[ 58.205661][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.275398][ T57] device veth1_macvtap left promiscuous mode [ 58.275564][ T57] device veth0_macvtap left promiscuous mode [ 58.275685][ T57] device veth1_vlan left promiscuous mode [ 58.275874][ T57] device veth0_vlan left promiscuous mode [ 58.522110][ T57] team0 (unregistering): Port device team_slave_1 removed [ 58.526279][ T57] team0 (unregistering): Port device team_slave_0 removed [ 58.542702][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 58.556086][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 58.613046][ T57] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.1.33' (ECDSA) to the list of known hosts. 2022/06/08 01:28:57 parsed 1 programs 2022/06/08 01:28:57 executed programs: 0 [ 73.128163][ T28] kauditd_printk_skb: 74 callbacks suppressed [ 73.128179][ T28] audit: type=1400 audit(1654651737.514:188): avc: denied { mounton } for pid=4024 comm="syz-executor" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 73.131164][ T4024] cgroup: Unknown subsys name 'net' [ 73.137032][ T4024] cgroup: Unknown subsys name 'rlimit' [ 73.168499][ T28] audit: type=1400 audit(1654651737.524:189): avc: denied { mounton } for pid=4024 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 73.168545][ T28] audit: type=1400 audit(1654651737.524:190): avc: denied { mount } for pid=4024 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 73.168579][ T28] audit: type=1400 audit(1654651737.524:191): avc: denied { create } for pid=4024 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 73.168614][ T28] audit: type=1400 audit(1654651737.524:192): avc: denied { write } for pid=4024 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 73.168648][ T28] audit: type=1400 audit(1654651737.524:193): avc: denied { read } for pid=4024 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 73.229867][ T28] audit: type=1400 audit(1654651737.614:194): avc: denied { getattr } for pid=4032 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/ntp.conf/eth0.dhcp" dev="tmpfs" ino=1449 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 73.253037][ T28] audit: type=1400 audit(1654651737.634:195): avc: denied { create } for pid=4035 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 73.275921][ T28] audit: type=1400 audit(1654651737.654:196): avc: denied { read } for pid=4036 comm="sed" name="eth0.dhcp" dev="tmpfs" ino=1449 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 73.276202][ T28] audit: type=1400 audit(1654651737.654:197): avc: denied { open } for pid=4036 comm="sed" path="/run/dhcpcd/hook-state/ntp.conf/eth0.dhcp" dev="tmpfs" ino=1449 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 76.397494][ T3608] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 76.639869][ T1135] cfg80211: failed to load regulatory.db [ 78.484493][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 78.484508][ T28] audit: type=1400 audit(1654651742.864:202): avc: denied { ioctl } for pid=4066 comm="syz-executor.0" path="socket:[29487]" dev="sockfs" ino=29487 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 78.485862][ T49] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.486567][ T49] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.486973][ T49] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.489068][ T49] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.489533][ T49] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 78.489771][ T49] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.522347][ T28] audit: type=1400 audit(1654651742.874:203): avc: denied { read } for pid=4066 comm="syz-executor.0" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 78.522390][ T28] audit: type=1400 audit(1654651742.874:204): avc: denied { open } for pid=4066 comm="syz-executor.0" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 78.522424][ T28] audit: type=1400 audit(1654651742.874:205): avc: denied { mounton } for pid=4066 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 78.640082][ T4066] chnl_net:caif_netlink_parms(): no params data found [ 78.678768][ T4066] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.678845][ T4066] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.679514][ T4066] device bridge_slave_0 entered promiscuous mode [ 78.681149][ T4066] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.681277][ T4066] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.681912][ T4066] device bridge_slave_1 entered promiscuous mode [ 78.728286][ T4066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.731120][ T4066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.759138][ T4066] team0: Port device team_slave_0 added [ 78.760755][ T4066] team0: Port device team_slave_1 added [ 78.781633][ T4066] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.781643][ T4066] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.781658][ T4066] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.783098][ T4066] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.783106][ T4066] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.783121][ T4066] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.881794][ T4066] device hsr_slave_0 entered promiscuous mode [ 78.883054][ T4066] device hsr_slave_1 entered promiscuous mode [ 78.952571][ T4066] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.952611][ T4066] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.952714][ T4066] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.952753][ T4066] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.999854][ T4066] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.004931][ T1135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.005588][ T1135] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.005957][ T1135] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.006685][ T1135] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 79.019254][ T4066] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.053542][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.053949][ T3617] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.054004][ T3617] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.054437][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.054869][ T3617] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.054921][ T3617] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.056453][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.058729][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.069860][ T1135] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.073412][ T1135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.078705][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.082294][ T4066] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.110807][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 79.110939][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 79.119217][ T4066] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.338709][ T1135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.343239][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.343793][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.344190][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.346699][ T4066] device veth0_vlan entered promiscuous mode [ 79.353245][ T4066] device veth1_vlan entered promiscuous mode [ 79.372181][ T1135] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 79.372768][ T1135] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 79.373516][ T1135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.377018][ T4066] device veth0_macvtap entered promiscuous mode [ 79.383350][ T4066] device veth1_macvtap entered promiscuous mode [ 79.397100][ T4066] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.397205][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 79.405240][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 79.414300][ T4066] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.414607][ T1135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 79.500336][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.500354][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.502272][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.531096][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.531115][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.533113][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 79.548023][ T28] audit: type=1400 audit(1654651743.924:206): avc: denied { mounton } for pid=4066 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=2313 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 79.606825][ T28] audit: type=1400 audit(1654651743.984:207): avc: denied { ioctl } for pid=4084 comm="syz-executor.0" path="/dev/raw-gadget" dev="devtmpfs" ino=725 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 79.877410][ T6] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 80.137427][ T6] usb 1-1: Using ep0 maxpacket: 32 [ 80.277595][ T6] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 80.467475][ T6] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.85 [ 80.467507][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.467529][ T6] usb 1-1: Product: syz [ 80.467544][ T6] usb 1-1: Manufacturer: syz [ 80.467556][ T6] usb 1-1: SerialNumber: syz [ 80.479351][ T6] usb 1-1: config 0 descriptor?? [ 80.508720][ T4085] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 80.569245][ T1135] Bluetooth: hci0: command 0x0409 tx timeout 2022/06/08 01:29:05 executed programs: 1 [ 82.637473][ T14] Bluetooth: hci0: command 0x041b tx timeout [ 84.717882][ T14] Bluetooth: hci0: command 0x040f tx timeout [ 86.797532][ T14] Bluetooth: hci0: command 0x0419 tx timeout 2022/06/08 01:29:11 executed programs: 3 2022/06/08 01:29:17 executed programs: 5 2022/06/08 01:29:23 executed programs: 7 2022/06/08 01:29:29 executed programs: 9 2022/06/08 01:29:35 executed programs: 11 2022/06/08 01:29:41 executed programs: 13 2022/06/08 01:29:47 executed programs: 15 2022/06/08 01:29:53 executed programs: 17 [ 132.959194][ T1229] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.959268][ T1229] ieee802154 phy1 wpan1: encryption failed: -22 2022/06/08 01:29:59 executed programs: 19 2022/06/08 01:30:05 executed programs: 21 2022/06/08 01:30:12 executed programs: 23 2022/06/08 01:30:18 executed programs: 25 2022/06/08 01:30:24 executed programs: 27 2022/06/08 01:30:30 executed programs: 29 2022/06/08 01:30:36 executed programs: 31 2022/06/08 01:30:42 executed programs: 33 2022/06/08 01:30:48 executed programs: 35 2022/06/08 01:30:54 executed programs: 37 [ 194.409380][ T1229] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.409429][ T1229] ieee802154 phy1 wpan1: encryption failed: -22 2022/06/08 01:31:00 executed programs: 39 [ 201.597939][ T3613] Bluetooth: hci0: command 0x0406 tx timeout 2022/06/08 01:31:06 executed programs: 41 2022/06/08 01:31:12 executed programs: 43 2022/06/08 01:31:18 executed programs: 45 2022/06/08 01:31:24 executed programs: 47 2022/06/08 01:31:30 executed programs: 49 2022/06/08 01:31:36 executed programs: 51 [ 232.807358][ T29] INFO: task kworker/0:0:6 blocked for more than 143 seconds. [ 232.815488][ T29] Not tainted 5.18.0-syzkaller-11503-gbd8bb9aed56b-dirty #0 [ 232.823417][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 232.832282][ T29] task:kworker/0:0 state:D stack:24728 pid: 6 ppid: 2 flags:0x00004000 [ 232.841671][ T29] Workqueue: usb_hub_wq hub_event [ 232.846831][ T29] Call Trace: [ 232.850264][ T29] [ 232.853235][ T29] __schedule+0xa00/0x4b30 [ 232.858059][ T29] ? find_held_lock+0x2d/0x110 [ 232.862951][ T29] ? wq_worker_sleeping+0x1e5/0x250 [ 232.868332][ T29] ? io_schedule_timeout+0x140/0x140 [ 232.873645][ T29] ? lockdep_hardirqs_on+0x79/0x100 [ 232.879256][ T29] schedule+0xd2/0x1f0 [ 232.883576][ T29] schedule_preempt_disabled+0xf/0x20 [ 232.889322][ T29] __mutex_lock+0xa70/0x1350 [ 232.894061][ T29] ? add_early_randomness+0x1a/0x170 [ 232.899503][ T29] ? mutex_lock_io_nested+0x1190/0x1190 [ 232.905087][ T29] ? __mutex_unlock_slowpath+0x157/0x5e0 [ 232.910965][ T29] ? hwrng_init+0x29e/0x350 [ 232.915613][ T29] ? hwrng_manage_rngd+0x160/0x160 [ 232.920961][ T29] add_early_randomness+0x1a/0x170 [ 232.926151][ T29] hwrng_register+0x399/0x510 [ 232.930974][ T29] chaoskey_probe+0x7b5/0xc40 [ 232.935864][ T29] ? chaoskey_suspend+0x40/0x40 [ 232.940855][ T29] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 232.946753][ T29] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 232.952719][ T29] usb_probe_interface+0x315/0x7f0 [ 232.958801][ T29] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 232.964221][ T29] really_probe+0x23e/0xb20 [ 232.968931][ T29] __driver_probe_device+0x338/0x4d0 [ 232.974241][ T29] ? usb_match_id.part.0+0x15d/0x1b0 [ 232.979617][ T29] driver_probe_device+0x4c/0x1a0 [ 232.984662][ T29] __device_attach_driver+0x20b/0x2f0 [ 232.990396][ T29] ? driver_allows_async_probing+0x150/0x150 [ 232.996481][ T29] bus_for_each_drv+0x15f/0x1e0 [ 233.001518][ T29] ? bus_for_each_dev+0x1d0/0x1d0 [ 233.006681][ T29] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 233.012648][ T29] ? lockdep_hardirqs_on+0x79/0x100 [ 233.017964][ T29] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 233.023795][ T29] __device_attach+0x228/0x4a0 [ 233.028686][ T29] ? device_driver_attach+0x210/0x210 [ 233.034098][ T29] ? kobject_uevent_env+0x2ac/0x1660 [ 233.039616][ T29] bus_probe_device+0x1e4/0x290 [ 233.044485][ T29] device_add+0xb83/0x1e20 [ 233.049041][ T29] ? mark_held_locks+0x9f/0xe0 [ 233.053827][ T29] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 233.060319][ T29] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 233.066158][ T29] usb_set_configuration+0x101e/0x1900 [ 233.071800][ T29] usb_generic_driver_probe+0xba/0x100 [ 233.077387][ T29] usb_probe_device+0xd9/0x2c0 [ 233.082187][ T29] ? usb_driver_release_interface+0x180/0x180 [ 233.088400][ T29] really_probe+0x23e/0xb20 [ 233.093050][ T29] __driver_probe_device+0x338/0x4d0 [ 233.099546][ T29] driver_probe_device+0x4c/0x1a0 [ 233.104599][ T29] __device_attach_driver+0x20b/0x2f0 [ 233.110105][ T29] ? driver_allows_async_probing+0x150/0x150 [ 233.116125][ T29] bus_for_each_drv+0x15f/0x1e0 [ 233.121075][ T29] ? bus_for_each_dev+0x1d0/0x1d0 [ 233.126127][ T29] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 233.132184][ T29] ? lockdep_hardirqs_on+0x79/0x100 [ 233.137533][ T29] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 233.143371][ T29] __device_attach+0x228/0x4a0 [ 233.148287][ T29] ? device_driver_attach+0x210/0x210 [ 233.153718][ T29] ? kobject_uevent_env+0x2ac/0x1660 [ 233.159218][ T29] bus_probe_device+0x1e4/0x290 [ 233.164306][ T29] device_add+0xb83/0x1e20 [ 233.168933][ T29] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 233.174793][ T29] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 233.181242][ T29] usb_new_device.cold+0x641/0x1091 [ 233.186512][ T29] ? hub_disconnect+0x510/0x510 [ 233.191565][ T29] ? rwlock_bug.part.0+0x90/0x90 [ 233.196527][ T29] ? _raw_spin_unlock_irq+0x1f/0x40 [ 233.201834][ T29] ? _raw_spin_unlock_irq+0x1f/0x40 [ 233.207793][ T29] hub_event+0x25c6/0x4680 [ 233.212488][ T29] ? hub_port_debounce+0x3c0/0x3c0 [ 233.217855][ T29] ? lock_release+0x780/0x780 [ 233.222579][ T29] ? lock_downgrade+0x6e0/0x6e0 [ 233.227553][ T29] ? do_raw_spin_lock+0x120/0x2a0 [ 233.232613][ T29] process_one_work+0x996/0x1610 [ 233.237787][ T29] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 233.243273][ T29] ? rwlock_bug.part.0+0x90/0x90 [ 233.248311][ T29] ? _raw_spin_lock_irq+0x41/0x50 [ 233.253367][ T29] worker_thread+0x665/0x1080 [ 233.258124][ T29] ? process_one_work+0x1610/0x1610 [ 233.263338][ T29] kthread+0x2e9/0x3a0 [ 233.267802][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 233.273463][ T29] ret_from_fork+0x1f/0x30 [ 233.278045][ T29] [ 233.281185][ T29] [ 233.281185][ T29] Showing all locks held in the system: [ 233.289229][ T29] 6 locks held by kworker/0:0/6: [ 233.294192][ T29] #0: ffff88801756a938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 [ 233.305272][ T29] #1: ffffc900002cfda8 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 [ 233.316660][ T29] #2: ffff888147718190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4680 [ 233.325649][ T29] #3: ffff88806a2f0190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 [ 233.335090][ T29] #4: ffff88806a270118 (&dev->mutex){....}-{3:3}, at: __device_attach+0x7a/0x4a0 [ 233.344491][ T29] #5: ffffffff8c828728 (reading_mutex){+.+.}-{3:3}, at: add_early_randomness+0x1a/0x170 [ 233.354502][ T29] 1 lock held by khungtaskd/29: [ 233.359542][ T29] #0: ffffffff8bd840e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 233.370506][ T29] 2 locks held by kworker/u4:5/58: [ 233.376015][ T29] #0: ffff8880b9a39f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2b/0x120 [ 233.386126][ T29] #1: ffff8880b9a277c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x176/0x4e0 [ 233.397687][ T29] 1 lock held by hwrng/756: [ 233.402196][ T29] #0: ffffffff8c828728 (reading_mutex){+.+.}-{3:3}, at: hwrng_fillfn+0x141/0x370 [ 233.411563][ T29] 2 locks held by getty/3281: [ 233.416363][ T29] #0: ffff888022b5a098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 233.426260][ T29] #1: ffffc90001c382e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xcea/0x1230 [ 233.436529][ T29] [ 233.439219][ T29] ============================================= [ 233.439219][ T29] [ 233.447890][ T29] NMI backtrace for cpu 0 [ 233.452327][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 5.18.0-syzkaller-11503-gbd8bb9aed56b-dirty #0 [ 233.462437][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.472507][ T29] Call Trace: [ 233.475798][ T29] [ 233.478792][ T29] dump_stack_lvl+0xcd/0x134 [ 233.483607][ T29] nmi_cpu_backtrace.cold+0x47/0x144 [ 233.489091][ T29] ? lapic_can_unplug_cpu+0x80/0x80 [ 233.494555][ T29] nmi_trigger_cpumask_backtrace+0x1e6/0x230 [ 233.500730][ T29] watchdog+0xc22/0xf90 [ 233.504981][ T29] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 233.510964][ T29] kthread+0x2e9/0x3a0 [ 233.515066][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 233.520798][ T29] ret_from_fork+0x1f/0x30 [ 233.525233][ T29] [ 233.528765][ T29] Sending NMI from CPU 0 to CPUs 1: [ 233.534166][ C1] NMI backtrace for cpu 1 [ 233.534176][ C1] CPU: 1 PID: 1389 Comm: kworker/u4:7 Not tainted 5.18.0-syzkaller-11503-gbd8bb9aed56b-dirty #0 [ 233.534176][ C1] CPU: 1 PID: 1389 Comm: kworker/u4:7 Not tainted 5.18.0-syzkaller-11503-gbd8bb9aed56b-dirty #0 [ 233.534197][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.534208][ C1] Workqueue: phy5 ieee80211_iface_work [ 233.534308][ C1] RIP: 0010:unwind_next_frame+0x8c5/0x1cc0 [ 233.534342][ C1] Code: ff 80 3d a8 c0 70 0c 00 0f 85 ee fa ff ff e9 22 54 fb 07 48 b8 00 00 00 00 00 fc ff df 48 8b 54 24 08 48 c1 ea 03 80 3c 02 00 <0f> 85 73 10 00 00 4c 89 c0 4d 8b 75 38 48 ba 00 00 00 00 00 fc ff [ 233.534360][ C1] RSP: 0018:ffffc900059e7528 EFLAGS: 00000246 [ 233.534375][ C1] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8e3c9c1f [ 233.534388][ C1] RDX: 1ffff92000b3ceba RSI: 0000000000000001 RDI: 0000000000000001 [ 233.534406][ C1] RBP: ffffc900059e75e0 R08: ffffffff8e3c9c1a R09: ffffc900059e75cc [ 233.534419][ C1] R10: fffff52000b3cebe R11: 000000000008a07a R12: ffffc900059e75cd [ 233.534432][ C1] R13: ffffc900059e7598 R14: ffffffff81689fbb R15: ffffffff8e3c9c1e [ 233.534445][ C1] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 233.534464][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 233.534477][ C1] CR2: 00007f00c3e11110 CR3: 000000000ba8e000 CR4: 00000000003506e0 [ 233.534489][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 233.534500][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 233.534512][ C1] Call Trace: [ 233.534517][ C1] [ 233.534523][ C1] ? stack_trace_save+0x8c/0xc0 [ 233.534569][ C1] ? kernel_text_address+0xd/0x60 [ 233.534590][ C1] ? create_prof_cpu_mask+0x20/0x20 [ 233.534611][ C1] arch_stack_walk+0x7d/0xe0 [ 233.534659][ C1] ? stack_trace_save+0x8c/0xc0 [ 233.534679][ C1] stack_trace_save+0x8c/0xc0 [ 233.534699][ C1] ? filter_irq_stacks+0x90/0x90 [ 233.534719][ C1] ? lock_chain_count+0x20/0x20 [ 233.534741][ C1] ? ret_from_fork+0x1f/0x30 [ 233.534763][ C1] kasan_save_stack+0x1e/0x40 [ 233.534823][ C1] ? mark_lock.part.0+0xee/0x1910 [ 233.534846][ C1] ? mark_lock.part.0+0xee/0x1910 [ 233.534867][ C1] ? __lock_acquire+0x163e/0x5660 [ 233.534889][ C1] ? lock_chain_count+0x20/0x20 [ 233.534911][ C1] ? mark_lock.part.0+0xee/0x1910 [ 233.534932][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 233.534956][ C1] ? lock_chain_count+0x20/0x20 [ 233.534978][ C1] ? mark_held_locks+0x9f/0xe0 [ 233.534999][ C1] ? kmem_cache_alloc_trace+0x356/0x4a0 [ 233.535020][ C1] __kasan_kmalloc+0xa6/0xd0 [ 233.535040][ C1] kmem_cache_alloc_trace+0x1ea/0x4a0 [ 233.535061][ C1] ieee802_11_parse_elems_crc+0xd5/0x1060 [ 233.535116][ C1] ? trace_contention_end+0xea/0x150 [ 233.535137][ C1] ? __mutex_lock+0x231/0x1350 [ 233.535158][ C1] ? ieee80211_ibss_rx_queued_mgmt+0x101/0x33f0 [ 233.535179][ C1] ? mutex_lock_io_nested+0x1190/0x1190 [ 233.535201][ C1] ? ieee80211_wake_vif_queues+0x40/0x40 [ 233.535225][ C1] ? mark_lock.part.0+0xee/0x1910 [ 233.535247][ C1] ieee80211_ibss_rx_queued_mgmt+0xda5/0x33f0 [ 233.535269][ C1] ? ieee80211_ibss_rx_no_sta+0x840/0x840 [ 233.535288][ C1] ? kcov_remote_start+0x277/0x770 [ 233.535309][ C1] ? mark_held_locks+0x9f/0xe0 [ 233.535330][ C1] ? kcov_remote_start+0x155/0x770 [ 233.535349][ C1] ? kcov_remote_start+0x155/0x770 [ 233.535368][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 233.535391][ C1] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 233.535415][ C1] ieee80211_iface_work+0xa78/0xd10 [ 233.535436][ C1] process_one_work+0x996/0x1610 [ 233.535456][ C1] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 233.535476][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 233.535492][ C1] ? _raw_spin_lock_irq+0x41/0x50 [ 233.535511][ C1] worker_thread+0x665/0x1080 [ 233.535530][ C1] ? __kthread_parkme+0x15f/0x220 [ 233.535552][ C1] ? process_one_work+0x1610/0x1610 [ 233.535571][ C1] kthread+0x2e9/0x3a0 [ 233.535586][ C1] ? kthread_complete_and_exit+0x40/0x40 [ 233.535605][ C1] ret_from_fork+0x1f/0x30 [ 233.535626][ C1] [ 233.545313][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 233.545328][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted 5.18.0-syzkaller-11503-gbd8bb9aed56b-dirty #0 [ 233.545355][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.545369][ T29] Call Trace: [ 233.545376][ T29] [ 233.545385][ T29] dump_stack_lvl+0xcd/0x134 [ 233.545419][ T29] panic+0x2d7/0x636 [ 233.545468][ T29] ? panic_print_sys_info.part.0+0x10b/0x10b [ 233.545494][ T29] ? lapic_can_unplug_cpu+0x80/0x80 [ 233.545521][ T29] ? preempt_schedule_thunk+0x16/0x18 [ 233.545550][ T29] ? watchdog.cold+0x5/0x143 [ 233.545589][ T29] watchdog.cold+0x16/0x143 [ 233.545616][ T29] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 233.545644][ T29] kthread+0x2e9/0x3a0 [ 233.545666][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 233.545690][ T29] ret_from_fork+0x1f/0x30 [ 233.545718][ T29] [ 233.551476][ T29] Kernel Offset: disabled