Extracting prog: 5m58.965241518s
Minimizing prog: 30m52.931388475s
Simplifying prog options: 12m20.779124232s
Extracting C: 2m6.764369484s
Simplifying C: 0s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect-syz_open_dev$evdev
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000eafa7240936901b02926f400100109021b000124a800800904000001030000000905", @ANYRES64], 0x0)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x2, 0x2082)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect-syz_open_dev$evdev
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000eafa7240936901b02926f400100109021b000124a800800904000001030000000905", @ANYRES64], 0x0)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x2, 0x2082)

program crashed: BUG: soft lockup in hci_cmd_timeout
single: successfully extracted reproducer
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000eafa7240936901b02926f400100109021b000124a800800904000001030000000905", @ANYRES64], 0x0)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$evdev
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000eafa7240936901b02926f400100109021b000124a800800904000001030000000905", @ANYRES64], 0x0)
syz_open_dev$evdev(0x0, 0x2, 0x2082)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$evdev
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x2, 0x2082)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect-syz_open_dev$evdev
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x2, 0x2082)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect-syz_open_dev$evdev
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES64], 0x0)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x2, 0x2082)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect-syz_open_dev$evdev
program crashed: BUG: soft lockup in raw_ioctl
a never seen crash title: BUG: soft lockup in raw_ioctl, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect-syz_open_dev$evdev
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000eafa7240936901b02926f400100109021b000124a800800904000001030000000905", @ANYRES64], 0x0)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x2, 0x2082)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_connect-syz_open_dev$evdev
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000eafa7240936901b02926f400100109021b000124a800800904000001030000000905", @ANYRES64], 0x0)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x2, 0x2082)

program did not crash
reproducing took 51m19.440141414s
repro crashed as (corrupted=false):
yealink 1-1:36.0: unexpected response 0
yealink 1-1:36.0: urb_ctl_callback - urb status -71
yealink 1-1:36.0: urb_irq_callback - urb status -71
yealink 1-1:36.0: unexpected response 0
watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/u9:1:6013]
Modules linked in:
irq event stamp: 347894
hardirqs last  enabled at (347893): [<ffff8000804b08ac>] console_emit_next_record kernel/printk/printk.c:3130 [inline]
hardirqs last  enabled at (347893): [<ffff8000804b08ac>] console_flush_all+0x678/0xb90 kernel/printk/printk.c:3210
hardirqs last disabled at (347894): [<ffff80008b7cdd84>] __el1_irq arch/arm64/kernel/entry-common.c:557 [inline]
hardirqs last disabled at (347894): [<ffff80008b7cdd84>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:575
softirqs last  enabled at (347888): [<ffff8000803128a4>] softirq_handle_end kernel/softirq.c:407 [inline]
softirqs last  enabled at (347888): [<ffff8000803128a4>] handle_softirqs+0xb44/0xd34 kernel/softirq.c:589
softirqs last disabled at (347877): [<ffff800080020dbc>] __do_softirq+0x14/0x20 kernel/softirq.c:595
CPU: 1 UID: 0 PID: 6013 Comm: kworker/u9:1 Not tainted 6.14.0-rc6-syzkaller-ga5618886fdab #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: hci3 hci_cmd_timeout
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:176 [inline]
pc : arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline]
pc : console_emit_next_record kernel/printk/printk.c:3130 [inline]
pc : console_flush_all+0x69c/0xb90 kernel/printk/printk.c:3210
lr : console_emit_next_record kernel/printk/printk.c:3130 [inline]
lr : console_flush_all+0x698/0xb90 kernel/printk/printk.c:3210
sp : ffff8000a4ad72c0
x29: ffff8000a4ad7400 x28: 1ffff0001495ae72 x27: 1fffe0001aec87a2
x26: dfff800000000000 x25: 1ffff000122bcaa7 x24: 0000000000000001
x23: ffff8000915e5538 x22: ffff8000915e54e0 x21: 0000000000000000
x20: 0000000000000000 x19: 00000000000000c0 x18: ffff8000a4ad7208
x17: 20627275202d206b x16: ffff80008046947c x15: 0000000000000001
x14: 1ffff00011f8fe70 x13: ffff8000a4ad8000 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d7643d00 x7 : ffff8000804aa598 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : 0000000000000080 x0 : 0000000000000000
Call trace:
 __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline] (P)
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline] (P)
 console_emit_next_record kernel/printk/printk.c:3130 [inline] (P)
 console_flush_all+0x69c/0xb90 kernel/printk/printk.c:3210 (P)
 __console_flush_and_unlock kernel/printk/printk.c:3269 [inline]
 console_unlock+0x138/0x3ac kernel/printk/printk.c:3309
 vprintk_emit+0x308/0x55c kernel/printk/printk.c:2432
 vprintk_default+0xa0/0xe4 kernel/printk/printk.c:2447
 vprintk+0x94/0x12c kernel/printk/printk_safe.c:82
 _printk+0xdc/0x128 kernel/printk/printk.c:2457
 bt_err+0xfc/0x144 net/bluetooth/lib.c:296
 hci_cmd_timeout+0x108/0x1cc net/bluetooth/hci_core.c:1452
 process_one_work+0x810/0x1638 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x97c/0xeec kernel/workqueue.c:3400
 kthread+0x65c/0x7b0 kernel/kthread.c:464
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.14.0-rc6-syzkaller-ga5618886fdab #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:50
lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:124
sp : ffff80008fb37cf0
x29: ffff80008fb37cf0 x28: dfff800000000000 x27: 1ffff00011f66fac
x26: ffff80008fbbd000 x25: 0000000000000000 x24: 0000000000000001
x23: 1ffff00011f77ac1 x22: ffff80008fbbd608 x21: 0000000000000000
x20: ffff80008fbe6780 x19: ffff800080410018 x18: 1fffe000366f1886
x17: ffff80008fbbd000 x16: ffff80008040f8f8 x15: 0000000000000001
x14: 1fffe000366f3537 x13: 0000000000000000 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000003 x9 : 0000000000000000
x8 : 000000000028a3a3 x7 : ffff8000805c3f98 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff80008b7d2680
x2 : 0000000000000000 x1 : ffff80008b87a760 x0 : ffff800123c84000
Call trace:
 __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline] (P)
 arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:48 (P)
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x1ec/0x4e0 kernel/sched/idle.c:325
 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:423
 rest_init+0x2dc/0x2f4 init/main.c:743
 start_kernel+0x3f8/0x4f8 init/main.c:1099
 __primary_switched+0x8c/0x94 arch/arm64/kernel/head.S:246

final repro crashed as (corrupted=false):
yealink 1-1:36.0: unexpected response 0
yealink 1-1:36.0: urb_ctl_callback - urb status -71
yealink 1-1:36.0: urb_irq_callback - urb status -71
yealink 1-1:36.0: unexpected response 0
watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/u9:1:6013]
Modules linked in:
irq event stamp: 347894
hardirqs last  enabled at (347893): [<ffff8000804b08ac>] console_emit_next_record kernel/printk/printk.c:3130 [inline]
hardirqs last  enabled at (347893): [<ffff8000804b08ac>] console_flush_all+0x678/0xb90 kernel/printk/printk.c:3210
hardirqs last disabled at (347894): [<ffff80008b7cdd84>] __el1_irq arch/arm64/kernel/entry-common.c:557 [inline]
hardirqs last disabled at (347894): [<ffff80008b7cdd84>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:575
softirqs last  enabled at (347888): [<ffff8000803128a4>] softirq_handle_end kernel/softirq.c:407 [inline]
softirqs last  enabled at (347888): [<ffff8000803128a4>] handle_softirqs+0xb44/0xd34 kernel/softirq.c:589
softirqs last disabled at (347877): [<ffff800080020dbc>] __do_softirq+0x14/0x20 kernel/softirq.c:595
CPU: 1 UID: 0 PID: 6013 Comm: kworker/u9:1 Not tainted 6.14.0-rc6-syzkaller-ga5618886fdab #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: hci3 hci_cmd_timeout
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:176 [inline]
pc : arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline]
pc : console_emit_next_record kernel/printk/printk.c:3130 [inline]
pc : console_flush_all+0x69c/0xb90 kernel/printk/printk.c:3210
lr : console_emit_next_record kernel/printk/printk.c:3130 [inline]
lr : console_flush_all+0x698/0xb90 kernel/printk/printk.c:3210
sp : ffff8000a4ad72c0
x29: ffff8000a4ad7400 x28: 1ffff0001495ae72 x27: 1fffe0001aec87a2
x26: dfff800000000000 x25: 1ffff000122bcaa7 x24: 0000000000000001
x23: ffff8000915e5538 x22: ffff8000915e54e0 x21: 0000000000000000
x20: 0000000000000000 x19: 00000000000000c0 x18: ffff8000a4ad7208
x17: 20627275202d206b x16: ffff80008046947c x15: 0000000000000001
x14: 1ffff00011f8fe70 x13: ffff8000a4ad8000 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d7643d00 x7 : ffff8000804aa598 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : 0000000000000080 x0 : 0000000000000000
Call trace:
 __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline] (P)
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:195 [inline] (P)
 console_emit_next_record kernel/printk/printk.c:3130 [inline] (P)
 console_flush_all+0x69c/0xb90 kernel/printk/printk.c:3210 (P)
 __console_flush_and_unlock kernel/printk/printk.c:3269 [inline]
 console_unlock+0x138/0x3ac kernel/printk/printk.c:3309
 vprintk_emit+0x308/0x55c kernel/printk/printk.c:2432
 vprintk_default+0xa0/0xe4 kernel/printk/printk.c:2447
 vprintk+0x94/0x12c kernel/printk/printk_safe.c:82
 _printk+0xdc/0x128 kernel/printk/printk.c:2457
 bt_err+0xfc/0x144 net/bluetooth/lib.c:296
 hci_cmd_timeout+0x108/0x1cc net/bluetooth/hci_core.c:1452
 process_one_work+0x810/0x1638 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x97c/0xeec kernel/workqueue.c:3400
 kthread+0x65c/0x7b0 kernel/kthread.c:464
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.14.0-rc6-syzkaller-ga5618886fdab #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:50
lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:124
sp : ffff80008fb37cf0
x29: ffff80008fb37cf0 x28: dfff800000000000 x27: 1ffff00011f66fac
x26: ffff80008fbbd000 x25: 0000000000000000 x24: 0000000000000001
x23: 1ffff00011f77ac1 x22: ffff80008fbbd608 x21: 0000000000000000
x20: ffff80008fbe6780 x19: ffff800080410018 x18: 1fffe000366f1886
x17: ffff80008fbbd000 x16: ffff80008040f8f8 x15: 0000000000000001
x14: 1fffe000366f3537 x13: 0000000000000000 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000003 x9 : 0000000000000000
x8 : 000000000028a3a3 x7 : ffff8000805c3f98 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff80008b7d2680
x2 : 0000000000000000 x1 : ffff80008b87a760 x0 : ffff800123c84000
Call trace:
 __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline] (P)
 arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:48 (P)
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x1ec/0x4e0 kernel/sched/idle.c:325
 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:423
 rest_init+0x2dc/0x2f4 init/main.c:743
 start_kernel+0x3f8/0x4f8 init/main.c:1099
 __primary_switched+0x8c/0x94 arch/arm64/kernel/head.S:246