Extracting prog: 8m0.515003032s
Minimizing prog: 49m5.503792559s
Simplifying prog options: 21m38.903845358s
Extracting C: 9m7.103244657s
Simplifying C: 0s


1 programs, 3 VMs, timeouts [15s 1m40s 6m0s]
extracting reproducer from 1 programs
single: executing 1 programs separately with timeout 15s
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$uhid-write$UHID_CREATE-openat$vcs
detailed listing:
executing program 0:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000000200)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000c40)=""/4096, 0x1000, 0xfc2c, 0x6, 0x0, 0xc9d, 0x8}}, 0x120)
openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$uhid-write$UHID_CREATE-openat$vcs
detailed listing:
executing program 0:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000000200)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000c40)=""/4096, 0x1000, 0xfc2c, 0x6, 0x0, 0xc9d, 0x8}}, 0x120)
openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$uhid-write$UHID_CREATE-openat$vcs
detailed listing:
executing program 0:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000000200)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000c40)=""/4096, 0x1000, 0xfc2c, 0x6, 0x0, 0xc9d, 0x8}}, 0x120)
openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0)

program crashed: INFO: task hung in uhid_char_release
single: successfully extracted reproducer
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$uhid-write$UHID_CREATE
detailed listing:
executing program 0:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000000200)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000c40)=""/4096, 0x1000, 0xfc2c, 0x6, 0x0, 0xc9d, 0x8}}, 0x120)

program crashed: INFO: task hung in uhid_char_release
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$uhid
detailed listing:
executing program 0:
openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): write$UHID_CREATE
detailed listing:
executing program 0:
write$UHID_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000c40)=""/4096, 0x1000, 0xfc2c, 0x6, 0x0, 0xc9d, 0x8}}, 0x120)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$uhid-write$UHID_CREATE
detailed listing:
executing program 0:
r0 = openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000000200)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000c40)=""/4096, 0x1000, 0xfc2c, 0x6, 0x0, 0xc9d, 0x8}}, 0x120)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$uhid-write$UHID_CREATE
detailed listing:
executing program 0:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$UHID_CREATE(r0, 0x0, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$uhid-write$UHID_CREATE
detailed listing:
executing program 0:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000000200)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0x0, 0x0, 0xfc2c, 0x6, 0x0, 0xc9d, 0x8}}, 0x120)

program did not crash
extracting C reproducer
testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$uhid-write$UHID_CREATE
program did not crash
simplifying guilty program options
testing program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$uhid-write$UHID_CREATE
detailed listing:
executing program 0:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000000200)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000c40)=""/4096, 0x1000, 0xfc2c, 0x6, 0x0, 0xc9d, 0x8}}, 0x120)

program crashed: INFO: task hung in uhid_char_release
extracting C reproducer
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$uhid-write$UHID_CREATE
program did not crash
testing program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$uhid-write$UHID_CREATE
detailed listing:
executing program 0:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000000200)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000c40)=""/4096, 0x1000, 0xfc2c, 0x6, 0x0, 0xc9d, 0x8}}, 0x120)

program did not crash
reproducing took 1h27m53.089383724s
repro crashed as (corrupted=false):
INFO: task syz-executor:5336 blocked for more than 143 seconds.
      Not tainted 6.10.0-rc1-next-20240531-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D
 stack:26784 pid:5336  tgid:5336  ppid:5255   flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5192 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_timeout+0xb0/0x310 kernel/time/timer.c:2557
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common kernel/sched/completion.c:127 [inline]
 wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
 __flush_work+0xaa9/0xd00 kernel/workqueue.c:4227
 __cancel_work_sync+0xbc/0x110 kernel/workqueue.c:4347
 uhid_dev_destroy drivers/hid/uhid.c:584 [inline]
 uhid_char_release+0xaf/0x600 drivers/hid/uhid.c:662
 __fput+0x406/0x8b0 fs/file_table.c:422
 __do_sys_close fs/open.c:1559 [inline]
 __se_sys_close fs/open.c:1544 [inline]
 __x64_sys_close+0x7f/0x110 fs/open.c:1544
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc039c7bdda
RSP: 002b:00007ffe1da3b190 EFLAGS: 00000293
 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fc039c7bdda
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: ffffffffffffffff R08: 00007fc039c00000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000293 R12: 00007fc039db3fa0
R13: 00007fc039db3fac R14: 0000000000000000 R15: 00007fc039db3fa0
 </TASK>
INFO: task syz-executor.3:5344 blocked for more than 146 seconds.
      Not tainted 6.10.0-rc1-next-20240531-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.3  state:D
 stack:25496 pid:5344  tgid:5344  ppid:5267   flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5192 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_timeout+0xb0/0x310 kernel/time/timer.c:2557
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common kernel/sched/completion.c:127 [inline]
 wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
 __flush_work+0xaa9/0xd00 kernel/workqueue.c:4227
 __cancel_work_sync+0xbc/0x110 kernel/workqueue.c:4347
 uhid_dev_destroy drivers/hid/uhid.c:584 [inline]
 uhid_char_release+0xaf/0x600 drivers/hid/uhid.c:662
 __fput+0x406/0x8b0 fs/file_table.c:422
 __do_sys_close fs/open.c:1559 [inline]
 __se_sys_close fs/open.c:1544 [inline]
 __x64_sys_close+0x7f/0x110 fs/open.c:1544
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdf8287bdda
RSP: 002b:00007ffe83bf3950 EFLAGS: 00000293
 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fdf8287bdda
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: ffffffffffffffff R08: 00007fdf82800000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000293 R12: 00007fdf829b3fa0
R13: 00007fdf829b3fac R14: 0000000000000000 R15: 00007fdf829b3fa0
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/30:
 #0: 

final repro crashed as (corrupted=false):
INFO: task syz-executor:5336 blocked for more than 143 seconds.
      Not tainted 6.10.0-rc1-next-20240531-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D
 stack:26784 pid:5336  tgid:5336  ppid:5255   flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5192 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_timeout+0xb0/0x310 kernel/time/timer.c:2557
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common kernel/sched/completion.c:127 [inline]
 wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
 __flush_work+0xaa9/0xd00 kernel/workqueue.c:4227
 __cancel_work_sync+0xbc/0x110 kernel/workqueue.c:4347
 uhid_dev_destroy drivers/hid/uhid.c:584 [inline]
 uhid_char_release+0xaf/0x600 drivers/hid/uhid.c:662
 __fput+0x406/0x8b0 fs/file_table.c:422
 __do_sys_close fs/open.c:1559 [inline]
 __se_sys_close fs/open.c:1544 [inline]
 __x64_sys_close+0x7f/0x110 fs/open.c:1544
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc039c7bdda
RSP: 002b:00007ffe1da3b190 EFLAGS: 00000293
 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fc039c7bdda
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: ffffffffffffffff R08: 00007fc039c00000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000293 R12: 00007fc039db3fa0
R13: 00007fc039db3fac R14: 0000000000000000 R15: 00007fc039db3fa0
 </TASK>
INFO: task syz-executor.3:5344 blocked for more than 146 seconds.
      Not tainted 6.10.0-rc1-next-20240531-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.3  state:D
 stack:25496 pid:5344  tgid:5344  ppid:5267   flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5192 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_timeout+0xb0/0x310 kernel/time/timer.c:2557
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common kernel/sched/completion.c:127 [inline]
 wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
 __flush_work+0xaa9/0xd00 kernel/workqueue.c:4227
 __cancel_work_sync+0xbc/0x110 kernel/workqueue.c:4347
 uhid_dev_destroy drivers/hid/uhid.c:584 [inline]
 uhid_char_release+0xaf/0x600 drivers/hid/uhid.c:662
 __fput+0x406/0x8b0 fs/file_table.c:422
 __do_sys_close fs/open.c:1559 [inline]
 __se_sys_close fs/open.c:1544 [inline]
 __x64_sys_close+0x7f/0x110 fs/open.c:1544
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdf8287bdda
RSP: 002b:00007ffe83bf3950 EFLAGS: 00000293
 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fdf8287bdda
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: ffffffffffffffff R08: 00007fdf82800000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000293 R12: 00007fdf829b3fa0
R13: 00007fdf829b3fac R14: 0000000000000000 R15: 00007fdf829b3fa0
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/30:
 #0: