bisecting cause commit starting from 3dbdb38e286903ec220aaf1fb29a8d94297da246 building syzkaller on 55aa55c24fe77aae07d530662f91b4d50c4990f0 testing commit 3dbdb38e286903ec220aaf1fb29a8d94297da246 with gcc (GCC) 10.2.1 20210217 kernel signature: be86f3f3b2899214e9271a92aa000cb0f01513f966a0a7a9a6242b89884a3943 run #0: basic kernel testing failed: possible deadlock in fs_reclaim_acquire run #1: crashed: INFO: task hung in hwrng_register run #2: crashed: INFO: task hung in hwrng_register run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in drop_current_rng run #5: crashed: INFO: task hung in hwrng_register run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in drop_current_rng run #8: crashed: INFO: task hung in hwrng_register run #9: crashed: INFO: task hung in hwrng_register run #10: crashed: INFO: task hung in drop_current_rng run #11: crashed: INFO: task hung in hwrng_register run #12: crashed: INFO: task hung in hwrng_register run #13: crashed: INFO: task hung in hwrng_register run #14: crashed: INFO: task hung in hwrng_register run #15: crashed: INFO: task hung in hwrng_register run #16: crashed: INFO: task hung in drop_current_rng run #17: crashed: INFO: task hung in hwrng_register run #18: crashed: INFO: task hung in hwrng_register run #19: crashed: INFO: task hung in hwrng_register testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 with gcc (GCC) 10.2.1 20210217 kernel signature: e9ace9c5ee2829ecfd31f47be41f589c91c15eff6b62baab7051a38e73106e48 run #0: crashed: INFO: task hung in hwrng_register run #1: crashed: INFO: task hung in hwrng_register run #2: crashed: INFO: task hung in hwrng_register run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in drop_current_rng run #5: crashed: INFO: task hung in hwrng_register run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in hwrng_register run #8: crashed: INFO: task hung in hwrng_register run #9: crashed: INFO: task hung in drop_current_rng testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 with gcc (GCC) 10.2.1 20210217 kernel signature: e8c8edc56ed7eecefb295a9ce860712552bfe61648872ba3f622452206b435fc run #0: crashed: INFO: task hung in drop_current_rng run #1: crashed: INFO: task hung in hwrng_register run #2: crashed: INFO: task hung in hwrng_register run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in drop_current_rng run #5: crashed: INFO: task hung in hwrng_register run #6: crashed: INFO: task hung in drop_current_rng run #7: crashed: INFO: task hung in hwrng_register run #8: crashed: INFO: task hung in hwrng_register run #9: crashed: INFO: task hung in hwrng_register testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217 kernel signature: 13ee78a1f289bc974c3d49828f6b6cb5fb780fdcacbea983f22b336310c726dc run #0: crashed: INFO: task hung in hwrng_register run #1: crashed: INFO: task hung in drop_current_rng run #2: crashed: INFO: task hung in drop_current_rng run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in hwrng_register run #5: crashed: INFO: task hung in hwrng_register run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in hwrng_register run #8: crashed: INFO: task hung in hwrng_register run #9: crashed: INFO: task hung in hwrng_register testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 10.2.1 20210217 kernel signature: 73651e18334bb8c9dd0f1435f393d0181d0040f6cf988d8ee15dc2e3470c31a7 run #0: crashed: INFO: task hung in hwrng_register run #1: crashed: INFO: task hung in drop_current_rng run #2: crashed: INFO: task hung in drop_current_rng run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in hwrng_register run #5: crashed: INFO: task hung in hwrng_register run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in hwrng_register run #8: crashed: INFO: task hung in hwrng_register run #9: crashed: INFO: task hung in hwrng_register testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 10.2.1 20210217 kernel signature: ce2ca99df9867843bac1eef5099fc62a3a4a2947c556e08e6b875db4da8495b4 run #0: crashed: INFO: task hung in hwrng_register run #1: crashed: INFO: task hung in hwrng_register run #2: crashed: INFO: task hung in hwrng_register run #3: crashed: INFO: task hung in drop_current_rng run #4: crashed: INFO: task hung in hwrng_register run #5: crashed: INFO: task hung in hwrng_register run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in hwrng_register run #8: crashed: INFO: task hung in hwrng_register run #9: crashed: INFO: task hung in hwrng_register testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.4.1 20210217 kernel signature: 44715d9a0e44ac6b5f84fe4f08ab1e878d4ff1979c8b1b1bfd5231bb82b8d8c6 run #0: crashed: INFO: task hung in hwrng_register run #1: crashed: INFO: task hung in drop_current_rng run #2: crashed: INFO: task hung in drop_current_rng run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in hwrng_register run #5: crashed: INFO: task hung in hwrng_register run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in drop_current_rng run #8: crashed: INFO: task hung in drop_current_rng run #9: crashed: INFO: task hung in hwrng_register testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.4.1 20210217 kernel signature: 5ca0b64ca422752a1cea4f22afc903d309bdaaa09164d9e73edf547813949dae run #0: crashed: INFO: task hung in hwrng_register run #1: crashed: INFO: task hung in hwrng_register run #2: crashed: INFO: task hung in hwrng_register run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in drop_current_rng run #5: crashed: INFO: task hung in drop_current_rng run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in drop_current_rng run #8: crashed: INFO: task hung in hwrng_register run #9: crashed: INFO: task hung in hwrng_register testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.4.1 20210217 kernel signature: be0ee456b33d313ed382865e5f2bc3cc1c381872344a7803d30fdf440ee67bbe all runs: OK # git bisect start 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 7542 revisions left to test after this (roughly 13 steps) [50a5de895dbe5df947b3a695777db5b2c313e065] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 50a5de895dbe5df947b3a695777db5b2c313e065 with gcc (GCC) 8.4.1 20210217 kernel signature: 6b23d53b891158607cd82ebb833dc7315a3040a1a1f2bc7963d66c3251b9faea run #0: crashed: INFO: task hung in hwrng_register run #1: crashed: INFO: task hung in hwrng_register run #2: crashed: INFO: task hung in hwrng_register run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in hwrng_register run #5: crashed: INFO: task hung in hwrng_register run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in hwrng_register run #8: crashed: INFO: task hung in hwrng_register run #9: crashed: INFO: task hung in drop_current_rng # git bisect bad 50a5de895dbe5df947b3a695777db5b2c313e065 Bisecting: 4204 revisions left to test after this (roughly 12 steps) [56a451b780676bc1cdac011735fe2869fa2e9abf] Merge tag 'ntb-5.7' of git://github.com/jonmason/ntb testing commit 56a451b780676bc1cdac011735fe2869fa2e9abf with gcc (GCC) 8.4.1 20210217 kernel signature: feef175bc35ac55d5bdf33e43e033b47206f96f754110e9344c449cc8c4c36a1 all runs: crashed: INFO: task hung in hwrng_register # git bisect bad 56a451b780676bc1cdac011735fe2869fa2e9abf Bisecting: 1643 revisions left to test after this (roughly 11 steps) [49835c15a55225e9b3ff9cc9317135b334ea2d49] Merge tag 'pm-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm testing commit 49835c15a55225e9b3ff9cc9317135b334ea2d49 with gcc (GCC) 8.4.1 20210217 kernel signature: 0a6c7b25b4825bc6d8fa881f1e2d9d7e9a0182fa7c95db7c4664412226d871a1 run #0: crashed: INFO: task hung in hwrng_register run #1: crashed: INFO: task hung in hwrng_register run #2: crashed: INFO: task hung in hwrng_register run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in hwrng_register run #5: crashed: INFO: task hung in hwrng_register run #6: crashed: INFO: task hung in drop_current_rng run #7: crashed: INFO: task hung in hwrng_register run #8: crashed: INFO: task hung in hwrng_register run #9: crashed: INFO: task hung in hwrng_register # git bisect bad 49835c15a55225e9b3ff9cc9317135b334ea2d49 Bisecting: 934 revisions left to test after this (roughly 10 steps) [063d1942247668eb0bb800aef5afbbef337344be] Merge tag 'media/v5.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 063d1942247668eb0bb800aef5afbbef337344be with gcc (GCC) 8.4.1 20210217 kernel signature: 82af66268c0b8897531c7acbef1771b7dcb053c37d074a43bde4cbb85d824231 all runs: OK # git bisect good 063d1942247668eb0bb800aef5afbbef337344be Bisecting: 516 revisions left to test after this (roughly 9 steps) [e681bb287f40e7a9dbcb04cef80fd87a2511ab86] staging: vt6656: Use DIV_ROUND_UP macro instead of specific code testing commit e681bb287f40e7a9dbcb04cef80fd87a2511ab86 with gcc (GCC) 8.4.1 20210217 kernel signature: 5075ceda44190804ef5bc47d56f9f01dc1b788dddbd118fca9cad426f93454f9 all runs: OK # git bisect good e681bb287f40e7a9dbcb04cef80fd87a2511ab86 Bisecting: 266 revisions left to test after this (roughly 8 steps) [db34c5ffee649e2c4c870d1031a996398a187cf5] Merge tag 'usb-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit db34c5ffee649e2c4c870d1031a996398a187cf5 with gcc (GCC) 8.4.1 20210217 kernel signature: 512fee21bffc3655d251be3e731b773fc34c2c5586b883bcd46be26a6ca11381 all runs: crashed: INFO: task hung in hwrng_register # git bisect bad db34c5ffee649e2c4c870d1031a996398a187cf5 Bisecting: 121 revisions left to test after this (roughly 7 steps) [a8ab3e76297ea85d92f4ee0833bd469816a13ccf] Merge tag 'usb-for-v5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-next testing commit a8ab3e76297ea85d92f4ee0833bd469816a13ccf with gcc (GCC) 8.4.1 20210217 kernel signature: 2b27c1580827f7d0752852d01c70be76ac6ca45e37eb0a774a995a2383ff5540 run #0: crashed: INFO: task hung in hwrng_register run #1: crashed: INFO: task hung in drop_current_rng run #2: crashed: INFO: task hung in hwrng_register run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in hwrng_register run #5: crashed: INFO: task hung in drop_current_rng run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in drop_current_rng run #8: crashed: INFO: task hung in hwrng_register run #9: crashed: INFO: task hung in hwrng_register # git bisect bad a8ab3e76297ea85d92f4ee0833bd469816a13ccf Bisecting: 63 revisions left to test after this (roughly 6 steps) [d1c6a769cdf466053ae211789f2b0671c8a72331] usb: typec: mux: Allow the mux handles to be requested with fwnode testing commit d1c6a769cdf466053ae211789f2b0671c8a72331 with gcc (GCC) 8.4.1 20210217 kernel signature: 29798fd862b6da2521516f6dc2c2de351c8b4ed12e77cc0515bf73508a68c869 all runs: OK # git bisect good d1c6a769cdf466053ae211789f2b0671c8a72331 Bisecting: 31 revisions left to test after this (roughly 5 steps) [eeead847487f726fa177d0f4060c4f0816ad9cd9] usb: gadget: amd5536udc: fix spelling mistake "reserverd" -> "reserved" testing commit eeead847487f726fa177d0f4060c4f0816ad9cd9 with gcc (GCC) 8.4.1 20210217 kernel signature: b290d66dbb4f8c32eb105b55a90415e9d07b19575a15847dd260355d88799884 all runs: crashed: INFO: task hung in hwrng_register # git bisect bad eeead847487f726fa177d0f4060c4f0816ad9cd9 Bisecting: 15 revisions left to test after this (roughly 4 steps) [3d157c28d2289edf0439e8308e8de3a06acaaf0e] doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in park mode testing commit 3d157c28d2289edf0439e8308e8de3a06acaaf0e with gcc (GCC) 8.4.1 20210217 kernel signature: 5e6171813c8545e5e44a25174433140233abd4b8eab47ed58f78a72254d81237 all runs: OK # git bisect good 3d157c28d2289edf0439e8308e8de3a06acaaf0e Bisecting: 7 revisions left to test after this (roughly 3 steps) [0227cc84c44417a29c8102e41db8ec2c11ebc6b2] usb: dwc3: core: don't do suspend for device mode if already suspended testing commit 0227cc84c44417a29c8102e41db8ec2c11ebc6b2 with gcc (GCC) 8.4.1 20210217 kernel signature: b0abef007202aa540ec2275a938fbaa6a3e7ac31443b9f6261df0829057abcf7 all runs: OK # git bisect good 0227cc84c44417a29c8102e41db8ec2c11ebc6b2 Bisecting: 3 revisions left to test after this (roughly 2 steps) [95b18f28979e12539cc02f6ec4e2c776e8551f39] dt-bindings: usb: dwc2: add compatible property for rk3328 usb testing commit 95b18f28979e12539cc02f6ec4e2c776e8551f39 with gcc (GCC) 8.4.1 20210217 kernel signature: ae95e7a4d2dd85b6e8264504f41c1fadc66bbc363b0f9792879ca4f7c894dfaa all runs: crashed: INFO: task hung in hwrng_register # git bisect bad 95b18f28979e12539cc02f6ec4e2c776e8551f39 Bisecting: 1 revision left to test after this (roughly 1 step) [1a0808cb9e417170ed6ab97254cf319dc3e3c310] usb: dwc2: Implement set_selfpowered() testing commit 1a0808cb9e417170ed6ab97254cf319dc3e3c310 with gcc (GCC) 8.4.1 20210217 kernel signature: b0abef007202aa540ec2275a938fbaa6a3e7ac31443b9f6261df0829057abcf7 all runs: OK # git bisect good 1a0808cb9e417170ed6ab97254cf319dc3e3c310 Bisecting: 0 revisions left to test after this (roughly 0 steps) [f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10] usb: gadget: add raw-gadget interface testing commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 with gcc (GCC) 8.4.1 20210217 kernel signature: ae95e7a4d2dd85b6e8264504f41c1fadc66bbc363b0f9792879ca4f7c894dfaa run #0: crashed: INFO: task hung in hwrng_register run #1: crashed: INFO: task hung in drop_current_rng run #2: crashed: INFO: task hung in hwrng_register run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in hwrng_register run #5: crashed: INFO: task hung in hwrng_register run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in hwrng_register run #8: crashed: INFO: task hung in hwrng_register run #9: crashed: INFO: task hung in hwrng_register # git bisect bad f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 is the first bad commit commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 Author: Andrey Konovalov Date: Mon Feb 24 17:13:03 2020 +0100 usb: gadget: add raw-gadget interface USB Raw Gadget is a kernel module that provides a userspace interface for the USB Gadget subsystem. Essentially it allows to emulate USB devices from userspace. Enabled with CONFIG_USB_RAW_GADGET. Raw Gadget is currently a strictly debugging feature and shouldn't be used in production. Raw Gadget is similar to GadgetFS, but provides a more low-level and direct access to the USB Gadget layer for the userspace. The key differences are: 1. Every USB request is passed to the userspace to get a response, while GadgetFS responds to some USB requests internally based on the provided descriptors. However note, that the UDC driver might respond to some requests on its own and never forward them to the Gadget layer. 2. GadgetFS performs some sanity checks on the provided USB descriptors, while Raw Gadget allows you to provide arbitrary data as responses to USB requests. 3. Raw Gadget provides a way to select a UDC device/driver to bind to, while GadgetFS currently binds to the first available UDC. 4. Raw Gadget uses predictable endpoint names (handles) across different UDCs (as long as UDCs have enough endpoints of each required transfer type). 5. Raw Gadget has ioctl-based interface instead of a filesystem-based one. Reviewed-by: Greg Kroah-Hartman Signed-off-by: Andrey Konovalov Signed-off-by: Felipe Balbi Documentation/usb/index.rst | 1 + Documentation/usb/raw-gadget.rst | 61 ++ drivers/usb/gadget/legacy/Kconfig | 11 + drivers/usb/gadget/legacy/Makefile | 1 + drivers/usb/gadget/legacy/raw_gadget.c | 1078 ++++++++++++++++++++++++++++++++ include/uapi/linux/usb/raw_gadget.h | 167 +++++ 6 files changed, 1319 insertions(+) create mode 100644 Documentation/usb/raw-gadget.rst create mode 100644 drivers/usb/gadget/legacy/raw_gadget.c create mode 100644 include/uapi/linux/usb/raw_gadget.h culprit signature: ae95e7a4d2dd85b6e8264504f41c1fadc66bbc363b0f9792879ca4f7c894dfaa parent signature: b0abef007202aa540ec2275a938fbaa6a3e7ac31443b9f6261df0829057abcf7 revisions tested: 23, total time: 5h40m18.654986089s (build: 2h43m2.659667895s, test: 2h53m47.113413203s) first bad commit: f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10 usb: gadget: add raw-gadget interface recipients (to): ["andreyknvl@google.com" "balbi@kernel.org" "gregkh@linuxfoundation.org"] recipients (cc): [] crash: INFO: task hung in hwrng_register INFO: task kworker/0:0:5 blocked for more than 143 seconds. Not tainted 5.6.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/0:0 D25944 5 2 0x80084000 Workqueue: usb_hub_wq hub_event Call Trace: schedule+0xc4/0x2b0 kernel/sched/core.c:4154 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4213 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x8db/0x1400 kernel/locking/mutex.c:1103 hwrng_register+0x6b/0x530 drivers/char/hw_random/core.c:478 chaoskey_probe+0x6c8/0xb27 drivers/usb/misc/chaoskey.c:205 usb_probe_interface+0x277/0x840 drivers/usb/core/driver.c:361 really_probe+0x20b/0xb00 drivers/base/dd.c:551 driver_probe_device+0x259/0x370 drivers/base/dd.c:724 bus_for_each_drv+0x118/0x1b0 drivers/base/bus.c:431 __device_attach+0x1be/0x2e0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10f7/0x1920 drivers/base/core.c:2500 usb_set_configuration+0xc81/0x1940 drivers/usb/core/message.c:2023 generic_probe+0x61/0x8a drivers/usb/core/generic.c:210 really_probe+0x20b/0xb00 drivers/base/dd.c:551 driver_probe_device+0x259/0x370 drivers/base/dd.c:724 bus_for_each_drv+0x118/0x1b0 drivers/base/bus.c:431 __device_attach+0x1be/0x2e0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10f7/0x1920 drivers/base/core.c:2500 usb_new_device+0x866/0x14e0 drivers/usb/core/hub.c:2548 hub_port_connect drivers/usb/core/hub.c:5195 [inline] hub_port_connect_change drivers/usb/core/hub.c:5335 [inline] port_event drivers/usb/core/hub.c:5481 [inline] hub_event+0x1079/0x3240 drivers/usb/core/hub.c:5563 process_one_work+0x8ff/0x1690 kernel/workqueue.c:2264 worker_thread+0x82/0xb50 kernel/workqueue.c:2410 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 INFO: task kworker/1:3:3489 blocked for more than 143 seconds. Not tainted 5.6.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/1:3 D25336 3489 2 0x80084000 Workqueue: usb_hub_wq hub_event Call Trace: schedule+0xc4/0x2b0 kernel/sched/core.c:4154 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4213 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x8db/0x1400 kernel/locking/mutex.c:1103 hwrng_register+0x6b/0x530 drivers/char/hw_random/core.c:478 chaoskey_probe+0x6c8/0xb27 drivers/usb/misc/chaoskey.c:205 usb_probe_interface+0x277/0x840 drivers/usb/core/driver.c:361 really_probe+0x20b/0xb00 drivers/base/dd.c:551 driver_probe_device+0x259/0x370 drivers/base/dd.c:724 bus_for_each_drv+0x118/0x1b0 drivers/base/bus.c:431 __device_attach+0x1be/0x2e0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10f7/0x1920 drivers/base/core.c:2500 usb_set_configuration+0xc81/0x1940 drivers/usb/core/message.c:2023 generic_probe+0x61/0x8a drivers/usb/core/generic.c:210 really_probe+0x20b/0xb00 drivers/base/dd.c:551 driver_probe_device+0x259/0x370 drivers/base/dd.c:724 bus_for_each_drv+0x118/0x1b0 drivers/base/bus.c:431 __device_attach+0x1be/0x2e0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10f7/0x1920 drivers/base/core.c:2500 usb_new_device+0x866/0x14e0 drivers/usb/core/hub.c:2548 hub_port_connect drivers/usb/core/hub.c:5195 [inline] hub_port_connect_change drivers/usb/core/hub.c:5335 [inline] port_event drivers/usb/core/hub.c:5481 [inline] hub_event+0x1079/0x3240 drivers/usb/core/hub.c:5563 process_one_work+0x8ff/0x1690 kernel/workqueue.c:2264 worker_thread+0x82/0xb50 kernel/workqueue.c:2410 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 INFO: task kworker/1:27:3523 blocked for more than 144 seconds. Not tainted 5.6.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/1:27 D25848 3523 2 0x80084000 Workqueue: usb_hub_wq hub_event Call Trace: schedule+0xc4/0x2b0 kernel/sched/core.c:4154 schedule_timeout+0x6b5/0xe80 kernel/time/timer.c:1871 do_wait_for_common kernel/sched/completion.c:83 [inline] __wait_for_common kernel/sched/completion.c:104 [inline] wait_for_common kernel/sched/completion.c:115 [inline] wait_for_completion+0x25f/0x3c0 kernel/sched/completion.c:136 cleanup_rng drivers/char/hw_random/core.c:81 [inline] kref_put include/linux/kref.h:65 [inline] drop_current_rng+0x79/0xb0 drivers/char/hw_random/core.c:109 set_current_rng+0x1fc/0x360 drivers/char/hw_random/core.c:96 hwrng_register+0x358/0x530 drivers/char/hw_random/core.c:505 chaoskey_probe+0x6c8/0xb27 drivers/usb/misc/chaoskey.c:205 usb_probe_interface+0x277/0x840 drivers/usb/core/driver.c:361 really_probe+0x20b/0xb00 drivers/base/dd.c:551 driver_probe_device+0x259/0x370 drivers/base/dd.c:724 bus_for_each_drv+0x118/0x1b0 drivers/base/bus.c:431 __device_attach+0x1be/0x2e0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10f7/0x1920 drivers/base/core.c:2500 usb_set_configuration+0xc81/0x1940 drivers/usb/core/message.c:2023 generic_probe+0x61/0x8a drivers/usb/core/generic.c:210 really_probe+0x20b/0xb00 drivers/base/dd.c:551 driver_probe_device+0x259/0x370 drivers/base/dd.c:724 bus_for_each_drv+0x118/0x1b0 drivers/base/bus.c:431 __device_attach+0x1be/0x2e0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10f7/0x1920 drivers/base/core.c:2500 usb_new_device+0x866/0x14e0 drivers/usb/core/hub.c:2548 hub_port_connect drivers/usb/core/hub.c:5195 [inline] hub_port_connect_change drivers/usb/core/hub.c:5335 [inline] port_event drivers/usb/core/hub.c:5481 [inline] hub_event+0x1079/0x3240 drivers/usb/core/hub.c:5563 process_one_work+0x8ff/0x1690 kernel/workqueue.c:2264 worker_thread+0x82/0xb50 kernel/workqueue.c:2410 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 INFO: task kworker/1:28:3524 blocked for more than 144 seconds. Not tainted 5.6.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/1:28 D25232 3524 2 0x80084000 Workqueue: usb_hub_wq hub_event Call Trace: schedule+0xc4/0x2b0 kernel/sched/core.c:4154 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4213 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x8db/0x1400 kernel/locking/mutex.c:1103 hwrng_register+0x6b/0x530 drivers/char/hw_random/core.c:478 chaoskey_probe+0x6c8/0xb27 drivers/usb/misc/chaoskey.c:205 usb_probe_interface+0x277/0x840 drivers/usb/core/driver.c:361 really_probe+0x20b/0xb00 drivers/base/dd.c:551 driver_probe_device+0x259/0x370 drivers/base/dd.c:724 bus_for_each_drv+0x118/0x1b0 drivers/base/bus.c:431 __device_attach+0x1be/0x2e0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10f7/0x1920 drivers/base/core.c:2500 usb_set_configuration+0xc81/0x1940 drivers/usb/core/message.c:2023 generic_probe+0x61/0x8a drivers/usb/core/generic.c:210 really_probe+0x20b/0xb00 drivers/base/dd.c:551 driver_probe_device+0x259/0x370 drivers/base/dd.c:724 bus_for_each_drv+0x118/0x1b0 drivers/base/bus.c:431 __device_attach+0x1be/0x2e0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10f7/0x1920 drivers/base/core.c:2500 usb_new_device+0x866/0x14e0 drivers/usb/core/hub.c:2548 hub_port_connect drivers/usb/core/hub.c:5195 [inline] hub_port_connect_change drivers/usb/core/hub.c:5335 [inline] port_event drivers/usb/core/hub.c:5481 [inline] hub_event+0x1079/0x3240 drivers/usb/core/hub.c:5563 process_one_work+0x8ff/0x1690 kernel/workqueue.c:2264 worker_thread+0x82/0xb50 kernel/workqueue.c:2410 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 INFO: task kworker/0:4:4644 blocked for more than 145 seconds. Not tainted 5.6.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/0:4 D25064 4644 2 0x80084000 Workqueue: usb_hub_wq hub_event Call Trace: schedule+0xc4/0x2b0 kernel/sched/core.c:4154 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4213 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x8db/0x1400 kernel/locking/mutex.c:1103 hwrng_register+0x6b/0x530 drivers/char/hw_random/core.c:478 chaoskey_probe+0x6c8/0xb27 drivers/usb/misc/chaoskey.c:205 usb_probe_interface+0x277/0x840 drivers/usb/core/driver.c:361 really_probe+0x20b/0xb00 drivers/base/dd.c:551 driver_probe_device+0x259/0x370 drivers/base/dd.c:724 bus_for_each_drv+0x118/0x1b0 drivers/base/bus.c:431 __device_attach+0x1be/0x2e0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10f7/0x1920 drivers/base/core.c:2500 usb_set_configuration+0xc81/0x1940 drivers/usb/core/message.c:2023 generic_probe+0x61/0x8a drivers/usb/core/generic.c:210 really_probe+0x20b/0xb00 drivers/base/dd.c:551 driver_probe_device+0x259/0x370 drivers/base/dd.c:724 bus_for_each_drv+0x118/0x1b0 drivers/base/bus.c:431 __device_attach+0x1be/0x2e0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10f7/0x1920 drivers/base/core.c:2500 usb_new_device+0x866/0x14e0 drivers/usb/core/hub.c:2548 hub_port_connect drivers/usb/core/hub.c:5195 [inline] hub_port_connect_change drivers/usb/core/hub.c:5335 [inline] port_event drivers/usb/core/hub.c:5481 [inline] hub_event+0x1079/0x3240 drivers/usb/core/hub.c:5563 process_one_work+0x8ff/0x1690 kernel/workqueue.c:2264 worker_thread+0x82/0xb50 kernel/workqueue.c:2410 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 INFO: task kworker/0:6:4651 blocked for more than 145 seconds. Not tainted 5.6.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/0:6 D25912 4651 2 0x80084000 Workqueue: usb_hub_wq hub_event Call Trace: schedule+0xc4/0x2b0 kernel/sched/core.c:4154 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4213 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x8db/0x1400 kernel/locking/mutex.c:1103 hwrng_register+0x6b/0x530 drivers/char/hw_random/core.c:478 chaoskey_probe+0x6c8/0xb27 drivers/usb/misc/chaoskey.c:205 usb_probe_interface+0x277/0x840 drivers/usb/core/driver.c:361 really_probe+0x20b/0xb00 drivers/base/dd.c:551 driver_probe_device+0x259/0x370 drivers/base/dd.c:724 bus_for_each_drv+0x118/0x1b0 drivers/base/bus.c:431 __device_attach+0x1be/0x2e0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10f7/0x1920 drivers/base/core.c:2500 usb_set_configuration+0xc81/0x1940 drivers/usb/core/message.c:2023 generic_probe+0x61/0x8a drivers/usb/core/generic.c:210 really_probe+0x20b/0xb00 drivers/base/dd.c:551 driver_probe_device+0x259/0x370 drivers/base/dd.c:724 bus_for_each_drv+0x118/0x1b0 drivers/base/bus.c:431 __device_attach+0x1be/0x2e0 drivers/base/dd.c:897 bus_probe_device+0x19e/0x250 drivers/base/bus.c:491 device_add+0x10f7/0x1920 drivers/base/core.c:2500 usb_new_device+0x866/0x14e0 drivers/usb/core/hub.c:2548 hub_port_connect drivers/usb/core/hub.c:5195 [inline] hub_port_connect_change drivers/usb/core/hub.c:5335 [inline] port_event drivers/usb/core/hub.c:5481 [inline] hub_event+0x1079/0x3240 drivers/usb/core/hub.c:5563 process_one_work+0x8ff/0x1690 kernel/workqueue.c:2264 worker_thread+0x82/0xb50 kernel/workqueue.c:2410 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Showing all locks held in the system: 6 locks held by kworker/0:0/5: #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: __write_once_size include/linux/compiler.h:226 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: process_one_work+0x80b/0x1690 kernel/workqueue.c:2235 #1: ffffc90000ca7e00 ((work_completion)(&hub->events)){+.+.}, at: process_one_work+0x840/0x1690 kernel/workqueue.c:2239 #2: ffff888235854200 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #2: ffff888235854200 (&dev->mutex){....}, at: hub_event+0x143/0x3240 drivers/usb/core/hub.c:5509 #3: ffff8880b0d74200 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #3: ffff8880b0d74200 (&dev->mutex){....}, at: __device_attach+0x76/0x2e0 drivers/base/dd.c:874 #4: ffff888087824190 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #4: ffff888087824190 (&dev->mutex){....}, at: __device_attach+0x76/0x2e0 drivers/base/dd.c:874 #5: ffffffff8afd3440 (rng_mutex){+.+.}, at: hwrng_register+0x6b/0x530 drivers/char/hw_random/core.c:478 1 lock held by khungtaskd/1560: #0: ffffffff8a2e5c40 (rcu_read_lock){....}, at: debug_show_all_locks+0x52/0x2b9 kernel/locking/lockdep.c:5331 6 locks held by kworker/1:3/3489: #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: __write_once_size include/linux/compiler.h:226 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: process_one_work+0x80b/0x1690 kernel/workqueue.c:2235 #1: ffffc90001a97e00 ((work_completion)(&hub->events)){+.+.}, at: process_one_work+0x840/0x1690 kernel/workqueue.c:2239 #2: ffff8880a977f200 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #2: ffff8880a977f200 (&dev->mutex){....}, at: hub_event+0x143/0x3240 drivers/usb/core/hub.c:5509 #3: ffff888088255200 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #3: ffff888088255200 (&dev->mutex){....}, at: __device_attach+0x76/0x2e0 drivers/base/dd.c:874 #4: ffff888099de7190 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #4: ffff888099de7190 (&dev->mutex){....}, at: __device_attach+0x76/0x2e0 drivers/base/dd.c:874 #5: ffffffff8afd3440 (rng_mutex){+.+.}, at: hwrng_register+0x6b/0x530 drivers/char/hw_random/core.c:478 6 locks held by kworker/1:27/3523: #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: __write_once_size include/linux/compiler.h:226 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: process_one_work+0x80b/0x1690 kernel/workqueue.c:2235 #1: ffffc90001d2fe00 ((work_completion)(&hub->events)){+.+.}, at: process_one_work+0x840/0x1690 kernel/workqueue.c:2239 #2: ffff8880a9731200 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #2: ffff8880a9731200 (&dev->mutex){....}, at: hub_event+0x143/0x3240 drivers/usb/core/hub.c:5509 #3: ffff888096b82200 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #3: ffff888096b82200 (&dev->mutex){....}, at: __device_attach+0x76/0x2e0 drivers/base/dd.c:874 #4: ffff88809f2de190 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #4: ffff88809f2de190 (&dev->mutex){....}, at: __device_attach+0x76/0x2e0 drivers/base/dd.c:874 #5: ffffffff8afd3440 (rng_mutex){+.+.}, at: hwrng_register+0x6b/0x530 drivers/char/hw_random/core.c:478 6 locks held by kworker/1:28/3524: #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: __write_once_size include/linux/compiler.h:226 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: process_one_work+0x80b/0x1690 kernel/workqueue.c:2235 #1: ffffc90001d6fe00 ((work_completion)(&hub->events)){+.+.}, at: process_one_work+0x840/0x1690 kernel/workqueue.c:2239 #2: ffff8880a96b2200 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #2: ffff8880a96b2200 (&dev->mutex){....}, at: hub_event+0x143/0x3240 drivers/usb/core/hub.c:5509 #3: ffff888088573200 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #3: ffff888088573200 (&dev->mutex){....}, at: __device_attach+0x76/0x2e0 drivers/base/dd.c:874 #4: ffff888088319190 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #4: ffff888088319190 (&dev->mutex){....}, at: __device_attach+0x76/0x2e0 drivers/base/dd.c:874 #5: ffffffff8afd3440 (rng_mutex){+.+.}, at: hwrng_register+0x6b/0x530 drivers/char/hw_random/core.c:478 6 locks held by kworker/0:4/4644: #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: __write_once_size include/linux/compiler.h:226 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: process_one_work+0x80b/0x1690 kernel/workqueue.c:2235 #1: ffffc900074d7e00 ((work_completion)(&hub->events)){+.+.}, at: process_one_work+0x840/0x1690 kernel/workqueue.c:2239 #2: ffff8882358a3200 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #2: ffff8882358a3200 (&dev->mutex){....}, at: hub_event+0x143/0x3240 drivers/usb/core/hub.c:5509 #3: ffff8880b274e200 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #3: ffff8880b274e200 (&dev->mutex){....}, at: __device_attach+0x76/0x2e0 drivers/base/dd.c:874 #4: ffff8880b1824190 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #4: ffff8880b1824190 (&dev->mutex){....}, at: __device_attach+0x76/0x2e0 drivers/base/dd.c:874 #5: ffffffff8afd3440 (rng_mutex){+.+.}, at: hwrng_register+0x6b/0x530 drivers/char/hw_random/core.c:478 6 locks held by kworker/0:6/4651: #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: __write_once_size include/linux/compiler.h:226 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline] #0: ffff8880b051a528 ((wq_completion)usb_hub_wq){+.+.}, at: process_one_work+0x80b/0x1690 kernel/workqueue.c:2235 #1: ffffc900074b7e00 ((work_completion)(&hub->events)){+.+.}, at: process_one_work+0x840/0x1690 kernel/workqueue.c:2239 #2: ffff8880a9778200 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #2: ffff8880a9778200 (&dev->mutex){....}, at: hub_event+0x143/0x3240 drivers/usb/core/hub.c:5509 #3: ffff88809978f200 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #3: ffff88809978f200 (&dev->mutex){....}, at: __device_attach+0x76/0x2e0 drivers/base/dd.c:874 #4: ffff88809f16b190 (&dev->mutex){....}, at: device_lock include/linux/device.h:771 [inline] #4: ffff88809f16b190 (&dev->mutex){....}, at: __device_attach+0x76/0x2e0 drivers/base/dd.c:874 #5: ffffffff8afd3440 (rng_mutex){+.+.}, at: hwrng_register+0x6b/0x530 drivers/char/hw_random/core.c:478 2 locks held by in:imklog/8657: #0: ffff8880a45085e0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x96/0xb0 fs/file.c:821 #1: ffff8880b9f36218 (&rq->lock){-.-.}, at: rq_lock kernel/sched/sched.h:1215 [inline] #1: ffff8880b9f36218 (&rq->lock){-.-.}, at: __schedule+0x2b5/0x1f90 kernel/sched/core.c:4028 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1560 Comm: khungtaskd Not tainted 5.6.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x96/0xe0 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.6+0x2e/0x33 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x183/0x1ac lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0x69d/0xd50 kernel/hung_task.c:289 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 5.6.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:lock_release+0x38/0x6e0 kernel/locking/lockdep.c:4492 Code: 41 55 49 89 f5 41 54 49 89 fc 55 53 48 81 ec b8 00 00 00 48 c7 44 24 18 b3 8a b5 41 48 8d 5c 24 18 48 c7 44 24 20 e0 05 cb 89 <48> c1 eb 03 48 c7 44 24 28 e0 2f 51 81 48 8d 04 13 c7 00 f1 f1 f1 RSP: 0018:ffffc90000cd7af0 EFLAGS: 00000286 RAX: 0000000000000000 RBX: ffffc90000cd7b08 RCX: ffffffff81573b8e RDX: dffffc0000000000 RSI: ffffffff87eaa42a RDI: ffffffff8a2e5c40 RBP: ffffc90000cd7cd0 R08: ffffed10173e6e14 R09: ffffed10173e6e14 R10: ffffed10173e6e13 R11: ffff8880b9f3709b R12: ffffffff8a2e5c40 R13: ffffffff87eaa42a R14: ffff8880ac55f880 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f38cf727000 CR3: 00000000b074b000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rcu_lock_release include/linux/rcupdate.h:213 [inline] rcu_read_unlock include/linux/rcupdate.h:655 [inline] batadv_iv_ogm_slide_own_bcast_window net/batman-adv/bat_iv_ogm.c:771 [inline] batadv_iv_ogm_schedule_buff+0x726/0xf60 net/batman-adv/bat_iv_ogm.c:821 batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:865 [inline] batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:858 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x5be/0x920 net/batman-adv/bat_iv_ogm.c:1718 process_one_work+0x8ff/0x1690 kernel/workqueue.c:2264 worker_thread+0x82/0xb50 kernel/workqueue.c:2410 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352