Extracting prog: 2m1.589825473s Minimizing prog: 38m24.841079924s Simplifying prog options: 3m34.038581449s Extracting C: 1m43.676643697s Simplifying C: 0s extracting reproducer from 1 programs testing a last program of every proc single: executing 1 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program crashed: possible deadlock in input_inject_event single: successfully extracted reproducer found reproducer with 16 syscalls minimizing guilty program testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(0xffffffffffffffff, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r3, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) fcntl$setown(r0, 0x8, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r3, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) getpid() ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r2) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r3, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r2) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r3, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = getpid() fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000100)={0x2, r1}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r2) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r3, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = getpid() fcntl$setownex(r0, 0xf, &(0x7f0000000100)={0x2, r1}) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(0xffffffffffffffff, 0x8, r2) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r3, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(0x0, 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r1 = getpid() fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000100)={0x2, r1}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r2) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r3, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) getpid() fcntl$setownex(r1, 0xf, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r2) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r3, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, 0x0) fcntl$setown(r0, 0x8, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r3, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r4 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r4, 0x5452, &(0x7f0000000240)=""/77) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(0x0, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, 0x0, 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(0x0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, 0x0, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200), 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, 0x0) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(0x0, 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, 0x0, 0x0) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040), 0x0) program did not crash extracting C reproducer testing compiled C program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program did not crash simplifying guilty program options testing program (duration=1m2.021761483s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program did not crash testing program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb detailed listing: executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) truncate(&(0x7f0000000040)='./file0\x00', 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x5606, 0x4) syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902a2000301ab00000904000000010100000a24010000000201020c240703000000ed129e84300724080000000009"], 0x0) r5 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x0, 0x0, 0x1, "04"}, 0x0, 0x0}) ioctl$EVIOCGLED(r5, 0x5452, &(0x7f0000000240)=""/77) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) write$char_usb(r6, &(0x7f0000000040)="e2", 0x1068) program crashed: possible deadlock in input_inject_event extracting C reproducer testing compiled C program (duration=1m2.021761483s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-fcntl$setlease-socketpair$nbd-getpid-fcntl$setownex-ioctl$sock_FIOGETOWN-fcntl$setown-truncate-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_usb_connect$uac1-syz_open_dev$evdev-syz_usb_control_io$cdc_ecm-ioctl$EVIOCGLED-syz_open_dev$evdev-write$char_usb program did not crash reproducing took 45m13.394005515s repro crashed as (corrupted=false): ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 Not tainted ----------------------------------------------------- syz.0.16/5484 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffff88803efdb0c0 (&new->fa_lock){....}-{3:3}, at: kill_fasync_rcu fs/fcntl.c:1124 [inline] ffff88803efdb0c0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 and this task is already holding: ffff8880119eb028 (&client->buffer_lock){....}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] ffff8880119eb028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 which would create a new lock dependency: (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} but this new dependency connects a SOFTIRQ-irq-safe lock: (&dev->event_lock#2){..-.}-{3:3} ... which became SOFTIRQ-irq-safe at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] input_inject_event+0xab/0x320 drivers/input/input.c:418 led_trigger_event+0x138/0x210 drivers/leds/led-triggers.c:407 kbd_propagate_led_state drivers/tty/vt/keyboard.c:1080 [inline] kbd_bh+0x1c6/0x2e0 drivers/tty/vt/keyboard.c:1269 tasklet_action_common+0x369/0x580 kernel/softirq.c:829 handle_softirqs+0x283/0x870 kernel/softirq.c:579 run_ksoftirqd+0x9b/0x100 kernel/softirq.c:968 smpboot_thread_fn+0x53f/0xa60 kernel/smpboot.c:164 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 to a SOFTIRQ-irq-unsafe lock: (tasklist_lock){.+.+}-{3:3} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 other info that might help us debug this: Chain exists of: &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(tasklist_lock); local_irq_disable(); lock(&dev->event_lock#2); lock(&client->buffer_lock); lock(&dev->event_lock#2); *** DEADLOCK *** 7 locks held by syz.0.16/5484: #0: ffff8880350ca118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 drivers/input/evdev.c:511 #1: ffff888033b03230 (&dev->event_lock#2){..-.}-{3:3}, at: class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] #1: ffff888033b03230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xab/0x320 drivers/input/input.c:418 #2: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #2: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #2: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1155 [inline] #2: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbc/0x320 drivers/input/input.c:419 #3: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #3: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #3: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1155 [inline] #3: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 drivers/input/input.c:118 #4: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #4: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #4: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 drivers/input/evdev.c:298 #5: ffff8880119eb028 (&client->buffer_lock){....}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] #5: ffff8880119eb028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 #6: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #6: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #6: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 fs/fcntl.c:1147 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&dev->event_lock#2){..-.}-{3:3} { IN-SOFTIRQ-W at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] input_inject_event+0xab/0x320 drivers/input/input.c:418 led_trigger_event+0x138/0x210 drivers/leds/led-triggers.c:407 kbd_propagate_led_state drivers/tty/vt/keyboard.c:1080 [inline] kbd_bh+0x1c6/0x2e0 drivers/tty/vt/keyboard.c:1269 tasklet_action_common+0x369/0x580 kernel/softirq.c:829 handle_softirqs+0x283/0x870 kernel/softirq.c:579 run_ksoftirqd+0x9b/0x100 kernel/softirq.c:968 smpboot_thread_fn+0x53f/0xa60 kernel/smpboot.c:164 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] input_inject_event+0xab/0x320 drivers/input/input.c:418 kbd_led_trigger_activate+0xbc/0x100 drivers/tty/vt/keyboard.c:1036 led_trigger_set+0x52a/0x950 drivers/leds/led-triggers.c:212 led_match_default_trigger drivers/leds/led-triggers.c:269 [inline] led_trigger_set_default+0x215/0x250 drivers/leds/led-triggers.c:287 led_classdev_register_ext+0x73d/0x930 drivers/leds/led-class.c:566 led_classdev_register include/linux/leds.h:274 [inline] input_leds_connect+0x517/0x790 drivers/input/input-leds.c:145 input_attach_handler drivers/input/input.c:993 [inline] input_register_device+0xceb/0x10b0 drivers/input/input.c:2412 atkbd_connect+0x70e/0x9c0 drivers/input/keyboard/atkbd.c:1340 serio_connect_driver drivers/input/serio/serio.c:43 [inline] serio_driver_probe+0x7f/0xa0 drivers/input/serio/serio.c:747 call_driver_probe drivers/base/dd.c:-1 [inline] really_probe+0x26a/0x9a0 drivers/base/dd.c:657 __driver_probe_device+0x18c/0x2f0 drivers/base/dd.c:799 driver_probe_device+0x4f/0x430 drivers/base/dd.c:829 __driver_attach+0x452/0x700 drivers/base/dd.c:1215 bus_for_each_dev+0x230/0x2b0 drivers/base/bus.c:370 serio_attach_driver drivers/input/serio/serio.c:776 [inline] serio_handle_event+0x1a2/0x860 drivers/input/serio/serio.c:213 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 } ... key at: [] input_allocate_device.__key.5+0x0/0x20 -> (&client->buffer_lock){....}-{3:3} { INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x285/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] evdev_open.__key.25+0x0/0x20 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x285/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (tasklist_lock){.+.+}-{3:3} { HARDIRQ-ON-R at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 SOFTIRQ-ON-R at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0xa2/0xf0 kernel/locking/spinlock.c:326 copy_process+0x21d5/0x3b80 kernel/fork.c:2560 kernel_clone+0x21e/0x870 kernel/fork.c:2844 user_mode_thread+0xdd/0x140 kernel/fork.c:2922 rest_init+0x23/0x300 init/main.c:708 start_kernel+0x470/0x4f0 init/main.c:1099 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:513 x86_64_start_kernel+0x66/0x70 arch/x86/kernel/head64.c:494 common_startup_64+0x13e/0x147 INITIAL READ USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 } ... key at: [] tasklist_lock+0x18/0x40 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 send_sigio+0x101/0x370 fs/fcntl.c:921 kill_fasync_rcu fs/fcntl.c:1133 [inline] kill_fasync+0x24d/0x4d0 fs/fcntl.c:1148 lease_break_callback+0x26/0x30 fs/locks.c:558 __break_lease+0x6a2/0x1620 fs/locks.c:1592 vfs_truncate+0x428/0x520 fs/open.c:109 do_sys_truncate+0xdb/0x190 fs/open.c:138 __do_sys_truncate fs/open.c:150 [inline] __se_sys_truncate fs/open.c:148 [inline] __x64_sys_truncate+0x5b/0x70 fs/open.c:148 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> (&f_owner->lock){....}-{3:3} { INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0xa2/0xf0 kernel/locking/spinlock.c:326 __f_setown+0x67/0x370 fs/fcntl.c:136 generic_add_lease fs/locks.c:1874 [inline] generic_setlease+0xd5d/0x1240 fs/locks.c:1942 do_fcntl_add_lease fs/locks.c:2047 [inline] fcntl_setlease+0x3a2/0x4c0 fs/locks.c:2069 do_fcntl+0x6a0/0x1910 fs/fcntl.c:536 __do_sys_fcntl fs/fcntl.c:591 [inline] __se_sys_fcntl+0xc8/0x150 fs/fcntl.c:576 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL READ USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irq include/linux/rwlock_api_smp.h:169 [inline] _raw_read_lock_irq+0xaa/0xf0 kernel/locking/spinlock.c:244 f_getown+0x54/0x2a0 fs/fcntl.c:204 sock_ioctl+0x536/0x790 net/socket.c:1256 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] file_f_owner_allocate.__key+0x0/0x20 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 send_sigio+0x38/0x370 fs/fcntl.c:907 kill_fasync_rcu fs/fcntl.c:1133 [inline] kill_fasync+0x24d/0x4d0 fs/fcntl.c:1148 lease_break_callback+0x26/0x30 fs/locks.c:558 __break_lease+0x6a2/0x1620 fs/locks.c:1592 vfs_truncate+0x428/0x520 fs/open.c:109 do_sys_truncate+0xdb/0x190 fs/open.c:138 __do_sys_truncate fs/open.c:150 [inline] __se_sys_truncate fs/open.c:148 [inline] __x64_sys_truncate+0x5b/0x70 fs/open.c:148 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> (&new->fa_lock){....}-{3:3} { INITIAL READ USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1124 [inline] kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 lease_break_callback+0x26/0x30 fs/locks.c:558 __break_lease+0x6a2/0x1620 fs/locks.c:1592 vfs_truncate+0x428/0x520 fs/open.c:109 do_sys_truncate+0xdb/0x190 fs/open.c:138 __do_sys_truncate fs/open.c:150 [inline] __se_sys_truncate fs/open.c:148 [inline] __x64_sys_truncate+0x5b/0x70 fs/open.c:148 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] fasync_insert_entry.__key+0x0/0x20 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1124 [inline] kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 __pass_event drivers/input/evdev.c:240 [inline] evdev_pass_values+0x627/0xbd0 drivers/input/evdev.c:278 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x285/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f stack backtrace: CPU: 0 UID: 0 PID: 5484 Comm: syz.0.16 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_bad_irq_dependency kernel/locking/lockdep.c:2652 [inline] check_irq_usage kernel/locking/lockdep.c:2893 [inline] check_prev_add kernel/locking/lockdep.c:3170 [inline] check_prevs_add kernel/locking/lockdep.c:3285 [inline] validate_chain+0x1f05/0x2140 kernel/locking/lockdep.c:3909 __lock_acquire+0xaac/0xd20 kernel/locking/lockdep.c:5235 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1124 [inline] kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 __pass_event drivers/input/evdev.c:240 [inline] evdev_pass_values+0x627/0xbd0 drivers/input/evdev.c:278 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x285/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f70a058e969 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f70a131c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f70a07b6080 RCX: 00007f70a058e969 RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000009 RBP: 00007f70a0610ab1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f70a07b6080 R15: 00007ffcf79148d8 final repro crashed as (corrupted=false): ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 Not tainted ----------------------------------------------------- syz.0.16/5484 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffff88803efdb0c0 (&new->fa_lock){....}-{3:3}, at: kill_fasync_rcu fs/fcntl.c:1124 [inline] ffff88803efdb0c0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 and this task is already holding: ffff8880119eb028 (&client->buffer_lock){....}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] ffff8880119eb028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 which would create a new lock dependency: (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} but this new dependency connects a SOFTIRQ-irq-safe lock: (&dev->event_lock#2){..-.}-{3:3} ... which became SOFTIRQ-irq-safe at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] input_inject_event+0xab/0x320 drivers/input/input.c:418 led_trigger_event+0x138/0x210 drivers/leds/led-triggers.c:407 kbd_propagate_led_state drivers/tty/vt/keyboard.c:1080 [inline] kbd_bh+0x1c6/0x2e0 drivers/tty/vt/keyboard.c:1269 tasklet_action_common+0x369/0x580 kernel/softirq.c:829 handle_softirqs+0x283/0x870 kernel/softirq.c:579 run_ksoftirqd+0x9b/0x100 kernel/softirq.c:968 smpboot_thread_fn+0x53f/0xa60 kernel/smpboot.c:164 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 to a SOFTIRQ-irq-unsafe lock: (tasklist_lock){.+.+}-{3:3} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 other info that might help us debug this: Chain exists of: &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(tasklist_lock); local_irq_disable(); lock(&dev->event_lock#2); lock(&client->buffer_lock); lock(&dev->event_lock#2); *** DEADLOCK *** 7 locks held by syz.0.16/5484: #0: ffff8880350ca118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 drivers/input/evdev.c:511 #1: ffff888033b03230 (&dev->event_lock#2){..-.}-{3:3}, at: class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] #1: ffff888033b03230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xab/0x320 drivers/input/input.c:418 #2: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #2: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #2: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1155 [inline] #2: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbc/0x320 drivers/input/input.c:419 #3: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #3: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #3: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1155 [inline] #3: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 drivers/input/input.c:118 #4: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #4: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #4: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 drivers/input/evdev.c:298 #5: ffff8880119eb028 (&client->buffer_lock){....}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] #5: ffff8880119eb028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 #6: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline] #6: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline] #6: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 fs/fcntl.c:1147 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&dev->event_lock#2){..-.}-{3:3} { IN-SOFTIRQ-W at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] input_inject_event+0xab/0x320 drivers/input/input.c:418 led_trigger_event+0x138/0x210 drivers/leds/led-triggers.c:407 kbd_propagate_led_state drivers/tty/vt/keyboard.c:1080 [inline] kbd_bh+0x1c6/0x2e0 drivers/tty/vt/keyboard.c:1269 tasklet_action_common+0x369/0x580 kernel/softirq.c:829 handle_softirqs+0x283/0x870 kernel/softirq.c:579 run_ksoftirqd+0x9b/0x100 kernel/softirq.c:968 smpboot_thread_fn+0x53f/0xa60 kernel/smpboot.c:164 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 class_spinlock_irqsave_constructor include/linux/spinlock.h:585 [inline] input_inject_event+0xab/0x320 drivers/input/input.c:418 kbd_led_trigger_activate+0xbc/0x100 drivers/tty/vt/keyboard.c:1036 led_trigger_set+0x52a/0x950 drivers/leds/led-triggers.c:212 led_match_default_trigger drivers/leds/led-triggers.c:269 [inline] led_trigger_set_default+0x215/0x250 drivers/leds/led-triggers.c:287 led_classdev_register_ext+0x73d/0x930 drivers/leds/led-class.c:566 led_classdev_register include/linux/leds.h:274 [inline] input_leds_connect+0x517/0x790 drivers/input/input-leds.c:145 input_attach_handler drivers/input/input.c:993 [inline] input_register_device+0xceb/0x10b0 drivers/input/input.c:2412 atkbd_connect+0x70e/0x9c0 drivers/input/keyboard/atkbd.c:1340 serio_connect_driver drivers/input/serio/serio.c:43 [inline] serio_driver_probe+0x7f/0xa0 drivers/input/serio/serio.c:747 call_driver_probe drivers/base/dd.c:-1 [inline] really_probe+0x26a/0x9a0 drivers/base/dd.c:657 __driver_probe_device+0x18c/0x2f0 drivers/base/dd.c:799 driver_probe_device+0x4f/0x430 drivers/base/dd.c:829 __driver_attach+0x452/0x700 drivers/base/dd.c:1215 bus_for_each_dev+0x230/0x2b0 drivers/base/bus.c:370 serio_attach_driver drivers/input/serio/serio.c:776 [inline] serio_handle_event+0x1a2/0x860 drivers/input/serio/serio.c:213 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 } ... key at: [] input_allocate_device.__key.5+0x0/0x20 -> (&client->buffer_lock){....}-{3:3} { INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x285/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] evdev_open.__key.25+0x0/0x20 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] evdev_pass_values+0xb9/0xbd0 drivers/input/evdev.c:261 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x285/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (tasklist_lock){.+.+}-{3:3} { HARDIRQ-ON-R at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 SOFTIRQ-ON-R at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0xa2/0xf0 kernel/locking/spinlock.c:326 copy_process+0x21d5/0x3b80 kernel/fork.c:2560 kernel_clone+0x21e/0x870 kernel/fork.c:2844 user_mode_thread+0xdd/0x140 kernel/fork.c:2922 rest_init+0x23/0x300 init/main.c:708 start_kernel+0x470/0x4f0 init/main.c:1099 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:513 x86_64_start_kernel+0x66/0x70 arch/x86/kernel/head64.c:494 common_startup_64+0x13e/0x147 INITIAL READ USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0xde/0x740 kernel/exit.c:1662 do_wait+0x1f8/0x520 kernel/exit.c:1706 kernel_wait+0xab/0x170 kernel/exit.c:1882 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xbe/0x230 kernel/umh.c:163 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 } ... key at: [] tasklist_lock+0x18/0x40 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 send_sigio+0x101/0x370 fs/fcntl.c:921 kill_fasync_rcu fs/fcntl.c:1133 [inline] kill_fasync+0x24d/0x4d0 fs/fcntl.c:1148 lease_break_callback+0x26/0x30 fs/locks.c:558 __break_lease+0x6a2/0x1620 fs/locks.c:1592 vfs_truncate+0x428/0x520 fs/open.c:109 do_sys_truncate+0xdb/0x190 fs/open.c:138 __do_sys_truncate fs/open.c:150 [inline] __se_sys_truncate fs/open.c:148 [inline] __x64_sys_truncate+0x5b/0x70 fs/open.c:148 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> (&f_owner->lock){....}-{3:3} { INITIAL USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0xa2/0xf0 kernel/locking/spinlock.c:326 __f_setown+0x67/0x370 fs/fcntl.c:136 generic_add_lease fs/locks.c:1874 [inline] generic_setlease+0xd5d/0x1240 fs/locks.c:1942 do_fcntl_add_lease fs/locks.c:2047 [inline] fcntl_setlease+0x3a2/0x4c0 fs/locks.c:2069 do_fcntl+0x6a0/0x1910 fs/fcntl.c:536 __do_sys_fcntl fs/fcntl.c:591 [inline] __se_sys_fcntl+0xc8/0x150 fs/fcntl.c:576 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL READ USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irq include/linux/rwlock_api_smp.h:169 [inline] _raw_read_lock_irq+0xaa/0xf0 kernel/locking/spinlock.c:244 f_getown+0x54/0x2a0 fs/fcntl.c:204 sock_ioctl+0x536/0x790 net/socket.c:1256 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] file_f_owner_allocate.__key+0x0/0x20 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 send_sigio+0x38/0x370 fs/fcntl.c:907 kill_fasync_rcu fs/fcntl.c:1133 [inline] kill_fasync+0x24d/0x4d0 fs/fcntl.c:1148 lease_break_callback+0x26/0x30 fs/locks.c:558 __break_lease+0x6a2/0x1620 fs/locks.c:1592 vfs_truncate+0x428/0x520 fs/open.c:109 do_sys_truncate+0xdb/0x190 fs/open.c:138 __do_sys_truncate fs/open.c:150 [inline] __se_sys_truncate fs/open.c:148 [inline] __x64_sys_truncate+0x5b/0x70 fs/open.c:148 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> (&new->fa_lock){....}-{3:3} { INITIAL READ USE at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1124 [inline] kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 lease_break_callback+0x26/0x30 fs/locks.c:558 __break_lease+0x6a2/0x1620 fs/locks.c:1592 vfs_truncate+0x428/0x520 fs/open.c:109 do_sys_truncate+0xdb/0x190 fs/open.c:138 __do_sys_truncate fs/open.c:150 [inline] __se_sys_truncate fs/open.c:148 [inline] __x64_sys_truncate+0x5b/0x70 fs/open.c:148 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] fasync_insert_entry.__key+0x0/0x20 ... acquired at: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1124 [inline] kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 __pass_event drivers/input/evdev.c:240 [inline] evdev_pass_values+0x627/0xbd0 drivers/input/evdev.c:278 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x285/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f stack backtrace: CPU: 0 UID: 0 PID: 5484 Comm: syz.0.16 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_bad_irq_dependency kernel/locking/lockdep.c:2652 [inline] check_irq_usage kernel/locking/lockdep.c:2893 [inline] check_prev_add kernel/locking/lockdep.c:3170 [inline] check_prevs_add kernel/locking/lockdep.c:3285 [inline] validate_chain+0x1f05/0x2140 kernel/locking/lockdep.c:3909 __lock_acquire+0xaac/0xd20 kernel/locking/lockdep.c:5235 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1124 [inline] kill_fasync+0x199/0x4d0 fs/fcntl.c:1148 __pass_event drivers/input/evdev.c:240 [inline] evdev_pass_values+0x627/0xbd0 drivers/input/evdev.c:278 evdev_events+0x1e6/0x340 drivers/input/evdev.c:306 input_pass_values+0x285/0x890 drivers/input/input.c:127 input_event_dispose+0x330/0x6b0 drivers/input/input.c:341 input_inject_event+0x1fe/0x320 drivers/input/input.c:423 evdev_write+0x2fc/0x480 drivers/input/evdev.c:528 vfs_write+0x27b/0xa90 fs/read_write.c:682 ksys_write+0x145/0x250 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f70a058e969 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f70a131c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f70a07b6080 RCX: 00007f70a058e969 RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000009 RBP: 00007f70a0610ab1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f70a07b6080 R15: 00007ffcf79148d8