usb/core/driver.c:291 call_driver_probe drivers/base/dd.c:581 [inline] really_probe+0x241/0xb20 drivers/base/dd.c:659 __driver_probe_device+0x1de/0x470 drivers/base/dd.c:801 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:831 __device_attach_driver+0x1df/0x350 drivers/base/dd.c:959 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:500 __device_attach+0x1e4/0x4e0 drivers/base/dd.c:1031 device_initial_probe+0xaa/0xc0 drivers/base/dd.c:1086 bus_probe_device+0x64/0x150 drivers/base/bus.c:574 device_add+0x116e/0x1980 drivers/base/core.c:3689 usb_new_device+0xd07/0x1a90 drivers/usb/core/hub.c:2695 hub_port_connect drivers/usb/core/hub.c:5567 [inline] hub_port_connect_change drivers/usb/core/hub.c:5707 [inline] port_event drivers/usb/core/hub.c:5871 [inline] hub_event+0x31bf/0x5420 drivers/usb/core/hub.c:5953 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257 process_scheduled_works kernel/workqueue.c:3340 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x74f/0xa30 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 </TASK> INFO: task kworker/1:3:5231 blocked for more than 181 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:3 state:D stack:21112 pid:5231 tgid:5231 ppid:2 task_flags:0x4208060 flags:0x00080000 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> context_switch kernel/sched/core.c:5256 [inline] __schedule+0x145d/0x4a00 kernel/sched/core.c:6863 __schedule_loop kernel/sched/core.c:6945 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6960 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7017 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 uevent_net_broadcast_untagged lib/kobject_uevent.c:317 [inline] kobject_uevent_net_broadcast lib/kobject_uevent.c:410 [inline] kobject_uevent_env+0xb88/0x1920 lib/kobject_uevent.c:608 driver_bound+0x164/0x260 drivers/base/dd.c:422 really_probe+0x651/0xb20 drivers/base/dd.c:709 __driver_probe_device+0x1de/0x470 drivers/base/dd.c:801 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:831 __device_attach_driver+0x1df/0x350 drivers/base/dd.c:959 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:500 __device_attach+0x1e4/0x4e0 drivers/base/dd.c:1031 device_initial_probe+0xaa/0xc0 drivers/base/dd.c:1086 bus_probe_device+0x64/0x150 drivers/base/bus.c:574 device_add+0x116e/0x1980 drivers/base/core.c:3689 usb_new_device+0xd07/0x1a90 drivers/usb/core/hub.c:2695 hub_port_connect drivers/usb/core/hub.c:5567 [inline] hub_port_connect_change drivers/usb/core/hub.c:5707 [inline] port_event drivers/usb/core/hub.c:5871 [inline] hub_event+0x31bf/0x5420 drivers/usb/core/hub.c:5953 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257 process_scheduled_works kernel/workqueue.c:3340 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x74f/0xa30 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 </TASK> INFO: task syz.4.3180:22550 blocked for more than 181 seconds. Not tainted syzkaller #0 Blocked by coredump. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.3180 state:D stack:27704 pid:22550 tgid:22549 ppid:16708 task_flags:0x40044c flags:0x00080003 Call Trace: <TASK> context_switch kernel/sched/core.c:5256 [inline] __schedule+0x145d/0x4a00 kernel/sched/core.c:6863 __schedule_loop kernel/sched/core.c:6945 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:6960 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7017 __mutex_lock_common kernel/locking/mutex.c:692 [inline] __mutex_lock+0xc69/0x1ca0 kernel/locking/mutex.c:776 uevent_net_broadcast_untagged lib/kobject_uevent.c:317 [inline] kobject_uevent_net_broadcast lib/kobject_uevent.c:410 [inline] kobject_uevent_env+0xb88/0x1920 lib/kobject_uevent.c:608 device_remove+0xcb/0x170 drivers/base/dd.c:569 __device_release_driver drivers/base/dd.c:1282 [inline] device_release_driver_internal+0x44b/0x620 drivers/base/dd.c:1305 driver_detach+0xd8/0x1b0 drivers/base/dd.c:1368 bus_remove_driver+0x13b/0x2e0 drivers/base/bus.c:784 driver_unregister+0x76/0xb0 drivers/base/driver.c:277 usb_gadget_unregister_driver+0x49/0x70 drivers/usb/gadget/udc/core.c:1751 raw_release+0x1ae/0x2b0 drivers/usb/gadget/legacy/raw_gadget.c:463 __fput+0x402/0xb70 fs/file_table.c:468 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x87f/0x2bd0 kernel/exit.c:971 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112 get_signal+0x2671/0x26d0 kernel/signal.c:3034 arch_do_signal_or_restart+0x8f/0x7e0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x80/0x4f0 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x4bb/0x570 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f97d838f34b RSP: 002b:00007f97d6dedf70 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: fffffffffffffffc RBX: fffffffffffffd6e RCX: 00007f97d838f34b RDX: 00007f97d6dedff0 RSI: 0000000040085507 RDI: 0000000000000003 RBP: 0000000000000003 R08: 00007f97d8710320 R09: 0000000000000000 R10: 0000000000000003 R11: 0000000000000246 R12: 0000200000000140 R13: 0000000000000000 R14: 00007f97d85e5fa0 R15: 00007ffeabc2b8f8 </TASK> Showing all locks held in the system: 5 locks held by kworker/0:1/10: #0: ffff888100ed2148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232 #1: ffffc900000afca0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233 #2: ffff88810a701198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline] #2: ffff88810a701198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1be/0x5420 drivers/usb/core/hub.c:5899 #3: ffff88810a704510 (&port_dev->status_lock){+.+.}-{4:4}, at: usb_lock_port drivers/usb/core/hub.c:3252 [inline] #3: ffff88810a704510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_port_connect drivers/usb/core/hub.c:5464 [inline] #3: ffff88810a704510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_port_connect_change drivers/usb/core/hub.c:5707 [inline] #3: ffff88810a704510 (&port_dev->status_lock){+.+.}-{4:4}, at: port_event drivers/usb/core/hub.c:5871 [inline] #3: ffff88810a704510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x2c09/0x5420 drivers/usb/core/hub.c:5953 #4: ffff888107f08268 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_port_connect drivers/usb/core/hub.c:5465 [inline] #4: ffff888107f08268 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_port_connect_change drivers/usb/core/hub.c:5707 [inline] #4: ffff888107f08268 (hcd->address0_mutex){+.+.}-{4:4}, at: port_event drivers/usb/core/hub.c:5871 [inline] #4: ffff888107f08268 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x2c2f/0x5420 drivers/usb/core/hub.c:5953 5 locks held by kworker/1:0/23: #0: ffff888100ed2148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232 #1: ffffc9000018fca0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233 #2: ffff88810a7c9198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline] #2: ffff88810a7c9198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1be/0x5420 drivers/usb/core/hub.c:5899 #3: ffff88810a7cc510 (&port_dev->status_lock){+.+.}-{4:4}, at: usb_lock_port drivers/usb/core/hub.c:3252 [inline] #3: ffff88810a7cc510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_port_connect drivers/usb/core/hub.c:5464 [inline] #3: ffff88810a7cc510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_port_connect_change drivers/usb/core/hub.c:5707 [inline] #3: ffff88810a7cc510 (&port_dev->status_lock){+.+.}-{4:4}, at: port_event drivers/usb/core/hub.c:5871 [inline] #3: ffff88810a7cc510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x2c09/0x5420 drivers/usb/core/hub.c:5953 #4: ffff88810a39cc68 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_port_connect drivers/usb/core/hub.c:5465 [inline] #4: ffff88810a39cc68 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_port_connect_change drivers/usb/core/hub.c:5707 [inline] #4: ffff88810a39cc68 (hcd->address0_mutex){+.+.}-{4:4}, at: port_event drivers/usb/core/hub.c:5871 [inline] #4: ffff88810a39cc68 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x2c2f/0x5420 drivers/usb/core/hub.c:5953 1 lock held by khungtaskd/30: #0: ffffffff892cd6e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #0: ffffffff892cd6e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline] #0: ffffffff892cd6e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775 4 locks held by kworker/u8:5/278: #0: ffff888100ac4948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 kernel/workqueue.c:3232 #1: ffffc900015cfca0 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 kernel/workqueue.c:3233 #2: ffffffff8a650030 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x900 net/core/net_namespace.c:670 #3: ffffffff892d8d00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0 kernel/rcu/tree.c:3816 2 locks held by getty/2919: #0: ffff888108ad60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243 #1: ffffc900000452f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x1510 drivers/tty/n_tty.c:2211 3 locks held by kworker/1:7/19429: 2 locks held by syz-executor/22630: #0: ffffffff8a650030 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x31b/0x780 net/core/net_namespace.c:577 #1: ffffffff892d8d00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0 kernel/rcu/tree.c:3816 1 lock held by syz-executor/22639: 1 lock held by sed/22709: ============================================= NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(voluntary) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline] __sys_info lib/sys_info.c:157 [inline] sys_info+0x133/0x180 lib/sys_info.c:165 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline] watchdog+0xe66/0x1180 kernel/hung_task.c:515 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x74f/0xa30 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 </TASK> Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 19429 Comm: kworker/1:7 Not tainted syzkaller #0 PREEMPT(voluntary) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Workqueue: events drain_vmap_area_work RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:26 [inline] RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:109 [inline] RIP: 0010:check_preemption_disabled+0x2d/0xe0 lib/smp_processor_id.c:19 Code: 53 48 83 ec 08 65 8b 1d 85 ce 4b 05 65 8b 05 7a ce 4b 05 a9 ff ff ff 7f 74 0f 48 83 c4 08 89 d8 5b 5d 41 5c e9 14 d4 02 00 9c <58> f6 c4 02 74 ea 48 89 fd 65 48 8b 05 3a ce 4b 05 f6 40 2f 04 74 RSP: 0018:ffffc90000567530 EFLAGS: 00000046 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff8b0eba01 RDX: 0000000000000000 RSI: ffffffff88d9c155 RDI: ffffffff878a7180 RBP: 0000000000000001 R08: ffffffff8b0ebab8 R09: 00000000363b1a86 R10: 0000000000000002 R11: 000000000000d3d9 R12: ffffffff813c1194 R13: 0000000000000206 R14: ffff888124b70000 R15: ffffc9000056764c FS: 0000000000000000(0000) GS:ffff888268cf5000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9613727368 CR3: 0000000141ba6000 CR4: 00000000003506f0 Call Trace: <TASK> lockdep_recursion_inc kernel/locking/lockdep.c:465 [inline] lock_release+0x9c/0x2d0 kernel/locking/lockdep.c:5888 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:897 [inline] class_rcu_destructor include/linux/rcupdate.h:1195 [inline] unwind_next_frame+0x3f9/0x20a0 arch/x86/kernel/unwind_orc.c:479 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122 save_stack+0x160/0x1f0 mm/page_owner.c:165 __reset_page_owner+0x84/0x1a0 mm/page_owner.c:320 reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1395 [inline] __free_frozen_pages+0x795/0x1010 mm/page_alloc.c:2943 kasan_depopulate_vmalloc_pte+0x5b/0x80 mm/kasan/shadow.c:484 apply_to_pte_range mm/memory.c:3182 [inline] apply_to_pmd_range mm/memory.c:3226 [inline] apply_to_pud_range mm/memory.c:3262 [inline] apply_to_p4d_range mm/memory.c:3298 [inline] __apply_to_page_range+0xac1/0x13f0 mm/memory.c:3334 __kasan_release_vmalloc+0xd1/0xe0 mm/kasan/shadow.c:602 kasan_release_vmalloc include/linux/kasan.h:592 [inline] kasan_release_vmalloc_node mm/vmalloc.c:2282 [inline] purge_vmap_node+0x1ba/0xad0 mm/vmalloc.c:2299 __purge_vmap_area_lazy+0x9d2/0xc00 mm/vmalloc.c:2389 drain_vmap_area_work+0x27/0x40 mm/vmalloc.c:2423 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257 process_scheduled_works kernel/workqueue.c:3340 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x74f/0xa30 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 </TASK>

Crashes (1):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/12/11 16:20	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	67a454e6b1c6	d6526ea3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	INFO: task hung in usb_serial_probe

Crashes (1):

Assets (help?)