INFO: task hung in usb_register

INFO: task hung in usb_register_dev
Status: upstream: reported C repro on 2020/07/06 15:12
Reported-by: syzbot+e761775e8f4a28711f19@syzkaller.appspotmail.com
First crash: 900d, last: 10d

Cause bisection: failed (bisect log)

Sample crash report:

INFO: task kworker/0:0:5 blocked for more than 143 seconds.
      Not tainted 5.14.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:0     state:D stack:24856 pid:    5 ppid:     2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 context_switch kernel/sched/core.c:4695 [inline]
 __schedule+0x93a/0x26f0 kernel/sched/core.c:6026
 schedule+0xd3/0x270 kernel/sched/core.c:6105
 rwsem_down_write_slowpath+0x7b9/0x11d0 kernel/locking/rwsem.c:1106
 __down_write_common kernel/locking/rwsem.c:1261 [inline]
 __down_write_common kernel/locking/rwsem.c:1258 [inline]
 __down_write kernel/locking/rwsem.c:1270 [inline]
 down_write+0x137/0x150 kernel/locking/rwsem.c:1407
 usb_register_dev drivers/usb/core/file.c:187 [inline]
 usb_register_dev+0x19d/0x7e0 drivers/usb/core/file.c:156
 sisusb_probe+0x21c/0xbe3 drivers/usb/misc/sisusbvga/sisusb.c:3038
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x23c/0xcd0 drivers/base/dd.c:595
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:965
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xc2f/0x2180 drivers/base/core.c:3355
 usb_set_configuration+0x113f/0x1910 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x23c/0xcd0 drivers/base/dd.c:595
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:965
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xc2f/0x2180 drivers/base/core.c:3355
 usb_new_device.cold+0x63f/0x108e drivers/usb/core/hub.c:2563
 hub_port_connect drivers/usb/core/hub.c:5348 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5488 [inline]
 port_event drivers/usb/core/hub.c:5634 [inline]
 hub_event+0x2357/0x4330 drivers/usb/core/hub.c:5716
 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task kworker/1:1:26 blocked for more than 143 seconds.
      Not tainted 5.14.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:1     state:D stack:24728 pid:   26 ppid:     2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 context_switch kernel/sched/core.c:4695 [inline]
 __schedule+0x93a/0x26f0 kernel/sched/core.c:6026
 schedule+0xd3/0x270 kernel/sched/core.c:6105
 rwsem_down_write_slowpath+0x7b9/0x11d0 kernel/locking/rwsem.c:1106
 __down_write_common kernel/locking/rwsem.c:1261 [inline]
 __down_write_common kernel/locking/rwsem.c:1258 [inline]
 __down_write kernel/locking/rwsem.c:1270 [inline]
 down_write+0x137/0x150 kernel/locking/rwsem.c:1407
 usb_register_dev drivers/usb/core/file.c:187 [inline]
 usb_register_dev+0x19d/0x7e0 drivers/usb/core/file.c:156
 sisusb_probe+0x21c/0xbe3 drivers/usb/misc/sisusbvga/sisusb.c:3038
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x23c/0xcd0 drivers/base/dd.c:595
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:965
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xc2f/0x2180 drivers/base/core.c:3355
 usb_set_configuration+0x113f/0x1910 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x23c/0xcd0 drivers/base/dd.c:595
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:965
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xc2f/0x2180 drivers/base/core.c:3355
 usb_new_device.cold+0x63f/0x108e drivers/usb/core/hub.c:2563
 hub_port_connect drivers/usb/core/hub.c:5348 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5488 [inline]
 port_event drivers/usb/core/hub.c:5634 [inline]
 hub_event+0x2357/0x4330 drivers/usb/core/hub.c:5716
 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task kworker/0:2:63 blocked for more than 144 seconds.
      Not tainted 5.14.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:2     state:D stack:25400 pid:   63 ppid:     2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 context_switch kernel/sched/core.c:4695 [inline]
 __schedule+0x93a/0x26f0 kernel/sched/core.c:6026
 schedule+0xd3/0x270 kernel/sched/core.c:6105
 rwsem_down_write_slowpath+0x7b9/0x11d0 kernel/locking/rwsem.c:1106
 __down_write_common kernel/locking/rwsem.c:1261 [inline]
 __down_write_common kernel/locking/rwsem.c:1258 [inline]
 __down_write kernel/locking/rwsem.c:1270 [inline]
 down_write+0x137/0x150 kernel/locking/rwsem.c:1407
 usb_register_dev drivers/usb/core/file.c:187 [inline]
 usb_register_dev+0x19d/0x7e0 drivers/usb/core/file.c:156
 sisusb_probe+0x21c/0xbe3 drivers/usb/misc/sisusbvga/sisusb.c:3038
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x23c/0xcd0 drivers/base/dd.c:595
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:965
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xc2f/0x2180 drivers/base/core.c:3355
 usb_set_configuration+0x113f/0x1910 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x23c/0xcd0 drivers/base/dd.c:595
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:965
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xc2f/0x2180 drivers/base/core.c:3355
 usb_new_device.cold+0x63f/0x108e drivers/usb/core/hub.c:2563
 hub_port_connect drivers/usb/core/hub.c:5348 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5488 [inline]
 port_event drivers/usb/core/hub.c:5634 [inline]
 hub_event+0x2357/0x4330 drivers/usb/core/hub.c:5716
 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task kworker/1:3:3951 blocked for more than 144 seconds.
      Not tainted 5.14.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:3     state:D stack:24736 pid: 3951 ppid:     2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 context_switch kernel/sched/core.c:4695 [inline]
 __schedule+0x93a/0x26f0 kernel/sched/core.c:6026
 schedule+0xd3/0x270 kernel/sched/core.c:6105
 rwsem_down_write_slowpath+0x7b9/0x11d0 kernel/locking/rwsem.c:1106
 __down_write_common kernel/locking/rwsem.c:1261 [inline]
 __down_write_common kernel/locking/rwsem.c:1258 [inline]
 __down_write kernel/locking/rwsem.c:1270 [inline]
 down_write+0x137/0x150 kernel/locking/rwsem.c:1407
 usb_register_dev drivers/usb/core/file.c:187 [inline]
 usb_register_dev+0x19d/0x7e0 drivers/usb/core/file.c:156
 sisusb_probe+0x21c/0xbe3 drivers/usb/misc/sisusbvga/sisusb.c:3038
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x23c/0xcd0 drivers/base/dd.c:595
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:965
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xc2f/0x2180 drivers/base/core.c:3355
 usb_set_configuration+0x113f/0x1910 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x23c/0xcd0 drivers/base/dd.c:595
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:965
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xc2f/0x2180 drivers/base/core.c:3355
 usb_new_device.cold+0x63f/0x108e drivers/usb/core/hub.c:2563
 hub_port_connect drivers/usb/core/hub.c:5348 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5488 [inline]
 port_event drivers/usb/core/hub.c:5634 [inline]
 hub_event+0x2357/0x4330 drivers/usb/core/hub.c:5716
 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task kworker/1:0:8462 blocked for more than 145 seconds.
      Not tainted 5.14.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:0     state:D stack:25240 pid: 8462 ppid:     2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 context_switch kernel/sched/core.c:4695 [inline]
 __schedule+0x93a/0x26f0 kernel/sched/core.c:6026
 schedule+0xd3/0x270 kernel/sched/core.c:6105
 rwsem_down_write_slowpath+0x7b9/0x11d0 kernel/locking/rwsem.c:1106
 __down_write_common kernel/locking/rwsem.c:1261 [inline]
 __down_write_common kernel/locking/rwsem.c:1258 [inline]
 __down_write kernel/locking/rwsem.c:1270 [inline]
 down_write+0x137/0x150 kernel/locking/rwsem.c:1407
 usb_register_dev drivers/usb/core/file.c:187 [inline]
 usb_register_dev+0x19d/0x7e0 drivers/usb/core/file.c:156
 sisusb_probe+0x21c/0xbe3 drivers/usb/misc/sisusbvga/sisusb.c:3038
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x23c/0xcd0 drivers/base/dd.c:595
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:965
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xc2f/0x2180 drivers/base/core.c:3355
 usb_set_configuration+0x113f/0x1910 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x23c/0xcd0 drivers/base/dd.c:595
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:965
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xc2f/0x2180 drivers/base/core.c:3355
 usb_new_device.cold+0x63f/0x108e drivers/usb/core/hub.c:2563
 hub_port_connect drivers/usb/core/hub.c:5348 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5488 [inline]
 port_event drivers/usb/core/hub.c:5634 [inline]
 hub_event+0x2357/0x4330 drivers/usb/core/hub.c:5716
 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task kworker/0:1:8466 blocked for more than 145 seconds.
      Not tainted 5.14.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:1     state:D stack:24960 pid: 8466 ppid:     2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 context_switch kernel/sched/core.c:4695 [inline]
 __schedule+0x93a/0x26f0 kernel/sched/core.c:6026
 schedule+0xd3/0x270 kernel/sched/core.c:6105
 rwsem_down_write_slowpath+0x7b9/0x11d0 kernel/locking/rwsem.c:1106
 __down_write_common kernel/locking/rwsem.c:1261 [inline]
 __down_write_common kernel/locking/rwsem.c:1258 [inline]
 __down_write kernel/locking/rwsem.c:1270 [inline]
 down_write+0x137/0x150 kernel/locking/rwsem.c:1407
 usb_register_dev drivers/usb/core/file.c:187 [inline]
 usb_register_dev+0x19d/0x7e0 drivers/usb/core/file.c:156
 sisusb_probe+0x21c/0xbe3 drivers/usb/misc/sisusbvga/sisusb.c:3038
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x23c/0xcd0 drivers/base/dd.c:595
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:965
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xc2f/0x2180 drivers/base/core.c:3355
 usb_set_configuration+0x113f/0x1910 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x23c/0xcd0 drivers/base/dd.c:595
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:965
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xc2f/0x2180 drivers/base/core.c:3355
 usb_new_device.cold+0x63f/0x108e drivers/usb/core/hub.c:2563
 hub_port_connect drivers/usb/core/hub.c:5348 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5488 [inline]
 port_event drivers/usb/core/hub.c:5634 [inline]
 hub_event+0x2357/0x4330 drivers/usb/core/hub.c:5716
 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task syz-executor514:9012 blocked for more than 146 seconds.
      Not tainted 5.14.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor514 state:D stack:28120 pid: 9012 ppid:  8449 flags:0x00004004
Call Trace:
 context_switch kernel/sched/core.c:4695 [inline]
 __schedule+0x93a/0x26f0 kernel/sched/core.c:6026
 schedule+0xd3/0x270 kernel/sched/core.c:6105
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6164
 __mutex_lock_common kernel/locking/mutex.c:1036 [inline]
 __mutex_lock+0x7b6/0x10a0 kernel/locking/mutex.c:1104
 sisusb_open+0xb2/0x4d0 drivers/usb/misc/sisusbvga/sisusb.c:2396
 usb_open+0x204/0x2e0 drivers/usb/core/file.c:48
 chrdev_open+0x266/0x770 fs/char_dev.c:414
 do_dentry_open+0x4c8/0x11d0 fs/open.c:826
 do_open fs/namei.c:3374 [inline]
 path_openat+0x1c23/0x27f0 fs/namei.c:3507
 do_filp_open+0x1aa/0x400 fs/namei.c:3534
 do_sys_openat2+0x16d/0x420 fs/open.c:1204
 do_sys_open fs/open.c:1220 [inline]
 __do_sys_openat fs/open.c:1236 [inline]
 __se_sys_openat fs/open.c:1231 [inline]
 __x64_sys_openat+0x13f/0x1f0 fs/open.c:1231
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x403ce7
RSP: 002b:00007ffd0cd70680 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 0000000000403ce7
RDX: 0000000000000002 RSI: 00007ffd0cd70700 RDI: 00000000ffffff9c
RBP: 00007ffd0cd70700 R08: 0000000000000000 R09: 000000000000000f
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffd0cd7079c R14: 00007ffd0cd707b0 R15: 00007ffd0cd707a0
INFO: task syz-executor514:9015 blocked for more than 146 seconds.
      Not tainted 5.14.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor514 state:D stack:28176 pid: 9015 ppid:  8454 flags:0x00000004
Call Trace:
 context_switch kernel/sched/core.c:4695 [inline]
 __schedule+0x93a/0x26f0 kernel/sched/core.c:6026
 schedule+0xd3/0x270 kernel/sched/core.c:6105
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6164
 __mutex_lock_common kernel/locking/mutex.c:1036 [inline]
 __mutex_lock+0x7b6/0x10a0 kernel/locking/mutex.c:1104
 sisusb_open+0xb2/0x4d0 drivers/usb/misc/sisusbvga/sisusb.c:2396
 usb_open+0x204/0x2e0 drivers/usb/core/file.c:48
 chrdev_open+0x266/0x770 fs/char_dev.c:414
 do_dentry_open+0x4c8/0x11d0 fs/open.c:826
 do_open fs/namei.c:3374 [inline]
 path_openat+0x1c23/0x27f0 fs/namei.c:3507
 do_filp_open+0x1aa/0x400 fs/namei.c:3534
 do_sys_openat2+0x16d/0x420 fs/open.c:1204
 do_sys_open fs/open.c:1220 [inline]
 __do_sys_openat fs/open.c:1236 [inline]
 __se_sys_openat fs/open.c:1231 [inline]
 __x64_sys_openat+0x13f/0x1f0 fs/open.c:1231
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x403ce7
RSP: 002b:00007ffd0cd70680 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 0000000000403ce7
RDX: 0000000000000002 RSI: 00007ffd0cd70700 RDI: 00000000ffffff9c
RBP: 00007ffd0cd70700 R08: 0000000000000000 R09: 000000000000000f
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffd0cd7079c R14: 00007ffd0cd707b0 R15: 00007ffd0cd707a0
INFO: task syz-executor514:9018 blocked for more than 146 seconds.
      Not tainted 5.14.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor514 state:D stack:28176 pid: 9018 ppid:  8451 flags:0x00004004
Call Trace:
 context_switch kernel/sched/core.c:4695 [inline]
 __schedule+0x93a/0x26f0 kernel/sched/core.c:6026
 schedule+0xd3/0x270 kernel/sched/core.c:6105
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6164
 __mutex_lock_common kernel/locking/mutex.c:1036 [inline]
 __mutex_lock+0x7b6/0x10a0 kernel/locking/mutex.c:1104
 sisusb_open+0xb2/0x4d0 drivers/usb/misc/sisusbvga/sisusb.c:2396
 usb_open+0x204/0x2e0 drivers/usb/core/file.c:48
 chrdev_open+0x266/0x770 fs/char_dev.c:414
 do_dentry_open+0x4c8/0x11d0 fs/open.c:826
 do_open fs/namei.c:3374 [inline]
 path_openat+0x1c23/0x27f0 fs/namei.c:3507
 do_filp_open+0x1aa/0x400 fs/namei.c:3534
 do_sys_openat2+0x16d/0x420 fs/open.c:1204
 do_sys_open fs/open.c:1220 [inline]
 __do_sys_openat fs/open.c:1236 [inline]
 __se_sys_openat fs/open.c:1231 [inline]
 __x64_sys_openat+0x13f/0x1f0 fs/open.c:1231
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x403ce7
RSP: 002b:00007ffd0cd70680 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 0000000000403ce7
RDX: 0000000000000002 RSI: 00007ffd0cd70700 RDI: 00000000ffffff9c
RBP: 00007ffd0cd70700 R08: 0000000000000000 R09: 000000000000000f
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffd0cd7079c R14: 00007ffd0cd707b0 R15: 00007ffd0cd707a0
INFO: task syz-executor514:9041 blocked for more than 146 seconds.
      Not tainted 5.14.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor514 state:D stack:28032 pid: 9041 ppid:  8453 flags:0x00000004
Call Trace:
 context_switch kernel/sched/core.c:4695 [inline]
 __schedule+0x93a/0x26f0 kernel/sched/core.c:6026
 schedule+0xd3/0x270 kernel/sched/core.c:6105
 rwsem_down_read_slowpath+0x4c5/0x990 kernel/locking/rwsem.c:992
 __down_read_common kernel/locking/rwsem.c:1213 [inline]
 __down_read kernel/locking/rwsem.c:1222 [inline]
 down_read+0xe4/0x440 kernel/locking/rwsem.c:1355
 usb_open+0x24/0x2e0 drivers/usb/core/file.c:39
 chrdev_open+0x266/0x770 fs/char_dev.c:414
 do_dentry_open+0x4c8/0x11d0 fs/open.c:826
 do_open fs/namei.c:3374 [inline]
 path_openat+0x1c23/0x27f0 fs/namei.c:3507
 do_filp_open+0x1aa/0x400 fs/namei.c:3534
 do_sys_openat2+0x16d/0x420 fs/open.c:1204
 do_sys_open fs/open.c:1220 [inline]
 __do_sys_openat fs/open.c:1236 [inline]
 __se_sys_openat fs/open.c:1231 [inline]
 __x64_sys_openat+0x13f/0x1f0 fs/open.c:1231
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x403ce7
RSP: 002b:00007ffd0cd70680 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 0000000000403ce7
RDX: 0000000000000002 RSI: 00007ffd0cd70700 RDI: 00000000ffffff9c
RBP: 00007ffd0cd70700 R08: 0000000000000000 R09: 000000000000000f
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffd0cd7079c R14: 00007ffd0cd707b0 R15: 00007ffd0cd707a0

Showing all locks held in the system:
6 locks held by kworker/0:0/5:
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:620 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x871/0x1630 kernel/workqueue.c:2247
 #1: ffffc90000ca7db0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1630 kernel/workqueue.c:2251
 #2: ffff8880210fd220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #2: ffff8880210fd220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4330 drivers/usb/core/hub.c:5662
 #3: ffff88802c2bf220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #3: ffff88802c2bf220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:940
 #4: ffff88801efbe1a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #4: ffff88801efbe1a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:940
 #5: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev drivers/usb/core/file.c:187 [inline]
 #5: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev+0x19d/0x7e0 drivers/usb/core/file.c:156
6 locks held by kworker/1:1/26:
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:620 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x871/0x1630 kernel/workqueue.c:2247
 #1: ffffc90000e0fdb0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1630 kernel/workqueue.c:2251
 #2: ffff888146cbd220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #2: ffff888146cbd220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4330 drivers/usb/core/hub.c:5662
 #3: ffff88801e024220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #3: ffff88801e024220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:940
 #4: ffff88801c2591a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #4: ffff88801c2591a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:940
 #5: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev drivers/usb/core/file.c:187 [inline]
 #5: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev+0x19d/0x7e0 drivers/usb/core/file.c:156
6 locks held by kworker/0:2/63:
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:620 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x871/0x1630 kernel/workqueue.c:2247
 #1: ffffc90000e6fdb0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1630 kernel/workqueue.c:2251
 #2: ffff888020d4f220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #2: ffff888020d4f220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4330 drivers/usb/core/hub.c:5662
 #3: ffff88801c330220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #3: ffff88801c330220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:940
 #4: ffff88801fe821a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #4: ffff88801fe821a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:940
 #5: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev drivers/usb/core/file.c:187 [inline]
 #5: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev+0x19d/0x7e0 drivers/usb/core/file.c:156
1 lock held by khungtaskd/1651:
 #0: ffffffff8b97c280 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6446
6 locks held by kworker/1:3/3951:
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:620 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x871/0x1630 kernel/workqueue.c:2247
 #1: ffffc90004387db0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1630 kernel/workqueue.c:2251
 #2: ffff888020d4b220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #2: ffff888020d4b220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4330 drivers/usb/core/hub.c:5662
 #3: ffff88801e020220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #3: ffff88801e020220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:940
 #4: ffff88801fb971a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #4: ffff88801fb971a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:940
 #5: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev drivers/usb/core/file.c:187 [inline]
 #5: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev+0x19d/0x7e0 drivers/usb/core/file.c:156
1 lock held by systemd-journal/4854:
2 locks held by in:imklog/8150:
 #0: ffff888014bc99f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:974
 #1: ffffffff8b96b2d8 (syslog_lock){....}-{2:2}, at: is_bpf_text_address+0x0/0x170 kernel/bpf/core.c:693
6 locks held by kworker/1:0/8462:
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:620 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x871/0x1630 kernel/workqueue.c:2247
 #1: ffffc900016cfdb0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1630 kernel/workqueue.c:2251
 #2: ffff8880210dd220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #2: ffff8880210dd220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4330 drivers/usb/core/hub.c:5662
 #3: ffff88801e026220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #3: ffff88801e026220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:940
 #4: ffff888029baa1a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #4: ffff888029baa1a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:940
 #5: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev drivers/usb/core/file.c:187 [inline]
 #5: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev+0x19d/0x7e0 drivers/usb/core/file.c:156
6 locks held by kworker/0:1/8466:
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:620 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:617 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
 #0: ffff888018d06138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x871/0x1630 kernel/workqueue.c:2247
 #1: ffffc9000171fdb0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1630 kernel/workqueue.c:2251
 #2: ffff88802104d220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #2: ffff88802104d220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4330 drivers/usb/core/hub.c:5662
 #3: ffff88801c331220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #3: ffff88801c331220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:940
 #4: ffff88801907c1a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:756 [inline]
 #4: ffff88801907c1a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:940
 #5: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev drivers/usb/core/file.c:187 [inline]
 #5: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev+0x19d/0x7e0 drivers/usb/core/file.c:156
2 locks held by syz-executor514/9009:
 #0: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0 drivers/usb/core/file.c:39
 #1: ffff88802eb9e8d0 (&(sisusb->lock)){+.+.}-{3:3}, at: sisusb_open+0xb2/0x4d0 drivers/usb/misc/sisusbvga/sisusb.c:2396
2 locks held by syz-executor514/9012:
 #0: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0 drivers/usb/core/file.c:39
 #1: ffff88802eb9e8d0 (&(sisusb->lock)){+.+.}-{3:3}, at: sisusb_open+0xb2/0x4d0 drivers/usb/misc/sisusbvga/sisusb.c:2396
2 locks held by syz-executor514/9015:
 #0: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0 drivers/usb/core/file.c:39
 #1: ffff88802eb9e8d0 (&(sisusb->lock)){+.+.}-{3:3}, at: sisusb_open+0xb2/0x4d0 drivers/usb/misc/sisusbvga/sisusb.c:2396
2 locks held by syz-executor514/9018:
 #0: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0 drivers/usb/core/file.c:39
 #1: ffff88802eb9e8d0 (&(sisusb->lock)){+.+.}-{3:3}, at: sisusb_open+0xb2/0x4d0 drivers/usb/misc/sisusbvga/sisusb.c:2396
1 lock held by syz-executor514/9041:
 #0: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0 drivers/usb/core/file.c:39
1 lock held by syz-executor514/9042:
 #0: ffffffff8c80c230 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x24/0x2e0 drivers/usb/core/file.c:39

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1651 Comm: khungtaskd Not tainted 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:105
 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105
 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
 watchdog+0xd0a/0xfc0 kernel/hung_task.c:295
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:__lock_acquire+0xd81/0x54a0 kernel/locking/lockdep.c:4885
Code: 01 00 00 00 0f 86 c8 00 00 00 89 05 d9 87 e7 0d e9 bd 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 80 3c 02 00 <0f> 85 f3 2f 00 00 48 81 3b 00 94 ed 8e 0f 84 52 f3 ff ff 41 83 fa
RSP: 0018:ffffc90000cd7798 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: ffffffff903c0b58 RCX: 0000000000000000
RDX: 1ffffffff207816b RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88813fe6d4c0 R14: 0000000000000000 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4b36e4a000 CR3: 000000000b68e000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 lock_acquire kernel/locking/lockdep.c:5625 [inline]
 lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:159
 debug_object_activate+0x12e/0x3e0 lib/debugobjects.c:656
 debug_timer_activate kernel/time/timer.c:729 [inline]
 __mod_timer+0x77d/0xe30 kernel/time/timer.c:1050
 __queue_delayed_work+0x1a7/0x270 kernel/workqueue.c:1656
 queue_delayed_work_on+0x105/0x120 kernel/workqueue.c:1681
 queue_delayed_work include/linux/workqueue.h:522 [inline]
 toggle_allocation_gate mm/kfence/core.c:639 [inline]
 toggle_allocation_gate+0x1ca/0x390 mm/kfence/core.c:615
 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
----------------
Code disassembly (best guess):
   0:	01 00                	add    %eax,(%rax)
   2:	00 00                	add    %al,(%rax)
   4:	0f 86 c8 00 00 00    	jbe    0xd2
   a:	89 05 d9 87 e7 0d    	mov    %eax,0xde787d9(%rip)        # 0xde787e9
  10:	e9 bd 00 00 00       	jmpq   0xd2
  15:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  1c:	fc ff df
  1f:	48 89 da             	mov    %rbx,%rdx
  22:	48 c1 ea 03          	shr    $0x3,%rdx
  26:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
* 2a:	0f 85 f3 2f 00 00    	jne    0x3023 <-- trapping instruction
  30:	48 81 3b 00 94 ed 8e 	cmpq   $0xffffffff8eed9400,(%rbx)
  37:	0f 84 52 f3 ff ff    	je     0xfffff38f
  3d:	41                   	rex.B
  3e:	83                   	.byte 0x83
  3f:	fa                   	cli

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce	2021/11/15 17:24	upstream	8ab774587903	8f58a0ef	.config	log	report	syz	C

Crashes (435):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce	2021/08/30 22:47	upstream	7d2a07b76933	8f58a0ef	.config	log	report	syz	C		INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/07/24 21:56	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	8e6cb5d27e82	4d1b57d4	.config	log	report	syz	C		INFO: task hung in usb_register_dev
ci2-upstream-usb	2022/01/17 16:01	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	455e73a07f6e	731a2d23	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/12/30 19:54	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	510a0bdb2bfc	2e49f10d	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/12/29 12:09	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ce1d37cb7697	76c8cf06	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/12/28 17:52	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ce1d37cb7697	76c8cf06	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/12/16 14:19	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f59f93cd1d72	8dd6a5e3	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/12/11 19:35	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	d598c3c46ea6	49ca1f59	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/11/30 09:12	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	4d012040161c	d0830353	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/11/18 04:39	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	4616dddcfaf7	cafff8b6	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/10/16 16:53	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	660a92a59b9e	0c5d9412	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/10/14 23:43	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	660a92a59b9e	7aa5fe41	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/10/13 12:17	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	620b74d01b9d	9d56e7dd	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/10/13 06:37	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	620b74d01b9d	08362356	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/10/13 02:44	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	620b74d01b9d	08362356	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/10/10 14:23	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	bedbac5f66bf	838e7e2c	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/10/10 06:33	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	2c52ad743fee	838e7e2c	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/10/09 17:26	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	2c52ad743fee	838e7e2c	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/10/08 17:02	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	2c52ad743fee	efe0f24d	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/10/06 05:23	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	89e84f946479	0a63fd36	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/10/05 18:07	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	89e84f946479	8a6b1a8d	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/10/03 18:49	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae9a6149884e	db0f5787	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/10/03 06:59	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae9a6149884e	db0f5787	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/10/02 13:00	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae9a6149884e	db0f5787	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/27 06:12	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	8217f07a5023	78494d16	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/24 17:33	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	8217f07a5023	8cac236e	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/24 05:18	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	8217f07a5023	8cac236e	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/23 22:36	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	8217f07a5023	8cac236e	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/21 02:34	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	af796c18	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/20 17:00	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	3d9c9a2a	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/20 01:08	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/19 08:18	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	70b76c1d	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/16 21:39	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	aae492f2	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/16 19:22	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	ae8709b296d8	aae492f2	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/10 13:01	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	bf9f243f23e6	5ae8508a	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/08 20:56	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	4b93c544e90e	e2776ee4	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/04 14:02	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1b4f3dfb4792	d236a457	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/04 12:42	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1b4f3dfb4792	d236a457	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/09/03 20:51	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1b4f3dfb4792	d236a457	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/08/15 11:41	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	cea45a3bd2dd	2489ab88	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/08/05 02:40	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	64cd4271ea8e	b97d64c9	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/06/16 15:18	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1da8116eb0c5	c06f97ad	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/06/12 08:30	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	12f739798470	1ba81399	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/06/09 22:50	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	60dfe484cef4	84fe5d96	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/06/04 18:31	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	87191ca9f902	966a236b	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/06/01 20:09	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	aa10fab0f859	032639db	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/05/31 05:40	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	7652dd2c5cb7	325a8dab	.config	log	report			info	INFO: task hung in usb_register_dev
ci2-upstream-usb	2021/01/09 09:27	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	841081d89d5a	c104d4a3	.config	log	report			info
ci2-upstream-usb	2020/07/05 22:27	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	768a07412843	22f87567	.config	log	report
ci2-upstream-usb	2019/08/11 10:21	https://github.com/google/kasan.git usb-fuzzer	e96407b49762	acb51638	.config	log	report