./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4189024194
<...>
DUID 00:04:23:68:77:f1:65:66:05:56:fc:6e:24:65:03:30:d5:25
forked to background, child pid 4666
[ 20.671556][ T4667] 8021q: adding VLAN 0 to HW filter on device bond0
[ 20.681244][ T4667] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.153' (ECDSA) to the list of known hosts.
execve("./syz-executor4189024194", ["./syz-executor4189024194"], 0x7fff44f588b0 /* 10 vars */) = 0
brk(NULL) = 0x5555560e0000
brk(0x5555560e0c40) = 0x5555560e0c40
arch_prctl(ARCH_SET_FS, 0x5555560e0300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor4189024194", 4096) = 28
brk(0x555556101c40) = 0x555556101c40
brk(0x555556102000) = 0x555556102000
mprotect(0x7fe971da1000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 4997
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11) = 11
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2) = 2
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7) = 7
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "4997", 4) = 4
close(3) = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=784, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=4997}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x2e\x00\x00\x00\x98\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 784
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4997}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
access("/proc/net", R_OK) = 0
access("/proc/net/unix", R_OK) = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5) = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4997}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5) = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4997}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4997}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5) = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4997}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5) = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4997}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(3) = 0
close(4) = 0
unshare(CLONE_NEWPID) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5000 attached
, child_tidptr=0x5555560e05d0) = 5000
[pid 5000] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid 5000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5000] setsid() = 1
[pid 5000] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid 5000] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid 5000] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid 5000] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid 5000] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid 5000] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid 5000] unshare(CLONE_NEWNS) = 0
[pid 5000] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid 5000] unshare(CLONE_NEWIPC) = 0
[pid 5000] unshare(CLONE_NEWCGROUP) = 0
[pid 5000] unshare(CLONE_NEWUTS) = 0
[pid 5000] unshare(CLONE_SYSVSEM) = 0
[pid 5000] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid 5000] write(3, "16777216", 8) = 8
[pid 5000] close(3) = 0
[pid 5000] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid 5000] write(3, "536870912", 9) = 9
[pid 5000] close(3) = 0
[pid 5000] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid 5000] write(3, "1024", 4) = 4
[pid 5000] close(3) = 0
[pid 5000] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid 5000] write(3, "8192", 4) = 4
[pid 5000] close(3) = 0
[pid 5000] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid 5000] write(3, "1024", 4) = 4
[pid 5000] close(3) = 0
[pid 5000] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid 5000] write(3, "1024", 4) = 4
[pid 5000] close(3) = 0
[pid 5000] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid 5000] write(3, "1024 1048576 500 1024", 21) = 21
[pid 5000] close(3) = 0
[pid 5000] getpid() = 1
[pid 5000] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 5000] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 5000] unshare(CLONE_NEWNET) = 0
[pid 5000] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid 5000] write(3, "0 65535", 7) = 7
[pid 5000] close(3) = 0
[pid 5000] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid 5000] dup2(3, 200) = 200
[pid 5000] close(3) = 0
[pid 5000] ioctl(200, TUNSETIFF, 0x7ffde1618cc0) = 0
[pid 5000] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid 5000] write(3, "0", 1) = 1
[pid 5000] close(3) = 0
[pid 5000] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid 5000] write(3, "0", 1) = 1
[pid 5000] close(3) = 0
[pid 5000] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid 5000] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 5000] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 5000] close(4) = 0
[pid 5000] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid 5000] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5000] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 5000] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 5000] close(4) = 0
[pid 5000] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid 5000] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5000] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 5000] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 5000] close(4) = 0
[pid 5000] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid 5000] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5000] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 5000] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 5000] close(4) = 0
[pid 5000] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid 5000] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5000] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 5000] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 5000] close(4) = 0
[pid 5000] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid 5000] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5000] close(3) = 0
[pid 5000] mkdir("/dev/binderfs", 0777) = 0
[pid 5000] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid 5000] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5000] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 5000] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffde1617c30) = 0
[pid 5000] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 5000] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffde1617c30) = 0
[pid 5000] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffde1617c30) = 0
[pid 5000] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffde1616c20) = 18
syzkaller login: [ 41.129140][ T896] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid 5000] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffde1617c30) = 0
[ 41.379111][ T896] usb 1-1: Using ep0 maxpacket: 8
[pid 5000] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffde1616c20) = 18
[pid 5000] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffde1617c30) = 0
[pid 5000] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffde1616c20) = 9
[pid 5000] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffde1617c30) = 0
[pid 5000] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffde1616c20) = 18
[pid 5000] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffde1617c30) = 0
[pid 5000] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffde1616c20) = 4
[pid 5000] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffde1617c30) = 0
[pid 5000] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffde1616c20) = 8
[pid 5000] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffde1617c30) = 0
[pid 5000] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffde1616c20) = 8
[pid 5000] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffde1617c30) = 0
[pid 5000] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffde1616c20) = 8
[pid 5000] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffde1617c30) = 0
[pid 5000] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
[pid 5000] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 5000] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffde1616c20) = 0
[ 41.659170][ T896] usb 1-1: New USB device found, idVendor=2040, idProduct=f5a0, bcdDevice=62.4d
[ 41.668606][ T896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 41.676632][ T896] usb 1-1: Product: syz
[ 41.680837][ T896] usb 1-1: Manufacturer: syz
[ 41.685426][ T896] usb 1-1: SerialNumber: syz
[ 41.692134][ T896] usb 1-1: config 0 descriptor??
[pid 5000] close(3) = 0
[pid 5000] close(4) = -1 EBADF (Bad file descriptor)
[pid 5000] close(5) = -1 EBADF (Bad file descriptor)
[pid 5000] close(6) = -1 EBADF (Bad file descriptor)
[pid 5000] close(7) = -1 EBADF (Bad file descriptor)
[pid 5000] close(8) = -1 EBADF (Bad file descriptor)
[pid 5000] close(9) = -1 EBADF (Bad file descriptor)
[pid 5000] close(10) = -1 EBADF (Bad file descriptor)
[pid 5000] close(11) = -1 EBADF (Bad file descriptor)
[pid 5000] close(12) = -1 EBADF (Bad file descriptor)
[pid 5000] close(13) = -1 EBADF (Bad file descriptor)
[pid 5000] close(14) = -1 EBADF (Bad file descriptor)
[pid 5000] close(15) = -1 EBADF (Bad file descriptor)
[pid 5000] close(16) = -1 EBADF (Bad file descriptor)
[pid 5000] close(17) = -1 EBADF (Bad file descriptor)
[pid 5000] close(18) = -1 EBADF (Bad file descriptor)
[pid 5000] close(19) = -1 EBADF (Bad file descriptor)
[pid 5000] close(20) = -1 EBADF (Bad file descriptor)
[pid 5000] close(21) = -1 EBADF (Bad file descriptor)
[pid 5000] close(22) = -1 EBADF (Bad file descriptor)
[pid 5000] close(23) = -1 EBADF (Bad file descriptor)
[pid 5000] close(24) = -1 EBADF (Bad file descriptor)
[pid 5000] close(25) = -1 EBADF (Bad file descriptor)
[pid 5000] close(26) = -1 EBADF (Bad file descriptor)
[pid 5000] close(27) = -1 EBADF (Bad file descriptor)
[pid 5000] close(28) = -1 EBADF (Bad file descriptor)
[pid 5000] close(29) = -1 EBADF (Bad file descriptor)
[pid 5000] exit_group(1) = ?
[ 41.990909][ T896] smsusb:smsusb_probe: board id=8, interface number 0
[ 41.997807][ T896] ------------[ cut here ]------------
[ 42.003305][ T896] WARNING: CPU: 0 PID: 896 at kernel/workqueue.c:3182 __flush_work+0x946/0xb60
[ 42.012309][ T896] Modules linked in:
[ 42.016184][ T896] CPU: 0 PID: 896 Comm: kworker/0:2 Not tainted 6.4.0-rc3-syzkaller-00004-g421ca22e3138 #0
[ 42.026184][ T896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 42.036329][ T896] Workqueue: usb_hub_wq hub_event
[ 42.041419][ T896] RIP: 0010:__flush_work+0x946/0xb60
[ 42.046734][ T896] Code: 00 48 c7 c6 9b f7 53 81 48 c7 c7 40 90 79 8c e8 d0 ec 11 00 e9 6f fc ff ff e8 06 4b 30 00 0f 0b e9 63 fc ff ff e8 fa 4a 30 00 <0f> 0b 45 31 ed e9 54 fc ff ff e8 db 14 83 00 e9 3e fb ff ff e8 e1
[ 42.067210][ T896] RSP: 0018:ffffc9000514ec08 EFLAGS: 00010293
[ 42.073305][ T896] RAX: 0000000000000000 RBX: ffff88807d10e0e8 RCX: 0000000000000000
[ 42.081353][ T896] RDX: ffff88801f565940 RSI: ffffffff8153f7d6 RDI: 0000000000000001
[ 42.089361][ T896] RBP: ffffc9000514eda0 R08: 0000000000000001 R09: 0000000000000000
[ 42.097316][ T896] R10: 0000000000000001 R11: ffffffff81d6e472 R12: ffff88807d10e0e8
[ 42.105318][ T896] R13: 0000000000000001 R14: 0000000000000001 R15: ffff88807d10e100
[ 42.113361][ T896] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 42.122332][ T896] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.128918][ T896] CR2: 000055e15f54ff40 CR3: 0000000073326000 CR4: 0000000000350ef0
[ 42.136955][ T896] Call Trace:
[ 42.140248][ T896] <TASK>
[ 42.143181][ T896] ? lockdep_hardirqs_on+0x7d/0x100
[ 42.148385][ T896] ? print_usage_bug.part.0+0x660/0x660
[ 42.153971][ T896] ? mod_delayed_work_on+0x220/0x220
[ 42.159289][ T896] ? kasan_save_stack+0x32/0x40
[ 42.164127][ T896] ? kasan_save_stack+0x22/0x40
[ 42.168964][ T896] ? kasan_set_track+0x25/0x30
[ 42.173788][ T896] ? __kasan_kmalloc+0xa2/0xb0
[ 42.178572][ T896] ? smsusb_init_device+0xa7/0xd20
[ 42.183752][ T896] ? smsusb_probe+0x5b9/0x10b0
[ 42.188564][ T896] ? usb_probe_interface+0x30f/0x960
[ 42.193891][ T896] ? really_probe+0x240/0xca0
[ 42.198583][ T896] ? __driver_probe_device+0x1df/0x4b0
[ 42.204067][ T896] ? driver_probe_device+0x4c/0x1a0
[ 42.209291][ T896] ? __device_attach_driver+0x1d4/0x2e0
[ 42.214831][ T896] ? bus_for_each_drv+0x149/0x1d0
[ 42.219884][ T896] ? __device_attach+0x1e4/0x4b0
[ 42.224837][ T896] ? mark_held_locks+0x9f/0xe0
[ 42.229653][ T896] __cancel_work_timer+0x3f9/0x570
[ 42.234778][ T896] ? work_on_cpu_safe+0xa0/0xa0
[ 42.239675][ T896] smsusb_term_device+0xef/0x300
[ 42.244642][ T896] smsusb_init_device+0xb70/0xd20
[ 42.249732][ T896] ? smsusb_disconnect+0x20/0x20
[ 42.254695][ T896] smsusb_probe+0x5b9/0x10b0
[ 42.259323][ T896] ? smsusb_init_device+0xd20/0xd20
[ 42.264535][ T896] ? mark_held_locks+0x9f/0xe0
[ 42.269330][ T896] ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 42.276308][ T896] ? lockdep_hardirqs_on+0x7d/0x100
[ 42.281638][ T896] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 42.287460][ T896] ? __pm_runtime_set_status+0x442/0xd90
[ 42.293141][ T896] usb_probe_interface+0x30f/0x960
[ 42.298279][ T896] ? usb_match_dynamic_id+0x1a0/0x1a0
[ 42.303712][ T896] really_probe+0x240/0xca0
[ 42.308264][ T896] __driver_probe_device+0x1df/0x4b0
[ 42.313580][ T896] ? usb_match_id.part.0+0x163/0x1b0
[ 42.318888][ T896] driver_probe_device+0x4c/0x1a0
[ 42.323942][ T896] __device_attach_driver+0x1d4/0x2e0
[ 42.329373][ T896] bus_for_each_drv+0x149/0x1d0
[ 42.334230][ T896] ? driver_probe_device+0x1a0/0x1a0
[ 42.339538][ T896] ? bus_for_each_dev+0x1c0/0x1c0
[ 42.344571][ T896] ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 42.350442][ T896] ? lockdep_hardirqs_on+0x7d/0x100
[ 42.355655][ T896] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 42.361526][ T896] __device_attach+0x1e4/0x4b0
[ 42.366303][ T896] ? device_driver_attach+0x210/0x210
[ 42.371736][ T896] ? do_raw_spin_unlock+0x175/0x230
[ 42.376975][ T896] bus_probe_device+0x17c/0x1c0
[ 42.381861][ T896] device_add+0x112d/0x1a40
[ 42.386386][ T896] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270
[ 42.393271][ T896] usb_set_configuration+0x1196/0x1bc0
[ 42.398750][ T896] usb_generic_driver_probe+0xcf/0x130
[ 42.404302][ T896] usb_probe_device+0xd8/0x2c0
[ 42.409171][ T896] ? usb_driver_release_interface+0x190/0x190
[ 42.415257][ T896] really_probe+0x240/0xca0
[ 42.419809][ T896] __driver_probe_device+0x1df/0x4b0
[ 42.425184][ T896] driver_probe_device+0x4c/0x1a0
[ 42.430286][ T896] __device_attach_driver+0x1d4/0x2e0
[ 42.435700][ T896] bus_for_each_drv+0x149/0x1d0
[ 42.440589][ T896] ? driver_probe_device+0x1a0/0x1a0
[ 42.445913][ T896] ? bus_for_each_dev+0x1c0/0x1c0
[ 42.450976][ T896] ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 42.456800][ T896] ? lockdep_hardirqs_on+0x7d/0x100
[ 42.462029][ T896] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 42.467849][ T896] __device_attach+0x1e4/0x4b0
[ 42.472658][ T896] ? device_driver_attach+0x210/0x210
[ 42.478047][ T896] ? do_raw_spin_unlock+0x175/0x230
[ 42.483306][ T896] bus_probe_device+0x17c/0x1c0
[ 42.488188][ T896] device_add+0x112d/0x1a40
[ 42.492718][ T896] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270
[ 42.499594][ T896] ? add_device_randomness+0xb8/0xe0
[ 42.504895][ T896] usb_new_device+0xcb2/0x19d0
[ 42.509756][ T896] ? hub_disconnect+0x520/0x520
[ 42.514618][ T896] ? _raw_spin_unlock_irq+0x23/0x50
[ 42.519852][ T896] hub_event+0x2d9e/0x4e40
[ 42.524314][ T896] ? hub_port_debounce+0x3b0/0x3b0
[ 42.529508][ T896] ? lock_sync+0x190/0x190
[ 42.533961][ T896] ? lock_downgrade+0x690/0x690
[ 42.538837][ T896] ? do_raw_spin_lock+0x124/0x2b0
[ 42.543927][ T896] ? _raw_spin_unlock_irq+0x23/0x50
[ 42.549188][ T896] process_one_work+0x99a/0x15e0
[ 42.554138][ T896] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 42.559594][ T896] ? spin_bug+0x1c0/0x1c0
[ 42.563942][ T896] ? _raw_spin_lock_irq+0x45/0x50
[ 42.568962][ T896] worker_thread+0x67d/0x10c0
[ 42.573683][ T896] ? process_one_work+0x15e0/0x15e0
[ 42.578897][ T896] kthread+0x344/0x440
[ 42.582995][ T896] ? kthread_complete_and_exit+0x40/0x40
[ 42.588639][ T896] ret_from_fork+0x1f/0x30
[ 42.593095][ T896] </TASK>
[ 42.596131][ T896] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 42.603392][ T896] CPU: 0 PID: 896 Comm: kworker/0:2 Not tainted 6.4.0-rc3-syzkaller-00004-g421ca22e3138 #0
[ 42.613373][ T896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 42.623414][ T896] Workqueue: usb_hub_wq hub_event
[ 42.628460][ T896] Call Trace:
[ 42.631752][ T896] <TASK>
[ 42.634686][ T896] dump_stack_lvl+0xd9/0x150
[ 42.639278][ T896] panic+0x686/0x730
[ 42.643186][ T896] ? panic_smp_self_stop+0xa0/0xa0
[ 42.648315][ T896] ? show_trace_log_lvl+0x285/0x390
[ 42.653533][ T896] ? __flush_work+0x946/0xb60
[ 42.658207][ T896] check_panic_on_warn+0xb1/0xc0
[ 42.663148][ T896] __warn+0xf2/0x390
[ 42.667039][ T896] ? __flush_work+0x946/0xb60
[ 42.671712][ T896] report_bug+0x2da/0x500
[ 42.676080][ T896] handle_bug+0x3c/0x70
[ 42.680225][ T896] exc_invalid_op+0x18/0x50
[ 42.684719][ T896] asm_exc_invalid_op+0x1a/0x20
[ 42.689565][ T896] RIP: 0010:__flush_work+0x946/0xb60
[ 42.694856][ T896] Code: 00 48 c7 c6 9b f7 53 81 48 c7 c7 40 90 79 8c e8 d0 ec 11 00 e9 6f fc ff ff e8 06 4b 30 00 0f 0b e9 63 fc ff ff e8 fa 4a 30 00 <0f> 0b 45 31 ed e9 54 fc ff ff e8 db 14 83 00 e9 3e fb ff ff e8 e1
[ 42.714647][ T896] RSP: 0018:ffffc9000514ec08 EFLAGS: 00010293
[ 42.720718][ T896] RAX: 0000000000000000 RBX: ffff88807d10e0e8 RCX: 0000000000000000
[ 42.728687][ T896] RDX: ffff88801f565940 RSI: ffffffff8153f7d6 RDI: 0000000000000001
[ 42.736652][ T896] RBP: ffffc9000514eda0 R08: 0000000000000001 R09: 0000000000000000
[ 42.744617][ T896] R10: 0000000000000001 R11: ffffffff81d6e472 R12: ffff88807d10e0e8
[ 42.752585][ T896] R13: 0000000000000001 R14: 0000000000000001 R15: ffff88807d10e100
[ 42.760552][ T896] ? __kasan_kmalloc+0xa2/0xb0
[ 42.765337][ T896] ? __flush_work+0x946/0xb60
[ 42.770022][ T896] ? __flush_work+0x946/0xb60
[ 42.774694][ T896] ? lockdep_hardirqs_on+0x7d/0x100
[ 42.779928][ T896] ? print_usage_bug.part.0+0x660/0x660
[ 42.785468][ T896] ? mod_delayed_work_on+0x220/0x220
[ 42.790760][ T896] ? kasan_save_stack+0x32/0x40
[ 42.795606][ T896] ? kasan_save_stack+0x22/0x40
[ 42.800452][ T896] ? kasan_set_track+0x25/0x30
[ 42.806790][ T896] ? __kasan_kmalloc+0xa2/0xb0
[ 42.811549][ T896] ? smsusb_init_device+0xa7/0xd20
[ 42.816661][ T896] ? smsusb_probe+0x5b9/0x10b0
[ 42.821454][ T896] ? usb_probe_interface+0x30f/0x960
[ 42.826733][ T896] ? really_probe+0x240/0xca0
[ 42.831413][ T896] ? __driver_probe_device+0x1df/0x4b0
[ 42.836868][ T896] ? driver_probe_device+0x4c/0x1a0
[ 42.842060][ T896] ? __device_attach_driver+0x1d4/0x2e0
[ 42.847604][ T896] ? bus_for_each_drv+0x149/0x1d0
[ 42.852625][ T896] ? __device_attach+0x1e4/0x4b0
[ 42.857562][ T896] ? mark_held_locks+0x9f/0xe0
[ 42.862333][ T896] __cancel_work_timer+0x3f9/0x570
[ 42.867446][ T896] ? work_on_cpu_safe+0xa0/0xa0
[ 42.872305][ T896] smsusb_term_device+0xef/0x300
[ 42.877250][ T896] smsusb_init_device+0xb70/0xd20
[ 42.882280][ T896] ? smsusb_disconnect+0x20/0x20
[ 42.887233][ T896] smsusb_probe+0x5b9/0x10b0
[ 42.891856][ T896] ? smsusb_init_device+0xd20/0xd20
[ 42.897051][ T896] ? mark_held_locks+0x9f/0xe0
[ 42.901814][ T896] ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 42.907618][ T896] ? lockdep_hardirqs_on+0x7d/0x100
[ 42.912811][ T896] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 42.918700][ T896] ? __pm_runtime_set_status+0x442/0xd90
[ 42.924339][ T896] usb_probe_interface+0x30f/0x960
[ 42.929454][ T896] ? usb_match_dynamic_id+0x1a0/0x1a0
[ 42.934831][ T896] really_probe+0x240/0xca0
[ 42.939339][ T896] __driver_probe_device+0x1df/0x4b0
[ 42.944624][ T896] ? usb_match_id.part.0+0x163/0x1b0
[ 42.949906][ T896] driver_probe_device+0x4c/0x1a0
[ 42.954959][ T896] __device_attach_driver+0x1d4/0x2e0
[ 42.960330][ T896] bus_for_each_drv+0x149/0x1d0
[ 42.965177][ T896] ? driver_probe_device+0x1a0/0x1a0
[ 42.970461][ T896] ? bus_for_each_dev+0x1c0/0x1c0
[ 42.975486][ T896] ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 42.981313][ T896] ? lockdep_hardirqs_on+0x7d/0x100
[ 42.986530][ T896] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 42.992334][ T896] __device_attach+0x1e4/0x4b0
[ 42.997100][ T896] ? device_driver_attach+0x210/0x210
[ 43.002473][ T896] ? do_raw_spin_unlock+0x175/0x230
[ 43.007678][ T896] bus_probe_device+0x17c/0x1c0
[ 43.012534][ T896] device_add+0x112d/0x1a40
[ 43.017039][ T896] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270
[ 43.023890][ T896] usb_set_configuration+0x1196/0x1bc0
[ 43.029355][ T896] usb_generic_driver_probe+0xcf/0x130
[ 43.034809][ T896] usb_probe_device+0xd8/0x2c0
[ 43.039572][ T896] ? usb_driver_release_interface+0x190/0x190
[ 43.045636][ T896] really_probe+0x240/0xca0
[ 43.050229][ T896] __driver_probe_device+0x1df/0x4b0
[ 43.055603][ T896] driver_probe_device+0x4c/0x1a0
[ 43.060637][ T896] __device_attach_driver+0x1d4/0x2e0
[ 43.066025][ T896] bus_for_each_drv+0x149/0x1d0
[ 43.070883][ T896] ? driver_probe_device+0x1a0/0x1a0
[ 43.076165][ T896] ? bus_for_each_dev+0x1c0/0x1c0
[ 43.081293][ T896] ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 43.087252][ T896] ? lockdep_hardirqs_on+0x7d/0x100
[ 43.092461][ T896] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 43.098265][ T896] __device_attach+0x1e4/0x4b0
[ 43.103055][ T896] ? device_driver_attach+0x210/0x210
[ 43.108518][ T896] ? do_raw_spin_unlock+0x175/0x230
[ 43.113721][ T896] bus_probe_device+0x17c/0x1c0
[ 43.118571][ T896] device_add+0x112d/0x1a40
[ 43.123368][ T896] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270
[ 43.130300][ T896] ? add_device_randomness+0xb8/0xe0
[ 43.135759][ T896] usb_new_device+0xcb2/0x19d0
[ 43.140608][ T896] ? hub_disconnect+0x520/0x520
[ 43.145647][ T896] ? _raw_spin_unlock_irq+0x23/0x50
[ 43.150965][ T896] hub_event+0x2d9e/0x4e40
[ 43.155410][ T896] ? hub_port_debounce+0x3b0/0x3b0
[ 43.160540][ T896] ? lock_sync+0x190/0x190
[ 43.164971][ T896] ? lock_downgrade+0x690/0x690
[ 43.169825][ T896] ? do_raw_spin_lock+0x124/0x2b0
[ 43.174851][ T896] ? _raw_spin_unlock_irq+0x23/0x50
[ 43.180221][ T896] process_one_work+0x99a/0x15e0
[ 43.185159][ T896] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 43.190601][ T896] ? spin_bug+0x1c0/0x1c0
[ 43.195036][ T896] ? _raw_spin_lock_irq+0x45/0x50
[ 43.200239][ T896] worker_thread+0x67d/0x10c0
[ 43.205024][ T896] ? process_one_work+0x15e0/0x15e0
[ 43.210239][ T896] kthread+0x344/0x440
[ 43.214300][ T896] ? kthread_complete_and_exit+0x40/0x40
[ 43.219927][ T896] ret_from_fork+0x1f/0x30
[ 43.224369][ T896] </TASK>
[ 43.228183][ T896] Kernel Offset: disabled
[ 43.232580][ T896] Rebooting in 86400 seconds..