Extracting prog: 7m43.431416425s
Minimizing prog: 18m33.561550791s
Simplifying prog options: 0s
Extracting C: 3m20.384863906s
Simplifying C: 21m44.122253939s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_clone-ptrace
detailed listing:
executing program 0:
syz_usbip_server_init(0x2)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_clone-ptrace
detailed listing:
executing program 0:
syz_usbip_server_init(0x2)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_clone-ptrace
detailed listing:
executing program 0:
syz_usbip_server_init(0x2)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)

program crashed: INFO: task hung in hub_port_init
single: successfully extracted reproducer
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_clone
detailed listing:
executing program 0:
syz_usbip_server_init(0x2)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-ptrace
detailed listing:
executing program 0:
syz_usbip_server_init(0x2)
ptrace(0x10, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-ptrace
detailed listing:
executing program 0:
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_clone-ptrace
program crashed: INFO: task hung in hub_port_init
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_clone-ptrace
program crashed: INFO: task hung in hub_port_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_clone-ptrace
program crashed: INFO: task hung in hub_port_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_clone-ptrace
program crashed: INFO: task hung in hub_port_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_clone-ptrace
program crashed: INFO: task hung in hub_port_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_clone-ptrace
program crashed: INFO: task hung in hub_port_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_clone-ptrace
program crashed: INFO: task hung in hub_port_init
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_clone-ptrace
program crashed: INFO: task hung in hub_port_init
reproducing took 51m21.500116371s
repro crashed as (corrupted=false):
INFO: task kworker/1:0:22 blocked for more than 143 seconds.
      Not tainted 6.1.129-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:0     state:D stack:0     pid:22    ppid:2      flags:0x00000008
Workqueue: usb_hub_wq hub_event
Call trace:
 __switch_to+0x308/0x598 arch/arm64/kernel/process.c:553
 context_switch kernel/sched/core.c:5243 [inline]
 __schedule+0xef4/0x1d44 kernel/sched/core.c:6560
 schedule+0xc4/0x170 kernel/sched/core.c:6636
 usb_kill_urb+0x1b4/0x32c drivers/usb/core/urb.c:728
 usb_start_wait_urb+0x16c/0x414 drivers/usb/core/message.c:64
 usb_internal_control_msg drivers/usb/core/message.c:102 [inline]
 usb_control_msg+0x228/0x3f8 drivers/usb/core/message.c:153
 get_bMaxPacketSize0 drivers/usb/core/hub.c:4770 [inline]
 hub_port_init+0x97c/0x2358 drivers/usb/core/hub.c:4967
 hub_port_connect drivers/usb/core/hub.c:5418 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5629 [inline]
 port_event drivers/usb/core/hub.c:5785 [inline]
 hub_event+0x2124/0x42e4 drivers/usb/core/hub.c:5867
 process_one_work+0x804/0x1484 kernel/workqueue.c:2292
 worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864

Showing all locks held in the system:
1 lock held by rcu_tasks_kthre/12:
 #0: ffff800015cc79b0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x44/0xcf4 kernel/rcu/tasks.h:517
1 lock held by rcu_tasks_trace/13:
 #0: ffff800015cc81b0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x44/0xcf4 kernel/rcu/tasks.h:517
5 locks held by kworker/1:0/22:
 #0: ffff0000c471d138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x6bc/0x1484 kernel/workqueue.c:2265
 #1: ffff80001d397c20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x6fc/0x1484 kernel/workqueue.c:2267
 #2: ffff0000d1bea190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline]
 #2: ffff0000d1bea190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b0/0x42e4 drivers/usb/core/hub.c:5813
 #3: ffff0000d1a4d510 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3172 [inline]
 #3: ffff0000d1a4d510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5385 [inline]
 #3: ffff0000d1a4d510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5629 [inline]
 #3: ffff0000d1a4d510 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5785 [inline]
 #3: ffff0000d1a4d510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x1bdc/0x42e4 drivers/usb/core/hub.c:5867
 #4: ffff0000d166b468 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5386 [inline]
 #4: ffff0000d166b468 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5629 [inline]
 #4: ffff0000d166b468 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5785 [inline]
 #4: ffff0000d166b468 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x1c04/0x42e4 drivers/usb/core/hub.c:5867
1 lock held by khungtaskd/28:
 #0: ffff800015cc77e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:349
2 locks held by getty/4060:
 #0: ffff0000d6346098 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
 #1: ffff80001d8f02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x414/0x1214 drivers/tty/n_tty.c:2198
1 lock held by sshd/4306:
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:537 [inline]
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1355 [inline]
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1645 [inline]
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x2c4/0x1d44 kernel/sched/core.c:6476
1 lock held by syz-executor418/15758:
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:537 [inline]
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1355 [inline]
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1645 [inline]
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x2c4/0x1d44 kernel/sched/core.c:6476

=============================================


final repro crashed as (corrupted=false):
INFO: task kworker/1:0:22 blocked for more than 143 seconds.
      Not tainted 6.1.129-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:0     state:D stack:0     pid:22    ppid:2      flags:0x00000008
Workqueue: usb_hub_wq hub_event
Call trace:
 __switch_to+0x308/0x598 arch/arm64/kernel/process.c:553
 context_switch kernel/sched/core.c:5243 [inline]
 __schedule+0xef4/0x1d44 kernel/sched/core.c:6560
 schedule+0xc4/0x170 kernel/sched/core.c:6636
 usb_kill_urb+0x1b4/0x32c drivers/usb/core/urb.c:728
 usb_start_wait_urb+0x16c/0x414 drivers/usb/core/message.c:64
 usb_internal_control_msg drivers/usb/core/message.c:102 [inline]
 usb_control_msg+0x228/0x3f8 drivers/usb/core/message.c:153
 get_bMaxPacketSize0 drivers/usb/core/hub.c:4770 [inline]
 hub_port_init+0x97c/0x2358 drivers/usb/core/hub.c:4967
 hub_port_connect drivers/usb/core/hub.c:5418 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5629 [inline]
 port_event drivers/usb/core/hub.c:5785 [inline]
 hub_event+0x2124/0x42e4 drivers/usb/core/hub.c:5867
 process_one_work+0x804/0x1484 kernel/workqueue.c:2292
 worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864

Showing all locks held in the system:
1 lock held by rcu_tasks_kthre/12:
 #0: ffff800015cc79b0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x44/0xcf4 kernel/rcu/tasks.h:517
1 lock held by rcu_tasks_trace/13:
 #0: ffff800015cc81b0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x44/0xcf4 kernel/rcu/tasks.h:517
5 locks held by kworker/1:0/22:
 #0: ffff0000c471d138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x6bc/0x1484 kernel/workqueue.c:2265
 #1: ffff80001d397c20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x6fc/0x1484 kernel/workqueue.c:2267
 #2: ffff0000d1bea190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline]
 #2: ffff0000d1bea190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b0/0x42e4 drivers/usb/core/hub.c:5813
 #3: ffff0000d1a4d510 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3172 [inline]
 #3: ffff0000d1a4d510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5385 [inline]
 #3: ffff0000d1a4d510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5629 [inline]
 #3: ffff0000d1a4d510 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5785 [inline]
 #3: ffff0000d1a4d510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x1bdc/0x42e4 drivers/usb/core/hub.c:5867
 #4: ffff0000d166b468 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5386 [inline]
 #4: ffff0000d166b468 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5629 [inline]
 #4: ffff0000d166b468 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5785 [inline]
 #4: ffff0000d166b468 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x1c04/0x42e4 drivers/usb/core/hub.c:5867
1 lock held by khungtaskd/28:
 #0: ffff800015cc77e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:349
2 locks held by getty/4060:
 #0: ffff0000d6346098 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
 #1: ffff80001d8f02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x414/0x1214 drivers/tty/n_tty.c:2198
1 lock held by sshd/4306:
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:537 [inline]
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1355 [inline]
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1645 [inline]
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x2c4/0x1d44 kernel/sched/core.c:6476
1 lock held by syz-executor418/15758:
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:537 [inline]
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1355 [inline]
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1645 [inline]
 #0: ffff0001b3cd8158 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x2c4/0x1d44 kernel/sched/core.c:6476

=============================================