Extracting prog: 5m27.55470694s
Minimizing prog: 30m47.376221226s
Simplifying prog options: 0s
Extracting C: 1m4.201063466s
Simplifying C: 10m56.065447141s
extracting reproducer from 24 programs
testing a last program of every proc
single: executing 4 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-socket$inet6_tcp-syz_usb_control_io$hid-ioctl$sock_SIOCETHTOOL-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', 0x0})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$can_j1939-syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-ioctl$FS_IOC_GETVERSION
detailed listing:
executing program 0:
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, 0x0, 0x8000000000000003, {}, 0xfd}, 0x18)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0x40015b0b, &(0x7f0000000040))
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-ioctl$HIDIOCGRDESC-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x90044802, &(0x7f0000000ec0)={0xd84, "4fad02500e5a6c365a52a7f246553c79aa2ce48f15e62fb3ccaf2970a5f98f0304620b220a707b54e9425f6334b6acf73b4ebc50160728c0af201a5eedca7b8a82aaaf7a003bc77d36e04598ae5d671a0a242b1bad0e174d41c34926ab401d8caf269889aa7f963f846e48f09fa1523750385e80ad94a9135a39085b61cae50a74151770cbc5ea055edc9c5e0164598258b19807b6ca47d3aec2ef6ff67e16809a308f204d600c2a98b88acbfed8356e5bfc196d144c1435cfda422e6f630e6893c39b080d94635746ade299f1c32d2d0de8c84b3b9bd863c95d912232a67af4503ca1adceafcf4d7850b5545680d774e8d70ac448785af275a2e195eeda371d43a35df738bd1930683dcbd17286d161e08ac2683dd0f0751b4c855b62da73e70af721354665933ca54c8af958f7af45e9b17d9f1874ca0ee8c28221486949c97ba9b8ec964dc6ae4bc7423794951be6284ff56242610dd774f1f678f4a0efd3ff9ce6c7989ef12df50f42e7da9999a5e4a0d0478115ec6ae32eaff20af7f288ae4419209f39c957fc30c2fb2fefe3f7a6518fe254a50877a16057d47afdc00b12092f0c60cbf22cb43b36f06e03218620398470b2c20c43dc60898802b35042bd10e58cd33cd2e25eb29c4b21537592755c733eb9897f1b4973968ba7e9f3d153161e8d736e2c5aef4e467e911166b5d7f400c742356d784582ba9613b0d52c55626d7f82e90c6825aebc124b09ac1110575e8389f32d44bb8240453a49a864c8d9e9fab98343a52c583d1b505a85307842062824ddff09d867043f5710e93a8b0db58d8a34c638562d24c78a189d316a503c8304a2f6f9b8432dd24bc1556b942a9f03bdae9768291be33ccd30199affe42cfbaec751bedd1e80e8e06a9c9d08efc2dbb7fc6ad6ac4291e4a8b7ee2dd66a952f28c8fa7877178eafc6ab7a65a156cb901e1c233e58e6f80631e117ca2f3d24dc1a771834effd61e1318b90d0adb9c32eef490191b12551282a54eba07a1b9092207c502c1b670dfd15075de9a78ccc3f04a48eddf8e5d198ef006c4b83eb1dd458bb42db1ddebd3dfca89201e566144e284e5f0531cf4db86e481e30296ecf82cb961fdb4268dd2b7659713fd4ac606b18ed4a73f19e1b31086877b64d9025249692e60d03be7b6fc2ca4fd56c1aefd4d8f42a77598ebb5ac02f84d21296d2fd05e4273bda38c312a1c236e0d4c74774411dd35e3784159f581d2336f55692ddd4ae24b3b4ae76461641182391211973614204f70a6817d9df90af854f858edb4f820b52982f64da4df2806ad68f572b7cee764540ba4e2245e291a2b596b90ef12bf3972f4f5eeca621b517671505bd7b0ca50e4332e53c7aca3175707e004444dcb3e4bf61175c201cdc9ae4943c30cbead34c5cdd623cedf9fe043a376f21e40c1c2f3d4fba4c95b00b7e54b2f77ea04ae7f61653cf2b411d2eb23a6ad6c71035913c66ba584f6cbe8bdc410efaa2bf9e797e8ddeb3ff7eebebe69b48ea1af4970993e68829c21afc39cacc6c1e9893c2ecd65b493c0d81288026ca6de13109456d70f91324ce0b965bd9347f1554e6124c4dea964a0e1b4ed34638334bd1676e618fe077c94fe90182ec10df514c601854510cf1cac7a19c71916597493e50604bdc5e0fa76fe9c8cb3b930412191015bb6280bcf6eff3eb23eabb13135cce73e82e896d8c99e49a4e25cc549a77bc89941cb3138b2c1dbfbcb5fc9411b385cdca832dc41ac5a617673a643359b840aeb260275146c0130f4ab30579c364f8c6624b63eb8d29e8685f9f5a06c78d3d074a74163655ec2ead7b3bbc798f12f5b87fd6f4783500b7d2eddb6bfd98c61112c64361b8e382a4585e06f8d1a01a1f0fcb95e59bdcc906dcd593736887efbe83740179b82019c38747bdb5ea407753d59e09b4198738b51429658cdebb0a80694b9e3f47cc93172ac785480302e0eb05ed8fb5c8c2c1678d8da8f3989f63beb2e2532dfca8d2b760b7cf7d3504e7df4726570f87618c92f072deab556c22327bd8a56a196a679e6e9bddd1650118fd3851969a43cf98b129cbf8b202875479a1d11fb39e0de5b607d0437c5f326f25e13d48cb295aa26d36e34dd6150872f689c4d5eb449dfa55559db7bff30fa83a4c004b908c2b94b2937920425da540536e0ba305b20ed20b790a14361414b9b9309f7ac37423fb0ee3c5e350c1370b1f9bc7c308d9b4b0cae8475e596c41dca3c5f785a57914039f81f2439a34026c05f25b287347d8cac205e010cae2896cfbdbb3b2503404b6c9cf059c70ad68e0c13accb55d8344c956e3c664d063a6cc3f12a6b25898973951a206089342a6c17f64837b6e69c740ad537429f0deb294fbc746c9dc56bfc3cef12a843b9bcd97aacc1d82a14b94e3b512163c4b8d8676679febd1b98fe875fdfa48cf5de6bae82a49853c2de552ebe78570042bfed4efc3db30b2977ceef6e638f4e123cdac93877932493a95f1fb3fdfc749e5205358d2416622e593b487c3219030bbd20c1fbef6ae8007877b1e7fd67e343456b973b33c9d9511924bf36c599fd768d18bd1424d4d528e4fa141bbca98c1776175bcd8e91ff487239f5ac83223ac91b224828b55251ed6eb3a2712e934f7bc5e99fa33673dbf130070c03221a53b179270c673464fc9e9a6203363450ac216ffbf5e994011c02d9383fc9b44bf3261682ab7de0555086a3c1a3b91b0a8feda345dc5d04afa69164b32ce1d82e6e79178cd711770c9c081fc6f834a15afdf6e7c12216d49d5d19b29844af7df78a31b069706dfb33d2b198522009fc48090d35fc7a5ee18d93a04efa6ba78742d639ccb6292a2a62f5eae404ea6569e08711627b58cdbaed141d19c2283ecb1bd739e524286d3aae7d03c4ffa53f55efe6296bdeb0a570f8c48c4d71f2c484bce3137bcab3215855c50331e7702fb3d9d1c379b41b0b37f96187ce8f20e779e186ed680d36c459cbf0a39251df5b065e9e2a0a05b5fce8ca0b5aa027fecbb8c0a7754619eed683e0b437222d27c3a3d35dc4f2c4b2af613c1133e0ca22e1628285b844d0adef961031a99e2444de5e3a2199ea345cd7cd58bfb817f3fbabd83f34333dca162b82c726db0ee15f5d4fe93b1ca1ae4c84dcb2219f486b3395250b21f8cd75dd45c39fe3355e0f2da2ebe434807c1d3d618856596c3b0bf73a2a6cd13d37a20460a729347a4cc30530dec9d1e424f5f5d5ae86f0bb56e031c988123440ce4be5f58f930728d6680d79603ed090025c8aa25be7ca06025c5f84e3e2e5c4850a61654dd4cba2e17c306b2b84ffa2f0bab6f0e4637f3cc22155e3bef1fc0e9e42fc82ae5c8d1ae6ee431ee3fe7fe8f2ad8a6aeabbfa49deeace0164196a5b5adc019557d0da83c2521ffc33ac13ecd0dd5522a05d41cd5be153fd5d9159eaedbfd8e7844664f63df4d5df8aeeaa0bcf909e3c819558b3d383d0c80089033ccc225d122a2f461e6bba652a3f17bb0a1cdd6d4caf6ec866d21af48177939aa433ae0580f9c950bc014b9167e5d12c81e4c35f7156ef92cc7d8dc8e1eedf0a5b13179b1dc6e8dd0d2deec50244ba4a748313ff19005dbaa92d79b4dd6f3d42f960fc177cd23a8f10824f14e32476092c11f062ba82ecbcb9b11b078b60ea60810972ca75d63ea9526822565bdcecf01bb0ff6952e2d1751a9d4d13c7be01cebc6929e4e153da4e6341ac86bfd446035e79f700a76fc279a6ed0f1d0e3acb28650d1b0ac51957cfcf49841a23e14a32c62a1b71829e2c6d17f5c52694a926bf9fa7840ead78656073b4dc0117c72f64c3aef8cb00d0e5de23855eec5fc111dc12090664e7f87238eb05a2eee7269eb30d42722f45dc3579e6466a862dfad69cf123fba3e13d6395ea83f9de9864d5589d68f65d76bd0b0d3186243d03fa7b89615292b2e581988930e0b26c172c1068f48f7fff68667690f4f1298a9d4178ed883ea94f81d02728c98a8cc6f4b69a49e497ad80e42f03d9d77bb5e439ee466ed691ef46265a76120ab8eecde36f956aecae36d442dc3faad46e5f6c80c8ae2a37bdc550108c275bc1dda28df2819fe5f3b25eff83684485954373760ec20886d1aa6fec803a76eb400eea887d3d0b5b3ab187cd66bcd36dc22b99190e06c71eb7d09b70bf5759cf4e943630522998d9b05a6e74e310f7a222950acfc009b33df3169b8b696d6e00c501c87dc05e40facebf83714fa3f2bc17c5c3b442f080fa0dd954178726a6b94c485666b9ca0eb36dde792e444e7f20f1cbe7f73c39beb0364d41ddd1bd11f13b366c03c7e2a4775901e0cf347aea4c6cc4c18a6c902f5d2526ec821987ac850cbf5653c9b4fc82fa559be5fef0988e0ae47f0e4e88513e8d92ad2e7abd7fcfdb131d2dda1b0ac853a9e1609d15ed329f8881c0bcc279f08df439449b3bb93cc8c32361a13b0322bd4bbcde506e46c0793b927ffd3fd48946efd9cbd1cdf76517e468669a74db34a8c20d2a7f6ce720ac6b1675e967ad9c54ad7c0d93a55635c5f481f4f5eb06e2dfb749ee6390dc646c9ba7fdee53f85532da3f4fd8bd5f5ae3df2bca94060d11a7fa1732fb2bd704edd42ed6a88b76a5f7e9ca588a9763c1f5abeff7a59d335724195ad6a5b393cebf017efb0fe089ae5af1ed26a6b9bef2e5dddcffce5b9e826f3f0842aec79b45869a22bbc4d9ceb6705f66d8c7a6b3d5520fa3a8a0fb533c9fa746325e4f0192db7735744e9041fda6f6098d135296731204b3176313e0eea773e013eb75bab155ff50112845947c1ae65cd6f2359f2e2351e498eccd3b6e7ffde3a1bb11dcbe2df25dc0a32a189b51568b4ebe8797005af60287368789b920f470bdeae597ced0cdd89244d0d3b1c69808337"})
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")
program crashed: general protection fault in puts_queue
single: successfully extracted reproducer
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=46.109241336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-ioctl$HIDIOCGRDESC-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x90044802, &(0x7f0000000ec0)={0xd84, "4fad02500e5a6c365a52a7f246553c79aa2ce48f15e62fb3ccaf2970a5f98f0304620b220a707b54e9425f6334b6acf73b4ebc50160728c0af201a5eedca7b8a82aaaf7a003bc77d36e04598ae5d671a0a242b1bad0e174d41c34926ab401d8caf269889aa7f963f846e48f09fa1523750385e80ad94a9135a39085b61cae50a74151770cbc5ea055edc9c5e0164598258b19807b6ca47d3aec2ef6ff67e16809a308f204d600c2a98b88acbfed8356e5bfc196d144c1435cfda422e6f630e6893c39b080d94635746ade299f1c32d2d0de8c84b3b9bd863c95d912232a67af4503ca1adceafcf4d7850b5545680d774e8d70ac448785af275a2e195eeda371d43a35df738bd1930683dcbd17286d161e08ac2683dd0f0751b4c855b62da73e70af721354665933ca54c8af958f7af45e9b17d9f1874ca0ee8c28221486949c97ba9b8ec964dc6ae4bc7423794951be6284ff56242610dd774f1f678f4a0efd3ff9ce6c7989ef12df50f42e7da9999a5e4a0d0478115ec6ae32eaff20af7f288ae4419209f39c957fc30c2fb2fefe3f7a6518fe254a50877a16057d47afdc00b12092f0c60cbf22cb43b36f06e03218620398470b2c20c43dc60898802b35042bd10e58cd33cd2e25eb29c4b21537592755c733eb9897f1b4973968ba7e9f3d153161e8d736e2c5aef4e467e911166b5d7f400c742356d784582ba9613b0d52c55626d7f82e90c6825aebc124b09ac1110575e8389f32d44bb8240453a49a864c8d9e9fab98343a52c583d1b505a85307842062824ddff09d867043f5710e93a8b0db58d8a34c638562d24c78a189d316a503c8304a2f6f9b8432dd24bc1556b942a9f03bdae9768291be33ccd30199affe42cfbaec751bedd1e80e8e06a9c9d08efc2dbb7fc6ad6ac4291e4a8b7ee2dd66a952f28c8fa7877178eafc6ab7a65a156cb901e1c233e58e6f80631e117ca2f3d24dc1a771834effd61e1318b90d0adb9c32eef490191b12551282a54eba07a1b9092207c502c1b670dfd15075de9a78ccc3f04a48eddf8e5d198ef006c4b83eb1dd458bb42db1ddebd3dfca89201e566144e284e5f0531cf4db86e481e30296ecf82cb961fdb4268dd2b7659713fd4ac606b18ed4a73f19e1b31086877b64d9025249692e60d03be7b6fc2ca4fd56c1aefd4d8f42a77598ebb5ac02f84d21296d2fd05e4273bda38c312a1c236e0d4c74774411dd35e3784159f581d2336f55692ddd4ae24b3b4ae76461641182391211973614204f70a6817d9df90af854f858edb4f820b52982f64da4df2806ad68f572b7cee764540ba4e2245e291a2b596b90ef12bf3972f4f5eeca621b517671505bd7b0ca50e4332e53c7aca3175707e004444dcb3e4bf61175c201cdc9ae4943c30cbead34c5cdd623cedf9fe043a376f21e40c1c2f3d4fba4c95b00b7e54b2f77ea04ae7f61653cf2b411d2eb23a6ad6c71035913c66ba584f6cbe8bdc410efaa2bf9e797e8ddeb3ff7eebebe69b48ea1af4970993e68829c21afc39cacc6c1e9893c2ecd65b493c0d81288026ca6de13109456d70f91324ce0b965bd9347f1554e6124c4dea964a0e1b4ed34638334bd1676e618fe077c94fe90182ec10df514c601854510cf1cac7a19c71916597493e50604bdc5e0fa76fe9c8cb3b930412191015bb6280bcf6eff3eb23eabb13135cce73e82e896d8c99e49a4e25cc549a77bc89941cb3138b2c1dbfbcb5fc9411b385cdca832dc41ac5a617673a643359b840aeb260275146c0130f4ab30579c364f8c6624b63eb8d29e8685f9f5a06c78d3d074a74163655ec2ead7b3bbc798f12f5b87fd6f4783500b7d2eddb6bfd98c61112c64361b8e382a4585e06f8d1a01a1f0fcb95e59bdcc906dcd593736887efbe83740179b82019c38747bdb5ea407753d59e09b4198738b51429658cdebb0a80694b9e3f47cc93172ac785480302e0eb05ed8fb5c8c2c1678d8da8f3989f63beb2e2532dfca8d2b760b7cf7d3504e7df4726570f87618c92f072deab556c22327bd8a56a196a679e6e9bddd1650118fd3851969a43cf98b129cbf8b202875479a1d11fb39e0de5b607d0437c5f326f25e13d48cb295aa26d36e34dd6150872f689c4d5eb449dfa55559db7bff30fa83a4c004b908c2b94b2937920425da540536e0ba305b20ed20b790a14361414b9b9309f7ac37423fb0ee3c5e350c1370b1f9bc7c308d9b4b0cae8475e596c41dca3c5f785a57914039f81f2439a34026c05f25b287347d8cac205e010cae2896cfbdbb3b2503404b6c9cf059c70ad68e0c13accb55d8344c956e3c664d063a6cc3f12a6b25898973951a206089342a6c17f64837b6e69c740ad537429f0deb294fbc746c9dc56bfc3cef12a843b9bcd97aacc1d82a14b94e3b512163c4b8d8676679febd1b98fe875fdfa48cf5de6bae82a49853c2de552ebe78570042bfed4efc3db30b2977ceef6e638f4e123cdac93877932493a95f1fb3fdfc749e5205358d2416622e593b487c3219030bbd20c1fbef6ae8007877b1e7fd67e343456b973b33c9d9511924bf36c599fd768d18bd1424d4d528e4fa141bbca98c1776175bcd8e91ff487239f5ac83223ac91b224828b55251ed6eb3a2712e934f7bc5e99fa33673dbf130070c03221a53b179270c673464fc9e9a6203363450ac216ffbf5e994011c02d9383fc9b44bf3261682ab7de0555086a3c1a3b91b0a8feda345dc5d04afa69164b32ce1d82e6e79178cd711770c9c081fc6f834a15afdf6e7c12216d49d5d19b29844af7df78a31b069706dfb33d2b198522009fc48090d35fc7a5ee18d93a04efa6ba78742d639ccb6292a2a62f5eae404ea6569e08711627b58cdbaed141d19c2283ecb1bd739e524286d3aae7d03c4ffa53f55efe6296bdeb0a570f8c48c4d71f2c484bce3137bcab3215855c50331e7702fb3d9d1c379b41b0b37f96187ce8f20e779e186ed680d36c459cbf0a39251df5b065e9e2a0a05b5fce8ca0b5aa027fecbb8c0a7754619eed683e0b437222d27c3a3d35dc4f2c4b2af613c1133e0ca22e1628285b844d0adef961031a99e2444de5e3a2199ea345cd7cd58bfb817f3fbabd83f34333dca162b82c726db0ee15f5d4fe93b1ca1ae4c84dcb2219f486b3395250b21f8cd75dd45c39fe3355e0f2da2ebe434807c1d3d618856596c3b0bf73a2a6cd13d37a20460a729347a4cc30530dec9d1e424f5f5d5ae86f0bb56e031c988123440ce4be5f58f930728d6680d79603ed090025c8aa25be7ca06025c5f84e3e2e5c4850a61654dd4cba2e17c306b2b84ffa2f0bab6f0e4637f3cc22155e3bef1fc0e9e42fc82ae5c8d1ae6ee431ee3fe7fe8f2ad8a6aeabbfa49deeace0164196a5b5adc019557d0da83c2521ffc33ac13ecd0dd5522a05d41cd5be153fd5d9159eaedbfd8e7844664f63df4d5df8aeeaa0bcf909e3c819558b3d383d0c80089033ccc225d122a2f461e6bba652a3f17bb0a1cdd6d4caf6ec866d21af48177939aa433ae0580f9c950bc014b9167e5d12c81e4c35f7156ef92cc7d8dc8e1eedf0a5b13179b1dc6e8dd0d2deec50244ba4a748313ff19005dbaa92d79b4dd6f3d42f960fc177cd23a8f10824f14e32476092c11f062ba82ecbcb9b11b078b60ea60810972ca75d63ea9526822565bdcecf01bb0ff6952e2d1751a9d4d13c7be01cebc6929e4e153da4e6341ac86bfd446035e79f700a76fc279a6ed0f1d0e3acb28650d1b0ac51957cfcf49841a23e14a32c62a1b71829e2c6d17f5c52694a926bf9fa7840ead78656073b4dc0117c72f64c3aef8cb00d0e5de23855eec5fc111dc12090664e7f87238eb05a2eee7269eb30d42722f45dc3579e6466a862dfad69cf123fba3e13d6395ea83f9de9864d5589d68f65d76bd0b0d3186243d03fa7b89615292b2e581988930e0b26c172c1068f48f7fff68667690f4f1298a9d4178ed883ea94f81d02728c98a8cc6f4b69a49e497ad80e42f03d9d77bb5e439ee466ed691ef46265a76120ab8eecde36f956aecae36d442dc3faad46e5f6c80c8ae2a37bdc550108c275bc1dda28df2819fe5f3b25eff83684485954373760ec20886d1aa6fec803a76eb400eea887d3d0b5b3ab187cd66bcd36dc22b99190e06c71eb7d09b70bf5759cf4e943630522998d9b05a6e74e310f7a222950acfc009b33df3169b8b696d6e00c501c87dc05e40facebf83714fa3f2bc17c5c3b442f080fa0dd954178726a6b94c485666b9ca0eb36dde792e444e7f20f1cbe7f73c39beb0364d41ddd1bd11f13b366c03c7e2a4775901e0cf347aea4c6cc4c18a6c902f5d2526ec821987ac850cbf5653c9b4fc82fa559be5fef0988e0ae47f0e4e88513e8d92ad2e7abd7fcfdb131d2dda1b0ac853a9e1609d15ed329f8881c0bcc279f08df439449b3bb93cc8c32361a13b0322bd4bbcde506e46c0793b927ffd3fd48946efd9cbd1cdf76517e468669a74db34a8c20d2a7f6ce720ac6b1675e967ad9c54ad7c0d93a55635c5f481f4f5eb06e2dfb749ee6390dc646c9ba7fdee53f85532da3f4fd8bd5f5ae3df2bca94060d11a7fa1732fb2bd704edd42ed6a88b76a5f7e9ca588a9763c1f5abeff7a59d335724195ad6a5b393cebf017efb0fe089ae5af1ed26a6b9bef2e5dddcffce5b9e826f3f0842aec79b45869a22bbc4d9ceb6705f66d8c7a6b3d5520fa3a8a0fb533c9fa746325e4f0192db7735744e9041fda6f6098d135296731204b3176313e0eea773e013eb75bab155ff50112845947c1ae65cd6f2359f2e2351e498eccd3b6e7ffde3a1bb11dcbe2df25dc0a32a189b51568b4ebe8797005af60287368789b920f470bdeae597ced0cdd89244d0d3b1c69808337"})
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
program did not crash
testing program (duration=46.109241336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-ioctl$HIDIOCGRDESC-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x90044802, &(0x7f0000000ec0)={0xd84, "4fad02500e5a6c365a52a7f246553c79aa2ce48f15e62fb3ccaf2970a5f98f0304620b220a707b54e9425f6334b6acf73b4ebc50160728c0af201a5eedca7b8a82aaaf7a003bc77d36e04598ae5d671a0a242b1bad0e174d41c34926ab401d8caf269889aa7f963f846e48f09fa1523750385e80ad94a9135a39085b61cae50a74151770cbc5ea055edc9c5e0164598258b19807b6ca47d3aec2ef6ff67e16809a308f204d600c2a98b88acbfed8356e5bfc196d144c1435cfda422e6f630e6893c39b080d94635746ade299f1c32d2d0de8c84b3b9bd863c95d912232a67af4503ca1adceafcf4d7850b5545680d774e8d70ac448785af275a2e195eeda371d43a35df738bd1930683dcbd17286d161e08ac2683dd0f0751b4c855b62da73e70af721354665933ca54c8af958f7af45e9b17d9f1874ca0ee8c28221486949c97ba9b8ec964dc6ae4bc7423794951be6284ff56242610dd774f1f678f4a0efd3ff9ce6c7989ef12df50f42e7da9999a5e4a0d0478115ec6ae32eaff20af7f288ae4419209f39c957fc30c2fb2fefe3f7a6518fe254a50877a16057d47afdc00b12092f0c60cbf22cb43b36f06e03218620398470b2c20c43dc60898802b35042bd10e58cd33cd2e25eb29c4b21537592755c733eb9897f1b4973968ba7e9f3d153161e8d736e2c5aef4e467e911166b5d7f400c742356d784582ba9613b0d52c55626d7f82e90c6825aebc124b09ac1110575e8389f32d44bb8240453a49a864c8d9e9fab98343a52c583d1b505a85307842062824ddff09d867043f5710e93a8b0db58d8a34c638562d24c78a189d316a503c8304a2f6f9b8432dd24bc1556b942a9f03bdae9768291be33ccd30199affe42cfbaec751bedd1e80e8e06a9c9d08efc2dbb7fc6ad6ac4291e4a8b7ee2dd66a952f28c8fa7877178eafc6ab7a65a156cb901e1c233e58e6f80631e117ca2f3d24dc1a771834effd61e1318b90d0adb9c32eef490191b12551282a54eba07a1b9092207c502c1b670dfd15075de9a78ccc3f04a48eddf8e5d198ef006c4b83eb1dd458bb42db1ddebd3dfca89201e566144e284e5f0531cf4db86e481e30296ecf82cb961fdb4268dd2b7659713fd4ac606b18ed4a73f19e1b31086877b64d9025249692e60d03be7b6fc2ca4fd56c1aefd4d8f42a77598ebb5ac02f84d21296d2fd05e4273bda38c312a1c236e0d4c74774411dd35e3784159f581d2336f55692ddd4ae24b3b4ae76461641182391211973614204f70a6817d9df90af854f858edb4f820b52982f64da4df2806ad68f572b7cee764540ba4e2245e291a2b596b90ef12bf3972f4f5eeca621b517671505bd7b0ca50e4332e53c7aca3175707e004444dcb3e4bf61175c201cdc9ae4943c30cbead34c5cdd623cedf9fe043a376f21e40c1c2f3d4fba4c95b00b7e54b2f77ea04ae7f61653cf2b411d2eb23a6ad6c71035913c66ba584f6cbe8bdc410efaa2bf9e797e8ddeb3ff7eebebe69b48ea1af4970993e68829c21afc39cacc6c1e9893c2ecd65b493c0d81288026ca6de13109456d70f91324ce0b965bd9347f1554e6124c4dea964a0e1b4ed34638334bd1676e618fe077c94fe90182ec10df514c601854510cf1cac7a19c71916597493e50604bdc5e0fa76fe9c8cb3b930412191015bb6280bcf6eff3eb23eabb13135cce73e82e896d8c99e49a4e25cc549a77bc89941cb3138b2c1dbfbcb5fc9411b385cdca832dc41ac5a617673a643359b840aeb260275146c0130f4ab30579c364f8c6624b63eb8d29e8685f9f5a06c78d3d074a74163655ec2ead7b3bbc798f12f5b87fd6f4783500b7d2eddb6bfd98c61112c64361b8e382a4585e06f8d1a01a1f0fcb95e59bdcc906dcd593736887efbe83740179b82019c38747bdb5ea407753d59e09b4198738b51429658cdebb0a80694b9e3f47cc93172ac785480302e0eb05ed8fb5c8c2c1678d8da8f3989f63beb2e2532dfca8d2b760b7cf7d3504e7df4726570f87618c92f072deab556c22327bd8a56a196a679e6e9bddd1650118fd3851969a43cf98b129cbf8b202875479a1d11fb39e0de5b607d0437c5f326f25e13d48cb295aa26d36e34dd6150872f689c4d5eb449dfa55559db7bff30fa83a4c004b908c2b94b2937920425da540536e0ba305b20ed20b790a14361414b9b9309f7ac37423fb0ee3c5e350c1370b1f9bc7c308d9b4b0cae8475e596c41dca3c5f785a57914039f81f2439a34026c05f25b287347d8cac205e010cae2896cfbdbb3b2503404b6c9cf059c70ad68e0c13accb55d8344c956e3c664d063a6cc3f12a6b25898973951a206089342a6c17f64837b6e69c740ad537429f0deb294fbc746c9dc56bfc3cef12a843b9bcd97aacc1d82a14b94e3b512163c4b8d8676679febd1b98fe875fdfa48cf5de6bae82a49853c2de552ebe78570042bfed4efc3db30b2977ceef6e638f4e123cdac93877932493a95f1fb3fdfc749e5205358d2416622e593b487c3219030bbd20c1fbef6ae8007877b1e7fd67e343456b973b33c9d9511924bf36c599fd768d18bd1424d4d528e4fa141bbca98c1776175bcd8e91ff487239f5ac83223ac91b224828b55251ed6eb3a2712e934f7bc5e99fa33673dbf130070c03221a53b179270c673464fc9e9a6203363450ac216ffbf5e994011c02d9383fc9b44bf3261682ab7de0555086a3c1a3b91b0a8feda345dc5d04afa69164b32ce1d82e6e79178cd711770c9c081fc6f834a15afdf6e7c12216d49d5d19b29844af7df78a31b069706dfb33d2b198522009fc48090d35fc7a5ee18d93a04efa6ba78742d639ccb6292a2a62f5eae404ea6569e08711627b58cdbaed141d19c2283ecb1bd739e524286d3aae7d03c4ffa53f55efe6296bdeb0a570f8c48c4d71f2c484bce3137bcab3215855c50331e7702fb3d9d1c379b41b0b37f96187ce8f20e779e186ed680d36c459cbf0a39251df5b065e9e2a0a05b5fce8ca0b5aa027fecbb8c0a7754619eed683e0b437222d27c3a3d35dc4f2c4b2af613c1133e0ca22e1628285b844d0adef961031a99e2444de5e3a2199ea345cd7cd58bfb817f3fbabd83f34333dca162b82c726db0ee15f5d4fe93b1ca1ae4c84dcb2219f486b3395250b21f8cd75dd45c39fe3355e0f2da2ebe434807c1d3d618856596c3b0bf73a2a6cd13d37a20460a729347a4cc30530dec9d1e424f5f5d5ae86f0bb56e031c988123440ce4be5f58f930728d6680d79603ed090025c8aa25be7ca06025c5f84e3e2e5c4850a61654dd4cba2e17c306b2b84ffa2f0bab6f0e4637f3cc22155e3bef1fc0e9e42fc82ae5c8d1ae6ee431ee3fe7fe8f2ad8a6aeabbfa49deeace0164196a5b5adc019557d0da83c2521ffc33ac13ecd0dd5522a05d41cd5be153fd5d9159eaedbfd8e7844664f63df4d5df8aeeaa0bcf909e3c819558b3d383d0c80089033ccc225d122a2f461e6bba652a3f17bb0a1cdd6d4caf6ec866d21af48177939aa433ae0580f9c950bc014b9167e5d12c81e4c35f7156ef92cc7d8dc8e1eedf0a5b13179b1dc6e8dd0d2deec50244ba4a748313ff19005dbaa92d79b4dd6f3d42f960fc177cd23a8f10824f14e32476092c11f062ba82ecbcb9b11b078b60ea60810972ca75d63ea9526822565bdcecf01bb0ff6952e2d1751a9d4d13c7be01cebc6929e4e153da4e6341ac86bfd446035e79f700a76fc279a6ed0f1d0e3acb28650d1b0ac51957cfcf49841a23e14a32c62a1b71829e2c6d17f5c52694a926bf9fa7840ead78656073b4dc0117c72f64c3aef8cb00d0e5de23855eec5fc111dc12090664e7f87238eb05a2eee7269eb30d42722f45dc3579e6466a862dfad69cf123fba3e13d6395ea83f9de9864d5589d68f65d76bd0b0d3186243d03fa7b89615292b2e581988930e0b26c172c1068f48f7fff68667690f4f1298a9d4178ed883ea94f81d02728c98a8cc6f4b69a49e497ad80e42f03d9d77bb5e439ee466ed691ef46265a76120ab8eecde36f956aecae36d442dc3faad46e5f6c80c8ae2a37bdc550108c275bc1dda28df2819fe5f3b25eff83684485954373760ec20886d1aa6fec803a76eb400eea887d3d0b5b3ab187cd66bcd36dc22b99190e06c71eb7d09b70bf5759cf4e943630522998d9b05a6e74e310f7a222950acfc009b33df3169b8b696d6e00c501c87dc05e40facebf83714fa3f2bc17c5c3b442f080fa0dd954178726a6b94c485666b9ca0eb36dde792e444e7f20f1cbe7f73c39beb0364d41ddd1bd11f13b366c03c7e2a4775901e0cf347aea4c6cc4c18a6c902f5d2526ec821987ac850cbf5653c9b4fc82fa559be5fef0988e0ae47f0e4e88513e8d92ad2e7abd7fcfdb131d2dda1b0ac853a9e1609d15ed329f8881c0bcc279f08df439449b3bb93cc8c32361a13b0322bd4bbcde506e46c0793b927ffd3fd48946efd9cbd1cdf76517e468669a74db34a8c20d2a7f6ce720ac6b1675e967ad9c54ad7c0d93a55635c5f481f4f5eb06e2dfb749ee6390dc646c9ba7fdee53f85532da3f4fd8bd5f5ae3df2bca94060d11a7fa1732fb2bd704edd42ed6a88b76a5f7e9ca588a9763c1f5abeff7a59d335724195ad6a5b393cebf017efb0fe089ae5af1ed26a6b9bef2e5dddcffce5b9e826f3f0842aec79b45869a22bbc4d9ceb6705f66d8c7a6b3d5520fa3a8a0fb533c9fa746325e4f0192db7735744e9041fda6f6098d135296731204b3176313e0eea773e013eb75bab155ff50112845947c1ae65cd6f2359f2e2351e498eccd3b6e7ffde3a1bb11dcbe2df25dc0a32a189b51568b4ebe8797005af60287368789b920f470bdeae597ced0cdd89244d0d3b1c69808337"})
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")
program did not crash
testing program (duration=46.109241336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")
program crashed: general protection fault in puts_queue
testing program (duration=46.109241336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")
program did not crash
testing program (duration=46.109241336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")
program did not crash
testing program (duration=46.109241336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")
program did not crash
testing program (duration=46.109241336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")
program did not crash
testing program (duration=46.109241336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")
program did not crash
testing program (duration=46.109241336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")
program did not crash
testing program (duration=46.109241336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, 0x0)
program did not crash
testing program (duration=46.109241336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, &(0x7f0000000200))
program did not crash
extracting C reproducer
testing compiled C program (duration=46.109241336s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
simplifying C reproducer
testing compiled C program (duration=46.109241336s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
testing compiled C program (duration=46.109241336s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
testing compiled C program (duration=46.109241336s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
testing compiled C program (duration=46.109241336s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
testing compiled C program (duration=46.109241336s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
testing compiled C program (duration=46.109241336s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
testing compiled C program (duration=46.109241336s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
testing program (duration=46.109241336s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")
program crashed: general protection fault in puts_queue
validation run: crashed=true
testing program (duration=46.109241336s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")
program crashed: general protection fault in puts_queue
validation run: crashed=true
testing program (duration=46.109241336s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")
program crashed: general protection fault in puts_queue
validation run: crashed=true
reproducing took 53m20.3692149s
repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7]
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
RIP: 0010:__queue_work+0xa2/0xf90 kernel/workqueue.c:2269
Code: 11 31 ff 89 ee e8 4e f4 37 00 85 ed 0f 85 ef 0c 00 00 e8 01 f0 37 00 4d 8d b7 c0 01 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 22 0d 00 00 4c 89 34 24 41 8b 2e 89 ee
RSP: 0018:ffffc90000a07eb8 EFLAGS: 00010002
RAX: 0000000000000038 RBX: 0000000000000008 RCX: ffff88801de98000
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffff88813fe32017 R09: 1ffff11027fc6402
R10: dffffc0000000000 R11: ffffed1027fc6403 R12: dffffc0000000000
R13: ffff88813fe32010 R14: 00000000000001c0 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff888125163000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002000000011f8 CR3: 000000007976a000 CR4: 00000000003526f0
Call Trace:
queue_work_on+0x106/0x1d0 kernel/workqueue.c:2405
puts_queue+0xa3/0xe0 drivers/tty/vt/keyboard.c:334
k_fn+0x7c/0xd0 drivers/tty/vt/keyboard.c:763
k_pad+0x79a/0xa90 drivers/tty/vt/keyboard.c:-1
kbd_keycode drivers/tty/vt/keyboard.c:1497 [inline]
kbd_event+0x2ec1/0x40d0 drivers/tty/vt/keyboard.c:1515
input_handle_events_default+0xd4/0x1a0 drivers/input/input.c:2541
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x3e5/0x6b0 drivers/input/input.c:353
input_event+0x89/0xe0 drivers/input/input.c:396
hidinput_hid_event+0x1487/0x1e60 drivers/hid/hid-input.c:1747
hid_process_event+0x4be/0x620 drivers/hid/hid-core.c:1565
hid_input_array_field+0x41c/0x5f0 drivers/hid/hid-core.c:1677
hid_process_report drivers/hid/hid-core.c:1719 [inline]
hid_report_raw_event+0xdd7/0x1720 drivers/hid/hid-core.c:2074
__hid_input_report drivers/hid/hid-core.c:2144 [inline]
hid_input_report+0x44b/0x580 drivers/hid/hid-core.c:2166
hid_irq_in+0x47e/0x6d0 drivers/hid/usbhid/hid-core.c:286
__usb_hcd_giveback_urb+0x376/0x540 drivers/usb/core/hcd.c:1657
dummy_timer+0xbbd/0x45d0 drivers/usb/gadget/udc/dummy_hcd.c:1995
__run_hrtimer kernel/time/hrtimer.c:1785 [inline]
__hrtimer_run_queues+0x529/0xc30 kernel/time/hrtimer.c:1849
hrtimer_run_softirq+0x182/0x5a0 kernel/time/hrtimer.c:1866
handle_softirqs+0x22a/0x7c0 kernel/softirq.c:626
__do_softirq kernel/softirq.c:660 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727
irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:63
Code: 81 81 02 e9 c3 e6 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 be 1f 00 fb f4 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90
RSP: 0018:ffffc90000197e20 EFLAGS: 00000246
RAX: 000000000005e3cf RBX: ffffffff819a49dd RCX: 0000000080000001
RDX: 0000000000000001 RSI: ffffffff8dff8547 RDI: ffffffff8c294900
RBP: ffffc90000197f10 R08: ffff8880b853375b R09: 1ffff110170a66eb
R10: dffffc0000000000 R11: ffffed10170a66ec R12: ffffffff903219b0
R13: 1ffff11003bd3000 R14: 0000000000000001 R15: 0000000000000001
arch_safe_halt arch/x86/kernel/process.c:766 [inline]
default_idle+0x9/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x72/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:191 [inline]
do_idle+0x1bd/0x500 kernel/sched/idle.c:332
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:430
start_secondary+0x101/0x110 arch/x86/kernel/smpboot.c:312
common_startup_64+0x13e/0x147
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__queue_work+0xa2/0xf90 kernel/workqueue.c:2269
Code: 11 31 ff 89 ee e8 4e f4 37 00 85 ed 0f 85 ef 0c 00 00 e8 01 f0 37 00 4d 8d b7 c0 01 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 22 0d 00 00 4c 89 34 24 41 8b 2e 89 ee
RSP: 0018:ffffc90000a07eb8 EFLAGS: 00010002
RAX: 0000000000000038 RBX: 0000000000000008 RCX: ffff88801de98000
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffff88813fe32017 R09: 1ffff11027fc6402
R10: dffffc0000000000 R11: ffffed1027fc6403 R12: dffffc0000000000
R13: ffff88813fe32010 R14: 00000000000001c0 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff888125163000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002000000011f8 CR3: 000000007976a000 CR4: 00000000003526f0
----------------
Code disassembly (best guess), 1 bytes skipped:
0: 31 ff xor %edi,%edi
2: 89 ee mov %ebp,%esi
4: e8 4e f4 37 00 call 0x37f457
9: 85 ed test %ebp,%ebp
b: 0f 85 ef 0c 00 00 jne 0xd00
11: e8 01 f0 37 00 call 0x37f017
16: 4d 8d b7 c0 01 00 00 lea 0x1c0(%r15),%r14
1d: 4c 89 f0 mov %r14,%rax
20: 48 c1 e8 03 shr $0x3,%rax
24: 48 89 44 24 28 mov %rax,0x28(%rsp)
* 29: 42 0f b6 04 20 movzbl (%rax,%r12,1),%eax <-- trapping instruction
2e: 84 c0 test %al,%al
30: 0f 85 22 0d 00 00 jne 0xd58
36: 4c 89 34 24 mov %r14,(%rsp)
3a: 41 8b 2e mov (%r14),%ebp
3d: 89 ee mov %ebp,%esi
final repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7]
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
RIP: 0010:__queue_work+0xa2/0xf90 kernel/workqueue.c:2269
Code: 11 31 ff 89 ee e8 4e f4 37 00 85 ed 0f 85 ef 0c 00 00 e8 01 f0 37 00 4d 8d b7 c0 01 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 22 0d 00 00 4c 89 34 24 41 8b 2e 89 ee
RSP: 0018:ffffc90000a07eb8 EFLAGS: 00010002
RAX: 0000000000000038 RBX: 0000000000000008 RCX: ffff88801de98000
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffff88813fe32017 R09: 1ffff11027fc6402
R10: dffffc0000000000 R11: ffffed1027fc6403 R12: dffffc0000000000
R13: ffff88813fe32010 R14: 00000000000001c0 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff888125163000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002000000011f8 CR3: 000000007976a000 CR4: 00000000003526f0
Call Trace:
queue_work_on+0x106/0x1d0 kernel/workqueue.c:2405
puts_queue+0xa3/0xe0 drivers/tty/vt/keyboard.c:334
k_fn+0x7c/0xd0 drivers/tty/vt/keyboard.c:763
k_pad+0x79a/0xa90 drivers/tty/vt/keyboard.c:-1
kbd_keycode drivers/tty/vt/keyboard.c:1497 [inline]
kbd_event+0x2ec1/0x40d0 drivers/tty/vt/keyboard.c:1515
input_handle_events_default+0xd4/0x1a0 drivers/input/input.c:2541
input_pass_values+0x288/0x890 drivers/input/input.c:128
input_event_dispose+0x3e5/0x6b0 drivers/input/input.c:353
input_event+0x89/0xe0 drivers/input/input.c:396
hidinput_hid_event+0x1487/0x1e60 drivers/hid/hid-input.c:1747
hid_process_event+0x4be/0x620 drivers/hid/hid-core.c:1565
hid_input_array_field+0x41c/0x5f0 drivers/hid/hid-core.c:1677
hid_process_report drivers/hid/hid-core.c:1719 [inline]
hid_report_raw_event+0xdd7/0x1720 drivers/hid/hid-core.c:2074
__hid_input_report drivers/hid/hid-core.c:2144 [inline]
hid_input_report+0x44b/0x580 drivers/hid/hid-core.c:2166
hid_irq_in+0x47e/0x6d0 drivers/hid/usbhid/hid-core.c:286
__usb_hcd_giveback_urb+0x376/0x540 drivers/usb/core/hcd.c:1657
dummy_timer+0xbbd/0x45d0 drivers/usb/gadget/udc/dummy_hcd.c:1995
__run_hrtimer kernel/time/hrtimer.c:1785 [inline]
__hrtimer_run_queues+0x529/0xc30 kernel/time/hrtimer.c:1849
hrtimer_run_softirq+0x182/0x5a0 kernel/time/hrtimer.c:1866
handle_softirqs+0x22a/0x7c0 kernel/softirq.c:626
__do_softirq kernel/softirq.c:660 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727
irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:63
Code: 81 81 02 e9 c3 e6 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 be 1f 00 fb f4 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90
RSP: 0018:ffffc90000197e20 EFLAGS: 00000246
RAX: 000000000005e3cf RBX: ffffffff819a49dd RCX: 0000000080000001
RDX: 0000000000000001 RSI: ffffffff8dff8547 RDI: ffffffff8c294900
RBP: ffffc90000197f10 R08: ffff8880b853375b R09: 1ffff110170a66eb
R10: dffffc0000000000 R11: ffffed10170a66ec R12: ffffffff903219b0
R13: 1ffff11003bd3000 R14: 0000000000000001 R15: 0000000000000001
arch_safe_halt arch/x86/kernel/process.c:766 [inline]
default_idle+0x9/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x72/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:191 [inline]
do_idle+0x1bd/0x500 kernel/sched/idle.c:332
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:430
start_secondary+0x101/0x110 arch/x86/kernel/smpboot.c:312
common_startup_64+0x13e/0x147
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__queue_work+0xa2/0xf90 kernel/workqueue.c:2269
Code: 11 31 ff 89 ee e8 4e f4 37 00 85 ed 0f 85 ef 0c 00 00 e8 01 f0 37 00 4d 8d b7 c0 01 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 22 0d 00 00 4c 89 34 24 41 8b 2e 89 ee
RSP: 0018:ffffc90000a07eb8 EFLAGS: 00010002
RAX: 0000000000000038 RBX: 0000000000000008 RCX: ffff88801de98000
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffff88813fe32017 R09: 1ffff11027fc6402
R10: dffffc0000000000 R11: ffffed1027fc6403 R12: dffffc0000000000
R13: ffff88813fe32010 R14: 00000000000001c0 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff888125163000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002000000011f8 CR3: 000000007976a000 CR4: 00000000003526f0
----------------
Code disassembly (best guess), 1 bytes skipped:
0: 31 ff xor %edi,%edi
2: 89 ee mov %ebp,%esi
4: e8 4e f4 37 00 call 0x37f457
9: 85 ed test %ebp,%ebp
b: 0f 85 ef 0c 00 00 jne 0xd00
11: e8 01 f0 37 00 call 0x37f017
16: 4d 8d b7 c0 01 00 00 lea 0x1c0(%r15),%r14
1d: 4c 89 f0 mov %r14,%rax
20: 48 c1 e8 03 shr $0x3,%rax
24: 48 89 44 24 28 mov %rax,0x28(%rsp)
* 29: 42 0f b6 04 20 movzbl (%rax,%r12,1),%eax <-- trapping instruction
2e: 84 c0 test %al,%al
30: 0f 85 22 0d 00 00 jne 0xd58
36: 4c 89 34 24 mov %r14,(%rsp)
3a: 41 8b 2e mov (%r14),%ebp
3d: 89 ee mov %ebp,%esi