INFO: task kworker/0:3:4058 blocked for more than 143 seconds.
      Not tainted 5.17.0-rc4-syzkaller-00081-ga5d847b0afd3 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:3     state:D stack:22160 pid: 4058 ppid:     2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4987 [inline]
 __schedule+0x931/0x22e0 kernel/sched/core.c:6296
 schedule+0xd2/0x260 kernel/sched/core.c:6369
 schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857
 do_wait_for_common kernel/sched/completion.c:85 [inline]
 __wait_for_common+0x2af/0x360 kernel/sched/completion.c:106
 flush_workqueue+0x3ed/0x13a0 kernel/workqueue.c:2879
 flush_scheduled_work include/linux/workqueue.h:592 [inline]
 ath6kl_usb_flush_all drivers/net/wireless/ath/ath6kl/usb.c:481 [inline]
 ath6kl_usb_destroy+0xc6/0x290 drivers/net/wireless/ath/ath6kl/usb.c:614
 ath6kl_usb_probe+0xebd/0x1200 drivers/net/wireless/ath/ath6kl/usb.c:1171
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x245/0xcc0 drivers/base/dd.c:596
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_set_configuration+0x101e/0x1900 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x245/0xcc0 drivers/base/dd.c:596
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_new_device.cold+0x63f/0x108e drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5363 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
 port_event drivers/usb/core/hub.c:5665 [inline]
 hub_event+0x2585/0x44d0 drivers/usb/core/hub.c:5747
 process_one_work+0x9ac/0x1650 kernel/workqueue.c:2307
 worker_thread+0x657/0x1110 kernel/workqueue.c:2454
 kthread+0x2ef/0x3a0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
INFO: task kworker/0:5:4185 blocked for more than 143 seconds.
      Not tainted 5.17.0-rc4-syzkaller-00081-ga5d847b0afd3 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:5     state:D stack:23592 pid: 4185 ppid:     2 flags:0x00004000
Workqueue: events request_firmware_work_func
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4987 [inline]
 __schedule+0x931/0x22e0 kernel/sched/core.c:6296
 schedule+0xd2/0x260 kernel/sched/core.c:6369
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6428
 __mutex_lock_common kernel/locking/mutex.c:673 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:733
 device_lock include/linux/device.h:767 [inline]
 ath9k_hif_usb_firmware_fail drivers/net/wireless/ath/ath9k/hif_usb.c:1136 [inline]
 ath9k_hif_usb_firmware_cb+0x3ac/0x530 drivers/net/wireless/ath/ath9k/hif_usb.c:1269
 request_firmware_work_func+0x12c/0x230 drivers/base/firmware_loader/main.c:1022
 process_one_work+0x9ac/0x1650 kernel/workqueue.c:2307
 worker_thread+0x657/0x1110 kernel/workqueue.c:2454
 kthread+0x2ef/0x3a0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
INFO: task kworker/0:7:5071 blocked for more than 144 seconds.
      Not tainted 5.17.0-rc4-syzkaller-00081-ga5d847b0afd3 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:7     state:D stack:23248 pid: 5071 ppid:     2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4987 [inline]
 __schedule+0x931/0x22e0 kernel/sched/core.c:6296
 schedule+0xd2/0x260 kernel/sched/core.c:6369
 schedule_timeout+0x1db/0x2a0 kernel/time/timer.c:1857
 do_wait_for_common kernel/sched/completion.c:85 [inline]
 __wait_for_common+0x2af/0x360 kernel/sched/completion.c:106
 flush_workqueue+0x3ed/0x13a0 kernel/workqueue.c:2879
 flush_scheduled_work include/linux/workqueue.h:592 [inline]
 ath6kl_usb_flush_all drivers/net/wireless/ath/ath6kl/usb.c:481 [inline]
 hif_detach_htc drivers/net/wireless/ath/ath6kl/usb.c:861 [inline]
 ath6kl_usb_power_off+0xdc/0x140 drivers/net/wireless/ath/ath6kl/usb.c:1060
 ath6kl_hif_power_off drivers/net/wireless/ath/ath6kl/hif-ops.h:143 [inline]
 ath6kl_core_init drivers/net/wireless/ath/ath6kl/core.c:257 [inline]
 ath6kl_core_init+0x236/0x11c0 drivers/net/wireless/ath/ath6kl/core.c:66
 ath6kl_usb_probe+0xc11/0x1200 drivers/net/wireless/ath/ath6kl/usb.c:1160
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x245/0xcc0 drivers/base/dd.c:596
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_set_configuration+0x101e/0x1900 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x245/0xcc0 drivers/base/dd.c:596
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:752
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:782
 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:899
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
 __device_attach+0x228/0x4a0 drivers/base/dd.c:970
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487
 device_add+0xb83/0x1e20 drivers/base/core.c:3405
 usb_new_device.cold+0x63f/0x108e drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5363 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
 port_event drivers/usb/core/hub.c:5665 [inline]
 hub_event+0x2585/0x44d0 drivers/usb/core/hub.c:5747
 process_one_work+0x9ac/0x1650 kernel/workqueue.c:2307
 worker_thread+0x657/0x1110 kernel/workqueue.c:2454
 kthread+0x2ef/0x3a0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>

Showing all locks held in the system:
6 locks held by kworker/0:1/7:
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:631 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:658 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x890/0x1650 kernel/workqueue.c:2278
 #1: ffffc9000007fdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8c4/0x1650 kernel/workqueue.c:2282
 #2: ffff88810d077220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
 #2: ffff88810d077220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c5/0x44d0 drivers/usb/core/hub.c:5693
 #3: ffff88810d0b2578 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3095 [inline]
 #3: ffff88810d0b2578 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5259 [inline]
 #3: ffff88810d0b2578 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
 #3: ffff88810d0b2578 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5665 [inline]
 #3: ffff88810d0b2578 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x1fba/0x44d0 drivers/usb/core/hub.c:5747
 #4: ffff88810cfdf068 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5260 [inline]
 #4: ffff88810cfdf068 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
 #4: ffff88810cfdf068 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5665 [inline]
 #4: ffff88810cfdf068 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x1fe3/0x44d0 drivers/usb/core/hub.c:5747
 #5: ffffffff881c6850 (ehci_cf_port_reset_rwsem){.+.+}-{3:3}, at: hub_port_reset+0x191/0x1c20 drivers/usb/core/hub.c:2953
1 lock held by kauditd/24:
1 lock held by khungtaskd/25:
 #0: ffffffff87891580 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6460
2 locks held by getty/1229:
 #0: ffff88810eaf1098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:244
 #1: ffffc900000432e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xcf0/0x1230 drivers/tty/n_tty.c:2077
3 locks held by udevd/3988:
 #0: ffff8881153b4488 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:203 [inline]
 #0: ffff8881153b4488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x189/0x6f0 fs/kernfs/file.c:242
 #1: ffff8881107bb748 (kn->active#47){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:204 [inline]
 #1: ffff8881107bb748 (kn->active#47){++++}-{0:0}, at: kernfs_fop_read_iter+0x1ac/0x6f0 fs/kernfs/file.c:242
 #2: ffff88811a4b4220 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:772 [inline]
 #2: ffff88811a4b4220 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x3c/0x2c0 drivers/usb/core/sysfs.c:873
5 locks held by kworker/0:3/4058:
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:631 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:658 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x890/0x1650 kernel/workqueue.c:2278
 #1: ffffc90001877db8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8c4/0x1650 kernel/workqueue.c:2282
 #2: ffff88810d19d220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
 #2: ffff88810d19d220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c5/0x44d0 drivers/usb/core/hub.c:5693
 #3: ffff88811a4b4220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
 #3: ffff88811a4b4220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:945
 #4: ffff8881163801a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
 #4: ffff8881163801a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:945
8 locks held by kworker/1:5/4137:
3 locks held by kworker/0:5/4185:
 #0: ffff888100064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888100064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888100064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888100064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:631 [inline]
 #0: ffff888100064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:658 [inline]
 #0: ffff888100064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x890/0x1650 kernel/workqueue.c:2278
 #1: ffffc90002ca7db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x8c4/0x1650 kernel/workqueue.c:2282
 #2: ffff88810d0b5220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
 #2: ffff88810d0b5220 (&dev->mutex){....}-{3:3}, at: ath9k_hif_usb_firmware_fail drivers/net/wireless/ath/ath9k/hif_usb.c:1136 [inline]
 #2: ffff88810d0b5220 (&dev->mutex){....}-{3:3}, at: ath9k_hif_usb_firmware_cb+0x3ac/0x530 drivers/net/wireless/ath/ath9k/hif_usb.c:1269
6 locks held by kworker/0:6/4256:
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:631 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:658 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x890/0x1650 kernel/workqueue.c:2278
 #1: ffffc90002407db8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8c4/0x1650 kernel/workqueue.c:2282
 #2: ffff88810d10d220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
 #2: ffff88810d10d220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c5/0x44d0 drivers/usb/core/hub.c:5693
 #3: ffff88810df16220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
 #3: ffff88810df16220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:945
 #4: ffff88810c9771a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
 #4: ffff88810c9771a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:945
 #5: ffff8881128b3888 (&priv->usb_buf_mutex){+.+.}-{3:3}, at: rtl8xxxu_read32+0x54/0x130 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c:695
3 locks held by udevd/4377:
 #0: ffff88810cf7f088 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:203 [inline]
 #0: ffff88810cf7f088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x189/0x6f0 fs/kernfs/file.c:242
 #1: ffff888117268e88 (kn->active#47){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:204 [inline]
 #1: ffff888117268e88 (kn->active#47){++++}-{0:0}, at: kernfs_fop_read_iter+0x1ac/0x6f0 fs/kernfs/file.c:242
 #2: ffff888138c8e220 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:772 [inline]
 #2: ffff888138c8e220 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x3c/0x2c0 drivers/usb/core/sysfs.c:873
3 locks held by udevd/4397:
 #0: ffff88810dfa6888 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:203 [inline]
 #0: ffff88810dfa6888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x189/0x6f0 fs/kernfs/file.c:242
 #1: ffff888138f80578 (kn->active#47){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:204 [inline]
 #1: ffff888138f80578 (kn->active#47){++++}-{0:0}, at: kernfs_fop_read_iter+0x1ac/0x6f0 fs/kernfs/file.c:242
 #2: ffff88810df16220 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:772 [inline]
 #2: ffff88810df16220 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x3c/0x2c0 drivers/usb/core/sysfs.c:873
5 locks held by kworker/0:7/5071:
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:631 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:658 [inline]
 #0: ffff888103ff7938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x890/0x1650 kernel/workqueue.c:2278
 #1: ffffc900019b7db8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8c4/0x1650 kernel/workqueue.c:2282
 #2: ffff88810d0b5220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
 #2: ffff88810d0b5220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c5/0x44d0 drivers/usb/core/hub.c:5693
 #3: ffff888118770220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
 #3: ffff888118770220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:945
 #4: ffff88810d2021a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
 #4: ffff88810d2021a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 drivers/base/dd.c:945
1 lock held by syz-executor.5/8986:
 #0: ffff88810cea51a0 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x3c6/0x1920 security/integrity/ima/ima_main.c:260
2 locks held by syz-executor.5/8988:
 #0: ffff88810ebe0438 (sb_writers#4){.+.+}-{0:0}, at: do_open fs/namei.c:3469 [inline]
 #0: ffff88810ebe0438 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1b69/0x2940 fs/namei.c:3609
 #1: ffff88810cea51a0 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x3c6/0x1920 security/integrity/ima/ima_main.c:260
3 locks held by syz-executor.4/8987:
2 locks held by syz-executor.4/8989:
4 locks held by syz-executor.4/8993:
3 locks held by syz-executor.2/8991:
 #0: ffff8881313b25f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:1034
 #1: ffff88810ebe0438 (sb_writers#4){.+.+}-{0:0}, at: ksys_write+0x12d/0x250 fs/read_write.c:643
 #2: ffff888134858dc0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: inode_lock include/linux/fs.h:777 [inline]
 #2: ffff888134858dc0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_dio_write_iter fs/ext4/file.c:508 [inline]
 #2: ffff888134858dc0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_file_write_iter+0x375/0x1970 fs/ext4/file.c:675

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 25 Comm: khungtaskd Not tainted 5.17.0-rc4-syzkaller-00081-ga5d847b0afd3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x1e6/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
 watchdog+0xc1d/0xf50 kernel/hung_task.c:369
 kthread+0x2ef/0x3a0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 8989 Comm: syz-executor.4 Not tainted 5.17.0-rc4-syzkaller-00081-ga5d847b0afd3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:hlock_class kernel/locking/lockdep.c:211 [inline]
RIP: 0010:__lock_acquire+0x145c/0x56c0 kernel/locking/lockdep.c:5023
Code: 0f b7 db be 08 00 00 00 48 89 d8 48 c1 f8 06 48 8d 3c c5 00 c7 7e 8a e8 f2 10 4a 00 48 0f a3 1d fa 97 55 09 0f 83 59 06 00 00 <48> 8d 1c 5b 48 c1 e3 06 48 81 c3 20 cb 7e 8a 48 8d 7b 40 48 b8 00
RSP: 0018:ffffc9000a49f650 EFLAGS: 00000047
RAX: 0000000000000001 RBX: 000000000000008d RCX: ffffffff81292efe
RDX: fffffbfff14fd8e3 RSI: 0000000000000008 RDI: ffffffff8a7ec710
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8a7ec717
R10: fffffbfff14fd8e2 R11: 0000000000000001 R12: ffff888138c38a70
R13: ffff888138c38000 R14: ffffffff88b7e4c8 R15: 0000000000000000
FS:  00007f975d082700(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020852000 CR3: 000000010d35c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 lock_acquire kernel/locking/lockdep.c:5639 [inline]
 lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5604
 local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
 folio_add_lru+0x1a0/0x6a0 mm/swap.c:466
 wp_page_copy+0xa36/0x1d90 mm/memory.c:3070
 do_wp_page+0x282/0x14d0 mm/memory.c:3322
 handle_pte_fault mm/memory.c:4588 [inline]
 __handle_mm_fault+0xf22/0x2760 mm/memory.c:4705
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4803
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1484 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1540
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
RIP: 0010:__clear_user+0x40/0x70 arch/x86/lib/usercopy_64.c:24
Code: 6b 43 86 e8 32 ea 4a ff 0f 01 cb 48 89 d8 48 c1 eb 03 48 89 ef 83 e0 07 48 89 d9 48 85 c9 74 19 66 2e 0f 1f 84 00 00 00 00 00 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
RSP: 0018:ffffc9000a49fd20 EFLAGS: 00050212
RAX: 0000000000000005 RBX: 000000001fffffd6 RCX: 000000001fef5c4f
RDX: ffff888138c38000 RSI: ffffffff8219d7ee RDI: 0000000020852000
RBP: 00000000200003c8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 000000012000027d
R13: 00000000200003c8 R14: 0000000000000008 R15: 00000000200003c0
 clear_user+0xd3/0x110 arch/x86/lib/usercopy_64.c:52
 evdev_get_mask drivers/input/evdev.c:1023 [inline]
 evdev_do_ioctl+0xc49/0x18b0 drivers/input/evdev.c:1105
 evdev_ioctl_handler drivers/input/evdev.c:1272 [inline]
 evdev_ioctl+0x145/0x1a0 drivers/input/evdev.c:1281
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f975df2d059
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f975d082168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f975e040030 RCX: 00007f975df2d059
RDX: 0000000020000280 RSI: 0000000080104592 RDI: 0000000000000003
RBP: 00007f975df8708d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffb75209ff R14: 00007f975d082300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	0f b7 db             	movzwl %bx,%ebx
   3:	be 08 00 00 00       	mov    $0x8,%esi
   8:	48 89 d8             	mov    %rbx,%rax
   b:	48 c1 f8 06          	sar    $0x6,%rax
   f:	48 8d 3c c5 00 c7 7e 	lea    -0x75813900(,%rax,8),%rdi
  16:	8a
  17:	e8 f2 10 4a 00       	callq  0x4a110e
  1c:	48 0f a3 1d fa 97 55 	bt     %rbx,0x95597fa(%rip)        # 0x955981e
  23:	09
  24:	0f 83 59 06 00 00    	jae    0x683
* 2a:	48 8d 1c 5b          	lea    (%rbx,%rbx,2),%rbx <-- trapping instruction
  2e:	48 c1 e3 06          	shl    $0x6,%rbx
  32:	48 81 c3 20 cb 7e 8a 	add    $0xffffffff8a7ecb20,%rbx
  39:	48 8d 7b 40          	lea    0x40(%rbx),%rdi
  3d:	48                   	rex.W
  3e:	b8                   	.byte 0xb8