Extracting prog: 53m20.53548221s
Minimizing prog: 41m18.854690555s
Simplifying prog options: 0s
Extracting C: 3m8.232929544s
Simplifying C: 23m43.847530653s


extracting reproducer from 39 programs
testing a last program of every proc
single: executing 9 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x58, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x1c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}, {0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xac}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1400000010000100000000000000"], 0x3c}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$AUTOFS_DEV_IOCTL_REQUESTER-write$FUSE_CREATE_OPEN-ioctl$DRM_IOCTL_WAIT_VBLANK-socket$nl_generic-connect$802154_dgram-mkdirat-mount-madvise-io_uring_setup-io_uring_register$IORING_REGISTER_BUFFERS
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000280)={{0x1, 0x1, 0x18, r0, {<r4=>0x0, 0xee00}}, './file0\x00'})
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000002680)={0xa0, 0x0, 0x0, {{0x5, 0x2, 0x9, 0x3, 0x4, 0xfffff9d1, {0x1, 0x80000000, 0x10000, 0x8, 0x8, 0x5, 0xfffffffe, 0xa, 0x482c, 0x2000, 0x0, r4, 0x0, 0x8, 0x10000}}, {0x0, 0xd}}}, 0xa0)
ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000140)={0x10000000, 0x101})
socket$nl_generic(0x10, 0x3, 0x10)
connect$802154_dgram(0xffffffffffffffff, &(0x7f0000000000)={0x2, @long={0x2}}, 0x14)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./file0\x00', &(0x7f0000000240)='squashfs\x00', 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r5 = io_uring_setup(0x3eae, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-bpf$PROG_LOAD-socket$nl_generic-syz_genetlink_get_family_id$ethtool-sendmsg$ETHTOOL_MSG_CHANNELS_GET-socket$inet_icmp-ioctl$DRM_IOCTL_MODE_CREATE_DUMB
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x18, r3, 0x3e8c4ddb697c9f8f, 0xfffffffd, 0x0, {0x4}, [@HEADER={0x4}]}, 0x18}}, 0x0)
socket$inet_icmp(0x2, 0x2, 0x1)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000100)={0x8, 0x82, 0x800006})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-openat-bpf$BPF_LINK_CREATE-openat$procfs-openat$sysctl-sendfile
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r0, r1, 0x12}, 0x10)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r3, r2, 0x0, 0x23d)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet-setsockopt$inet_tcp_int-bind$inet-setsockopt$SO_ATTACH_FILTER-sendto$inet-setsockopt$inet_tcp_TCP_CONGESTION-sendmmsg$inet-setsockopt$sock_int-sendmmsg$inet
detailed listing:
executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000400)="029993440c7a0c95d3bb8cf353fd63c588ffa39f0ff0fced20927ea4b2a247d082247558bef6b2b2cd6a0dffece1b36526e9388c344fb7ac429e434ccb0330483c0604aaf296d8218e24", 0x4a}, {&(0x7f0000000e00)="ec75d081fcb7e79634ec1a1abfdebb6a38b0c57cc77b83d2eea81aad8f73b36abc2019cb08fcaaec9647a07d0a0965f0f1e39afd84e7e2523aaded5e09aa1e36fcc90c269ad6d38d57619127cee4253655c33b71054226c3b00b9ee6ae29f0b07bc6fe7981126ca804c1f64e6c19ba36b2778c5f4a1c58625fe19516af43c9870c5b8191e23778abe7df2280d459b1651686a53ca52dce9570444c153f9c2903ae4c868074e89477bf6ed2ab648b0498ac8c0f90844ed9a26675199d5ff9b391c1de", 0xc2}, {&(0x7f0000001340)="397d5f2edc82d0337ae5ab9ee47dc3e798cf69cfebf169e77257f3082270942d69a4326954e50ea185bc6fff0507c5dfd26676de9ddac4fe6db927cd4d03965f42d9c7513eff1621baa83e3daf514c600450374f6d76b8fcf2bc3eca29ce7538f85aa3d6d28b744b2bdcc17ecd080f0850af5c0e2a11e1bbd179377f771a4e8693703da4e347e0165f00872a21845e17030de0ff47bc869de32ee24ca05e6f805ec0a1d0257e0e6f900e6cfb68e827b515d05bf2cc14e3e53e04b71300000080000000002107939a666dacf6c247438a6c58074691377ba0fadd710000000000000000001becbe5920fa797a84ae85ef34081cc8cba5f0be5b15cf9cdf6e2cac4bc69a7c4c078e0d9b75151ee69356df24c3285893b395ba4f68cf", 0x11b}], 0x3}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc487553859348d48e6fc49d81c71590cd542e796cc2669e230af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b80fc827b789ef99b23346b181b438e404716ac7b8dfcc9f269a23dfa34fb86fd4eaddcbb9ca294c357532dfa23a16d47192246a47d4f7b9c24bba197af8d56a", 0xad}], 0x1}}], 0x2, 0xc0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendmmsg$inet(r0, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)="59381cb7077b58054b2f2f32f681e94faf18874cfdc883f9cad44c371e2f991a849b14fdc23a26358f826f58dc498fdac9b53e37e676ad01dde2565e7ecf74c7e4f2c8cb4fd2d65fdc24608ee14b975f85d24ee1dd3bc1d079258f1e54b12bf72955fdfc3846ffdd1c8830adf00d8d34c21be647cfdf6fac8aea8a2d98c2bdfd34152912f575e8458f7b4e07463fd84d3be0da7565712f79c57f91670c946934de74096d72e8cb19c8116662d4f51c1a2a0d33301977bc15de7d3fab9e3373eaddbf9990124801ba72f470e1b38d8f09187bec4c3da91d5834bab51644376bf6af44e803e2ce76afabd89ba1dd252f55c9c71fa35235b569496242feb9fd9e", 0xff}, {&(0x7f0000000640)="024a62f83bed79b3dbe841de743d5a50dcda8d17eb216546c2f0d4c69d71f35da3d6f737d3c606d0afa77f5e2829a46bbadf9593647406c2c6fe1e84ad131734c885b3ea6316b5b4d051889bba28e9d3cf909a4be84583946303b0f35a6b63d84d060e33a08889449a7213fae12b5d90a199543050b0638c2e3f69a85df976a35d160b50450ea09e8d3e1f7aa6b003cc0c4029be0e255b27500fd6cc06e77c19a9c85f58efd019c94b349d519b8a16aba7be237177ffa9017e", 0xb9}, {&(0x7f0000000700)="ed44deda91ec63cade94c6b48c01de5f591d4ed898091751e13e237b921c54e9365ce304dd5d284c356c38b943643c3daee278c795dce0bec15b427bc2eefc927893bf31e3b996f4674547b1f05f594cb2bb3f2ba33990bc2e485d11ce30c6eeb1f2d804e5d4ffcffd47b1986e79e0febccaa98c7fc58f55cb5de9057ae0e23e753b628194c1792a177334d96acc58f801988de0cdd9e56b3f9e4c786b27edab9b1360058ad7", 0xa6}], 0x3}}, {{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000900)="c17ac3dc503a4e3c4718695f07ec64cbc92d5e", 0x13}], 0x1}}], 0x2, 0x40000)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet-setsockopt$inet_tcp_int-bind$inet-setsockopt$SO_ATTACH_FILTER-sendto$inet-setsockopt$inet_tcp_TCP_CONGESTION-sendmmsg$inet-setsockopt$sock_int-sendmmsg$inet
detailed listing:
executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000400)="029993440c7a0c95d3bb8cf353fd63c588ffa39f0ff0fced20927ea4b2a247d082247558bef6b2b2cd6a0dffece1b36526e9388c344fb7ac429e434ccb0330483c0604aaf296d8218e24", 0x4a}, {&(0x7f0000000e00)="ec75d081fcb7e79634ec1a1abfdebb6a38b0c57cc77b83d2eea81aad8f73b36abc2019cb08fcaaec9647a07d0a0965f0f1e39afd84e7e2523aaded5e09aa1e36fcc90c269ad6d38d57619127cee4253655c33b71054226c3b00b9ee6ae29f0b07bc6fe7981126ca804c1f64e6c19ba36b2778c5f4a1c58625fe19516af43c9870c5b8191e23778abe7df2280d459b1651686a53ca52dce9570444c153f9c2903ae4c868074e89477bf6ed2ab648b0498ac8c0f90844ed9a26675199d5ff9b391c1de", 0xc2}, {&(0x7f0000001340)="397d5f2edc82d0337ae5ab9ee47dc3e798cf69cfebf169e77257f3082270942d69a4326954e50ea185bc6fff0507c5dfd26676de9ddac4fe6db927cd4d03965f42d9c7513eff1621baa83e3daf514c600450374f6d76b8fcf2bc3eca29ce7538f85aa3d6d28b744b2bdcc17ecd080f0850af5c0e2a11e1bbd179377f771a4e8693703da4e347e0165f00872a21845e17030de0ff47bc869de32ee24ca05e6f805ec0a1d0257e0e6f900e6cfb68e827b515d05bf2cc14e3e53e04b71300000080000000002107939a666dacf6c247438a6c58074691377ba0fadd710000000000000000001becbe5920fa797a84ae85ef34081cc8cba5f0be5b15cf9cdf6e2cac4bc69a7c4c078e0d9b75151ee69356df24c3285893b395ba4f68cf", 0x11b}], 0x3}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc487553859348d48e6fc49d81c71590cd542e796cc2669e230af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b80fc827b789ef99b23346b181b438e404716ac7b8dfcc9f269a23dfa34fb86fd4eaddcbb9ca294c357532dfa23a16d47192246a47d4f7b9c24bba197af8d56a", 0xad}], 0x1}}], 0x2, 0xc0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendmmsg$inet(r0, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)="59381cb7077b58054b2f2f32f681e94faf18874cfdc883f9cad44c371e2f991a849b14fdc23a26358f826f58dc498fdac9b53e37e676ad01dde2565e7ecf74c7e4f2c8cb4fd2d65fdc24608ee14b975f85d24ee1dd3bc1d079258f1e54b12bf72955fdfc3846ffdd1c8830adf00d8d34c21be647cfdf6fac8aea8a2d98c2bdfd34152912f575e8458f7b4e07463fd84d3be0da7565712f79c57f91670c946934de74096d72e8cb19c8116662d4f51c1a2a0d33301977bc15de7d3fab9e3373eaddbf9990124801ba72f470e1b38d8f09187bec4c3da91d5834bab51644376bf6af44e803e2ce76afabd89ba1dd252f55c9c71fa35235b569496242feb9fd9e", 0xff}, {&(0x7f0000000640)="024a62f83bed79b3dbe841de743d5a50dcda8d17eb216546c2f0d4c69d71f35da3d6f737d3c606d0afa77f5e2829a46bbadf9593647406c2c6fe1e84ad131734c885b3ea6316b5b4d051889bba28e9d3cf909a4be84583946303b0f35a6b63d84d060e33a08889449a7213fae12b5d90a199543050b0638c2e3f69a85df976a35d160b50450ea09e8d3e1f7aa6b003cc0c4029be0e255b27500fd6cc06e77c19a9c85f58efd019c94b349d519b8a16aba7be237177ffa9017e", 0xb9}, {&(0x7f0000000700)="ed44deda91ec63cade94c6b48c01de5f591d4ed898091751e13e237b921c54e9365ce304dd5d284c356c38b943643c3daee278c795dce0bec15b427bc2eefc927893bf31e3b996f4674547b1f05f594cb2bb3f2ba33990bc2e485d11ce30c6eeb1f2d804e5d4ffcffd47b1986e79e0febccaa98c7fc58f55cb5de9057ae0e23e753b628194c1792a177334d96acc58f801988de0cdd9e56b3f9e4c786b27edab9b1360058ad7", 0xa6}], 0x3}}, {{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000900)="c17ac3dc503a4e3c4718695f07ec64cbc92d5e", 0x13}], 0x1}}], 0x2, 0x40000)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-openat-bpf$BPF_LINK_CREATE-openat$procfs-openat$sysctl-sendfile
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r0, r1, 0x12}, 0x10)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r3, r2, 0x0, 0x23d)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-socket$inet6-openat-mkdirat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f0000000600)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvDdFNIskKSUAw2NhYWgi2NpYWFlYW/gW2WqggWJjSThiZj2wmm02IHxjR9weZeebrnZmX5FnYgCCI/5aPH76+f3hu69IpAPuxjhXT/9nRtTg4Of/d4zsnH22ff/L87dPXzQN3X+bjMblGLL6/B+DVjoMUzDU7Tqxe1xW3NC6D44TRV8Dga/lNKHQjBsM1M+empVv7jEhi/3or2btRT+JAFqEsIllU7P3loYYDhj0Aq+p0QjBrvNPr36omSdzOi5IY7TM19KNiXv7U+XY4tjHKnhAyWVcf3B/ItskNAvAsfyE4QqMrYNg1egsr8H1/nBLr/kfccXxnkfsvVzxT4tDmn9pUf0GBv+Hu/7Ao/ZY4LN8jf9BZz+HhyAPtOZ+WfvefF8q4AEwNvVlLkgu/ENkrSFQmxv4knf245U8u3Mw/ymnjdrnT62/WG9VaXIubUVQ5G5wOgjNRWRmRLuf436rypzUrfmnGXI956FbTtB12gbQdZu1Il5bj7r5ofVFruPI/jo1jOgYzz6zsQZmDmQ9XtVQbTvHMezPvRBAEQRAEQRAEQRAEQRAEUcxRMOh/wgQzL0SLiC6qN5TfAwAA//9KnWb+")
socket$inet6(0xa, 0x2, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
fadvise64(r0, 0xe0ffff, 0x4101, 0x3)

program crashed: INFO: task hung in z_erofs_runqueue
single: successfully extracted reproducer
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-socket$inet6-openat-mkdirat
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f0000000600)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvDdFNIskKSUAw2NhYWgi2NpYWFlYW/gW2WqggWJjSThiZj2wmm02IHxjR9weZeebrnZmX5FnYgCCI/5aPH76+f3hu69IpAPuxjhXT/9nRtTg4Of/d4zsnH22ff/L87dPXzQN3X+bjMblGLL6/B+DVjoMUzDU7Tqxe1xW3NC6D44TRV8Dga/lNKHQjBsM1M+empVv7jEhi/3or2btRT+JAFqEsIllU7P3loYYDhj0Aq+p0QjBrvNPr36omSdzOi5IY7TM19KNiXv7U+XY4tjHKnhAyWVcf3B/ItskNAvAsfyE4QqMrYNg1egsr8H1/nBLr/kfccXxnkfsvVzxT4tDmn9pUf0GBv+Hu/7Ao/ZY4LN8jf9BZz+HhyAPtOZ+WfvefF8q4AEwNvVlLkgu/ENkrSFQmxv4knf245U8u3Mw/ymnjdrnT62/WG9VaXIubUVQ5G5wOgjNRWRmRLuf436rypzUrfmnGXI956FbTtB12gbQdZu1Il5bj7r5ofVFruPI/jo1jOgYzz6zsQZmDmQ9XtVQbTvHMezPvRBAEQRAEQRAEQRAEQRAEUcxRMOh/wgQzL0SLiC6qN5TfAwAA//9KnWb+")
socket$inet6(0xa, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-socket$inet6-openat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f0000000600)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvDdFNIskKSUAw2NhYWgi2NpYWFlYW/gW2WqggWJjSThiZj2wmm02IHxjR9weZeebrnZmX5FnYgCCI/5aPH76+f3hu69IpAPuxjhXT/9nRtTg4Of/d4zsnH22ff/L87dPXzQN3X+bjMblGLL6/B+DVjoMUzDU7Tqxe1xW3NC6D44TRV8Dga/lNKHQjBsM1M+empVv7jEhi/3or2btRT+JAFqEsIllU7P3loYYDhj0Aq+p0QjBrvNPr36omSdzOi5IY7TM19KNiXv7U+XY4tjHKnhAyWVcf3B/ItskNAvAsfyE4QqMrYNg1egsr8H1/nBLr/kfccXxnkfsvVzxT4tDmn9pUf0GBv+Hu/7Ao/ZY4LN8jf9BZz+HhyAPtOZ+WfvefF8q4AEwNvVlLkgu/ENkrSFQmxv4knf245U8u3Mw/ymnjdrnT62/WG9VaXIubUVQ5G5wOgjNRWRmRLuf436rypzUrfmnGXI956FbTtB12gbQdZu1Il5bj7r5ofVFruPI/jo1jOgYzz6zsQZmDmQ9XtVQbTvHMezPvRBAEQRAEQRAEQRAEQRAEUcxRMOh/wgQzL0SLiC6qN5TfAwAA//9KnWb+")
socket$inet6(0xa, 0x2, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fadvise64(r0, 0xe0ffff, 0x4101, 0x3)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-socket$inet6-mkdirat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f0000000600)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvDdFNIskKSUAw2NhYWgi2NpYWFlYW/gW2WqggWJjSThiZj2wmm02IHxjR9weZeebrnZmX5FnYgCCI/5aPH76+f3hu69IpAPuxjhXT/9nRtTg4Of/d4zsnH22ff/L87dPXzQN3X+bjMblGLL6/B+DVjoMUzDU7Tqxe1xW3NC6D44TRV8Dga/lNKHQjBsM1M+empVv7jEhi/3or2btRT+JAFqEsIllU7P3loYYDhj0Aq+p0QjBrvNPr36omSdzOi5IY7TM19KNiXv7U+XY4tjHKnhAyWVcf3B/ItskNAvAsfyE4QqMrYNg1egsr8H1/nBLr/kfccXxnkfsvVzxT4tDmn9pUf0GBv+Hu/7Ao/ZY4LN8jf9BZz+HhyAPtOZ+WfvefF8q4AEwNvVlLkgu/ENkrSFQmxv4knf245U8u3Mw/ymnjdrnT62/WG9VaXIubUVQ5G5wOgjNRWRmRLuf436rypzUrfmnGXI956FbTtB12gbQdZu1Il5bj7r5ofVFruPI/jo1jOgYzz6zsQZmDmQ9XtVQbTvHMezPvRBAEQRAEQRAEQRAEQRAEUcxRMOh/wgQzL0SLiC6qN5TfAwAA//9KnWb+")
socket$inet6(0xa, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
fadvise64(0xffffffffffffffff, 0xe0ffff, 0x4101, 0x3)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-mkdirat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f0000000600)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvDdFNIskKSUAw2NhYWgi2NpYWFlYW/gW2WqggWJjSThiZj2wmm02IHxjR9weZeebrnZmX5FnYgCCI/5aPH76+f3hu69IpAPuxjhXT/9nRtTg4Of/d4zsnH22ff/L87dPXzQN3X+bjMblGLL6/B+DVjoMUzDU7Tqxe1xW3NC6D44TRV8Dga/lNKHQjBsM1M+empVv7jEhi/3or2btRT+JAFqEsIllU7P3loYYDhj0Aq+p0QjBrvNPr36omSdzOi5IY7TM19KNiXv7U+XY4tjHKnhAyWVcf3B/ItskNAvAsfyE4QqMrYNg1egsr8H1/nBLr/kfccXxnkfsvVzxT4tDmn9pUf0GBv+Hu/7Ao/ZY4LN8jf9BZz+HhyAPtOZ+WfvefF8q4AEwNvVlLkgu/ENkrSFQmxv4knf245U8u3Mw/ymnjdrnT62/WG9VaXIubUVQ5G5wOgjNRWRmRLuf436rypzUrfmnGXI956FbTtB12gbQdZu1Il5bj7r5ofVFruPI/jo1jOgYzz6zsQZmDmQ9XtVQbTvHMezPvRBAEQRAEQRAEQRAEQRAEUcxRMOh/wgQzL0SLiC6qN5TfAwAA//9KnWb+")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
fadvise64(r0, 0xe0ffff, 0x4101, 0x3)

program crashed: INFO: task hung in z_erofs_runqueue
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-mkdirat-fadvise64
detailed listing:
executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
fadvise64(r0, 0xe0ffff, 0x4101, 0x3)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-mkdirat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f0000000600)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvDdFNIskKSUAw2NhYWgi2NpYWFlYW/gW2WqggWJjSThiZj2wmm02IHxjR9weZeebrnZmX5FnYgCCI/5aPH76+f3hu69IpAPuxjhXT/9nRtTg4Of/d4zsnH22ff/L87dPXzQN3X+bjMblGLL6/B+DVjoMUzDU7Tqxe1xW3NC6D44TRV8Dga/lNKHQjBsM1M+empVv7jEhi/3or2btRT+JAFqEsIllU7P3loYYDhj0Aq+p0QjBrvNPr36omSdzOi5IY7TM19KNiXv7U+XY4tjHKnhAyWVcf3B/ItskNAvAsfyE4QqMrYNg1egsr8H1/nBLr/kfccXxnkfsvVzxT4tDmn9pUf0GBv+Hu/7Ao/ZY4LN8jf9BZz+HhyAPtOZ+WfvefF8q4AEwNvVlLkgu/ENkrSFQmxv4knf245U8u3Mw/ymnjdrnT62/WG9VaXIubUVQ5G5wOgjNRWRmRLuf436rypzUrfmnGXI956FbTtB12gbQdZu1Il5bj7r5ofVFruPI/jo1jOgYzz6zsQZmDmQ9XtVQbTvHMezPvRBAEQRAEQRAEQRAEQRAEUcxRMOh/wgQzL0SLiC6qN5TfAwAA//9KnWb+")
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
fadvise64(r0, 0xe0ffff, 0x4101, 0x3)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-mkdirat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f0000000600)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvDdFNIskKSUAw2NhYWgi2NpYWFlYW/gW2WqggWJjSThiZj2wmm02IHxjR9weZeebrnZmX5FnYgCCI/5aPH76+f3hu69IpAPuxjhXT/9nRtTg4Of/d4zsnH22ff/L87dPXzQN3X+bjMblGLL6/B+DVjoMUzDU7Tqxe1xW3NC6D44TRV8Dga/lNKHQjBsM1M+empVv7jEhi/3or2btRT+JAFqEsIllU7P3loYYDhj0Aq+p0QjBrvNPr36omSdzOi5IY7TM19KNiXv7U+XY4tjHKnhAyWVcf3B/ItskNAvAsfyE4QqMrYNg1egsr8H1/nBLr/kfccXxnkfsvVzxT4tDmn9pUf0GBv+Hu/7Ao/ZY4LN8jf9BZz+HhyAPtOZ+WfvefF8q4AEwNvVlLkgu/ENkrSFQmxv4knf245U8u3Mw/ymnjdrnT62/WG9VaXIubUVQ5G5wOgjNRWRmRLuf436rypzUrfmnGXI956FbTtB12gbQdZu1Il5bj7r5ofVFruPI/jo1jOgYzz6zsQZmDmQ9XtVQbTvHMezPvRBAEQRAEQRAEQRAEQRAEUcxRMOh/wgQzL0SLiC6qN5TfAwAA//9KnWb+")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
fadvise64(r0, 0xe0ffff, 0x4101, 0x3)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-mkdirat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-mkdirat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-mkdirat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-mkdirat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-mkdirat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-mkdirat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-mkdirat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-mkdirat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
reproducing took 2h1m31.470701982s
repro crashed as (corrupted=false):
INFO: task syz-executor403:4291 blocked for more than 143 seconds.
      Not tainted 6.1.115-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor403 state:D stack:0     pid:4291  ppid:4290   flags:0x00000005
Call trace:
 __switch_to+0x320/0x754 arch/arm64/kernel/process.c:553
 context_switch kernel/sched/core.c:5241 [inline]
 __schedule+0xef4/0x1d44 kernel/sched/core.c:6558
 schedule+0xc4/0x170 kernel/sched/core.c:6634
 io_schedule+0x8c/0x188 kernel/sched/core.c:8786
 folio_wait_bit_common+0x65c/0xb90 mm/filemap.c:1324
 __folio_lock+0x2c/0x3c mm/filemap.c:1687
 lock_page include/linux/pagemap.h:995 [inline]
 pickup_page_for_submission fs/erofs/zdata.c:1348 [inline]
 z_erofs_submit_queue fs/erofs/zdata.c:1541 [inline]
 z_erofs_runqueue+0x7e4/0x18b4 fs/erofs/zdata.c:1613
 z_erofs_readahead+0x988/0xe04 fs/erofs/zdata.c:1760
 read_pages+0x168/0x6a0 mm/readahead.c:161
 page_cache_ra_unbounded+0x46c/0x58c mm/readahead.c:270
 do_page_cache_ra mm/readahead.c:300 [inline]
 force_page_cache_ra+0x248/0x2b0 mm/readahead.c:331
 force_page_cache_readahead mm/internal.h:106 [inline]
 generic_fadvise+0x3f8/0x648 mm/fadvise.c:107
 vfs_fadvise mm/fadvise.c:185 [inline]
 ksys_fadvise64_64 mm/fadvise.c:199 [inline]
 __do_sys_fadvise64_64 mm/fadvise.c:207 [inline]
 __se_sys_fadvise64_64 mm/fadvise.c:205 [inline]
 __arm64_sys_fadvise64_64+0x12c/0x174 mm/fadvise.c:205
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

Showing all locks held in the system:
1 lock held by rcu_tasks_kthre/12:
 #0: ffff800015ba5bf0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x44/0xcf4 kernel/rcu/tasks.h:517
1 lock held by rcu_tasks_trace/13:
 #0: ffff800015ba63f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x44/0xcf4 kernel/rcu/tasks.h:517
1 lock held by khungtaskd/28:
 #0: ffff800015ba5a20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:349
2 locks held by getty/4057:
 #0: ffff0000d6555098 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
 #1: ffff80001efd02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x414/0x1214 drivers/tty/n_tty.c:2198
1 lock held by syz-executor403/4291:
 #0: ffff0000e4c00338 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:813 [inline]
 #0: ffff0000e4c00338 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: page_cache_ra_unbounded+0xc8/0x58c mm/readahead.c:226

=============================================


final repro crashed as (corrupted=false):
INFO: task syz-executor403:4291 blocked for more than 143 seconds.
      Not tainted 6.1.115-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor403 state:D stack:0     pid:4291  ppid:4290   flags:0x00000005
Call trace:
 __switch_to+0x320/0x754 arch/arm64/kernel/process.c:553
 context_switch kernel/sched/core.c:5241 [inline]
 __schedule+0xef4/0x1d44 kernel/sched/core.c:6558
 schedule+0xc4/0x170 kernel/sched/core.c:6634
 io_schedule+0x8c/0x188 kernel/sched/core.c:8786
 folio_wait_bit_common+0x65c/0xb90 mm/filemap.c:1324
 __folio_lock+0x2c/0x3c mm/filemap.c:1687
 lock_page include/linux/pagemap.h:995 [inline]
 pickup_page_for_submission fs/erofs/zdata.c:1348 [inline]
 z_erofs_submit_queue fs/erofs/zdata.c:1541 [inline]
 z_erofs_runqueue+0x7e4/0x18b4 fs/erofs/zdata.c:1613
 z_erofs_readahead+0x988/0xe04 fs/erofs/zdata.c:1760
 read_pages+0x168/0x6a0 mm/readahead.c:161
 page_cache_ra_unbounded+0x46c/0x58c mm/readahead.c:270
 do_page_cache_ra mm/readahead.c:300 [inline]
 force_page_cache_ra+0x248/0x2b0 mm/readahead.c:331
 force_page_cache_readahead mm/internal.h:106 [inline]
 generic_fadvise+0x3f8/0x648 mm/fadvise.c:107
 vfs_fadvise mm/fadvise.c:185 [inline]
 ksys_fadvise64_64 mm/fadvise.c:199 [inline]
 __do_sys_fadvise64_64 mm/fadvise.c:207 [inline]
 __se_sys_fadvise64_64 mm/fadvise.c:205 [inline]
 __arm64_sys_fadvise64_64+0x12c/0x174 mm/fadvise.c:205
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

Showing all locks held in the system:
1 lock held by rcu_tasks_kthre/12:
 #0: ffff800015ba5bf0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x44/0xcf4 kernel/rcu/tasks.h:517
1 lock held by rcu_tasks_trace/13:
 #0: ffff800015ba63f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x44/0xcf4 kernel/rcu/tasks.h:517
1 lock held by khungtaskd/28:
 #0: ffff800015ba5a20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:349
2 locks held by getty/4057:
 #0: ffff0000d6555098 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340
 #1: ffff80001efd02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x414/0x1214 drivers/tty/n_tty.c:2198
1 lock held by syz-executor403/4291:
 #0: ffff0000e4c00338 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:813 [inline]
 #0: ffff0000e4c00338 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: page_cache_ra_unbounded+0xc8/0x58c mm/readahead.c:226

=============================================