INFO: task kworker/1:11:11135 blocked for more than 143 seconds.
Not tainted 5.15.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:11 state:D stack:24816 pid:11135 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:4969 [inline]
__schedule+0xb72/0x1460 kernel/sched/core.c:6250
schedule+0x12b/0x1f0 kernel/sched/core.c:6323
usb_kill_urb+0x1d5/0x310 drivers/usb/core/urb.c:720
usb_start_wait_urb+0x265/0x530 drivers/usb/core/message.c:64
usb_internal_control_msg drivers/usb/core/message.c:102 [inline]
usb_control_msg+0x2a5/0x4b0 drivers/usb/core/message.c:153
hub_port_init+0x9f1/0x2df0 drivers/usb/core/hub.c:4829
hub_port_connect+0xcf8/0x27d0 drivers/usb/core/hub.c:5280
hub_port_connect_change+0x5f9/0xc20 drivers/usb/core/hub.c:5488
port_event+0xb67/0x1220 drivers/usb/core/hub.c:5634
hub_event+0x4ed/0xe40 drivers/usb/core/hub.c:5716
process_one_work+0x853/0x1140 kernel/workqueue.c:2298
worker_thread+0xac1/0x1320 kernel/workqueue.c:2445
kthread+0x468/0x490 kernel/kthread.c:327
ret_from_fork+0x1f/0x30
Showing all locks held in the system:
1 lock held by khungtaskd/27:
#0: ffffffff8cb1d8c0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
2 locks held by kswapd0/90:
1 lock held by in:imklog/6151:
3 locks held by syz-executor.4/6634:
3 locks held by kworker/u4:18/10980:
5 locks held by kworker/1:11/11135:
#0: ffff8880127f1538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140
#1: ffffc900056ffd20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2273
#2: ffff88801dd1a220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#2: ffff88801dd1a220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b2/0xe40 drivers/usb/core/hub.c:5662
#3: ffff88801dd3d5c0 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3086 [inline]
#3: ffff88801dd3d5c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect+0xce1/0x27d0 drivers/usb/core/hub.c:5279
#4: ffff888148298968 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_init+0x1ef/0x2df0 drivers/usb/core/hub.c:4703
2 locks held by syz-executor.3/20397:
#0: ffff88814acd8130 (&clk->rwsem){.+.+}-{3:3}, at: get_posix_clock kernel/time/posix-clock.c:24 [inline]
#0: ffff88814acd8130 (&clk->rwsem){.+.+}-{3:3}, at: posix_clock_read+0x54/0x150 kernel/time/posix-clock.c:42
#1: ffff88814acd9760 (&ptp->tsevq_mux){+.+.}-{3:3}, at: ptp_read+0xe4/0x850 drivers/ptp/ptp_chardev.c:461
1 lock held by syz-executor.0/31808:
#0: ffffffff8cbb5e08 (lock#5){+.+.}-{3:3}, at: __lru_add_drain_all+0x67/0x9d0 mm/swap.c:788
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106
nmi_cpu_backtrace+0x45f/0x490 lib/nmi_backtrace.c:105
nmi_trigger_cpumask_backtrace+0x16a/0x280 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
watchdog+0xc82/0xcd0 kernel/hung_task.c:295
kthread+0x468/0x490 kernel/kthread.c:327
ret_from_fork+0x1f/0x30
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 31463 Comm: kworker/u4:1 Not tainted 5.15.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:queued_spin_lock include/asm-generic/qspinlock.h:80 [inline]
RIP: 0010:do_raw_spin_lock+0x12c/0x8e0 kernel/locking/spinlock_debug.c:115
Code: 5c 24 60 8b 07 65 8b 0d 2a 8f 9a 7e 39 c8 0f 84 8d 02 00 00 49 89 df 49 c1 ef 03 41 8a 04 17 84 c0 49 89 d4 0f 85 0a 04 00 00 44 24 60 00 00 00 00 4c 89 c7 be 04 00 00 00 4d 89 c6 e8 fc 4e
RSP: 0018:ffffc9002a95f940 EFLAGS: 00000097
RAX: 00000000ffffff04 RBX: ffffc9002a95f9a0 RCX: 000000002a95f903
RDX: dffffc0000000000 RSI: 1ffff9200552bf30 RDI: ffffffff8cbf64a8
RBP: ffffc9002a95fa10 R08: ffffffff8cbf64a0 R09: fffffbfff1fee1df
R10: fffffbfff1fee1df R11: 0000000000000000 R12: dffffc0000000000
R13: 1ffffffff197ec95 R14: ffffffff8cbf64a0 R15: 1ffff9200552bf34
FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3c00305000 CR3: 000000000c88e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
_raw_spin_lock_irqsave+0xdd/0x120 kernel/locking/spinlock.c:162
prepare_to_wait_event+0x25/0x560 kernel/sched/wait.c:300
toggle_allocation_gate+0x1ac/0x460 mm/kfence/core.c:633
process_one_work+0x853/0x1140 kernel/workqueue.c:2298
worker_thread+0xac1/0x1320 kernel/workqueue.c:2445
kthread+0x468/0x490 kernel/kthread.c:327
ret_from_fork+0x1f/0x30
----------------
Code disassembly (best guess):
0: 5c pop %rsp
1: 24 60 and $0x60,%al
3: 8b 07 mov (%rdi),%eax
5: 65 8b 0d 2a 8f 9a 7e mov %gs:0x7e9a8f2a(%rip),%ecx # 0x7e9a8f36
c: 39 c8 cmp %ecx,%eax
e: 0f 84 8d 02 00 00 je 0x2a1
14: 49 89 df mov %rbx,%r15
17: 49 c1 ef 03 shr $0x3,%r15
1b: 41 8a 04 17 mov (%r15,%rdx,1),%al
1f: 84 c0 test %al,%al
21: 49 89 d4 mov %rdx,%r12
24: 0f 85 0a 04 00 00 jne 0x434
* 2a: c7 44 24 60 00 00 00 movl $0x0,0x60(%rsp) <-- trapping instruction
31: 00
32: 4c 89 c7 mov %r8,%rdi
35: be 04 00 00 00 mov $0x4,%esi
3a: 4d 89 c6 mov %r8,%r14
3d: e8 .byte 0xe8
3e: fc cld
3f: 4e rex.WRX