Extracting prog: 1h15m43.591934522s
Minimizing prog: 45m19.228931341s
Simplifying prog options: 0s
Extracting C: 4m32.93398577s
Simplifying C: 28m50.293811931s


extracting reproducer from 70 programs
testing a last program of every proc
single: executing 20 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$adsp1-creat-close-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_clone-sched_setaffinity-syz_open_dev$MSR-read$msr-socket-openat$tun-ioctl$TUNSETIFF-socket-socket$unix-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route_sched-sendmsg$nl_route_sched-ioctl$DRM_IOCTL_MODE_ADDFB2-close_range
detailed listing:
executing program 0:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = creat(0x0, 0x4b)
close(r1)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, 0x0, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000600)={r2, 0x0, 0x0, 0x0, 0x3, [<r3=>0x0, 0x0, 0x0, <r4=>0x0], [0x800000], [0x5, 0x1001000], [0x0, 0x0, 0xe8a6]})
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x7, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = socket(0x10, 0x803, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0xb8, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x8c, 0x2, [@TCA_U32_SEL={0x84, 0x5, {0x7, 0xef, 0x8, 0x8, 0x5, 0x9, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0x8, 0x7, 0x1008, 0x5}, {0xfffffff9, 0x43, 0x7ffd, 0x5}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x2, 0x42}, {0x6, 0x4, 0x8, 0x8}, {0x8001, 0x0, 0x0, 0x8001}]}}, @TCA_U32_POLICE={0x4}]}}]}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x40)
ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x2, [r3, 0x0, 0x0, r4], [0x2b8]})
close_range(r0, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_open_dev$video-mount-socket$pppl2tp-socket$inet6_udp-socket$nl_generic-sendmsg$TIPC_CMD_SET_NODE_ADDR-connect$pppl2tp-syz_genetlink_get_family_id$l2tp-getsockname-creat-acct-umount2
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
syz_open_dev$video(&(0x7f0000000000), 0xc000, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r6, &(0x7f0000000400)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x24, 0x0, 0x1, 0x70bd2b, 0x25dfdbfd, {{}, {}, {0x8, 0x11, 0x7}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x40040)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x2, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e)
syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff)
getsockname(r4, 0x0, 0x0)
creat(&(0x7f0000000240)='./file0/bus\x00', 0x0)
acct(0x0)
umount2(&(0x7f0000000280)='./file0\x00', 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-bpf$MAP_CREATE_CONST_STR-openat-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-mprotect-ioctl$EXT4_IOC_GROUP_ADD
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000240)='ext2\x00', &(0x7f0000000f00)='./file0\x00', 0x2800418, &(0x7f0000000180), 0xfe, 0x263, &(0x7f0000000700)="$eJzs3T9oJFUcB/DfzO6af4tGbUTxD4iIBkLsBBttFAIiQURQISJiJYkQDXZZKxsLrVVS2QSxM1qKTbjm4NrcXYpcc8WFKy5ccVfsMTu7x2azucvtZnfvdj4fmMy8mffmzcB83wyBmQ2gsGYj4u2IKEXEXERUIiJpr/BSPs02i5tTO8sR9fqH15NGvbyca7WbiYhaRLwZUW5tW9/+dP/m7nuv/vRd5ZU/tj+ZGsKplTpXHOzvvX/4+wc//r34xnraXFdtztvP4ww9+0SXleUk4qkBdPawSMqjPgJOY+n7vy5mIXk6Il5u5L8SaTOyP6899n8lXv/tpLa/XLvw3DCPFTh79XoluwfW6kDhpI1n4CSdj4h8OU3n5/Nn+Eul6fTr1bVv575aLa18OeqRCjgr1Yi9d/+d+GemI/9XS3n+gfGV5f+jpa3L2fLhsf+UAWPp+XyW5X/u843XQv6hcOQfikv+YSxUe2wk//Co6zG78g/FJf9QXPIPY6zSWqh13Sz/UFynzv8w3tQDhsr9H4qrPf8AQLHUJ0b9BjIwKqMefwAAAAAAAAAAAAAAAAAAgOM2p3aWW9Ow+jz3a8TBOxFR7tZ/qfF7xBGTjb/TN5Ks2l1J3qwvn73Y5w769Ofg376uTxwtT7YXHr8y8P7v6fwLg9nvD0eLJ37BcmMlopZVXiiXj19/SfP6692T99le+aLPDh5Q0lF+6+Ph9t/p9tZo+1/cjfgvG38Wuo0/aTzTmHcff6rtn1ju0Te3+twBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ3MnAAD//7Gtauk=")
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000040)={0x19, 0x5, 0xb, 0x1, 0xfffffff0, 0x9})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-lgetxattr
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000300)={[{@acl}, {}, {@noacl}, {}, {@nouser_xattr}, {@cache_strategy_readahead}]}, 0x1, 0x177, &(0x7f0000000680)="$eJzslL9KA0EQxr/diwkROztBLAwYi1zuLio2IsEXCPgPO6M5Q/RiQnKCiZXY+gC2tr5CGsEXUSsRUlpH9naTWyV/RNAgzq+Y+/Z2dm52Dj4QBPFveX56e7x+bV0YAKaQQEy9fzHCHK7ln+XiB9OpjbvWzcPVenW20q9mp/P170cA3GcN+L2zH08n1HMLvKe3wbGo9C4YTKX3wbGjtAuGPaWPNV0R+aZ5VPJc87DiFYSwRLBFcETIfO6vfclQ0Ppj2n690TzJe55b+0Exan7tLMea1p/+v7qzsbT52eCwlc6AYVPpVcS6s5Ej0e4/EwnrG798fxIkSPw1EfpT55ZhQfOniOYfab9cTdcbzVSpnC+6RffUcTIr1pJlLTvpwIhkHOJ/8cCfJrX6EwNyoyyK87zv12wZe2tHxn6OywP/40jOy7Xw/ujAbuQ+U+dYoJLGkHSCIIixMQcWeOYInNy4GyUIgiAIgiAIgiAI4tu8BwAA//9iEXZY")
lgetxattr(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180)=@known='trusted.syz\x00', 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-lgetxattr
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000300)={[{@acl}, {}, {@noacl}, {}, {@nouser_xattr}, {@cache_strategy_readahead}]}, 0x1, 0x177, &(0x7f0000000680)="$eJzslL9KA0EQxr/diwkROztBLAwYi1zuLio2IsEXCPgPO6M5Q/RiQnKCiZXY+gC2tr5CGsEXUSsRUlpH9naTWyV/RNAgzq+Y+/Z2dm52Dj4QBPFveX56e7x+bV0YAKaQQEy9fzHCHK7ln+XiB9OpjbvWzcPVenW20q9mp/P170cA3GcN+L2zH08n1HMLvKe3wbGo9C4YTKX3wbGjtAuGPaWPNV0R+aZ5VPJc87DiFYSwRLBFcETIfO6vfclQ0Ppj2n690TzJe55b+0Exan7tLMea1p/+v7qzsbT52eCwlc6AYVPpVcS6s5Ej0e4/EwnrG798fxIkSPw1EfpT55ZhQfOniOYfab9cTdcbzVSpnC+6RffUcTIr1pJlLTvpwIhkHOJ/8cCfJrX6EwNyoyyK87zv12wZe2tHxn6OywP/40jOy7Xw/ujAbuQ+U+dYoJLGkHSCIIixMQcWeOYInNy4GyUIgiAIgiAIgiAI4tu8BwAA//9iEXZY")
lgetxattr(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180)=@known='trusted.syz\x00', 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$MAP_CREATE-close-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_PROG_INFO
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x2, 0x4, 0x4, 0x143, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000a80)={r2, 0x0, 0x0}, 0x10)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$MAP_CREATE-close-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_GET_PROG_INFO
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x2, 0x4, 0x4, 0x143, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000a80)={r2, 0x0, 0x0}, 0x10)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-syz_usb_connect$uac1-sendmsg$NL80211_CMD_FRAME-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_MSRS
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r3=>0x0})
syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000002c0)=ANY=[@ANYBLOB="98000000", @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="7a00330080000000ffffffffffff080211000000505050505050000000000000000000000000010003010e"], 0x98}}, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000018c0)=ANY=[@ANYBLOB="0100000000000000014d564b00000000", @ANYRES16])

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-syz_usb_connect$uac1-sendmsg$NL80211_CMD_FRAME-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_MSRS
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r3=>0x0})
syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000002c0)=ANY=[@ANYBLOB="98000000", @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="7a00330080000000ffffffffffff080211000000505050505050000000000000000000000000010003010e"], 0x98}}, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000018c0)=ANY=[@ANYBLOB="0100000000000000014d564b00000000", @ANYRES16])

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-socket$inet6-sendmsg$nl_route_sched-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-sched_setaffinity-recvmmsg-openat$ptmx-ioctl$TIOCL_GETMOUSEREPORTING-unshare-bind$inet6-socket$inet_dccp-listen-connect$inet-sendmmsg-sendmsg$NL80211_CMD_SET_BEACON
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$inet6(0xa, 0x6, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(0xffffffffffffffff, 0x5412, 0x0)
unshare(0x6000000)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r5 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r1, 0x5)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)
sendmmsg(r5, &(0x7f0000002980), 0x400000000000239, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0xa0}, 0x1, 0x0, 0x0, 0x4010}, 0x10)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-socket$inet6-sendmsg$nl_route_sched-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-sched_setaffinity-recvmmsg-openat$ptmx-ioctl$TIOCL_GETMOUSEREPORTING-unshare-bind$inet6-socket$inet_dccp-listen-connect$inet-sendmmsg-sendmsg$NL80211_CMD_SET_BEACON
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$inet6(0xa, 0x6, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(0xffffffffffffffff, 0x5412, 0x0)
unshare(0x6000000)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r5 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r1, 0x5)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)
sendmmsg(r5, &(0x7f0000002980), 0x400000000000239, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0xa0}, 0x1, 0x0, 0x0, 0x4010}, 0x10)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-openat-openat$cgroup_ro-syz_mount_image$vfat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x441, 0x14a)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804051, 0x0, 0x1, 0x0, &(0x7f0000000d40))
fadvise64(r0, 0xaa1f, 0xff39, 0x3)

program crashed: INFO: task hung in z_erofs_runqueue
single: successfully extracted reproducer
found reproducer with 6 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-openat-openat$cgroup_ro-syz_mount_image$vfat
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x441, 0x14a)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804051, 0x0, 0x1, 0x0, &(0x7f0000000d40))

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-openat-openat$cgroup_ro-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x441, 0x14a)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fadvise64(r0, 0xaa1f, 0xff39, 0x3)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-openat-syz_mount_image$vfat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x441, 0x14a)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804051, 0x0, 0x1, 0x0, &(0x7f0000000d40))
fadvise64(r0, 0xaa1f, 0xff39, 0x3)

program crashed: INFO: task hung in z_erofs_runqueue
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-syz_mount_image$vfat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804051, 0x0, 0x1, 0x0, &(0x7f0000000d40))
fadvise64(r0, 0xaa1f, 0xff39, 0x3)

program crashed: INFO: task hung in z_erofs_runqueue
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-syz_mount_image$vfat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804051, 0x0, 0x1, 0x0, &(0x7f0000000d40))
fadvise64(0xffffffffffffffff, 0xaa1f, 0xff39, 0x3)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_mount_image$vfat-fadvise64
detailed listing:
executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804051, 0x0, 0x1, 0x0, &(0x7f0000000d40))
fadvise64(r0, 0xaa1f, 0xff39, 0x3)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-syz_mount_image$vfat-fadvise64
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804051, 0x0, 0x1, 0x0, &(0x7f0000000d40))
fadvise64(r0, 0xaa1f, 0xff39, 0x3)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-syz_mount_image$vfat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-syz_mount_image$vfat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-syz_mount_image$vfat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-syz_mount_image$vfat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-syz_mount_image$vfat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-syz_mount_image$vfat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-syz_mount_image$vfat-fadvise64
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat-syz_mount_image$vfat-fadvise64
program crashed: INFO: task hung in z_erofs_runqueue
reproducing took 2h34m26.048683284s
repro crashed as (corrupted=false):
INFO: task syz-executor334:4247 blocked for more than 143 seconds.
      Not tainted 6.1.131-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor334 state:D stack:24120 pid:4247  ppid:4246   flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5243 [inline]
 __schedule+0x143f/0x4570 kernel/sched/core.c:6560
 schedule+0xbf/0x180 kernel/sched/core.c:6636
 io_schedule+0x88/0x100 kernel/sched/core.c:8788
 folio_wait_bit_common+0x878/0x1290 mm/filemap.c:1324
 lock_page include/linux/pagemap.h:995 [inline]
 pickup_page_for_submission fs/erofs/zdata.c:1348 [inline]
 z_erofs_submit_queue fs/erofs/zdata.c:1541 [inline]
 z_erofs_runqueue+0xa59/0x1e10 fs/erofs/zdata.c:1613
 z_erofs_readahead+0xc26/0x1030 fs/erofs/zdata.c:1760
 read_pages+0x17f/0x830 mm/readahead.c:161
 page_cache_ra_unbounded+0x68b/0x7b0 mm/readahead.c:270
 do_page_cache_ra mm/readahead.c:300 [inline]
 force_page_cache_ra+0x2a3/0x300 mm/readahead.c:331
 force_page_cache_readahead mm/internal.h:125 [inline]
 generic_fadvise+0x553/0x7b0 mm/fadvise.c:107
 vfs_fadvise mm/fadvise.c:185 [inline]
 ksys_fadvise64_64 mm/fadvise.c:199 [inline]
 __do_sys_fadvise64 mm/fadvise.c:214 [inline]
 __se_sys_fadvise64 mm/fadvise.c:212 [inline]
 __x64_sys_fadvise64+0x138/0x180 mm/fadvise.c:212
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f293080f119
RSP: 002b:00007fffba1d9bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f293080f119
RDX: 000000000000ff39 RSI: 000000000000aa1f RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fffba1d9bf0
R10: 0000000000000003 R11: 0000000000000246 R12: 00007fffba1d9bf0
R13: 00007fffba1d9e78 R14: 431bde82d7b634db R15: 00007f293085803b
 </TASK>

Showing all locks held in the system:
1 lock held by rcu_tasks_kthre/12:
 #0: ffffffff8d32e890 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 kernel/rcu/tasks.h:517
1 lock held by rcu_tasks_trace/13:
 #0: ffffffff8d32f090 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 kernel/rcu/tasks.h:517
1 lock held by khungtaskd/28:
 #0: ffffffff8d32e6c0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #0: ffffffff8d32e6c0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #0: ffffffff8d32e6c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 kernel/locking/lockdep.c:6510
2 locks held by getty/4016:
 #0: ffff88814cce3098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:244
 #1: ffffc9000325e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x54a/0x1620 drivers/tty/n_tty.c:2198
1 lock held by syz-executor334/4247:
 #0: ffff888071240338 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:813 [inline]
 #0: ffff888071240338 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: page_cache_ra_unbounded+0xed/0x7b0 mm/readahead.c:226

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.1.131-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 nmi_cpu_backtrace+0x4e1/0x560 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x1ca/0x430 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline]
 watchdog+0xf88/0xfd0 kernel/hung_task.c:377
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 3612 Comm: klogd Not tainted 6.1.131-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:mmdrop include/linux/sched/mm.h:49 [inline]
RIP: 0010:mmdrop_sched include/linux/sched/mm.h:78 [inline]
RIP: 0010:finish_task_switch+0x2a1/0x810 kernel/sched/core.c:5147
Code: 85 d9 01 00 00 f7 03 20 00 00 00 0f 85 15 01 00 00 49 8d be 90 00 00 00 be 04 00 00 00 e8 27 9a 82 00 f0 41 ff 8e 90 00 00 00 <74> 22 81 7d b8 80 00 00 00 74 2a 48 83 c4 20 5b 41 5c 41 5d 41 5e
RSP: 0018:ffffc90003297948 EFLAGS: 00000202
RAX: 1ffff1100f9be801 RBX: ffff88807cdf51d8 RCX: ffffffff815f7279
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff888031dfe990
RBP: ffffc90003297990 R08: dffffc0000000000 R09: ffffed10063bfd33
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88807cdf40a8
R13: dffffc0000000000 R14: ffff888031dfe900 R15: ffff88801fedd940
FS:  00007f7292428380(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005578a2c51600 CR3: 000000007e658000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 context_switch kernel/sched/core.c:5246 [inline]
 __schedule+0x1447/0x4570 kernel/sched/core.c:6560
 schedule+0xbf/0x180 kernel/sched/core.c:6636
 syslog_print+0x270/0x620 kernel/printk/printk.c:1526
 do_syslog+0x819/0x910 kernel/printk/printk.c:1679
 __do_sys_syslog kernel/printk/printk.c:1771 [inline]
 __se_sys_syslog kernel/printk/printk.c:1769 [inline]
 __x64_sys_syslog+0x78/0x90 kernel/printk/printk.c:1769
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f7292589fa7
Code: 73 01 c3 48 8b 0d 81 ce 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 ce 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007fff300d6388 EFLAGS: 00000206 ORIG_RAX: 0000000000000067
RAX: ffffffffffffffda RBX: 00007f72927284a0 RCX: 00007f7292589fa7
RDX: 00000000000003ff RSI: 00007f72927284a0 RDI: 0000000000000002
RBP: 0000000000000000 R08: 0000000000000007 R09: a6d29bc7ec9a0e3f
R10: 0000000000004000 R11: 0000000000000206 R12: 00007f72927284a0
R13: 00007f7292718212 R14: 00007f7292728550 R15: 00007f7292728550
 </TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.279 msecs

final repro crashed as (corrupted=false):
INFO: task syz-executor334:4247 blocked for more than 143 seconds.
      Not tainted 6.1.131-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor334 state:D stack:24120 pid:4247  ppid:4246   flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5243 [inline]
 __schedule+0x143f/0x4570 kernel/sched/core.c:6560
 schedule+0xbf/0x180 kernel/sched/core.c:6636
 io_schedule+0x88/0x100 kernel/sched/core.c:8788
 folio_wait_bit_common+0x878/0x1290 mm/filemap.c:1324
 lock_page include/linux/pagemap.h:995 [inline]
 pickup_page_for_submission fs/erofs/zdata.c:1348 [inline]
 z_erofs_submit_queue fs/erofs/zdata.c:1541 [inline]
 z_erofs_runqueue+0xa59/0x1e10 fs/erofs/zdata.c:1613
 z_erofs_readahead+0xc26/0x1030 fs/erofs/zdata.c:1760
 read_pages+0x17f/0x830 mm/readahead.c:161
 page_cache_ra_unbounded+0x68b/0x7b0 mm/readahead.c:270
 do_page_cache_ra mm/readahead.c:300 [inline]
 force_page_cache_ra+0x2a3/0x300 mm/readahead.c:331
 force_page_cache_readahead mm/internal.h:125 [inline]
 generic_fadvise+0x553/0x7b0 mm/fadvise.c:107
 vfs_fadvise mm/fadvise.c:185 [inline]
 ksys_fadvise64_64 mm/fadvise.c:199 [inline]
 __do_sys_fadvise64 mm/fadvise.c:214 [inline]
 __se_sys_fadvise64 mm/fadvise.c:212 [inline]
 __x64_sys_fadvise64+0x138/0x180 mm/fadvise.c:212
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f293080f119
RSP: 002b:00007fffba1d9bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f293080f119
RDX: 000000000000ff39 RSI: 000000000000aa1f RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fffba1d9bf0
R10: 0000000000000003 R11: 0000000000000246 R12: 00007fffba1d9bf0
R13: 00007fffba1d9e78 R14: 431bde82d7b634db R15: 00007f293085803b
 </TASK>

Showing all locks held in the system:
1 lock held by rcu_tasks_kthre/12:
 #0: ffffffff8d32e890 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 kernel/rcu/tasks.h:517
1 lock held by rcu_tasks_trace/13:
 #0: ffffffff8d32f090 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xe30 kernel/rcu/tasks.h:517
1 lock held by khungtaskd/28:
 #0: ffffffff8d32e6c0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #0: ffffffff8d32e6c0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #0: ffffffff8d32e6c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290 kernel/locking/lockdep.c:6510
2 locks held by getty/4016:
 #0: ffff88814cce3098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:244
 #1: ffffc9000325e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x54a/0x1620 drivers/tty/n_tty.c:2198
1 lock held by syz-executor334/4247:
 #0: ffff888071240338 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:813 [inline]
 #0: ffff888071240338 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: page_cache_ra_unbounded+0xed/0x7b0 mm/readahead.c:226

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.1.131-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 nmi_cpu_backtrace+0x4e1/0x560 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x1ca/0x430 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline]
 watchdog+0xf88/0xfd0 kernel/hung_task.c:377
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 3612 Comm: klogd Not tainted 6.1.131-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:mmdrop include/linux/sched/mm.h:49 [inline]
RIP: 0010:mmdrop_sched include/linux/sched/mm.h:78 [inline]
RIP: 0010:finish_task_switch+0x2a1/0x810 kernel/sched/core.c:5147
Code: 85 d9 01 00 00 f7 03 20 00 00 00 0f 85 15 01 00 00 49 8d be 90 00 00 00 be 04 00 00 00 e8 27 9a 82 00 f0 41 ff 8e 90 00 00 00 <74> 22 81 7d b8 80 00 00 00 74 2a 48 83 c4 20 5b 41 5c 41 5d 41 5e
RSP: 0018:ffffc90003297948 EFLAGS: 00000202
RAX: 1ffff1100f9be801 RBX: ffff88807cdf51d8 RCX: ffffffff815f7279
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff888031dfe990
RBP: ffffc90003297990 R08: dffffc0000000000 R09: ffffed10063bfd33
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88807cdf40a8
R13: dffffc0000000000 R14: ffff888031dfe900 R15: ffff88801fedd940
FS:  00007f7292428380(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005578a2c51600 CR3: 000000007e658000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 context_switch kernel/sched/core.c:5246 [inline]
 __schedule+0x1447/0x4570 kernel/sched/core.c:6560
 schedule+0xbf/0x180 kernel/sched/core.c:6636
 syslog_print+0x270/0x620 kernel/printk/printk.c:1526
 do_syslog+0x819/0x910 kernel/printk/printk.c:1679
 __do_sys_syslog kernel/printk/printk.c:1771 [inline]
 __se_sys_syslog kernel/printk/printk.c:1769 [inline]
 __x64_sys_syslog+0x78/0x90 kernel/printk/printk.c:1769
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f7292589fa7
Code: 73 01 c3 48 8b 0d 81 ce 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 ce 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007fff300d6388 EFLAGS: 00000206 ORIG_RAX: 0000000000000067
RAX: ffffffffffffffda RBX: 00007f72927284a0 RCX: 00007f7292589fa7
RDX: 00000000000003ff RSI: 00007f72927284a0 RDI: 0000000000000002
RBP: 0000000000000000 R08: 0000000000000007 R09: a6d29bc7ec9a0e3f
R10: 0000000000004000 R11: 0000000000000206 R12: 00007f72927284a0
R13: 00007f7292718212 R14: 00007f7292728550 R15: 00007f7292728550
 </TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.279 msecs