INFO: task kworker/0:2:1051 blocked for more than 143 seconds. Not tainted 5.15.0-rc2-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:2 state:D stack:20464 pid: 1051 ppid: 2 flags:0x00004000 Workqueue: usb_hub_wq hub_event Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0xc8d/0x1270 kernel/sched/core.c:6287 schedule+0x14b/0x210 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common+0xdff/0x2550 kernel/locking/mutex.c:669 __mutex_lock kernel/locking/mutex.c:729 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:743 imon_probe+0x11d/0x3200 drivers/media/rc/imon.c:2418 usb_probe_interface+0x633/0xb40 drivers/usb/core/driver.c:396 call_driver_probe+0x96/0x250 really_probe+0x223/0x9b0 drivers/base/dd.c:596 __driver_probe_device+0x1f8/0x3e0 drivers/base/dd.c:751 driver_probe_device+0x50/0x240 drivers/base/dd.c:781 __device_attach_driver+0x1e1/0x3b0 drivers/base/dd.c:898 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427 __device_attach+0x310/0x560 drivers/base/dd.c:969 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487 device_add+0x11c8/0x16d0 drivers/base/core.c:3359 usb_set_configuration+0x1a86/0x2100 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x83/0x140 drivers/usb/core/generic.c:238 usb_probe_device+0x13a/0x260 drivers/usb/core/driver.c:293 call_driver_probe+0x96/0x250 really_probe+0x223/0x9b0 drivers/base/dd.c:596 __driver_probe_device+0x1f8/0x3e0 drivers/base/dd.c:751 driver_probe_device+0x50/0x240 drivers/base/dd.c:781 __device_attach_driver+0x1e1/0x3b0 drivers/base/dd.c:898 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427 __device_attach+0x310/0x560 drivers/base/dd.c:969 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487 device_add+0x11c8/0x16d0 drivers/base/core.c:3359 usb_new_device+0x108a/0x1940 drivers/usb/core/hub.c:2563 hub_port_connect+0x1075/0x27d0 drivers/usb/core/hub.c:5348 hub_port_connect_change+0x5f9/0xc20 drivers/usb/core/hub.c:5488 port_event+0xb67/0x1220 drivers/usb/core/hub.c:5634 hub_event+0x4ed/0xe40 drivers/usb/core/hub.c:5716 process_one_work+0x853/0x1140 kernel/workqueue.c:2297 worker_thread+0xac1/0x1320 kernel/workqueue.c:2444 kthread+0x453/0x480 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 INFO: task kworker/0:7:8542 blocked for more than 143 seconds. Not tainted 5.15.0-rc2-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:7 state:D stack:20272 pid: 8542 ppid: 2 flags:0x00004000 Workqueue: usb_hub_wq hub_event Call Trace: context_switch kernel/sched/core.c:4940 [inline] __schedule+0xc8d/0x1270 kernel/sched/core.c:6287 schedule+0x14b/0x210 kernel/sched/core.c:6366 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425 __mutex_lock_common+0xdff/0x2550 kernel/locking/mutex.c:669 __mutex_lock kernel/locking/mutex.c:729 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:743 imon_probe+0x11d/0x3200 drivers/media/rc/imon.c:2418 usb_probe_interface+0x633/0xb40 drivers/usb/core/driver.c:396 call_driver_probe+0x96/0x250 really_probe+0x223/0x9b0 drivers/base/dd.c:596 __driver_probe_device+0x1f8/0x3e0 drivers/base/dd.c:751 driver_probe_device+0x50/0x240 drivers/base/dd.c:781 __device_attach_driver+0x1e1/0x3b0 drivers/base/dd.c:898 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427 __device_attach+0x310/0x560 drivers/base/dd.c:969 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487 device_add+0x11c8/0x16d0 drivers/base/core.c:3359 usb_set_configuration+0x1a86/0x2100 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x83/0x140 drivers/usb/core/generic.c:238 usb_probe_device+0x13a/0x260 drivers/usb/core/driver.c:293 call_driver_probe+0x96/0x250 really_probe+0x223/0x9b0 drivers/base/dd.c:596 __driver_probe_device+0x1f8/0x3e0 drivers/base/dd.c:751 driver_probe_device+0x50/0x240 drivers/base/dd.c:781 __device_attach_driver+0x1e1/0x3b0 drivers/base/dd.c:898 bus_for_each_drv+0x18a/0x210 drivers/base/bus.c:427 __device_attach+0x310/0x560 drivers/base/dd.c:969 bus_probe_device+0xb8/0x1f0 drivers/base/bus.c:487 device_add+0x11c8/0x16d0 drivers/base/core.c:3359 usb_new_device+0x108a/0x1940 drivers/usb/core/hub.c:2563 hub_port_connect+0x1075/0x27d0 drivers/usb/core/hub.c:5348 hub_port_connect_change+0x5f9/0xc20 drivers/usb/core/hub.c:5488 port_event+0xb67/0x1220 drivers/usb/core/hub.c:5634 hub_event+0x4ed/0xe40 drivers/usb/core/hub.c:5716 process_one_work+0x853/0x1140 kernel/workqueue.c:2297 worker_thread+0xac1/0x1320 kernel/workqueue.c:2444 kthread+0x453/0x480 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 Showing all locks held in the system: 1 lock held by ksoftirqd/1/19: #0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:474 [inline] #0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1317 [inline] #0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1620 [inline] #0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x188/0x1270 kernel/sched/core.c:6201 1 lock held by khungtaskd/27: #0: ffffffff8c91c180 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 6 locks held by kworker/0:2/1051: #0: ffff888141bbb938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140 #1: ffffc90004dd7d20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272 #2: ffff888146d39220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline] #2: ffff888146d39220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b2/0xe40 drivers/usb/core/hub.c:5662 #3: ffff888098069220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline] #3: ffff888098069220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944 #4: ffff88808ae971a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline] #4: ffff88808ae971a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944 #5: ffffffff8d5084c8 (driver_lock){+.+.}-{3:3}, at: imon_probe+0x11d/0x3200 drivers/media/rc/imon.c:2418 1 lock held by systemd-udevd/2970: 1 lock held by in:imklog/6201: #0: ffff88801b2f9270 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24e/0x2f0 fs/file.c:990 5 locks held by syz-executor.0/6548: 6 locks held by kworker/0:3/7972: #0: ffff888141bbb938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140 #1: ffffc9000d85fd20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272 #2: ffff88801f098220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline] #2: ffff88801f098220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b2/0xe40 drivers/usb/core/hub.c:5662 #3: ffff8880998c0220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline] #3: ffff8880998c0220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944 #4: ffff888095aa61a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline] #4: ffff888095aa61a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944 #5: ffffffff8d5084c8 (driver_lock){+.+.}-{3:3}, at: imon_probe+0x11d/0x3200 drivers/media/rc/imon.c:2418 3 locks held by kworker/1:6/8459: #0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:474 [inline] #0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1317 [inline] #0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1620 [inline] #0: ffff8880b9d31558 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x188/0x1270 kernel/sched/core.c:6201 #1: ffff8880b9d1f888 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x4c1/0x780 kernel/sched/psi.c:880 #2: ffff8880b9d1feb8 (krc.lock){..-.}-{2:2}, at: kfree_rcu_monitor+0x27/0x700 kernel/rcu/tree.c:3334 6 locks held by kworker/0:6/8532: #0: ffff888141bbb938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140 #1: ffffc90017cffd20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272 #2: ffff888146d50220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline] #2: ffff888146d50220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b2/0xe40 drivers/usb/core/hub.c:5662 #3: ffff88806e2bb220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline] #3: ffff88806e2bb220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944 #4: ffff88808cce91a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline] #4: ffff88808cce91a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944 #5: ffffffff8d5084c8 (driver_lock){+.+.}-{3:3}, at: imon_probe+0x11d/0x3200 drivers/media/rc/imon.c:2418 6 locks held by kworker/0:7/8542: #0: ffff888141bbb938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140 #1: ffffc90017e3fd20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2272 #2: ffff88801f0b0220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline] #2: ffff88801f0b0220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b2/0xe40 drivers/usb/core/hub.c:5662 #3: ffff88809806e220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline] #3: ffff88809806e220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944 #4: ffff88808ae961a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline] #4: ffff88808ae961a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x560 drivers/base/dd.c:944 #5: ffffffff8d5084c8 (driver_lock){+.+.}-{3:3}, at: imon_probe+0x11d/0x3200 drivers/media/rc/imon.c:2418 3 locks held by systemd-udevd/22191: #0: ffff8880749a6c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:203 [inline] #0: ffff8880749a6c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x19b/0x580 fs/kernfs/file.c:242 #1: ffff88807d5ef918 (kn->active#245){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:204 [inline] #1: ffff88807d5ef918 (kn->active#245){++++}-{0:0}, at: kernfs_fop_read_iter+0x1b3/0x580 fs/kernfs/file.c:242 #2: ffff88806e2bb220 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:765 [inline] #2: ffff88806e2bb220 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x33/0x3a0 drivers/usb/core/sysfs.c:873 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106 nmi_cpu_backtrace+0x45f/0x490 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x16a/0x280 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0xc54/0xca0 kernel/hung_task.c:295 kthread+0x453/0x480 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 2966 Comm: systemd-journal Not tainted 5.15.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:trace_lock_release+0x43/0x150 include/trace/events/lock.h:58 Code: 89 d8 48 c1 e8 06 48 8d 3c c5 68 f1 db 8d be 08 00 00 00 e8 9f 9a 69 00 48 0f a3 1d 9f bb 77 0c 73 21 65 83 05 f5 b9 9d 7e 01 <48> 8b 05 16 bb 64 0c e8 b1 f4 07 00 85 c0 74 0f 65 ff 0d de b9 9d RSP: 0018:ffffc90002abf3a0 EFLAGS: 00000282 RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff816435c1 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8ddbf168 RBP: ffffc90002abf4e8 R08: dffffc0000000000 R09: fffffbfff1bb7e2e R10: fffffbfff1bb7e2e R11: 0000000000000000 R12: dffffc0000000000 R13: 1ffff92000557e84 R14: ffffffff81dfd185 R15: ffff888017dccf80 FS: 00007f87b7e6e8c0(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f87b55b3000 CR3: 000000001dc5b000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_release+0x82/0x810 kernel/locking/lockdep.c:5636 dput+0x271/0x6e0 include/linux/rcupdate.h:720 step_into+0x409/0x1f90 fs/namei.c:1809 walk_component+0x33a/0x790 fs/namei.c:1976 link_path_walk+0x697/0xd00 path_openat+0x25b/0x3670 fs/namei.c:3557 do_filp_open+0x277/0x4f0 fs/namei.c:3588 do_sys_openat2+0x13b/0x500 fs/open.c:1200 do_sys_open fs/open.c:1216 [inline] __do_sys_open fs/open.c:1224 [inline] __se_sys_open fs/open.c:1220 [inline] __x64_sys_open+0x221/0x270 fs/open.c:1220 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f87b73fd840 Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 RSP: 002b:00007ffea186b4f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00007ffea186b800 RCX: 00007f87b73fd840 RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 000055a85a672650 RBP: 000000000000000d R08: 000000000000ffc0 R09: 00000000ffffffff R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff R13: 000055a85a665040 R14: 00007ffea186b7c0 R15: 000055a85a672730 ---------------- Code disassembly (best guess): 0: 89 d8 mov %ebx,%eax 2: 48 c1 e8 06 shr $0x6,%rax 6: 48 8d 3c c5 68 f1 db lea -0x72240e98(,%rax,8),%rdi d: 8d e: be 08 00 00 00 mov $0x8,%esi 13: e8 9f 9a 69 00 callq 0x699ab7 18: 48 0f a3 1d 9f bb 77 bt %rbx,0xc77bb9f(%rip) # 0xc77bbbf 1f: 0c 20: 73 21 jae 0x43 22: 65 83 05 f5 b9 9d 7e addl $0x1,%gs:0x7e9db9f5(%rip) # 0x7e9dba1f 29: 01 * 2a: 48 8b 05 16 bb 64 0c mov 0xc64bb16(%rip),%rax # 0xc64bb47 <-- trapping instruction 31: e8 b1 f4 07 00 callq 0x7f4e7 36: 85 c0 test %eax,%eax 38: 74 0f je 0x49 3a: 65 gs 3b: ff .byte 0xff 3c: 0d .byte 0xd 3d: de .byte 0xde 3e: b9 .byte 0xb9 3f: 9d popfq