last executing test programs: 2.878559727s ago: executing program 0 (id=12559): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f0000000000)={0x4}) 2.507161655s ago: executing program 0 (id=12563): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7fff, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0cc5605, &(0x7f0000000200)={0x1, @pix_mp={0x0, 0x0, 0x55595659}}) 2.322431147s ago: executing program 0 (id=12566): r0 = socket$inet(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000400)={'wlan0\x00', &(0x7f0000000380)=@ethtool_channels={0x26}}) 2.114382962s ago: executing program 0 (id=12571): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000380)=0x1000, 0x4) 2.04364631s ago: executing program 3 (id=12573): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000006800010000000000020000000200000000000000040008"], 0x24}}, 0x0) 1.914010263s ago: executing program 3 (id=12576): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7fff, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0cc5605, &(0x7f0000000200)={0x1, @pix_mp={0x0, 0x0, 0x32315241}}) 1.822403226s ago: executing program 3 (id=12577): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7fff, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0cc5605, &(0x7f0000000200)={0x1, @pix_mp={0x0, 0x0, 0x55595659}}) 1.81874118s ago: executing program 0 (id=12578): r0 = openat$sysctl(0xffffff9c, &(0x7f0000000680)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) fstatfs(r0, &(0x7f00000006c0)=""/209) 1.67996967s ago: executing program 3 (id=12581): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x10, 0x0, &(0x7f00000002c0)=[@request_death={0x400c6313}], 0x0, 0x0, 0x0}) 1.464112907s ago: executing program 0 (id=12586): socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x2d, &(0x7f0000000e80)={{0x12, 0x1, 0x0, 0x6f, 0xb6, 0x84, 0x40, 0x1de1, 0xc102, 0x7d08, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x43, 0xda, 0x91}}, {{0x9, 0x4, 0xb3, 0x0, 0x0, 0x57, 0xd4, 0x7d}}]}}]}}, 0x0) 1.376645828s ago: executing program 3 (id=12589): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000380)=0x1000, 0x4) 1.206961012s ago: executing program 4 (id=12592): syz_emit_vhci(&(0x7f0000000780)=ANY=[@ANYBLOB="040e04015b0c", @ANYRES64], 0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 1.177737705s ago: executing program 3 (id=12594): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000090400206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000100)={0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="00000c000000070001da"], 0x0, 0x0, 0x0}, 0x0) 1.130263178s ago: executing program 1 (id=12596): r0 = memfd_create(&(0x7f0000004480)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\xb9\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\x01\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00#\x00d\x1d\x06sNE4{\xdev\f\xbe\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xc1pI[\x1c\x00\x00\x00\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb8 /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 828.717945][ T8] usbhid 4-1:0.0: can't add hid device: -71 [ 828.723899][ T30] task:syz.4.9566 state:D stack:26816 pid:25381 tgid:25379 ppid:5251 flags:0x20000004 [ 828.723976][ T30] Call Trace: [ 828.723987][ T30] [ 828.724005][ T30] __schedule+0x1895/0x4b30 [ 828.724069][ T30] ? __pfx___schedule+0x10/0x10 [ 828.724108][ T30] ? __pfx_lock_release+0x10/0x10 [ 828.724143][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 828.724180][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 828.724212][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 828.724249][ T30] ? schedule+0x90/0x320 [ 828.724282][ T30] schedule+0x14b/0x320 [ 828.724318][ T30] schedule_preempt_disabled+0x13/0x30 [ 828.724350][ T30] rwsem_down_write_slowpath+0xeee/0x13b0 [ 828.724380][ T30] ? rwsem_down_write_slowpath+0xa09/0x13b0 [ 828.761118][ T8] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 828.762465][ T30] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 828.809760][ T8] usb 4-1: USB disconnect, device number 75 [ 828.813309][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 828.830620][ T30] down_write+0x1d7/0x220 [ 828.835031][ T30] ? __pfx_down_write+0x10/0x10 [ 828.840015][ T30] ? __pfx___might_resched+0x10/0x10 [ 828.845570][ T30] blkdev_fallocate+0x20e/0x490 [ 828.850588][ T30] vfs_fallocate+0x569/0x6e0 [ 828.855233][ T30] __se_compat_sys_ioctl+0x9c3/0xc90 [ 828.860649][ T30] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 828.866539][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 828.872693][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 828.879164][ T30] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 828.885827][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 828.887377][ T937] m920x_read = error: -19 [ 828.891102][ T30] __do_fast_syscall_32+0xb4/0x110 [ 828.891135][ T30] ? exc_page_fault+0x590/0x8c0 [ 828.891175][ T30] do_fast_syscall_32+0x34/0x80 [ 828.891201][ T30] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 828.891229][ T30] RIP: 0023:0xf745d579 [ 828.891252][ T30] RSP: 002b:00000000f574656c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 828.891282][ T30] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000402c5839 [ 828.891302][ T30] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 828.891319][ T30] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 828.954093][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 828.960110][ T937] dvb-usb: error -19 while querying for an remote control event. [ 828.962275][ T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 828.977910][ T30] [ 828.981070][ T30] [ 828.981070][ T30] Showing all locks held in the system: [ 828.989084][ T30] 3 locks held by kworker/0:0/8: [ 828.994057][ T30] #0: ffff888143af6548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 829.005717][ T30] #1: ffffc900000d7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 829.017730][ T30] #2: ffff888028a0f190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 829.027057][ T30] 1 lock held by khungtaskd/30: [ 829.032114][ T30] #0: ffffffff8e937e20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 829.042252][ T30] 2 locks held by kworker/u8:2/35: [ 829.047398][ T30] #0: ffff8880b863ea98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 829.057593][ T30] #1: ffffc90000ab7d00 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 829.070315][ T30] 2 locks held by getty/4984: [ 829.075033][ T30] #0: ffff8880329490a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 829.084954][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 829.095199][ T30] 2 locks held by kworker/u8:9/22009: [ 829.100779][ T30] 1 lock held by syz.2.9169/24552: [ 829.106025][ T30] 1 lock held by syz.4.9566/25381: [ 829.111639][ T30] #0: ffff888148c870c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x20e/0x490 [ 829.122765][ T30] [ 829.125134][ T30] ============================================= [ 829.125134][ T30] [ 829.135768][ T30] NMI backtrace for cpu 0 [ 829.140148][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 829.150671][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 829.160727][ T30] Call Trace: [ 829.164002][ T30] [ 829.166932][ T30] dump_stack_lvl+0x241/0x360 [ 829.171612][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 829.176811][ T30] ? __pfx__printk+0x10/0x10 [ 829.181410][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 829.186350][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 829.191826][ T30] ? _printk+0xd5/0x120 [ 829.196012][ T30] ? __pfx__printk+0x10/0x10 [ 829.200634][ T30] ? __wake_up_klogd+0xcc/0x110 [ 829.205511][ T30] ? __pfx__printk+0x10/0x10 [ 829.210099][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 829.215126][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 829.221109][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 829.227088][ T30] watchdog+0xff4/0x1040 [ 829.231347][ T30] ? watchdog+0x1ea/0x1040 [ 829.235788][ T30] ? __pfx_watchdog+0x10/0x10 [ 829.240492][ T30] kthread+0x2f0/0x390 [ 829.244584][ T30] ? __pfx_watchdog+0x10/0x10 [ 829.249274][ T30] ? __pfx_kthread+0x10/0x10 [ 829.253876][ T30] ret_from_fork+0x4b/0x80 [ 829.258309][ T30] ? __pfx_kthread+0x10/0x10 [ 829.262909][ T30] ret_from_fork_asm+0x1a/0x30 [ 829.267700][ T30] [ 829.271668][ T30] Sending NMI from CPU 0 to CPUs 1: [ 829.276923][ C1] NMI backtrace for cpu 1 [ 829.276939][ C1] CPU: 1 UID: 0 PID: 35 Comm: kworker/u8:2 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 829.276959][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 829.276970][ C1] Workqueue: bat_events batadv_nc_worker [ 829.276994][ C1] RIP: 0010:lock_release+0x315/0xa30 [ 829.277018][ C1] Code: e0 ff 42 0f b6 04 3b 84 c0 0f 85 63 05 00 00 45 89 2c 24 41 81 fd ff ff 1f 00 0f 87 c0 02 00 00 48 8b 44 24 48 42 0f b6 04 38 <84> c0 0f 85 18 05 00 00 89 16 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 [ 829.277032][ C1] RSP: 0018:ffffc90000ab79a0 EFLAGS: 00000087 [ 829.277047][ C1] RAX: 0000000000000000 RBX: 1ffff11003b5452a RCX: ffffc90000ab7a03 [ 829.277059][ C1] RDX: 0000000000000002 RSI: ffff88801daa28d8 RDI: ffff88801daa2930 [ 829.277070][ C1] RBP: ffffc90000ab7ad8 R08: ffffffff901cfeaf R09: 1ffffffff2039fd5 [ 829.277083][ C1] R10: dffffc0000000000 R11: fffffbfff2039fd6 R12: ffff88801daa2950 [ 829.277095][ C1] R13: 0000000000020022 R14: ffff88801daa2930 R15: dffffc0000000000 [ 829.277107][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 829.277122][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 829.277134][ C1] CR2: 00000000f7f555b8 CR3: 000000006118c000 CR4: 00000000003526f0 [ 829.277150][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 829.277161][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 829.277172][ C1] Call Trace: [ 829.277179][ C1] [ 829.277186][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 829.277206][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 829.277228][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 829.277252][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 829.277271][ C1] ? nmi_handle+0x14f/0x5a0 [ 829.277287][ C1] ? nmi_handle+0x2a/0x5a0 [ 829.277304][ C1] ? lock_release+0x315/0xa30 [ 829.277324][ C1] ? default_do_nmi+0x63/0x160 [ 829.277343][ C1] ? exc_nmi+0x123/0x1f0 [ 829.277362][ C1] ? end_repeat_nmi+0xf/0x53 [ 829.277381][ C1] ? lock_release+0x315/0xa30 [ 829.277401][ C1] ? lock_release+0x315/0xa30 [ 829.277422][ C1] ? lock_release+0x315/0xa30 [ 829.277443][ C1] [ 829.277449][ C1] [ 829.277456][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 829.277477][ C1] ? batadv_nc_process_nc_paths+0xb5/0x3a0 [ 829.277498][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 829.277517][ C1] ? __pfx_lock_release+0x10/0x10 [ 829.277537][ C1] ? batadv_nc_purge_paths+0x312/0x3b0 [ 829.277559][ C1] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 829.277579][ C1] ? __pfx_batadv_nc_to_purge_nc_path_decoding+0x10/0x10 [ 829.277603][ C1] ? __pfx_batadv_nc_fwd_flush+0x10/0x10 [ 829.277623][ C1] batadv_nc_process_nc_paths+0x2f0/0x3a0 [ 829.277646][ C1] ? batadv_nc_process_nc_paths+0xb5/0x3a0 [ 829.277667][ C1] batadv_nc_worker+0x42a/0x610 [ 829.277688][ C1] ? process_scheduled_works+0x976/0x1850 [ 829.277709][ C1] process_scheduled_works+0xa63/0x1850 [ 829.277738][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 829.277760][ C1] ? assign_work+0x364/0x3d0 [ 829.277780][ C1] worker_thread+0x870/0xd30 [ 829.277805][ C1] ? __kthread_parkme+0x169/0x1d0 [ 829.277833][ C1] ? __pfx_worker_thread+0x10/0x10 [ 829.277853][ C1] kthread+0x2f0/0x390 [ 829.277868][ C1] ? __pfx_worker_thread+0x10/0x10 [ 829.277888][ C1] ? __pfx_kthread+0x10/0x10 [ 829.277903][ C1] ret_from_fork+0x4b/0x80 [ 829.277923][ C1] ? __pfx_kthread+0x10/0x10 [ 829.277938][ C1] ret_from_fork_asm+0x1a/0x30 [ 829.277964][ C1] [ 829.279190][ T937] m920x_read = error: -19 [ 829.326336][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 829.326358][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0 [ 829.326382][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 829.326394][ T30] Call Trace: [ 829.326403][ T30] [ 829.326413][ T30] dump_stack_lvl+0x241/0x360 [ 829.326440][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 829.326462][ T30] ? __pfx__printk+0x10/0x10 [ 829.326488][ T30] ? vscnprintf+0x5d/0x90 [ 829.326514][ T30] panic+0x349/0x880 [ 829.326536][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 829.326561][ T30] ? __pfx_panic+0x10/0x10 [ 829.326579][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 829.326602][ T30] ? __irq_work_queue_local+0x137/0x410 [ 829.326628][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 829.326649][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 829.326672][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 829.326698][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 829.326725][ T30] watchdog+0x1033/0x1040 [ 829.326751][ T30] ? watchdog+0x1ea/0x1040 [ 829.326780][ T30] ? __pfx_watchdog+0x10/0x10 [ 829.326805][ T30] kthread+0x2f0/0x390 [ 829.326831][ T30] ? __pfx_watchdog+0x10/0x10 [ 829.326855][ T30] ? __pfx_kthread+0x10/0x10 [ 829.326875][ T30] ret_from_fork+0x4b/0x80 [ 829.326901][ T30] ? __pfx_kthread+0x10/0x10 [ 829.326921][ T30] ret_from_fork_asm+0x1a/0x30 [ 829.326959][ T30] [ 829.334515][ T30] Kernel Offset: disabled