bisecting fixing commit since 6e764bcd1cf72a2846c0e53d3975a09b242c04c9
building syzkaller on b599f2fcc734e2183016a340d4f6fc2891d8e41f
testing commit 6e764bcd1cf72a2846c0e53d3975a09b242c04c9
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e120b21d61e2baf9572aeb0255a59ee637f930a2dae9794cc0fe975c5f2dcbca
all runs: crashed: INFO: task hung in pn533_finalize_setup
testing current HEAD 1c52283265a462a100ae63ddf58b4e5884acde86
testing commit 1c52283265a462a100ae63ddf58b4e5884acde86
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9ca45374f6230497e66d2760916ae2adf9c2b5f535816e9ba9869931397cfbc2
all runs: crashed: INFO: task hung in pn533_finalize_setup
revisions tested: 2, total time: 24m56.801247502s (build: 12m27.558287596s, test: 11m39.982214589s)
the crash still happens on HEAD
commit msg: Merge branch 'akpm' (patches from Andrew)
crash: INFO: task hung in pn533_finalize_setup
INFO: task kworker/1:3:1137 blocked for more than 143 seconds.
Not tainted 5.16.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:3 state:D stack:25000 pid: 1137 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:4986 [inline]
__schedule+0x90d/0x2680 kernel/sched/core.c:6296
schedule+0xd2/0x260 kernel/sched/core.c:6369
schedule_timeout+0x19d/0x250 kernel/time/timer.c:1857
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x174/0x270 kernel/sched/completion.c:138
pn533_send_cmd_sync drivers/nfc/pn533/pn533.c:631 [inline]
pn533_get_firmware_version drivers/nfc/pn533/pn533.c:2519 [inline]
pn533_finalize_setup+0xec/0x130 drivers/nfc/pn533/pn533.c:2716
pn533_usb_probe+0x846/0xf00 drivers/nfc/pn533/usb.c:544
usb_probe_interface+0x274/0x6a0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x1c2/0xb60 drivers/base/dd.c:596
__driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
driver_probe_device+0x44/0x110 drivers/base/dd.c:782
__device_attach_driver+0x185/0x250 drivers/base/dd.c:899
bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
__device_attach+0x1db/0x410 drivers/base/dd.c:970
bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
device_add+0xa57/0x1b80 drivers/base/core.c:3405
usb_set_configuration+0xa66/0x18b0 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x74/0xa0 drivers/usb/core/generic.c:238
usb_probe_device+0x95/0x240 drivers/usb/core/driver.c:293
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x1c2/0xb60 drivers/base/dd.c:596
__driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
driver_probe_device+0x44/0x110 drivers/base/dd.c:782
__device_attach_driver+0x185/0x250 drivers/base/dd.c:899
bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
__device_attach+0x1db/0x410 drivers/base/dd.c:970
bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
device_add+0xa57/0x1b80 drivers/base/core.c:3405
usb_new_device.cold+0x5cf/0xee8 drivers/usb/core/hub.c:2566
hub_port_connect drivers/usb/core/hub.c:5358 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
port_event drivers/usb/core/hub.c:5660 [inline]
hub_event+0x1ba2/0x3930 drivers/usb/core/hub.c:5742
process_one_work+0x879/0x1410 kernel/workqueue.c:2307
worker_thread+0x5a0/0xf60 kernel/workqueue.c:2454
kthread+0x299/0x340 kernel/kthread.c:377
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task kworker/0:3:2989 blocked for more than 144 seconds.
Not tainted 5.16.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:3 state:D stack:25896 pid: 2989 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:4986 [inline]
__schedule+0x90d/0x2680 kernel/sched/core.c:6296
schedule+0xd2/0x260 kernel/sched/core.c:6369
schedule_timeout+0x19d/0x250 kernel/time/timer.c:1857
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x174/0x270 kernel/sched/completion.c:138
pn533_send_cmd_sync drivers/nfc/pn533/pn533.c:631 [inline]
pn533_get_firmware_version drivers/nfc/pn533/pn533.c:2519 [inline]
pn533_finalize_setup+0xec/0x130 drivers/nfc/pn533/pn533.c:2716
pn533_usb_probe+0x846/0xf00 drivers/nfc/pn533/usb.c:544
usb_probe_interface+0x274/0x6a0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x1c2/0xb60 drivers/base/dd.c:596
__driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
driver_probe_device+0x44/0x110 drivers/base/dd.c:782
__device_attach_driver+0x185/0x250 drivers/base/dd.c:899
bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
__device_attach+0x1db/0x410 drivers/base/dd.c:970
bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
device_add+0xa57/0x1b80 drivers/base/core.c:3405
usb_set_configuration+0xa66/0x18b0 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x74/0xa0 drivers/usb/core/generic.c:238
usb_probe_device+0x95/0x240 drivers/usb/core/driver.c:293
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x1c2/0xb60 drivers/base/dd.c:596
__driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
driver_probe_device+0x44/0x110 drivers/base/dd.c:782
__device_attach_driver+0x185/0x250 drivers/base/dd.c:899
bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
__device_attach+0x1db/0x410 drivers/base/dd.c:970
bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
device_add+0xa57/0x1b80 drivers/base/core.c:3405
usb_new_device.cold+0x5cf/0xee8 drivers/usb/core/hub.c:2566
hub_port_connect drivers/usb/core/hub.c:5358 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
port_event drivers/usb/core/hub.c:5660 [inline]
hub_event+0x1ba2/0x3930 drivers/usb/core/hub.c:5742
process_one_work+0x879/0x1410 kernel/workqueue.c:2307
worker_thread+0x5a0/0xf60 kernel/workqueue.c:2454
kthread+0x299/0x340 kernel/kthread.c:377
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task kworker/0:4:3654 blocked for more than 145 seconds.
Not tainted 5.16.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:4 state:D stack:25904 pid: 3654 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:4986 [inline]
__schedule+0x90d/0x2680 kernel/sched/core.c:6296
schedule+0xd2/0x260 kernel/sched/core.c:6369
schedule_timeout+0x19d/0x250 kernel/time/timer.c:1857
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x174/0x270 kernel/sched/completion.c:138
pn533_send_cmd_sync drivers/nfc/pn533/pn533.c:631 [inline]
pn533_get_firmware_version drivers/nfc/pn533/pn533.c:2519 [inline]
pn533_finalize_setup+0xec/0x130 drivers/nfc/pn533/pn533.c:2716
pn533_usb_probe+0x846/0xf00 drivers/nfc/pn533/usb.c:544
usb_probe_interface+0x274/0x6a0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x1c2/0xb60 drivers/base/dd.c:596
__driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
driver_probe_device+0x44/0x110 drivers/base/dd.c:782
__device_attach_driver+0x185/0x250 drivers/base/dd.c:899
bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
__device_attach+0x1db/0x410 drivers/base/dd.c:970
bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
device_add+0xa57/0x1b80 drivers/base/core.c:3405
usb_set_configuration+0xa66/0x18b0 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x74/0xa0 drivers/usb/core/generic.c:238
usb_probe_device+0x95/0x240 drivers/usb/core/driver.c:293
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x1c2/0xb60 drivers/base/dd.c:596
__driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
driver_probe_device+0x44/0x110 drivers/base/dd.c:782
__device_attach_driver+0x185/0x250 drivers/base/dd.c:899
bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
__device_attach+0x1db/0x410 drivers/base/dd.c:970
bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
device_add+0xa57/0x1b80 drivers/base/core.c:3405
usb_new_device.cold+0x5cf/0xee8 drivers/usb/core/hub.c:2566
hub_port_connect drivers/usb/core/hub.c:5358 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
port_event drivers/usb/core/hub.c:5660 [inline]
hub_event+0x1ba2/0x3930 drivers/usb/core/hub.c:5742
process_one_work+0x879/0x1410 kernel/workqueue.c:2307
worker_thread+0x5a0/0xf60 kernel/workqueue.c:2454
kthread+0x299/0x340 kernel/kthread.c:377
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task kworker/1:5:3657 blocked for more than 145 seconds.
Not tainted 5.16.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:5 state:D stack:25920 pid: 3657 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:4986 [inline]
__schedule+0x90d/0x2680 kernel/sched/core.c:6296
schedule+0xd2/0x260 kernel/sched/core.c:6369
schedule_timeout+0x19d/0x250 kernel/time/timer.c:1857
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x174/0x270 kernel/sched/completion.c:138
pn533_send_cmd_sync drivers/nfc/pn533/pn533.c:631 [inline]
pn533_get_firmware_version drivers/nfc/pn533/pn533.c:2519 [inline]
pn533_finalize_setup+0xec/0x130 drivers/nfc/pn533/pn533.c:2716
pn533_usb_probe+0x846/0xf00 drivers/nfc/pn533/usb.c:544
usb_probe_interface+0x274/0x6a0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x1c2/0xb60 drivers/base/dd.c:596
__driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
driver_probe_device+0x44/0x110 drivers/base/dd.c:782
__device_attach_driver+0x185/0x250 drivers/base/dd.c:899
bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
__device_attach+0x1db/0x410 drivers/base/dd.c:970
bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
device_add+0xa57/0x1b80 drivers/base/core.c:3405
usb_set_configuration+0xa66/0x18b0 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x74/0xa0 drivers/usb/core/generic.c:238
usb_probe_device+0x95/0x240 drivers/usb/core/driver.c:293
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x1c2/0xb60 drivers/base/dd.c:596
__driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
driver_probe_device+0x44/0x110 drivers/base/dd.c:782
__device_attach_driver+0x185/0x250 drivers/base/dd.c:899
bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
__device_attach+0x1db/0x410 drivers/base/dd.c:970
bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
device_add+0xa57/0x1b80 drivers/base/core.c:3405
usb_new_device.cold+0x5cf/0xee8 drivers/usb/core/hub.c:2566
hub_port_connect drivers/usb/core/hub.c:5358 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
port_event drivers/usb/core/hub.c:5660 [inline]
hub_event+0x1ba2/0x3930 drivers/usb/core/hub.c:5742
process_one_work+0x879/0x1410 kernel/workqueue.c:2307
worker_thread+0x5a0/0xf60 kernel/workqueue.c:2454
kthread+0x299/0x340 kernel/kthread.c:377
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task kworker/1:6:3695 blocked for more than 146 seconds.
Not tainted 5.16.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:6 state:D stack:26696 pid: 3695 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:4986 [inline]
__schedule+0x90d/0x2680 kernel/sched/core.c:6296
schedule+0xd2/0x260 kernel/sched/core.c:6369
schedule_timeout+0x19d/0x250 kernel/time/timer.c:1857
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x174/0x270 kernel/sched/completion.c:138
pn533_send_cmd_sync drivers/nfc/pn533/pn533.c:631 [inline]
pn533_get_firmware_version drivers/nfc/pn533/pn533.c:2519 [inline]
pn533_finalize_setup+0xec/0x130 drivers/nfc/pn533/pn533.c:2716
pn533_usb_probe+0x846/0xf00 drivers/nfc/pn533/usb.c:544
usb_probe_interface+0x274/0x6a0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x1c2/0xb60 drivers/base/dd.c:596
__driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
driver_probe_device+0x44/0x110 drivers/base/dd.c:782
__device_attach_driver+0x185/0x250 drivers/base/dd.c:899
bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
__device_attach+0x1db/0x410 drivers/base/dd.c:970
bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
device_add+0xa57/0x1b80 drivers/base/core.c:3405
usb_set_configuration+0xa66/0x18b0 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x74/0xa0 drivers/usb/core/generic.c:238
usb_probe_device+0x95/0x240 drivers/usb/core/driver.c:293
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x1c2/0xb60 drivers/base/dd.c:596
__driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
driver_probe_device+0x44/0x110 drivers/base/dd.c:782
__device_attach_driver+0x185/0x250 drivers/base/dd.c:899
bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
__device_attach+0x1db/0x410 drivers/base/dd.c:970
bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
device_add+0xa57/0x1b80 drivers/base/core.c:3405
usb_new_device.cold+0x5cf/0xee8 drivers/usb/core/hub.c:2566
hub_port_connect drivers/usb/core/hub.c:5358 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
port_event drivers/usb/core/hub.c:5660 [inline]
hub_event+0x1ba2/0x3930 drivers/usb/core/hub.c:5742
process_one_work+0x879/0x1410 kernel/workqueue.c:2307
worker_thread+0x5a0/0xf60 kernel/workqueue.c:2454
kthread+0x299/0x340 kernel/kthread.c:377
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INFO: task kworker/0:6:3965 blocked for more than 147 seconds.
Not tainted 5.16.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:6 state:D stack:26664 pid: 3965 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:4986 [inline]
__schedule+0x90d/0x2680 kernel/sched/core.c:6296
schedule+0xd2/0x260 kernel/sched/core.c:6369
schedule_timeout+0x19d/0x250 kernel/time/timer.c:1857
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x174/0x270 kernel/sched/completion.c:138
pn533_send_cmd_sync drivers/nfc/pn533/pn533.c:631 [inline]
pn533_get_firmware_version drivers/nfc/pn533/pn533.c:2519 [inline]
pn533_finalize_setup+0xec/0x130 drivers/nfc/pn533/pn533.c:2716
pn533_usb_probe+0x846/0xf00 drivers/nfc/pn533/usb.c:544
usb_probe_interface+0x274/0x6a0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x1c2/0xb60 drivers/base/dd.c:596
__driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
driver_probe_device+0x44/0x110 drivers/base/dd.c:782
__device_attach_driver+0x185/0x250 drivers/base/dd.c:899
bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
__device_attach+0x1db/0x410 drivers/base/dd.c:970
bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
device_add+0xa57/0x1b80 drivers/base/core.c:3405
usb_set_configuration+0xa66/0x18b0 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x74/0xa0 drivers/usb/core/generic.c:238
usb_probe_device+0x95/0x240 drivers/usb/core/driver.c:293
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x1c2/0xb60 drivers/base/dd.c:596
__driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752
driver_probe_device+0x44/0x110 drivers/base/dd.c:782
__device_attach_driver+0x185/0x250 drivers/base/dd.c:899
bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427
__device_attach+0x1db/0x410 drivers/base/dd.c:970
bus_probe_device+0x19d/0x250 drivers/base/bus.c:487
device_add+0xa57/0x1b80 drivers/base/core.c:3405
usb_new_device.cold+0x5cf/0xee8 drivers/usb/core/hub.c:2566
hub_port_connect drivers/usb/core/hub.c:5358 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
port_event drivers/usb/core/hub.c:5660 [inline]
hub_event+0x1ba2/0x3930 drivers/usb/core/hub.c:5742
process_one_work+0x879/0x1410 kernel/workqueue.c:2307
worker_thread+0x5a0/0xf60 kernel/workqueue.c:2454
kthread+0x299/0x340 kernel/kthread.c:377
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Showing all locks held in the system:
2 locks held by ksoftirqd/0/13:
1 lock held by khungtaskd/26:
#0: ffffffff8ad77ce0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6460
2 locks held by kworker/u4:3/90:
#0: ffff8880b9e39c18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:489 [inline]
#0: ffff8880b9e39c18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1318 [inline]
#0: ffff8880b9e39c18 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1616 [inline]
#0: ffff8880b9e39c18 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x236/0x2680 kernel/sched/core.c:6210
#1: ffffc90001a7fdc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work+0x7cb/0x1410 kernel/workqueue.c:2282
5 locks held by kworker/1:3/1137:
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:631 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:658 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x79e/0x1410 kernel/workqueue.c:2278
#1: ffffc90004e1fdc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7cb/0x1410 kernel/workqueue.c:2282
#2: ffff888147176220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#2: ffff888147176220 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3930 drivers/usb/core/hub.c:5688
#3: ffff8880777e9220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#3: ffff8880777e9220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x74/0x410 drivers/base/dd.c:945
#4: ffff8880779eb1a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#4: ffff8880779eb1a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x74/0x410 drivers/base/dd.c:945
5 locks held by kworker/0:3/2989:
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:631 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:658 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x79e/0x1410 kernel/workqueue.c:2278
#1: ffffc9000c2ffdc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7cb/0x1410 kernel/workqueue.c:2282
#2: ffff8881473f3220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#2: ffff8881473f3220 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3930 drivers/usb/core/hub.c:5688
#3: ffff88807bdff220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#3: ffff88807bdff220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x74/0x410 drivers/base/dd.c:945
#4: ffff88807d43a1a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#4: ffff88807d43a1a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x74/0x410 drivers/base/dd.c:945
2 locks held by getty/3315:
#0: ffff888022972098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:244
#1: ffffc900027632e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x9dd/0xed0 drivers/tty/n_tty.c:2077
5 locks held by kworker/0:4/3654:
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:631 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:658 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x79e/0x1410 kernel/workqueue.c:2278
#1: ffffc9000249fdc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7cb/0x1410 kernel/workqueue.c:2282
#2: ffff888147416220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#2: ffff888147416220 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3930 drivers/usb/core/hub.c:5688
#3: ffff888063d48220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#3: ffff888063d48220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x74/0x410 drivers/base/dd.c:945
#4: ffff8880113f71a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#4: ffff8880113f71a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x74/0x410 drivers/base/dd.c:945
5 locks held by kworker/1:5/3657:
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:631 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:658 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x79e/0x1410 kernel/workqueue.c:2278
#1: ffffc900024cfdc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7cb/0x1410 kernel/workqueue.c:2282
#2: ffff8881473c6220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#2: ffff8881473c6220 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3930 drivers/usb/core/hub.c:5688
#3: ffff888079732220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#3: ffff888079732220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x74/0x410 drivers/base/dd.c:945
#4: ffff888077b251a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#4: ffff888077b251a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x74/0x410 drivers/base/dd.c:945
5 locks held by kworker/1:6/3695:
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:631 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:658 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x79e/0x1410 kernel/workqueue.c:2278
#1: ffffc900026afdc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7cb/0x1410 kernel/workqueue.c:2282
#2: ffff888147413220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#2: ffff888147413220 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3930 drivers/usb/core/hub.c:5688
#3: ffff888079d5d220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#3: ffff888079d5d220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x74/0x410 drivers/base/dd.c:945
#4: ffff8880206251a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#4: ffff8880206251a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x74/0x410 drivers/base/dd.c:945
3 locks held by udevd/3716:
#0: ffff88801c274c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:203 [inline]
#0: ffff88801c274c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x550 fs/kernfs/file.c:242
#1: ffff888062c47bd0 (kn->active#56){.+.+}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:204 [inline]
#1: ffff888062c47bd0 (kn->active#56){.+.+}-{0:0}, at: kernfs_fop_read_iter+0x182/0x550 fs/kernfs/file.c:242
#2:
ffff888063d48220
(&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:772 [inline]
(&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873
3 locks held by udevd/3718:
#0: ffff88807a018c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:203 [inline]
#0: ffff88807a018c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x550 fs/kernfs/file.c:242
#1: ffff888071e4a008 (kn->active#56){.+.+}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:204 [inline]
#1: ffff888071e4a008 (kn->active#56){.+.+}-{0:0}, at: kernfs_fop_read_iter+0x182/0x550 fs/kernfs/file.c:242
#2: ffff88807bdff220 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:772 [inline]
#2: ffff88807bdff220 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873
3 locks held by udevd/3740:
#0: ffff888078299488 (&of->mutex){+.+.}-{3:3}, at: kernfs_file_read_iter fs/kernfs/file.c:203 [inline]
#0: ffff888078299488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_read_iter+0x15f/0x550 fs/kernfs/file.c:242
#1: ffff88807aa21cb8 (kn->active#56){.+.+}-{0:0}, at: kernfs_file_read_iter fs/kernfs/file.c:204 [inline]
#1: ffff88807aa21cb8 (kn->active#56){.+.+}-{0:0}, at: kernfs_fop_read_iter+0x182/0x550 fs/kernfs/file.c:242
#2: ffff8880777e9220 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:772 [inline]
#2: ffff8880777e9220 (&dev->mutex){....}-{3:3}, at: read_descriptors+0x36/0x310 drivers/usb/core/sysfs.c:873
5 locks held by kworker/0:6/3965:
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:631 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:658 [inline]
#0: ffff8881425d9538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x79e/0x1410 kernel/workqueue.c:2278
#1: ffffc9000252fdc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7cb/0x1410 kernel/workqueue.c:2282
#2: ffff88801d071220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#2: ffff88801d071220 (&dev->mutex){....}-{3:3}, at: hub_event+0x127/0x3930 drivers/usb/core/hub.c:5688
#3: ffff888075b56220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#3: ffff888075b56220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x74/0x410 drivers/base/dd.c:945
#4: ffff888014cdd1a8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:767 [inline]
#4: ffff888014cdd1a8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x74/0x410 drivers/base/dd.c:945
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 26 Comm: khungtaskd Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106
nmi_cpu_backtrace.cold+0x30/0xc0 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x11f/0x170 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:212 [inline]
watchdog+0x88c/0xbf0 kernel/hung_task.c:369
kthread+0x299/0x340 kernel/kthread.c:377
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 3966 Comm: kworker/0:7 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_power_efficient wg_ratelimiter_gc_entries
RIP: 0010:__lock_acquire+0xb67/0x5410 kernel/locking/lockdep.c:5022
Code: c8 4c 8b 64 24 78 44 8b bc 24 84 00 00 00 49 c7 c6 c8 ee a4 8c 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 0f b6 14 02 <4c> 89 f0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 36 00 00 8b
RSP: 0018:ffffc900024dfaa0 EFLAGS: 00000802
RAX: dffffc0000000000 RBX: 82f89626d8f450fa RCX: 0000000000000002
RDX: 0000000000000000 RSI: 000000002f896268 RDI: ffff8880747ce0d1
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8f0c7977
R10: fffffbfff1e18f2e R11: 0000000000000001 R12: ffff8880747ce0b0
R13: ffff8880747cd640 R14: ffffffff8ca4eec8 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000001c7f708 CR3: 0000000021471000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
lock_acquire kernel/locking/lockdep.c:5639 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5604
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
wg_ratelimiter_gc_entries+0x4a/0x370 drivers/net/wireguard/ratelimiter.c:63
process_one_work+0x879/0x1410 kernel/workqueue.c:2307
worker_thread+0x5a0/0xf60 kernel/workqueue.c:2454
kthread+0x299/0x340 kernel/kthread.c:377
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
----------------
Code disassembly (best guess):
0: c8 4c 8b 64 enterq $0x8b4c,$0x64
4: 24 78 and $0x78,%al
6: 44 8b bc 24 84 00 00 mov 0x84(%rsp),%r15d
d: 00
e: 49 c7 c6 c8 ee a4 8c mov $0xffffffff8ca4eec8,%r14
15: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
1c: fc ff df
1f: 4c 89 f2 mov %r14,%rdx
22: 48 c1 ea 03 shr $0x3,%rdx
26: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx
* 2a: 4c 89 f0 mov %r14,%rax <-- trapping instruction
2d: 83 e0 07 and $0x7,%eax
30: 83 c0 03 add $0x3,%eax
33: 38 d0 cmp %dl,%al
35: 7c 08 jl 0x3f
37: 84 d2 test %dl,%dl
39: 0f 85 11 36 00 00 jne 0x3650
3f: 8b .byte 0x8b