Extracting prog: 1h12m22.194804523s Minimizing prog: 1h32m10.199078778s Simplifying prog options: 9m44.808135406s Extracting C: 6m49.700739458s Simplifying C: 0s extracting reproducer from 58 programs testing a last program of every proc single: executing 13 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-openat$cgroup_ro-fallocate-socket$can_bcm-recvmmsg-connect$can_bcm-sendmsg$can_bcm-connect$inet6-memfd_create-userfaultfd-ioctl$UFFDIO_API-syz_init_net_socket$rose-bind$rose-pwritev-syz_io_uring_setup-ioctl$UFFDIO_ZEROPAGE-socketpair$nbd detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) fallocate(r3, 0x0, 0x0, 0x10fff9) r4 = socket$can_bcm(0x1d, 0x2, 0x2) recvmmsg(r4, &(0x7f0000007ec0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) connect$can_bcm(r4, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r5 = memfd_create(0x0, 0x0) r6 = userfaultfd(0x1) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000080)) r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r7, &(0x7f0000000000)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x10e, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}}, 0x1c) pwritev(r5, &(0x7f00000002c0)=[{&(0x7f0000000100)}], 0x1, 0x0, 0x0) syz_io_uring_setup(0x24f9, &(0x7f0000000080)={0x0, 0xb67d, 0x10100}, 0x0, &(0x7f0000000340)) ioctl$UFFDIO_ZEROPAGE(r6, 0xc020aa07, &(0x7f0000000280)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}}) socketpair$nbd(0x1, 0x1, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$inet6-close_range-socket$inet6-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-bpf$BPF_LINK_CREATE-bpf$ITER_CREATE detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0x10, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$inet6(0xa, 0x3, 0x8000000003c) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800"/15], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r0, r2}, 0x10) bpf$ITER_CREATE(0x1d, &(0x7f0000000040)={r3, 0x7}, 0x8) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-openat$fuse-mount$fuse-syz_mount_image$ext4-prctl$PR_SET_TAGGED_ADDR_CTRL-openat-ioctl$BTRFS_IOC_GET_SUBVOL_INFO-socket$nl_generic-syz_genetlink_get_family_id$tipc-openat$sw_sync-ioctl$SW_SYNC_IOC_CREATE_FENCE-ppoll-close-ioctl$SW_SYNC_IOC_INC-sendmsg$TIPC_CMD_ENABLE_BEARER-ioctl$FIOCLEX-read$FUSE-socket$inet_sctp-prctl$PR_SET_TAGGED_ADDR_CTRL-getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO-write$FUSE_INIT-syz_fuse_handle_req-socket$rds-setsockopt$SO_RDS_MSG_RXPATH_LATENCY detailed listing: executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d303030303030303030303030b6303030303034303030302c757365725f9627c1660baec7ff0c3a8f4e675bae0e9cd7dad821e167eda3252e5763b521bd19554940f8e657b53e9a8c09b7bbe3130c61ff4edea2560f76f31980f9330ac1d3dc63d8ba6891a60a327d461d7fd05486", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000100)='./file2\x00', 0x20005f, &(0x7f0000000540)={[{@jqfmt_vfsold}, {@errors_continue}, {@stripe={'stripe', 0x3d, 0x40000000000055}}, {@nomblk_io_submit}, {@test_dummy_encryption}, {@minixdf}, {@nolazytime}, {@noload}, {@stripe={'stripe', 0x3d, 0xb}}, {@usrquota}, {@user_xattr}], [{@euid_gt}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}]}, 0x1, 0x476, &(0x7f0000000700)="$eJzs3MtvVNUfAPDvvX3w4/XriPjgoVTRSDS2tKCycAFGExeamOgCl7UtBCnU0JoIIVpc4NKQuDcuTfwLXOnGqCsTt7o3JMSwAV1dc2fu7WM6MxmGgWmZzye59Jz7yDnfnntmzj2H2wD61mj+TxKxIyL+iIiRWnbtCaO1H7dvXp7+5+bl6SSy7N2/k+p5t25eni5PLa/bXmaWavl9DcpduHjp7NTc3OyFIj++eO6j8YWLl148c27q9Ozp2fOTx44dPTLxysuTLzWvfNJ+nHmdbu39dH7/njffv/b29MlrH/zyXVLGXxdHl4w22DdQJp7tcmG9tnNVOhksEgM9qgxty5sob66hav8fiYEYXD42Em983tPKAfdUlmXZlmYHk1jKgAdYEr2uAdAb5Vd9/vxbbvdt8LEB3DhRewDK475dbLUjg5EW5wzVPd92U/60dXLp36/zLe7NPAQAwBo/nKj9XD/+S+PRVecdL9aGKhHxUETsioiHI2J3RDwSUT33sYh4fOWSrJ3lmfpFkvXjn/R6h6G1JR//vVqsba0d/5Wjv6gMFLmd1fiHklNn5mYPR8T/I+JQDG3J8xMtyvjx9d+/bHZsNCIrx3/5lpdfjgWLeqT118xMLU51HvFaN65E7B1sFH+yvBKQt+OeiNh7oLMyzjz/7f5mx0ZXjX8bx9/CYGf1WS37JuK5WvsvRV38paT1+uT4/2Ju9vB4eVes9+tvV99pVv5dxd8Feftva3j/L8dfSVav1y5U9627J1u5+ucXDZ9phtqKP70+WDdBnd//w8l71fRwse+TqcXFCxMRw8lbxf7jK/snV64t8+X5efyHDjbu/7ti5TexLyLym/iJiHgyIg4UdX8qIp6OiIMt4v/5tWc+bHZsI7T/zB21/50nBs7+9P2aQist4k+iQfsfraYOFXva+fxrXp2VOY88rE5/bwAAALCZpBGxI5J0bDmdpmNjtf8vvzu2pXPzC4svnJr/+PxM7R2BSgyl5UzXyKr50IlixqDMTxaP+WX+SDFv/NXA1mp+bHp+bqbXwUOf296k/+f+8v4GPPi6sI4GbFKd9v8syz7rclWA+8z3P/Qv/R/6V4P+v7Uu3/RvBACbW6Pvfw/20B+M/6F/6f/Qv/R/6F/6P/Slu3mvv0hcafGyfXuJ/PPnrqtxHxNZ1qPSh3sf+3Ii0g1RjXuViMpGqEald6X3+pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgO/4LAAD//wYf47Q=") prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81009431, 0xfffffffffffffffe) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", 0xffffffffffffffff}) ppoll(&(0x7f0000000180)=[{r5}], 0x1, 0x0, 0x0, 0x0) close(0x4) ioctl$SW_SYNC_IOC_INC(r4, 0x40045701, &(0x7f0000000080)=0x5) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="04000000", @ANYRES16=r3, @ANYBLOB="010006000000030000000100000000000000014100000018001700000016000000007564703a73797a3100000000"], 0x34}, 0x1, 0x0, 0x0, 0x40004}, 0x20008000) ioctl$FIOCLEX(r2, 0x5451) read$FUSE(r0, &(0x7f00000077c0)={0x2020, 0x0, 0x0}, 0x2020) socket$inet_sctp(0x2, 0x1, 0x84) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000240)={0x0, @in6={{0xa, 0x4e23, 0x1, @empty, 0x5}}, 0x7, 0x80, 0x6, 0x83, 0x3}, &(0x7f0000000300)=0x98) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r6, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r7, 0x114, 0x1d, &(0x7f0000000280)=ANY=[], 0x4) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$binderfs-socket$nl_generic-umount2-socket$nl_netfilter-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-sendmsg$NFT_BATCH-syz_open_dev$video-write$binfmt_aout-ioctl$VIDIOC_S_FMT-socket-openat$dsp-ioctl$SOUND_MIXER_WRITE_RECSRC-write-accept4-socket$inet6-setsockopt$inet6_int-connect$inet6-syz_genetlink_get_family_id$tipc2-sendmsg$TIPC_NL_MEDIA_GET detailed listing: executing program 0: mkdirat$binderfs(0xffffffffffffff9c, 0x0, 0x1ff) r0 = socket$nl_generic(0x10, 0x3, 0x10) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$NFT_BATCH(r1, 0x0, 0x0) r5 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeedcafe, 0x3, 0x0, 0x2}}) r6 = socket(0x10, 0x3, 0x0) r7 = openat$dsp(0xffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(r7, 0xc0044dff, &(0x7f00000000c0)=0x33) write(r6, &(0x7f0000000000)="240000001a005f0414f9f407000901000aff8000034000030000000008001d0001000000", 0x24) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r8 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x11, 0x0, 0x0) connect$inet6(r8, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1}, 0x1b) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000b0000000c000580080001"], 0x20}}, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_RAW_TRACEPOINT_OPEN-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-mkdirat$cgroup_root-openat$cgroup_root-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$PROG_LOAD-openat$cgroup_freezer_state-write$cgroup_freezer_state-write$cgroup_freezer_state detailed listing: executing program 0: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{}, &(0x7f0000000800), 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = openat$cgroup_freezer_state(r3, &(0x7f00000002c0), 0x2, 0x0) write$cgroup_freezer_state(r4, 0x0, 0x0) write$cgroup_freezer_state(r4, &(0x7f0000000080)='THAWED\x00', 0x7) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-openat$ppp-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-close_range detailed listing: executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r1, @ANYBLOB, @ANYRES32], 0x40}}, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_pidfd_open-bpf$MAP_CREATE-syz_open_procfs$namespace-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$MAP_CREATE_RINGBUF-mkdirat$cgroup_root-openat$cgroup_devices-write$cgroup_devices-write$cgroup_devices detailed listing: executing program 0: syz_pidfd_open(0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000, 0x200, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_open_procfs$namespace(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x8}}, &(0x7f0000000000)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x80, 0x0, 0x1, 0x145, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x1, 0x0, @void, @value, @void, @value}, 0x50) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r3, &(0x7f0000000140)=ANY=[@ANYBLOB='b 75:*\trr'], 0xa) write$cgroup_devices(r3, &(0x7f0000000080)={'b', ' *:* ', 'wm\x00'}, 0x9) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-openat$tun-ioctl$TUNSETIFF-openat$tun-ioctl$TUNSETIFF-ioctl$TUNSETDEBUG-openat$tun-ioctl$TUNSETIFF-openat$tun-close-socketpair$unix-ioctl$SIOCSIFHWADDR-write$cgroup_devices-ioctl$TUNSETQUEUE-close detailed listing: executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETDEBUG(r1, 0x400454c9, &(0x7f0000000380)=0x2) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_devices(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="1e0308003c5ca601288763"], 0xffdd) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000001c0)={'ipvlan1\x00', 0x400}) close(r0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-openat$ppp-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-close_range detailed listing: executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r1, @ANYBLOB, @ANYRES32], 0x40}}, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_pidfd_open-bpf$MAP_CREATE-syz_open_procfs$namespace-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$MAP_CREATE_RINGBUF-mkdirat$cgroup_root-openat$cgroup_devices-write$cgroup_devices-write$cgroup_devices detailed listing: executing program 0: syz_pidfd_open(0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000, 0x200, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_open_procfs$namespace(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x8}}, &(0x7f0000000000)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x80, 0x0, 0x1, 0x145, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x1, 0x0, @void, @value, @void, @value}, 0x50) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r3, &(0x7f0000000140)=ANY=[@ANYBLOB='b 75:*\trr'], 0xa) write$cgroup_devices(r3, &(0x7f0000000080)={'b', ' *:* ', 'wm\x00'}, 0x9) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-openat$tun-ioctl$TUNSETIFF-openat$tun-ioctl$TUNSETIFF-ioctl$TUNSETDEBUG-openat$tun-ioctl$TUNSETIFF-openat$tun-close-socketpair$unix-ioctl$SIOCSIFHWADDR-write$cgroup_devices-ioctl$TUNSETQUEUE-close detailed listing: executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETDEBUG(r1, 0x400454c9, &(0x7f0000000380)=0x2) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_devices(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="1e0308003c5ca601288763"], 0xffdd) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000001c0)={'ipvlan1\x00', 0x400}) close(r0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-recvmmsg-syz_usbip_server_init-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_GET_NEXT_KEY-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-recvmsg$unix-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0) syz_usbip_server_init(0x1) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release single: successfully extracted reproducer found reproducer with 20 syscalls minimizing guilty program testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-recvmmsg-syz_usbip_server_init-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_GET_NEXT_KEY-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-recvmsg$unix-syz_usbip_server_init detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0) syz_usbip_server_init(0x1) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-recvmmsg-syz_usbip_server_init-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_GET_NEXT_KEY-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-recvmsg$unix-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-recvmmsg-syz_usbip_server_init-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_GET_NEXT_KEY-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-recvmmsg-syz_usbip_server_init-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_GET_NEXT_KEY-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-recvmmsg-syz_usbip_server_init-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_GET_NEXT_KEY-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-recvmmsg-syz_usbip_server_init-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_GET_NEXT_KEY-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-recvmmsg-syz_usbip_server_init-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_GET_NEXT_KEY-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-recvmmsg-syz_usbip_server_init-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_GET_NEXT_KEY-syz_usbip_server_init-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) syz_usbip_server_init(0x0) syz_usbip_server_init(0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-recvmmsg-syz_usbip_server_init-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_GET_NEXT_KEY-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) syz_usbip_server_init(0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-recvmmsg-syz_usbip_server_init-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$MAP_GET_NEXT_KEY-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-recvmmsg-syz_usbip_server_init-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-recvmmsg-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x4) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-recvmmsg-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) syz_usbip_server_init(0x4) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) syz_usbip_server_init(0x4) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_open testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) syz_usbip_server_init(0x4) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() syz_usbip_server_init(0x4) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) syz_usbip_server_init(0x4) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usb_remote_wakeup testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_usbip_server_init(0x4) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sched_setscheduler-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: sched_setscheduler(0x0, 0x1, 0x0) syz_usbip_server_init(0x4) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in usbdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sched_setscheduler-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: sched_setscheduler(0x0, 0x1, 0x0) syz_usbip_server_init(0x4) syz_open_dev$usbfs(0x0, 0x70, 0x101301) program did not crash extracting C reproducer testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sched_setscheduler-syz_usbip_server_init-syz_open_dev$usbfs program crashed: no output from test machine a never seen crash title: no output from test machine, ignore simplifying guilty program options testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sched_setscheduler-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: sched_setscheduler(0x0, 0x1, 0x0) syz_usbip_server_init(0x4) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program crashed: INFO: task hung in hub_port_init a never seen crash title: INFO: task hung in hub_port_init, ignore testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sched_setscheduler-syz_usbip_server_init-syz_open_dev$usbfs detailed listing: executing program 0: sched_setscheduler(0x0, 0x1, 0x0) syz_usbip_server_init(0x4) syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) program did not crash reproducing took 3h1m6.902770195s repro crashed as (corrupted=false): INFO: task syz.0.75:4797 blocked for more than 143 seconds. Not tainted 6.1.115-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.75 state:D stack:0 pid:4797 ppid:4445 flags:0x00000001 Call trace: __switch_to+0x320/0x754 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5241 [inline] __schedule+0xef4/0x1d44 kernel/sched/core.c:6558 schedule+0xc4/0x170 kernel/sched/core.c:6634 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6693 __mutex_lock_common+0xbd8/0x21a0 kernel/locking/mutex.c:679 __mutex_lock kernel/locking/mutex.c:747 [inline] mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799 device_lock include/linux/device.h:837 [inline] usbdev_release+0x80/0x6fc drivers/usb/core/devio.c:1097 __fput+0x1c8/0x7c8 fs/file_table.c:320 ____fput+0x20/0x30 fs/file_table.c:348 task_work_run+0x240/0x2f0 kernel/task_work.c:203 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] do_notify_resume+0x2148/0x3474 arch/arm64/kernel/signal.c:1132 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline] el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 INFO: task syz.4.80:4823 blocked for more than 143 seconds. Not tainted 6.1.115-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.80 state:D stack:0 pid:4823 ppid:4458 flags:0x00000001 Call trace: __switch_to+0x320/0x754 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5241 [inline] __schedule+0xef4/0x1d44 kernel/sched/core.c:6558 schedule+0xc4/0x170 kernel/sched/core.c:6634 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6693 __mutex_lock_common+0xbd8/0x21a0 kernel/locking/mutex.c:679 __mutex_lock kernel/locking/mutex.c:747 [inline] mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799 device_lock include/linux/device.h:837 [inline] usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414 do_dentry_open+0x734/0xfa0 fs/open.c:882 vfs_open+0x7c/0x90 fs/open.c:1013 do_open fs/namei.c:3626 [inline] path_openat+0x1e14/0x2548 fs/namei.c:3783 do_filp_open+0x1bc/0x3cc fs/namei.c:3810 do_sys_openat2+0x128/0x3e0 fs/open.c:1318 do_sys_open fs/open.c:1334 [inline] __do_sys_openat fs/open.c:1350 [inline] __se_sys_openat fs/open.c:1345 [inline] __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 INFO: task syz.2.81:4828 blocked for more than 143 seconds. Not tainted 6.1.115-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.2.81 state:D stack:0 pid:4828 ppid:4451 flags:0x00000001 Call trace: __switch_to+0x320/0x754 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5241 [inline] __schedule+0xef4/0x1d44 kernel/sched/core.c:6558 schedule+0xc4/0x170 kernel/sched/core.c:6634 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6693 __mutex_lock_common+0xbd8/0x21a0 kernel/locking/mutex.c:679 __mutex_lock kernel/locking/mutex.c:747 [inline] mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799 device_lock include/linux/device.h:837 [inline] usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414 do_dentry_open+0x734/0xfa0 fs/open.c:882 vfs_open+0x7c/0x90 fs/open.c:1013 do_open fs/namei.c:3626 [inline] path_openat+0x1e14/0x2548 fs/namei.c:3783 do_filp_open+0x1bc/0x3cc fs/namei.c:3810 do_sys_openat2+0x128/0x3e0 fs/open.c:1318 do_sys_open fs/open.c:1334 [inline] __do_sys_openat fs/open.c:1350 [inline] __se_sys_openat fs/open.c:1345 [inline] __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 INFO: task syz.1.82:4832 blocked for more than 143 seconds. Not tainted 6.1.115-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.1.82 state:D stack:0 pid:4832 ppid:4450 flags:0x00000001 Call trace: __switch_to+0x320/0x754 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5241 [inline] __schedule+0xef4/0x1d44 kernel/sched/core.c:6558 schedule+0xc4/0x170 kernel/sched/core.c:6634 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6693 __mutex_lock_common+0xbd8/0x21a0 kernel/locking/mutex.c:679 __mutex_lock kernel/locking/mutex.c:747 [inline] mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799 device_lock include/linux/device.h:837 [inline] usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414 do_dentry_open+0x734/0xfa0 fs/open.c:882 vfs_open+0x7c/0x90 fs/open.c:1013 do_open fs/namei.c:3626 [inline] path_openat+0x1e14/0x2548 fs/namei.c:3783 do_filp_open+0x1bc/0x3cc fs/namei.c:3810 do_sys_openat2+0x128/0x3e0 fs/open.c:1318 do_sys_open fs/open.c:1334 [inline] __do_sys_openat fs/open.c:1350 [inline] __se_sys_openat fs/open.c:1345 [inline] __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 INFO: task syz.3.83:4833 blocked for more than 143 seconds. Not tainted 6.1.115-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.3.83 state:D stack:0 pid:4833 ppid:4453 flags:0x00000001 Call trace: __switch_to+0x320/0x754 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5241 [inline] __schedule+0xef4/0x1d44 kernel/sched/core.c:6558 schedule+0xc4/0x170 kernel/sched/core.c:6634 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6693 __mutex_lock_common+0xbd8/0x21a0 kernel/locking/mutex.c:679 __mutex_lock kernel/locking/mutex.c:747 [inline] mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799 device_lock include/linux/device.h:837 [inline] usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414 do_dentry_open+0x734/0xfa0 fs/open.c:882 vfs_open+0x7c/0x90 fs/open.c:1013 do_open fs/namei.c:3626 [inline] path_openat+0x1e14/0x2548 fs/namei.c:3783 do_filp_open+0x1bc/0x3cc fs/namei.c:3810 do_sys_openat2+0x128/0x3e0 fs/open.c:1318 do_sys_open fs/open.c:1334 [inline] __do_sys_openat fs/open.c:1350 [inline] __se_sys_openat fs/open.c:1345 [inline] __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 Showing all locks held in the system: 1 lock held by rcu_tasks_kthre/12: #0: ffff800015ba5bf0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x44/0xcf4 kernel/rcu/tasks.h:517 1 lock held by rcu_tasks_trace/13: #0: ffff800015ba63f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x44/0xcf4 kernel/rcu/tasks.h:517 1 lock held by khungtaskd/28: #0: ffff800015ba5a20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:349 2 locks held by getty/4062: #0: ffff0000d66d6098 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340 #1: ffff80001efb02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x414/0x1214 drivers/tty/n_tty.c:2198 5 locks held by kworker/0:4/4356: #0: ffff0000c46b0d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 kernel/workqueue.c:2265 #1: ffff8000210b7c20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 kernel/workqueue.c:2267 #2: ffff0000d26bc190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #2: ffff0000d26bc190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b0/0x42e4 drivers/usb/core/hub.c:5801 #3: ffff0000d26bf510 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3159 [inline] #3: ffff0000d26bf510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5373 [inline] #3: ffff0000d26bf510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5617 [inline] #3: ffff0000d26bf510 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5773 [inline] #3: ffff0000d26bf510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x1bdc/0x42e4 drivers/usb/core/hub.c:5855 #4: ffff0000d25fa468 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5374 [inline] #4: ffff0000d25fa468 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5617 [inline] #4: ffff0000d25fa468 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5773 [inline] #4: ffff0000d25fa468 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x1c04/0x42e4 drivers/usb/core/hub.c:5855 2 locks held by kworker/u4:0/4357: 5 locks held by kworker/1:24/4430: #0: ffff0000c46b0d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 kernel/workqueue.c:2265 #1: ffff8000217d7c20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 kernel/workqueue.c:2267 #2: ffff0000d25d0190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #2: ffff0000d25d0190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b0/0x42e4 drivers/usb/core/hub.c:5801 #3: ffff0000d25d3510 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3159 [inline] #3: ffff0000d25d3510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5373 [inline] #3: ffff0000d25d3510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5617 [inline] #3: ffff0000d25d3510 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5773 [inline] #3: ffff0000d25d3510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x1bdc/0x42e4 drivers/usb/core/hub.c:5855 #4: ffff0000d20ba868 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5374 [inline] #4: ffff0000d20ba868 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5617 [inline] #4: ffff0000d20ba868 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5773 [inline] #4: ffff0000d20ba868 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x1c04/0x42e4 drivers/usb/core/hub.c:5855 5 locks held by kworker/0:5/4583: #0: ffff0000c46b0d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 kernel/workqueue.c:2265 #1: ffff800021b37c20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 kernel/workqueue.c:2267 #2: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #2: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b0/0x42e4 drivers/usb/core/hub.c:5801 #3: ffff0000d1f53510 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3159 [inline] #3: ffff0000d1f53510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5373 [inline] #3: ffff0000d1f53510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5617 [inline] #3: ffff0000d1f53510 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5773 [inline] #3: ffff0000d1f53510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x1bdc/0x42e4 drivers/usb/core/hub.c:5855 #4: ffff0000d1a9c668 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5374 [inline] #4: ffff0000d1a9c668 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5617 [inline] #4: ffff0000d1a9c668 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5773 [inline] #4: ffff0000d1a9c668 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x1c04/0x42e4 drivers/usb/core/hub.c:5855 3 locks held by kworker/0:6/4710: #0: ffff0000c0020938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 kernel/workqueue.c:2265 #1: ffff800021db7c20 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 kernel/workqueue.c:2267 #2: ffff00010a9ce240 (&data->fib_lock){+.+.}-{3:3}, at: nsim_fib_event_work+0x270/0x32bc drivers/net/netdevsim/fib.c:1489 1 lock held by syz.0.75/4797: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_release+0x80/0x6fc drivers/usb/core/devio.c:1097 1 lock held by syz.4.80/4823: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.2.81/4828: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.1.82/4832: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.3.83/4833: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.5.84/4955: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.9.88/4959: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.8.87/4963: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.7.86/4967: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.6.85/4972: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.0.89/5028: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.3.92/5054: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.2.91/5065: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.1.90/5062: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.4.93/5067: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.5.94/5100: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.6.95/5163: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.9.98/5197: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.7.96/5201: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.8.97/5205: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.0.99/5224: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.1.100/5241: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.2.101/5279: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.3.102/5297: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.4.103/5301: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.5.104/5327: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.6.105/5355: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.7.106/5391: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.8.107/5427: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.9.108/5434: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.0.109/5449: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.1.110/5466: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.2.111/5482: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.3.112/5532: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.4.113/5536: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.5.114/5550: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.6.115/5576: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.7.116/5602: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.8.117/5649: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.9.118/5663: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.0.119/5671: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 7 locks held by syz-executor/5675: #0: ffff0000d9040460 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x244/0x91c fs/read_write.c:580 #1: ffff0000d01c0888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1c8/0x48c fs/kernfs/file.c:325 #2: ffff0000d0eb1660 (kn->active#51){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x1e4/0x48c fs/kernfs/file.c:326 #3: ffff8000173b6c68 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xec/0x39c drivers/net/netdevsim/bus.c:209 #4: ffff0000ca5390e8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #4: ffff0000ca5390e8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1080 [inline] #4: ffff0000ca5390e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xbc/0x724 drivers/base/dd.c:1283 #5: ffff0000ca53c2f8 (&devlink->lock_key#33){+.+.}-{3:3}, at: devl_lock+0x24/0x34 net/devlink/leftover.c:275 #6: ffff800017ff4688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:74 ============================================= final repro crashed as (corrupted=false): INFO: task syz.0.75:4797 blocked for more than 143 seconds. Not tainted 6.1.115-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.75 state:D stack:0 pid:4797 ppid:4445 flags:0x00000001 Call trace: __switch_to+0x320/0x754 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5241 [inline] __schedule+0xef4/0x1d44 kernel/sched/core.c:6558 schedule+0xc4/0x170 kernel/sched/core.c:6634 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6693 __mutex_lock_common+0xbd8/0x21a0 kernel/locking/mutex.c:679 __mutex_lock kernel/locking/mutex.c:747 [inline] mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799 device_lock include/linux/device.h:837 [inline] usbdev_release+0x80/0x6fc drivers/usb/core/devio.c:1097 __fput+0x1c8/0x7c8 fs/file_table.c:320 ____fput+0x20/0x30 fs/file_table.c:348 task_work_run+0x240/0x2f0 kernel/task_work.c:203 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] do_notify_resume+0x2148/0x3474 arch/arm64/kernel/signal.c:1132 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline] el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 INFO: task syz.4.80:4823 blocked for more than 143 seconds. Not tainted 6.1.115-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.4.80 state:D stack:0 pid:4823 ppid:4458 flags:0x00000001 Call trace: __switch_to+0x320/0x754 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5241 [inline] __schedule+0xef4/0x1d44 kernel/sched/core.c:6558 schedule+0xc4/0x170 kernel/sched/core.c:6634 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6693 __mutex_lock_common+0xbd8/0x21a0 kernel/locking/mutex.c:679 __mutex_lock kernel/locking/mutex.c:747 [inline] mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799 device_lock include/linux/device.h:837 [inline] usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414 do_dentry_open+0x734/0xfa0 fs/open.c:882 vfs_open+0x7c/0x90 fs/open.c:1013 do_open fs/namei.c:3626 [inline] path_openat+0x1e14/0x2548 fs/namei.c:3783 do_filp_open+0x1bc/0x3cc fs/namei.c:3810 do_sys_openat2+0x128/0x3e0 fs/open.c:1318 do_sys_open fs/open.c:1334 [inline] __do_sys_openat fs/open.c:1350 [inline] __se_sys_openat fs/open.c:1345 [inline] __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 INFO: task syz.2.81:4828 blocked for more than 143 seconds. Not tainted 6.1.115-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.2.81 state:D stack:0 pid:4828 ppid:4451 flags:0x00000001 Call trace: __switch_to+0x320/0x754 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5241 [inline] __schedule+0xef4/0x1d44 kernel/sched/core.c:6558 schedule+0xc4/0x170 kernel/sched/core.c:6634 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6693 __mutex_lock_common+0xbd8/0x21a0 kernel/locking/mutex.c:679 __mutex_lock kernel/locking/mutex.c:747 [inline] mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799 device_lock include/linux/device.h:837 [inline] usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414 do_dentry_open+0x734/0xfa0 fs/open.c:882 vfs_open+0x7c/0x90 fs/open.c:1013 do_open fs/namei.c:3626 [inline] path_openat+0x1e14/0x2548 fs/namei.c:3783 do_filp_open+0x1bc/0x3cc fs/namei.c:3810 do_sys_openat2+0x128/0x3e0 fs/open.c:1318 do_sys_open fs/open.c:1334 [inline] __do_sys_openat fs/open.c:1350 [inline] __se_sys_openat fs/open.c:1345 [inline] __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 INFO: task syz.1.82:4832 blocked for more than 143 seconds. Not tainted 6.1.115-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.1.82 state:D stack:0 pid:4832 ppid:4450 flags:0x00000001 Call trace: __switch_to+0x320/0x754 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5241 [inline] __schedule+0xef4/0x1d44 kernel/sched/core.c:6558 schedule+0xc4/0x170 kernel/sched/core.c:6634 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6693 __mutex_lock_common+0xbd8/0x21a0 kernel/locking/mutex.c:679 __mutex_lock kernel/locking/mutex.c:747 [inline] mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799 device_lock include/linux/device.h:837 [inline] usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414 do_dentry_open+0x734/0xfa0 fs/open.c:882 vfs_open+0x7c/0x90 fs/open.c:1013 do_open fs/namei.c:3626 [inline] path_openat+0x1e14/0x2548 fs/namei.c:3783 do_filp_open+0x1bc/0x3cc fs/namei.c:3810 do_sys_openat2+0x128/0x3e0 fs/open.c:1318 do_sys_open fs/open.c:1334 [inline] __do_sys_openat fs/open.c:1350 [inline] __se_sys_openat fs/open.c:1345 [inline] __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 INFO: task syz.3.83:4833 blocked for more than 143 seconds. Not tainted 6.1.115-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.3.83 state:D stack:0 pid:4833 ppid:4453 flags:0x00000001 Call trace: __switch_to+0x320/0x754 arch/arm64/kernel/process.c:553 context_switch kernel/sched/core.c:5241 [inline] __schedule+0xef4/0x1d44 kernel/sched/core.c:6558 schedule+0xc4/0x170 kernel/sched/core.c:6634 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6693 __mutex_lock_common+0xbd8/0x21a0 kernel/locking/mutex.c:679 __mutex_lock kernel/locking/mutex.c:747 [inline] mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799 device_lock include/linux/device.h:837 [inline] usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 chrdev_open+0x3e8/0x4fc fs/char_dev.c:414 do_dentry_open+0x734/0xfa0 fs/open.c:882 vfs_open+0x7c/0x90 fs/open.c:1013 do_open fs/namei.c:3626 [inline] path_openat+0x1e14/0x2548 fs/namei.c:3783 do_filp_open+0x1bc/0x3cc fs/namei.c:3810 do_sys_openat2+0x128/0x3e0 fs/open.c:1318 do_sys_open fs/open.c:1334 [inline] __do_sys_openat fs/open.c:1350 [inline] __se_sys_openat fs/open.c:1345 [inline] __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 Showing all locks held in the system: 1 lock held by rcu_tasks_kthre/12: #0: ffff800015ba5bf0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x44/0xcf4 kernel/rcu/tasks.h:517 1 lock held by rcu_tasks_trace/13: #0: ffff800015ba63f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x44/0xcf4 kernel/rcu/tasks.h:517 1 lock held by khungtaskd/28: #0: ffff800015ba5a20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:349 2 locks held by getty/4062: #0: ffff0000d66d6098 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340 #1: ffff80001efb02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x414/0x1214 drivers/tty/n_tty.c:2198 5 locks held by kworker/0:4/4356: #0: ffff0000c46b0d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 kernel/workqueue.c:2265 #1: ffff8000210b7c20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 kernel/workqueue.c:2267 #2: ffff0000d26bc190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #2: ffff0000d26bc190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b0/0x42e4 drivers/usb/core/hub.c:5801 #3: ffff0000d26bf510 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3159 [inline] #3: ffff0000d26bf510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5373 [inline] #3: ffff0000d26bf510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5617 [inline] #3: ffff0000d26bf510 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5773 [inline] #3: ffff0000d26bf510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x1bdc/0x42e4 drivers/usb/core/hub.c:5855 #4: ffff0000d25fa468 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5374 [inline] #4: ffff0000d25fa468 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5617 [inline] #4: ffff0000d25fa468 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5773 [inline] #4: ffff0000d25fa468 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x1c04/0x42e4 drivers/usb/core/hub.c:5855 2 locks held by kworker/u4:0/4357: 5 locks held by kworker/1:24/4430: #0: ffff0000c46b0d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 kernel/workqueue.c:2265 #1: ffff8000217d7c20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 kernel/workqueue.c:2267 #2: ffff0000d25d0190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #2: ffff0000d25d0190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b0/0x42e4 drivers/usb/core/hub.c:5801 #3: ffff0000d25d3510 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3159 [inline] #3: ffff0000d25d3510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5373 [inline] #3: ffff0000d25d3510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5617 [inline] #3: ffff0000d25d3510 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5773 [inline] #3: ffff0000d25d3510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x1bdc/0x42e4 drivers/usb/core/hub.c:5855 #4: ffff0000d20ba868 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5374 [inline] #4: ffff0000d20ba868 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5617 [inline] #4: ffff0000d20ba868 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5773 [inline] #4: ffff0000d20ba868 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x1c04/0x42e4 drivers/usb/core/hub.c:5855 5 locks held by kworker/0:5/4583: #0: ffff0000c46b0d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 kernel/workqueue.c:2265 #1: ffff800021b37c20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 kernel/workqueue.c:2267 #2: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #2: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1b0/0x42e4 drivers/usb/core/hub.c:5801 #3: ffff0000d1f53510 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3159 [inline] #3: ffff0000d1f53510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5373 [inline] #3: ffff0000d1f53510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5617 [inline] #3: ffff0000d1f53510 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5773 [inline] #3: ffff0000d1f53510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x1bdc/0x42e4 drivers/usb/core/hub.c:5855 #4: ffff0000d1a9c668 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5374 [inline] #4: ffff0000d1a9c668 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5617 [inline] #4: ffff0000d1a9c668 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5773 [inline] #4: ffff0000d1a9c668 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x1c04/0x42e4 drivers/usb/core/hub.c:5855 3 locks held by kworker/0:6/4710: #0: ffff0000c0020938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 kernel/workqueue.c:2265 #1: ffff800021db7c20 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 kernel/workqueue.c:2267 #2: ffff00010a9ce240 (&data->fib_lock){+.+.}-{3:3}, at: nsim_fib_event_work+0x270/0x32bc drivers/net/netdevsim/fib.c:1489 1 lock held by syz.0.75/4797: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_release+0x80/0x6fc drivers/usb/core/devio.c:1097 1 lock held by syz.4.80/4823: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.2.81/4828: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.1.82/4832: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.3.83/4833: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.5.84/4955: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.9.88/4959: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.8.87/4963: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.7.86/4967: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.6.85/4972: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.0.89/5028: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.3.92/5054: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.2.91/5065: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.1.90/5062: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.4.93/5067: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.5.94/5100: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.6.95/5163: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.9.98/5197: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.7.96/5201: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.8.97/5205: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.0.99/5224: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.1.100/5241: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.2.101/5279: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.3.102/5297: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.4.103/5301: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.5.104/5327: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.6.105/5355: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.7.106/5391: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.8.107/5427: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.9.108/5434: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.0.109/5449: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.1.110/5466: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.2.111/5482: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.3.112/5532: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.4.113/5536: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.5.114/5550: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.6.115/5576: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.7.116/5602: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.8.117/5649: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.9.118/5663: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 1 lock held by syz.0.119/5671: #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #0: ffff0000d1f3f190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x13c/0x6c0 drivers/usb/core/devio.c:1052 7 locks held by syz-executor/5675: #0: ffff0000d9040460 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x244/0x91c fs/read_write.c:580 #1: ffff0000d01c0888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1c8/0x48c fs/kernfs/file.c:325 #2: ffff0000d0eb1660 (kn->active#51){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x1e4/0x48c fs/kernfs/file.c:326 #3: ffff8000173b6c68 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xec/0x39c drivers/net/netdevsim/bus.c:209 #4: ffff0000ca5390e8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:837 [inline] #4: ffff0000ca5390e8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1080 [inline] #4: ffff0000ca5390e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xbc/0x724 drivers/base/dd.c:1283 #5: ffff0000ca53c2f8 (&devlink->lock_key#33){+.+.}-{3:3}, at: devl_lock+0x24/0x34 net/devlink/leftover.c:275 #6: ffff800017ff4688 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x20/0x2c net/core/rtnetlink.c:74 =============================================