Extracting prog: 7m56.333925003s
Minimizing prog: 1h54m12.403703639s
Simplifying prog options: 13m40.30350512s
Extracting C: 3m13.636707397s
Simplifying C: 17m47.976942116s
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-writev-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
writev(r2, 0x0, 0x0)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program crashed: INFO: task hung in dvb_usbv2_probe
program crashed: INFO: task hung in dvb_usbv2_probe
single: successfully extracted reproducer
found reproducer with 8 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-writev-listen
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
writev(r2, 0x0, 0x0)
listen(r0, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-writev-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
writev(r2, 0x0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program crashed: INFO: task hung in dvb_usbv2_probe
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
bind$unix(0xffffffffffffffff, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(0xffffffffffffffff, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, 0x0, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, 0x0, 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(0x0, 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(0x0, &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x800000, &(0x7f0000000140))
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, 0x0)
program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program crashed: INFO: task hung in dvb_usbv2_probe
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
program crashed: INFO: task hung in corrupted
a never seen crash title: INFO: task hung in corrupted, ignore
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program crashed: INFO: task hung in dvb_usbv2_probe
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
program crashed: INFO: task hung in dvb_usbv2_probe
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
program crashed: INFO: task hung in dvb_usbv2_probe
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
program crashed: INFO: task hung in dvb_usbv2_probe
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
program crashed: INFO: task hung in dvb_usbv2_probe
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
program crashed: INFO: task hung in dvb_usbv2_probe
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
program crashed: INFO: task hung in dvb_usbv2_probe
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program crashed: INFO: task hung in dvb_usbv2_probe
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program crashed: INFO: task hung in dvb_usbv2_probe
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-bind$unix-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_open_dev$I2C-listen-mount$9p_unix
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
listen(r0, 0x0)
mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), 0x800000, &(0x7f0000000140))
program crashed: INFO: task hung in dvb_usbv2_probe
validation run: crashed=true
reproducing took 2h49m40.018682127s
repro crashed as (corrupted=false):
INFO: task kworker/1:5:5959 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:5 state:D stack:21568 pid:5959 tgid:5959 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:5396 [inline]
__schedule+0x16f9/0x5500 kernel/sched/core.c:7197
__schedule_loop kernel/sched/core.c:7276 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7291
schedule_timeout+0xc3/0x2c0 kernel/time/sleep_timeout.c:75
do_wait_for_common kernel/sched/completion.c:100 [inline]
__wait_for_common kernel/sched/completion.c:121 [inline]
wait_for_common kernel/sched/completion.c:132 [inline]
wait_for_completion+0x2cc/0x5e0 kernel/sched/completion.c:153
i2c_del_adapter+0x5c0/0x790 drivers/i2c/i2c-core-base.c:1813
dvb_usbv2_probe+0x4c0/0x3c20 drivers/media/usb/dvb-usb-v2/dvb_usb_core.c:994
usb_probe_interface+0x659/0xc70 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:707
__driver_probe_device+0x1e2/0x350 drivers/base/dd.c:869
driver_probe_device+0x4f/0x240 drivers/base/dd.c:899
__device_attach_driver+0x270/0x410 drivers/base/dd.c:1027
bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c8/0x450 drivers/base/dd.c:1099
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1154
bus_probe_device+0x12d/0x220 drivers/base/bus.c:620
device_add+0x7ec/0xb90 drivers/base/core.c:3702
usb_set_configuration+0x1a87/0x2110 drivers/usb/core/message.c:2268
usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:250
usb_probe_device+0x1c4/0x3b0 drivers/usb/core/driver.c:291
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:707
__driver_probe_device+0x1e2/0x350 drivers/base/dd.c:869
driver_probe_device+0x4f/0x240 drivers/base/dd.c:899
__device_attach_driver+0x270/0x410 drivers/base/dd.c:1027
bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c8/0x450 drivers/base/dd.c:1099
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1154
bus_probe_device+0x12d/0x220 drivers/base/bus.c:620
device_add+0x7ec/0xb90 drivers/base/core.c:3702
usb_new_device+0x9f8/0x16e0 drivers/usb/core/hub.c:2695
hub_port_connect drivers/usb/core/hub.c:5567 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x2a49/0x4f60 drivers/usb/core/hub.c:5953
process_one_work+0x98b/0x1630 kernel/workqueue.c:3306
process_scheduled_works kernel/workqueue.c:3389 [inline]
worker_thread+0xb49/0x1140 kernel/workqueue.c:3470
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Showing all locks held in the system:
1 lock held by khungtaskd/39:
#0: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#0: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
#0: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6777
5 locks held by kworker/u8:3/56:
#0: ffff888032dcc138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
#1: ffffc9000122fc40 ((work_completion)(&(&forw_packet_aggr->delayed_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
#2: ffff88803e857110 (&hard_iface->bat_iv.ogm_buff_mutex){+.+.}-{4:4}, at: batadv_iv_ogm_schedule+0xef/0xf60 net/batman-adv/bat_iv_ogm.c:875
#3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
#3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: batadv_iv_ogm_slide_own_bcast_window net/batman-adv/bat_iv_ogm.c:764 [inline]
#3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:836 [inline]
#3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: batadv_iv_ogm_schedule+0x45c/0xf60 net/batman-adv/bat_iv_ogm.c:876
#4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
3 locks held by kworker/u9:0/60:
#0: ffff88803706d138 ((wq_completion)hci2){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
#1: ffffc9000126fc40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
#2: ffff888040a44f80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
2 locks held by getty/5363:
#0: ffff8880360710a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90003cc62e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0 drivers/tty/n_tty.c:2211
4 locks held by udevd/5653:
#0: ffff88803892bb80 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb8/0xe20 fs/seq_file.c:183
#1: ffff888033725078 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x5c/0x420 fs/kernfs/file.c:172
#2: ffff888034d3d1e8 (kn->active#29){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888034d3d1e8 (kn->active#29){.+.+}-{0:0}, at: kernfs_seq_start+0xb2/0x420 fs/kernfs/file.c:173
#3: ffff88803a948210 (&dev->mutex){....}-{4:4}, at: device_lock_interruptible include/linux/device.h:1043 [inline]
#3: ffff88803a948210 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0 drivers/usb/core/sysfs.c:142
5 locks held by kworker/1:5/5959:
#0: ffff888022adad38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
#1: ffffc90002f97c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
#2: ffff88802a472210 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1038 [inline]
#2: ffff88802a472210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60 drivers/usb/core/hub.c:5899
#3: ffff88803a948210 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1038 [inline]
#3: ffff88803a948210 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 drivers/base/dd.c:1074
#4: ffff88801ab7c1d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1038 [inline]
#4: ffff88801ab7c1d8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 drivers/base/dd.c:1074
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
watchdog+0xfd3/0x1030 kernel/hung_task.c:561
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:64
Code: 6b 64 02 e9 83 cc 03 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 eb 20 00 fb f4 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90
RSP: 0018:ffffc900001e7e20 EFLAGS: 00000242
RAX: 00000000000e5a2f RBX: ffffffff81997aaa RCX: 0000000080000001
RDX: 0000000000000001 RSI: ffffffff8d626ff0 RDI: ffffffff8ba85b60
RBP: ffffc900001e7f10 R08: ffff8880b8733d1b R09: 1ffff110170e67a3
R10: dffffc0000000000 R11: ffffed10170e67a4 R12: 0000000000000001
R13: 1ffff11003b51b88 R14: 0000000000000001 R15: 1ffff11003b51b88
FS: 0000000000000000(0000) GS:ffff88812601f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055556d96e4e8 CR3: 0000000041320000 CR4: 00000000003526f0
Call Trace:
arch_safe_halt arch/x86/kernel/process.c:766 [inline]
default_idle+0x9/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x72/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:199 [inline]
do_idle+0x36a/0x5f0 kernel/sched/idle.c:352
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:451
start_secondary+0x101/0x110 arch/x86/kernel/smpboot.c:312
common_startup_64+0x13e/0x157
final repro crashed as (corrupted=false):
INFO: task kworker/1:5:5959 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:5 state:D stack:21568 pid:5959 tgid:5959 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: usb_hub_wq hub_event
Call Trace:
context_switch kernel/sched/core.c:5396 [inline]
__schedule+0x16f9/0x5500 kernel/sched/core.c:7197
__schedule_loop kernel/sched/core.c:7276 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7291
schedule_timeout+0xc3/0x2c0 kernel/time/sleep_timeout.c:75
do_wait_for_common kernel/sched/completion.c:100 [inline]
__wait_for_common kernel/sched/completion.c:121 [inline]
wait_for_common kernel/sched/completion.c:132 [inline]
wait_for_completion+0x2cc/0x5e0 kernel/sched/completion.c:153
i2c_del_adapter+0x5c0/0x790 drivers/i2c/i2c-core-base.c:1813
dvb_usbv2_probe+0x4c0/0x3c20 drivers/media/usb/dvb-usb-v2/dvb_usb_core.c:994
usb_probe_interface+0x659/0xc70 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:707
__driver_probe_device+0x1e2/0x350 drivers/base/dd.c:869
driver_probe_device+0x4f/0x240 drivers/base/dd.c:899
__device_attach_driver+0x270/0x410 drivers/base/dd.c:1027
bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c8/0x450 drivers/base/dd.c:1099
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1154
bus_probe_device+0x12d/0x220 drivers/base/bus.c:620
device_add+0x7ec/0xb90 drivers/base/core.c:3702
usb_set_configuration+0x1a87/0x2110 drivers/usb/core/message.c:2268
usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:250
usb_probe_device+0x1c4/0x3b0 drivers/usb/core/driver.c:291
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:707
__driver_probe_device+0x1e2/0x350 drivers/base/dd.c:869
driver_probe_device+0x4f/0x240 drivers/base/dd.c:899
__device_attach_driver+0x270/0x410 drivers/base/dd.c:1027
bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c8/0x450 drivers/base/dd.c:1099
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1154
bus_probe_device+0x12d/0x220 drivers/base/bus.c:620
device_add+0x7ec/0xb90 drivers/base/core.c:3702
usb_new_device+0x9f8/0x16e0 drivers/usb/core/hub.c:2695
hub_port_connect drivers/usb/core/hub.c:5567 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x2a49/0x4f60 drivers/usb/core/hub.c:5953
process_one_work+0x98b/0x1630 kernel/workqueue.c:3306
process_scheduled_works kernel/workqueue.c:3389 [inline]
worker_thread+0xb49/0x1140 kernel/workqueue.c:3470
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Showing all locks held in the system:
1 lock held by khungtaskd/39:
#0: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#0: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
#0: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6777
5 locks held by kworker/u8:3/56:
#0: ffff888032dcc138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
#1: ffffc9000122fc40 ((work_completion)(&(&forw_packet_aggr->delayed_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
#2: ffff88803e857110 (&hard_iface->bat_iv.ogm_buff_mutex){+.+.}-{4:4}, at: batadv_iv_ogm_schedule+0xef/0xf60 net/batman-adv/bat_iv_ogm.c:875
#3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
#3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
#3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: batadv_iv_ogm_slide_own_bcast_window net/batman-adv/bat_iv_ogm.c:764 [inline]
#3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:836 [inline]
#3: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: batadv_iv_ogm_schedule+0x45c/0xf60 net/batman-adv/bat_iv_ogm.c:876
#4: ffffffff8dfc8240 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
3 locks held by kworker/u9:0/60:
#0: ffff88803706d138 ((wq_completion)hci2){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
#1: ffffc9000126fc40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
#2: ffff888040a44f80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
2 locks held by getty/5363:
#0: ffff8880360710a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90003cc62e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0 drivers/tty/n_tty.c:2211
4 locks held by udevd/5653:
#0: ffff88803892bb80 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb8/0xe20 fs/seq_file.c:183
#1: ffff888033725078 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x5c/0x420 fs/kernfs/file.c:172
#2: ffff888034d3d1e8 (kn->active#29){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888034d3d1e8 (kn->active#29){.+.+}-{0:0}, at: kernfs_seq_start+0xb2/0x420 fs/kernfs/file.c:173
#3: ffff88803a948210 (&dev->mutex){....}-{4:4}, at: device_lock_interruptible include/linux/device.h:1043 [inline]
#3: ffff88803a948210 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0 drivers/usb/core/sysfs.c:142
5 locks held by kworker/1:5/5959:
#0: ffff888022adad38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3281
#1: ffffc90002f97c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3282
#2: ffff88802a472210 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1038 [inline]
#2: ffff88802a472210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60 drivers/usb/core/hub.c:5899
#3: ffff88803a948210 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1038 [inline]
#3: ffff88803a948210 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 drivers/base/dd.c:1074
#4: ffff88801ab7c1d8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1038 [inline]
#4: ffff88801ab7c1d8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 drivers/base/dd.c:1074
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
__sys_info lib/sys_info.c:157 [inline]
sys_info+0x135/0x170 lib/sys_info.c:165
check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
watchdog+0xfd3/0x1030 kernel/hung_task.c:561
kthread+0x388/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:64
Code: 6b 64 02 e9 83 cc 03 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 eb 20 00 fb f4 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90
RSP: 0018:ffffc900001e7e20 EFLAGS: 00000242
RAX: 00000000000e5a2f RBX: ffffffff81997aaa RCX: 0000000080000001
RDX: 0000000000000001 RSI: ffffffff8d626ff0 RDI: ffffffff8ba85b60
RBP: ffffc900001e7f10 R08: ffff8880b8733d1b R09: 1ffff110170e67a3
R10: dffffc0000000000 R11: ffffed10170e67a4 R12: 0000000000000001
R13: 1ffff11003b51b88 R14: 0000000000000001 R15: 1ffff11003b51b88
FS: 0000000000000000(0000) GS:ffff88812601f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055556d96e4e8 CR3: 0000000041320000 CR4: 00000000003526f0
Call Trace:
arch_safe_halt arch/x86/kernel/process.c:766 [inline]
default_idle+0x9/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x72/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:199 [inline]
do_idle+0x36a/0x5f0 kernel/sched/idle.c:352
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:451
start_secondary+0x101/0x110 arch/x86/kernel/smpboot.c:312
common_startup_64+0x13e/0x157