bisecting fixing commit since ed4643521e6af8ab8ed1e467630a85884d2696cf
building syzkaller on 89bc860804252dbacb8c2bea60b9204859f4afd7
testing commit ed4643521e6af8ab8ed1e467630a85884d2696cf
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6b77c07b5e3f57d1b12db923623dab07d16862b829ab19c6979a66c0014b0da5
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: EOF
run #1: basic kernel testing failed: BUG: program execution failed: executor NUM: EOF
run #2: crashed: INFO: task hung in r871xu_dev_remove
run #3: crashed: INFO: task hung in r871xu_dev_remove
run #4: crashed: INFO: task hung in regdb_fw_cb
run #5: crashed: INFO: task hung in r871xu_dev_remove
run #6: crashed: INFO: task hung in crda_timeout_work
run #7: crashed: INFO: task hung in r871xu_dev_remove
run #8: crashed: INFO: task hung in r871xu_dev_remove
run #9: crashed: INFO: task hung in r871xu_dev_remove
run #10: crashed: INFO: task hung in r871xu_dev_remove
run #11: crashed: INFO: task hung in r871xu_dev_remove
run #12: crashed: INFO: task hung in r871xu_dev_remove
run #13: crashed: INFO: task hung in r871xu_dev_remove
run #14: crashed: INFO: task hung in crda_timeout_work
run #15: crashed: INFO: task hung in r871xu_dev_remove
run #16: crashed: INFO: task hung in r871xu_dev_remove
run #17: crashed: INFO: task hung in netdev_run_todo
run #18: crashed: INFO: task hung in netdev_run_todo
run #19: crashed: INFO: task hung in r871xu_dev_remove
testing current HEAD 13bc32bad7059d6c5671e9d037e6e3ed001cc0f4
testing commit 13bc32bad7059d6c5671e9d037e6e3ed001cc0f4
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c8e8fb50cb60033cfb23a9354668e14341fbd52cba260d998a32d8c661c56c72
run #0: crashed: INFO: task hung in r871xu_dev_remove
run #1: crashed: INFO: task hung in r871xu_dev_remove
run #2: crashed: INFO: task hung in r871xu_dev_remove
run #3: crashed: INFO: task hung in r871xu_dev_remove
run #4: crashed: INFO: task hung in r871xu_dev_remove
run #5: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor1323112174" "root@10.128.10.6:./syz-executor1323112174"]: exit status 1
Connection timed out during banner exchange
Connection to 10.128.10.6 port 22 timed out
lost connection
run #6: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor2232221420" "root@10.128.1.127:./syz-executor2232221420"]: exit status 1
Connection timed out during banner exchange
Connection to 10.128.1.127 port 22 timed out
lost connection
run #7: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor3376234210" "root@10.128.10.0:./syz-executor3376234210"]: exit status 1
Connection timed out during banner exchange
Connection to 10.128.10.0 port 22 timed out
lost connection
run #8: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor190503090" "root@10.128.10.40:./syz-executor190503090"]: exit status 1
Connection timed out during banner exchange
Connection to 10.128.10.40 port 22 timed out
lost connection
run #9: OK
revisions tested: 2, total time: 30m16.572763834s (build: 12m3.754509662s, test: 17m39.361524907s)
the crash still happens on HEAD
commit msg: Merge tag 'drm-fixes-2022-04-23' of git://anongit.freedesktop.org/drm/drm
crash: INFO: task hung in r871xu_dev_remove
INFO: task kworker/1:1:26 blocked for more than 143 seconds.
Not tainted 5.18.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:1 state:D stack:25096 pid: 26 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:5073 [inline]
__schedule+0xa5a/0x4c70 kernel/sched/core.c:6388
schedule+0xd2/0x1f0 kernel/sched/core.c:6460
schedule_timeout+0x19d/0x250 kernel/time/timer.c:1860
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common+0x373/0x530 kernel/sched/completion.c:106
r871xu_dev_remove+0x65/0x260 drivers/staging/rtl8712/usb_intf.c:597
usb_unbind_interface+0x183/0x7e0 drivers/usb/core/driver.c:458
__device_release_driver drivers/base/dd.c:1200 [inline]
device_release_driver_internal+0x3be/0x590 drivers/base/dd.c:1223
bus_remove_device+0x295/0x550 drivers/base/bus.c:529
device_del+0x48d/0xb80 drivers/base/core.c:3592
usb_disable_device+0x29c/0x660 drivers/usb/core/message.c:1419
usb_disconnect.cold+0x20a/0x61d drivers/usb/core/hub.c:2228
hub_port_connect drivers/usb/core/hub.c:5207 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
port_event drivers/usb/core/hub.c:5665 [inline]
hub_event+0xb46/0x39b0 drivers/usb/core/hub.c:5747
process_one_work+0x865/0x13d0 kernel/workqueue.c:2289
process_scheduled_works kernel/workqueue.c:2352 [inline]
worker_thread+0x738/0xec0 kernel/workqueue.c:2438
kthread+0x299/0x340 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
INFO: task kworker/0:3:3609 blocked for more than 143 seconds.
Not tainted 5.18.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:3 state:D stack:24416 pid: 3609 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:5073 [inline]
__schedule+0xa5a/0x4c70 kernel/sched/core.c:6388
schedule+0xd2/0x1f0 kernel/sched/core.c:6460
schedule_timeout+0x19d/0x250 kernel/time/timer.c:1860
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common+0x373/0x530 kernel/sched/completion.c:106
r871xu_dev_remove+0x65/0x260 drivers/staging/rtl8712/usb_intf.c:597
usb_unbind_interface+0x183/0x7e0 drivers/usb/core/driver.c:458
__device_release_driver drivers/base/dd.c:1200 [inline]
device_release_driver_internal+0x3be/0x590 drivers/base/dd.c:1223
bus_remove_device+0x295/0x550 drivers/base/bus.c:529
device_del+0x48d/0xb80 drivers/base/core.c:3592
usb_disable_device+0x29c/0x660 drivers/usb/core/message.c:1419
usb_disconnect.cold+0x20a/0x61d drivers/usb/core/hub.c:2228
hub_port_connect drivers/usb/core/hub.c:5207 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
port_event drivers/usb/core/hub.c:5665 [inline]
hub_event+0xb46/0x39b0 drivers/usb/core/hub.c:5747
process_one_work+0x865/0x13d0 kernel/workqueue.c:2289
process_scheduled_works kernel/workqueue.c:2352 [inline]
worker_thread+0x738/0xec0 kernel/workqueue.c:2438
kthread+0x299/0x340 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
INFO: task kworker/0:4:3610 blocked for more than 143 seconds.
Not tainted 5.18.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:4 state:D stack:22552 pid: 3610 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:5073 [inline]
__schedule+0xa5a/0x4c70 kernel/sched/core.c:6388
schedule+0xd2/0x1f0 kernel/sched/core.c:6460
schedule_timeout+0x19d/0x250 kernel/time/timer.c:1860
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common+0x373/0x530 kernel/sched/completion.c:106
r871xu_dev_remove+0x65/0x260 drivers/staging/rtl8712/usb_intf.c:597
usb_unbind_interface+0x183/0x7e0 drivers/usb/core/driver.c:458
__device_release_driver drivers/base/dd.c:1200 [inline]
device_release_driver_internal+0x3be/0x590 drivers/base/dd.c:1223
bus_remove_device+0x295/0x550 drivers/base/bus.c:529
device_del+0x48d/0xb80 drivers/base/core.c:3592
usb_disable_device+0x29c/0x660 drivers/usb/core/message.c:1419
usb_disconnect.cold+0x20a/0x61d drivers/usb/core/hub.c:2228
hub_port_connect drivers/usb/core/hub.c:5207 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
port_event drivers/usb/core/hub.c:5665 [inline]
hub_event+0xb46/0x39b0 drivers/usb/core/hub.c:5747
process_one_work+0x865/0x13d0 kernel/workqueue.c:2289
process_scheduled_works kernel/workqueue.c:2352 [inline]
worker_thread+0x738/0xec0 kernel/workqueue.c:2438
kthread+0x299/0x340 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
INFO: task kworker/0:5:3611 blocked for more than 144 seconds.
Not tainted 5.18.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:5 state:D stack:24728 pid: 3611 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:5073 [inline]
__schedule+0xa5a/0x4c70 kernel/sched/core.c:6388
schedule+0xd2/0x1f0 kernel/sched/core.c:6460
schedule_timeout+0x19d/0x250 kernel/time/timer.c:1860
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common+0x373/0x530 kernel/sched/completion.c:106
r871xu_dev_remove+0x65/0x260 drivers/staging/rtl8712/usb_intf.c:597
usb_unbind_interface+0x183/0x7e0 drivers/usb/core/driver.c:458
__device_release_driver drivers/base/dd.c:1200 [inline]
device_release_driver_internal+0x3be/0x590 drivers/base/dd.c:1223
bus_remove_device+0x295/0x550 drivers/base/bus.c:529
device_del+0x48d/0xb80 drivers/base/core.c:3592
usb_disable_device+0x29c/0x660 drivers/usb/core/message.c:1419
usb_disconnect.cold+0x20a/0x61d drivers/usb/core/hub.c:2228
hub_port_connect drivers/usb/core/hub.c:5207 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
port_event drivers/usb/core/hub.c:5665 [inline]
hub_event+0xb46/0x39b0 drivers/usb/core/hub.c:5747
process_one_work+0x865/0x13d0 kernel/workqueue.c:2289
process_scheduled_works kernel/workqueue.c:2352 [inline]
worker_thread+0x738/0xec0 kernel/workqueue.c:2438
kthread+0x299/0x340 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
INFO: task kworker/1:6:3920 blocked for more than 144 seconds.
Not tainted 5.18.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:6 state:D stack:24816 pid: 3920 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:5073 [inline]
__schedule+0xa5a/0x4c70 kernel/sched/core.c:6388
schedule+0xd2/0x1f0 kernel/sched/core.c:6460
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6519
__mutex_lock_common kernel/locking/mutex.c:673 [inline]
__mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:733
unregister_netdev+0x9/0x20 net/core/dev.c:10809
r871xu_dev_remove+0x1f1/0x260 drivers/staging/rtl8712/usb_intf.c:599
usb_unbind_interface+0x183/0x7e0 drivers/usb/core/driver.c:458
__device_release_driver drivers/base/dd.c:1200 [inline]
device_release_driver_internal+0x3be/0x590 drivers/base/dd.c:1223
bus_remove_device+0x295/0x550 drivers/base/bus.c:529
device_del+0x48d/0xb80 drivers/base/core.c:3592
usb_disable_device+0x29c/0x660 drivers/usb/core/message.c:1419
usb_disconnect.cold+0x20a/0x61d drivers/usb/core/hub.c:2228
hub_port_connect drivers/usb/core/hub.c:5207 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
port_event drivers/usb/core/hub.c:5665 [inline]
hub_event+0xb46/0x39b0 drivers/usb/core/hub.c:5747
process_one_work+0x865/0x13d0 kernel/workqueue.c:2289
process_scheduled_works kernel/workqueue.c:2352 [inline]
worker_thread+0x738/0xec0 kernel/workqueue.c:2438
kthread+0x299/0x340 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
INFO: task kworker/1:8:3922 blocked for more than 144 seconds.
Not tainted 5.18.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:8 state:D stack:24816 pid: 3922 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:5073 [inline]
__schedule+0xa5a/0x4c70 kernel/sched/core.c:6388
schedule+0xd2/0x1f0 kernel/sched/core.c:6460
schedule_timeout+0x19d/0x250 kernel/time/timer.c:1860
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common+0x373/0x530 kernel/sched/completion.c:106
r871xu_dev_remove+0x65/0x260 drivers/staging/rtl8712/usb_intf.c:597
usb_unbind_interface+0x183/0x7e0 drivers/usb/core/driver.c:458
__device_release_driver drivers/base/dd.c:1200 [inline]
device_release_driver_internal+0x3be/0x590 drivers/base/dd.c:1223
bus_remove_device+0x295/0x550 drivers/base/bus.c:529
device_del+0x48d/0xb80 drivers/base/core.c:3592
usb_disable_device+0x29c/0x660 drivers/usb/core/message.c:1419
usb_disconnect.cold+0x20a/0x61d drivers/usb/core/hub.c:2228
hub_port_connect drivers/usb/core/hub.c:5207 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
port_event drivers/usb/core/hub.c:5665 [inline]
hub_event+0xb46/0x39b0 drivers/usb/core/hub.c:5747
process_one_work+0x865/0x13d0 kernel/workqueue.c:2289
process_scheduled_works kernel/workqueue.c:2352 [inline]
worker_thread+0x738/0xec0 kernel/workqueue.c:2438
kthread+0x299/0x340 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
Showing all locks held in the system:
3 locks held by kworker/0:0/6:
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90000cb7db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c48f528 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10085
3 locks held by kworker/0:1/14:
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90000d37db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c48f528 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10085
5 locks held by kworker/1:1/26:
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90000e0fdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffff8881488e2220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#2: ffff8881488e2220 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x39b0 drivers/usb/core/hub.c:5693
#3: ffff888019204220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#3: ffff888019204220 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x61d drivers/usb/core/hub.c:2219
#4: ffff88806cb281a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#4: ffff88806cb281a8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1033 [inline]
#4: ffff88806cb281a8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x590 drivers/base/dd.c:1220
1 lock held by khungtaskd/28:
#0: ffffffff8ad784a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6467
3 locks held by kworker/0:2/144:
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc900023dfdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c48f528 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10085
3 locks held by kworker/1:3/2926:
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc9000b3d7db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c48f528 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10085
2 locks held by dhcpcd/3175:
#0: ffffffff8c48f528 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x175/0x16c0 net/ipv4/devinet.c:1072
#1: ffff88806bb44ee0 (&padapter->mutex_start){+.+.}-{3:3}, at: netdev_open+0x30/0x5e0 drivers/staging/rtl8712/os_intfs.c:375
2 locks held by getty/3273:
#0: ffff88814b920098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:244
#1: ffffc900027832e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x9d7/0xed0 drivers/tty/n_tty.c:2075
3 locks held by kworker/1:4/3607:
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90002c1fdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c48f528 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10085
3 locks held by kworker/1:5/3608:
#0: ffff88814ba25d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88814ba25d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88814ba25d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88814ba25d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88814ba25d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88814ba25d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90002c2fdb8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c48f528 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x9/0x20 net/ipv6/addrconf.c:4603
5 locks held by kworker/0:3/3609:
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90002c3fdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffff88801d3ba220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#2: ffff88801d3ba220 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x39b0 drivers/usb/core/hub.c:5693
#3: ffff888077009220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#3: ffff888077009220 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x61d drivers/usb/core/hub.c:2219
#4: ffff88801de2a1a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#4: ffff88801de2a1a8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1033 [inline]
#4: ffff88801de2a1a8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x590 drivers/base/dd.c:1220
5 locks held by kworker/0:4/3610:
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90002c4fdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffff88814895e220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#2: ffff88814895e220 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x39b0 drivers/usb/core/hub.c:5693
#3: ffff88807700b220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#3: ffff88807700b220 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x61d drivers/usb/core/hub.c:2219
#4: ffff88807700f1a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#4: ffff88807700f1a8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1033 [inline]
#4: ffff88807700f1a8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x590 drivers/base/dd.c:1220
5 locks held by kworker/0:5/3611:
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90002c5fdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffff888148942220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#2: ffff888148942220 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x39b0 drivers/usb/core/hub.c:5693
#3: ffff88807700a220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#3: ffff88807700a220 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x61d drivers/usb/core/hub.c:2219
#4: ffff88807d7791a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#4: ffff88807d7791a8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1033 [inline]
#4: ffff88807d7791a8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x590 drivers/base/dd.c:1220
6 locks held by kworker/1:6/3920:
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90002c8fdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffff88801d44a220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#2: ffff88801d44a220 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x39b0 drivers/usb/core/hub.c:5693
#3: ffff88807ef04220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#3: ffff88807ef04220 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x61d drivers/usb/core/hub.c:2219
#4: ffff8880192011a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#4: ffff8880192011a8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1033 [inline]
#4: ffff8880192011a8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x590 drivers/base/dd.c:1220
#5: ffffffff8c48f528 (rtnl_mutex){+.+.}-{3:3}, at: unregister_netdev+0x9/0x20 net/core/dev.c:10809
3 locks held by kworker/1:7/3921:
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90002cafdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c48f528 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10085
5 locks held by kworker/1:8/3922:
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88814554b938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90002cbfdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffff888148946220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#2: ffff888148946220 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x39b0 drivers/usb/core/hub.c:5693
#3: ffff8880730ee220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#3: ffff8880730ee220 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x61d drivers/usb/core/hub.c:2219
#4: ffff88807a8e81a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#4: ffff88807a8e81a8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1033 [inline]
#4: ffff88807a8e81a8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x590 drivers/base/dd.c:1220
3 locks held by kworker/0:7/4026:
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90002cffdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c48f528 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10085
3 locks held by kworker/0:8/4063:
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90002ddfdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c48f528 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10085
3 locks held by udevd/4128:
#0: ffff88806b209488 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:198 [inline]
#0: ffff88806b209488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x650 fs/kernfs/file.c:237
#1: ffff8880682dd578 (kn->active#53){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:199 [inline]
#1: ffff8880682dd578 (kn->active#53){++++}-{0:0}, at: kernfs_fop_read_iter+0x182/0x650 fs/kernfs/file.c:237
#2: ffff88807ef04220 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:772 [inline]
#2: ffff88807ef04220 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873
3 locks held by kworker/0:9/4140:
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90003087db8 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c48f528 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0x5/0x10 net/switchdev/switchdev.c:75
3 locks held by udevd/4144:
#0: ffff88806bca0488 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:198 [inline]
#0: ffff88806bca0488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x650 fs/kernfs/file.c:237
#1: ffff88806d0c5578 (kn->active#53){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:199 [inline]
#1: ffff88806d0c5578 (kn->active#53){++++}-{0:0}, at: kernfs_fop_read_iter+0x182/0x650 fs/kernfs/file.c:237
#2: ffff888077009220 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:772 [inline]
#2: ffff888077009220 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873
3 locks held by udevd/4151:
#0: ffff88806b1c8488 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:198 [inline]
#0: ffff88806b1c8488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x650 fs/kernfs/file.c:237
#1: ffff88806cc66748 (kn->active#53){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:199 [inline]
#1: ffff88806cc66748 (kn->active#53){++++}-{0:0}, at: kernfs_fop_read_iter+0x182/0x650 fs/kernfs/file.c:237
#2: ffff888019204220 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:772 [inline]
#2: ffff888019204220 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873
3 locks held by kworker/1:10/4152:
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc9000300fdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c48f528 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10085
3 locks held by kworker/0:10/5347:
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff88800fc64d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90005147db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c48f528 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10085
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 28 Comm: khungtaskd Not tainted 5.18.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106
nmi_cpu_backtrace.cold+0x30/0xc0 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x140/0x170 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
watchdog+0x88c/0xbf0 kernel/hung_task.c:369
kthread+0x299/0x340 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 3968 Comm: kworker/u4:7 Not tainted 5.18.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy8 ieee80211_iface_work
RIP: 0010:match_held_lock+0xe/0xc0 kernel/locking/lockdep.c:5091
Code: 48 c7 c7 60 93 eb 88 e8 4c 71 be ff e8 10 74 ce ff 31 c0 5d c3 0f 1f 80 00 00 00 00 53 48 89 fb 48 83 ec 08 48 39 77 10 74 6a <66> f7 47 22 f0 ff 74 5a 48 8b 46 08 48 89 f7 48 85 c0 74 42 8b 15
RSP: 0018:ffffc90002d9f610 EFLAGS: 00000006
RAX: 0000000000000005 RBX: ffff88801b49c508 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffff88800fc40858 RDI: ffff88801b49c508
RBP: ffff88800fc40858 R08: ffff88806bade800 R09: 000000008010000f
R10: fffff520005b3ebb R11: 0000000000000001 R12: ffff88801b49ba80
R13: ffff88801b49c4e0 R14: 00000000ffffffff R15: ffff88801b49c508
FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f28b874a110 CR3: 000000001ebb9000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__lock_is_held kernel/locking/lockdep.c:5382 [inline]
lock_is_held_type+0xa7/0x140 kernel/locking/lockdep.c:5684
lock_is_held include/linux/lockdep.h:283 [inline]
remove_partial mm/slub.c:2075 [inline]
acquire_slab mm/slub.c:2120 [inline]
get_partial_node.part.0+0x1e0/0x220 mm/slub.c:2160
get_partial_node mm/slub.c:2150 [inline]
get_partial mm/slub.c:2262 [inline]
___slab_alloc+0x7b5/0xf20 mm/slub.c:3000
__slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3092
slab_alloc_node mm/slub.c:3183 [inline]
slab_alloc mm/slub.c:3225 [inline]
kmem_cache_alloc_trace+0x310/0x3f0 mm/slub.c:3256
kmalloc include/linux/slab.h:581 [inline]
kzalloc include/linux/slab.h:714 [inline]
ieee802_11_parse_elems_crc+0xcb/0xf70 net/mac80211/util.c:1502
ieee802_11_parse_elems net/mac80211/ieee80211_i.h:2251 [inline]
ieee80211_bss_info_update+0x2de/0x880 net/mac80211/scan.c:212
ieee80211_rx_bss_info net/mac80211/ibss.c:1119 [inline]
ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1610 [inline]
ieee80211_ibss_rx_queued_mgmt+0x12f3/0x31e0 net/mac80211/ibss.c:1639
ieee80211_iface_process_skb net/mac80211/iface.c:1527 [inline]
ieee80211_iface_work+0x73d/0x980 net/mac80211/iface.c:1581
process_one_work+0x865/0x13d0 kernel/workqueue.c:2289
worker_thread+0x598/0xec0 kernel/workqueue.c:2436
kthread+0x299/0x340 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
----------------
Code disassembly (best guess):
0: 48 c7 c7 60 93 eb 88 mov $0xffffffff88eb9360,%rdi
7: e8 4c 71 be ff callq 0xffbe7158
c: e8 10 74 ce ff callq 0xffce7421
11: 31 c0 xor %eax,%eax
13: 5d pop %rbp
14: c3 retq
15: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
1c: 53 push %rbx
1d: 48 89 fb mov %rdi,%rbx
20: 48 83 ec 08 sub $0x8,%rsp
24: 48 39 77 10 cmp %rsi,0x10(%rdi)
28: 74 6a je 0x94
* 2a: 66 f7 47 22 f0 ff testw $0xfff0,0x22(%rdi) <-- trapping instruction
30: 74 5a je 0x8c
32: 48 8b 46 08 mov 0x8(%rsi),%rax
36: 48 89 f7 mov %rsi,%rdi
39: 48 85 c0 test %rax,%rax
3c: 74 42 je 0x80
3e: 8b .byte 0x8b
3f: 15 .byte 0x15