ci starts bisection 2022-08-25 15:11:40.006259489 +0000 UTC m=+32.136654683
bisecting fixing commit since ed4643521e6af8ab8ed1e467630a85884d2696cf
building syzkaller on 89bc860804252dbacb8c2bea60b9204859f4afd7
testing commit ed4643521e6af8ab8ed1e467630a85884d2696cf
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8b5a7f2892aea9e816170145d561afb08ad16710471c31aacacfcb06b18a5f49
run #0: crashed: INFO: task hung in crda_timeout_work
run #1: crashed: INFO: task hung in r871xu_dev_remove
run #2: crashed: INFO: task hung in netdev_run_todo
run #3: crashed: INFO: task hung in regdb_fw_cb
run #4: crashed: INFO: task hung in r871xu_dev_remove
run #5: crashed: INFO: task hung in r871xu_dev_remove
run #6: crashed: INFO: task hung in netdev_run_todo
run #7: crashed: INFO: task hung in r871xu_dev_remove
run #8: crashed: INFO: task hung in r871xu_dev_remove
run #9: crashed: INFO: task hung in r871xu_dev_remove
run #10: crashed: INFO: task hung in r871xu_dev_remove
run #11: crashed: INFO: task hung in netdev_run_todo
run #12: crashed: INFO: task hung in r871xu_dev_remove
run #13: crashed: INFO: task hung in r871xu_dev_remove
run #14: crashed: INFO: task hung in netdev_run_todo
run #15: crashed: INFO: task hung in r871xu_dev_remove
run #16: crashed: INFO: task hung in netdev_run_todo
run #17: crashed: INFO: task hung in r871xu_dev_remove
run #18: crashed: INFO: task hung in netdev_run_todo
run #19: crashed: INFO: task hung in r871xu_dev_remove
testing current HEAD c40e8341e3b3bb27e3a65b06b5b454626234c4f0
testing commit c40e8341e3b3bb27e3a65b06b5b454626234c4f0
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 35d5c99253a1af19fea0dd314c6e3757f199dfd6f2cdbb59c57c2b2eabf117e7
run #0: crashed: INFO: task hung in crda_timeout_work
run #1: crashed: INFO: task hung in r871xu_dev_remove
run #2: crashed: INFO: task hung in r871xu_dev_remove
run #3: crashed: INFO: task hung in r871xu_dev_remove
run #4: crashed: INFO: task hung in r871xu_dev_remove
run #5: crashed: INFO: task hung in r871xu_dev_remove
run #6: crashed: INFO: task hung in r871xu_dev_remove
run #7: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor2770307626" "root@10.128.1.32:./syz-executor2770307626"]: exit status 1
Connection timed out during banner exchange
Connection to 10.128.1.32 port 22 timed out
lost connection
run #8: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor3842861425" "root@10.128.1.36:./syz-executor3842861425"]: exit status 1
Connection timed out during banner exchange
Connection to 10.128.1.36 port 22 timed out
lost connection
run #9: OK
revisions tested: 2, total time: 33m55.231772812s (build: 13m16.784322524s, test: 19m56.733149188s)
the crash still happens on HEAD
commit msg: Merge tag 'cgroup-for-6.0-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
crash: INFO: task hung in r871xu_dev_remove
INFO: task kworker/0:9:4181 blocked for more than 143 seconds.
Not tainted 6.0.0-rc2-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:9 state:D stack:25032 pid: 4181 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:5182 [inline]
__schedule+0xa9f/0x5270 kernel/sched/core.c:6494
schedule+0xda/0x1b0 kernel/sched/core.c:6570
schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6629
__mutex_lock_common kernel/locking/mutex.c:679 [inline]
__mutex_lock+0xa44/0x1350 kernel/locking/mutex.c:747
unregister_netdev+0x9/0x20 net/core/dev.c:10920
r871xu_dev_remove+0x222/0x3f0 drivers/staging/rtl8712/usb_intf.c:597
usb_unbind_interface+0x183/0x7e0 drivers/usb/core/driver.c:458
__device_release_driver drivers/base/dd.c:1209 [inline]
device_release_driver_internal+0x3bc/0x600 drivers/base/dd.c:1235
bus_remove_device+0x295/0x550 drivers/base/bus.c:529
device_del+0x48d/0xb80 drivers/base/core.c:3704
usb_disable_device+0x29c/0x650 drivers/usb/core/message.c:1419
usb_disconnect.cold+0x1f5/0x623 drivers/usb/core/hub.c:2235
hub_port_connect drivers/usb/core/hub.c:5197 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
port_event drivers/usb/core/hub.c:5653 [inline]
hub_event+0x1662/0x3af0 drivers/usb/core/hub.c:5735
process_one_work+0x865/0x13d0 kernel/workqueue.c:2289
process_scheduled_works kernel/workqueue.c:2352 [inline]
worker_thread+0x738/0xec0 kernel/workqueue.c:2438
kthread+0x294/0x330 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
Showing all locks held in the system:
3 locks held by kworker/0:0/6:
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc900000b7db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194
1 lock held by rcu_tasks_kthre/12:
#0: ffffffff8b17e5f0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 kernel/rcu/tasks.h:507
1 lock held by rcu_tasks_trace/13:
#0: ffffffff8b17e2f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 kernel/rcu/tasks.h:507
3 locks held by kworker/0:1/14:
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90000137db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194
3 locks held by kworker/1:0/22:
#0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc900001c7db8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x9/0x20 net/ipv6/addrconf.c:4620
1 lock held by khungtaskd/28:
#0: ffffffff8b17f140 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6492
5 locks held by kworker/1:2/143:
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90001d0fdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffff88801f24d190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#2: ffff88801f24d190 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3af0 drivers/usb/core/hub.c:5681
#3: ffff888024421190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#3: ffff888024421190 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x623 drivers/usb/core/hub.c:2226
#4: ffff888024424118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#4: ffff888024424118 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1038 [inline]
#4: ffff888024424118 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x600 drivers/base/dd.c:1232
3 locks held by kworker/0:3/2931:
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc9000d967db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194
2 locks held by dhcpcd/3182:
#0: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x175/0x1710 net/ipv4/devinet.c:1070
#1: ffff88806a18cdf0 (&padapter->mutex_start){+.+.}-{3:3}, at: netdev_open+0x30/0x5f0 drivers/staging/rtl8712/os_intfs.c:374
2 locks held by getty/3279:
#0: ffff888025956098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:244
#1: ffffc900029232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xb6e/0x1030 drivers/tty/n_tty.c:2177
5 locks held by kworker/0:4/3612:
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc900033efdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffff88814729d190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#2: ffff88814729d190 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3af0 drivers/usb/core/hub.c:5681
#3: ffff88801e912190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#3: ffff88801e912190 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x623 drivers/usb/core/hub.c:2226
#4: ffff888016376118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#4: ffff888016376118 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1038 [inline]
#4: ffff888016376118 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x600 drivers/base/dd.c:1232
5 locks held by kworker/0:5/3613:
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc900033ffdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffff88814725d190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#2: ffff88814725d190 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3af0 drivers/usb/core/hub.c:5681
#3: ffff888077a03190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#3: ffff888077a03190 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x623 drivers/usb/core/hub.c:2226
#4: ffff888010ef6118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#4: ffff888010ef6118 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1038 [inline]
#4: ffff888010ef6118 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x600 drivers/base/dd.c:1232
3 locks held by kworker/0:6/3614:
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc9000340fdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194
5 locks held by kworker/1:3/3730:
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc9000338fdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffff8881471e8190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#2: ffff8881471e8190 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3af0 drivers/usb/core/hub.c:5681
#3: ffff888024426190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#3: ffff888024426190 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x623 drivers/usb/core/hub.c:2226
#4: ffff8880162b9118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#4: ffff8880162b9118 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1038 [inline]
#4: ffff8880162b9118 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x600 drivers/base/dd.c:1232
3 locks held by udevd/4017:
#0: ffff88806bc30c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:253 [inline]
#0: ffff88806bc30c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x660 fs/kernfs/file.c:300
#1: ffff888072a80da0 (kn->active#46){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:254 [inline]
#1: ffff888072a80da0 (kn->active#46){++++}-{0:0}, at: kernfs_fop_read_iter+0x182/0x660 fs/kernfs/file.c:300
#2: ffff888078767190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline]
#2: ffff888078767190 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873
3 locks held by kworker/1:5/4105:
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc900047d7db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194
3 locks held by kworker/1:6/4106:
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc900047e7db8 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0x5/0x10 net/switchdev/switchdev.c:75
3 locks held by kworker/0:7/4107:
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc900047f7db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194
5 locks held by kworker/0:8/4163:
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90004897db8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffff888147285190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#2: ffff888147285190 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3af0 drivers/usb/core/hub.c:5681
#3: ffff88806e7bc190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#3: ffff88806e7bc190 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x623 drivers/usb/core/hub.c:2226
#4: ffff88807e5c6118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#4: ffff88807e5c6118 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1038 [inline]
#4: ffff88807e5c6118 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x600 drivers/base/dd.c:1232
4 locks held by udevd/4169:
#0: ffff88801ee0f2f0 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xbf/0x1040 fs/seq_file.c:182
#1: ffff8880785bc488 (&of->mutex){+.+.}-{3:3}, at: kernfs_seq_start+0x40/0x390 fs/kernfs/file.c:162
#2: ffff888024a5d2c0 (kn->active#52){++++}-{0:0}, at: kernfs_seq_start+0x63/0x390 fs/kernfs/file.c:163
#3: ffff888077a03190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline]
#3: ffff888077a03190 (&dev->mutex){....}-{3:3}, at: serial_show+0x1b/0x80 drivers/usb/core/sysfs.c:142
3 locks held by kworker/1:7/4170:
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc9000496fdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194
3 locks held by kworker/1:8/4171:
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc9000497fdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194
3 locks held by kworker/1:9/4172:
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc9000498fdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194
3 locks held by udevd/4176:
#0: ffff88806cfcec88 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:253 [inline]
#0: ffff88806cfcec88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x660 fs/kernfs/file.c:300
#1: ffff88807271aa00 (kn->active#46){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:254 [inline]
#1: ffff88807271aa00 (kn->active#46){++++}-{0:0}, at: kernfs_fop_read_iter+0x182/0x660 fs/kernfs/file.c:300
#2: ffff888024421190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline]
#2: ffff888024421190 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873
6 locks held by kworker/0:9/4181:
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc9000492fdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffff888147275190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#2: ffff888147275190 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3af0 drivers/usb/core/hub.c:5681
#3: ffff888078767190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#3: ffff888078767190 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x623 drivers/usb/core/hub.c:2226
#4: ffff8880790b8118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
#4: ffff8880790b8118 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1038 [inline]
#4: ffff8880790b8118 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x600 drivers/base/dd.c:1232
#5: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: unregister_netdev+0x9/0x20 net/core/dev.c:10920
3 locks held by kworker/0:10/4182:
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc9000493fdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194
3 locks held by udevd/4224:
#0: ffff88806cfcf888 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:253 [inline]
#0: ffff88806cfcf888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x660 fs/kernfs/file.c:300
#1: ffff8880420373a8 (kn->active#46){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:254 [inline]
#1: ffff8880420373a8 (kn->active#46){++++}-{0:0}, at: kernfs_fop_read_iter+0x182/0x660 fs/kernfs/file.c:300
#2: ffff88801e912190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline]
#2: ffff88801e912190 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873
3 locks held by udevd/4244:
#0: ffff88806cefbc88 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:253 [inline]
#0: ffff88806cefbc88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x660 fs/kernfs/file.c:300
#1: ffff8880740162c0 (kn->active#46){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:254 [inline]
#1: ffff8880740162c0 (kn->active#46){++++}-{0:0}, at: kernfs_fop_read_iter+0x182/0x660 fs/kernfs/file.c:300
#2: ffff888024426190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline]
#2: ffff888024426190 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873
3 locks held by udevd/4755:
#0: ffff88806ca40088 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:253 [inline]
#0: ffff88806ca40088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x660 fs/kernfs/file.c:300
#1: ffff88806e031e88 (kn->active#46){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:254 [inline]
#1: ffff88806e031e88 (kn->active#46){++++}-{0:0}, at: kernfs_fop_read_iter+0x182/0x660 fs/kernfs/file.c:300
#2: ffff88806e7bc190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline]
#2: ffff88806e7bc190 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873
3 locks held by kworker/0:11/6881:
#0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
#0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
#0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260
#1: ffffc90005eb7db8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264
#2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x9/0x20 net/ipv6/addrconf.c:4620
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.0.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106
nmi_cpu_backtrace.cold+0x30/0xca lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x154/0x180 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
watchdog+0x88c/0xbf0 kernel/hung_task.c:369
kthread+0x294/0x330 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 4031 Comm: syz-executor.0 Not tainted 6.0.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
RIP: 0033:0x7f4aa64add78
Code: 4c 24 18 e8 aa e7 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 44 89 c7 48 89 04 24 e3 e7 ff ff 48 8b 04 24 eb 97 66 2e 0f 1f 84 00 00 00 00 00 0f
RSP: 002b:00007fffcd36fe20 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 00000000000000fb RCX: 00007f4aa64add71
RDX: 00007fffcd36fe60 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007fffcd36feec R08: 0000000000000000 R09: 00007fffcd387080
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
R13: 000000000005f43d R14: 0000000000000000 R15: 00007fffcd36ff50
FS: 00005555563b1400 GS: 0000000000000000