Extracting prog: 51m25.170397044s Minimizing prog: 1h45m27.826104092s Simplifying prog options: 0s Extracting C: 3m23.247780678s Simplifying C: 24m25.087112234s extracting reproducer from 77 programs testing a last program of every proc single: executing 27 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-prlimit64-sched_setscheduler-getpid-sched_setscheduler-accept4$packet-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-write$RDMA_USER_CM_CMD_CREATE_ID-bpf$BPF_RAW_TRACEPOINT_OPEN-madvise-syz_open_dev$loop-process_vm_readv-syz_clone-ptrace-rt_tgsigqueueinfo-tkill-ptrace$peeksig-mbind-mlock detailed listing: executing program 0: socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x80000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) syz_open_dev$loop(0x0, 0x4000000001, 0xc2844cc3100cc88a) process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000008640)=[{&(0x7f0000000300)=""/87, 0x57}], 0x1, 0x0) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) rt_tgsigqueueinfo(r3, r3, 0x10, &(0x7f0000000140)={0x3d, 0x3, 0xfffffff9}) tkill(r3, 0x2e) ptrace$peeksig(0x4209, r3, &(0x7f0000000100)={0x8000000000000000, 0x0, 0x1}, &(0x7f0000000000)=[{}]) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x1) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-syz_init_net_socket$bt_hidp-bpf$BPF_BTF_LOAD-bpf$MAP_CREATE-mount detailed listing: executing program 0: socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r3 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x9, 0x8, 0x8, 0x90, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r3, 0x1, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000180)='msdos\x00', 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-prlimit64-sched_setscheduler-getpid-mmap-socketpair$unix-fchdir-connect$unix-sendmmsg$unix-recvmmsg-bind$inet-bpf$MAP_CREATE-sendmsg$can_j1939-socket-syz_init_net_socket$bt_hci-write-bind$bt_hci-write$binfmt_misc-dup3-listen-socket$nl_generic-openat$sysfs-write$P9_RWALK-syz_genetlink_get_family_id$batadv-sendmsg$BATADV_CMD_SET_MESH-openat$sw_sync-ioctl$SW_SYNC_IOC_CREATE_FENCE detailed listing: executing program 0: openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fchdir(r0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e1c, @multicast1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)='d', 0x1}}, 0x0) socket(0x23, 0xa, 0x5) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(0xffffffffffffffff, &(0x7f0000000000), 0x0) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_debug_messages', 0x8101, 0x0) write$P9_RWALK(r4, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x30) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r4) sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010028bd7000feffffff0f00000008000300", @ANYRES32=0x0, @ANYBLOB="f86a63ae1238db1462c1194663fd452083162c6c8ae80e0e2eafd2eaf10900341e60d51090bf8fee38e460249d70fbc142176e16017f3fc937baf5e394865927640bbcda"], 0x1c}, 0x1, 0x0, 0x0, 0x48008}, 0x0) r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000100)={0x3, "5660359c32450000000003ca00000000070800"}) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-ftruncate-mmap-madvise detailed listing: executing program 0: r0 = memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0) ftruncate(r0, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-bpf$MAP_CREATE-prctl$PR_SET_THP_DISABLE-sched_setscheduler-getpid-syz_emit_ethernet-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-mkdirat-mkdir-mount$bind-mkdir-mount$overlay-chdir-rmdir detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0000000004000000080000000800000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32], 0x50) prctl$PR_SET_THP_DISABLE(0x19, 0x10000000000001) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() syz_emit_ethernet(0x6a, &(0x7f0000000280)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x4, 0x0, @broadcast, @multicast1}, {0x0, 0x0, 0x48, 0x0, @wg=@cookie={0x3, 0x3, "6a26ccb7622a98cf58ac0f295fe0111d66706c62b9564ce0", "29fe1df5c401b77c31f2e9c517c0757aeb191e3b958a9b85564c45be3271886e"}}}}}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000380)='./file0/../file0\x00') program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-prlimit64-sched_setscheduler-sched_setaffinity-prctl$PR_SCHED_CORE-syz_open_dev$MSR-read$msr-sync-socket-ioctl$sock_SIOCGIFINDEX-bpf$PROG_LOAD_XDP-openat$sndseq-ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE-write$sndseq detailed listing: executing program 0: syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_sniff_subrate={{0x2e, 0xb}, {0x7, 0xc9, 0xaa71, 0xfff, 0x4fff}}}, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x400000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sync() r1 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00'}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00', 0x49}) write$sndseq(r2, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-prlimit64-sched_setscheduler-sched_setaffinity-prctl$PR_SCHED_CORE-syz_open_dev$MSR-read$msr-sync-socket-ioctl$sock_SIOCGIFINDEX-bpf$PROG_LOAD_XDP-openat$sndseq-ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE-write$sndseq detailed listing: executing program 0: syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_sniff_subrate={{0x2e, 0xb}, {0x7, 0xc9, 0xaa71, 0xfff, 0x4fff}}}, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x400000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sync() r1 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00'}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00', 0x49}) write$sndseq(r2, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-gettid-syz_open_procfs-write$tun-syz_genetlink_get_family_id$ethtool-syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-madvise-syz_clone-syz_pidfd_open-waitid$P_PIDFD-process_madvise-mount detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/unix\x00') write$tun(r1, 0x0, 0xfce) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r2, 0xab00, r3) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = syz_pidfd_open(r4, 0x0) waitid$P_PIDFD(0x3, r5, 0x0, 0x4, 0x0) process_madvise(r5, 0x0, 0x0, 0x65, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program crashed: INFO: task hung in __bread_gfp single: successfully extracted reproducer found reproducer with 15 syscalls minimizing guilty program testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-gettid-syz_open_procfs-write$tun-syz_genetlink_get_family_id$ethtool-syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-madvise-syz_clone-syz_pidfd_open-waitid$P_PIDFD-process_madvise detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/unix\x00') write$tun(r1, 0x0, 0xfce) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r2, 0xab00, r3) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = syz_pidfd_open(r4, 0x0) waitid$P_PIDFD(0x3, r5, 0x0, 0x4, 0x0) process_madvise(r5, 0x0, 0x0, 0x65, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-gettid-syz_open_procfs-write$tun-syz_genetlink_get_family_id$ethtool-syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-madvise-syz_clone-syz_pidfd_open-waitid$P_PIDFD-mount detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/unix\x00') write$tun(r1, 0x0, 0xfce) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r2, 0xab00, r3) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = syz_pidfd_open(r4, 0x0) waitid$P_PIDFD(0x3, r5, 0x0, 0x4, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program crashed: INFO: task hung in __bread_gfp testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-gettid-syz_open_procfs-write$tun-syz_genetlink_get_family_id$ethtool-syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-madvise-syz_clone-syz_pidfd_open-mount detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/unix\x00') write$tun(r1, 0x0, 0xfce) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r2, 0xab00, r3) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(r4, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program crashed: INFO: task hung in __bread_gfp testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-gettid-syz_open_procfs-write$tun-syz_genetlink_get_family_id$ethtool-syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-madvise-syz_clone-mount detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/unix\x00') write$tun(r1, 0x0, 0xfce) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r2, 0xab00, r3) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program crashed: INFO: task hung in __bread_gfp testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-gettid-syz_open_procfs-write$tun-syz_genetlink_get_family_id$ethtool-syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-madvise-mount detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/unix\x00') write$tun(r1, 0x0, 0xfce) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r2, 0xab00, r3) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program crashed: INFO: task hung in __bread_gfp testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-gettid-syz_open_procfs-write$tun-syz_genetlink_get_family_id$ethtool-syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/unix\x00') write$tun(r1, 0x0, 0xfce) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r2, 0xab00, r3) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program crashed: INFO: task hung in __bread_gfp testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-gettid-syz_open_procfs-write$tun-syz_genetlink_get_family_id$ethtool-syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mount detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/unix\x00') write$tun(r1, 0x0, 0xfce) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r2, 0xab00, r3) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-gettid-syz_open_procfs-write$tun-syz_genetlink_get_family_id$ethtool-syz_open_dev$ndb-socketpair-mknodat$loop-mount detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/unix\x00') write$tun(r1, 0x0, 0xfce) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-gettid-syz_open_procfs-write$tun-syz_genetlink_get_family_id$ethtool-syz_open_dev$ndb-ioctl$NBD_SET_SOCK-mknodat$loop-mount detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/unix\x00') write$tun(r1, 0x0, 0xfce) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, 0xffffffffffffffff) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-gettid-syz_open_procfs-write$tun-syz_genetlink_get_family_id$ethtool-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/unix\x00') write$tun(r1, 0x0, 0xfce) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r2) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-gettid-syz_open_procfs-write$tun-syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/unix\x00') write$tun(r1, 0x0, 0xfce) r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r2, 0xab00, r3) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program crashed: INFO: task hung in __bread_gfp testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-gettid-syz_open_procfs-syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = gettid() syz_open_procfs(r0, &(0x7f0000000040)='net/unix\x00') r1 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program crashed: INFO: task hung in __bread_gfp testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-gettid-syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) gettid() r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program crashed: INFO: task hung in __bread_gfp testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount detailed listing: executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program crashed: INFO: task hung in __bread_gfp testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program crashed: INFO: task hung in __bread_gfp testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount detailed listing: executing program 0: r0 = syz_open_dev$ndb(0x0, 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, 0xffffffffffffffff) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) mknodat$loop(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, 0x0, &(0x7f0000000040)='befs\x00', 0x8205, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000480)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', 0x0, 0x8205, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount program crashed: INFO: task hung in __bread_gfp simplifying C reproducer testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount program crashed: INFO: task hung in __bread_gfp testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount program crashed: INFO: task hung in __bread_gfp testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount program crashed: INFO: task hung in __bread_gfp testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount program crashed: INFO: task hung in __bread_gfp testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount program crashed: INFO: task hung in __bread_gfp testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount program crashed: INFO: task hung in __bread_gfp testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-socketpair-ioctl$NBD_SET_SOCK-mknodat$loop-mount program crashed: INFO: task hung in __bread_gfp reproducing took 3h4m41.331417487s repro crashed as (corrupted=false): INFO: task syz-executor154:4262 blocked for more than 143 seconds. Not tainted 6.1.127-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor154 state:D stack:26184 pid:4262 ppid:4261 flags:0x00004006 Call Trace: context_switch kernel/sched/core.c:5241 [inline] __schedule+0x143f/0x4570 kernel/sched/core.c:6558 schedule+0xbf/0x180 kernel/sched/core.c:6634 io_schedule+0x88/0x100 kernel/sched/core.c:8786 bit_wait_io+0xe/0xc0 kernel/sched/wait_bit.c:209 __wait_on_bit+0xa8/0x2e0 kernel/sched/wait_bit.c:49 out_of_line_wait_on_bit+0x1d0/0x250 kernel/sched/wait_bit.c:64 wait_on_bit_io include/linux/wait_bit.h:101 [inline] __wait_on_buffer fs/buffer.c:122 [inline] wait_on_buffer include/linux/buffer_head.h:385 [inline] __bread_slow fs/buffer.c:1178 [inline] __bread_gfp+0x2a8/0x370 fs/buffer.c:1370 sb_bread include/linux/buffer_head.h:338 [inline] befs_fill_super+0x890/0xfb0 fs/befs/linuxvfs.c:854 mount_bdev+0x2c9/0x3f0 fs/super.c:1443 legacy_get_tree+0xeb/0x180 fs/fs_context.c:632 vfs_get_tree+0x88/0x270 fs/super.c:1573 do_new_mount+0x2ba/0xb40 fs/namespace.c:3056 do_mount fs/namespace.c:3399 [inline] __do_sys_mount fs/namespace.c:3607 [inline] __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3584 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7fe3234808f9 RSP: 002b:00007ffd6bdbe508 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fe3234808f9 RDX: 0000000020000040 RSI: 00000000200004c0 RDI: 0000000020000480 RBP: 00007fe3234f35f0 R08: 0000000000000000 R09: 0000000000000006 R10: 0000000000008205 R11: 0000000000000246 R12: 0000000000000001 R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 Showing all locks held in the system: 1 lock held by rcu_tasks_kthre/12: #0: ffffffff8d32b290 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 kernel/rcu/tasks.h:517 1 lock held by rcu_tasks_trace/13: #0: ffffffff8d32ba90 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 kernel/rcu/tasks.h:517 1 lock held by khungtaskd/28: #0: ffffffff8d32b0c0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline] #0: ffffffff8d32b0c0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline] #0: ffffffff8d32b0c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 kernel/locking/lockdep.c:6510 2 locks held by getty/4009: #0: ffff888030f55098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:244 #1: ffffc9000325e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a7/0x1db0 drivers/tty/n_tty.c:2198 1 lock held by syz-executor154/4262: #0: ffff8880287940e0 (&type->s_umount_key#41/1){+.+.}-{3:3}, at: alloc_super+0x217/0x930 fs/super.c:228 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 nmi_cpu_backtrace+0x4e1/0x560 lib/nmi_backtrace.c:111 nmi_trigger_cpumask_backtrace+0x1ae/0x3f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline] watchdog+0xf88/0xfd0 kernel/hung_task.c:377 kthread+0x28d/0x320 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 36 Comm: kworker/u4:2 Not tainted 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:29 [inline] RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline] RIP: 0010:check_preemption_disabled+0x59/0x110 lib/smp_processor_id.c:19 Code: 48 8b 04 25 28 00 00 00 48 3b 44 24 08 0f 85 c7 00 00 00 89 d8 48 83 c4 10 5b 41 5c 41 5e 41 5f c3 48 c7 04 24 00 00 00 00 9c <8f> 04 24 f7 04 24 00 02 00 00 74 c9 49 89 f6 49 89 ff 65 4c 8b 25 RSP: 0018:ffffc90000ad77e0 EFLAGS: 00000046 RAX: 0000000080000000 RBX: 0000000000000001 RCX: ffffffff816ac867 RDX: 0000000000000000 RSI: ffffffff8b0c1020 RDI: ffffffff8b5e67c0 RBP: ffffc90000ad7950 R08: dffffc0000000000 R09: fffffbfff1d364e6 R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff9200015af10 R13: 0000000000000246 R14: ffffc90000ad78d0 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055aa4dfb6ce8 CR3: 000000000d08e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lockdep_recursion_inc kernel/locking/lockdep.c:462 [inline] lock_release+0x19e/0xa20 kernel/locking/lockdep.c:5681 __mutex_unlock_slowpath+0xde/0x750 kernel/locking/mutex.c:907 arch_jump_label_transform_queue+0x7d/0xd0 arch/x86/kernel/jump_label.c:139 __jump_label_update+0x177/0x3a0 kernel/jump_label.c:510 static_key_disable_cpuslocked+0xce/0x1b0 kernel/jump_label.c:237 static_key_disable+0x16/0x20 kernel/jump_label.c:245 toggle_allocation_gate+0x3e0/0x480 mm/kfence/core.c:818 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439 kthread+0x28d/0x320 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.346 msecs final repro crashed as (corrupted=false): INFO: task syz-executor154:4262 blocked for more than 143 seconds. Not tainted 6.1.127-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor154 state:D stack:26184 pid:4262 ppid:4261 flags:0x00004006 Call Trace: context_switch kernel/sched/core.c:5241 [inline] __schedule+0x143f/0x4570 kernel/sched/core.c:6558 schedule+0xbf/0x180 kernel/sched/core.c:6634 io_schedule+0x88/0x100 kernel/sched/core.c:8786 bit_wait_io+0xe/0xc0 kernel/sched/wait_bit.c:209 __wait_on_bit+0xa8/0x2e0 kernel/sched/wait_bit.c:49 out_of_line_wait_on_bit+0x1d0/0x250 kernel/sched/wait_bit.c:64 wait_on_bit_io include/linux/wait_bit.h:101 [inline] __wait_on_buffer fs/buffer.c:122 [inline] wait_on_buffer include/linux/buffer_head.h:385 [inline] __bread_slow fs/buffer.c:1178 [inline] __bread_gfp+0x2a8/0x370 fs/buffer.c:1370 sb_bread include/linux/buffer_head.h:338 [inline] befs_fill_super+0x890/0xfb0 fs/befs/linuxvfs.c:854 mount_bdev+0x2c9/0x3f0 fs/super.c:1443 legacy_get_tree+0xeb/0x180 fs/fs_context.c:632 vfs_get_tree+0x88/0x270 fs/super.c:1573 do_new_mount+0x2ba/0xb40 fs/namespace.c:3056 do_mount fs/namespace.c:3399 [inline] __do_sys_mount fs/namespace.c:3607 [inline] __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3584 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7fe3234808f9 RSP: 002b:00007ffd6bdbe508 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fe3234808f9 RDX: 0000000020000040 RSI: 00000000200004c0 RDI: 0000000020000480 RBP: 00007fe3234f35f0 R08: 0000000000000000 R09: 0000000000000006 R10: 0000000000008205 R11: 0000000000000246 R12: 0000000000000001 R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 Showing all locks held in the system: 1 lock held by rcu_tasks_kthre/12: #0: ffffffff8d32b290 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 kernel/rcu/tasks.h:517 1 lock held by rcu_tasks_trace/13: #0: ffffffff8d32ba90 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 kernel/rcu/tasks.h:517 1 lock held by khungtaskd/28: #0: ffffffff8d32b0c0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline] #0: ffffffff8d32b0c0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline] #0: ffffffff8d32b0c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 kernel/locking/lockdep.c:6510 2 locks held by getty/4009: #0: ffff888030f55098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:244 #1: ffffc9000325e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a7/0x1db0 drivers/tty/n_tty.c:2198 1 lock held by syz-executor154/4262: #0: ffff8880287940e0 (&type->s_umount_key#41/1){+.+.}-{3:3}, at: alloc_super+0x217/0x930 fs/super.c:228 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 nmi_cpu_backtrace+0x4e1/0x560 lib/nmi_backtrace.c:111 nmi_trigger_cpumask_backtrace+0x1ae/0x3f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline] watchdog+0xf88/0xfd0 kernel/hung_task.c:377 kthread+0x28d/0x320 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 36 Comm: kworker/u4:2 Not tainted 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:29 [inline] RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline] RIP: 0010:check_preemption_disabled+0x59/0x110 lib/smp_processor_id.c:19 Code: 48 8b 04 25 28 00 00 00 48 3b 44 24 08 0f 85 c7 00 00 00 89 d8 48 83 c4 10 5b 41 5c 41 5e 41 5f c3 48 c7 04 24 00 00 00 00 9c <8f> 04 24 f7 04 24 00 02 00 00 74 c9 49 89 f6 49 89 ff 65 4c 8b 25 RSP: 0018:ffffc90000ad77e0 EFLAGS: 00000046 RAX: 0000000080000000 RBX: 0000000000000001 RCX: ffffffff816ac867 RDX: 0000000000000000 RSI: ffffffff8b0c1020 RDI: ffffffff8b5e67c0 RBP: ffffc90000ad7950 R08: dffffc0000000000 R09: fffffbfff1d364e6 R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff9200015af10 R13: 0000000000000246 R14: ffffc90000ad78d0 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055aa4dfb6ce8 CR3: 000000000d08e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lockdep_recursion_inc kernel/locking/lockdep.c:462 [inline] lock_release+0x19e/0xa20 kernel/locking/lockdep.c:5681 __mutex_unlock_slowpath+0xde/0x750 kernel/locking/mutex.c:907 arch_jump_label_transform_queue+0x7d/0xd0 arch/x86/kernel/jump_label.c:139 __jump_label_update+0x177/0x3a0 kernel/jump_label.c:510 static_key_disable_cpuslocked+0xce/0x1b0 kernel/jump_label.c:237 static_key_disable+0x16/0x20 kernel/jump_label.c:245 toggle_allocation_gate+0x3e0/0x480 mm/kfence/core.c:818 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439 kthread+0x28d/0x320 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.346 msecs