Extracting prog: 30m29.513095097s
Minimizing prog: 4h1m18.417953834s
Simplifying prog options: 16m42.890687893s
Extracting C: 5m17.791152682s
Simplifying C: 0s


extracting reproducer from 30 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_open_dev$dri-openat$full-close_range-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD-ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE-semget$private-bpf$BPF_RAW_TRACEPOINT_OPEN-userfaultfd-ioctl$UFFDIO_API-mprotect-ioctl$UFFDIO_COPY-semtimedop-semctl$GETALL-ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x61900, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close_range(r1, r4, 0x2)
r6 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000540)={0x0, 0x0, 0x0, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000400)={r7, 0x0, 0x0, 0x0, 0x0, [<r8=>0x0], [0x0, 0x0, 0xf], [0x1000], [0x0, 0x0, 0x0, 0xffffffffffffffff]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000100)={r8})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000180)={<r9=>0x0, 0x0, r6})
r10 = semget$private(0x0, 0x207, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r11 = userfaultfd(0x1)
ioctl$UFFDIO_API(r11, 0xc018aa3f, &(0x7f00000000c0))
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$UFFDIO_COPY(r11, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
semtimedop(r10, &(0x7f00000002c0)=[{}, {0x0, 0xff78}], 0x2, 0x0)
semctl$GETALL(r10, 0x0, 0xd, &(0x7f0000000040)=""/119)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r6, 0xc00c642d, &(0x7f00000001c0)={r9})

program did not crash
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sndmidi-dup-write$6lowpan_enable-mkdirat-prlimit64-sched_setscheduler-getpid-sched_setaffinity-socket$nl_route-sendmsg$nl_route-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-sched_setaffinity-recvmmsg-mount$overlay-mkdir-bpf$PROG_LOAD-bpf$PROG_BIND_MAP-socket$inet6-setsockopt$inet6_mreq-socket$nl_netfilter-sendmsg$IPCTNL_MSG_EXP_GET-close-syz_open_dev$I2C
detailed listing:
executing program 0:
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newlink={0x40, 0x10, 0x44b, 0x0, 0x25dfdbfc, {0x7a}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000041}, 0x4)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x4, &(0x7f0000000380)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r6}, 0xc)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r7, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r8, 0x0, 0x40)
close(r7)
syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-prlimit64-ioctl$AUTOFS_DEV_IOCTL_TIMEOUT-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_GET_WIPHY-madvise-prctl$PR_SCHED_CORE-openat$sequencer-syz_open_dev$sndmidi-openat$fb0-syz_usb_connect$printer-syz_usb_control_io$printer-syz_open_dev$char_usb-writev-madvise-socket$inet-sendmsg$SEG6_CMD_SETHMAC-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-rt_sigaction-fallocate-sendmsg$inet-mincore
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x30dd3000)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x5}}, './file0\x00'})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x50000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYRES32=r1, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x1)
madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xaf64bfc1a3eb71e9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x101040, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141082)
openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x240000, 0x0)
r3 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000402505a8a440000102030109021b00010100c00009040000020701010009050102"], 0x0)
syz_usb_control_io$printer(r3, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}})
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r2, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
r5 = socket$inet(0x2, 0x2, 0x1)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRES8=r4, @ANYRES16=r1, @ANYRES16=r4], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440))
fallocate(0xffffffffffffffff, 0x0, 0x400000000000000, 0x2)
sendmsg$inet(r5, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @private=0xa010100}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000140)='\b\x00', 0x2}, {&(0x7f0000000180)="2d0000008058", 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000000)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r3})
r4 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r5=>0x0)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r5, r6, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r4, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r4, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program crashed: INFO: task hung in kernfs_add_one
single: successfully extracted reproducer
found reproducer with 13 syscalls
minimizing guilty program
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r3})
r4 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r5=>0x0)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r5, r6, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r4, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r3})
r4 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r5=>0x0)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r5, r6, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r4, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r3})
r4 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
syz_usb_control_io(r4, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r4, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r3})
r4 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r5=>0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r5, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r4, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r4, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r3})
r4 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r5, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r4, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r4, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r3})
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r4=>0x0)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r4, r5, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
r3 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r4=>0x0)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r4, r5, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r3, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000001c0)={0x0})
r3 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r4=>0x0)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r4, r5, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r3, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r2})
r3 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r4=>0x0)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r4, r5, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r3, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r2})
r3 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r4=>0x0)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r4, r5, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r3, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-shutdown-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r2})
r3 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r4=>0x0)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r4, r5, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r3, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r3})
r4 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r5=>0x0)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r5, r6, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r4, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r4, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={<r0=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={r0, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r2})
r3 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r4=>0x0)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r4, r5, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r3, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program crashed: INFO: task hung in corrupted
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000180))
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r3=>0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, r4, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={<r0=>0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={r0, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r2})
r3 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r4=>0x0)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r4, r5, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r3, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={<r0=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={r0, @in={{0x2, 0x4e24, @empty}}, 0x100000, 0x5, 0x0, 0x1f4, 0x2d, 0xfffffffc, 0x81}, 0x9c)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r2})
r3 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r4=>0x0)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r4, r5, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r3, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r3=>0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, r4, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r3=>0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, r4, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0})
r1 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r2=>0x0)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r2, r3, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r1, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0})
r1 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r2=>0x0)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r2, r3, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r1, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, 0x0)
r1 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r2=>0x0)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r2, r3, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r1, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r3=>0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, r4, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r3=>0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, r4, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r3, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r3=>0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, r4, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r3=>0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, r4, 0x0, 0xf, &(0x7f0000000280)='/dev/dri/card#\x00'}, 0x30)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r3=>0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, r4, 0x0, 0x0, 0x0}, 0x30)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program crashed: INFO: task hung in kernfs_add_one
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r3=>0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, r4, 0x0, 0x0, 0x0}, 0x30)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r3=>0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, r4, 0x0, 0x0, 0x0}, 0x30)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r3=>0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, r4, 0x0, 0x0, 0x0}, 0x30)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, 0x0)

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r3=>0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, r4, 0x0, 0x0, 0x0}, 0x30)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
extracting C reproducer
testing compiled C program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=7m21.667551852s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r3=>0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, r4, 0x0, 0x0, 0x0}, 0x30)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=7m21.667551852s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): shutdown-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-syz_usb_connect-ioctl$sock_SIOCGPGRP-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$BPF_TASK_FD_QUERY-syz_usb_control_io-syz_usb_control_io
detailed listing:
executing program 0:
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r1})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r3=>0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='cma_release\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, r4, 0x0, 0x0, 0x0}, 0x30)
syz_usb_control_io(r2, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000780)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

program did not crash
reproducing took 4h53m48.61290635s
repro crashed as (corrupted=false):
INFO: task kworker/0:0:9 blocked for more than 158 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:0     state:D stack:24808 pid:9     tgid:9     ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_add_one+0x38/0x840 fs/kernfs/dir.c:791
 kernfs_create_dir_ns+0xfc/0x1a0 fs/kernfs/dir.c:1091
 sysfs_create_dir_ns+0x13a/0x2b0 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x2c4/0x9b0 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_add+0x16e/0x240 lib/kobject.c:426
 device_add+0x288/0x1a70 drivers/base/core.c:3630
 usb_new_device+0xd07/0x1a20 drivers/usb/core/hub.c:2663
 hub_port_connect drivers/usb/core/hub.c:5531 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5671 [inline]
 port_event drivers/usb/core/hub.c:5831 [inline]
 hub_event+0x2eb7/0x4fa0 drivers/usb/core/hub.c:5913
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task kworker/u8:7:3659 blocked for more than 172 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:7    state:D
 stack:23272 pid:3659  tgid:3659  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_dad_work

Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:746
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 addrconf_dad_work+0x120/0x14e0 net/ipv6/addrconf.c:4195
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task dhcpcd:5478 blocked for more than 173 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:dhcpcd          state:D
 stack:23144 pid:5478  tgid:5478  ppid:5477   task_flags:0x400140 flags:0x00000002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:746
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 devinet_ioctl+0x26d/0x1f50 net/ipv4/devinet.c:1121
 inet_ioctl+0x3a7/0x3f0 net/ipv4/af_inet.c:1001
 sock_do_ioctl+0x115/0x280 net/socket.c:1190
 sock_ioctl+0x227/0x6b0 net/socket.c:1311
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl fs/ioctl.c:892 [inline]
 __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0e6b6a6d49
RSP: 002b:00007ffd54285f38 EFLAGS: 00000246
 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f0e6b5d86c0 RCX: 00007f0e6b6a6d49
RDX: 00007ffd54296128 RSI: 0000000000008914 RDI: 000000000000001c
RBP: 00007ffd542a62e8 R08: 00007ffd542960e8 R09: 00007ffd54296098
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd54296128 R14: 0000000000000028 R15: 0000000000008914
 </TASK>
INFO: task kworker/0:4:6028 blocked for more than 173 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:4     state:D
 stack:24664 pid:6028  tgid:6028  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: usb_hub_wq hub_event

Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_add_one+0x38/0x840 fs/kernfs/dir.c:791
 kernfs_create_dir_ns+0xfc/0x1a0 fs/kernfs/dir.c:1091
 sysfs_create_dir_ns+0x13a/0x2b0 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x2c4/0x9b0 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_add+0x16e/0x240 lib/kobject.c:426
 device_add+0x288/0x1a70 drivers/base/core.c:3630
 usb_new_device+0xd07/0x1a20 drivers/usb/core/hub.c:2663
 hub_port_connect drivers/usb/core/hub.c:5531 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5671 [inline]
 port_event drivers/usb/core/hub.c:5831 [inline]
 hub_event+0x2eb7/0x4fa0 drivers/usb/core/hub.c:5913
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task kworker/u8:6:6051 blocked for more than 174 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:6    state:D
 stack:23144 pid:6051  tgid:6051  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: events_unbound linkwatch_event

Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:746
 linkwatch_event+0x51/0xc0 net/core/link_watch.c:303
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task syz.9.224:6713 blocked for more than 175 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.9.224       state:D
 stack:28344 pid:6713  tgid:6713  ppid:6488   task_flags:0x400040 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_remove_by_name_ns+0x3d/0x110 fs/kernfs/dir.c:1709
 sysfs_remove_file include/linux/sysfs.h:794 [inline]
 driver_remove_file drivers/base/driver.c:201 [inline]
 driver_remove_file+0x4a/0x60 drivers/base/driver.c:197
 remove_bind_files drivers/base/bus.c:605 [inline]
 bus_remove_driver+0x224/0x2c0 drivers/base/bus.c:743
 driver_unregister+0x76/0xb0 drivers/base/driver.c:277
 usb_gadget_unregister_driver+0x49/0x70 drivers/usb/gadget/udc/core.c:1732
 raw_release+0x1ae/0x2b0 drivers/usb/gadget/legacy/raw_gadget.c:462
 __fput+0x3ff/0xb70 fs/file_table.c:465
 task_work_run+0x14d/0x240 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x260 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc43278e969
RSP: 002b:00007ffd04293a38 EFLAGS: 00000246
 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 000000000008cb7b RCX: 00007fc43278e969
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007fc4329b7ba0 R08: 0000000000000001 R09: 0000000c04293d2f
R10: 00007fc432600000 R11: 0000000000000246 R12: 00007fc4329b5fac
R13: 00007fc4329b5fa0 R14: ffffffffffffffff R15: 00007ffd04293b50
 </TASK>
INFO: task syz.6.225:6716 blocked for more than 175 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.225       state:D
 stack:27560 pid:6716  tgid:6715  ppid:6480   task_flags:0x40054c flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_remove_by_name_ns+0x3d/0x110 fs/kernfs/dir.c:1709
 sysfs_remove_file include/linux/sysfs.h:794 [inline]
 driver_remove_file drivers/base/driver.c:201 [inline]
 driver_remove_file+0x4a/0x60 drivers/base/driver.c:197
 remove_bind_files drivers/base/bus.c:605 [inline]
 bus_remove_driver+0x224/0x2c0 drivers/base/bus.c:743
 driver_unregister+0x76/0xb0 drivers/base/driver.c:277
 usb_gadget_unregister_driver+0x49/0x70 drivers/usb/gadget/udc/core.c:1732
 raw_release+0x1ae/0x2b0 drivers/usb/gadget/legacy/raw_gadget.c:462
 __fput+0x3ff/0xb70 fs/file_table.c:465
 task_work_run+0x14d/0x240 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xafb/0x2c30 kernel/exit.c:953
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1102
 get_signal+0x2673/0x26d0 kernel/signal.c:3034
 arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x260 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe36df8e56b
RSP: 002b:00007fe36ee1bf10 EFLAGS: 00000246
 ORIG_RAX: 0000000000000010
RAX: fffffffffffffffc RBX: 0000000000000004 RCX: 00007fe36df8e56b
RDX: 00007fe36ee1cfe0 RSI: 0000000080085502 RDI: 0000000000000004
RBP: 00007fe36ee1cfe0 R08: 0000000000000080 R09: 00007fe36ee1bfd8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
R13: 0000000800000000 R14: 0000000000000008 R15: 00007fe36e01ba1e
 </TASK>
INFO: task syz.5.227:6719 blocked for more than 176 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.227       state:D
 stack:27608 pid:6719  tgid:6717  ppid:6477   task_flags:0x40054c flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_remove_by_name_ns+0x3d/0x110 fs/kernfs/dir.c:1709
 sysfs_remove_file include/linux/sysfs.h:794 [inline]
 driver_remove_file drivers/base/driver.c:201 [inline]
 driver_remove_file+0x4a/0x60 drivers/base/driver.c:197
 remove_bind_files drivers/base/bus.c:605 [inline]
 bus_remove_driver+0x224/0x2c0 drivers/base/bus.c:743
 driver_unregister+0x76/0xb0 drivers/base/driver.c:277
 usb_gadget_unregister_driver+0x49/0x70 drivers/usb/gadget/udc/core.c:1732
 raw_release+0x1ae/0x2b0 drivers/usb/gadget/legacy/raw_gadget.c:462
 __fput+0x3ff/0xb70 fs/file_table.c:465
 task_work_run+0x14d/0x240 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xafb/0x2c30 kernel/exit.c:953
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1102
 get_signal+0x2673/0x26d0 kernel/signal.c:3034
 arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x260 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe91218e56b
RSP: 002b:00007fe9130aff10 EFLAGS: 00000246
 ORIG_RAX: 0000000000000010
RAX: fffffffffffffffc RBX: 0000000000000004 RCX: 00007fe91218e56b
RDX: 00007fe9130b0fe0 RSI: 0000000080085502 RDI: 0000000000000004
RBP: 00007fe9130b0fe0 R08: 0000000000000080 R09: 00007fe9130affd8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
R13: 0000000800000000 R14: 0000000000000008 R15: 00007fe91221ba1e
 </TASK>
INFO: task syz.7.226:6723 blocked for more than 177 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.7.226       state:D
 stack:27608 pid:6723  tgid:6720  ppid:6483   task_flags:0x40044c flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_remove_by_name_ns+0x3d/0x110 fs/kernfs/dir.c:1709
 sysfs_remove_file include/linux/sysfs.h:794 [inline]
 driver_remove_file drivers/base/driver.c:201 [inline]
 driver_remove_file+0x4a/0x60 drivers/base/driver.c:197
 remove_bind_files drivers/base/bus.c:605 [inline]
 bus_remove_driver+0x224/0x2c0 drivers/base/bus.c:743
 driver_unregister+0x76/0xb0 drivers/base/driver.c:277
 usb_gadget_unregister_driver+0x49/0x70 drivers/usb/gadget/udc/core.c:1732
 raw_release+0x1ae/0x2b0 drivers/usb/gadget/legacy/raw_gadget.c:462
 __fput+0x3ff/0xb70 fs/file_table.c:465
 task_work_run+0x14d/0x240 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xafb/0x2c30 kernel/exit.c:953
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1102
 get_signal+0x2673/0x26d0 kernel/signal.c:3034
 arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x260 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f557318e969
RSP: 002b:00007f5573f9c0e8 EFLAGS: 00000246
 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f55733b6168 RCX: 00007f557318e969
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f55733b6168
RBP: 00007f55733b6160 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f55733b616c
R13: 0000000000000000 R14: 00007ffdb67dbb30 R15: 00007ffdb67dbc18
 </TASK>
INFO: task syz.8.228:6725 blocked for more than 177 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.8.228       state:D
 stack:28856 pid:6725  tgid:6724  ppid:6486   task_flags:0x400140 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_add_one+0x38/0x840 fs/kernfs/dir.c:791
 kernfs_create_dir_ns+0xfc/0x1a0 fs/kernfs/dir.c:1091
 sysfs_create_dir_ns+0x13a/0x2b0 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x2c4/0x9b0 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_init_and_add+0x11b/0x190 lib/kobject.c:457
 bus_add_driver+0x186/0x690 drivers/base/bus.c:671
 driver_register+0x15c/0x4b0 drivers/base/driver.c:249
 usb_gadget_register_driver_owner+0x132/0x330 drivers/usb/gadget/udc/core.c:1700
 raw_ioctl_run drivers/usb/gadget/legacy/raw_gadget.c:595 [inline]
 raw_ioctl+0x17d0/0x2c30 drivers/usb/gadget/legacy/raw_gadget.c:1306
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl fs/ioctl.c:892 [inline]
 __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f976458e56b
RSP: 002b:00007f97637fbf10 EFLAGS: 00000246
 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f976458e56b
RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
RBP: 00007f97637fcfe0 R08: 0000000000000000 R09: 00382e6364755f79
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f97637fbfb0 R14: 00002000000001c0 R15: 00007f97648e0320
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
INFO: task syz-executor:6728 blocked for more than 158 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D
 stack:28632 pid:6728  tgid:6728  ppid:1      task_flags:0x400040 flags:0x00000000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_add_one+0x38/0x840 fs/kernfs/dir.c:791
 kernfs_create_dir_ns+0xfc/0x1a0 fs/kernfs/dir.c:1091
 sysfs_create_dir_ns+0x13a/0x2b0 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x2c4/0x9b0 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_add+0x16e/0x240 lib/kobject.c:426
 device_add+0x288/0x1a70 drivers/base/core.c:3630
 hci_register_dev+0x328/0xc60 net/bluetooth/hci_core.c:2587
 __vhci_create_device+0x357/0x7f0 drivers/bluetooth/hci_vhci.c:429
 vhci_create_device drivers/bluetooth/hci_vhci.c:471 [inline]
 vhci_get_user drivers/bluetooth/hci_vhci.c:528 [inline]
 vhci_write+0x2c0/0x480 drivers/bluetooth/hci_vhci.c:608
 new_sync_write fs/read_write.c:591 [inline]
 vfs_write+0x5ba/0x1180 fs/read_write.c:684
 ksys_write+0x12a/0x240 fs/read_write.c:736
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f099838d3e0
RSP: 002b:00007ffde889a788 EFLAGS: 00000202
 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f099838d3e0
RDX: 0000000000000002 RSI: 00007ffde889a79a RDI: 00000000000000ca
RBP: 00007ffde889a880 R08: 0000000000000000 R09: 00007f09990ed6c0
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffde889a880
R13: 00007ffde889a888 R14: 0000000000000009 R15: 0000000000000000
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
INFO: task syz-executor:6729 blocked for more than 158 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D
 stack:28632 pid:6729  tgid:6729  ppid:1      task_flags:0x400040 flags:0x00000000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_add_one+0x38/0x840 fs/kernfs/dir.c:791
 kernfs_create_dir_ns+0xfc/0x1a0 fs/kernfs/dir.c:1091
 sysfs_create_dir_ns+0x13a/0x2b0 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x2c4/0x9b0 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_add+0x16e/0x240 lib/kobject.c:426
 device_add+0x288/0x1a70 drivers/base/core.c:3630
 hci_register_dev+0x328/0xc60 net/bluetooth/hci_core.c:2587
 __vhci_create_device+0x357/0x7f0 drivers/bluetooth/hci_vhci.c:429
 vhci_create_device drivers/bluetooth/hci_vhci.c:471 [inline]
 vhci_get_user drivers/bluetooth/hci_vhci.c:528 [inline]
 vhci_write+0x2c0/0x480 drivers/bluetooth/hci_vhci.c:608
 new_sync_write fs/read_write.c:591 [inline]
 vfs_write+0x5ba/0x1180 fs/read_write.c:684
 ksys_write+0x12a/0x240 fs/read_write.c:736
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f968278d3e0
RSP: 002b:00007ffdd7481308 EFLAGS: 00000202
 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f968278d3e0
RDX: 0000000000000002 RSI: 00007ffdd748131a RDI: 00000000000000ca
RBP: 00007ffdd7481400 R08: 0000000000000000 R09: 00007f96834ed6c0
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffdd7481400
R13: 00007ffdd7481408 R14: 0000000000000009 R15: 0000000000000000
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
INFO: task syz-executor:6732 blocked for more than 159 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D
 stack:28632 pid:6732  tgid:6732  ppid:1      task_flags:0x400040 flags:0x00000000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_add_one+0x38/0x840 fs/kernfs/dir.c:791
 kernfs_create_dir_ns+0xfc/0x1a0 fs/kernfs/dir.c:1091
 sysfs_create_dir_ns+0x13a/0x2b0 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x2c4/0x9b0 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_add+0x16e/0x240 lib/kobject.c:426
 device_add+0x288/0x1a70 drivers/base/core.c:3630
 hci_register_dev+0x328/0xc60 net/bluetooth/hci_core.c:2587
 __vhci_create_device+0x357/0x7f0 drivers/bluetooth/hci_vhci.c:429
 vhci_create_device drivers/bluetooth/hci_vhci.c:471 [inline]
 vhci_get_user drivers/bluetooth/hci_vhci.c:528 [inline]
 vhci_write+0x2c0/0x480 drivers/bluetooth/hci_vhci.c:608
 new_sync_write fs/read_write.c:591 [inline]
 vfs_write+0x5ba/0x1180 fs/read_write.c:684
 ksys_write+0x12a/0x240 fs/read_write.c:736
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbb01f8d3e0
RSP: 002b:00007ffcfc6444d8 EFLAGS: 00000202
 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbb01f8d3e0
RDX: 0000000000000002 RSI: 00007ffcfc6444ea RDI: 00000000000000ca
RBP: 00007ffcfc6445d0 R08: 0000000000000000 R09: 00007fbb02ced6c0
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffcfc6445d0
R13: 00007ffcfc6445d8 R14: 0000000000000009 R15: 0000000000000000
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
INFO: task syz-executor:6733 blocked for more than 160 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D
 stack:27976 pid:6733  tgid:6733  ppid:1      task_flags:0x400040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_add_one+0x38/0x840 fs/kernfs/dir.c:791
 kernfs_create_dir_ns+0xfc/0x1a0 fs/kernfs/dir.c:1091
 sysfs_create_dir_ns+0x13a/0x2b0 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x2c4/0x9b0 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_add+0x16e/0x240 lib/kobject.c:426
 device_add+0x288/0x1a70 drivers/base/core.c:3630
 hci_register_dev+0x328/0xc60 net/bluetooth/hci_core.c:2587
 __vhci_create_device+0x357/0x7f0 drivers/bluetooth/hci_vhci.c:429
 vhci_create_device drivers/bluetooth/hci_vhci.c:471 [inline]
 vhci_get_user drivers/bluetooth/hci_vhci.c:528 [inline]
 vhci_write+0x2c0/0x480 drivers/bluetooth/hci_vhci.c:608
 new_sync_write fs/read_write.c:591 [inline]
 vfs_write+0x5ba/0x1180 fs/read_write.c:684
 ksys_write+0x12a/0x240 fs/read_write.c:736
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5ccc58d3e0
RSP: 002b:00007ffd02e68908 EFLAGS: 00000202
 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5ccc58d3e0
RDX: 0000000000000002 RSI: 00007ffd02e6891a RDI: 00000000000000ca
RBP: 00007ffd02e68a00 R08: 0000000000000000 R09: 00007f5ccd2ed6c0
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffd02e68a00
R13: 00007ffd02e68a08 R14: 0000000000000009 R15: 0000000000000000
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
INFO: task syz-executor:6735 blocked for more than 161 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0

final repro crashed as (corrupted=false):
INFO: task kworker/0:0:9 blocked for more than 158 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:0     state:D stack:24808 pid:9     tgid:9     ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_add_one+0x38/0x840 fs/kernfs/dir.c:791
 kernfs_create_dir_ns+0xfc/0x1a0 fs/kernfs/dir.c:1091
 sysfs_create_dir_ns+0x13a/0x2b0 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x2c4/0x9b0 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_add+0x16e/0x240 lib/kobject.c:426
 device_add+0x288/0x1a70 drivers/base/core.c:3630
 usb_new_device+0xd07/0x1a20 drivers/usb/core/hub.c:2663
 hub_port_connect drivers/usb/core/hub.c:5531 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5671 [inline]
 port_event drivers/usb/core/hub.c:5831 [inline]
 hub_event+0x2eb7/0x4fa0 drivers/usb/core/hub.c:5913
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task kworker/u8:7:3659 blocked for more than 172 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:7    state:D
 stack:23272 pid:3659  tgid:3659  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_dad_work

Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:746
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 addrconf_dad_work+0x120/0x14e0 net/ipv6/addrconf.c:4195
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task dhcpcd:5478 blocked for more than 173 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:dhcpcd          state:D
 stack:23144 pid:5478  tgid:5478  ppid:5477   task_flags:0x400140 flags:0x00000002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:746
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 devinet_ioctl+0x26d/0x1f50 net/ipv4/devinet.c:1121
 inet_ioctl+0x3a7/0x3f0 net/ipv4/af_inet.c:1001
 sock_do_ioctl+0x115/0x280 net/socket.c:1190
 sock_ioctl+0x227/0x6b0 net/socket.c:1311
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl fs/ioctl.c:892 [inline]
 __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0e6b6a6d49
RSP: 002b:00007ffd54285f38 EFLAGS: 00000246
 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f0e6b5d86c0 RCX: 00007f0e6b6a6d49
RDX: 00007ffd54296128 RSI: 0000000000008914 RDI: 000000000000001c
RBP: 00007ffd542a62e8 R08: 00007ffd542960e8 R09: 00007ffd54296098
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd54296128 R14: 0000000000000028 R15: 0000000000008914
 </TASK>
INFO: task kworker/0:4:6028 blocked for more than 173 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:4     state:D
 stack:24664 pid:6028  tgid:6028  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: usb_hub_wq hub_event

Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_add_one+0x38/0x840 fs/kernfs/dir.c:791
 kernfs_create_dir_ns+0xfc/0x1a0 fs/kernfs/dir.c:1091
 sysfs_create_dir_ns+0x13a/0x2b0 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x2c4/0x9b0 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_add+0x16e/0x240 lib/kobject.c:426
 device_add+0x288/0x1a70 drivers/base/core.c:3630
 usb_new_device+0xd07/0x1a20 drivers/usb/core/hub.c:2663
 hub_port_connect drivers/usb/core/hub.c:5531 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5671 [inline]
 port_event drivers/usb/core/hub.c:5831 [inline]
 hub_event+0x2eb7/0x4fa0 drivers/usb/core/hub.c:5913
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task kworker/u8:6:6051 blocked for more than 174 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:6    state:D
 stack:23144 pid:6051  tgid:6051  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: events_unbound linkwatch_event

Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x6c7/0xb90 kernel/locking/mutex.c:746
 linkwatch_event+0x51/0xc0 net/core/link_watch.c:303
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task syz.9.224:6713 blocked for more than 175 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.9.224       state:D
 stack:28344 pid:6713  tgid:6713  ppid:6488   task_flags:0x400040 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_remove_by_name_ns+0x3d/0x110 fs/kernfs/dir.c:1709
 sysfs_remove_file include/linux/sysfs.h:794 [inline]
 driver_remove_file drivers/base/driver.c:201 [inline]
 driver_remove_file+0x4a/0x60 drivers/base/driver.c:197
 remove_bind_files drivers/base/bus.c:605 [inline]
 bus_remove_driver+0x224/0x2c0 drivers/base/bus.c:743
 driver_unregister+0x76/0xb0 drivers/base/driver.c:277
 usb_gadget_unregister_driver+0x49/0x70 drivers/usb/gadget/udc/core.c:1732
 raw_release+0x1ae/0x2b0 drivers/usb/gadget/legacy/raw_gadget.c:462
 __fput+0x3ff/0xb70 fs/file_table.c:465
 task_work_run+0x14d/0x240 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x260 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc43278e969
RSP: 002b:00007ffd04293a38 EFLAGS: 00000246
 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 000000000008cb7b RCX: 00007fc43278e969
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007fc4329b7ba0 R08: 0000000000000001 R09: 0000000c04293d2f
R10: 00007fc432600000 R11: 0000000000000246 R12: 00007fc4329b5fac
R13: 00007fc4329b5fa0 R14: ffffffffffffffff R15: 00007ffd04293b50
 </TASK>
INFO: task syz.6.225:6716 blocked for more than 175 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.225       state:D
 stack:27560 pid:6716  tgid:6715  ppid:6480   task_flags:0x40054c flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_remove_by_name_ns+0x3d/0x110 fs/kernfs/dir.c:1709
 sysfs_remove_file include/linux/sysfs.h:794 [inline]
 driver_remove_file drivers/base/driver.c:201 [inline]
 driver_remove_file+0x4a/0x60 drivers/base/driver.c:197
 remove_bind_files drivers/base/bus.c:605 [inline]
 bus_remove_driver+0x224/0x2c0 drivers/base/bus.c:743
 driver_unregister+0x76/0xb0 drivers/base/driver.c:277
 usb_gadget_unregister_driver+0x49/0x70 drivers/usb/gadget/udc/core.c:1732
 raw_release+0x1ae/0x2b0 drivers/usb/gadget/legacy/raw_gadget.c:462
 __fput+0x3ff/0xb70 fs/file_table.c:465
 task_work_run+0x14d/0x240 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xafb/0x2c30 kernel/exit.c:953
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1102
 get_signal+0x2673/0x26d0 kernel/signal.c:3034
 arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x260 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe36df8e56b
RSP: 002b:00007fe36ee1bf10 EFLAGS: 00000246
 ORIG_RAX: 0000000000000010
RAX: fffffffffffffffc RBX: 0000000000000004 RCX: 00007fe36df8e56b
RDX: 00007fe36ee1cfe0 RSI: 0000000080085502 RDI: 0000000000000004
RBP: 00007fe36ee1cfe0 R08: 0000000000000080 R09: 00007fe36ee1bfd8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
R13: 0000000800000000 R14: 0000000000000008 R15: 00007fe36e01ba1e
 </TASK>
INFO: task syz.5.227:6719 blocked for more than 176 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.227       state:D
 stack:27608 pid:6719  tgid:6717  ppid:6477   task_flags:0x40054c flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_remove_by_name_ns+0x3d/0x110 fs/kernfs/dir.c:1709
 sysfs_remove_file include/linux/sysfs.h:794 [inline]
 driver_remove_file drivers/base/driver.c:201 [inline]
 driver_remove_file+0x4a/0x60 drivers/base/driver.c:197
 remove_bind_files drivers/base/bus.c:605 [inline]
 bus_remove_driver+0x224/0x2c0 drivers/base/bus.c:743
 driver_unregister+0x76/0xb0 drivers/base/driver.c:277
 usb_gadget_unregister_driver+0x49/0x70 drivers/usb/gadget/udc/core.c:1732
 raw_release+0x1ae/0x2b0 drivers/usb/gadget/legacy/raw_gadget.c:462
 __fput+0x3ff/0xb70 fs/file_table.c:465
 task_work_run+0x14d/0x240 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xafb/0x2c30 kernel/exit.c:953
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1102
 get_signal+0x2673/0x26d0 kernel/signal.c:3034
 arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x260 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe91218e56b
RSP: 002b:00007fe9130aff10 EFLAGS: 00000246
 ORIG_RAX: 0000000000000010
RAX: fffffffffffffffc RBX: 0000000000000004 RCX: 00007fe91218e56b
RDX: 00007fe9130b0fe0 RSI: 0000000080085502 RDI: 0000000000000004
RBP: 00007fe9130b0fe0 R08: 0000000000000080 R09: 00007fe9130affd8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
R13: 0000000800000000 R14: 0000000000000008 R15: 00007fe91221ba1e
 </TASK>
INFO: task syz.7.226:6723 blocked for more than 177 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.7.226       state:D
 stack:27608 pid:6723  tgid:6720  ppid:6483   task_flags:0x40044c flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_remove_by_name_ns+0x3d/0x110 fs/kernfs/dir.c:1709
 sysfs_remove_file include/linux/sysfs.h:794 [inline]
 driver_remove_file drivers/base/driver.c:201 [inline]
 driver_remove_file+0x4a/0x60 drivers/base/driver.c:197
 remove_bind_files drivers/base/bus.c:605 [inline]
 bus_remove_driver+0x224/0x2c0 drivers/base/bus.c:743
 driver_unregister+0x76/0xb0 drivers/base/driver.c:277
 usb_gadget_unregister_driver+0x49/0x70 drivers/usb/gadget/udc/core.c:1732
 raw_release+0x1ae/0x2b0 drivers/usb/gadget/legacy/raw_gadget.c:462
 __fput+0x3ff/0xb70 fs/file_table.c:465
 task_work_run+0x14d/0x240 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xafb/0x2c30 kernel/exit.c:953
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1102
 get_signal+0x2673/0x26d0 kernel/signal.c:3034
 arch_do_signal_or_restart+0x8f/0x7d0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x260 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f557318e969
RSP: 002b:00007f5573f9c0e8 EFLAGS: 00000246
 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f55733b6168 RCX: 00007f557318e969
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f55733b6168
RBP: 00007f55733b6160 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f55733b616c
R13: 0000000000000000 R14: 00007ffdb67dbb30 R15: 00007ffdb67dbc18
 </TASK>
INFO: task syz.8.228:6725 blocked for more than 177 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.8.228       state:D
 stack:28856 pid:6725  tgid:6724  ppid:6486   task_flags:0x400140 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_add_one+0x38/0x840 fs/kernfs/dir.c:791
 kernfs_create_dir_ns+0xfc/0x1a0 fs/kernfs/dir.c:1091
 sysfs_create_dir_ns+0x13a/0x2b0 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x2c4/0x9b0 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_init_and_add+0x11b/0x190 lib/kobject.c:457
 bus_add_driver+0x186/0x690 drivers/base/bus.c:671
 driver_register+0x15c/0x4b0 drivers/base/driver.c:249
 usb_gadget_register_driver_owner+0x132/0x330 drivers/usb/gadget/udc/core.c:1700
 raw_ioctl_run drivers/usb/gadget/legacy/raw_gadget.c:595 [inline]
 raw_ioctl+0x17d0/0x2c30 drivers/usb/gadget/legacy/raw_gadget.c:1306
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl fs/ioctl.c:892 [inline]
 __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f976458e56b
RSP: 002b:00007f97637fbf10 EFLAGS: 00000246
 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f976458e56b
RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
RBP: 00007f97637fcfe0 R08: 0000000000000000 R09: 00382e6364755f79
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f97637fbfb0 R14: 00002000000001c0 R15: 00007f97648e0320
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
INFO: task syz-executor:6728 blocked for more than 158 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D
 stack:28632 pid:6728  tgid:6728  ppid:1      task_flags:0x400040 flags:0x00000000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_add_one+0x38/0x840 fs/kernfs/dir.c:791
 kernfs_create_dir_ns+0xfc/0x1a0 fs/kernfs/dir.c:1091
 sysfs_create_dir_ns+0x13a/0x2b0 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x2c4/0x9b0 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_add+0x16e/0x240 lib/kobject.c:426
 device_add+0x288/0x1a70 drivers/base/core.c:3630
 hci_register_dev+0x328/0xc60 net/bluetooth/hci_core.c:2587
 __vhci_create_device+0x357/0x7f0 drivers/bluetooth/hci_vhci.c:429
 vhci_create_device drivers/bluetooth/hci_vhci.c:471 [inline]
 vhci_get_user drivers/bluetooth/hci_vhci.c:528 [inline]
 vhci_write+0x2c0/0x480 drivers/bluetooth/hci_vhci.c:608
 new_sync_write fs/read_write.c:591 [inline]
 vfs_write+0x5ba/0x1180 fs/read_write.c:684
 ksys_write+0x12a/0x240 fs/read_write.c:736
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f099838d3e0
RSP: 002b:00007ffde889a788 EFLAGS: 00000202
 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f099838d3e0
RDX: 0000000000000002 RSI: 00007ffde889a79a RDI: 00000000000000ca
RBP: 00007ffde889a880 R08: 0000000000000000 R09: 00007f09990ed6c0
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffde889a880
R13: 00007ffde889a888 R14: 0000000000000009 R15: 0000000000000000
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
INFO: task syz-executor:6729 blocked for more than 158 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D
 stack:28632 pid:6729  tgid:6729  ppid:1      task_flags:0x400040 flags:0x00000000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_add_one+0x38/0x840 fs/kernfs/dir.c:791
 kernfs_create_dir_ns+0xfc/0x1a0 fs/kernfs/dir.c:1091
 sysfs_create_dir_ns+0x13a/0x2b0 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x2c4/0x9b0 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_add+0x16e/0x240 lib/kobject.c:426
 device_add+0x288/0x1a70 drivers/base/core.c:3630
 hci_register_dev+0x328/0xc60 net/bluetooth/hci_core.c:2587
 __vhci_create_device+0x357/0x7f0 drivers/bluetooth/hci_vhci.c:429
 vhci_create_device drivers/bluetooth/hci_vhci.c:471 [inline]
 vhci_get_user drivers/bluetooth/hci_vhci.c:528 [inline]
 vhci_write+0x2c0/0x480 drivers/bluetooth/hci_vhci.c:608
 new_sync_write fs/read_write.c:591 [inline]
 vfs_write+0x5ba/0x1180 fs/read_write.c:684
 ksys_write+0x12a/0x240 fs/read_write.c:736
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f968278d3e0
RSP: 002b:00007ffdd7481308 EFLAGS: 00000202
 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f968278d3e0
RDX: 0000000000000002 RSI: 00007ffdd748131a RDI: 00000000000000ca
RBP: 00007ffdd7481400 R08: 0000000000000000 R09: 00007f96834ed6c0
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffdd7481400
R13: 00007ffdd7481408 R14: 0000000000000009 R15: 0000000000000000
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
INFO: task syz-executor:6732 blocked for more than 159 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D
 stack:28632 pid:6732  tgid:6732  ppid:1      task_flags:0x400040 flags:0x00000000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_add_one+0x38/0x840 fs/kernfs/dir.c:791
 kernfs_create_dir_ns+0xfc/0x1a0 fs/kernfs/dir.c:1091
 sysfs_create_dir_ns+0x13a/0x2b0 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x2c4/0x9b0 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_add+0x16e/0x240 lib/kobject.c:426
 device_add+0x288/0x1a70 drivers/base/core.c:3630
 hci_register_dev+0x328/0xc60 net/bluetooth/hci_core.c:2587
 __vhci_create_device+0x357/0x7f0 drivers/bluetooth/hci_vhci.c:429
 vhci_create_device drivers/bluetooth/hci_vhci.c:471 [inline]
 vhci_get_user drivers/bluetooth/hci_vhci.c:528 [inline]
 vhci_write+0x2c0/0x480 drivers/bluetooth/hci_vhci.c:608
 new_sync_write fs/read_write.c:591 [inline]
 vfs_write+0x5ba/0x1180 fs/read_write.c:684
 ksys_write+0x12a/0x240 fs/read_write.c:736
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbb01f8d3e0
RSP: 002b:00007ffcfc6444d8 EFLAGS: 00000202
 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbb01f8d3e0
RDX: 0000000000000002 RSI: 00007ffcfc6444ea RDI: 00000000000000ca
RBP: 00007ffcfc6445d0 R08: 0000000000000000 R09: 00007fbb02ced6c0
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffcfc6445d0
R13: 00007ffcfc6445d8 R14: 0000000000000009 R15: 0000000000000000
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
INFO: task syz-executor:6733 blocked for more than 160 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D
 stack:27976 pid:6733  tgid:6733  ppid:1      task_flags:0x400040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 rwsem_down_write_slowpath+0x524/0x1310 kernel/locking/rwsem.c:1176
 __down_write_common kernel/locking/rwsem.c:1304 [inline]
 __down_write kernel/locking/rwsem.c:1313 [inline]
 down_write+0x1d6/0x200 kernel/locking/rwsem.c:1578
 kernfs_add_one+0x38/0x840 fs/kernfs/dir.c:791
 kernfs_create_dir_ns+0xfc/0x1a0 fs/kernfs/dir.c:1091
 sysfs_create_dir_ns+0x13a/0x2b0 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x2c4/0x9b0 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_add+0x16e/0x240 lib/kobject.c:426
 device_add+0x288/0x1a70 drivers/base/core.c:3630
 hci_register_dev+0x328/0xc60 net/bluetooth/hci_core.c:2587
 __vhci_create_device+0x357/0x7f0 drivers/bluetooth/hci_vhci.c:429
 vhci_create_device drivers/bluetooth/hci_vhci.c:471 [inline]
 vhci_get_user drivers/bluetooth/hci_vhci.c:528 [inline]
 vhci_write+0x2c0/0x480 drivers/bluetooth/hci_vhci.c:608
 new_sync_write fs/read_write.c:591 [inline]
 vfs_write+0x5ba/0x1180 fs/read_write.c:684
 ksys_write+0x12a/0x240 fs/read_write.c:736
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5ccc58d3e0
RSP: 002b:00007ffd02e68908 EFLAGS: 00000202
 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5ccc58d3e0
RDX: 0000000000000002 RSI: 00007ffd02e6891a RDI: 00000000000000ca
RBP: 00007ffd02e68a00 R08: 0000000000000000 R09: 00007f5ccd2ed6c0
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffd02e68a00
R13: 00007ffd02e68a08 R14: 0000000000000009 R15: 0000000000000000
 </TASK>
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
INFO: task syz-executor:6735 blocked for more than 161 seconds.
      Not tainted 6.15.0-rc4-syzkaller-00189-g2bfcee565c3a #0