Extracting prog: 7m19.955728169s
Minimizing prog: 37m44.242847075s
Simplifying prog options: 16m5.962907338s
Extracting C: 3m12.123925865s
Simplifying C: 0s
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$inet-syz_usb_connect
detailed listing:
executing program 0:
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000eafa7240936901b0293df400100109021b000124a800800904000001030000000905", @ANYRES16, @ANYRESHEX=0x0], 0x0)
program crashed: INFO: task hung in kernfs_dop_revalidate
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=8m19.537828462s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$inet
detailed listing:
executing program 0:
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
program did not crash
testing program (duration=8m19.537828462s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000eafa7240936901b0293df400100109021b000124a800800904000001030000000905", @ANYRES16, @ANYRESHEX=0x0], 0x0)
program crashed: INFO: task hung in corrupted
testing program (duration=8m19.537828462s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
program did not crash
testing program (duration=8m19.537828462s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[], 0x0)
program did not crash
testing program (duration=8m19.537828462s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES16, @ANYRESHEX=0x0], 0x0)
program did not crash
extracting C reproducer
testing compiled C program (duration=8m19.537828462s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=8m19.537828462s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000eafa7240936901b0293df400100109021b000124a800800904000001030000000905", @ANYRES16, @ANYRESHEX=0x0], 0x0)
program crashed: INFO: task hung in corrupted
extracting C reproducer
testing compiled C program (duration=8m19.537828462s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: INFO: task hung in __input_unregister_device
a never seen crash title: INFO: task hung in __input_unregister_device, ignore
testing program (duration=8m19.537828462s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000eafa7240936901b0293df400100109021b000124a800800904000001030000000905", @ANYRES16, @ANYRESHEX=0x0], 0x0)
program did not crash
testing program (duration=8m19.537828462s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000eafa7240936901b0293df400100109021b000124a800800904000001030000000905", @ANYRES16, @ANYRESHEX=0x0], 0x0)
program did not crash
validation run: crashed=false
testing program (duration=8m19.537828462s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000eafa7240936901b0293df400100109021b000124a800800904000001030000000905", @ANYRES16, @ANYRESHEX=0x0], 0x0)
program did not crash
validation run: crashed=false
testing program (duration=8m19.537828462s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000eafa7240936901b0293df400100109021b000124a800800904000001030000000905", @ANYRES16, @ANYRESHEX=0x0], 0x0)
program crashed: INFO: rcu detected stall in x64_sys_call
validation run: crashed=true
testing program (duration=8m19.537828462s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000eafa7240936901b0293df400100109021b000124a800800904000001030000000905", @ANYRES16, @ANYRESHEX=0x0], 0x0)
program crashed: INFO: rcu detected stall in corrupted
validation run: crashed=true
testing program (duration=8m19.537828462s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000eafa7240936901b0293df400100109021b000124a800800904000001030000000905", @ANYRES16, @ANYRESHEX=0x0], 0x0)
program crashed: INFO: rcu detected stall in worker_thread
validation run: crashed=true
reproducing took 1h34m48.700943798s
repro crashed as (corrupted=false):
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6119/3:b..l
rcu: (detected by 1, t=10502 jiffies, g=15277, q=11853 ncpus=2)
task:kworker/0:8 state:R running task stack:25952 pid:6119 tgid:6119 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: mld mld_dad_work
Call Trace:
context_switch kernel/sched/core.c:5298 [inline]
__schedule+0x15dd/0x52d0 kernel/sched/core.c:6911
preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7238
irqentry_exit+0x599/0x620 kernel/entry/common.c:239
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_release+0x2d7/0x3d0 kernel/locking/lockdep.c:5893
Code: 46 7b 11 00 00 00 00 eb b5 e8 45 d3 0d 0a f7 c3 00 02 00 00 74 b9 65 48 8b 05 c5 00 7b 11 48 3b 44 24 28 75 44 fb 48 83 c4 30 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 95 81 6e ff cc 48 8d 3d 72 6d 73
RSP: 0018:ffffc90003c17408 EFLAGS: 00000282
RAX: 4e2e122091c1bb00 RBX: 0000000000000202 RCX: 0000000000000046
RDX: 0000000000000005 RSI: ffffffff8e16c1b5 RDI: ffffffff8c27d500
RBP: ffff88803151e7a0 R08: ffff88803151db80 R09: 0000000000000002
R10: 00000000fffffff5 R11: 0000000000000000 R12: 0000000000000005
R13: 0000000000000005 R14: ffffffff8e75e5e0 R15: ffff88803151db80
rcu_lock_release include/linux/rcupdate.h:322 [inline]
rcu_read_unlock include/linux/rcupdate.h:881 [inline]
fib_rules_lookup+0xc40/0xea0 net/core/fib_rules.c:362
ip6mr_fib_lookup net/ipv6/ip6mr.c:162 [inline]
mroute6_is_socket+0x229/0x380 net/ipv6/ip6mr.c:1660
ip6_finish_output2+0x695/0x13e0 net/ipv6/ip6_output.c:85
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:246
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x177/0x4f0 include/linux/netfilter.h:318
mld_sendpack+0x8b4/0xe40 net/ipv6/mcast.c:1855
mld_dad_work+0x45/0x5b0 net/ipv6/mcast.c:2294
process_one_work kernel/workqueue.c:3276 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
final repro crashed as (corrupted=false):
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6119/3:b..l
rcu: (detected by 1, t=10502 jiffies, g=15277, q=11853 ncpus=2)
task:kworker/0:8 state:R running task stack:25952 pid:6119 tgid:6119 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: mld mld_dad_work
Call Trace:
context_switch kernel/sched/core.c:5298 [inline]
__schedule+0x15dd/0x52d0 kernel/sched/core.c:6911
preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7238
irqentry_exit+0x599/0x620 kernel/entry/common.c:239
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_release+0x2d7/0x3d0 kernel/locking/lockdep.c:5893
Code: 46 7b 11 00 00 00 00 eb b5 e8 45 d3 0d 0a f7 c3 00 02 00 00 74 b9 65 48 8b 05 c5 00 7b 11 48 3b 44 24 28 75 44 fb 48 83 c4 30 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 95 81 6e ff cc 48 8d 3d 72 6d 73
RSP: 0018:ffffc90003c17408 EFLAGS: 00000282
RAX: 4e2e122091c1bb00 RBX: 0000000000000202 RCX: 0000000000000046
RDX: 0000000000000005 RSI: ffffffff8e16c1b5 RDI: ffffffff8c27d500
RBP: ffff88803151e7a0 R08: ffff88803151db80 R09: 0000000000000002
R10: 00000000fffffff5 R11: 0000000000000000 R12: 0000000000000005
R13: 0000000000000005 R14: ffffffff8e75e5e0 R15: ffff88803151db80
rcu_lock_release include/linux/rcupdate.h:322 [inline]
rcu_read_unlock include/linux/rcupdate.h:881 [inline]
fib_rules_lookup+0xc40/0xea0 net/core/fib_rules.c:362
ip6mr_fib_lookup net/ipv6/ip6mr.c:162 [inline]
mroute6_is_socket+0x229/0x380 net/ipv6/ip6mr.c:1660
ip6_finish_output2+0x695/0x13e0 net/ipv6/ip6_output.c:85
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:246
dst_output include/net/dst.h:470 [inline]
NF_HOOK+0x177/0x4f0 include/linux/netfilter.h:318
mld_sendpack+0x8b4/0xe40 net/ipv6/mcast.c:1855
mld_dad_work+0x45/0x5b0 net/ipv6/mcast.c:2294
process_one_work kernel/workqueue.c:3276 [inline]
process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359
worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245