Extracting prog: 55m50.373166539s Minimizing prog: 1h48m49.922871915s Simplifying prog options: 0s Extracting C: 4m10.964012385s Simplifying C: 25m39.30973409s extracting reproducer from 73 programs testing a last program of every proc single: executing 23 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$iommufd-socket$netlink-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-sched_setscheduler-syz_open_procfs-pread64 detailed listing: executing program 0: openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x2401, 0x0) socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xbf5ce000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/igmp\x00') pread64(r3, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$tty1-socket$nl_netfilter-unshare-syz_usb_connect-semget$private-syz_open_dev$sg-prlimit64-sched_setscheduler-getpid-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-ioctl$SG_IO-writev detailed listing: executing program 0: syz_usb_connect(0x0, 0x202, &(0x7f0000000180)=ANY=[@ANYBLOB="1201100152018b401e040740185d000000010902f00101040000030904"], 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x8000000) syz_usb_connect(0x4, 0x6dc, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0x99, 0x11, 0xf9, 0x40, 0x9710, 0x7832, 0x8ee9, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6ca, 0x2, 0x1, 0x5d, 0x80, 0x7f, "", [{{0x9, 0x4, 0x81, 0x2, 0xb, 0x3f, 0x5d, 0xb7, 0x3, [@hid_hid={0x9, 0x21, 0x2, 0x3, 0x1, {0x22, 0xff4}}, @uac_as={[@format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x8, 0x4, 0x0, 0x5, "aef2", "aa5b"}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x3276, 0x14c, 0x7, 0x7}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x1, 0x3, 0x7, 0x4}]}], [{{0x9, 0x5, 0x8, 0x1f, 0x400, 0x5, 0x4, 0x9f, [@generic={0x101, 0xa, "78d205ce29a0f3bfaaa13dd51f9efe133dadc688f6f652e671fca8177647b47fe00222163548b365f44ca3c3c749d03558035a9503330c8af4be972ef021eec439157e97c438b3ae3a176150cde5bec202b22e64d961bfad238062d9f1189e9a80e8bf718076b2dec6ca1ec4b92c6055af5ce0f2e8d45b8dc8a71bb11a6fd274114be4621cb26da381ca98854bcc1aa9d9b358f047734281bd7414c84862f381984ed433efea28c7a689abab097d1bef5482dcb671e5f4742d9527f921747311a8c54acd8377886cb0ab60224dffdd8f996552fae3c0c498792520f9d57defac35a039f2b1886abbee48034b62165e31ce54b9a40a3cc69f8090088a4735fa"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x20, 0x8, 0x4, 0x0, [@generic={0x15, 0x22, "0c71344b331313277d005df5ac15998e05f2bd"}]}}, {{0x9, 0x5, 0x8, 0xc, 0x0, 0x1, 0x35, 0xf}}, {{0x9, 0x5, 0x0, 0x1, 0x3f7, 0xc, 0xc9, 0xfc, [@generic={0x8b, 0xf, "e29880252ddf6150df9bbd16006d27920f2e18984f368b16851ecf8181becf59382f9d2ab10e8017321957de0c183cdde40b8329e90acef3493b488ab62a2188d0cd40404bd9dd206dbcc6476652714b34121a3d3b063b6f58a83a5cfbbbd616156dfd452eda2de272c461ed0819a4cd6c52d4160b18adb87662f5bdb32f2e448cd5be16a805e4a3b7"}, @uac_iso={0x7, 0x25, 0x1, 0x4, 0x2, 0x101}]}}, {{0x9, 0x5, 0xf, 0x10, 0x3ff, 0x9, 0x10, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x8, 0x2, 0x8}, @generic={0xf2, 0x23, "f9e58db67a7ddc9d9b2551eb57feba0dc867e726d108aa1ad0066dc68367dffc4dc55b2bde790cb4f3e5a608f131d983232266f0006285c8c7e875952c407a383e1c6023fa72ece6cc8cb0219ef97ed0bdacda3a82a62ad367cb46894dec6753038e448371fdbe12905cd7d58ee2f02332f6788c01fb4f64823607afd4ecb80368a8e06587017ab8a19bcd1380f8d1872c99bc789d55ad50c488e0bcd0d3f5a4745506d46e2e075de140c7ec4f42abba27556ea06779015c3dfcdeb2a259637fdf11ad08b20bfbfdbbb28bd69a0c9cd8ecaddeeda0aec03ce6c5afa62f90a660d7a62ff9e1f37a4f18e8cd7ade700b27"}]}}, {{0x9, 0x5, 0x2, 0x10, 0x400, 0x2, 0x6, 0x9}}, {{0x9, 0x5, 0x6, 0x1b, 0x3ff, 0x4, 0x8, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x9, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x4, 0x3, 0xcab}]}}, {{0x9, 0x5, 0x7, 0xc, 0x8, 0x6, 0x80, 0x2, [@generic={0x67, 0x22, "f7bc6a9afadecf7b2f6460948f9d2c06e30aad84c6e814be6cd356f1c525f614d52ea65ea487934e4704815c0299336dab7e4b8585852607aca5ec94ab0a963ccf9082d83b3e068b68f607c9632052004f39d5c1da7922ccea168839e1bcd2620610f76177"}]}}, {{0x9, 0x5, 0x4, 0x3, 0x0, 0x5, 0x51, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0xb0, 0x200}, @generic={0x4d, 0xe, "47d74121bcdb043201f232764ffdcc4d6ab48f0deb3883ea2ea57ad68c57136f9f17a7d3caa1a4401533c4b961c932af434e639f7312a742c68fafc4da927ee7c18ea642ef4930d87327e9"}]}}, {{0x9, 0x5, 0x5, 0x15c7fb139ca96ed5, 0x8, 0x7, 0x3, 0x81}}, {{0x9, 0x5, 0x3, 0xc, 0x210, 0x2, 0x0, 0xfc, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x7}]}}]}}, {{0x9, 0x4, 0xd1, 0x3, 0x6, 0xa1, 0xf8, 0x19, 0x8, [], [{{0x9, 0x5, 0x7, 0x10, 0x20, 0x35, 0x9e, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0xfc, 0x7}]}}, {{0x9, 0x5, 0xd, 0x0, 0x8, 0x10, 0x3, 0xe6, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xd, 0xff7f}, @generic={0x1e, 0x23, "f029ef37ba743e28c564c4dd708ce595059f94c49210658ff121a76f"}]}}, {{0x9, 0x5, 0x3, 0xc, 0x400, 0x0, 0x0, 0x7}}, {{0x9, 0x5, 0x11d6f294a428f986, 0xc, 0x40, 0x3, 0xe2, 0x9}}, {{0x9, 0x5, 0x6, 0x0, 0x400, 0xc, 0x15, 0x6, [@generic={0xc9, 0x31, "bde8567dfd5f71036e409f3237f36945e7136080b6cc3f8a1653bf0078e953b0d0edcabb032252242ad2323d227a611d31f4e2b82d6c061949523a7e6cf5572d2203c0d54b29ad0d9a21c6b2f3afd152a44b97d67693bcdbd607a338939a0ba4902f2ef9fdf1e2c17671ccb4b723a05b64bf9b980be35ea22c0f35c4c0eab4e8c3bc1db346013853ff215ca3d436d22ef860606f9025692c38ecea940ba9ac3da0afb738509e52d661c8c95663ffd6adf2f8a7969913540c5dde1890c838232806887aaa4cb291"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x20, 0xb, 0x4, 0x2, [@generic={0xe2, 0x8, "8f573f7f230bcce25012179761ddb1210897736fb4fd0a6f009895c3e6a17d15c22bbe03fe50663d3e8b05b4f3b87177a55fdc5e3c04b1d0949cba76034797527197cdd52102e3e63c5f64bf0de114181fa19b81ac888e4c627dd38da9396c62609d4693a5898c4a0acc15403c382e1eed9da524bc1dd169c32f82be393ee4cd2d392804b6519ed5c6adf99e4f4c4d6512a721f54660826ca3465d35ae471b968c4fe0b1c58f5ac39a6b879aaedebe1aaf01e409f1a0309587e46822886cfe289d17066ec01b6124948beebbf67093584bb3ce597afa80b2b9fe3ad8d92a9639"}, @generic={0xa5, 0x7372e1a94d41c92e, "ba072690e6f9b1644873979127d5593c883c4dc56fbe3d5e6f82228660834c8092d110438af696dfc6811e496126923e75641b77d79b3cb7643640112c57c1acc570c4d790a01eb39ae713c0a9f7d1bf6341ebd5ceab03b13f41ed7eef98db143b2be981cfa835a84a171a2e818e94b4dd5600f6a1cceed378c7d4f4cf596c45d87e85f061647c360772a0c2047bfb0789aa7ccf8381db6b651256e28c371d9e883602"}]}}]}}]}}]}}, &(0x7f0000000c00)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x201, 0x6, 0x80, 0x3, 0x20, 0x7f}, 0x5, &(0x7f0000000080)={0x5, 0xf, 0x5}, 0x8, [{0x62, &(0x7f00000008c0)=@string={0x62, 0x3, "815489558876a72943bf3e292ba592c2a9bc969eef145f15774d652dc2244b7beb0e331815938c9518a166e70eee572396786d9b14353fbc3f7a90075555387f46c68a8835c8cdada679fd5ca9d26a192e5f26103b84d03024e6a552c0ec42c5"}}, {0x4, &(0x7f0000000940)=@lang_id={0x4, 0x3, 0x444}}, {0xb, &(0x7f0000000980)=@string={0xb, 0x3, "b5b3cd7f9c596918b5"}}, {0x3f, &(0x7f00000009c0)=@string={0x3f, 0x3, "4bfca8eca1d8060f8eba4cbc1b753887badb73a647ab003dacee009ec78f7a164a531c5e5137a25699518d5b7605ef6e98577f7d0fdb0f3b44a9cd63dc"}}, {0x38, &(0x7f0000000a00)=@string={0x38, 0x3, "02e292f93330a3c154e1384514b030c33cf25210c5efb51f91e9ee3324f079bde0a94cb1f484560bfbd56849015cd8df05849aa9117c"}}, {0xcf, &(0x7f0000000a40)=@string={0xcf, 0x3, "7b2dac3709e0f44b2626d377218c40d06f720189b55aeb937d4e6fa510a727f23ad7ab02f97d0df9d3ccebae72e73cc5db0d0f159db17b2836f29ce155939b8236d2f34d4fae03a57ba603483efcf5d7d0aa43da286ec570043a6450b72ab8cb50b115c8026a5ad270811f9c1f41715f195c1fe0dc15e61838f593b24636da7fe3d6c39101ff4cedaf0f45395f99ae8c722008e844ae0c34157097376313894558c3fef67919d216cacd869e303a8030999fbda141e9fb24d355ebb7c0e4cbd1db206745339436e1461c21689b"}}, {0x4, &(0x7f0000000b40)=@lang_id={0x4, 0x3, 0x140c}}, {0x54, &(0x7f0000000b80)=@string={0x54, 0x3, "790cf4da9b9213457a31ea7edcc7ee3194fe43df4dfaa5251a1ca6c022f389f363cb2205e59fb0b3bf49f8fea4cdd8fd627e064b4dde2050f3011e0e9c8516fcbdc6e8d7f21d93c97bec42850a90c650a6d4"}}]}) semget$private(0x0, 0x4000, 0x0) r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-socket$nl_generic-syz_genetlink_get_family_id$devlink-sendmsg$DEVLINK_CMD_RATE_GET-socket$inet-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-ioctl$SNDCTL_SEQ_OUTOFBAND detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01030000000000000000340000000800030070636900110002"], 0x30}}, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, &(0x7f0000000080)=@t={0x81, 0x6, 0x0, 0x0, @generic}) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-sendmmsg$unix-socket$can_bcm-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, 0x0, 0x0, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) r2 = syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679d, 0x400, 0x2000006, 0x3ce}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x2400c0c7, 0x1}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-sync detailed listing: executing program 0: syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sync() program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-sync detailed listing: executing program 0: syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sync() program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$IPSET_CMD_CREATE-socket$nl_netfilter-socket$nl_xfrm-bpf$PROG_LOAD-bpf$MAP_UPDATE_ELEM_TAIL_CALL-sendmsg$IPSET_CMD_ADD detailed listing: executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000005b40)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005c00)={0x58, 0x2, 0x6, 0x301, 0xe4340000, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xd0}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x58}}, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$IPSET_CMD_CREATE-socket$nl_netfilter-socket$nl_xfrm-bpf$PROG_LOAD-bpf$MAP_UPDATE_ELEM_TAIL_CALL-sendmsg$IPSET_CMD_ADD detailed listing: executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000005b40)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005c00)={0x58, 0x2, 0x6, 0x301, 0xe4340000, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xd0}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x58}}, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-socket$packet-prctl$PR_SCHED_CORE-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r3 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r2}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) program crashed: INFO: task hung in io_wq_put_and_exit single: successfully extracted reproducer found reproducer with 12 syscalls minimizing guilty program testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-socket$packet-prctl$PR_SCHED_CORE-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit detailed listing: executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r2}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-socket$packet-prctl$PR_SCHED_CORE-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-io_uring_enter detailed listing: executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r3 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r2}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-socket$packet-prctl$PR_SCHED_CORE-openat$nullb-syz_io_uring_setup-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r3 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r2}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-socket$packet-prctl$PR_SCHED_CORE-openat$nullb-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-socket$packet-prctl$PR_SCHED_CORE-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-socket$packet-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r3 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r2}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) program crashed: INFO: task hung in io_wq_put_and_exit testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r3 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r2}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) program crashed: INFO: task hung in io_wq_put_and_exit testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-socketpair$unix-connect$unix-sendmmsg$unix-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r3 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r2}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) program crashed: INFO: task hung in io_wq_put_and_exit testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-socketpair$unix-connect$unix-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r2 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r1}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r1, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) program crashed: INFO: task hung in io_wq_put_and_exit testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-socketpair$unix-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r0}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) program crashed: INFO: task hung in io_wq_put_and_exit testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r0}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) program crashed: INFO: task hung in io_wq_put_and_exit testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r0}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) program crashed: INFO: task hung in io_wq_put_and_exit testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r0}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x52a, 0x0, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r0}, 0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r0}, &(0x7f00000004c0)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r0}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r0}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, 0x0) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r0}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, 0x0, 0x0, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r0}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{0x0}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter program crashed: INFO: task hung in io_wq_put_and_exit simplifying C reproducer testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter program crashed: INFO: task hung in io_wq_put_and_exit testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter program crashed: INFO: task hung in io_wq_put_and_exit testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter program crashed: INFO: task hung in io_wq_put_and_exit testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter program crashed: INFO: task hung in io_wq_put_and_exit testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter program crashed: INFO: task hung in io_wq_put_and_exit testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter program crashed: INFO: task hung in io_wq_put_and_exit testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r0}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) program crashed: INFO: task hung in io_wq_put_and_exit validation run: crashed=true testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r0}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) program crashed: INFO: task hung in io_wq_put_and_exit validation run: crashed=true testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x52a, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x261, 0x0, r0}, &(0x7f00000004c0)=0x0, &(0x7f00000003c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) program crashed: INFO: task hung in io_wq_put_and_exit validation run: crashed=true reproducing took 3h24m4.664311531s repro crashed as (corrupted=false): INFO: task syz.1.18:5980 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.1.18 state:D stack:24656 pid:5980 ppid:5900 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_timeout+0xc1/0x2d0 kernel/time/timer.c:2144 do_wait_for_common kernel/sched/completion.c:95 [inline] __wait_for_common kernel/sched/completion.c:116 [inline] wait_for_common kernel/sched/completion.c:127 [inline] wait_for_completion+0x2cb/0x5b0 kernel/sched/completion.c:148 io_wq_exit_workers io_uring/io-wq.c:1266 [inline] io_wq_put_and_exit+0x474/0x810 io_uring/io-wq.c:1294 io_uring_clean_tctx+0x130/0x1b0 io_uring/tctx.c:204 io_uring_cancel_generic+0x610/0x6c0 io_uring/io_uring.c:3507 io_uring_files_cancel include/linux/io_uring.h:69 [inline] do_exit+0x5f1/0x2460 kernel/exit.c:829 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024 __do_sys_exit_group kernel/exit.c:1035 [inline] __se_sys_exit_group kernel/exit.c:1033 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f065199c799 RSP: 002b:00007ffe94be71b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f065199c799 RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 0000000000000000 R09: 00007f0651be63e0 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f0651be63e0 R14: 0000000000000003 R15: 00007ffe94be7270 INFO: task syz.3.20:5982 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.3.20 state:D stack:25448 pid:5982 ppid:5905 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_timeout+0xc1/0x2d0 kernel/time/timer.c:2144 do_wait_for_common kernel/sched/completion.c:95 [inline] __wait_for_common kernel/sched/completion.c:116 [inline] wait_for_common kernel/sched/completion.c:127 [inline] wait_for_completion+0x2cb/0x5b0 kernel/sched/completion.c:148 io_wq_exit_workers io_uring/io-wq.c:1266 [inline] io_wq_put_and_exit+0x474/0x810 io_uring/io-wq.c:1294 io_uring_clean_tctx+0x130/0x1b0 io_uring/tctx.c:204 io_uring_cancel_generic+0x610/0x6c0 io_uring/io_uring.c:3507 io_uring_files_cancel include/linux/io_uring.h:69 [inline] do_exit+0x5f1/0x2460 kernel/exit.c:829 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024 __do_sys_exit_group kernel/exit.c:1035 [inline] __se_sys_exit_group kernel/exit.c:1033 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f5d1979c799 RSP: 002b:00007fff2d0e1a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5d1979c799 RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 0000000000000000 R09: 00007f5d199e63e0 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f5d199e63e0 R14: 0000000000000003 R15: 00007fff2d0e1af0 INFO: task syz.2.19:5987 blocked for more than 144 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.2.19 state:D stack:25448 pid:5987 ppid:5902 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_timeout+0xc1/0x2d0 kernel/time/timer.c:2144 do_wait_for_common kernel/sched/completion.c:95 [inline] __wait_for_common kernel/sched/completion.c:116 [inline] wait_for_common kernel/sched/completion.c:127 [inline] wait_for_completion+0x2cb/0x5b0 kernel/sched/completion.c:148 io_wq_exit_workers io_uring/io-wq.c:1266 [inline] io_wq_put_and_exit+0x474/0x810 io_uring/io-wq.c:1294 io_uring_clean_tctx+0x130/0x1b0 io_uring/tctx.c:204 io_uring_cancel_generic+0x610/0x6c0 io_uring/io_uring.c:3507 io_uring_files_cancel include/linux/io_uring.h:69 [inline] do_exit+0x5f1/0x2460 kernel/exit.c:829 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024 __do_sys_exit_group kernel/exit.c:1035 [inline] __se_sys_exit_group kernel/exit.c:1033 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f513c39c799 RSP: 002b:00007ffe5f3a2d68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f513c39c799 RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 0000000000000000 R09: 00007f513c5e63e0 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f513c5e63e0 R14: 0000000000000003 R15: 00007ffe5f3a2e20 INFO: task syz.0.17:5991 blocked for more than 145 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.17 state:D stack:24712 pid:5991 ppid:5897 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_timeout+0xc1/0x2d0 kernel/time/timer.c:2144 do_wait_for_common kernel/sched/completion.c:95 [inline] __wait_for_common kernel/sched/completion.c:116 [inline] wait_for_common kernel/sched/completion.c:127 [inline] wait_for_completion+0x2cb/0x5b0 kernel/sched/completion.c:148 io_wq_exit_workers io_uring/io-wq.c:1266 [inline] io_wq_put_and_exit+0x474/0x810 io_uring/io-wq.c:1294 io_uring_clean_tctx+0x130/0x1b0 io_uring/tctx.c:204 io_uring_cancel_generic+0x610/0x6c0 io_uring/io_uring.c:3507 io_uring_files_cancel include/linux/io_uring.h:69 [inline] do_exit+0x5f1/0x2460 kernel/exit.c:829 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024 __do_sys_exit_group kernel/exit.c:1035 [inline] __se_sys_exit_group kernel/exit.c:1033 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f296ff9c799 RSP: 002b:00007ffda016cf28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f296ff9c799 RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 0000000000000000 R09: 00007f29701e63e0 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f29701e63e0 R14: 0000000000000003 R15: 00007ffda016cfe0 Showing all locks held in the system: 1 lock held by khungtaskd/29: #0: ffffffff8d132060 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline] #0: ffffffff8d132060 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline] #0: ffffffff8d132060 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 kernel/locking/lockdep.c:6633 2 locks held by kworker/u4:4/55: 2 locks held by dhcpcd/5432: #0: ffff8880216a9690 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0xf4/0x810 net/netlink/af_netlink.c:2336 #1: ffffffff8e3c0d48 (rtnl_mutex){+.+.}-{3:3}, at: netlink_dump+0x78f/0xe50 net/netlink/af_netlink.c:2263 2 locks held by getty/5528: #0: ffff88802d8ea0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243 #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 drivers/tty/n_tty.c:2217 1 lock held by syz-executor/6455: 1 lock held by syz-executor/6457: #0: ffffffff8e3c0d48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0d48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 2 locks held by syz-executor/6472: #0: ffffffff8e3b3d10 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x351/0x5e0 net/core/net_namespace.c:516 #1: ffffffff8e3c0d48 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x2cf/0x790 net/ipv4/ip_tunnel.c:1103 2 locks held by syz-executor/6475: #0: ffffffff8e3b3d10 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x351/0x5e0 net/core/net_namespace.c:516 #1: ffffffff8e3c0d48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x88/0x240 net/ipv4/nexthop.c:3636 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 Call Trace: dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106 nmi_cpu_backtrace+0x3a6/0x3e0 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x17a/0x2f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline] watchdog+0xf3d/0xf80 kernel/hung_task.c:379 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 132 Comm: kworker/u4:5 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 Workqueue: events_unbound nsim_dev_trap_report_work RIP: 0010:kasan_mem_to_shadow include/linux/kasan.h:60 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:127 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:178 [inline] RIP: 0010:kasan_check_range+0x41/0x290 mm/kasan/generic.c:187 Code: 54 53 4c 8d 04 37 49 39 f8 0f 82 13 02 00 00 49 89 f9 49 c1 e9 2f 41 81 f9 ff ff 01 00 0f 82 ff 01 00 00 49 89 ff 49 c1 ef 03 <49> ba 00 00 00 00 00 fc ff df 4f 8d 1c 17 49 ff c8 4d 89 c1 49 c1 RSP: 0018:ffffc90002db7928 EFLAGS: 00000a02 RAX: ffffffff84aae401 RBX: 0000000000000040 RCX: ffffffff84aae558 RDX: 0000000000000001 RSI: 0000000000000040 RDI: ffffc90002db79a0 RBP: 0000000000000000 R08: ffffc90002db79e0 R09: 000000000001ffff R10: dffffc0000000000 R11: fffffbfff22382bf R12: 1ffff920005b6f30 R13: 0000000000000002 R14: ffffc90002db79a0 R15: 1ffff920005b6f34 FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f72dffe7420 CR3: 000000004b186000 CR4: 00000000003506e0 Call Trace: __asan_memset+0x22/0x40 mm/kasan/shadow.c:84 memzero_explicit include/linux/string.h:279 [inline] _get_random_bytes+0x1e8/0x250 drivers/char/random.c:397 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:776 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:805 [inline] nsim_dev_trap_report_work+0x654/0xb00 drivers/net/netdevsim/dev.c:851 process_one_work kernel/workqueue.c:2653 [inline] process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 final repro crashed as (corrupted=false): INFO: task syz.1.18:5980 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.1.18 state:D stack:24656 pid:5980 ppid:5900 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_timeout+0xc1/0x2d0 kernel/time/timer.c:2144 do_wait_for_common kernel/sched/completion.c:95 [inline] __wait_for_common kernel/sched/completion.c:116 [inline] wait_for_common kernel/sched/completion.c:127 [inline] wait_for_completion+0x2cb/0x5b0 kernel/sched/completion.c:148 io_wq_exit_workers io_uring/io-wq.c:1266 [inline] io_wq_put_and_exit+0x474/0x810 io_uring/io-wq.c:1294 io_uring_clean_tctx+0x130/0x1b0 io_uring/tctx.c:204 io_uring_cancel_generic+0x610/0x6c0 io_uring/io_uring.c:3507 io_uring_files_cancel include/linux/io_uring.h:69 [inline] do_exit+0x5f1/0x2460 kernel/exit.c:829 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024 __do_sys_exit_group kernel/exit.c:1035 [inline] __se_sys_exit_group kernel/exit.c:1033 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f065199c799 RSP: 002b:00007ffe94be71b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f065199c799 RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 0000000000000000 R09: 00007f0651be63e0 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f0651be63e0 R14: 0000000000000003 R15: 00007ffe94be7270 INFO: task syz.3.20:5982 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.3.20 state:D stack:25448 pid:5982 ppid:5905 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_timeout+0xc1/0x2d0 kernel/time/timer.c:2144 do_wait_for_common kernel/sched/completion.c:95 [inline] __wait_for_common kernel/sched/completion.c:116 [inline] wait_for_common kernel/sched/completion.c:127 [inline] wait_for_completion+0x2cb/0x5b0 kernel/sched/completion.c:148 io_wq_exit_workers io_uring/io-wq.c:1266 [inline] io_wq_put_and_exit+0x474/0x810 io_uring/io-wq.c:1294 io_uring_clean_tctx+0x130/0x1b0 io_uring/tctx.c:204 io_uring_cancel_generic+0x610/0x6c0 io_uring/io_uring.c:3507 io_uring_files_cancel include/linux/io_uring.h:69 [inline] do_exit+0x5f1/0x2460 kernel/exit.c:829 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024 __do_sys_exit_group kernel/exit.c:1035 [inline] __se_sys_exit_group kernel/exit.c:1033 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f5d1979c799 RSP: 002b:00007fff2d0e1a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5d1979c799 RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 0000000000000000 R09: 00007f5d199e63e0 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f5d199e63e0 R14: 0000000000000003 R15: 00007fff2d0e1af0 INFO: task syz.2.19:5987 blocked for more than 144 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.2.19 state:D stack:25448 pid:5987 ppid:5902 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_timeout+0xc1/0x2d0 kernel/time/timer.c:2144 do_wait_for_common kernel/sched/completion.c:95 [inline] __wait_for_common kernel/sched/completion.c:116 [inline] wait_for_common kernel/sched/completion.c:127 [inline] wait_for_completion+0x2cb/0x5b0 kernel/sched/completion.c:148 io_wq_exit_workers io_uring/io-wq.c:1266 [inline] io_wq_put_and_exit+0x474/0x810 io_uring/io-wq.c:1294 io_uring_clean_tctx+0x130/0x1b0 io_uring/tctx.c:204 io_uring_cancel_generic+0x610/0x6c0 io_uring/io_uring.c:3507 io_uring_files_cancel include/linux/io_uring.h:69 [inline] do_exit+0x5f1/0x2460 kernel/exit.c:829 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024 __do_sys_exit_group kernel/exit.c:1035 [inline] __se_sys_exit_group kernel/exit.c:1033 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f513c39c799 RSP: 002b:00007ffe5f3a2d68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f513c39c799 RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 0000000000000000 R09: 00007f513c5e63e0 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f513c5e63e0 R14: 0000000000000003 R15: 00007ffe5f3a2e20 INFO: task syz.0.17:5991 blocked for more than 145 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.17 state:D stack:24712 pid:5991 ppid:5897 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5381 [inline] __schedule+0x1553/0x45a0 kernel/sched/core.c:6700 schedule+0xbd/0x170 kernel/sched/core.c:6774 schedule_timeout+0xc1/0x2d0 kernel/time/timer.c:2144 do_wait_for_common kernel/sched/completion.c:95 [inline] __wait_for_common kernel/sched/completion.c:116 [inline] wait_for_common kernel/sched/completion.c:127 [inline] wait_for_completion+0x2cb/0x5b0 kernel/sched/completion.c:148 io_wq_exit_workers io_uring/io-wq.c:1266 [inline] io_wq_put_and_exit+0x474/0x810 io_uring/io-wq.c:1294 io_uring_clean_tctx+0x130/0x1b0 io_uring/tctx.c:204 io_uring_cancel_generic+0x610/0x6c0 io_uring/io_uring.c:3507 io_uring_files_cancel include/linux/io_uring.h:69 [inline] do_exit+0x5f1/0x2460 kernel/exit.c:829 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024 __do_sys_exit_group kernel/exit.c:1035 [inline] __se_sys_exit_group kernel/exit.c:1033 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f296ff9c799 RSP: 002b:00007ffda016cf28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f296ff9c799 RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000003 R08: 0000000000000000 R09: 00007f29701e63e0 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f29701e63e0 R14: 0000000000000003 R15: 00007ffda016cfe0 Showing all locks held in the system: 1 lock held by khungtaskd/29: #0: ffffffff8d132060 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline] #0: ffffffff8d132060 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline] #0: ffffffff8d132060 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 kernel/locking/lockdep.c:6633 2 locks held by kworker/u4:4/55: 2 locks held by dhcpcd/5432: #0: ffff8880216a9690 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0xf4/0x810 net/netlink/af_netlink.c:2336 #1: ffffffff8e3c0d48 (rtnl_mutex){+.+.}-{3:3}, at: netlink_dump+0x78f/0xe50 net/netlink/af_netlink.c:2263 2 locks held by getty/5528: #0: ffff88802d8ea0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243 #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 drivers/tty/n_tty.c:2217 1 lock held by syz-executor/6455: 1 lock held by syz-executor/6457: #0: ffffffff8e3c0d48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff8e3c0d48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x811/0xfa0 net/core/rtnetlink.c:6469 2 locks held by syz-executor/6472: #0: ffffffff8e3b3d10 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x351/0x5e0 net/core/net_namespace.c:516 #1: ffffffff8e3c0d48 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x2cf/0x790 net/ipv4/ip_tunnel.c:1103 2 locks held by syz-executor/6475: #0: ffffffff8e3b3d10 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x351/0x5e0 net/core/net_namespace.c:516 #1: ffffffff8e3c0d48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x88/0x240 net/ipv4/nexthop.c:3636 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 Call Trace: dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106 nmi_cpu_backtrace+0x3a6/0x3e0 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x17a/0x2f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline] watchdog+0xf3d/0xf80 kernel/hung_task.c:379 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 132 Comm: kworker/u4:5 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 Workqueue: events_unbound nsim_dev_trap_report_work RIP: 0010:kasan_mem_to_shadow include/linux/kasan.h:60 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:127 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:178 [inline] RIP: 0010:kasan_check_range+0x41/0x290 mm/kasan/generic.c:187 Code: 54 53 4c 8d 04 37 49 39 f8 0f 82 13 02 00 00 49 89 f9 49 c1 e9 2f 41 81 f9 ff ff 01 00 0f 82 ff 01 00 00 49 89 ff 49 c1 ef 03 <49> ba 00 00 00 00 00 fc ff df 4f 8d 1c 17 49 ff c8 4d 89 c1 49 c1 RSP: 0018:ffffc90002db7928 EFLAGS: 00000a02 RAX: ffffffff84aae401 RBX: 0000000000000040 RCX: ffffffff84aae558 RDX: 0000000000000001 RSI: 0000000000000040 RDI: ffffc90002db79a0 RBP: 0000000000000000 R08: ffffc90002db79e0 R09: 000000000001ffff R10: dffffc0000000000 R11: fffffbfff22382bf R12: 1ffff920005b6f30 R13: 0000000000000002 R14: ffffc90002db79a0 R15: 1ffff920005b6f34 FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f72dffe7420 CR3: 000000004b186000 CR4: 00000000003506e0 Call Trace: __asan_memset+0x22/0x40 mm/kasan/shadow.c:84 memzero_explicit include/linux/string.h:279 [inline] _get_random_bytes+0x1e8/0x250 drivers/char/random.c:397 nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:776 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:805 [inline] nsim_dev_trap_report_work+0x654/0xb00 drivers/net/netdevsim/dev.c:851 process_one_work kernel/workqueue.c:2653 [inline] process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293