Extracting prog: 1h58m46.969732529s
Minimizing prog: 34m20.25858778s
Simplifying prog options: 9m7.75065486s
Extracting C: 5m16.41866644s
Simplifying C: 0s


extracting reproducer from 72 programs
testing a last program of every proc
single: executing 22 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-sendmmsg$inet6-shutdown-setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS-getsockopt$inet_sctp_SCTP_PR_SUPPORTED-setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR-bpf$MAP_CREATE-socket$nl_netfilter-sendmsg$IPSET_CMD_CREATE-sendmsg$IPSET_CMD_ADD-socket$nl_generic-ioctl$sock_SIOCGIFINDEX_80211-syz_genetlink_get_family_id$nl80211-sendmsg$NL80211_CMD_SET_CQM-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_GET_PROG_INFO
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
sendmmsg$inet6(r0, &(0x7f0000004cc0)=[{{&(0x7f0000000040)={0xa, 0x4e22, 0x1ff, @private0, 0x401}, 0x1c, &(0x7f00000001c0)=[{&(0x7f00000003c0)="f5", 0x1}], 0x1}}, {{&(0x7f0000000480)={0xa, 0x4e24, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8e}, 0x1c, &(0x7f0000000d80)=[{&(0x7f0000000c40)="ea", 0x1}], 0x1}}], 0x2, 0x40)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e24, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}}, 0x0, 0x1, 0x3bf8580d, 0x0, 0xb3550aa4ba878396, 0x2}, 0x9c)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000080)={<r1=>0x0, 0xffffffdc}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000200)={r1, @in={{0x2, 0x4e22, @local}}}, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x6}, 0x48)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="540000000206050000000000000000000700000005000100060000000d000300686173683a6e6574000000000900020073797a3100000000050005000200000005000400000000000c00078008001240"], 0x54}}, 0x0)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003f00000008000300", @ANYRES32=r4, @ANYBLOB="20005e8008000700b3010000080005"], 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000100009500000000000000"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r6, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4805}, 0x20000050)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a30000000000900010073797a3000000000140003800800014000000000080002400000000014000000110001"], 0x68}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWFLOWTABLE={0x34, 0x16, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x5c}, 0x1, 0x0, 0x0, 0x20000010}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x40d, 0x70bd2c, 0x600, {0x0, 0x0, 0x0, 0x0, 0x99ffef750d96a51f, 0x40300}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_LACP_ACTIVE={0x5, 0x1d, 0x10}, @IFLA_BOND_PACKETS_PER_SLAVE={0x8, 0x14, 0x7}]}}}]}, 0x44}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_CONNECT-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r3, @ANYBLOB="0a00340002020202020200000a00060008021100000000000800350000005f"], 0x44}}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=@newlink={0x48, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_ADDRESS={0xa, 0x1, @dev}, @IFLA_MTU={0x8, 0x4, 0xff2}]}, 0x48}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-prlimit64-sched_setscheduler-openat$dir-fanotify_mark-setsockopt$RDS_GET_MR_FOR_DEST-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-recvmmsg-bpf$PROG_LOAD-openat$cgroup_ro-ftruncate-syz_open_dev$vim2m-ioctl$vim2m_VIDIOC_REQBUFS-syz_open_dev$vim2m-ioctl$vim2m_VIDIOC_G_FMT-socket$inet_sctp-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-setsockopt$IP_VS_SO_SET_ADD-setsockopt$IP_VS_SO_SET_ADDDEST
detailed listing:
executing program 0:
socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x105, 0x4800003a, r0, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000480)={@in6={0xa, 0x4e23, 0x7, @rand_addr=' \x01\x00', 0x4}, {&(0x7f0000000640)=""/134, 0x86}, &(0x7f0000000340), 0x10}, 0xa0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x120, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
ftruncate(r2, 0x6)
r4 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r5, 0x40045613, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, 0x0, 0x0, 0x0}})
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000100)={0x20007, 0x3, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000280)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x5, 0x3, 'sh\x00', 0x1, 0x4, 0x72}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010101, 0x4e1f, 0x3, 'lc\x00', 0x34, 0x83, 0x5}, {@dev={0xac, 0x14, 0x14, 0x34}, 0x4e23, 0x2, 0xcf, 0x12d5c, 0x12d5c}}, 0x44)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-prlimit64-sched_setscheduler-openat$dir-fanotify_mark-setsockopt$RDS_GET_MR_FOR_DEST-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-recvmmsg-bpf$PROG_LOAD-openat$cgroup_ro-ftruncate-syz_open_dev$vim2m-ioctl$vim2m_VIDIOC_REQBUFS-syz_open_dev$vim2m-ioctl$vim2m_VIDIOC_G_FMT-socket$inet_sctp-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-setsockopt$IP_VS_SO_SET_ADD-setsockopt$IP_VS_SO_SET_ADDDEST
detailed listing:
executing program 0:
socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x105, 0x4800003a, r0, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000480)={@in6={0xa, 0x4e23, 0x7, @rand_addr=' \x01\x00', 0x4}, {&(0x7f0000000640)=""/134, 0x86}, &(0x7f0000000340), 0x10}, 0xa0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x120, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
ftruncate(r2, 0x6)
r4 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r5, 0x40045613, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, 0x0, 0x0, 0x0}})
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000100)={0x20007, 0x3, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000280)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x5, 0x3, 'sh\x00', 0x1, 0x4, 0x72}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010101, 0x4e1f, 0x3, 'lc\x00', 0x34, 0x83, 0x5}, {@dev={0xac, 0x14, 0x14, 0x34}, 0x4e23, 0x2, 0xcf, 0x12d5c, 0x12d5c}}, 0x44)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$ipvs-prlimit64-syz_open_dev$usbfs-syz_open_procfs-mount$9p_fd-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-socket$inet6_mptcp-bind$inet6-connect$inet6-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-socket-getsockopt-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$TIPC_CMD_SET_LINK_TOL-sendmsg$IPVS_CMD_NEW_DAEMON-madvise-munlockall-setsockopt$EBT_SO_SET_ENTRIES-socket-setsockopt$netlink_NETLINK_TX_RING-write
detailed listing:
executing program 0:
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
prlimit64(0x0, 0x2, &(0x7f0000000340)={0xc, 0x100}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x800000001fe, 0x82)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000002c0)='.\x00', &(0x7f0000000040), 0x8000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x7, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x1c)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket(0x15, 0x5, 0x0)
getsockopt(r6, 0x200000000114, 0x2721, 0x0, &(0x7f0000000000))
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r7)
sendmsg$TIPC_CMD_SET_LINK_TOL(r7, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="000225bd7000ffdbdf25010000000000000007410000004c001800000afc6962000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000"], 0x68}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01000000000000000000090000003c000380140002007663616e30000000000000000000000014000600ff0500000000000000000000000000010800010001000000080003"], 0x50}}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
munlockall()
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)=@filter={'filter\x00', 0xe, 0x2, 0x0, [0x0, 0x20000080, 0x200000b0, 0x200000e0, 0x0, 0xffffffffffffffff], 0x0, 0x0, 0x0}, 0x108)
r9 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000000)={0x10003, 0x0, 0xd7c4, 0xfffffff9}, 0x10)
write(r9, &(0x7f00000000c0)="240000001e005f0214fffffffffffff807a600001d00000000000000080009000d000000", 0x24)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare-socket-connect$netlink-socket$kcm-socket$nl_netfilter-sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET-write$cgroup_subtree-socket-socket$nl_generic-syz_genetlink_get_family_id$l2tp-connect$unix-capset-openat$rtc-ioctl$RTC_SET_TIME-sendmsg$L2TP_CMD_TUNNEL_CREATE-sendmsg$L2TP_CMD_SESSION_GET-ioctl$EXT4_IOC_CHECKPOINT-socket$inet6_tcp-shutdown-setsockopt$inet6_tcp_TCP_CONGESTION-bind$inet6-connect$inet6-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-sendmsg$IEEE802154_ASSOCIATE_REQ-sendmsg$IEEE802154_LLSEC_ADD_DEVKEY-connect$inet6-setsockopt$MRT6_ADD_MIF-recvmsg
detailed listing:
executing program 0:
unshare(0x28000600)
r0 = socket(0x10, 0x3, 0x0)
connect$netlink(r0, &(0x7f0000000340)=@proc={0x10, 0x0, 0x1, 0x800000}, 0x6f)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="3c00000003080101000000000000000000000000050003000600000014020480080008400000000008000940000000000900010073797a3100000000"], 0x3c}}, 0x0)
write$cgroup_subtree(r1, &(0x7f00000003c0)=ANY=[@ANYRES16=r2], 0x41a0)
r3 = socket(0xa, 0x5, 0x3a)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff)
connect$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
ioctl$RTC_SET_TIME(r6, 0x4024700a, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)={0x3c, r5, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_FD={0x8, 0x17, @udp6=r3}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x400003}]}, 0x3c}}, 0x20000018)
sendmsg$L2TP_CMD_SESSION_GET(r3, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000426bd7000fbdbdf2508000000050005000100000006001b00020000000c000f0009000000000000200c000f006d0000000000000008001800e0edc03f170022000100000008000c0000000000"], 0x54}, 0x1, 0x0, 0x0, 0x20008084}, 0x4000001)
ioctl$EXT4_IOC_CHECKPOINT(r4, 0x4004662b, &(0x7f0000000980))
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r7, 0x1)
setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f00000000c0)='cdg', 0x3)
bind$inet6(r7, &(0x7f0000000500)={0xa, 0x4e22, 0xb48f, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1c}}, 0x13}, 0x1c)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r8)
sendmsg$IEEE802154_ASSOCIATE_REQ(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, r9, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x125bc57b848e7545}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x18}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4001}, 0x4000)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r8, &(0x7f0000000940)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x1c, r9, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc800}, 0x40004)
connect$inet6(r7, &(0x7f0000000440)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000480)={0x0, 0x185e0b12a06f626e}, 0xc)
recvmsg(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000002c0)=""/106, 0x6a}], 0x1}, 0x12002)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare-socket-connect$netlink-socket$kcm-socket$nl_netfilter-sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET-write$cgroup_subtree-socket-socket$nl_generic-syz_genetlink_get_family_id$l2tp-connect$unix-capset-openat$rtc-ioctl$RTC_SET_TIME-sendmsg$L2TP_CMD_TUNNEL_CREATE-sendmsg$L2TP_CMD_SESSION_GET-ioctl$EXT4_IOC_CHECKPOINT-socket$inet6_tcp-shutdown-setsockopt$inet6_tcp_TCP_CONGESTION-bind$inet6-connect$inet6-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-sendmsg$IEEE802154_ASSOCIATE_REQ-sendmsg$IEEE802154_LLSEC_ADD_DEVKEY-connect$inet6-setsockopt$MRT6_ADD_MIF-recvmsg
detailed listing:
executing program 0:
unshare(0x28000600)
r0 = socket(0x10, 0x3, 0x0)
connect$netlink(r0, &(0x7f0000000340)=@proc={0x10, 0x0, 0x1, 0x800000}, 0x6f)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="3c00000003080101000000000000000000000000050003000600000014020480080008400000000008000940000000000900010073797a3100000000"], 0x3c}}, 0x0)
write$cgroup_subtree(r1, &(0x7f00000003c0)=ANY=[@ANYRES16=r2], 0x41a0)
r3 = socket(0xa, 0x5, 0x3a)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff)
connect$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
ioctl$RTC_SET_TIME(r6, 0x4024700a, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)={0x3c, r5, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_FD={0x8, 0x17, @udp6=r3}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x400003}]}, 0x3c}}, 0x20000018)
sendmsg$L2TP_CMD_SESSION_GET(r3, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000426bd7000fbdbdf2508000000050005000100000006001b00020000000c000f0009000000000000200c000f006d0000000000000008001800e0edc03f170022000100000008000c0000000000"], 0x54}, 0x1, 0x0, 0x0, 0x20008084}, 0x4000001)
ioctl$EXT4_IOC_CHECKPOINT(r4, 0x4004662b, &(0x7f0000000980))
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r7, 0x1)
setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f00000000c0)='cdg', 0x3)
bind$inet6(r7, &(0x7f0000000500)={0xa, 0x4e22, 0xb48f, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1c}}, 0x13}, 0x1c)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r8)
sendmsg$IEEE802154_ASSOCIATE_REQ(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, r9, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x125bc57b848e7545}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x18}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4001}, 0x4000)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r8, &(0x7f0000000940)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x1c, r9, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc800}, 0x40004)
connect$inet6(r7, &(0x7f0000000440)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000480)={0x0, 0x185e0b12a06f626e}, 0xc)
recvmsg(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000002c0)=""/106, 0x6a}], 0x1}, 0x12002)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$autofs-ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x680802, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYRES8=r1], 0x38}, 0x1, 0x0, 0x0, 0x4048015}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-openat$autofs-ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x680802, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYRES8=r1], 0x38}, 0x1, 0x0, 0x0, 0x4048015}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$phonet_pipe-listen-openat-mount$9p_fd
detailed listing:
executing program 0:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
listen(r0, 0x7)
r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xe02, 0x1c0)
mount$9p_fd(0x0, &(0x7f0000002680)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000026c0), 0x2, &(0x7f00000058c0)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$phonet_pipe-listen-openat-mount$9p_fd
detailed listing:
executing program 0:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
listen(r0, 0x7)
r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xe02, 0x1c0)
mount$9p_fd(0x0, &(0x7f0000002680)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000026c0), 0x2, &(0x7f00000058c0)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$ipvs-prlimit64-syz_open_dev$usbfs-syz_open_procfs-mount$9p_fd-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-socket$inet6_mptcp-bind$inet6-connect$inet6-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-socket-getsockopt-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$TIPC_CMD_SET_LINK_TOL-sendmsg$IPVS_CMD_NEW_DAEMON-madvise-munlockall-setsockopt$EBT_SO_SET_ENTRIES-socket-setsockopt$netlink_NETLINK_TX_RING-write
detailed listing:
executing program 0:
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
prlimit64(0x0, 0x2, &(0x7f0000000340)={0xc, 0x100}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x800000001fe, 0x82)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000002c0)='.\x00', &(0x7f0000000040), 0x8000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x7, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x1c)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket(0x15, 0x5, 0x0)
getsockopt(r6, 0x200000000114, 0x2721, 0x0, &(0x7f0000000000))
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r7)
sendmsg$TIPC_CMD_SET_LINK_TOL(r7, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="000225bd7000ffdbdf25010000000000000007410000004c001800000afc6962000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000"], 0x68}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01000000000000000000090000003c000380140002007663616e30000000000000000000000014000600ff0500000000000000000000000000010800010001000000080003"], 0x50}}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
munlockall()
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)=@filter={'filter\x00', 0xe, 0x2, 0x0, [0x0, 0x20000080, 0x200000b0, 0x200000e0, 0x0, 0xffffffffffffffff], 0x0, 0x0, 0x0}, 0x108)
r9 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000000)={0x10003, 0x0, 0xd7c4, 0xfffffff9}, 0x10)
write(r9, &(0x7f00000000c0)="240000001e005f0214fffffffffffff807a600001d00000000000000080009000d000000", 0x24)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-syz_ublk_setup_queues-ioctl$F2FS_IOC_FLUSH_DEVICE-write$cgroup_subtree-recvmsg
detailed listing:
executing program 0:
r0 = socket$kcm(0x10, 0x400000002, 0x0)
syz_ublk_setup_queues(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x0, 0x7fe8, 0x10000, 0x0, 0x182}, &(0x7f0000000100)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0x5236, 0x40, 0x3, 0x210}, <r1=>0xffffffffffffffff}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x21d8, 0x1000, 0x3, 0x3aa, 0x0, r0}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xcf61, 0x800, 0x2, 0x32c}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x6d63, 0x0, 0x3, 0x38f}}], 0x4, &(0x7f0000002400)={0x2e, 0x21, 0x0, 0xffffffffffffffff, 0xc0107520, 0x0, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, '\x00', {0x1, 0x785, 0x0, &(0x7f0000001400)=@buf_max_buf="b2725872b99b1463436c1040efae3c36a896a2121570629700132bc6ff20dc25ef0786ffb75e654181516b906e8c644a59e1a1575b25cf6ae93e2635ec623cc2130ad04b288b9a19a67cc49c1f1b489cb234cfc9d4870484d8e8d0f09e93b0b2ab16214f67c6c3fa45d0f038f42951392187fc65a37478d670b11290fc37ca67ac802382bef42c94389ac2691d3c5303835bdce92a27388cafe42c5ebdfe71da186306ed7d3948318fe0208ac8bc1c958eeb6f379078a218f1aa697c51d97e97e37bfcf90a82a17632fc1e6c87917996bce77fa06ff81282f55e2f47e6f5d412c2b32254de5254f297b1935b3ce849c9b86f556f855c03ccce39428c33c77b7e7c9929f68a1fb6459ecd0b372a90f7f83819729a1bd994086de548d85f3b00b2ec2d636b43ead2099879517b885eabdcf571f565759ceed4bcad2dcfe54ca06c83aedb8834aef607698a1c4d024e2c0856f0c978aaedbe1c3362b7b25f3e9129bb83d4aa4a12db88a75161faf2f8475087491e1005ca488e93d2a22b4ce805f54d7daa39abfbe88cdf813728ca9c191b0ac43ed916548c99ce09101fd7a24b29ef6f68934d27026bd6b7107ae3a1f82602d7abfb7536760156865ff363cd285c864f34e9017a82feaefad3382ca0c2ad3ab880b66b9481a52fe459f29bd88a726d6b4af0e78df8dfcf374a18220bdc6c8adea85470c80cd563c4ddf21233f13f682ee28a0a4eb3562fdbf498ca2eab177a95f7ac8e51b9954b82fcc003266c930c8952cd5b43da03776cbae06cad94b68c1624c664b0ee71ae737957a5a95ac119e6cd8654aaae05a4981c65752fc9bd8ed11f70a51888343eaea2cf7c4dcede7aae628314be50028943a2a6619b753abf5d96e91bada9db9cd218611acf1d37580e49d56e6b0ccae0fe6210b8b1335ed7efd5065e7b65d2ca05b7238a065f2d26db0f6664b16d331693a5303a203efe5ebf383c1b52abda53a7a7ae0d9353a43d232612c13830bcd247be531db40649e483b4d85d7951f3afc08bd06ff6076f2e5e3b3fab9829b93ff24e762fefdc0ecd4a557418201aa8c4fb96081794e5f5cf90cc258db8f99cb5844ea5ae2fc97f2ad8667303ad67a4019957457148c68e93778f012f30c8eb9269ef83517dbc297b8b29c2c56ec5cf61a7b4a0d541c0576aaf6b0218b8a3862242ceb63fee7312306f5552e258767d3ee7254f2df1ae4557b8c7aa905b5e26014ae6cd5f744607f7ed497e5ca8c6bee8d21c01e2614e616723c8dad4edb74255ed4ea1bfc5ab13a84e73bf725d3fc8780dcd485d581eb60db2780ab55583ce5ce652ba72b60fb51df053b95323cea195cd45056ecc49fa82326a834ff6da522cb5a199a754e4dbed5b342cdd0ac7c48e74730a3c22aa54c78fbc5fd346063074e7e8566d891212336c3852943732f8c2501125187b19cb7e36dda29b1b8bf05fd57579aa0fbae8cc7b8c415b03b950221577b272d78c4fce5fc167ed86ac169fd5d183e534f60147132efb96b0d5f7d0eb5c8b5cdcef2a94c57c1050be4d9507acbfd7abb2ae4a351203dccb258d064bff34e1e9312ddc4013fa60a195afa6583380ef7ed80929da4e6456fb49f1a9a9fe0ae9f3cb0752904abaa4c136ab3d2aa2b289af7617db788ce92c8ac25e65b6cf45f34a1986c5f975d5c7692162e461947343782616ac882c221d233d89c17dffb6ce08409489637f736877a42658e53874a7a1e3070957181c8531f9d177254416bb68c48c3de93731a397e9d4a7c3f1842bbc6f8181439d951bda3918d0352c0b725cccb639ee42d39d03026a488b68804c465779778ab772f8f447f5df970684830cfeb3f70cf38e4e7a8cc08c98e0699567792170d282381fe13f795cd62aa5417aeda3245f8253d994bf6915ea1e618c7a38eabd75ea3a94306a6611919db5d66b91a77eda01389095c5c2438b99a4e311b2b158b4a786fd0d093ab040b078f23844679ca06a509486c334831398825c66b0f483ddba0c801287060de4df4387ca6fcd828ae48e02e52d4881a8848584e2bd2cb7344ec8b81fe09ea1cc86e4a034266c6d644fd6b27981648b0b64cc15434e478c77adfdcf103e620e2a023a5608ef456e2d20f2f073e83c266474e5d68014d7348c5df6a400d7b24db59039e284da268e34bca84b705d0875b788e67d296c81d32942fc27c0d2a30016d16dee199051fcaaf53ac2eecf9a229438a02bd7f1d9a153401f6b5842504e000ceba5b811cde8ff8fe20b66e770ee44bf8012ca8d00d69197d4e710c6b72c65fb447907940468f3528cd6b0bc5bc5e607165fe6257a74f9674393944e16e458034c17ba9d027fb7760f7383ba1fd98611345e262e45afb0ce65e6445cbb056f6f23df3856da89495aca5c3f601d0eb9a4b6ef3978ba03948dc05a2872349381dc656fb60f996dca2eae6a4dcf87f7d54c7662793d5047bcc9a6d1fb6b2a0d8a164dbfe14ba0d8d63251bf06bc7b8cb1dc8be9cd20cbbdfa164d7db3d24ef2f5a96730f007d9d0aa612460c563bb13e128d4b2089a86aebb57d9cb89fa1f86746d57eebebef6e5539daa74cbe72a89388a780fd22099a915c77a6bbbc046bf66abf409ef632ec3d985e4b6542dea133f8538a7153993118695aabd457eb8a61a4f32dddf81c6ee196435d8e97b0e4394e6488ad1810b8f1f664b811da59bf2cc6b8a235d9a1c866887b5bd2054daaec5c198b391db0ed502ef95f0b3fd16f6042c52af4bc953a53103a8f9a5ae72a523d0fb9e172214507383eefbc7a572aeab6e7a2180e1f69405cc1d551feab6c02d26bf772267674e14502cbc73887fc7a74d3faea7e1daf0b10c5e2d9530ef3da60c72b46fd6ce7e92e3b364460dc9606bf46455599aa255a2891932abfc53f6767b2e4aee1cbe0d1f721944416305879ac6c908d97408ebfe9109534ded852aea40839a3d054a6d92506dbbb22df6558b72e081ff188fc6c907b8ed54f7e6ab334c81751dc798ba20cf29e48e067a9fa47967bc813cc8c7ce2fe01b1a4df3702f01cd5c496154f030168bf5ab8d7c251402d5611b227db6845a283a51b7c72f2b6c966215373b70c787f20d0070a3dbbbb06750c45fc40e64e5fbfcd824eb5ab6843f1d3c4ca0e43d06eab9c05ddad7a1684a03321c8b07a3005a9eb8226b59b5c2ce6047fb56f0fc4860b2a436ce0ec37a3d791424e71fc423c4b076936206d9dcab65dcec908abf16f3a28951365eadcaebaa0b4a6018d85d40f2c4631b830422e49ece139e37e262e441a5df90d4d3dceae5598889893ccddd6714c85adad41029424629bbc4b5a56305be78fb1040370065e5dedd21a0e41074782dbaa731165cada1cad58add16856bc0a2e9dc559b7d727cf798421b4530ee47491a5cc8782c6f5708ea831ea8fb691539d368dd86f08b1a3f46a78edb8a56dcd616b4af8c11a782b4cc927efec6e4fa98772edb207586c643fb15f5ab3e473bea84e360f3577d8957714aa40ea2407a91ca06aae9621e9e033ab94972dfd434cfa06fbee9f31b843eabab6eee827744531438c440e62cfb6381be77b10680067fe594d05b2dcf5523f9ea0f5a1478ad8d8a66322c8bf72f3091c28d67109950fbf75a2fa86903cd1f9ad49cc75807983612c7f27e43657fc5a8a30300b8042c5ba0befa92530c4cc1d69ed9688a51ef938f022813bfd023201a6cd113d2f936aeb5a11cb3ec703bb45d700553485681428e269c966cb548441f7714f74930681398605783e56c8e3b05b7b5358a71524dd1b523918105e45ff4e91528fb48579b64bda961212e9165add9f8fb963c84d22ba127900e10c0117b959a36ec1adce144ab7b5c95934d5efe1ce41e90cc4db689295cc7afd9b9521f3f7a8429bd8e6e01f9087745ab7ff3f36bd0d4678a61b0f4b471934b0e3e02f52f059629d42f0c8340a55aa2fb6436d348466abf06f0a95aa04438abf22f19315dcf0a56ed9c99e740eb7149c743cf14cfc87820d0f62bd398c279ac9b1f59263ed4f66610290390c889c0df8a60d6b5a4ec64b25c3afa6a6338380c683134e09ac29e1900e4529a69ded4799cbdb3abda83c5b65c4b6c0c636c075df7bb9bcc35cd45450dba9dc5924880343ac9e77b01daf839ee10f8e86b3d42683ff418c54185929c9e39ad27a6c64cd3c82fa024a98e782ebac052aba5f5a9c6070c6f874dbd086f0e6a3e7a5db7833eafda969b59ac1fa1acbcc6be9947f8cf118ae6a11a61150dd816681251a2893707e1a4d53de775ee3ff661d6df80f8025febc59b81465a2b44617765a441833bcdc20b94732ecc7b236ca73a5e601ae1693e5f4cc8f485b1faf0758cbb939cb6354aa064d56c714bd07e669f912a4d90e8ca7e895d41a84c559f969a9282b59530dacb04942c576dab643e3c540870ecdaeee1952c56f2e4b8dc1f8f3bbf6608628b2a1ef0f5d616c68e6fb8cc956acba8cc4f753841945e065742c63b0cd50b2b16557068fd254ddd44cc65b7118be5b300718b7f0292fc6549b0b7e3fe914eb500cbb79eaa0fe48c32c9b04fb9851cf6e9490df6bd6072646876f4c858e11902bb69df8ca0065ff150f86416f3233987f4f90daf50f5500ac05526151d2c645d4d8f9d564fec865f25e71d35e2238e1c66d68deb66e2bd46db5b1e7f41a22794c4989f937ddd96b0178d188c344f93fbdf3ea12fa91be65705b052b6bbf5ae2fc73d7b31e78452ffb17a9ee98343766f8869dfde5a962ed93e8060a8096ff90fdbbeea5932a933ad06944b0c25cec3d432cffa0a2b552b9db7e77fe1aeab6b5011c22adb9615f9d56237bfd3736a58377bbd88eefb4bc4b26075b0a43edf310f77e01e3eb1626554322bdb89b5b8702a843d93455f643676e1d495ef77f116458ab51677e3b4ef3760b313ef1b0bf97fe9e166793dc310c8decc328e233221daaa942391bb73bcbdd175d960d0b6d8d59d889facd1e5131a8e168aac97275e036e70fbe8a889e46102a9c16457866c597612d123e9ec8abf0d4d8de382b6ecbebc8b801b64949d7e988700142907a933034be65c9cecec01ee92eacf1073ff6d917a974d4f4bc8a31dc34a99ae8a0738156957dd46f45c6867c3cc4073ba4a57135ea7c75349d6253a155fe0a10bcee5d5764031b35eee94246b388d8f619c86dfc74329d6a7799844f246dffc8f14aaaf5e8b1e614810ea4aeff2537029a0a2d7df92f560461b42190007daf1cec7fc8e003e5fe6fdb705ebcdbd5d3e4be84bf688d2c09ccc0f9bb51d289d5f63cc04271fe26c6ac86dcb56efeed255236d84aa08d25b50538a9e389799c8f8efdaed2920cc6525197a14ff98b1e535dbe1ef2a0ef19cd21fc258e6f4cd9c387ddb5f75f9effd7ba4ee2d11b98cbff5a63c6d242eb17b33cd78bd89bd9d47699fadd507c9823d7cd6f805f48d4f58f54309659de2d88662fbde3df953a9def34afaf3679f2ae7439f5588f844d967c613e855c8b3c0a6c9cc53815085f9ae6401d7b12ea0490da9118fb1815995a083c89f937e740abd0f4a0e05213df86ddd235c7bc580f7ed44bcfe7e4896a801d5aabfdce72b8f72a3b347c164e9d97596e699290cb7beed8c8f205ac27aa81049ebdea3bb7959710819abbe9937dae32c021f1b1af092fe16c76ac78334fed749cab4dec651fa7981639dd00316c2623dae5ae94233f6cda61406ea14e83bd8a72aff52ce475e7ec78a6ead40da21669da606652cbe5350010995a42d7ce3458d4ec265158b71d3b26adc4ee125a9a7cbee26254f8aa8ef"}}, &(0x7f0000002480))
ioctl$F2FS_IOC_FLUSH_DEVICE(r1, 0x4008f50a, &(0x7f00000024c0)={0x52, 0x2})
write$cgroup_subtree(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0x41a0)
recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4044, 0xfcc}, {&(0x7f0000002800)=""/4166, 0x1046}], 0x2}, 0x10002)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-syz_ublk_setup_queues-ioctl$F2FS_IOC_FLUSH_DEVICE-write$cgroup_subtree-recvmsg
detailed listing:
executing program 0:
r0 = socket$kcm(0x10, 0x400000002, 0x0)
syz_ublk_setup_queues(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x0, 0x7fe8, 0x10000, 0x0, 0x182}, &(0x7f0000000100)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0x5236, 0x40, 0x3, 0x210}, <r1=>0xffffffffffffffff}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x21d8, 0x1000, 0x3, 0x3aa, 0x0, r0}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xcf61, 0x800, 0x2, 0x32c}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x6d63, 0x0, 0x3, 0x38f}}], 0x4, &(0x7f0000002400)={0x2e, 0x21, 0x0, 0xffffffffffffffff, 0xc0107520, 0x0, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, '\x00', {0x1, 0x785, 0x0, &(0x7f0000001400)=@buf_max_buf="b2725872b99b1463436c1040efae3c36a896a2121570629700132bc6ff20dc25ef0786ffb75e654181516b906e8c644a59e1a1575b25cf6ae93e2635ec623cc2130ad04b288b9a19a67cc49c1f1b489cb234cfc9d4870484d8e8d0f09e93b0b2ab16214f67c6c3fa45d0f038f42951392187fc65a37478d670b11290fc37ca67ac802382bef42c94389ac2691d3c5303835bdce92a27388cafe42c5ebdfe71da186306ed7d3948318fe0208ac8bc1c958eeb6f379078a218f1aa697c51d97e97e37bfcf90a82a17632fc1e6c87917996bce77fa06ff81282f55e2f47e6f5d412c2b32254de5254f297b1935b3ce849c9b86f556f855c03ccce39428c33c77b7e7c9929f68a1fb6459ecd0b372a90f7f83819729a1bd994086de548d85f3b00b2ec2d636b43ead2099879517b885eabdcf571f565759ceed4bcad2dcfe54ca06c83aedb8834aef607698a1c4d024e2c0856f0c978aaedbe1c3362b7b25f3e9129bb83d4aa4a12db88a75161faf2f8475087491e1005ca488e93d2a22b4ce805f54d7daa39abfbe88cdf813728ca9c191b0ac43ed916548c99ce09101fd7a24b29ef6f68934d27026bd6b7107ae3a1f82602d7abfb7536760156865ff363cd285c864f34e9017a82feaefad3382ca0c2ad3ab880b66b9481a52fe459f29bd88a726d6b4af0e78df8dfcf374a18220bdc6c8adea85470c80cd563c4ddf21233f13f682ee28a0a4eb3562fdbf498ca2eab177a95f7ac8e51b9954b82fcc003266c930c8952cd5b43da03776cbae06cad94b68c1624c664b0ee71ae737957a5a95ac119e6cd8654aaae05a4981c65752fc9bd8ed11f70a51888343eaea2cf7c4dcede7aae628314be50028943a2a6619b753abf5d96e91bada9db9cd218611acf1d37580e49d56e6b0ccae0fe6210b8b1335ed7efd5065e7b65d2ca05b7238a065f2d26db0f6664b16d331693a5303a203efe5ebf383c1b52abda53a7a7ae0d9353a43d232612c13830bcd247be531db40649e483b4d85d7951f3afc08bd06ff6076f2e5e3b3fab9829b93ff24e762fefdc0ecd4a557418201aa8c4fb96081794e5f5cf90cc258db8f99cb5844ea5ae2fc97f2ad8667303ad67a4019957457148c68e93778f012f30c8eb9269ef83517dbc297b8b29c2c56ec5cf61a7b4a0d541c0576aaf6b0218b8a3862242ceb63fee7312306f5552e258767d3ee7254f2df1ae4557b8c7aa905b5e26014ae6cd5f744607f7ed497e5ca8c6bee8d21c01e2614e616723c8dad4edb74255ed4ea1bfc5ab13a84e73bf725d3fc8780dcd485d581eb60db2780ab55583ce5ce652ba72b60fb51df053b95323cea195cd45056ecc49fa82326a834ff6da522cb5a199a754e4dbed5b342cdd0ac7c48e74730a3c22aa54c78fbc5fd346063074e7e8566d891212336c3852943732f8c2501125187b19cb7e36dda29b1b8bf05fd57579aa0fbae8cc7b8c415b03b950221577b272d78c4fce5fc167ed86ac169fd5d183e534f60147132efb96b0d5f7d0eb5c8b5cdcef2a94c57c1050be4d9507acbfd7abb2ae4a351203dccb258d064bff34e1e9312ddc4013fa60a195afa6583380ef7ed80929da4e6456fb49f1a9a9fe0ae9f3cb0752904abaa4c136ab3d2aa2b289af7617db788ce92c8ac25e65b6cf45f34a1986c5f975d5c7692162e461947343782616ac882c221d233d89c17dffb6ce08409489637f736877a42658e53874a7a1e3070957181c8531f9d177254416bb68c48c3de93731a397e9d4a7c3f1842bbc6f8181439d951bda3918d0352c0b725cccb639ee42d39d03026a488b68804c465779778ab772f8f447f5df970684830cfeb3f70cf38e4e7a8cc08c98e0699567792170d282381fe13f795cd62aa5417aeda3245f8253d994bf6915ea1e618c7a38eabd75ea3a94306a6611919db5d66b91a77eda01389095c5c2438b99a4e311b2b158b4a786fd0d093ab040b078f23844679ca06a509486c334831398825c66b0f483ddba0c801287060de4df4387ca6fcd828ae48e02e52d4881a8848584e2bd2cb7344ec8b81fe09ea1cc86e4a034266c6d644fd6b27981648b0b64cc15434e478c77adfdcf103e620e2a023a5608ef456e2d20f2f073e83c266474e5d68014d7348c5df6a400d7b24db59039e284da268e34bca84b705d0875b788e67d296c81d32942fc27c0d2a30016d16dee199051fcaaf53ac2eecf9a229438a02bd7f1d9a153401f6b5842504e000ceba5b811cde8ff8fe20b66e770ee44bf8012ca8d00d69197d4e710c6b72c65fb447907940468f3528cd6b0bc5bc5e607165fe6257a74f9674393944e16e458034c17ba9d027fb7760f7383ba1fd98611345e262e45afb0ce65e6445cbb056f6f23df3856da89495aca5c3f601d0eb9a4b6ef3978ba03948dc05a2872349381dc656fb60f996dca2eae6a4dcf87f7d54c7662793d5047bcc9a6d1fb6b2a0d8a164dbfe14ba0d8d63251bf06bc7b8cb1dc8be9cd20cbbdfa164d7db3d24ef2f5a96730f007d9d0aa612460c563bb13e128d4b2089a86aebb57d9cb89fa1f86746d57eebebef6e5539daa74cbe72a89388a780fd22099a915c77a6bbbc046bf66abf409ef632ec3d985e4b6542dea133f8538a7153993118695aabd457eb8a61a4f32dddf81c6ee196435d8e97b0e4394e6488ad1810b8f1f664b811da59bf2cc6b8a235d9a1c866887b5bd2054daaec5c198b391db0ed502ef95f0b3fd16f6042c52af4bc953a53103a8f9a5ae72a523d0fb9e172214507383eefbc7a572aeab6e7a2180e1f69405cc1d551feab6c02d26bf772267674e14502cbc73887fc7a74d3faea7e1daf0b10c5e2d9530ef3da60c72b46fd6ce7e92e3b364460dc9606bf46455599aa255a2891932abfc53f6767b2e4aee1cbe0d1f721944416305879ac6c908d97408ebfe9109534ded852aea40839a3d054a6d92506dbbb22df6558b72e081ff188fc6c907b8ed54f7e6ab334c81751dc798ba20cf29e48e067a9fa47967bc813cc8c7ce2fe01b1a4df3702f01cd5c496154f030168bf5ab8d7c251402d5611b227db6845a283a51b7c72f2b6c966215373b70c787f20d0070a3dbbbb06750c45fc40e64e5fbfcd824eb5ab6843f1d3c4ca0e43d06eab9c05ddad7a1684a03321c8b07a3005a9eb8226b59b5c2ce6047fb56f0fc4860b2a436ce0ec37a3d791424e71fc423c4b076936206d9dcab65dcec908abf16f3a28951365eadcaebaa0b4a6018d85d40f2c4631b830422e49ece139e37e262e441a5df90d4d3dceae5598889893ccddd6714c85adad41029424629bbc4b5a56305be78fb1040370065e5dedd21a0e41074782dbaa731165cada1cad58add16856bc0a2e9dc559b7d727cf798421b4530ee47491a5cc8782c6f5708ea831ea8fb691539d368dd86f08b1a3f46a78edb8a56dcd616b4af8c11a782b4cc927efec6e4fa98772edb207586c643fb15f5ab3e473bea84e360f3577d8957714aa40ea2407a91ca06aae9621e9e033ab94972dfd434cfa06fbee9f31b843eabab6eee827744531438c440e62cfb6381be77b10680067fe594d05b2dcf5523f9ea0f5a1478ad8d8a66322c8bf72f3091c28d67109950fbf75a2fa86903cd1f9ad49cc75807983612c7f27e43657fc5a8a30300b8042c5ba0befa92530c4cc1d69ed9688a51ef938f022813bfd023201a6cd113d2f936aeb5a11cb3ec703bb45d700553485681428e269c966cb548441f7714f74930681398605783e56c8e3b05b7b5358a71524dd1b523918105e45ff4e91528fb48579b64bda961212e9165add9f8fb963c84d22ba127900e10c0117b959a36ec1adce144ab7b5c95934d5efe1ce41e90cc4db689295cc7afd9b9521f3f7a8429bd8e6e01f9087745ab7ff3f36bd0d4678a61b0f4b471934b0e3e02f52f059629d42f0c8340a55aa2fb6436d348466abf06f0a95aa04438abf22f19315dcf0a56ed9c99e740eb7149c743cf14cfc87820d0f62bd398c279ac9b1f59263ed4f66610290390c889c0df8a60d6b5a4ec64b25c3afa6a6338380c683134e09ac29e1900e4529a69ded4799cbdb3abda83c5b65c4b6c0c636c075df7bb9bcc35cd45450dba9dc5924880343ac9e77b01daf839ee10f8e86b3d42683ff418c54185929c9e39ad27a6c64cd3c82fa024a98e782ebac052aba5f5a9c6070c6f874dbd086f0e6a3e7a5db7833eafda969b59ac1fa1acbcc6be9947f8cf118ae6a11a61150dd816681251a2893707e1a4d53de775ee3ff661d6df80f8025febc59b81465a2b44617765a441833bcdc20b94732ecc7b236ca73a5e601ae1693e5f4cc8f485b1faf0758cbb939cb6354aa064d56c714bd07e669f912a4d90e8ca7e895d41a84c559f969a9282b59530dacb04942c576dab643e3c540870ecdaeee1952c56f2e4b8dc1f8f3bbf6608628b2a1ef0f5d616c68e6fb8cc956acba8cc4f753841945e065742c63b0cd50b2b16557068fd254ddd44cc65b7118be5b300718b7f0292fc6549b0b7e3fe914eb500cbb79eaa0fe48c32c9b04fb9851cf6e9490df6bd6072646876f4c858e11902bb69df8ca0065ff150f86416f3233987f4f90daf50f5500ac05526151d2c645d4d8f9d564fec865f25e71d35e2238e1c66d68deb66e2bd46db5b1e7f41a22794c4989f937ddd96b0178d188c344f93fbdf3ea12fa91be65705b052b6bbf5ae2fc73d7b31e78452ffb17a9ee98343766f8869dfde5a962ed93e8060a8096ff90fdbbeea5932a933ad06944b0c25cec3d432cffa0a2b552b9db7e77fe1aeab6b5011c22adb9615f9d56237bfd3736a58377bbd88eefb4bc4b26075b0a43edf310f77e01e3eb1626554322bdb89b5b8702a843d93455f643676e1d495ef77f116458ab51677e3b4ef3760b313ef1b0bf97fe9e166793dc310c8decc328e233221daaa942391bb73bcbdd175d960d0b6d8d59d889facd1e5131a8e168aac97275e036e70fbe8a889e46102a9c16457866c597612d123e9ec8abf0d4d8de382b6ecbebc8b801b64949d7e988700142907a933034be65c9cecec01ee92eacf1073ff6d917a974d4f4bc8a31dc34a99ae8a0738156957dd46f45c6867c3cc4073ba4a57135ea7c75349d6253a155fe0a10bcee5d5764031b35eee94246b388d8f619c86dfc74329d6a7799844f246dffc8f14aaaf5e8b1e614810ea4aeff2537029a0a2d7df92f560461b42190007daf1cec7fc8e003e5fe6fdb705ebcdbd5d3e4be84bf688d2c09ccc0f9bb51d289d5f63cc04271fe26c6ac86dcb56efeed255236d84aa08d25b50538a9e389799c8f8efdaed2920cc6525197a14ff98b1e535dbe1ef2a0ef19cd21fc258e6f4cd9c387ddb5f75f9effd7ba4ee2d11b98cbff5a63c6d242eb17b33cd78bd89bd9d47699fadd507c9823d7cd6f805f48d4f58f54309659de2d88662fbde3df953a9def34afaf3679f2ae7439f5588f844d967c613e855c8b3c0a6c9cc53815085f9ae6401d7b12ea0490da9118fb1815995a083c89f937e740abd0f4a0e05213df86ddd235c7bc580f7ed44bcfe7e4896a801d5aabfdce72b8f72a3b347c164e9d97596e699290cb7beed8c8f205ac27aa81049ebdea3bb7959710819abbe9937dae32c021f1b1af092fe16c76ac78334fed749cab4dec651fa7981639dd00316c2623dae5ae94233f6cda61406ea14e83bd8a72aff52ce475e7ec78a6ead40da21669da606652cbe5350010995a42d7ce3458d4ec265158b71d3b26adc4ee125a9a7cbee26254f8aa8ef"}}, &(0x7f0000002480))
ioctl$F2FS_IOC_FLUSH_DEVICE(r1, 0x4008f50a, &(0x7f00000024c0)={0x52, 0x2})
write$cgroup_subtree(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0x41a0)
recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4044, 0xfcc}, {&(0x7f0000002800)=""/4166, 0x1046}], 0x2}, 0x10002)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$tty1-prlimit64-sched_setscheduler-getpid-ioctl$TIOCGICOUNT-sched_setaffinity-sched_setscheduler-mmap-socketpair$unix-copy_file_range-openat$tun-ioctl$TUNSETIFF-socket$nl_route-socket$unix-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route_sched-socket$nl_route-sendmsg$nl_route_sched-socket-socket$unix-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route_sched-connect$unix-sendmmsg$unix-recvmmsg-bpf$PROG_LOAD
detailed listing:
executing program 0:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
ioctl$TIOCGICOUNT(r0, 0x545d, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
copy_file_range(r0, 0x0, r2, &(0x7f0000000180)=0x80000000, 0x7, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newqdisc={0x6c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x3c, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x40, 0x6, 0x3, 0x8, 0x6, 0xffffff26, 0x2, 0x80, 0x8, 0x7, 0x15, 0x9d, 0x4, 0x5, 0x7, 0xc5f7}}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x200400dc}, 0x0)
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r11, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0x0, 0xfff1}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106800000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67000000000000350607000fff07201706000020190000160300000ee60060bf050000000000007b65b0ff000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$tty1-prlimit64-sched_setscheduler-getpid-ioctl$TIOCGICOUNT-sched_setaffinity-sched_setscheduler-mmap-socketpair$unix-copy_file_range-openat$tun-ioctl$TUNSETIFF-socket$nl_route-socket$unix-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route_sched-socket$nl_route-sendmsg$nl_route_sched-socket-socket$unix-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route_sched-connect$unix-sendmmsg$unix-recvmmsg-bpf$PROG_LOAD
detailed listing:
executing program 0:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
ioctl$TIOCGICOUNT(r0, 0x545d, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
copy_file_range(r0, 0x0, r2, &(0x7f0000000180)=0x80000000, 0x7, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newqdisc={0x6c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x3c, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x40, 0x6, 0x3, 0x8, 0x6, 0xffffff26, 0x2, 0x80, 0x8, 0x7, 0x15, 0x9d, 0x4, 0x5, 0x7, 0xc5f7}}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x200400dc}, 0x0)
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r11, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0x0, 0xfff1}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106800000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67000000000000350607000fff07201706000020190000160300000ee60060bf050000000000007b65b0ff000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-openat$tun-ioctl$TUNSETIFF-socket-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route_sched-sendmsg$nl_route_sched
detailed listing:
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="850000002f000000620a00ff0000000075000000000000009500000000000000181000", @ANYRES32], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x7ffe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)=@newtfilter={0x874, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r2, {0x0, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_fw={{0x7}, {0x848, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0xa, 0x7}}, @TCA_FW_MASK={0x4, 0x5, 0x2}, @TCA_FW_MASK={0x8, 0x5, 0x2}, @TCA_FW_MASK={0x8, 0x5, 0x8}, @TCA_FW_POLICE={0x814, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x1ed, 0x0, 0x6, 0x1, 0x0, 0x80000001, 0x0, 0x8001, 0x2, 0x80, 0x7, 0x9, 0x435, 0x359, 0x1, 0x1ff, 0x7ff, 0x9, 0x80, 0xe1, 0xffffff80, 0x8, 0xa98, 0x80, 0x8, 0x6, 0x7, 0x8000, 0xb0000000, 0xffffffff, 0x3, 0x4, 0x6, 0x1, 0x8, 0x7, 0x100, 0x36, 0x4, 0x401, 0x0, 0xcfec, 0x6dce, 0x254d, 0xc, 0x2b, 0x3, 0x9, 0x4, 0x200, 0x9, 0x0, 0x0, 0x3, 0x3, 0xb, 0x356, 0x0, 0x0, 0x4, 0x4, 0x1, 0x1, 0x5, 0x1df4, 0x9, 0xf0, 0x6, 0x5, 0x80, 0x3, 0xffffff4f, 0x47, 0x3, 0x11ee, 0x3, 0x2, 0x9, 0x400000, 0x2, 0x1, 0x9, 0x5, 0xdc57, 0x32ae, 0x2, 0x100, 0x0, 0x0, 0x7, 0xffff, 0x3, 0xe, 0x0, 0x0, 0xfffffffd, 0xfa, 0xff, 0x3, 0x8, 0x9, 0x1, 0x0, 0x28, 0x10000, 0xfffffff8, 0xa, 0x3, 0x3, 0x5, 0xe, 0xb, 0x70f, 0x2ab, 0x8, 0x5, 0xef, 0x8, 0x6, 0x1, 0x0, 0x9, 0x2, 0x9, 0x5, 0x7, 0xc, 0x9db7, 0x8, 0x9, 0x5, 0x2, 0xdf5, 0x1, 0x8000, 0xb920000, 0x7fff, 0x2, 0x2, 0x3, 0x48a, 0x200, 0x7, 0x8001, 0x8, 0x0, 0x3ff, 0x1, 0x1, 0x7fff, 0x7fffffff, 0xb200000, 0x8, 0x3, 0x4, 0x5, 0x0, 0x100, 0x5, 0xf800, 0x3, 0x7, 0x697, 0x3, 0x4, 0xfffffe01, 0xfffffffc, 0xffffff01, 0xffffffff, 0x3, 0x8, 0x598f, 0x2, 0x800, 0xcf55, 0x0, 0xc, 0x2, 0x3, 0x5, 0xffffffff, 0x0, 0x2d9, 0xa3, 0xd0, 0x89a3, 0x9, 0x9, 0x5, 0xffff7b9a, 0x9, 0x1000, 0x3, 0x6, 0x80000000, 0x7, 0x9, 0x3, 0x53, 0x10000, 0x1, 0xa05, 0x28e, 0x81, 0x100, 0x0, 0x9c, 0x9, 0x9, 0x7fffffff, 0xfffffe00, 0x1, 0x4, 0x6, 0x3ff, 0x1, 0x1, 0xffff, 0x3, 0xb0, 0x3, 0x8, 0x808c, 0x8, 0x5, 0x7, 0x54dce891, 0x6, 0x1, 0x5, 0x4, 0x1, 0x6, 0x2, 0x9, 0x1, 0x9, 0xfffffffc, 0x0, 0xb, 0x0, 0x9, 0x7, 0xffff9278, 0xb4, 0x4, 0xffffffff, 0x4, 0x6, 0x5, 0x9, 0x3, 0xffffffff, 0x9, 0x8000, 0x5]}, @TCA_POLICE_RATE={0x404, 0x2, [0x6, 0x976b, 0x5, 0x0, 0x5, 0x1, 0x1000, 0x9, 0x80000000, 0x0, 0x1000, 0x6309, 0x61c61a3b, 0x82c, 0xe, 0x9, 0x8001, 0x0, 0x2, 0xe9a, 0x80000000, 0x0, 0x2, 0x6, 0x8, 0x1, 0x3, 0x10, 0x4, 0x9, 0xb5, 0x401, 0x370, 0x66, 0x4, 0x400, 0x80, 0x1, 0x4, 0x9, 0x1000, 0x1, 0x228, 0x1, 0x7, 0xb, 0x2, 0x7, 0x3, 0x1ff, 0x68c4, 0x7, 0x75, 0x1, 0x3, 0x29, 0x81, 0x2, 0x9, 0x9, 0x800, 0x9cb, 0x0, 0x800, 0x7e0c7199, 0xb, 0xfffffff7, 0x9, 0x401, 0x7, 0xfff, 0xffffffff, 0x7, 0x2, 0x6, 0x2, 0x6, 0x0, 0x1, 0x54d8, 0x5, 0x2245, 0x4, 0x9, 0x3, 0xfffffff8, 0x0, 0x0, 0x3, 0x2faf, 0x5, 0x7, 0x10001, 0x1, 0xf, 0x0, 0x4, 0x1000, 0x0, 0xfffffffb, 0x5f1, 0xffff, 0x4, 0x2, 0x10000, 0xffff8000, 0xffffff87, 0x79, 0x207, 0x80000000, 0x0, 0x2, 0x1, 0x10001, 0x800, 0x2, 0x100, 0x7, 0x6, 0x1, 0x2, 0xfffff800, 0x2, 0x1, 0x0, 0xffffffff, 0x91, 0xff, 0x1, 0xff, 0x0, 0x1, 0x6, 0x8, 0x497, 0x7, 0x6, 0x0, 0x7, 0xa1, 0x7, 0x6, 0x7, 0x88, 0x8, 0x3, 0x7, 0x4, 0x0, 0x230980d9, 0xfffffffe, 0x3, 0x31, 0x4, 0x8, 0x5, 0x5, 0x3393, 0xfffffff9, 0x0, 0x7ff, 0x3, 0x6, 0x3, 0xa1a, 0x10001, 0x455b, 0x40, 0x3, 0x8, 0x7ff, 0x3, 0xffffff81, 0x4, 0x8bc, 0x2, 0x7f, 0x3, 0x9, 0x80000001, 0x2bdd, 0x0, 0x2, 0x9, 0x9, 0xb, 0xac, 0x1, 0x80000001, 0x9, 0x80000000, 0xe8f, 0x3, 0x7f, 0x0, 0xfffffffc, 0x29de, 0x0, 0xffff0000, 0x763a, 0x9, 0x9, 0x7, 0xe, 0x16, 0x400, 0x4, 0x2, 0x2, 0xfffffffe, 0xfffffff9, 0x3, 0x101, 0x0, 0xfffffffb, 0x0, 0x1, 0x9, 0x8, 0x9, 0x9, 0x2, 0xfffffffd, 0x9981, 0x2, 0x9, 0x7, 0x3ff, 0x3, 0x8, 0x7fffffff, 0x6, 0x85c, 0x3c3f, 0x8, 0x3, 0x3, 0x100, 0x3, 0x4, 0x0, 0x7, 0x7f, 0x1, 0x6, 0x4, 0xf23a, 0x7, 0x3, 0xfffffff9, 0x2, 0x2, 0x55d, 0x101, 0xc000, 0x5]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x7}]}, @TCA_FW_MASK={0x8, 0x5, 0x4}, @TCA_FW_MASK={0x8, 0x5, 0x82}]}}]}, 0x874}, 0x1, 0x0, 0x0, 0x884}, 0x2)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-socket$pppl2tp-socket$nl_generic-socket$nl_route-syz_open_dev$tty1-ioctl$KDSKBSENT-socket$nl_route-socket$nl_route-socket$nl_route-socket$packet-socket$qrtr-ioctl$ifreq_SIOCGIFINDEX_batadv_hard-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSKBSENT(r3, 0x4b49, &(0x7f0000000140)={0x10, "04ef0d42005ac485d763672693bcd1fabec153475574b17e6f83744d9f9a9c43eb648edefd97d645bcb6a93ea0adb9dbd07faf5a14c3fe9cd569facc2aa012a75483badbbf431f7c21f95bee44e514bac477a372ad7041d44801f7c595537ce9a9d2e3bd2c15aabc387314cb2695642530e7b4f9b0196b74f712ba9caa1f49013c7838ac5ef443f6fb5f80ff86af610170f1844d5ec31696e5d400a6e2013cb393bd947fd149cb99b3420c65b3996b06fce8dcb4aad9842df9bc9f92e555c0b08fff6ceae3db4a7ae62ace1f719d18b929a59d241c31945817f27595631e2f5fcdefb743dc1c393eb885d106f7b77b5f6e562060cb609025def6d9d9af4e110dece1354801f750714b58ef3e5c6da628406b94887a6bcecacb8e84fecba5a34b346839faf29fe677b476f2073dca085f8424637f4b864b348818c374d008165c36d2873d5ed09cbab33e369b86c9299da97d9a9c6db693d2017242bdc0db04c862f54fe3d27f0a0d5d6edf0cf7add1e64ab21b163b2d95f4606233ac3a0d2f9559b43fcb023344aabe17606666b449f148d24942df973186a2f14a0f0ba941af1633c11156f8fd60e215e74f36df48ff84a91e3048505ca09227097d0a037a21ee73763f6d85b47203e4bd2874c06e83511dd24275176e5c7f33806902b1e5a1ccf1ad954f413292bd46ce3364013ac0a546d5d79809268edb05de30773f8d21"})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
socket$qrtr(0x2a, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r8}]}, 0x20}}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000200)=ANY=[@ANYBLOB="6c0000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000004c0012800e00010069703665727370616e00000038000280140006002001000000000000000000000000000214000700fc0200000000000000000002000000000400120008000100"], 0x6c}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-syz_usbip_server_init-syz_usbip_server_init-syz_usbip_server_init
detailed listing:
executing program 0:
syz_usbip_server_init(0x1) (async)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000040)={0x0, 0x8, 0x7b03, 0xf, 0x36, 0x5, &(0x7f0000000080)="36b05a4aee2a01ebfeffffff002a33a3b7ac73f232360d04b017dceccda997cebe8e8d71fbd0f5198100"/54}) (async)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x2) (async)
syz_usbip_server_init(0x4)

program crashed: INFO: task hung in usbdev_release
single: successfully extracted reproducer
found reproducer with 6 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-syz_usbip_server_init-syz_usbip_server_init
detailed listing:
executing program 0:
syz_usbip_server_init(0x1) (async)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000040)={0x0, 0x8, 0x7b03, 0xf, 0x36, 0x5, &(0x7f0000000080)="36b05a4aee2a01ebfeffffff002a33a3b7ac73f232360d04b017dceccda997cebe8e8d71fbd0f5198100"/54}) (async)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x2) (async)

program crashed: INFO: task hung in usbdev_release
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-syz_usbip_server_init
detailed listing:
executing program 0:
syz_usbip_server_init(0x1) (async)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000040)={0x0, 0x8, 0x7b03, 0xf, 0x36, 0x5, &(0x7f0000000080)="36b05a4aee2a01ebfeffffff002a33a3b7ac73f232360d04b017dceccda997cebe8e8d71fbd0f5198100"/54}) (async)
syz_usbip_server_init(0x1)

program crashed: INFO: task hung in usbdev_release
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL
detailed listing:
executing program 0:
syz_usbip_server_init(0x1) (async)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000040)={0x0, 0x8, 0x7b03, 0xf, 0x36, 0x5, &(0x7f0000000080)="36b05a4aee2a01ebfeffffff002a33a3b7ac73f232360d04b017dceccda997cebe8e8d71fbd0f5198100"/54}) (async)

program crashed: INFO: task hung in usbdev_release
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_open_dev$usbfs
detailed listing:
executing program 0:
syz_usbip_server_init(0x1) (async)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)

program crashed: INFO: task hung in usbdev_open
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init
detailed listing:
executing program 0:
syz_usbip_server_init(0x1) (async)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$usbfs
detailed listing:
executing program 0:
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_open_dev$usbfs
detailed listing:
executing program 0:
syz_usbip_server_init(0x1)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)

program crashed: INFO: task hung in usbdev_release
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_open_dev$usbfs
detailed listing:
executing program 0:
syz_usbip_server_init(0x1)
syz_open_dev$usbfs(0x0, 0x76, 0x101301)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_open_dev$usbfs
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_open_dev$usbfs
detailed listing:
executing program 0:
syz_usbip_server_init(0x1)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)

program crashed: INFO: task hung in get_bMaxPacketSize0
a never seen crash title: INFO: task hung in get_bMaxPacketSize0, ignore
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_open_dev$usbfs
detailed listing:
executing program 0:
syz_usbip_server_init(0x1)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_open_dev$usbfs
detailed listing:
executing program 0:
syz_usbip_server_init(0x1)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)

program crashed: INFO: task hung in usbdev_release
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_open_dev$usbfs
detailed listing:
executing program 0:
syz_usbip_server_init(0x1)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)

program crashed: INFO: task hung in usbdev_release
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-syz_open_dev$usbfs
detailed listing:
executing program 0:
syz_usbip_server_init(0x1)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)

program crashed: INFO: task hung in usbdev_release
validation run: crashed=true
reproducing took 2h57m12.773745782s
repro crashed as (corrupted=false):
INFO: task syz.3.20:5013 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.20        state:D stack:0     pid:5013  tgid:5013  ppid:4854   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_release+0x70/0x380 drivers/usb/core/devio.c:1099
 __fput+0x340/0x744 fs/file_table.c:510
 ____fput+0x20/0x30 fs/file_table.c:538
 task_work_run+0x1c4/0x254 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
 exit_to_user_mode_loop+0x10c/0x17c kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline]
 arm64_syscall_exit_to_user_mode arch/arm64/kernel/entry-common.c:88 [inline]
 el0_svc+0x18c/0x260 arch/arm64/kernel/entry-common.c:737
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.1.18:5018 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.18        state:D stack:0     pid:5018  tgid:5017  ppid:4855   task_flags:0x400040 flags:0x00800011
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.4.21:5022 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.21        state:D stack:0     pid:5022  tgid:5021  ppid:4868   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.0.22:5027 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.22        state:D stack:0     pid:5027  tgid:5026  ppid:4847   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.2.19:5106 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.19        state:D stack:0     pid:5106  tgid:5105  ppid:4852   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.5.23:5268 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.23        state:D stack:0     pid:5268  tgid:5267  ppid:5111   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.7.25:5273 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.7.25        state:D stack:0     pid:5273  tgid:5272  ppid:5119   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.8.26:5278 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.8.26        state:D stack:0     pid:5278  tgid:5276  ppid:5120   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.6.24:5281 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.24        state:D stack:0     pid:5281  tgid:5277  ppid:5114   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.9.27:5326 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.9.27        state:D stack:0     pid:5326  tgid:5325  ppid:5286   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings

Showing all locks held in the system:
5 locks held by kworker/0:1/11:
 #0: ffff0000c2b85140 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #0: ffff0000c2b85140 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x748/0x1098 kernel/workqueue.c:3397
 #1: ffff80008eaa7c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #1: ffff80008eaa7c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x750/0x1098 kernel/workqueue.c:3397
 #2: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #2: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: hub_event+0x12c/0x3b20 drivers/usb/core/hub.c:5899
 #3: ffff0000cc10d578 (&port_dev->status_lock){+.+.}-{4:4}, at: usb_lock_port drivers/usb/core/hub.c:3252 [inline]
 #3: ffff0000cc10d578 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_port_connect drivers/usb/core/hub.c:5464 [inline]
 #3: ffff0000cc10d578 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 #3: ffff0000cc10d578 (&port_dev->status_lock){+.+.}-{4:4}, at: port_event drivers/usb/core/hub.c:5871 [inline]
 #3: ffff0000cc10d578 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x198c/0x3b20 drivers/usb/core/hub.c:5953
 #4: ffff0000cbb3d960 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_port_connect drivers/usb/core/hub.c:5465 [inline]
 #4: ffff0000cbb3d960 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 #4: ffff0000cbb3d960 (hcd->address0_mutex){+.+.}-{4:4}, at: port_event drivers/usb/core/hub.c:5871 [inline]
 #4: ffff0000cbb3d960 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x19c0/0x3b20 drivers/usb/core/hub.c:5953
1 lock held by khungtaskd/31:
 #0: ffff800088b67320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffff800088b67320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffff800088b67320 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x4c/0x188 kernel/locking/lockdep.c:6775
2 locks held by pr/ttyAMA-1/41:
1 lock held by klogd/4326:
2 locks held by getty/4486:
 #0: ffff0000cf5e40a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
 #1: ffff80009232e2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x354/0xf84 drivers/tty/n_tty.c:2211
1 lock held by syz.3.20/5013:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_release+0x70/0x380 drivers/usb/core/devio.c:1099
1 lock held by syz.1.18/5018:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.4.21/5022:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.0.22/5027:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.2.19/5106:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.5.23/5268:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.7.25/5273:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.8.26/5278:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.6.24/5281:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.9.27/5326:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.0.28/5460:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.1.29/5476:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.2.32/5512:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.3.30/5521:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.4.31/5525:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.5.33/5645:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.9.37/5671:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.6.34/5691:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.7.35/5743:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.8.36/5747:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.0.38/5788:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.1.39/5875:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.2.40/5895:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.3.41/5938:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.4.42/5942:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.5.43/5987:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.6.44/6031:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.7.45/6107:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.9.47/6155:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.8.46/6159:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
3 locks held by kworker/1:11/6162:
 #0: ffff0000c2b85140 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #0: ffff0000c2b85140 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x748/0x1098 kernel/workqueue.c:3397
 #1: ffff800092fe7c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #1: ffff800092fe7c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x750/0x1098 kernel/workqueue.c:3397
 #2: ffff0000cc45a1d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #2: ffff0000cc45a1d8 (&dev->mutex){....}-{4:4}, at: hub_event+0x12c/0x3b20 drivers/usb/core/hub.c:5899
1 lock held by syz.0.48/6206:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.1.49/6242:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.2.50/6280:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.3.51/6355:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.4.52/6359:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.5.53/6405:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.6.54/6449:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.7.55/6493:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.8.56/6543:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.9.57/6581:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.0.58/6620:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.1.59/6657:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.2.60/6695:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.3.61/6733:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.4.62/6774:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.5.63/6864:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.6.64/6863:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.7.65/6909:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.8.66/6962:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.9.67/6994:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054

=============================================


final repro crashed as (corrupted=false):
INFO: task syz.3.20:5013 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.20        state:D stack:0     pid:5013  tgid:5013  ppid:4854   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_release+0x70/0x380 drivers/usb/core/devio.c:1099
 __fput+0x340/0x744 fs/file_table.c:510
 ____fput+0x20/0x30 fs/file_table.c:538
 task_work_run+0x1c4/0x254 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
 exit_to_user_mode_loop+0x10c/0x17c kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline]
 arm64_syscall_exit_to_user_mode arch/arm64/kernel/entry-common.c:88 [inline]
 el0_svc+0x18c/0x260 arch/arm64/kernel/entry-common.c:737
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.1.18:5018 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.18        state:D stack:0     pid:5018  tgid:5017  ppid:4855   task_flags:0x400040 flags:0x00800011
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.4.21:5022 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.21        state:D stack:0     pid:5022  tgid:5021  ppid:4868   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.0.22:5027 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.22        state:D stack:0     pid:5027  tgid:5026  ppid:4847   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.2.19:5106 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.19        state:D stack:0     pid:5106  tgid:5105  ppid:4852   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.5.23:5268 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.5.23        state:D stack:0     pid:5268  tgid:5267  ppid:5111   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.7.25:5273 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.7.25        state:D stack:0     pid:5273  tgid:5272  ppid:5119   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.8.26:5278 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.8.26        state:D stack:0     pid:5278  tgid:5276  ppid:5120   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.6.24:5281 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.6.24        state:D stack:0     pid:5281  tgid:5277  ppid:5114   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
INFO: task syz.9.27:5326 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.9.27        state:D stack:0     pid:5326  tgid:5325  ppid:5286   task_flags:0x400040 flags:0x00800001
Call trace:
 __switch_to+0x2b0/0x6e0 arch/arm64/kernel/process.c:810 (T)
 context_switch kernel/sched/core.c:5388 [inline]
 __schedule+0x1bec/0x2dcc kernel/sched/core.c:7189
 __schedule_loop kernel/sched/core.c:7268 [inline]
 schedule+0x140/0x218 kernel/sched/core.c:7283
 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:7340
 __mutex_lock_common kernel/locking/mutex.c:726 [inline]
 __mutex_lock+0x4e4/0xef8 kernel/locking/mutex.c:820
 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:873
 device_lock include/linux/device.h:1040 [inline]
 usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
 chrdev_open+0x398/0x3e8 fs/char_dev.c:411
 do_dentry_open+0x5c4/0xfc8 fs/open.c:947
 vfs_open+0x44/0x2d4 fs/open.c:1079
 do_open fs/namei.c:4699 [inline]
 path_openat+0x2234/0x2a6c fs/namei.c:4858
 do_file_open+0x1c4/0x2e4 fs/namei.c:4887
 do_sys_openat2+0x114/0x1e8 fs/open.c:1364
 do_sys_open+0xac/0xdc fs/open.c:1370
 __do_sys_openat fs/open.c:1386 [inline]
 __se_sys_openat fs/open.c:1381 [inline]
 __arm64_sys_openat+0x9c/0xb8 fs/open.c:1381
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:736
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:755
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings

Showing all locks held in the system:
5 locks held by kworker/0:1/11:
 #0: ffff0000c2b85140 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #0: ffff0000c2b85140 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x748/0x1098 kernel/workqueue.c:3397
 #1: ffff80008eaa7c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #1: ffff80008eaa7c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x750/0x1098 kernel/workqueue.c:3397
 #2: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #2: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: hub_event+0x12c/0x3b20 drivers/usb/core/hub.c:5899
 #3: ffff0000cc10d578 (&port_dev->status_lock){+.+.}-{4:4}, at: usb_lock_port drivers/usb/core/hub.c:3252 [inline]
 #3: ffff0000cc10d578 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_port_connect drivers/usb/core/hub.c:5464 [inline]
 #3: ffff0000cc10d578 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 #3: ffff0000cc10d578 (&port_dev->status_lock){+.+.}-{4:4}, at: port_event drivers/usb/core/hub.c:5871 [inline]
 #3: ffff0000cc10d578 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x198c/0x3b20 drivers/usb/core/hub.c:5953
 #4: ffff0000cbb3d960 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_port_connect drivers/usb/core/hub.c:5465 [inline]
 #4: ffff0000cbb3d960 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 #4: ffff0000cbb3d960 (hcd->address0_mutex){+.+.}-{4:4}, at: port_event drivers/usb/core/hub.c:5871 [inline]
 #4: ffff0000cbb3d960 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x19c0/0x3b20 drivers/usb/core/hub.c:5953
1 lock held by khungtaskd/31:
 #0: ffff800088b67320 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffff800088b67320 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffff800088b67320 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x4c/0x188 kernel/locking/lockdep.c:6775
2 locks held by pr/ttyAMA-1/41:
1 lock held by klogd/4326:
2 locks held by getty/4486:
 #0: ffff0000cf5e40a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
 #1: ffff80009232e2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x354/0xf84 drivers/tty/n_tty.c:2211
1 lock held by syz.3.20/5013:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_release+0x70/0x380 drivers/usb/core/devio.c:1099
1 lock held by syz.1.18/5018:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.4.21/5022:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.0.22/5027:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.2.19/5106:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.5.23/5268:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.7.25/5273:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.8.26/5278:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.6.24/5281:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.9.27/5326:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.0.28/5460:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.1.29/5476:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.2.32/5512:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.3.30/5521:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.4.31/5525:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.5.33/5645:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.9.37/5671:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.6.34/5691:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.7.35/5743:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.8.36/5747:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.0.38/5788:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.1.39/5875:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.2.40/5895:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.3.41/5938:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.4.42/5942:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.5.43/5987:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.6.44/6031:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.7.45/6107:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.9.47/6155:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.8.46/6159:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
3 locks held by kworker/1:11/6162:
 #0: ffff0000c2b85140 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #0: ffff0000c2b85140 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x748/0x1098 kernel/workqueue.c:3397
 #1: ffff800092fe7c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3289 [inline]
 #1: ffff800092fe7c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x750/0x1098 kernel/workqueue.c:3397
 #2: ffff0000cc45a1d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #2: ffff0000cc45a1d8 (&dev->mutex){....}-{4:4}, at: hub_event+0x12c/0x3b20 drivers/usb/core/hub.c:5899
1 lock held by syz.0.48/6206:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.1.49/6242:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.2.50/6280:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.3.51/6355:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.4.52/6359:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.5.53/6405:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.6.54/6449:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.7.55/6493:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.8.56/6543:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.9.57/6581:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.0.58/6620:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.1.59/6657:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.2.60/6695:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.3.61/6733:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.4.62/6774:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.5.63/6864:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.6.64/6863:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.7.65/6909:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.8.66/6962:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054
1 lock held by syz.9.67/6994:
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #0: ffff0000cc1081d8 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x138/0x664 drivers/usb/core/devio.c:1054

=============================================