INFO: task kworker/0:0:9 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:0     state:R
 stack:22280 pid:9     tgid:9     ppid:2      task_flags:0x4208060 flags:0x00080000
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0xeb1/0x41f0 kernel/sched/core.c:6907
 __schedule_loop kernel/sched/core.c:6989 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7004
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
 rwsem_down_write_slowpath+0x530/0x1280 kernel/locking/rwsem.c:1185
 __down_write_common kernel/locking/rwsem.c:1317 [inline]
 __down_write kernel/locking/rwsem.c:1326 [inline]
 down_write+0x1c7/0x1f0 kernel/locking/rwsem.c:1591
 kernfs_add_one+0x38/0x850 fs/kernfs/dir.c:796
 kernfs_create_link+0x1a9/0x240 fs/kernfs/symlink.c:48
 sysfs_do_create_link_sd+0x90/0x140 fs/sysfs/symlink.c:44
 usb_remove_ep_devs+0x42/0x90 drivers/usb/core/endpoint.c:189
 remove_intf_ep_devs drivers/usb/core/message.c:1266 [inline]
 usb_disable_device+0x319/0x810 drivers/usb/core/message.c:1417
 usb_disconnect+0x2e2/0x9a0 drivers/usb/core/hub.c:2345
 hub_port_connect drivers/usb/core/hub.c:5407 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 port_event drivers/usb/core/hub.c:5871 [inline]
 hub_event+0x1d0c/0x4af0 drivers/usb/core/hub.c:5953
 process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275
 process_scheduled_works kernel/workqueue.c:3358 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3439
 kthread+0x370/0x450 kernel/kthread.c:467
 ret_from_fork+0x6c3/0xcb0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Showing all locks held in the system:
5 locks held by kworker/0:0/9:
 #0: 
ffff888102ac5148
 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
 #1: ffffc9000009fd18 ((work_completion)(&(({ do { const void __seg_gs *__vpp_verify = (typeof((&vmstat_work) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof_unqual__(*((&vmstat_work))) *)(( unsigned long)((&vmstat_work))))); (typeof((__typeof_unqual__(*((&vmstat_work))) *)(( unsigned long)((&vmstat_work))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); }))->work)
){+.+.}-{0:0}
, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
 #2: ffff8881f5627098 (&base->lock){-.-.}-{2:2}
, at: lock_timer_base+0x124/0x1d0 kernel/time/timer.c:1004
 #3: ffffffff940af928 (&obj_hash[i].lock
){-.-.}-{2:2}, at: debug_object_activate+0x144/0x490 lib/debugobjects.c:818
 #4: ffffffff896e05a0 (rcu_read_lock
){....}-{1:3}
, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
, at: class_rcu_constructor include/linux/rcupdate.h:1193 [inline]
, at: unwind_next_frame+0xbd/0x1ea0 arch/x86/kernel/unwind_orc.c:495
3 locks held by kworker/1:0/23:
3 locks held by kworker/1:1/28:
1 lock held by khungtaskd/30:
 #0: ffffffff896e05a0 (rcu_read_lock){....}-{1:3}
, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
, at: debug_show_all_locks+0x3d/0x184 kernel/locking/lockdep.c:6775
2 locks held by kworker/u8:3/46:
 #0: ffff8881000ac948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
 #1: ffffc90000517d18 ((work_completion)(&sub_info->work)){+.+.}-{0:0}
, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
5 locks held by kworker/u8:5/111:
 #0: ffff888101299148
 (
(wq_completion)netns){+.+.}-{0:0}
, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
 #1: ffffc90001667d18
 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
 #2: ffffffff8aae06b0 (pernet_ops_rwsem){++++}-{4:4}
, at: cleanup_net+0xb8/0x9e0 net/core/net_namespace.c:675
 #3: ffffffff8aaf8ca8
 (rtnl_mutex){+.+.}-{4:4}
, at: ops_exit_rtnl_list net/core/net_namespace.c:173 [inline]
, at: ops_undo_list+0x7ec/0xab0 net/core/net_namespace.c:248
 #4: ffffffff896ec1b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 kernel/rcu/tree_exp.h:343
1 lock held by udevd/2855:
 #0: ffff888101298188
 (&root->kernfs_rwsem){++++}-{4:4}
, at: kernfs_dop_revalidate+0xa5/0x740 fs/kernfs/dir.c:1185
2 locks held by getty/2918:
 #0: 
ffff8881131dd0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc900000432f0
 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 drivers/tty/n_tty.c:2211
2 locks held by udevd/5222:
 #0: ffff8881f5639620 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:647 [inline]
 #0: ffff8881f5639620 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1615 [inline]
 #0: ffff8881f5639620 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1946 [inline]
 #0: ffff8881f5639620 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x2ca/0x41f0 kernel/sched/core.c:6811
 #1: ffff888118d67558 (&ep->lock){....}-{3:3}, at: spin_lock_irq include/linux/spinlock.h:371 [inline]
 #1: ffff888118d67558 (&ep->lock){....}-{3:3}, at: ep_done_scan+0x2d/0x5a0 fs/eventpoll.c:755
3 locks held by kworker/0:6/5360:
 #0: ffff88810006b548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
 #1: ffffc9000336fd18 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
 #2: ffffffff896ec1b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 kernel/rcu/tree_exp.h:311
3 locks held by kworker/1:7/7503:
 #0: ffff888102ac5148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 kernel/workqueue.c:3250
 #1: ffffc90015657d18 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 kernel/workqueue.c:3251
 #2: ffff88810b781198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:895 [inline]
 #2: ffff88810b781198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1bd/0x4af0 drivers/usb/core/hub.c:5899
2 locks held by syz-executor/8073:
1 lock held by syz-executor/8079:
 #0: ffffffff8aaf8ca8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8aaf8ca8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/8081:
 #0: ffffffff8aaf8ca8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8aaf8ca8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/8083:
 #0: ffffffff8aaf8ca8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8aaf8ca8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x18b0 net/ipv4/devinet.c:978
2 locks held by syz-executor/8088:
1 lock held by syz-executor/8090:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 nmi_cpu_backtrace.cold+0x12d/0x151 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x1d7/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x141/0x190 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xd25/0x1050 kernel/hung_task.c:515
 kthread+0x370/0x450 kernel/kthread.c:467
 ret_from_fork+0x6c3/0xcb0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 8091 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:unwind_next_frame+0xbd4/0x1ea0 arch/x86/kernel/unwind_orc.c:656
Code: c0 49 c7 45 58 00 00 00 00 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 0f b6 34 10 49 8d 40 01 48 89 c7 48 c1 ef 03 0f b6 14 17 <4c> 89 c7 83 e7 07 40 38 fe 40 0f 9e c7 40 84 f6 40 0f 95 c6 40 84
RSP: 0000:ffffc900000079c0 EFLAGS: 00000a03
RAX: ffffffff8b52b7a7 RBX: 0000000000000001 RCX: ffffffff8b52b7a2
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 1ffffffff16a56f4
RBP: ffffc90000007a78 R08: ffffffff8b52b7a6 R09: 0000000000000007
R10: 0000000000000200 R11: 00000000000076f6 R12: ffffc90000007a80
R13: ffffc90000007a30 R14: ffffc9000337fbb0 R15: ffffc90000007a64
FS:  000055557b607500(0000) GS:ffff8882686d3000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbf46aa9a20 CR3: 0000000134258000 CR4: 00000000003506f0
Call Trace:
 <IRQ>
 arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x43/0x70 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2687 [inline]
 __rcu_free_sheaf_prepare+0x5d/0x290 mm/slub.c:2917
 rcu_free_sheaf+0x1a/0xd0 mm/slub.c:5770
 rcu_do_batch kernel/rcu/tree.c:2617 [inline]
 rcu_core+0x5a2/0x10d0 kernel/rcu/tree.c:2869
 handle_softirqs+0x1de/0x9d0 kernel/softirq.c:622
 do_softirq kernel/softirq.c:523 [inline]
 do_softirq+0xac/0xe0 kernel/softirq.c:510
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x120 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
 kernel_fpu_end arch/x86/kernel/fpu/core.c:506 [inline]
 kernel_fpu_end+0x64/0x80 arch/x86/kernel/fpu/core.c:499
 crc32c_arch lib/crc/x86/crc32.h:76 [inline]
 crc32c+0x2c4/0x350 lib/crc/crc32-main.c:86
 ext4_chksum fs/ext4/ext4.h:2551 [inline]
 ext4_dirblock_csum fs/ext4/namei.c:352 [inline]
 ext4_dirblock_csum_set fs/ext4/namei.c:400 [inline]
 ext4_handle_dirty_dirblock+0x161/0x240 fs/ext4/namei.c:408
 ext4_init_new_dir+0x196/0x240 fs/ext4/namei.c:2982
 ext4_mkdir+0x316/0xb80 fs/ext4/namei.c:3015
 vfs_mkdir+0x361/0x850 fs/namei.c:5233
 filename_mkdirat+0x136/0x450 fs/namei.c:5266
 __do_sys_mkdir fs/namei.c:5293 [inline]
 __se_sys_mkdir fs/namei.c:5290 [inline]
 __x64_sys_mkdir+0x6b/0x90 fs/namei.c:5290
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0x7b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbf46aa9a27
Code: 94 c0 48 8b 54 24 48 64 48 2b 14 25 28 00 00 00 75 08 0f b6 c0 48 83 c4 58 c3 e8 44 51 fd ff 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd40cf3c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00007ffd40cf3d62 RCX: 00007fbf46aa9a27
RDX: 0000000010547498 RSI: 00000000000001c0 RDI: 00007ffd40cf3d50
RBP: 8421084210842109 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000010547498
R13: 00007ffd40cf3d62 R14: 0000000000000004 R15: 00007fbf46b38480
 </TASK>