Extracting prog: 2m47.381260002s Minimizing prog: 3h18m1.467285222s Simplifying prog options: 0s Extracting C: 1m0.017620779s Simplifying C: 45m41.009398343s extracting reproducer from 1 programs testing a last program of every proc single: executing 1 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash single: failed to extract reproducer single: executing 1 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program crashed: possible deadlock in input_inject_event single: successfully extracted reproducer found reproducer with 16 syscalls minimizing guilty program testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(0xffffffffffffffff, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r3, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) fcntl$setown(r0, 0x8, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r3, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) getpid() ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r2) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r3, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r2) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r3, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = getpid() fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000100)={0x2, r1}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r2) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r3, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = getpid() fcntl$setownex(r0, 0xf, &(0x7f0000000100)={0x2, r1}) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(0xffffffffffffffff, 0x8, r2) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r3, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(0x0, 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r1 = getpid() fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000100)={0x2, r1}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r2) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r3, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) getpid() fcntl$setownex(r1, 0xf, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r2) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r3, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, 0x0) fcntl$setown(r0, 0x8, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r3, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(0x0, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(0x0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, 0x0, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0), 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, 0x0) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(0x0, 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBLED(r4, 0x4b65, 0x5) syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x446}}]}) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040), 0x0) program did not crash extracting C reproducer testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: possible deadlock in input_inject_event simplifying C reproducer testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: possible deadlock in input_inject_event testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: possible deadlock in input_inject_event testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: possible deadlock in input_inject_event testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: possible deadlock in input_inject_event testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: possible deadlock in input_inject_event testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: possible deadlock in input_inject_event testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: possible deadlock in input_inject_event testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: possible deadlock in input_inject_event testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: possible deadlock in input_inject_event testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$KDSKBLED-syz_usb_connect$hid-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program crashed: possible deadlock in input_inject_event reproducing took 4h7m29.87559495s repro crashed as (corrupted=false): ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 Not tainted ----------------------------------------------------- syz-executor408/5394 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffff8880345bc558 (&new->fa_lock){....}-{3:3}, at: kill_fasync_rcu fs/fcntl.c:1124 [inline] ffff8880345bc558 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 and this task is already holding: ffff88804359a028 (&client->buffer_lock){....}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] ffff88804359a028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 which would create a new lock dependency: (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} but this new dependency connects a SOFTIRQ-irq-safe lock: (&dev->event_lock#2){..-.}-{3:3} ... which became SOFTIRQ-irq-safe at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] input_inject_event+0xab/0x320 drivers/input/input.c:418 led_trigger_event+0x138/0x210 drivers/leds/led-triggers.c:407 kbd_propagate_led_state drivers/tty/vt/keyboard.c:1080 [inline] kbd_bh+0x1c6/0x2e0 drivers/tty/vt/keyboard.c:1269 tasklet_action_common+0x36c/0x580 kernel/softirq.c:829 handle_softirqs+0x286/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 __preempt_count_add arch/x86/include/asm/preempt.h:80 [inline] rcu_is_watching+0x10/0xb0 kernel/rcu/tree.c:735 trace_lock_release include/trace/events/lock.h:69 [inline] lock_release+0x4b/0x3e0 kernel/locking/lockdep.c:5877 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:871 [inline] class_rcu_destructor include/linux/rcupdate.h:1155 [inline] unwind_next_frame+0x19a9/0x2390 arch/x86/kernel/unwind_orc.c:680 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4147 [inline] slab_alloc_node mm/slub.c:4196 [inline] kmem_cache_alloc_noprof+0x1c1/0x3c0 mm/slub.c:4203 lsm_inode_alloc security/security.c:755 [inline] security_inode_alloc+0x39/0x330 security/security.c:1697 inode_init_always_gfp+0x9ed/0xdc0 fs/inode.c:306 inode_init_always include/linux/fs.h:3226 [inline] alloc_inode+0x82/0x1b0 fs/inode.c:353 new_inode+0x22/0x170 fs/inode.c:1145 debugfs_get_inode fs/debugfs/inode.c:72 [inline] __debugfs_create_file+0x14d/0x4f0 fs/debugfs/inode.c:447 debugfs_create_file_unsafe+0x3a/0x50 fs/debugfs/inode.c:523 add_sta_files net/mac80211/debugfs_netdev.c:849 [inline] add_files net/mac80211/debugfs_netdev.c:958 [inline] ieee80211_debugfs_add_netdev net/mac80211/debugfs_netdev.c:1011 [inline] ieee80211_debugfs_recreate_netdev+0xca1/0x1460 net/mac80211/debugfs_netdev.c:1035 ieee80211_if_add+0xc17/0x1390 net/mac80211/iface.c:2202 ieee80211_register_hw+0x350d/0x4120 net/mac80211/main.c:1606 mac80211_hwsim_new_radio+0x2f0e/0x5340 drivers/net/wireless/virtual/mac80211_hwsim.c:5559 hwsim_new_radio_nl+0xea4/0x1b10 drivers/net/wireless/virtual/mac80211_hwsim.c:6243 genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x21c/0x490 net/netlink/af_netlink.c:2534 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x758/0x8d0 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x219/0x270 net/socket.c:727 __sys_sendto+0x3bd/0x520 net/socket.c:2180 __do_sys_sendto net/socket.c:2187 [inline] __se_sys_sendto net/socket.c:2183 [inline] __x64_sys_sendto+0xde/0x100 net/socket.c:2183 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f to a SOFTIRQ-irq-unsafe lock: (tasklist_lock){.+.+}-{3:3} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 other info that might help us debug this: Chain exists of: &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(tasklist_lock); local_irq_disable(); lock(&dev->event_lock#2); lock(&client->buffer_lock); lock(&dev->event_lock#2); *** DEADLOCK *** 7 locks held by syz-executor408/5394: #0: ffff8880363a6118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 drivers/input/evdev.c:511 #1: ffff88801f34a230 (&dev->event_lock#2){..-.}-{3:3}, at: class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] #1: ffff88801f34a230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xab/0x320 drivers/input/input.c:418 #2: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #2: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #2: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1155 [inline] #2: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbc/0x320 drivers/input/input.c:419 #3: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #3: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #3: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1155 [inline] #3: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 drivers/input/input.c:118 #4: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #4: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #4: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 drivers/input/evdev.c:298 #5: ffff88804359a028 (&client->buffer_lock){....}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] #5: ffff88804359a028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 #6: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #6: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #6: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 fs/fcntl.c:1147 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&dev->event_lock#2){..-.}-{3:3} { IN-SOFTIRQ-W at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] input_inject_event+0xab/0x320 drivers/input/input.c:418 led_trigger_event+0x138/0x210 drivers/leds/led-triggers.c:407 kbd_propagate_led_state drivers/tty/vt/keyboard.c:1080 [inline] kbd_bh+0x1c6/0x2e0 drivers/tty/vt/keyboard.c:1269 tasklet_action_common+0x36c/0x580 kernel/softirq.c:829 handle_softirqs+0x286/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 __preempt_count_add arch/x86/include/asm/preempt.h:80 [inline] rcu_is_watching+0x10/0xb0 kernel/rcu/tree.c:735 trace_lock_release include/trace/events/lock.h:69 [inline] lock_release+0x4b/0x3e0 kernel/locking/lockdep.c:5877 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:871 [inline] class_rcu_destructor include/linux/rcupdate.h:1155 [inline] unwind_next_frame+0x19a9/0x2390 arch/x86/kernel/unwind_orc.c:680 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4147 [inline] slab_alloc_node mm/slub.c:4196 [inline] kmem_cache_alloc_noprof+0x1c1/0x3c0 mm/slub.c:4203 lsm_inode_alloc security/security.c:755 [inline] security_inode_alloc+0x39/0x330 security/security.c:1697 inode_init_always_gfp+0x9ed/0xdc0 fs/inode.c:306 inode_init_always include/linux/fs.h:3226 [inline] alloc_inode+0x82/0x1b0 fs/inode.c:353 new_inode+0x22/0x170 fs/inode.c:1145 debugfs_get_inode fs/debugfs/inode.c:72 [inline] __debugfs_create_file+0x14d/0x4f0 fs/debugfs/inode.c:447 debugfs_create_file_unsafe+0x3a/0x50 fs/debugfs/inode.c:523 add_sta_files net/mac80211/debugfs_netdev.c:849 [inline] add_files net/mac80211/debugfs_netdev.c:958 [inline] ieee80211_debugfs_add_netdev net/mac80211/debugfs_netdev.c:1011 [inline] ieee80211_debugfs_recreate_netdev+0xca1/0x1460 net/mac80211/debugfs_netdev.c:1035 ieee80211_if_add+0xc17/0x1390 net/mac80211/iface.c:2202 ieee80211_register_hw+0x350d/0x4120 net/mac80211/main.c:1606 mac80211_hwsim_new_radio+0x2f0e/0x5340 drivers/net/wireless/virtual/mac80211_hwsim.c:5559 hwsim_new_radio_nl+0xea4/0x1b10 drivers/net/wireless/virtual/mac80211_hwsim.c:6243 genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x21c/0x490 net/netlink/af_netlink.c:2534 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x758/0x8d0 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x219/0x270 net/socket.c:727 __sys_sendto+0x3bd/0x520 net/socket.c:2180 __do_sys_sendto net/socket.c:2187 [inline] __se_sys_sendto net/socket.c:2183 [inline] __x64_sys_sendto+0xde/0x100 net/socket.c:2183 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] input_inject_event+0xab/0x320 drivers/input/input.c:418 kbd_led_trigger_activate+0xbc/0x100 drivers/tty/vt/keyboard.c:1036 led_trigger_set+0x52d/0x950 drivers/leds/led-triggers.c:212 led_match_default_trigger drivers/leds/led-triggers.c:269 [inline] led_trigger_set_default+0x215/0x250 drivers/leds/led-triggers.c:287 led_classdev_register_ext+0x73d/0x930 drivers/leds/led-class.c:566 led_classdev_register include/linux/leds.h:274 [inline] input_leds_connect+0x517/0x790 drivers/input/input-leds.c:145 input_attach_handler drivers/input/input.c:993 [inline] input_register_device+0xcee/0x10b0 drivers/input/input.c:2412 atkbd_connect+0x70e/0x9c0 drivers/input/keyboard/atkbd.c:1340 serio_connect_driver drivers/input/serio/serio.c:43 [inline] serio_driver_probe+0x7f/0xa0 drivers/input/serio/serio.c:747 call_driver_probe drivers/base/dd.c:-1 [inline] really_probe+0x26d/0x9a0 drivers/base/dd.c:657 __driver_probe_device+0x18c/0x2f0 drivers/base/dd.c:799 driver_probe_device+0x4f/0x430 drivers/base/dd.c:829 __driver_attach+0x452/0x700 drivers/base/dd.c:1215 bus_for_each_dev+0x233/0x2b0 drivers/base/bus.c:370 serio_attach_driver drivers/input/serio/serio.c:776 [inline] serio_handle_event+0x1a2/0x860 drivers/input/serio/serio.c:213 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 } ... key at: [] input_allocate_device.__key.5+0x0/0x20 -> (&client->buffer_lock){....}-{3:3} { INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x288/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] evdev_open.__key.25+0x0/0x20 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x288/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (tasklist_lock){.+.+}-{3:3} { HARDIRQ-ON-R at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 SOFTIRQ-ON-R at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0xa2/0xf0 kernel/locking/spinlock.c:326 copy_process+0x21d5/0x3b80 kernel/fork.c:2561 kernel_clone+0x21e/0x870 kernel/fork.c:2845 user_mode_thread+0xdd/0x140 kernel/fork.c:2923 rest_init+0x23/0x300 init/main.c:708 start_kernel+0x470/0x4f0 init/main.c:1099 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:513 x86_64_start_kernel+0x66/0x70 arch/x86/kernel/head64.c:494 common_startup_64+0x13e/0x147 INITIAL READ USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 } ... key at: [] tasklist_lock+0x18/0x40 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 send_sigio+0x101/0x370 fs/fcntl.c:921 kill_fasync_rcu fs/fcntl.c:1133 [inline] kill_fasync+0x24d/0x4d0 fs/fcntl.c:1148 lease_break_callback+0x26/0x30 fs/locks.c:558 __break_lease+0x6a5/0x1620 fs/locks.c:1592 vfs_truncate+0x428/0x520 fs/open.c:109 do_sys_truncate+0xdb/0x190 fs/open.c:138 __do_sys_truncate fs/open.c:150 [inline] __se_sys_truncate fs/open.c:148 [inline] __x64_sys_truncate+0x5b/0x70 fs/open.c:148 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> (&f_owner->lock){....}-{3:3} { INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0xa2/0xf0 kernel/locking/spinlock.c:326 __f_setown+0x67/0x370 fs/fcntl.c:136 generic_add_lease fs/locks.c:1874 [inline] generic_setlease+0xd5d/0x1240 fs/locks.c:1942 do_fcntl_add_lease fs/locks.c:2047 [inline] fcntl_setlease+0x3a2/0x4c0 fs/locks.c:2069 do_fcntl+0x6a0/0x1910 fs/fcntl.c:536 __do_sys_fcntl fs/fcntl.c:591 [inline] __se_sys_fcntl+0xc8/0x150 fs/fcntl.c:576 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL READ USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irq include/linux/rwlock_api_smp.h:169 [inline] _raw_read_lock_irq+0xaa/0xf0 kernel/locking/spinlock.c:244 f_getown+0x54/0x2a0 fs/fcntl.c:204 sock_ioctl+0x536/0x790 net/socket.c:1256 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] file_f_owner_allocate.__key+0x0/0x20 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 send_sigio+0x38/0x370 fs/fcntl.c:907 kill_fasync_rcu fs/fcntl.c:1133 [inline] kill_fasync+0x24d/0x4d0 fs/fcntl.c:1148 lease_break_callback+0x26/0x30 fs/locks.c:558 __break_lease+0x6a5/0x1620 fs/locks.c:1592 vfs_truncate+0x428/0x520 fs/open.c:109 do_sys_truncate+0xdb/0x190 fs/open.c:138 __do_sys_truncate fs/open.c:150 [inline] __se_sys_truncate fs/open.c:148 [inline] __x64_sys_truncate+0x5b/0x70 fs/open.c:148 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> (&new->fa_lock){....}-{3:3} { INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0xa2/0xf0 kernel/locking/spinlock.c:326 fasync_remove_entry+0xf1/0x1c0 fs/fcntl.c:1001 lease_modify+0x1ca/0x3c0 fs/locks.c:1455 locks_remove_lease fs/locks.c:2675 [inline] locks_remove_file+0x4bf/0xea0 fs/locks.c:2700 __fput+0x3ab/0xa70 fs/file_table.c:457 task_work_run+0x1d1/0x260 kernel/task_work.c:227 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x8d6/0x2550 kernel/exit.c:953 do_group_exit+0x21c/0x2d0 kernel/exit.c:1102 get_signal+0x125e/0x1310 kernel/signal.c:3034 arch_do_signal_or_restart+0x95/0x780 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x8b/0x120 kernel/entry/common.c:218 do_syscall_64+0x103/0x210 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL READ USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1124 [inline] kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 lease_break_callback+0x26/0x30 fs/locks.c:558 __break_lease+0x6a5/0x1620 fs/locks.c:1592 vfs_truncate+0x428/0x520 fs/open.c:109 do_sys_truncate+0xdb/0x190 fs/open.c:138 __do_sys_truncate fs/open.c:150 [inline] __se_sys_truncate fs/open.c:148 [inline] __x64_sys_truncate+0x5b/0x70 fs/open.c:148 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] fasync_insert_entry.__key+0x0/0x20 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1124 [inline] kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 __pass_event drivers/input/evdev.c:240 [inline] evdev_pass_values+0x627/0xbd0 drivers/input/evdev.c:278 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x288/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f stack backtrace: CPU: 0 UID: 0 PID: 5394 Comm: syz-executor408 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_bad_irq_dependency kernel/locking/lockdep.c:2652 [inline] check_irq_usage kernel/locking/lockdep.c:2893 [inline] check_prev_add kernel/locking/lockdep.c:3170 [inline] check_prevs_add kernel/locking/lockdep.c:3285 [inline] validate_chain+0x1f05/0x2140 kernel/locking/lockdep.c:3909 __lock_acquire+0xaac/0xd20 kernel/locking/lockdep.c:5235 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1124 [inline] kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 __pass_event drivers/input/evdev.c:240 [inline] evdev_pass_values+0x627/0xbd0 drivers/input/evdev.c:278 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x288/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f666844d4f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f66683f9218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f66684cd428 RCX: 00007f666844d4f9 RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000008 RBP: 00007f66684cd420 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f666849a548 R13: 0000200000000040 R14: 00002000000001c0 R15: 00002000000000c0 final repro crashed as (corrupted=false): ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 Not tainted ----------------------------------------------------- syz-executor408/5394 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffff8880345bc558 (&new->fa_lock){....}-{3:3}, at: kill_fasync_rcu fs/fcntl.c:1124 [inline] ffff8880345bc558 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 and this task is already holding: ffff88804359a028 (&client->buffer_lock){....}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] ffff88804359a028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 which would create a new lock dependency: (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} but this new dependency connects a SOFTIRQ-irq-safe lock: (&dev->event_lock#2){..-.}-{3:3} ... which became SOFTIRQ-irq-safe at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] input_inject_event+0xab/0x320 drivers/input/input.c:418 led_trigger_event+0x138/0x210 drivers/leds/led-triggers.c:407 kbd_propagate_led_state drivers/tty/vt/keyboard.c:1080 [inline] kbd_bh+0x1c6/0x2e0 drivers/tty/vt/keyboard.c:1269 tasklet_action_common+0x36c/0x580 kernel/softirq.c:829 handle_softirqs+0x286/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 __preempt_count_add arch/x86/include/asm/preempt.h:80 [inline] rcu_is_watching+0x10/0xb0 kernel/rcu/tree.c:735 trace_lock_release include/trace/events/lock.h:69 [inline] lock_release+0x4b/0x3e0 kernel/locking/lockdep.c:5877 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:871 [inline] class_rcu_destructor include/linux/rcupdate.h:1155 [inline] unwind_next_frame+0x19a9/0x2390 arch/x86/kernel/unwind_orc.c:680 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4147 [inline] slab_alloc_node mm/slub.c:4196 [inline] kmem_cache_alloc_noprof+0x1c1/0x3c0 mm/slub.c:4203 lsm_inode_alloc security/security.c:755 [inline] security_inode_alloc+0x39/0x330 security/security.c:1697 inode_init_always_gfp+0x9ed/0xdc0 fs/inode.c:306 inode_init_always include/linux/fs.h:3226 [inline] alloc_inode+0x82/0x1b0 fs/inode.c:353 new_inode+0x22/0x170 fs/inode.c:1145 debugfs_get_inode fs/debugfs/inode.c:72 [inline] __debugfs_create_file+0x14d/0x4f0 fs/debugfs/inode.c:447 debugfs_create_file_unsafe+0x3a/0x50 fs/debugfs/inode.c:523 add_sta_files net/mac80211/debugfs_netdev.c:849 [inline] add_files net/mac80211/debugfs_netdev.c:958 [inline] ieee80211_debugfs_add_netdev net/mac80211/debugfs_netdev.c:1011 [inline] ieee80211_debugfs_recreate_netdev+0xca1/0x1460 net/mac80211/debugfs_netdev.c:1035 ieee80211_if_add+0xc17/0x1390 net/mac80211/iface.c:2202 ieee80211_register_hw+0x350d/0x4120 net/mac80211/main.c:1606 mac80211_hwsim_new_radio+0x2f0e/0x5340 drivers/net/wireless/virtual/mac80211_hwsim.c:5559 hwsim_new_radio_nl+0xea4/0x1b10 drivers/net/wireless/virtual/mac80211_hwsim.c:6243 genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x21c/0x490 net/netlink/af_netlink.c:2534 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x758/0x8d0 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x219/0x270 net/socket.c:727 __sys_sendto+0x3bd/0x520 net/socket.c:2180 __do_sys_sendto net/socket.c:2187 [inline] __se_sys_sendto net/socket.c:2183 [inline] __x64_sys_sendto+0xde/0x100 net/socket.c:2183 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f to a SOFTIRQ-irq-unsafe lock: (tasklist_lock){.+.+}-{3:3} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 other info that might help us debug this: Chain exists of: &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(tasklist_lock); local_irq_disable(); lock(&dev->event_lock#2); lock(&client->buffer_lock); lock(&dev->event_lock#2); *** DEADLOCK *** 7 locks held by syz-executor408/5394: #0: ffff8880363a6118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 drivers/input/evdev.c:511 #1: ffff88801f34a230 (&dev->event_lock#2){..-.}-{3:3}, at: class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] #1: ffff88801f34a230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xab/0x320 drivers/input/input.c:418 #2: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #2: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #2: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1155 [inline] #2: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbc/0x320 drivers/input/input.c:419 #3: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #3: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #3: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1155 [inline] #3: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 drivers/input/input.c:118 #4: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #4: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #4: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 drivers/input/evdev.c:298 #5: ffff88804359a028 (&client->buffer_lock){....}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] #5: ffff88804359a028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 #6: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #6: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #6: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 fs/fcntl.c:1147 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&dev->event_lock#2){..-.}-{3:3} { IN-SOFTIRQ-W at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] input_inject_event+0xab/0x320 drivers/input/input.c:418 led_trigger_event+0x138/0x210 drivers/leds/led-triggers.c:407 kbd_propagate_led_state drivers/tty/vt/keyboard.c:1080 [inline] kbd_bh+0x1c6/0x2e0 drivers/tty/vt/keyboard.c:1269 tasklet_action_common+0x36c/0x580 kernel/softirq.c:829 handle_softirqs+0x286/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 __preempt_count_add arch/x86/include/asm/preempt.h:80 [inline] rcu_is_watching+0x10/0xb0 kernel/rcu/tree.c:735 trace_lock_release include/trace/events/lock.h:69 [inline] lock_release+0x4b/0x3e0 kernel/locking/lockdep.c:5877 rcu_lock_release include/linux/rcupdate.h:341 [inline] rcu_read_unlock include/linux/rcupdate.h:871 [inline] class_rcu_destructor include/linux/rcupdate.h:1155 [inline] unwind_next_frame+0x19a9/0x2390 arch/x86/kernel/unwind_orc.c:680 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4147 [inline] slab_alloc_node mm/slub.c:4196 [inline] kmem_cache_alloc_noprof+0x1c1/0x3c0 mm/slub.c:4203 lsm_inode_alloc security/security.c:755 [inline] security_inode_alloc+0x39/0x330 security/security.c:1697 inode_init_always_gfp+0x9ed/0xdc0 fs/inode.c:306 inode_init_always include/linux/fs.h:3226 [inline] alloc_inode+0x82/0x1b0 fs/inode.c:353 new_inode+0x22/0x170 fs/inode.c:1145 debugfs_get_inode fs/debugfs/inode.c:72 [inline] __debugfs_create_file+0x14d/0x4f0 fs/debugfs/inode.c:447 debugfs_create_file_unsafe+0x3a/0x50 fs/debugfs/inode.c:523 add_sta_files net/mac80211/debugfs_netdev.c:849 [inline] add_files net/mac80211/debugfs_netdev.c:958 [inline] ieee80211_debugfs_add_netdev net/mac80211/debugfs_netdev.c:1011 [inline] ieee80211_debugfs_recreate_netdev+0xca1/0x1460 net/mac80211/debugfs_netdev.c:1035 ieee80211_if_add+0xc17/0x1390 net/mac80211/iface.c:2202 ieee80211_register_hw+0x350d/0x4120 net/mac80211/main.c:1606 mac80211_hwsim_new_radio+0x2f0e/0x5340 drivers/net/wireless/virtual/mac80211_hwsim.c:5559 hwsim_new_radio_nl+0xea4/0x1b10 drivers/net/wireless/virtual/mac80211_hwsim.c:6243 genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x21c/0x490 net/netlink/af_netlink.c:2534 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x758/0x8d0 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x219/0x270 net/socket.c:727 __sys_sendto+0x3bd/0x520 net/socket.c:2180 __do_sys_sendto net/socket.c:2187 [inline] __se_sys_sendto net/socket.c:2183 [inline] __x64_sys_sendto+0xde/0x100 net/socket.c:2183 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] input_inject_event+0xab/0x320 drivers/input/input.c:418 kbd_led_trigger_activate+0xbc/0x100 drivers/tty/vt/keyboard.c:1036 led_trigger_set+0x52d/0x950 drivers/leds/led-triggers.c:212 led_match_default_trigger drivers/leds/led-triggers.c:269 [inline] led_trigger_set_default+0x215/0x250 drivers/leds/led-triggers.c:287 led_classdev_register_ext+0x73d/0x930 drivers/leds/led-class.c:566 led_classdev_register include/linux/leds.h:274 [inline] input_leds_connect+0x517/0x790 drivers/input/input-leds.c:145 input_attach_handler drivers/input/input.c:993 [inline] input_register_device+0xcee/0x10b0 drivers/input/input.c:2412 atkbd_connect+0x70e/0x9c0 drivers/input/keyboard/atkbd.c:1340 serio_connect_driver drivers/input/serio/serio.c:43 [inline] serio_driver_probe+0x7f/0xa0 drivers/input/serio/serio.c:747 call_driver_probe drivers/base/dd.c:-1 [inline] really_probe+0x26d/0x9a0 drivers/base/dd.c:657 __driver_probe_device+0x18c/0x2f0 drivers/base/dd.c:799 driver_probe_device+0x4f/0x430 drivers/base/dd.c:829 __driver_attach+0x452/0x700 drivers/base/dd.c:1215 bus_for_each_dev+0x233/0x2b0 drivers/base/bus.c:370 serio_attach_driver drivers/input/serio/serio.c:776 [inline] serio_handle_event+0x1a2/0x860 drivers/input/serio/serio.c:213 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 } ... key at: [] input_allocate_device.__key.5+0x0/0x20 -> (&client->buffer_lock){....}-{3:3} { INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x288/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] evdev_open.__key.25+0x0/0x20 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x288/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (tasklist_lock){.+.+}-{3:3} { HARDIRQ-ON-R at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 SOFTIRQ-ON-R at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0xa2/0xf0 kernel/locking/spinlock.c:326 copy_process+0x21d5/0x3b80 kernel/fork.c:2561 kernel_clone+0x21e/0x870 kernel/fork.c:2845 user_mode_thread+0xdd/0x140 kernel/fork.c:2923 rest_init+0x23/0x300 init/main.c:708 start_kernel+0x470/0x4f0 init/main.c:1099 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:513 x86_64_start_kernel+0x66/0x70 arch/x86/kernel/head64.c:494 common_startup_64+0x13e/0x147 INITIAL READ USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 } ... key at: [] tasklist_lock+0x18/0x40 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 send_sigio+0x101/0x370 fs/fcntl.c:921 kill_fasync_rcu fs/fcntl.c:1133 [inline] kill_fasync+0x24d/0x4d0 fs/fcntl.c:1148 lease_break_callback+0x26/0x30 fs/locks.c:558 __break_lease+0x6a5/0x1620 fs/locks.c:1592 vfs_truncate+0x428/0x520 fs/open.c:109 do_sys_truncate+0xdb/0x190 fs/open.c:138 __do_sys_truncate fs/open.c:150 [inline] __se_sys_truncate fs/open.c:148 [inline] __x64_sys_truncate+0x5b/0x70 fs/open.c:148 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> (&f_owner->lock){....}-{3:3} { INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0xa2/0xf0 kernel/locking/spinlock.c:326 __f_setown+0x67/0x370 fs/fcntl.c:136 generic_add_lease fs/locks.c:1874 [inline] generic_setlease+0xd5d/0x1240 fs/locks.c:1942 do_fcntl_add_lease fs/locks.c:2047 [inline] fcntl_setlease+0x3a2/0x4c0 fs/locks.c:2069 do_fcntl+0x6a0/0x1910 fs/fcntl.c:536 __do_sys_fcntl fs/fcntl.c:591 [inline] __se_sys_fcntl+0xc8/0x150 fs/fcntl.c:576 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL READ USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irq include/linux/rwlock_api_smp.h:169 [inline] _raw_read_lock_irq+0xaa/0xf0 kernel/locking/spinlock.c:244 f_getown+0x54/0x2a0 fs/fcntl.c:204 sock_ioctl+0x536/0x790 net/socket.c:1256 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] file_f_owner_allocate.__key+0x0/0x20 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 send_sigio+0x38/0x370 fs/fcntl.c:907 kill_fasync_rcu fs/fcntl.c:1133 [inline] kill_fasync+0x24d/0x4d0 fs/fcntl.c:1148 lease_break_callback+0x26/0x30 fs/locks.c:558 __break_lease+0x6a5/0x1620 fs/locks.c:1592 vfs_truncate+0x428/0x520 fs/open.c:109 do_sys_truncate+0xdb/0x190 fs/open.c:138 __do_sys_truncate fs/open.c:150 [inline] __se_sys_truncate fs/open.c:148 [inline] __x64_sys_truncate+0x5b/0x70 fs/open.c:148 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> (&new->fa_lock){....}-{3:3} { INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0xa2/0xf0 kernel/locking/spinlock.c:326 fasync_remove_entry+0xf1/0x1c0 fs/fcntl.c:1001 lease_modify+0x1ca/0x3c0 fs/locks.c:1455 locks_remove_lease fs/locks.c:2675 [inline] locks_remove_file+0x4bf/0xea0 fs/locks.c:2700 __fput+0x3ab/0xa70 fs/file_table.c:457 task_work_run+0x1d1/0x260 kernel/task_work.c:227 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x8d6/0x2550 kernel/exit.c:953 do_group_exit+0x21c/0x2d0 kernel/exit.c:1102 get_signal+0x125e/0x1310 kernel/signal.c:3034 arch_do_signal_or_restart+0x95/0x780 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x8b/0x120 kernel/entry/common.c:218 do_syscall_64+0x103/0x210 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL READ USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1124 [inline] kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 lease_break_callback+0x26/0x30 fs/locks.c:558 __break_lease+0x6a5/0x1620 fs/locks.c:1592 vfs_truncate+0x428/0x520 fs/open.c:109 do_sys_truncate+0xdb/0x190 fs/open.c:138 __do_sys_truncate fs/open.c:150 [inline] __se_sys_truncate fs/open.c:148 [inline] __x64_sys_truncate+0x5b/0x70 fs/open.c:148 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] fasync_insert_entry.__key+0x0/0x20 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1124 [inline] kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 __pass_event drivers/input/evdev.c:240 [inline] evdev_pass_values+0x627/0xbd0 drivers/input/evdev.c:278 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x288/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f stack backtrace: CPU: 0 UID: 0 PID: 5394 Comm: syz-executor408 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_bad_irq_dependency kernel/locking/lockdep.c:2652 [inline] check_irq_usage kernel/locking/lockdep.c:2893 [inline] check_prev_add kernel/locking/lockdep.c:3170 [inline] check_prevs_add kernel/locking/lockdep.c:3285 [inline] validate_chain+0x1f05/0x2140 kernel/locking/lockdep.c:3909 __lock_acquire+0xaac/0xd20 kernel/locking/lockdep.c:5235 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1124 [inline] kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 __pass_event drivers/input/evdev.c:240 [inline] evdev_pass_values+0x627/0xbd0 drivers/input/evdev.c:278 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x288/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f666844d4f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f66683f9218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f66684cd428 RCX: 00007f666844d4f9 RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000008 RBP: 00007f66684cd420 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f666849a548 R13: 0000200000000040 R14: 00002000000001c0 R15: 00002000000000c0