ci starts bisection 2022-08-25 15:11:40.006259489 +0000 UTC m=+32.136654683 bisecting fixing commit since ed4643521e6af8ab8ed1e467630a85884d2696cf building syzkaller on 89bc860804252dbacb8c2bea60b9204859f4afd7 testing commit ed4643521e6af8ab8ed1e467630a85884d2696cf compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8b5a7f2892aea9e816170145d561afb08ad16710471c31aacacfcb06b18a5f49 run #0: crashed: INFO: task hung in crda_timeout_work run #1: crashed: INFO: task hung in r871xu_dev_remove run #2: crashed: INFO: task hung in netdev_run_todo run #3: crashed: INFO: task hung in regdb_fw_cb run #4: crashed: INFO: task hung in r871xu_dev_remove run #5: crashed: INFO: task hung in r871xu_dev_remove run #6: crashed: INFO: task hung in netdev_run_todo run #7: crashed: INFO: task hung in r871xu_dev_remove run #8: crashed: INFO: task hung in r871xu_dev_remove run #9: crashed: INFO: task hung in r871xu_dev_remove run #10: crashed: INFO: task hung in r871xu_dev_remove run #11: crashed: INFO: task hung in netdev_run_todo run #12: crashed: INFO: task hung in r871xu_dev_remove run #13: crashed: INFO: task hung in r871xu_dev_remove run #14: crashed: INFO: task hung in netdev_run_todo run #15: crashed: INFO: task hung in r871xu_dev_remove run #16: crashed: INFO: task hung in netdev_run_todo run #17: crashed: INFO: task hung in r871xu_dev_remove run #18: crashed: INFO: task hung in netdev_run_todo run #19: crashed: INFO: task hung in r871xu_dev_remove testing current HEAD c40e8341e3b3bb27e3a65b06b5b454626234c4f0 testing commit c40e8341e3b3bb27e3a65b06b5b454626234c4f0 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 35d5c99253a1af19fea0dd314c6e3757f199dfd6f2cdbb59c57c2b2eabf117e7 run #0: crashed: INFO: task hung in crda_timeout_work run #1: crashed: INFO: task hung in r871xu_dev_remove run #2: crashed: INFO: task hung in r871xu_dev_remove run #3: crashed: INFO: task hung in r871xu_dev_remove run #4: crashed: INFO: task hung in r871xu_dev_remove run #5: crashed: INFO: task hung in r871xu_dev_remove run #6: crashed: INFO: task hung in r871xu_dev_remove run #7: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor2770307626" "root@10.128.1.32:./syz-executor2770307626"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.1.32 port 22 timed out lost connection run #8: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor3842861425" "root@10.128.1.36:./syz-executor3842861425"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.1.36 port 22 timed out lost connection run #9: OK revisions tested: 2, total time: 33m55.231772812s (build: 13m16.784322524s, test: 19m56.733149188s) the crash still happens on HEAD commit msg: Merge tag 'cgroup-for-6.0-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup crash: INFO: task hung in r871xu_dev_remove INFO: task kworker/0:9:4181 blocked for more than 143 seconds. Not tainted 6.0.0-rc2-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:9 state:D stack:25032 pid: 4181 ppid: 2 flags:0x00004000 Workqueue: usb_hub_wq hub_event Call Trace: context_switch kernel/sched/core.c:5182 [inline] __schedule+0xa9f/0x5270 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6629 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0xa44/0x1350 kernel/locking/mutex.c:747 unregister_netdev+0x9/0x20 net/core/dev.c:10920 r871xu_dev_remove+0x222/0x3f0 drivers/staging/rtl8712/usb_intf.c:597 usb_unbind_interface+0x183/0x7e0 drivers/usb/core/driver.c:458 __device_release_driver drivers/base/dd.c:1209 [inline] device_release_driver_internal+0x3bc/0x600 drivers/base/dd.c:1235 bus_remove_device+0x295/0x550 drivers/base/bus.c:529 device_del+0x48d/0xb80 drivers/base/core.c:3704 usb_disable_device+0x29c/0x650 drivers/usb/core/message.c:1419 usb_disconnect.cold+0x1f5/0x623 drivers/usb/core/hub.c:2235 hub_port_connect drivers/usb/core/hub.c:5197 [inline] hub_port_connect_change drivers/usb/core/hub.c:5497 [inline] port_event drivers/usb/core/hub.c:5653 [inline] hub_event+0x1662/0x3af0 drivers/usb/core/hub.c:5735 process_one_work+0x865/0x13d0 kernel/workqueue.c:2289 process_scheduled_works kernel/workqueue.c:2352 [inline] worker_thread+0x738/0xec0 kernel/workqueue.c:2438 kthread+0x294/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 Showing all locks held in the system: 3 locks held by kworker/0:0/6: #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc900000b7db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194 1 lock held by rcu_tasks_kthre/12: #0: ffffffff8b17e5f0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 kernel/rcu/tasks.h:507 1 lock held by rcu_tasks_trace/13: #0: ffffffff8b17e2f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 kernel/rcu/tasks.h:507 3 locks held by kworker/0:1/14: #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc90000137db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194 3 locks held by kworker/1:0/22: #0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc900001c7db8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x9/0x20 net/ipv6/addrconf.c:4620 1 lock held by khungtaskd/28: #0: ffffffff8b17f140 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6492 5 locks held by kworker/1:2/143: #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc90001d0fdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffff88801f24d190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #2: ffff88801f24d190 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3af0 drivers/usb/core/hub.c:5681 #3: ffff888024421190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #3: ffff888024421190 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x623 drivers/usb/core/hub.c:2226 #4: ffff888024424118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #4: ffff888024424118 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1038 [inline] #4: ffff888024424118 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x600 drivers/base/dd.c:1232 3 locks held by kworker/0:3/2931: #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc9000d967db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194 2 locks held by dhcpcd/3182: #0: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x175/0x1710 net/ipv4/devinet.c:1070 #1: ffff88806a18cdf0 (&padapter->mutex_start){+.+.}-{3:3}, at: netdev_open+0x30/0x5f0 drivers/staging/rtl8712/os_intfs.c:374 2 locks held by getty/3279: #0: ffff888025956098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:244 #1: ffffc900029232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xb6e/0x1030 drivers/tty/n_tty.c:2177 5 locks held by kworker/0:4/3612: #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc900033efdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffff88814729d190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #2: ffff88814729d190 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3af0 drivers/usb/core/hub.c:5681 #3: ffff88801e912190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #3: ffff88801e912190 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x623 drivers/usb/core/hub.c:2226 #4: ffff888016376118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #4: ffff888016376118 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1038 [inline] #4: ffff888016376118 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x600 drivers/base/dd.c:1232 5 locks held by kworker/0:5/3613: #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc900033ffdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffff88814725d190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #2: ffff88814725d190 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3af0 drivers/usb/core/hub.c:5681 #3: ffff888077a03190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #3: ffff888077a03190 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x623 drivers/usb/core/hub.c:2226 #4: ffff888010ef6118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #4: ffff888010ef6118 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1038 [inline] #4: ffff888010ef6118 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x600 drivers/base/dd.c:1232 3 locks held by kworker/0:6/3614: #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc9000340fdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194 5 locks held by kworker/1:3/3730: #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc9000338fdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffff8881471e8190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #2: ffff8881471e8190 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3af0 drivers/usb/core/hub.c:5681 #3: ffff888024426190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #3: ffff888024426190 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x623 drivers/usb/core/hub.c:2226 #4: ffff8880162b9118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #4: ffff8880162b9118 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1038 [inline] #4: ffff8880162b9118 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x600 drivers/base/dd.c:1232 3 locks held by udevd/4017: #0: ffff88806bc30c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:253 [inline] #0: ffff88806bc30c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x660 fs/kernfs/file.c:300 #1: ffff888072a80da0 (kn->active#46){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:254 [inline] #1: ffff888072a80da0 (kn->active#46){++++}-{0:0}, at: kernfs_fop_read_iter+0x182/0x660 fs/kernfs/file.c:300 #2: ffff888078767190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline] #2: ffff888078767190 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873 3 locks held by kworker/1:5/4105: #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc900047d7db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194 3 locks held by kworker/1:6/4106: #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc900047e7db8 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0x5/0x10 net/switchdev/switchdev.c:75 3 locks held by kworker/0:7/4107: #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc900047f7db8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194 5 locks held by kworker/0:8/4163: #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc90004897db8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffff888147285190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #2: ffff888147285190 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3af0 drivers/usb/core/hub.c:5681 #3: ffff88806e7bc190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #3: ffff88806e7bc190 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x623 drivers/usb/core/hub.c:2226 #4: ffff88807e5c6118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #4: ffff88807e5c6118 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1038 [inline] #4: ffff88807e5c6118 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x600 drivers/base/dd.c:1232 4 locks held by udevd/4169: #0: ffff88801ee0f2f0 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xbf/0x1040 fs/seq_file.c:182 #1: ffff8880785bc488 (&of->mutex){+.+.}-{3:3}, at: kernfs_seq_start+0x40/0x390 fs/kernfs/file.c:162 #2: ffff888024a5d2c0 (kn->active#52){++++}-{0:0}, at: kernfs_seq_start+0x63/0x390 fs/kernfs/file.c:163 #3: ffff888077a03190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline] #3: ffff888077a03190 (&dev->mutex){....}-{3:3}, at: serial_show+0x1b/0x80 drivers/usb/core/sysfs.c:142 3 locks held by kworker/1:7/4170: #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc9000496fdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194 3 locks held by kworker/1:8/4171: #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc9000497fdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194 3 locks held by kworker/1:9/4172: #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc9000498fdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194 3 locks held by udevd/4176: #0: ffff88806cfcec88 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:253 [inline] #0: ffff88806cfcec88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x660 fs/kernfs/file.c:300 #1: ffff88807271aa00 (kn->active#46){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:254 [inline] #1: ffff88807271aa00 (kn->active#46){++++}-{0:0}, at: kernfs_fop_read_iter+0x182/0x660 fs/kernfs/file.c:300 #2: ffff888024421190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline] #2: ffff888024421190 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873 6 locks held by kworker/0:9/4181: #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff8880163afd38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc9000492fdb8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffff888147275190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #2: ffff888147275190 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3af0 drivers/usb/core/hub.c:5681 #3: ffff888078767190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #3: ffff888078767190 (&dev->mutex){....}-{3:3}, at: usb_disconnect.cold+0x43/0x623 drivers/usb/core/hub.c:2226 #4: ffff8880790b8118 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline] #4: ffff8880790b8118 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1038 [inline] #4: ffff8880790b8118 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0x88/0x600 drivers/base/dd.c:1232 #5: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: unregister_netdev+0x9/0x20 net/core/dev.c:10920 3 locks held by kworker/0:10/4182: #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc9000493fdb8 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0xb/0x30 net/core/dev.c:10194 3 locks held by udevd/4224: #0: ffff88806cfcf888 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:253 [inline] #0: ffff88806cfcf888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x660 fs/kernfs/file.c:300 #1: ffff8880420373a8 (kn->active#46){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:254 [inline] #1: ffff8880420373a8 (kn->active#46){++++}-{0:0}, at: kernfs_fop_read_iter+0x182/0x660 fs/kernfs/file.c:300 #2: ffff88801e912190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline] #2: ffff88801e912190 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873 3 locks held by udevd/4244: #0: ffff88806cefbc88 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:253 [inline] #0: ffff88806cefbc88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x660 fs/kernfs/file.c:300 #1: ffff8880740162c0 (kn->active#46){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:254 [inline] #1: ffff8880740162c0 (kn->active#46){++++}-{0:0}, at: kernfs_fop_read_iter+0x182/0x660 fs/kernfs/file.c:300 #2: ffff888024426190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline] #2: ffff888024426190 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873 3 locks held by udevd/4755: #0: ffff88806ca40088 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:253 [inline] #0: ffff88806ca40088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x660 fs/kernfs/file.c:300 #1: ffff88806e031e88 (kn->active#46){++++}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:254 [inline] #1: ffff88806e031e88 (kn->active#46){++++}-{0:0}, at: kernfs_fop_read_iter+0x182/0x660 fs/kernfs/file.c:300 #2: ffff88806e7bc190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:840 [inline] #2: ffff88806e7bc190 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873 3 locks held by kworker/0:11/6881: #0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888149e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x13d0 kernel/workqueue.c:2260 #1: ffffc90005eb7db8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7b7/0x13d0 kernel/workqueue.c:2264 #2: ffffffff8c8cb228 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x9/0x20 net/ipv6/addrconf.c:4620 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.0.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 nmi_cpu_backtrace.cold+0x30/0xca lib/nmi_backtrace.c:111 nmi_trigger_cpumask_backtrace+0x154/0x180 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline] watchdog+0x88c/0xbf0 kernel/hung_task.c:369 kthread+0x294/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 4031 Comm: syz-executor.0 Not tainted 6.0.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 RIP: 0033:0x7f4aa64add78 Code: 4c 24 18 e8 aa e7 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 44 89 c7 48 89 04 24 e3 e7 ff ff 48 8b 04 24 eb 97 66 2e 0f 1f 84 00 00 00 00 00 0f RSP: 002b:00007fffcd36fe20 EFLAGS: 00000293 RAX: 0000000000000000 RBX: 00000000000000fb RCX: 00007f4aa64add71 RDX: 00007fffcd36fe60 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fffcd36feec R08: 0000000000000000 R09: 00007fffcd387080 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 R13: 000000000005f43d R14: 0000000000000000 R15: 00007fffcd36ff50 FS: 00005555563b1400 GS: 0000000000000000