INFO: task hung in pvr2_hdw

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	INFO: task hung in pvr2_hdw_disconnect pvrusb2	1				4	394d	442d	0/29	auto-obsoleted due to no activity on 2025/03/11 01:34

INFO: task kworker/1:1:48 blocked for more than 145 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:1 state:D stack:23288 pid:48 tgid:48 ppid:2 task_flags:0x4288060 flags:0x00004000 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> context_switch kernel/sched/core.c:5357 [inline] __schedule+0x1190/0x5de0 kernel/sched/core.c:6961 __schedule_loop kernel/sched/core.c:7043 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:7058 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115 __mutex_lock_common kernel/locking/mutex.c:676 [inline] __mutex_lock+0x81b/0x1060 kernel/locking/mutex.c:760 pvr2_hdw_disconnect+0x8a/0x630 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2710 pvr2_context_disconnect+0x32/0xc0 drivers/media/usb/pvrusb2/pvrusb2-context.c:269 pvr_disconnect+0x80/0xf0 drivers/media/usb/pvrusb2/pvrusb2-main.c:79 usb_unbind_interface+0x1dd/0x9e0 drivers/usb/core/driver.c:458 device_remove drivers/base/dd.c:571 [inline] device_remove+0x122/0x170 drivers/base/dd.c:563 __device_release_driver drivers/base/dd.c:1274 [inline] device_release_driver_internal+0x44b/0x620 drivers/base/dd.c:1297 bus_remove_device+0x22f/0x420 drivers/base/bus.c:579 device_del+0x396/0x9f0 drivers/base/core.c:3878 usb_disable_device+0x355/0x7d0 drivers/usb/core/message.c:1418 usb_disconnect+0x2e1/0x9c0 drivers/usb/core/hub.c:2344 hub_port_connect drivers/usb/core/hub.c:5406 [inline] hub_port_connect_change drivers/usb/core/hub.c:5706 [inline] port_event drivers/usb/core/hub.c:5870 [inline] hub_event+0x1c81/0x4fe0 drivers/usb/core/hub.c:5952 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236 process_scheduled_works kernel/workqueue.c:3319 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400 kthread+0x3c2/0x780 kernel/kthread.c:463 ret_from_fork+0x56a/0x730 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> INFO: task kworker/1:4:5953 blocked for more than 145 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:4 state:D stack:22424 pid:5953 tgid:5953 ppid:2 task_flags:0x4208060 flags:0x00004000 Workqueue: events_power_efficient reg_check_chans_work Call Trace: <TASK> context_switch kernel/sched/core.c:5357 [inline] __schedule+0x1190/0x5de0 kernel/sched/core.c:6961 __schedule_loop kernel/sched/core.c:7043 [inline] schedule+0xe7/0x3a0 kernel/sched/core.c:7058 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115 __mutex_lock_common kernel/locking/mutex.c:676 [inline] __mutex_lock+0x81b/0x1060 kernel/locking/mutex.c:760 class_wiphy_constructor include/net/cfg80211.h:6212 [inline] reg_leave_invalid_chans net/wireless/reg.c:2471 [inline] reg_check_chans_work+0x10d/0x1180 net/wireless/reg.c:2486 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236 process_scheduled_works kernel/workqueue.c:3319 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400 kthread+0x3c2/0x780 kernel/kthread.c:463 ret_from_fork+0x56a/0x730 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> Showing all locks held in the system: 1 lock held by kworker/R-kvfre/6: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2676 3 locks held by kworker/0:0/9: 4 locks held by kworker/0:1/10: 3 locks held by kworker/u8:0/12: 3 locks held by kworker/u8:1/13: 1 lock held by kworker/R-mm_pe/14: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2734 [inline] #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3529 1 lock held by kworker/1:0/24: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2676 1 lock held by khungtaskd/31: #0: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #0: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #0: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775 4 locks held by kworker/u8:2/36: 6 locks held by kworker/1:1/48: #0: ffff888144e9bd48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211 #1: ffffc90000b87d10 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212 #2: ffff888029566198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:911 [inline] #2: ffff888029566198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fe0 drivers/usb/core/hub.c:5898 #3: ffff88806233c198 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:911 [inline] #3: ffff88806233c198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0x10a/0x9c0 drivers/usb/core/hub.c:2335 #4: ffff88802ae52160 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:911 [inline] #4: ffff88802ae52160 (&dev->mutex){....}-{4:4}, at: __device_driver_lock drivers/base/dd.c:1096 [inline] #4: ffff88802ae52160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xa4/0x620 drivers/base/dd.c:1294 #5: ffff8880618ac188 (&hdw->big_lock_mutex){+.+.}-{4:4}, at: pvr2_hdw_disconnect+0x8a/0x630 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2710 3 locks held by kworker/u8:3/49: 3 locks held by kworker/u8:4/68: #0: ffff88801b881148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211 #1: ffffc9000213fd10 ((work_completion)(&pool->idle_cull_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212 #2: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: idle_cull_fn+0x99/0x460 kernel/workqueue.c:2958 1 lock held by kswapd0/86: 3 locks held by kworker/1:2/92: 3 locks held by kworker/0:2/976: 3 locks held by kworker/u8:5/992: 2 locks held by pvrusb2-context/2336: #0: ffff8880618ac188 (&hdw->big_lock_mutex){+.+.}-{4:4}, at: pvr2_hdw_initialize+0xb6/0x4510 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2326 #1: ffffffff8e4756d0 (umhelper_sem){++++}-{4:4}, at: usermodehelper_read_trylock+0xa9/0x250 kernel/umh.c:214 3 locks held by kworker/u8:6/2960: 3 locks held by kworker/u8:7/2984: 7 locks held by kworker/u8:8/3007: 3 locks held by kworker/R-ipv6_/3199: #0: ffff888031612948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211 #1: ffffc9000c4e7ca8 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212 #2: ffffffff90384fc8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline] #2: ffffffff90384fc8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30 net/ipv6/addrconf.c:4734 1 lock held by kworker/R-bat_e/3423: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2676 3 locks held by kworker/u8:9/5078: 1 lock held by klogd/5210: 1 lock held by udevd/5221: 2 locks held by dhcpcd/5515: 4 locks held by dhcpcd/5516: 2 locks held by getty/5606: #0: ffff8880320e70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243 #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222 1 lock held by syz-executor/5831: 4 locks held by udevd/5926: #0: ffff8880675f69e0 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12c0 fs/seq_file.c:182 #1: ffff888056d0b088 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x4f/0x2a0 fs/kernfs/file.c:172 #2: ffff88801c7adc38 (kn->active#28){++++}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline] #2: ffff88801c7adc38 (kn->active#28){++++}-{0:0}, at: kernfs_seq_start+0xbc/0x2a0 fs/kernfs/file.c:173 #3: ffff88806233c198 (&dev->mutex){....}-{4:4}, at: device_lock_interruptible include/linux/device.h:916 [inline] #3: ffff88806233c198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0 drivers/usb/core/sysfs.c:142 4 locks held by kworker/0:3/5927: 3 locks held by kworker/0:4/5941: 3 locks held by kworker/1:3/5952: 4 locks held by kworker/1:4/5953: #0: ffff88801b87a148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211 #1: ffffc90003e3fd10 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212 #2: ffffffff90384fc8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x83/0x1180 net/wireless/reg.c:2483 #3: ffff888035288768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6212 [inline] #3: ffff888035288768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_leave_invalid_chans net/wireless/reg.c:2471 [inline] #3: ffff888035288768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x10d/0x1180 net/wireless/reg.c:2486 1 lock held by syz-executor/5981: 5 locks held by syz-executor/5982: 1 lock held by syz-executor/5991: 1 lock held by kworker/R-wg-cr/6011: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2734 [inline] #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3529 1 lock held by kworker/R-wg-cr/6013: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2676 1 lock held by kworker/R-wg-cr/6015: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2734 [inline] #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3529 1 lock held by kworker/R-wg-cr/6017: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2676 1 lock held by kworker/R-wg-cr/6018: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2734 [inline] #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3529 1 lock held by kworker/R-wg-cr/6020: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2676 1 lock held by kworker/R-wg-cr/6021: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2734 [inline] #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3529 1 lock held by kworker/R-wg-cr/6022: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2734 [inline] #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3529 1 lock held by kworker/R-wg-cr/6023: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2734 [inline] #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3529 1 lock held by kworker/R-wg-cr/6024: 1 lock held by kworker/R-wg-cr/6025: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2734 [inline] #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3529 1 lock held by kworker/R-wg-cr/6026: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2734 [inline] #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3529 1 lock held by kworker/R-wg-cr/6027: 1 lock held by kworker/R-wg-cr/6028: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_detach_from_pool kernel/workqueue.c:2734 [inline] #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0x839/0xea0 kernel/workqueue.c:3529 3 locks held by kworker/0:5/6062: 3 locks held by kworker/0:6/6101: 2 locks held by kworker/0:7/6111: 4 locks held by kworker/1:5/6127: 2 locks held by kworker/0:8/6143: 3 locks held by kworker/0:9/6144: #0: ffff88801b878d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211 #1: ffffc900035a7d10 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212 #2: ffffffff90384fc8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104 3 locks held by kworker/1:6/6255: 2 locks held by kworker/1:7/6256: 1 lock held by kworker/R-bond2/10057: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2676 4 locks held by syz.2.2234/10619: 3 locks held by kworker/u8:10/10622: 3 locks held by kworker/u8:11/10623: 4 locks held by kworker/u8:12/10626: #0: ffff8880354c5148 ((wq_completion)wg-kex-wg1){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211 #1: ffffc900056f7d10 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212 #2: ffff88807c80d308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0xec/0x650 drivers/net/wireguard/noise.c:529 #3: ffff888076f234c0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x100/0x650 drivers/net/wireguard/noise.c:530 1 lock held by kworker/u8:13/10628: #0: ffffffff8e478808 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x27/0x420 kernel/workqueue.c:2676 5 locks held by kworker/1:8/10629: 1 lock held by kworker/0:10/10630: ============================================= NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline] watchdog+0xf0e/0x1260 kernel/hung_task.c:491 kthread+0x3c2/0x780 kernel/kthread.c:463 ret_from_fork+0x56a/0x730 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 3007 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 Workqueue: events_unbound cfg80211_wiphy_work RIP: 0010:match_held_lock+0xf/0xc0 kernel/locking/lockdep.c:5309 Code: 58 ff ff ff 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 53 48 89 fb 48 39 77 10 74 55 66 83 7f 22 1f <76> 65 48 8b 46 08 48 89 f7 48 85 c0 74 4d 8b 15 2d 82 51 0f 85 d2 RSP: 0018:ffffc90000006870 EFLAGS: 00000093 RAX: 000000000000000f RBX: ffff888030c3d3e8 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffffff90384fc8 RDI: ffff888030c3d3e8 RBP: ffffffff90384fc8 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: ffff888030c3c880 R13: ffff888030c3d370 R14: 00000000ffffffff R15: 0000000000000003 FS: 0000000000000000(0000) GS:ffff8881246b4000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6f67b056c0 CR3: 0000000032815000 CR4: 00000000003526f0 Call Trace: <IRQ> __lock_is_held kernel/locking/lockdep.c:5601 [inline] lock_is_held_type+0xb0/0x150 kernel/locking/lockdep.c:5940 lock_is_held include/linux/lockdep.h:249 [inline] lockdep_rtnl_is_held+0x1b/0x40 net/core/rtnetlink.c:182 __in6_dev_get include/net/addrconf.h:347 [inline] ip6_ignore_linkdown include/net/addrconf.h:443 [inline] find_match+0x34b/0x15d0 net/ipv6/route.c:780 __find_rr_leaf+0x140/0xe00 net/ipv6/route.c:868 find_rr_leaf net/ipv6/route.c:889 [inline] rt6_select net/ipv6/route.c:933 [inline] fib6_table_lookup+0x57c/0xa30 net/ipv6/route.c:2233 ip6_pol_route+0x1cc/0x1230 net/ipv6/route.c:2269 pol_lookup_func include/net/ip6_fib.h:617 [inline] fib6_rule_lookup+0x536/0x720 net/ipv6/fib6_rules.c:120 ip6_route_input_lookup net/ipv6/route.c:2338 [inline] ip6_route_input+0x662/0xc00 net/ipv6/route.c:2641 ip6_rcv_finish_core.constprop.0+0x1a0/0x5d0 net/ipv6/ip6_input.c:66 ip6_rcv_finish+0x130/0x580 net/ipv6/ip6_input.c:77 ip_sabotage_in+0x21e/0x290 net/bridge/br_netfilter_hooks.c:990 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_slow+0xbb/0x200 net/netfilter/core.c:623 nf_hook.constprop.0+0x422/0x750 include/linux/netfilter.h:273 NF_HOOK include/linux/netfilter.h:316 [inline] ipv6_rcv+0xa4/0x650 net/ipv6/ip6_input.c:311 __netif_receive_skb_one_core+0x12d/0x1e0 net/core/dev.c:5991 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6104 netif_receive_skb_internal net/core/dev.c:6190 [inline] netif_receive_skb+0x137/0x7b0 net/core/dev.c:6249 NF_HOOK include/linux/netfilter.h:318 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] br_pass_frame_up+0x346/0x490 net/bridge/br_input.c:70 br_handle_frame_finish+0xf5a/0x1ca0 net/bridge/br_input.c:227 br_nf_hook_thresh+0x307/0x410 net/bridge/br_netfilter_hooks.c:1167 br_nf_pre_routing_finish_ipv6+0x76a/0xfb0 net/bridge/br_netfilter_ipv6.c:154 NF_HOOK include/linux/netfilter.h:318 [inline] br_nf_pre_routing_ipv6+0x3cd/0x8c0 net/bridge/br_netfilter_ipv6.c:184 br_nf_pre_routing+0x860/0x15b0 net/bridge/br_netfilter_hooks.c:508 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_bridge_pre net/bridge/br_input.c:283 [inline] br_handle_frame+0xad8/0x14b0 net/bridge/br_input.c:434 __netif_receive_skb_core.constprop.0+0xa25/0x48c0 net/core/dev.c:5878 __netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:5989 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6104 process_backlog+0x442/0x15e0 net/core/dev.c:6456 __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7506 napi_poll net/core/dev.c:7569 [inline] net_rx_action+0xa9f/0xfe0 net/core/dev.c:7696 handle_softirqs+0x219/0x8e0 kernel/softirq.c:579 do_softirq kernel/softirq.c:480 [inline] do_softirq+0xb2/0xf0 kernel/softirq.c:467 </IRQ> <TASK> __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:407 spin_unlock_bh include/linux/spinlock.h:396 [inline] cfg80211_inform_single_bss_data+0x9ae/0x1df0 net/wireless/scan.c:2396 cfg80211_inform_bss_data+0x224/0x3bd0 net/wireless/scan.c:3235 cfg80211_inform_bss_frame_data+0x26f/0x750 net/wireless/scan.c:3326 ieee80211_bss_info_update+0x310/0xab0 net/mac80211/scan.c:226 ieee80211_rx_bss_info net/mac80211/ibss.c:1094 [inline] ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1573 [inline] ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0 net/mac80211/ibss.c:1600 ieee80211_iface_process_skb net/mac80211/iface.c:1699 [inline] ieee80211_iface_work+0xe2e/0x1360 net/mac80211/iface.c:1753 cfg80211_wiphy_work+0x2c4/0x580 net/wireless/core.c:435 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236 process_scheduled_works kernel/workqueue.c:3319 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400 kthread+0x3c2/0x780 kernel/kthread.c:463 ret_from_fork+0x56a/0x730 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK>

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/09/14 10:45	upstream	f83a4f2a4d8c	e2beed91	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	INFO: task hung in pvr2_hdw_disconnect
2025/07/05 20:11	upstream	a79a588fc176	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	INFO: task hung in pvr2_hdw_disconnect

Crashes (2):

Assets (help?)