Extracting prog: 17m31.512353426s
Minimizing prog: 50m46.651454747s
Simplifying prog options: 0s
Extracting C: 4m36.358765382s
Simplifying C: 35m0.309286846s
extracting reproducer from 78 programs
testing a last program of every proc
single: executing 29 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-setsockopt$SO_ATTACH_FILTER-syz_usb_connect$uac1
detailed listing:
executing program 0:
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)={0x5, &(0x7f0000000140)=[{0xa9, 0x1, 0x0, 0x7f}, {0x1ff, 0x0, 0x2, 0x1459}, {0x400, 0x3, 0xc5, 0x3}, {0x1ff, 0x5c, 0x17, 0xa1b}, {0xd02, 0x5a, 0xb, 0x7}]}, 0xe)
syz_usb_connect$uac1(0x2, 0xa5, &(0x7f0000000000)=ANY=[@ANYBLOB="12015002000000206b1d010140000102030109029300030100000a2401fffe0202010207530506032f5c0924050602b9eb00be090401000001020000f50301010198bbe1b7b47bea3f0a00000e2402010502ff001ead41569410090501140004010702072501030901000904020000010200000904020101010200000824028a000000070724010107011009058209080002508107250183050400"], &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0})
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$IPCTNL_MSG_CT_DELETE-io_uring_setup-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-eventfd2-ioctl$KVM_IOEVENTFD-close_range
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x20, 0x2, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_ZONE={0x6}, @CTA_TUPLE_ORIG={0x4}]}, 0x20}}, 0x0)
r1 = io_uring_setup(0x1895, &(0x7f00000002c0))
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
r4 = eventfd2(0x5, 0x0)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000200)={0x2, 0x0, 0x4, r4, 0xd})
close_range(r1, 0xffffffffffffffff, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE-accept4$packet-getpeername$packet-socket$inet6-setsockopt$inet6_int-bpf$MAP_CREATE-syz_usb_connect
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0xa, 0x5}, 0x0)
r1 = accept4$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14, 0x0)
getpeername$packet(r1, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x17, &(0x7f0000000000)=0xb, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_usb_connect(0x0, 0xc23, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000bcc38110050b91175704010203010902110c04fd00000009049d04057e4f3b080824060000468c120524007f000d240f01a40000000008f6150505241503000a24070805000200050006240600009205240002000d240f010800000000000004fd0524010004072414b80607000c241b060000000602ff7f0397241309ebfbc8a5ceb8e4440105a21c6da2920dfaed363d5291381d818a6a02f02972921fd5d1c5d696265ed6e193ae0e9fefff021d83191bec527571e36080f9d9a14d99a769dba779c88541dce68c266b9643eb14f129b4fb9aa68b24f6f6a8cd18e3bbe00a0c2a0b786bf33749521b633cc1a22ca203091f5f3284859539786af97428a8b3222ebea899f74c16822a0d59329a518309058b1f2000040820072501800001010905071000020407a307250102fa0700f611a15112d5db9111bca3e1876f8f2b36053f50531982fe0926db2f674b2d567146594690ae05ecc9195aeac3c127ab94c2a961df0c2538e5493482e5a26fe70ebbaa28e019d07cc0ededf506f37b734a31f1db7a9bf13f162b96f5123531e6586f9a30f53ba96c97d644b9b5462fc5b6745858b2e2e932d1ee5f8c5b2ce8ccd086006960c37ea6ce01454a1d6b08effdd34db9e3ad0d66e611cfd653aefc90eb52c607d5c8306709d98a5663e7f8a6cf5f67a3b68c9e92408fa1de0d95662ba0690d0b93eb0493b7899989c16efd3960f37153e0d124010f15df7b4baa6ea2666f44c212ccbdd89f67a14f08a7374746026a1f0ade09050d400800b80b03310248d4c4e81350d1fa5bbce7829076c9589882f0706e31550f367cbdd00d1a608ddf2ec93da1bc96981d5eb67003cabf090504000002f902200725018205070009050d8508000600080904d5090e0e0100f2112402010202"], 0x0)
program crashed: INFO: task hung in r871xu_dev_remove
single: successfully extracted reproducer
found reproducer with 8 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE-accept4$packet-getpeername$packet-socket$inet6-setsockopt$inet6_int-bpf$MAP_CREATE
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0xa, 0x5}, 0x0)
r1 = accept4$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14, 0x0)
getpeername$packet(r1, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x17, &(0x7f0000000000)=0xb, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE-accept4$packet-getpeername$packet-socket$inet6-setsockopt$inet6_int-syz_usb_connect
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0xa, 0x5}, 0x0)
r1 = accept4$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14, 0x0)
getpeername$packet(r1, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x17, &(0x7f0000000000)=0xb, 0x4)
syz_usb_connect(0x0, 0xc23, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000bcc38110050b91175704010203010902110c04fd00000009049d04057e4f3b080824060000468c120524007f000d240f01a40000000008f6150505241503000a24070805000200050006240600009205240002000d240f010800000000000004fd0524010004072414b80607000c241b060000000602ff7f0397241309ebfbc8a5ceb8e4440105a21c6da2920dfaed363d5291381d818a6a02f02972921fd5d1c5d696265ed6e193ae0e9fefff021d83191bec527571e36080f9d9a14d99a769dba779c88541dce68c266b9643eb14f129b4fb9aa68b24f6f6a8cd18e3bbe00a0c2a0b786bf33749521b633cc1a22ca203091f5f3284859539786af97428a8b3222ebea899f74c16822a0d59329a518309058b1f2000040820072501800001010905071000020407a307250102fa0700f611a15112d5db9111bca3e1876f8f2b36053f50531982fe0926db2f674b2d567146594690ae05ecc9195aeac3c127ab94c2a961df0c2538e5493482e5a26fe70ebbaa28e019d07cc0ededf506f37b734a31f1db7a9bf13f162b96f5123531e6586f9a30f53ba96c97d644b9b5462fc5b6745858b2e2e932d1ee5f8c5b2ce8ccd086006960c37ea6ce01454a1d6b08effdd34db9e3ad0d66e611cfd653aefc90eb52c607d5c8306709d98a5663e7f8a6cf5f67a3b68c9e92408fa1de0d95662ba0690d0b93eb0493b7899989c16efd3960f37153e0d124010f15df7b4baa6ea2666f44c212ccbdd89f67a14f08a7374746026a1f0ade09050d400800b80b03310248d4c4e81350d1fa5bbce7829076c9589882f0706e31550f367cbdd00d1a608ddf2ec93da1bc96981d5eb67003cabf090504000002f902200725018205070009050d8508000600080904d5090e0e0100f2112402010202"], 0x0)
program crashed: INFO: task hung in r871xu_dev_remove
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE-accept4$packet-getpeername$packet-socket$inet6-syz_usb_connect
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0xa, 0x5}, 0x0)
r1 = accept4$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14, 0x0)
getpeername$packet(r1, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
socket$inet6(0xa, 0x2, 0x0)
syz_usb_connect(0x0, 0xc23, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000bcc38110050b91175704010203010902110c04fd00000009049d04057e4f3b080824060000468c120524007f000d240f01a40000000008f6150505241503000a24070805000200050006240600009205240002000d240f010800000000000004fd0524010004072414b80607000c241b060000000602ff7f0397241309ebfbc8a5ceb8e4440105a21c6da2920dfaed363d5291381d818a6a02f02972921fd5d1c5d696265ed6e193ae0e9fefff021d83191bec527571e36080f9d9a14d99a769dba779c88541dce68c266b9643eb14f129b4fb9aa68b24f6f6a8cd18e3bbe00a0c2a0b786bf33749521b633cc1a22ca203091f5f3284859539786af97428a8b3222ebea899f74c16822a0d59329a518309058b1f2000040820072501800001010905071000020407a307250102fa0700f611a15112d5db9111bca3e1876f8f2b36053f50531982fe0926db2f674b2d567146594690ae05ecc9195aeac3c127ab94c2a961df0c2538e5493482e5a26fe70ebbaa28e019d07cc0ededf506f37b734a31f1db7a9bf13f162b96f5123531e6586f9a30f53ba96c97d644b9b5462fc5b6745858b2e2e932d1ee5f8c5b2ce8ccd086006960c37ea6ce01454a1d6b08effdd34db9e3ad0d66e611cfd653aefc90eb52c607d5c8306709d98a5663e7f8a6cf5f67a3b68c9e92408fa1de0d95662ba0690d0b93eb0493b7899989c16efd3960f37153e0d124010f15df7b4baa6ea2666f44c212ccbdd89f67a14f08a7374746026a1f0ade09050d400800b80b03310248d4c4e81350d1fa5bbce7829076c9589882f0706e31550f367cbdd00d1a608ddf2ec93da1bc96981d5eb67003cabf090504000002f902200725018205070009050d8508000600080904d5090e0e0100f2112402010202"], 0x0)
program crashed: INFO: task hung in r871xu_dev_remove
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE-accept4$packet-getpeername$packet-syz_usb_connect
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0xa, 0x5}, 0x0)
r1 = accept4$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14, 0x0)
getpeername$packet(r1, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
syz_usb_connect(0x0, 0xc23, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000bcc38110050b91175704010203010902110c04fd00000009049d04057e4f3b080824060000468c120524007f000d240f01a40000000008f6150505241503000a24070805000200050006240600009205240002000d240f010800000000000004fd0524010004072414b80607000c241b060000000602ff7f0397241309ebfbc8a5ceb8e4440105a21c6da2920dfaed363d5291381d818a6a02f02972921fd5d1c5d696265ed6e193ae0e9fefff021d83191bec527571e36080f9d9a14d99a769dba779c88541dce68c266b9643eb14f129b4fb9aa68b24f6f6a8cd18e3bbe00a0c2a0b786bf33749521b633cc1a22ca203091f5f3284859539786af97428a8b3222ebea899f74c16822a0d59329a518309058b1f2000040820072501800001010905071000020407a307250102fa0700f611a15112d5db9111bca3e1876f8f2b36053f50531982fe0926db2f674b2d567146594690ae05ecc9195aeac3c127ab94c2a961df0c2538e5493482e5a26fe70ebbaa28e019d07cc0ededf506f37b734a31f1db7a9bf13f162b96f5123531e6586f9a30f53ba96c97d644b9b5462fc5b6745858b2e2e932d1ee5f8c5b2ce8ccd086006960c37ea6ce01454a1d6b08effdd34db9e3ad0d66e611cfd653aefc90eb52c607d5c8306709d98a5663e7f8a6cf5f67a3b68c9e92408fa1de0d95662ba0690d0b93eb0493b7899989c16efd3960f37153e0d124010f15df7b4baa6ea2666f44c212ccbdd89f67a14f08a7374746026a1f0ade09050d400800b80b03310248d4c4e81350d1fa5bbce7829076c9589882f0706e31550f367cbdd00d1a608ddf2ec93da1bc96981d5eb67003cabf090504000002f902200725018205070009050d8508000600080904d5090e0e0100f2112402010202"], 0x0)
program crashed: INFO: task hung in addrconf_dad_work
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE-accept4$packet-syz_usb_connect
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0xa, 0x5}, 0x0)
accept4$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14, 0x0)
syz_usb_connect(0x0, 0xc23, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000bcc38110050b91175704010203010902110c04fd00000009049d04057e4f3b080824060000468c120524007f000d240f01a40000000008f6150505241503000a24070805000200050006240600009205240002000d240f010800000000000004fd0524010004072414b80607000c241b060000000602ff7f0397241309ebfbc8a5ceb8e4440105a21c6da2920dfaed363d5291381d818a6a02f02972921fd5d1c5d696265ed6e193ae0e9fefff021d83191bec527571e36080f9d9a14d99a769dba779c88541dce68c266b9643eb14f129b4fb9aa68b24f6f6a8cd18e3bbe00a0c2a0b786bf33749521b633cc1a22ca203091f5f3284859539786af97428a8b3222ebea899f74c16822a0d59329a518309058b1f2000040820072501800001010905071000020407a307250102fa0700f611a15112d5db9111bca3e1876f8f2b36053f50531982fe0926db2f674b2d567146594690ae05ecc9195aeac3c127ab94c2a961df0c2538e5493482e5a26fe70ebbaa28e019d07cc0ededf506f37b734a31f1db7a9bf13f162b96f5123531e6586f9a30f53ba96c97d644b9b5462fc5b6745858b2e2e932d1ee5f8c5b2ce8ccd086006960c37ea6ce01454a1d6b08effdd34db9e3ad0d66e611cfd653aefc90eb52c607d5c8306709d98a5663e7f8a6cf5f67a3b68c9e92408fa1de0d95662ba0690d0b93eb0493b7899989c16efd3960f37153e0d124010f15df7b4baa6ea2666f44c212ccbdd89f67a14f08a7374746026a1f0ade09050d400800b80b03310248d4c4e81350d1fa5bbce7829076c9589882f0706e31550f367cbdd00d1a608ddf2ec93da1bc96981d5eb67003cabf090504000002f902200725018205070009050d8508000600080904d5090e0e0100f2112402010202"], 0x0)
program crashed: INFO: task hung in r871xu_dev_remove
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE-syz_usb_connect
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0xa, 0x5}, 0x0)
syz_usb_connect(0x0, 0xc23, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000bcc38110050b91175704010203010902110c04fd00000009049d04057e4f3b080824060000468c120524007f000d240f01a40000000008f6150505241503000a24070805000200050006240600009205240002000d240f010800000000000004fd0524010004072414b80607000c241b060000000602ff7f0397241309ebfbc8a5ceb8e4440105a21c6da2920dfaed363d5291381d818a6a02f02972921fd5d1c5d696265ed6e193ae0e9fefff021d83191bec527571e36080f9d9a14d99a769dba779c88541dce68c266b9643eb14f129b4fb9aa68b24f6f6a8cd18e3bbe00a0c2a0b786bf33749521b633cc1a22ca203091f5f3284859539786af97428a8b3222ebea899f74c16822a0d59329a518309058b1f2000040820072501800001010905071000020407a307250102fa0700f611a15112d5db9111bca3e1876f8f2b36053f50531982fe0926db2f674b2d567146594690ae05ecc9195aeac3c127ab94c2a961df0c2538e5493482e5a26fe70ebbaa28e019d07cc0ededf506f37b734a31f1db7a9bf13f162b96f5123531e6586f9a30f53ba96c97d644b9b5462fc5b6745858b2e2e932d1ee5f8c5b2ce8ccd086006960c37ea6ce01454a1d6b08effdd34db9e3ad0d66e611cfd653aefc90eb52c607d5c8306709d98a5663e7f8a6cf5f67a3b68c9e92408fa1de0d95662ba0690d0b93eb0493b7899989c16efd3960f37153e0d124010f15df7b4baa6ea2666f44c212ccbdd89f67a14f08a7374746026a1f0ade09050d400800b80b03310248d4c4e81350d1fa5bbce7829076c9589882f0706e31550f367cbdd00d1a608ddf2ec93da1bc96981d5eb67003cabf090504000002f902200725018205070009050d8508000600080904d5090e0e0100f2112402010202"], 0x0)
program crashed: INFO: task hung in r871xu_dev_remove
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-syz_usb_connect
detailed listing:
executing program 0:
socket$inet6_sctp(0xa, 0x0, 0x84)
syz_usb_connect(0x0, 0xc23, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000bcc38110050b91175704010203010902110c04fd00000009049d04057e4f3b080824060000468c120524007f000d240f01a40000000008f6150505241503000a24070805000200050006240600009205240002000d240f010800000000000004fd0524010004072414b80607000c241b060000000602ff7f0397241309ebfbc8a5ceb8e4440105a21c6da2920dfaed363d5291381d818a6a02f02972921fd5d1c5d696265ed6e193ae0e9fefff021d83191bec527571e36080f9d9a14d99a769dba779c88541dce68c266b9643eb14f129b4fb9aa68b24f6f6a8cd18e3bbe00a0c2a0b786bf33749521b633cc1a22ca203091f5f3284859539786af97428a8b3222ebea899f74c16822a0d59329a518309058b1f2000040820072501800001010905071000020407a307250102fa0700f611a15112d5db9111bca3e1876f8f2b36053f50531982fe0926db2f674b2d567146594690ae05ecc9195aeac3c127ab94c2a961df0c2538e5493482e5a26fe70ebbaa28e019d07cc0ededf506f37b734a31f1db7a9bf13f162b96f5123531e6586f9a30f53ba96c97d644b9b5462fc5b6745858b2e2e932d1ee5f8c5b2ce8ccd086006960c37ea6ce01454a1d6b08effdd34db9e3ad0d66e611cfd653aefc90eb52c607d5c8306709d98a5663e7f8a6cf5f67a3b68c9e92408fa1de0d95662ba0690d0b93eb0493b7899989c16efd3960f37153e0d124010f15df7b4baa6ea2666f44c212ccbdd89f67a14f08a7374746026a1f0ade09050d400800b80b03310248d4c4e81350d1fa5bbce7829076c9589882f0706e31550f367cbdd00d1a608ddf2ec93da1bc96981d5eb67003cabf090504000002f902200725018205070009050d8508000600080904d5090e0e0100f2112402010202"], 0x0)
program crashed: INFO: task hung in r871xu_dev_remove
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0xc23, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000bcc38110050b91175704010203010902110c04fd00000009049d04057e4f3b080824060000468c120524007f000d240f01a40000000008f6150505241503000a24070805000200050006240600009205240002000d240f010800000000000004fd0524010004072414b80607000c241b060000000602ff7f0397241309ebfbc8a5ceb8e4440105a21c6da2920dfaed363d5291381d818a6a02f02972921fd5d1c5d696265ed6e193ae0e9fefff021d83191bec527571e36080f9d9a14d99a769dba779c88541dce68c266b9643eb14f129b4fb9aa68b24f6f6a8cd18e3bbe00a0c2a0b786bf33749521b633cc1a22ca203091f5f3284859539786af97428a8b3222ebea899f74c16822a0d59329a518309058b1f2000040820072501800001010905071000020407a307250102fa0700f611a15112d5db9111bca3e1876f8f2b36053f50531982fe0926db2f674b2d567146594690ae05ecc9195aeac3c127ab94c2a961df0c2538e5493482e5a26fe70ebbaa28e019d07cc0ededf506f37b734a31f1db7a9bf13f162b96f5123531e6586f9a30f53ba96c97d644b9b5462fc5b6745858b2e2e932d1ee5f8c5b2ce8ccd086006960c37ea6ce01454a1d6b08effdd34db9e3ad0d66e611cfd653aefc90eb52c607d5c8306709d98a5663e7f8a6cf5f67a3b68c9e92408fa1de0d95662ba0690d0b93eb0493b7899989c16efd3960f37153e0d124010f15df7b4baa6ea2666f44c212ccbdd89f67a14f08a7374746026a1f0ade09050d400800b80b03310248d4c4e81350d1fa5bbce7829076c9589882f0706e31550f367cbdd00d1a608ddf2ec93da1bc96981d5eb67003cabf090504000002f902200725018205070009050d8508000600080904d5090e0e0100f2112402010202"], 0x0)
program crashed: INFO: task hung in r871xu_dev_remove
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0xc23, 0x0, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0xc23, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)
program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: INFO: task hung in r871xu_dev_remove
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: INFO: task hung in r871xu_dev_remove
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: INFO: task hung in r871xu_dev_remove
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: INFO: task hung in r871xu_dev_remove
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: INFO: task hung in r871xu_dev_remove
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: INFO: task hung in r871xu_dev_remove
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: INFO: task hung in r871xu_dev_remove
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: INFO: task hung in r871xu_dev_remove
reproducing took 1h47m54.83187838s
repro crashed as (corrupted=false):
INFO: task kworker/0:0:8 blocked for more than 143 seconds.
Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:0 state:D stack:20576 pid:8 tgid:8 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5328 [inline]
__schedule+0x18af/0x4bd0 kernel/sched/core.c:6690
__schedule_loop kernel/sched/core.c:6767 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6782
schedule_timeout+0xb0/0x310 kernel/time/timer.c:2591
do_wait_for_common kernel/sched/completion.c:95 [inline]
__wait_for_common kernel/sched/completion.c:116 [inline]
wait_for_common kernel/sched/completion.c:127 [inline]
wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
r871xu_dev_remove+0x72/0x450 drivers/staging/rtl8712/usb_intf.c:594
usb_unbind_interface+0x25e/0x940 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x503/0x7c0 drivers/base/dd.c:1296
bus_remove_device+0x34f/0x420 drivers/base/bus.c:576
device_del+0x57a/0x9b0 drivers/base/core.c:3864
usb_disable_device+0x3bf/0x850 drivers/usb/core/message.c:1418
usb_disconnect+0x340/0x950 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1ebc/0x5150 drivers/usb/core/hub.c:5903
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:0:25 blocked for more than 143 seconds.
Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:0 state:D stack:22256 pid:25 tgid:25 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5328 [inline]
__schedule+0x18af/0x4bd0 kernel/sched/core.c:6690
__schedule_loop kernel/sched/core.c:6767 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6782
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6839
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752
unregister_netdev+0x12/0x30 net/core/dev.c:11482
r871xu_dev_remove+0xae/0x450 drivers/staging/rtl8712/usb_intf.c:596
usb_unbind_interface+0x25e/0x940 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x503/0x7c0 drivers/base/dd.c:1296
bus_remove_device+0x34f/0x420 drivers/base/bus.c:576
device_del+0x57a/0x9b0 drivers/base/core.c:3864
usb_disable_device+0x3bf/0x850 drivers/usb/core/message.c:1418
usb_disconnect+0x340/0x950 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1ebc/0x5150 drivers/usb/core/hub.c:5903
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:1:46 blocked for more than 143 seconds.
Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:1 state:D stack:20832 pid:46 tgid:46 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5328 [inline]
__schedule+0x18af/0x4bd0 kernel/sched/core.c:6690
__schedule_loop kernel/sched/core.c:6767 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6782
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6839
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752
unregister_netdev+0x12/0x30 net/core/dev.c:11482
r871xu_dev_remove+0xae/0x450 drivers/staging/rtl8712/usb_intf.c:596
usb_unbind_interface+0x25e/0x940 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x503/0x7c0 drivers/base/dd.c:1296
bus_remove_device+0x34f/0x420 drivers/base/bus.c:576
device_del+0x57a/0x9b0 drivers/base/core.c:3864
usb_disable_device+0x3bf/0x850 drivers/usb/core/message.c:1418
usb_disconnect+0x340/0x950 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1ebc/0x5150 drivers/usb/core/hub.c:5903
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/0:2:969 blocked for more than 144 seconds.
Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:2 state:D stack:20512 pid:969 tgid:969 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5328 [inline]
__schedule+0x18af/0x4bd0 kernel/sched/core.c:6690
__schedule_loop kernel/sched/core.c:6767 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6782
schedule_timeout+0xb0/0x310 kernel/time/timer.c:2591
do_wait_for_common kernel/sched/completion.c:95 [inline]
__wait_for_common kernel/sched/completion.c:116 [inline]
wait_for_common kernel/sched/completion.c:127 [inline]
wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
r871xu_dev_remove+0x72/0x450 drivers/staging/rtl8712/usb_intf.c:594
usb_unbind_interface+0x25e/0x940 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x503/0x7c0 drivers/base/dd.c:1296
bus_remove_device+0x34f/0x420 drivers/base/bus.c:576
device_del+0x57a/0x9b0 drivers/base/core.c:3864
usb_disable_device+0x3bf/0x850 drivers/usb/core/message.c:1418
usb_disconnect+0x340/0x950 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1ebc/0x5150 drivers/usb/core/hub.c:5903
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:2:3069 blocked for more than 144 seconds.
Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:2 state:D stack:21232 pid:3069 tgid:3069 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5328 [inline]
__schedule+0x18af/0x4bd0 kernel/sched/core.c:6690
__schedule_loop kernel/sched/core.c:6767 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6782
schedule_timeout+0xb0/0x310 kernel/time/timer.c:2591
do_wait_for_common kernel/sched/completion.c:95 [inline]
__wait_for_common kernel/sched/completion.c:116 [inline]
wait_for_common kernel/sched/completion.c:127 [inline]
wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
r871xu_dev_remove+0x72/0x450 drivers/staging/rtl8712/usb_intf.c:594
usb_unbind_interface+0x25e/0x940 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x503/0x7c0 drivers/base/dd.c:1296
bus_remove_device+0x34f/0x420 drivers/base/bus.c:576
device_del+0x57a/0x9b0 drivers/base/core.c:3864
usb_disable_device+0x3bf/0x850 drivers/usb/core/message.c:1418
usb_disconnect+0x340/0x950 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1ebc/0x5150 drivers/usb/core/hub.c:5903
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:8:5977 blocked for more than 144 seconds.
Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:8 state:D stack:27736 pid:5977 tgid:5977 ppid:2 flags:0x00004000
Workqueue: events_power_efficient crda_timeout_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5328 [inline]
__schedule+0x18af/0x4bd0 kernel/sched/core.c:6690
__schedule_loop kernel/sched/core.c:6767 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6782
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6839
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752
crda_timeout_work+0x15/0x50 net/wireless/reg.c:540
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Showing all locks held in the system:
5 locks held by kworker/0:0/8:
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc900000d7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc900000d7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff888145321190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888145321190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 drivers/usb/core/hub.c:5849
#3: ffff88807b7f3190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff88807b7f3190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 drivers/usb/core/hub.c:2295
#4: ffff88807cf22160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88807cf22160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff88807cf22160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1293
3 locks held by kworker/0:1/9:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc900000e7d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc900000e7d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
6 locks held by kworker/1:0/25:
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc900001f7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc900001f7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff888145309190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888145309190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 drivers/usb/core/hub.c:5849
#3: ffff8880725df190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff8880725df190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 drivers/usb/core/hub.c:2295
#4: ffff8880717f3160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff8880717f3160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff8880717f3160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1293
#5: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: unregister_netdev+0x12/0x30 net/core/dev.c:11482
1 lock held by khungtaskd/30:
#0: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6720
6 locks held by kworker/1:1/46:
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90000b67d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90000b67d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff8881453b1190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff8881453b1190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 drivers/usb/core/hub.c:5849
#3: ffff8880725d9190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff8880725d9190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 drivers/usb/core/hub.c:2295
#4: ffff88807968e160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88807968e160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff88807968e160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1293
#5: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: unregister_netdev+0x12/0x30 net/core/dev.c:11482
3 locks held by kworker/u8:3/52:
#0: ffff88814cacd148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88814cacd148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90000bd7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90000bd7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4736
5 locks held by kworker/0:2/969:
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc900039d7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc900039d7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff8881453b9190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff8881453b9190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 drivers/usb/core/hub.c:5849
#3: ffff88807b7f2190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff88807b7f2190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 drivers/usb/core/hub.c:2295
#4: ffff88807b7f7160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88807b7f7160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff88807b7f7160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1293
5 locks held by kworker/1:2/3069:
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc9000b967d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc9000b967d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff8881453d1190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff8881453d1190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 drivers/usb/core/hub.c:5849
#3: ffff8881446a7190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff8881446a7190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 drivers/usb/core/hub.c:2295
#4: ffff88807cf25160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88807cf25160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff88807cf25160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1293
2 locks held by dhcpcd/5511:
#0: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1aa0 net/ipv4/devinet.c:1112
#1: ffff88807b39ce28 (&padapter->mutex_start){+.+.}-{3:3}, at: netdev_open+0x3c/0x780 drivers/staging/rtl8712/os_intfs.c:392
2 locks held by getty/5598:
#0: ffff888034be20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 drivers/tty/n_tty.c:2211
3 locks held by kworker/1:3/5849:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003e37d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003e37d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
3 locks held by kworker/0:3/5852:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003e57d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003e57d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
4 locks held by udevd/5854:
#0: ffff8880329ae418 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb4/0xd70 fs/seq_file.c:182
#1: ffff88802a334888 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0 fs/kernfs/file.c:154
#2: ffff888074a3a788 (kn->active#27){++++}-{0:0}, at: kernfs_seq_start+0x72/0x3b0 fs/kernfs/file.c:155
#3: ffff8880725d9190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:1019 [inline]
#3: ffff8880725d9190 (&dev->mutex){....}-{3:3}, at: manufacturer_show+0x26/0xa0 drivers/usb/core/sysfs.c:142
3 locks held by kworker/1:4/5855:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003e77d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003e77d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
4 locks held by udevd/5866:
#0: ffff8880118c0c30 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb4/0xd70 fs/seq_file.c:182
#1: ffff88801bb2a888 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0 fs/kernfs/file.c:154
#2: ffff888032fbab48 (kn->active#27){++++}-{0:0}, at: kernfs_seq_start+0x72/0x3b0 fs/kernfs/file.c:155
#3: ffff8880725df190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:1019 [inline]
#3: ffff8880725df190 (&dev->mutex){....}-{3:3}, at: manufacturer_show+0x26/0xa0 drivers/usb/core/sysfs.c:142
3 locks held by kworker/1:5/5872:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003e17d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003e17d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
3 locks held by kworker/0:4/5912:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003f7fd00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003f7fd00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
3 locks held by kworker/1:6/5969:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003f6fd00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003f6fd00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
3 locks held by kworker/0:6/5974:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90004237d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90004237d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
3 locks held by kworker/1:8/5977:
#0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90004327d00 ((crda_timeout).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90004327d00 ((crda_timeout).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: crda_timeout_work+0x15/0x50 net/wireless/reg.c:540
3 locks held by kworker/1:9/5978:
#0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90004337d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90004337d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 net/wireless/reg.c:2480
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xff4/0x1040 kernel/hung_task.c:379
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 3592 Comm: kworker/u8:11 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:csd_lock_wait kernel/smp.c:340 [inline]
RIP: 0010:smp_call_function_many_cond+0x19f3/0x2ca0 kernel/smp.c:884
Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 96 f3 0b 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 41 ef 0b 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 25 ef
RSP: 0018:ffffc9000c5176e0 EFLAGS: 00000293
RAX: ffffffff8188fb4b RBX: 1ffff110170c8ca1 RCX: ffff888031f4bc00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc9000c5178e0 R08: ffffffff8188fb1a R09: 1ffffffff2859900
R10: dffffc0000000000 R11: fffffbfff2859901 R12: dffffc0000000000
R13: ffff8880b8646508 R14: ffff8880b873fc80 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcef2511c00 CR3: 000000000e734000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1051
text_poke_bp_batch+0x9ef/0xb30
text_poke_flush arch/x86/kernel/alternative.c:2486 [inline]
text_poke_finish+0x30/0x50 arch/x86/kernel/alternative.c:2493
arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
static_key_enable_cpuslocked+0x136/0x260 kernel/jump_label.c:210
static_key_enable+0x1a/0x20 kernel/jump_label.c:223
toggle_allocation_gate+0xbc/0x260 mm/kfence/core.c:849
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.282 msecs
final repro crashed as (corrupted=false):
INFO: task kworker/0:0:8 blocked for more than 143 seconds.
Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:0 state:D stack:20576 pid:8 tgid:8 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5328 [inline]
__schedule+0x18af/0x4bd0 kernel/sched/core.c:6690
__schedule_loop kernel/sched/core.c:6767 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6782
schedule_timeout+0xb0/0x310 kernel/time/timer.c:2591
do_wait_for_common kernel/sched/completion.c:95 [inline]
__wait_for_common kernel/sched/completion.c:116 [inline]
wait_for_common kernel/sched/completion.c:127 [inline]
wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
r871xu_dev_remove+0x72/0x450 drivers/staging/rtl8712/usb_intf.c:594
usb_unbind_interface+0x25e/0x940 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x503/0x7c0 drivers/base/dd.c:1296
bus_remove_device+0x34f/0x420 drivers/base/bus.c:576
device_del+0x57a/0x9b0 drivers/base/core.c:3864
usb_disable_device+0x3bf/0x850 drivers/usb/core/message.c:1418
usb_disconnect+0x340/0x950 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1ebc/0x5150 drivers/usb/core/hub.c:5903
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:0:25 blocked for more than 143 seconds.
Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:0 state:D stack:22256 pid:25 tgid:25 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5328 [inline]
__schedule+0x18af/0x4bd0 kernel/sched/core.c:6690
__schedule_loop kernel/sched/core.c:6767 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6782
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6839
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752
unregister_netdev+0x12/0x30 net/core/dev.c:11482
r871xu_dev_remove+0xae/0x450 drivers/staging/rtl8712/usb_intf.c:596
usb_unbind_interface+0x25e/0x940 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x503/0x7c0 drivers/base/dd.c:1296
bus_remove_device+0x34f/0x420 drivers/base/bus.c:576
device_del+0x57a/0x9b0 drivers/base/core.c:3864
usb_disable_device+0x3bf/0x850 drivers/usb/core/message.c:1418
usb_disconnect+0x340/0x950 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1ebc/0x5150 drivers/usb/core/hub.c:5903
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:1:46 blocked for more than 143 seconds.
Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:1 state:D stack:20832 pid:46 tgid:46 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5328 [inline]
__schedule+0x18af/0x4bd0 kernel/sched/core.c:6690
__schedule_loop kernel/sched/core.c:6767 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6782
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6839
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752
unregister_netdev+0x12/0x30 net/core/dev.c:11482
r871xu_dev_remove+0xae/0x450 drivers/staging/rtl8712/usb_intf.c:596
usb_unbind_interface+0x25e/0x940 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x503/0x7c0 drivers/base/dd.c:1296
bus_remove_device+0x34f/0x420 drivers/base/bus.c:576
device_del+0x57a/0x9b0 drivers/base/core.c:3864
usb_disable_device+0x3bf/0x850 drivers/usb/core/message.c:1418
usb_disconnect+0x340/0x950 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1ebc/0x5150 drivers/usb/core/hub.c:5903
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/0:2:969 blocked for more than 144 seconds.
Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:2 state:D stack:20512 pid:969 tgid:969 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5328 [inline]
__schedule+0x18af/0x4bd0 kernel/sched/core.c:6690
__schedule_loop kernel/sched/core.c:6767 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6782
schedule_timeout+0xb0/0x310 kernel/time/timer.c:2591
do_wait_for_common kernel/sched/completion.c:95 [inline]
__wait_for_common kernel/sched/completion.c:116 [inline]
wait_for_common kernel/sched/completion.c:127 [inline]
wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
r871xu_dev_remove+0x72/0x450 drivers/staging/rtl8712/usb_intf.c:594
usb_unbind_interface+0x25e/0x940 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x503/0x7c0 drivers/base/dd.c:1296
bus_remove_device+0x34f/0x420 drivers/base/bus.c:576
device_del+0x57a/0x9b0 drivers/base/core.c:3864
usb_disable_device+0x3bf/0x850 drivers/usb/core/message.c:1418
usb_disconnect+0x340/0x950 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1ebc/0x5150 drivers/usb/core/hub.c:5903
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:2:3069 blocked for more than 144 seconds.
Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:2 state:D stack:21232 pid:3069 tgid:3069 ppid:2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5328 [inline]
__schedule+0x18af/0x4bd0 kernel/sched/core.c:6690
__schedule_loop kernel/sched/core.c:6767 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6782
schedule_timeout+0xb0/0x310 kernel/time/timer.c:2591
do_wait_for_common kernel/sched/completion.c:95 [inline]
__wait_for_common kernel/sched/completion.c:116 [inline]
wait_for_common kernel/sched/completion.c:127 [inline]
wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
r871xu_dev_remove+0x72/0x450 drivers/staging/rtl8712/usb_intf.c:594
usb_unbind_interface+0x25e/0x940 drivers/usb/core/driver.c:461
device_remove drivers/base/dd.c:569 [inline]
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x503/0x7c0 drivers/base/dd.c:1296
bus_remove_device+0x34f/0x420 drivers/base/bus.c:576
device_del+0x57a/0x9b0 drivers/base/core.c:3864
usb_disable_device+0x3bf/0x850 drivers/usb/core/message.c:1418
usb_disconnect+0x340/0x950 drivers/usb/core/hub.c:2304
hub_port_connect drivers/usb/core/hub.c:5361 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
port_event drivers/usb/core/hub.c:5821 [inline]
hub_event+0x1ebc/0x5150 drivers/usb/core/hub.c:5903
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: task kworker/1:8:5977 blocked for more than 144 seconds.
Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:8 state:D stack:27736 pid:5977 tgid:5977 ppid:2 flags:0x00004000
Workqueue: events_power_efficient crda_timeout_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5328 [inline]
__schedule+0x18af/0x4bd0 kernel/sched/core.c:6690
__schedule_loop kernel/sched/core.c:6767 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6782
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6839
__mutex_lock_common kernel/locking/mutex.c:684 [inline]
__mutex_lock+0x6a7/0xd70 kernel/locking/mutex.c:752
crda_timeout_work+0x15/0x50 net/wireless/reg.c:540
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Showing all locks held in the system:
5 locks held by kworker/0:0/8:
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc900000d7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc900000d7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff888145321190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888145321190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 drivers/usb/core/hub.c:5849
#3: ffff88807b7f3190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff88807b7f3190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 drivers/usb/core/hub.c:2295
#4: ffff88807cf22160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88807cf22160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff88807cf22160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1293
3 locks held by kworker/0:1/9:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc900000e7d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc900000e7d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
6 locks held by kworker/1:0/25:
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc900001f7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc900001f7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff888145309190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff888145309190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 drivers/usb/core/hub.c:5849
#3: ffff8880725df190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff8880725df190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 drivers/usb/core/hub.c:2295
#4: ffff8880717f3160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff8880717f3160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff8880717f3160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1293
#5: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: unregister_netdev+0x12/0x30 net/core/dev.c:11482
1 lock held by khungtaskd/30:
#0: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6720
6 locks held by kworker/1:1/46:
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90000b67d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90000b67d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff8881453b1190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff8881453b1190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 drivers/usb/core/hub.c:5849
#3: ffff8880725d9190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff8880725d9190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 drivers/usb/core/hub.c:2295
#4: ffff88807968e160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88807968e160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff88807968e160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1293
#5: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: unregister_netdev+0x12/0x30 net/core/dev.c:11482
3 locks held by kworker/u8:3/52:
#0: ffff88814cacd148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88814cacd148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90000bd7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90000bd7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4736
5 locks held by kworker/0:2/969:
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc900039d7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc900039d7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff8881453b9190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff8881453b9190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 drivers/usb/core/hub.c:5849
#3: ffff88807b7f2190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff88807b7f2190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 drivers/usb/core/hub.c:2295
#4: ffff88807b7f7160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88807b7f7160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff88807b7f7160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1293
5 locks held by kworker/1:2/3069:
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801e2c2548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc9000b967d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc9000b967d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffff8881453d1190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#2: ffff8881453d1190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 drivers/usb/core/hub.c:5849
#3: ffff8881446a7190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#3: ffff8881446a7190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 drivers/usb/core/hub.c:2295
#4: ffff88807cf25160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88807cf25160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff88807cf25160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1293
2 locks held by dhcpcd/5511:
#0: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1aa0 net/ipv4/devinet.c:1112
#1: ffff88807b39ce28 (&padapter->mutex_start){+.+.}-{3:3}, at: netdev_open+0x3c/0x780 drivers/staging/rtl8712/os_intfs.c:392
2 locks held by getty/5598:
#0: ffff888034be20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 drivers/tty/n_tty.c:2211
3 locks held by kworker/1:3/5849:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003e37d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003e37d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
3 locks held by kworker/0:3/5852:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003e57d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003e57d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
4 locks held by udevd/5854:
#0: ffff8880329ae418 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb4/0xd70 fs/seq_file.c:182
#1: ffff88802a334888 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0 fs/kernfs/file.c:154
#2: ffff888074a3a788 (kn->active#27){++++}-{0:0}, at: kernfs_seq_start+0x72/0x3b0 fs/kernfs/file.c:155
#3: ffff8880725d9190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:1019 [inline]
#3: ffff8880725d9190 (&dev->mutex){....}-{3:3}, at: manufacturer_show+0x26/0xa0 drivers/usb/core/sysfs.c:142
3 locks held by kworker/1:4/5855:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003e77d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003e77d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
4 locks held by udevd/5866:
#0: ffff8880118c0c30 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb4/0xd70 fs/seq_file.c:182
#1: ffff88801bb2a888 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0 fs/kernfs/file.c:154
#2: ffff888032fbab48 (kn->active#27){++++}-{0:0}, at: kernfs_seq_start+0x72/0x3b0 fs/kernfs/file.c:155
#3: ffff8880725df190 (&dev->mutex){....}-{3:3}, at: device_lock_interruptible include/linux/device.h:1019 [inline]
#3: ffff8880725df190 (&dev->mutex){....}-{3:3}, at: manufacturer_show+0x26/0xa0 drivers/usb/core/sysfs.c:142
3 locks held by kworker/1:5/5872:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003e17d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003e17d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
3 locks held by kworker/0:4/5912:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003f7fd00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003f7fd00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
3 locks held by kworker/1:6/5969:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90003f6fd00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90003f6fd00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
3 locks held by kworker/0:6/5974:
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90004237d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90004237d00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: register_netdev+0x13/0x50 net/core/dev.c:10626
3 locks held by kworker/1:8/5977:
#0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90004327d00 ((crda_timeout).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90004327d00 ((crda_timeout).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: crda_timeout_work+0x15/0x50 net/wireless/reg.c:540
3 locks held by kworker/1:9/5978:
#0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
#0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 kernel/workqueue.c:3310
#1: ffffc90004337d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
#1: ffffc90004337d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 kernel/workqueue.c:3310
#2: ffffffff8fcd31c8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 net/wireless/reg.c:2480
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
watchdog+0xff4/0x1040 kernel/hung_task.c:379
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 3592 Comm: kworker/u8:11 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:csd_lock_wait kernel/smp.c:340 [inline]
RIP: 0010:smp_call_function_many_cond+0x19f3/0x2ca0 kernel/smp.c:884
Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 96 f3 0b 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 41 ef 0b 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 25 ef
RSP: 0018:ffffc9000c5176e0 EFLAGS: 00000293
RAX: ffffffff8188fb4b RBX: 1ffff110170c8ca1 RCX: ffff888031f4bc00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc9000c5178e0 R08: ffffffff8188fb1a R09: 1ffffffff2859900
R10: dffffc0000000000 R11: fffffbfff2859901 R12: dffffc0000000000
R13: ffff8880b8646508 R14: ffff8880b873fc80 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcef2511c00 CR3: 000000000e734000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1051
text_poke_bp_batch+0x9ef/0xb30
text_poke_flush arch/x86/kernel/alternative.c:2486 [inline]
text_poke_finish+0x30/0x50 arch/x86/kernel/alternative.c:2493
arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
static_key_enable_cpuslocked+0x136/0x260 kernel/jump_label.c:210
static_key_enable+0x1a/0x20 kernel/jump_label.c:223
toggle_allocation_gate+0xbc/0x260 mm/kfence/core.c:849
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.282 msecs