INFO: task kworker/0:1:9 blocked for more than 143 seconds.
      Not tainted 6.13.0-rc1-syzkaller-gd8d936c51388 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:1     state:D
 stack:21376 pid:9     tgid:9     ppid:2      flags:0x00004000
Workqueue: usb_hub_wq hub_event

Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0x102c/0x34b0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6848
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6905
 __mutex_lock_common kernel/locking/mutex.c:665 [inline]
 __mutex_lock+0x62b/0xa60 kernel/locking/mutex.c:735
 uevent_net_broadcast_untagged lib/kobject_uevent.c:317 [inline]
 kobject_uevent_net_broadcast lib/kobject_uevent.c:410 [inline]
 kobject_uevent_env+0xb21/0x1860 lib/kobject_uevent.c:608
 device_add+0x10e0/0x1a70 drivers/base/core.c:3646
 usb_new_device+0xd90/0x1a10 drivers/usb/core/hub.c:2651
 hub_port_connect drivers/usb/core/hub.c:5521 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
 port_event drivers/usb/core/hub.c:5821 [inline]
 hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5903
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: task jbd2/sda1-8:2805 blocked for more than 152 seconds.
      Not tainted 6.13.0-rc1-syzkaller-gd8d936c51388 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:jbd2/sda1-8     state:D
 stack:25712 pid:2805  tgid:2805  ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0x102c/0x34b0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6848
 io_schedule+0xbf/0x130 kernel/sched/core.c:7681
 bit_wait_io+0x15/0xe0 kernel/sched/wait_bit.c:247
 __wait_on_bit+0x62/0x180 kernel/sched/wait_bit.c:49
 out_of_line_wait_on_bit+0xda/0x110 kernel/sched/wait_bit.c:64
 wait_on_bit_io include/linux/wait_bit.h:105 [inline]
 __wait_on_buffer+0x64/0x70 fs/buffer.c:123
 wait_on_buffer include/linux/buffer_head.h:414 [inline]
 journal_wait_on_commit_record fs/jbd2/commit.c:171 [inline]
 jbd2_journal_commit_transaction+0x4f00/0x6c70 fs/jbd2/commit.c:883
 kjournald2+0x1f8/0x760 fs/jbd2/journal.c:201
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
INFO: task syz.2.758:7508 blocked for more than 172 seconds.
      Not tainted 6.13.0-rc1-syzkaller-gd8d936c51388 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.758       state:R
  running task    
 stack:27848 pid:7508  tgid:7507  ppid:2946   flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0x102c/0x34b0 kernel/sched/core.c:6756
 do_task_dead+0xd6/0x110 kernel/sched/core.c:6772
 do_exit+0x1de7/0x2ce0 kernel/exit.c:989
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x24ed/0x26c0 kernel/signal.c:3017
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x147/0x260 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff01718fadb
RSP: 002b:00007ff015804f30 EFLAGS: 00000246
 ORIG_RAX: 0000000000000010
RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 00007ff01718fadb
RDX: 00007ff015806000 RSI: 0000000080085502 RDI: 0000000000000003
RBP: 00007ff015806000 R08: 0000000000000080 R09: 00007ff015804ff8
R10: 0000000000000011 R11: 0000000000000246 R12: 0000000080085502
R13: 0000000800000000 R14: 0000000000000008 R15: 00007ff01720df0f
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/0:1/9:
 #0: ffff88810668f548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3204
 #1: ffffc9000009fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
 #2: ffff88810afc4190 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
 #2: ffff88810afc4190 (&dev->mutex){....}-{4:4}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
1 lock held by khungtaskd/30:
 #0: ffffffff88ebc400 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff88ebc400 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #0: ffffffff88ebc400 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390 kernel/locking/lockdep.c:6744
4 locks held by kworker/u8:7/1113:
 #0: ffff888100abb148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3204
 #1: ffffc90001fbfd80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
 #2: ffffffff8a1853d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xbb/0xb40 net/core/net_namespace.c:586
 #3: ffffffff8a19b048 (rtnl_mutex){+.+.}-{4:4}, at: cleanup_net+0x503/0xb40 net/core/net_namespace.c:622
2 locks held by getty/2904:
 #0: ffff888114ef90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc900000432f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480 drivers/tty/n_tty.c:2211
7 locks held by kworker/1:3/5222:
 #0: ffff88810668f548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3204
 #1: ffffc90001fcfd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
 #2: ffff88810af1c190 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
 #2: ffff88810af1c190 (&dev->mutex){....}-{4:4}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
 #3: ffff888113fb7190 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
 #3: ffff888113fb7190 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0x10a/0x920 drivers/usb/core/hub.c:2295
 #4: ffff88811462b160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
 #4: ffff88811462b160 (&dev->mutex){....}-{4:4}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
 #4: ffff88811462b160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xa4/0x610 drivers/base/dd.c:1293
 #5: ffffffff89bdf068 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x136/0x450 drivers/input/input.c:2277
 #6: ffffffff88ec7d38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a4/0x3b0 kernel/rcu/tree_exp.h:329
4 locks held by kworker/0:4/5253:
 #0: ffff88810668f548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3204
 #1: ffffc90001fffd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
 #2: ffff88810ab8f190 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
 #2: ffff88810ab8f190 (&dev->mutex){....}-{4:4}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
 #3: ffff8881f583d318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:598 [inline]
 #3: ffff8881f583d318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1514 [inline]
 #3: ffff8881f583d318 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1813 [inline]
 #3: ffff8881f583d318 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x293/0x34b0 kernel/sched/core.c:6680
3 locks held by kworker/0:5/5375:
 #0: ffff88810668f548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3204
 #1: ffffc90004f7fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
 #2: ffff88810b305190 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
 #2: ffff88810b305190 (&dev->mutex){....}-{4:4}, at: hub_event+0x1be/0x4f40 drivers/usb/core/hub.c:5849
2 locks held by kworker/0:6/5543:
 #0: ffff888100080948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3204
 #1: ffffc9000215fd80 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205
4 locks held by udevd/5675:
 #0: ffff88810c70f2f0 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xd8/0x12b0 fs/seq_file.c:182
 #1: ffff888106addc88 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x4d/0x240 fs/kernfs/file.c:154
 #2: ffff88811e1afd28 (kn->active#4){++++}-{0:0}, at: kernfs_seq_start+0x71/0x240 fs/kernfs/file.c:155
 #3: ffff888113fb7190 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline]
 #3: ffff888113fb7190 (&dev->mutex){....}-{4:4}, at: uevent_show+0x188/0x3b0 drivers/base/core.c:2729
1 lock held by syz-executor/7613:
 #0: ffffffff8a19b048 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 #0: ffffffff8a19b048 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:326 [inline]
 #0: ffffffff8a19b048 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x5d0/0x1c50 net/core/rtnetlink.c:4006
1 lock held by syz-executor/7623:
 #0: ffffffff8a19b048 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 #0: ffffffff8a19b048 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:326 [inline]
 #0: ffffffff8a19b048 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x5d0/0x1c50 net/core/rtnetlink.c:4006
1 lock held by syz-executor/7634:
 #0: ffffffff8a19b048 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 #0: ffffffff8a19b048 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:326 [inline]
 #0: ffffffff8a19b048 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x5d0/0x1c50 net/core/rtnetlink.c:4006
1 lock held by syz-executor/7636:
 #0: ffffffff8a1853d0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x292/0x6b0 net/core/net_namespace.c:496
1 lock held by syz-executor/7653:
 #0: ffffffff8a1853d0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x292/0x6b0 net/core/net_namespace.c:496

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc1-syzkaller-gd8d936c51388 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:234 [inline]
 watchdog+0xf14/0x1240 kernel/hung_task.c:397
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 5227 Comm: kworker/0:3 Not tainted 6.13.0-rc1-syzkaller-gd8d936c51388 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events purge_vmap_node
RIP: 0010:stack_trace_consume_entry+0x7a/0x170 kernel/stacktrace.c:89
Code: 74 08 3c 03 0f 8e ad 00 00 00 31 c0 3b 6b 08 0f 83 81 00 00 00 48 8d 7b 0c 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 98
RSP: 0018:ffffc900000079d8 EFLAGS: 00000a03
RAX: dffffc0000000000 RBX: ffffc90000007ab8 RCX: 0000000000000000
RDX: 1ffff92000000f58 RSI: ffffffff8142b83d RDI: ffffc90000007ac4
RBP: 0000000000000007 R08: ffffc90000007a2c R09: ffffffff8abcf824
R10: ffffc900000079f8 R11: 000000000000c5bb R12: ffffffff814740e0
R13: ffffc90000007ab8 R14: 0000000000000000 R15: ffff88810bfd57c0
FS:  0000000000000000(0000) GS:ffff8881f5800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4f39d37d60 CR3: 0000000134786000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 arch_stack_walk+0x86/0x100 arch/x86/kernel/stacktrace.c:27
 stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:582
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x37/0x50 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2338 [inline]
 slab_free mm/slub.c:4598 [inline]
 kfree+0x130/0x470 mm/slub.c:4746
 kfree_const+0x55/0x60 mm/util.c:43
 free_vfsmnt fs/namespace.c:727 [inline]
 delayed_free_vfsmnt+0x5a/0xb0 fs/namespace.c:736
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x206/0x8d0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:655
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:671
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire.part.0+0x30/0x380 kernel/locking/lockdep.c:5814
Code: 56 41 89 f6 41 55 49 89 fd 41 54 41 89 d4 48 ba 00 00 00 00 00 fc ff df 55 53 48 81 ec a8 00 00 00 48 c7 44 24 08 b3 8a b5 41 <48> 8d 5c 24 08 48 c7 44 24 10 8a b3 86 88 48 c1 eb 03 48 c7 44 24
RSP: 0018:ffffc9000200f8b0 EFLAGS: 00000282
RAX: 0000000000000001 RBX: ffffea00048c6380 RCX: 0000000000000002
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffffffff88ebc400
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff8a55e097 R11: 0000000000000003 R12: 0000000000000000
R13: ffffffff88ebc400 R14: 0000000000000000 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 rcu_read_lock include/linux/rcupdate.h:849 [inline]
 page_ext_get+0x3a/0x310 mm/page_ext.c:525
 __reset_page_owner+0x32/0x400 mm/page_owner.c:290
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_unref_page+0x661/0xe40 mm/page_alloc.c:2657
 kasan_depopulate_vmalloc_pte+0x63/0x80 mm/kasan/shadow.c:408
 apply_to_pte_range mm/memory.c:2831 [inline]
 apply_to_pmd_range mm/memory.c:2875 [inline]
 apply_to_pud_range mm/memory.c:2911 [inline]
 apply_to_p4d_range mm/memory.c:2947 [inline]
 __apply_to_page_range+0x5fd/0xd30 mm/memory.c:2981
 kasan_release_vmalloc+0xd1/0xe0 mm/kasan/shadow.c:529
 kasan_release_vmalloc_node mm/vmalloc.c:2196 [inline]
 purge_vmap_node+0x1d1/0xa40 mm/vmalloc.c:2213
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>