Extracting prog: 1h12m57.473429411s
Minimizing prog: 39m53.527573687s
Simplifying prog options: 6m52.428731481s
Extracting C: 3m18.457311359s
Simplifying C: 20m36.547047658s


extracting reproducer from 52 programs
testing a last program of every proc
single: executing 12 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$binderfs-ioctl$BINDER_WRITE_READ-dup3-ioctl$BINDER_WRITE_READ
detailed listing:
executing program 0:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313, 0x100000}], 0x0, 0x1000000, 0x0})

program did not crash
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet-setsockopt$SO_BINDTODEVICE-sendmmsg$inet
detailed listing:
executing program 0:
r0 = socket$inet(0x2, 0x3, 0x4)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='ip6_vti0\x00', 0x10)
sendmmsg$inet(r0, &(0x7f00000000c0)=[{{&(0x7f0000000240)={0x2, 0x4e01, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00'], 0x38}}], 0x1, 0x46000)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-setsockopt-setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD-sendto$inet6
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x82, &(0x7f00000002c0)="1a00000000000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x9, @loopback}], 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$SNDRV_CTL_IOCTL_ELEM_ADD-syz_open_dev$tty20-socket$alg-bind$alg-sendmsg$NFT_BATCH-setsockopt$ALG_SET_KEY-execveat-accept4-sendmmsg$alg-recvmsg-write$binfmt_misc
detailed listing:
executing program 0:
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000140)={{0x200002, 0x2, 0x5, 0xfffffffe, 'syz0\x00', 0xf5}, 0x3, 0x40, 0x40, 0x0, 0x0, 0x2, 'syz1\x00', 0x0})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x20010840)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18)
execveat(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000600)={[&(0x7f0000000300)='\x06\x8c\xb0\x0fTl\xeewH\xab}\x00']}, 0x100)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-setsockopt$bt_BT_DEFER_SETUP-mremap-capset-socket-setsockopt$inet_icmp_ICMP_FILTER-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_REGISTER-syz_io_uring_setup-close_range-syz_open_dev$ttys-ioctl$TIOCSETD-openat$nullb-sendfile-ioctl$TIOCVHANGUP-openat$dsp-syz_open_dev$sndctrl-ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE-syz_open_dev$sndpcmp-ioctl$SNDRV_PCM_IOCTL_SW_PARAMS-socket$netlink-writev
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000002080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r1 = socket(0x2, 0x805, 0x0)
setsockopt$inet_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000100)={0xfff}, 0x4)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x108})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
syz_io_uring_setup(0x8df, &(0x7f0000000140)={0x0, 0xf80c, 0x300c, 0x1, 0x359}, &(0x7f00000002c0), &(0x7f0000ff4000), &(0x7f0000000000))
close_range(r2, r2, 0x0)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0xd)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r3, r4, 0x0, 0x2000fb)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000300)=0x1)
r6 = syz_open_dev$sndpcmp(&(0x7f0000000280), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r6, 0xc0884113, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
writev(r7, &(0x7f0000000480)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f08000000480100100000000019002b000a0001000500000000000072080003001800000000", 0x39}, {&(0x7f0000000100)="e626d44e607d59026f46861ca2389b526383139acdc07a5bad32a2c83467e08e0ca433c1b2a39a5196fedf9a5cb54ac98443986a7c26f0e554c0e5c4d773caaf6e4914e367807d0585dcc8b43cb7ab85e75e8b552a2acf36f685bea9100cc81dd466f5eefb1561fb6122cd54091d592d75e994650f42e2cb587856136898bffa4a029a5392fe478f2c73c636a74a94e7493fbb7d1abc1169419aa1faca67f3772ba2c1119c435e6f3dd29c4ee472", 0xae}, {&(0x7f00000001c0)="d87b169f6184725a7ea0983e999389e0fa4c4b", 0x13}, {&(0x7f0000000200)="dd2bf412ed72695b0706a56b2ba1997edd6f382ced52204f3bbcd822753f246fbe042ce72a881580e5c7bb75ecb239e2ff9aceacf01f316f0d0f9ad1022edc01db6de850de2654d5a8da09d4faee5cfa51907d7a36154ce25d792023395abfaa7c7e17b162235fe0", 0x68}, {&(0x7f0000000640)="5e15802cafe402c512a8afc19a3dc4094d26d165243f06a570814b7aecf91b50cd179b89fbf53ac5b68d27f520e8d81016d749a7f5bf5c64088f078c714497ecca859cc79d6b7900709ef4aea304352968f201040000b8ea22703c2cc2a63d5ae980b72603f916c9d9bb79ff8fe4a5e150b4ebd0880e4be26a81104198417dc72ae35c44657d942ec8624a26d5b923236b3e548402fee710c6be846c31ac1694ced133ce24c526b7d3424a29285bdf00186f0e7d3b7374ecf77c4d76d227343659e54c1387241c85072ad7be7c0a8bdfa8624de952ccafe8d57a90b2765be7698a5fdd732df2", 0xe6}, {&(0x7f0000000380)="74e251658562a4932ad8d75d85db1e6f1505f28e415afb2a2feced27ff433638f613f3dbeab7096ed20cf26d9709778d07a4c45f4490e9d4311452ba1b9936b4d42b9d28d220f09f2e94f48c6b3bc0e159c5c348846cecabe397c303a2f1ff2c3cf6e71b7ee8caae7d293619346a589acc543e782848cd93e419fe92b16b9daef9e307dc30ef513e5100342c89d6df7d16722485764230367adfbb067f930a8c7a8dd95e6ca872b625f8be40c79f6182d180a4534ba2b888", 0xb8}, {&(0x7f0000000500)="4f5b183e232f5643677cafb1e860d07a5d5138eded7a8dde11719a9a7d322b20e77c0e16e7c2e440eefecaf648f628ab82c5f7b8d4eb9d5bac4a4f811313233c575613b50473455058e6b3dc2ade3d586b2bcdcf34c356b5cdbe070bc135552d4a197c716a535cab2c2b2a61c00c94d9a3a52df6200be7f20766b667ac3914d179d2ee28650e162d2704ea14da29014603dcf4eb8e8b8e451ce9b5f7f7a5a720c1a58f2505a3424081baa361509cd70f0c6547df2eaad81bfa7d01498dee7c3c3296f3644a3e3e9857db1efa74d001f881bd68d9dafc2a674e8c6ca40c930d5e8758078022d47a63e39b999307fe1df65972f752ed962ab9c70fff7680007a1dc3b652ea4f6902b42e335f7897f7037c816cc5f4daa43a8e2816f4bf1b1e117223b7b34d4549cbc7d043bd", 0x12b}], 0x7)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-setsockopt$bt_BT_DEFER_SETUP-mremap-capset-socket-setsockopt$inet_icmp_ICMP_FILTER-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_REGISTER-syz_io_uring_setup-close_range-syz_open_dev$ttys-ioctl$TIOCSETD-openat$nullb-sendfile-ioctl$TIOCVHANGUP-openat$dsp-syz_open_dev$sndctrl-ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE-syz_open_dev$sndpcmp-ioctl$SNDRV_PCM_IOCTL_SW_PARAMS-socket$netlink-writev
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000002080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r1 = socket(0x2, 0x805, 0x0)
setsockopt$inet_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000100)={0xfff}, 0x4)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x108})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
syz_io_uring_setup(0x8df, &(0x7f0000000140)={0x0, 0xf80c, 0x300c, 0x1, 0x359}, &(0x7f00000002c0), &(0x7f0000ff4000), &(0x7f0000000000))
close_range(r2, r2, 0x0)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0xd)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r3, r4, 0x0, 0x2000fb)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000300)=0x1)
r6 = syz_open_dev$sndpcmp(&(0x7f0000000280), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r6, 0xc0884113, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
writev(r7, &(0x7f0000000480)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f08000000480100100000000019002b000a0001000500000000000072080003001800000000", 0x39}, {&(0x7f0000000100)="e626d44e607d59026f46861ca2389b526383139acdc07a5bad32a2c83467e08e0ca433c1b2a39a5196fedf9a5cb54ac98443986a7c26f0e554c0e5c4d773caaf6e4914e367807d0585dcc8b43cb7ab85e75e8b552a2acf36f685bea9100cc81dd466f5eefb1561fb6122cd54091d592d75e994650f42e2cb587856136898bffa4a029a5392fe478f2c73c636a74a94e7493fbb7d1abc1169419aa1faca67f3772ba2c1119c435e6f3dd29c4ee472", 0xae}, {&(0x7f00000001c0)="d87b169f6184725a7ea0983e999389e0fa4c4b", 0x13}, {&(0x7f0000000200)="dd2bf412ed72695b0706a56b2ba1997edd6f382ced52204f3bbcd822753f246fbe042ce72a881580e5c7bb75ecb239e2ff9aceacf01f316f0d0f9ad1022edc01db6de850de2654d5a8da09d4faee5cfa51907d7a36154ce25d792023395abfaa7c7e17b162235fe0", 0x68}, {&(0x7f0000000640)="5e15802cafe402c512a8afc19a3dc4094d26d165243f06a570814b7aecf91b50cd179b89fbf53ac5b68d27f520e8d81016d749a7f5bf5c64088f078c714497ecca859cc79d6b7900709ef4aea304352968f201040000b8ea22703c2cc2a63d5ae980b72603f916c9d9bb79ff8fe4a5e150b4ebd0880e4be26a81104198417dc72ae35c44657d942ec8624a26d5b923236b3e548402fee710c6be846c31ac1694ced133ce24c526b7d3424a29285bdf00186f0e7d3b7374ecf77c4d76d227343659e54c1387241c85072ad7be7c0a8bdfa8624de952ccafe8d57a90b2765be7698a5fdd732df2", 0xe6}, {&(0x7f0000000380)="74e251658562a4932ad8d75d85db1e6f1505f28e415afb2a2feced27ff433638f613f3dbeab7096ed20cf26d9709778d07a4c45f4490e9d4311452ba1b9936b4d42b9d28d220f09f2e94f48c6b3bc0e159c5c348846cecabe397c303a2f1ff2c3cf6e71b7ee8caae7d293619346a589acc543e782848cd93e419fe92b16b9daef9e307dc30ef513e5100342c89d6df7d16722485764230367adfbb067f930a8c7a8dd95e6ca872b625f8be40c79f6182d180a4534ba2b888", 0xb8}, {&(0x7f0000000500)="4f5b183e232f5643677cafb1e860d07a5d5138eded7a8dde11719a9a7d322b20e77c0e16e7c2e440eefecaf648f628ab82c5f7b8d4eb9d5bac4a4f811313233c575613b50473455058e6b3dc2ade3d586b2bcdcf34c356b5cdbe070bc135552d4a197c716a535cab2c2b2a61c00c94d9a3a52df6200be7f20766b667ac3914d179d2ee28650e162d2704ea14da29014603dcf4eb8e8b8e451ce9b5f7f7a5a720c1a58f2505a3424081baa361509cd70f0c6547df2eaad81bfa7d01498dee7c3c3296f3644a3e3e9857db1efa74d001f881bd68d9dafc2a674e8c6ca40c930d5e8758078022d47a63e39b999307fe1df65972f752ed962ab9c70fff7680007a1dc3b652ea4f6902b42e335f7897f7037c816cc5f4daa43a8e2816f4bf1b1e117223b7b34d4549cbc7d043bd", 0x12b}], 0x7)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_MSRS-mmap-write-userfaultfd-fsopen-syz_init_net_socket$llc-bind$llc-fcntl$dupfd-socket$nl_xfrm-sendmsg$nl_xfrm-fsconfig$FSCONFIG_SET_STRING-madvise
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r1 = dup(r0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x140, 0x0, 0x10000000000000}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
write(r1, &(0x7f0000000000)="f9", 0x1)
userfaultfd(0x1)
r5 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0)
r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r6, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x44, 0xf6}, 0x10)
r7 = fcntl$dupfd(r5, 0x0, r5)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe880000000000000000000000000101ac14143c00000000000000000000000000000000000200000000000064000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fc010000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001166e63fcee10a32d139db0000000000000000000000000000000000000800000000000200000000000000000000000000000200000000000000000000000a000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00170000000000fdffffff000000000000000028bd7000000000004c001400636d6163286165732900"/344], 0x1a0}}, 0x800)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000e80)='mo\x12!\xf5\xdeA\xc0}-[\xee\xb3\xe3\xac\xec\x7f\x88 \xdfV\xee\xb4e\xb6de\x00\xdc2\xc9\xca\xc7\xd3\xdbT\xdbU\x9eX`\xa5J\xa3\xdc=`/\x99\xdc\xfb\'\xbf\xe4\xe0\x15\x97\xd6\xac\x94\xadm\xc9\x93\'\x02:\xd3L\x890\x11\x8a3WG\x843\x9c\xbak\xa3\xc2\xc8\x93\xd3\xa1\xaf\x95\xc3\xcff\t\xbd\x95\xf3\v\xab\x843\xe4\xadbRB\xf6<3\xe0\x84\xfa\v\xb2\xd1\x1bI\xa3!H?Eo\x9f\xf5\xb8^\'\xd3\xbe\xf0GA\xdd\xae+\xd5\xf1z\x95\xb2\x7f\x16\xdd\x1as[\xfc\x97\xd3\x91\x9b\xc5N\x87\xdc\xfc\xea\x1c\xf0\x92\xbd\x89\xea\xba\xc7\xb1!S\xc0\xc44W[\x8d\x15.\x0e\x90\x9eE\x8e|M\xf4\xf8G\x9bH\xf58\xa8M\xb6 \x15\x9fl\x9c\xefk1\x86[\n$\xc4 \xf2\xa3k\aj=\x10\x01\xae%`\xce\x82\x8c2p\xd6\x88\\\x98\f\xc7\x06\xbe\xab\x81`d\xa5*\x1a\x93%^l\x8f\xd8t\xac\x95\xc09\x95]\xe35n\xda^\\\xedH,\xbfY\x803\xfb\x1e\x03\xb8\x8dVH\x9e\xc9\xdd\x16\x94{h\xbfk\x88rA\xfbxq\xd9\x0f\x06\'\b(as\xc0\x94\xa8\xc3\x15\xc9\xa3\xfa\xdb\x04\x18\n>\xd0\xe3?\x8c\xceB\xa7W\x9c[\r\xe8\xa2\xb7\x8d\xc7\xe9\x9f\xc9\x7f\xd8\xe4\x1e\x136\x94\xb3\xe99a-\x01<{C\x90\xb0\xc7\x9c~\aO\xb1\xaf\xa3wK\xe1b', &(0x7f0000001140)='uqv\xd6\xb8W=\xbe\\\xd4?\x16\x82\x85\x19\xc6\xc5A^}B\xfd\xbe\xb9\x13\xbc\xadn$j\xa7\x0fv\x1c\xe4\x9bB:\xc9N]Yh\xa2\x12\x19h\x88:w\xfb\x9d\xd9\xd3~U\x10\xfb1W\f\xb5\x87\xf3\xd9\xf6:.\xf4\x86\x12*|\x05rs\x82\xd1\xeaL\xe6\x880J\b\xe8Zd\xe0\xe3\xc246q\xf88R\x1e\xa4K\x84p\xe7}\xf4\x93\\\x81)#}e\xec~+W\xa6\x80\xabW\xe7\f\xa5\xc1\x8c}\xe7\xfb\x9f\xa1\xa0\xc0\b\xe1.\x05-F\xb0\xe8DJ\x0e\n\x9c1\xb7K \x0e>\xa0A\xc4\x05\xf5\xdd)NZC\xcf\x8a\xf5TEU\x81}\b\x97\x95-^\x85\xa6A\xd3o,\xb4\x97\xc4y\xc6\x19]ci\xf4\xf8\xc7\xd0\x0ed\xec\x16J\x8d\x16\x10\xcaR\xa8k:\x14\xacsu\xe1]\xe3,\x9d\x9c\xc9\x96\x8fV\xfdrN\xc7\xddS<\xac\x8f \xd1\x11\xa5\'1A\xc1\x19o\xe9HU\xa1n\x0f\xf0?\x0fnI\xfa\xcf[\x1d\xd3\xe8!\x1a\x99b[S\xaa\xa1\x05\x84\xb1\x9c\xbc\xa4n0\xeeG\x85f\x1c4R\xcf\xe3\x13\x10Dp\x0e\x9dh\xfd\xe9G\x90\xe2\xf9\xf3\x90=\b\x1a\xd5\xc6j}U=|\xa4F\x9e\r\x87\x97\xae\n\xcb\v\xd6\x1e[\xf0^\x8a\x98dh64\x9b\xfb\xd9Z\xb0E\xee\xc4m\x7f\x18>Noi\xd2\xa9-\xf1x\xef\xe5\xf9*\x9a\xea}\x952\xd2\xceHj\xb1\xb6\xd4\xa3\xac\x95\x1d\xf6\x19r`N\xe1K\xcf\xc3\x1b\xec\xdbu_\xd8\xcc\xb7]\xfd<7\x19\xc7\x7f1\xd9\xbbX\x10-\xfec\x05\x8b\xae\xbf\xe0~\x8e`xx\n@I6\xd1\xf1\'\xfb\x96\xa0\"', 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_MSRS-mmap-write-userfaultfd-fsopen-syz_init_net_socket$llc-bind$llc-fcntl$dupfd-socket$nl_xfrm-sendmsg$nl_xfrm-fsconfig$FSCONFIG_SET_STRING-madvise
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r1 = dup(r0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x140, 0x0, 0x10000000000000}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
write(r1, &(0x7f0000000000)="f9", 0x1)
userfaultfd(0x1)
r5 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0)
r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r6, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x44, 0xf6}, 0x10)
r7 = fcntl$dupfd(r5, 0x0, r5)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe880000000000000000000000000101ac14143c00000000000000000000000000000000000200000000000064000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fc010000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001166e63fcee10a32d139db0000000000000000000000000000000000000800000000000200000000000000000000000000000200000000000000000000000a000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00170000000000fdffffff000000000000000028bd7000000000004c001400636d6163286165732900"/344], 0x1a0}}, 0x800)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000e80)='mo\x12!\xf5\xdeA\xc0}-[\xee\xb3\xe3\xac\xec\x7f\x88 \xdfV\xee\xb4e\xb6de\x00\xdc2\xc9\xca\xc7\xd3\xdbT\xdbU\x9eX`\xa5J\xa3\xdc=`/\x99\xdc\xfb\'\xbf\xe4\xe0\x15\x97\xd6\xac\x94\xadm\xc9\x93\'\x02:\xd3L\x890\x11\x8a3WG\x843\x9c\xbak\xa3\xc2\xc8\x93\xd3\xa1\xaf\x95\xc3\xcff\t\xbd\x95\xf3\v\xab\x843\xe4\xadbRB\xf6<3\xe0\x84\xfa\v\xb2\xd1\x1bI\xa3!H?Eo\x9f\xf5\xb8^\'\xd3\xbe\xf0GA\xdd\xae+\xd5\xf1z\x95\xb2\x7f\x16\xdd\x1as[\xfc\x97\xd3\x91\x9b\xc5N\x87\xdc\xfc\xea\x1c\xf0\x92\xbd\x89\xea\xba\xc7\xb1!S\xc0\xc44W[\x8d\x15.\x0e\x90\x9eE\x8e|M\xf4\xf8G\x9bH\xf58\xa8M\xb6 \x15\x9fl\x9c\xefk1\x86[\n$\xc4 \xf2\xa3k\aj=\x10\x01\xae%`\xce\x82\x8c2p\xd6\x88\\\x98\f\xc7\x06\xbe\xab\x81`d\xa5*\x1a\x93%^l\x8f\xd8t\xac\x95\xc09\x95]\xe35n\xda^\\\xedH,\xbfY\x803\xfb\x1e\x03\xb8\x8dVH\x9e\xc9\xdd\x16\x94{h\xbfk\x88rA\xfbxq\xd9\x0f\x06\'\b(as\xc0\x94\xa8\xc3\x15\xc9\xa3\xfa\xdb\x04\x18\n>\xd0\xe3?\x8c\xceB\xa7W\x9c[\r\xe8\xa2\xb7\x8d\xc7\xe9\x9f\xc9\x7f\xd8\xe4\x1e\x136\x94\xb3\xe99a-\x01<{C\x90\xb0\xc7\x9c~\aO\xb1\xaf\xa3wK\xe1b', &(0x7f0000001140)='uqv\xd6\xb8W=\xbe\\\xd4?\x16\x82\x85\x19\xc6\xc5A^}B\xfd\xbe\xb9\x13\xbc\xadn$j\xa7\x0fv\x1c\xe4\x9bB:\xc9N]Yh\xa2\x12\x19h\x88:w\xfb\x9d\xd9\xd3~U\x10\xfb1W\f\xb5\x87\xf3\xd9\xf6:.\xf4\x86\x12*|\x05rs\x82\xd1\xeaL\xe6\x880J\b\xe8Zd\xe0\xe3\xc246q\xf88R\x1e\xa4K\x84p\xe7}\xf4\x93\\\x81)#}e\xec~+W\xa6\x80\xabW\xe7\f\xa5\xc1\x8c}\xe7\xfb\x9f\xa1\xa0\xc0\b\xe1.\x05-F\xb0\xe8DJ\x0e\n\x9c1\xb7K \x0e>\xa0A\xc4\x05\xf5\xdd)NZC\xcf\x8a\xf5TEU\x81}\b\x97\x95-^\x85\xa6A\xd3o,\xb4\x97\xc4y\xc6\x19]ci\xf4\xf8\xc7\xd0\x0ed\xec\x16J\x8d\x16\x10\xcaR\xa8k:\x14\xacsu\xe1]\xe3,\x9d\x9c\xc9\x96\x8fV\xfdrN\xc7\xddS<\xac\x8f \xd1\x11\xa5\'1A\xc1\x19o\xe9HU\xa1n\x0f\xf0?\x0fnI\xfa\xcf[\x1d\xd3\xe8!\x1a\x99b[S\xaa\xa1\x05\x84\xb1\x9c\xbc\xa4n0\xeeG\x85f\x1c4R\xcf\xe3\x13\x10Dp\x0e\x9dh\xfd\xe9G\x90\xe2\xf9\xf3\x90=\b\x1a\xd5\xc6j}U=|\xa4F\x9e\r\x87\x97\xae\n\xcb\v\xd6\x1e[\xf0^\x8a\x98dh64\x9b\xfb\xd9Z\xb0E\xee\xc4m\x7f\x18>Noi\xd2\xa9-\xf1x\xef\xe5\xf9*\x9a\xea}\x952\xd2\xceHj\xb1\xb6\xd4\xa3\xac\x95\x1d\xf6\x19r`N\xe1K\xcf\xc3\x1b\xec\xdbu_\xd8\xcc\xb7]\xfd<7\x19\xc7\x7f1\xd9\xbbX\x10-\xfec\x05\x8b\xae\xbf\xe0~\x8e`xx\n@I6\xd1\xf1\'\xfb\x96\xa0\"', 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-write$binfmt_elf64-socket$inet6_mptcp-socket$nl_netfilter-execveat-socket$nl_route-setsockopt$SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r1 = dup(r0)
mmap(&(0x7f000007d000/0x3000)=nil, 0x3000, 0x300000a, 0x13, r1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000001040)={{0x7f, 0x45, 0x4c, 0x46, 0x46, 0x9, 0x3, 0x3, 0x7fffffffffffffff, 0x2, 0x3e, 0x4, 0x2da, 0x40, 0x201, 0x4, 0x400, 0x38, 0x2, 0x0, 0x4, 0x7}, [{0x4, 0x10000, 0x401, 0x7, 0x7, 0x3, 0x9}, {0x10000000, 0x20000b8, 0x1, 0x1, 0x8, 0x2, 0x7ff, 0x3}], "dd0f9c81ecba8c5778dbf701e7c47c426712e932fa7b2b99f1d45f4069c23d5abe702d742e569f5190d7c56151c94ff1eb7d7af29f32ef4dbdd0a07def0ef493062eab0e0c103252550ccd237fbffc21e0a48c2e323c7e74ac81e7e3a9248428fd22d02b96d3f072874944c86f8dea01f3c6c7b1c5577be1767f8a8a3c7a54dffc600395e925124c8fd6315a9dcd297ad16f5baa6c0f86382738306b460683b160cf3414d624d293c0a31d72008343b28c9ccac517ff57397035c3e63da529e7950e0265bb77716b875ed48d1279e106ec6aaa36f2c8726fec1bb00f231dc7661fcb7a37b258d8e1dcb8d00d9421d09093cdb05840c6d2362aeccda0e72d23a1e8d9f34eaca15a47da316fcfeac5c869a68474ff2af0e939b519a6d9cedd4cafde7c9a1b36b26af4ecb0f269ad1ea420db7faa6720a315a3f6eb8527de2a3375a63df03365febe2bd008dc057c0a211d278f29e93f58dbbb29bf344ea4e264afe03a19b49062dc5c9e882b1f122505789378ad53679d28412bb6dc0be062276d3f6fd497043f9719a8be48210567c006c63283db44aed6087c84c884a4eb64a92343ace189a7f9ed9ef8b3e28fbb9d9778eb6ea93ed0ddae46480ce170edff804bfaad954fdc5780b91e28ecf745f3d6e8576ec51e0f44ec8b3ca17fa867059a32c29ef63885bfb11a6f8727c10eecc9e602a7b4f7fc383fa76c044883aec42f49f6a0ecae3b1c6bd75439cb3afae65314f75ce6f77cdcdb8df920b8c3763806575ae33bd67c3745eaf0f1ece0f1bdffa3a493af11e791c94b6f522bf21d92e7e06c53bfc7e1e0fbe81add249786ef5ee84f19b7741b34a6d4f4da88d8e0da04e54acba1ff12f3cda4d600115d406351696c9192908764c4211bcb9332fb5700f4be119e28c7de910469109b7c0dd655c3dec0656ec9a0e9e2f8b0339f805a5f39b67f41ace42cc5177018cfb350fa70ba569601ed56cb79ac9a1a94871ce9d0d4f6601b2b26b487d3ca710a03401895543b6d34de94a5c60ea4201cb2bef7b92d6438e444a89a8167df1b9ddfacfcefbf450f2dcc69e05d7f44e9599712b959d96c3bcfed28677e462a1d6417b8c29a531c8a6090ccad1dee1a06c66704c0fd526c30cd1bba63fa7fb7e0b5c6c6dcf37dc9c66a99ab0a4abfcbf6de568a27afc8161480cac2f7b4e613d672f76c55453fb84d2f7798ee751db8bbc552bb28d737db9ec658cf630fd843c4c44ea14980895a4af592e84ca9e64ab0ceeeaaef42ce0488c844fa7b5074138478b1d71b33809f2631423d6ad57d8a90efc6af837d92b41226632df570f1bffd2c3dc19e81ef62a0be99879fdaabd40a2664cab36901d8ba2cb98d957c48814ac8b85467e03dafd6516c2aad580429d2727476ad4e8556c6258472c5bdebb13f7c931ab116062f64c089445620326b2698d5c6567f563226791435a931444715799fcad6adc6530b8e5117380e9501b1d93de74d673c1606fe0c5bdaa955c0314edd60a7ee562236891ccb600eb51bbffef0595d25b946f3b7ed43530db270ca0c7c02019e21eb5b5a21bc9c9e3be0a5fb6b9403c5c95683f5c0390e3dce94c2954335aaf008f8fb873a87a7a1db6d952072ca2e3699d83690c0aca992e761b399afd5c3c7c0c63f769644befc9fd35eee13233853f05baf2875b50d6bcdac6b864198d3c965cb48d60d18c684ccba04a0d18d55442b855d1bfc156969463d669aaec98ed585cd6bed28118d893b5a20738f96e66c494e4a525f42807137c58e413b145f9047358a659dded2fe746bf2ec60bfe0c8861efe171184b51076c96d14efa03f031970c7ad96fe057d28a562419f5452a978385d0fce6aac8c490336906de3ae5b0c5c32b9bc0314070d8da576f778e10fce72c0163619ba1f54c5498c68d1b6dc69a29f8ac9a69c2c7aed3fb834e48148c83f4f7312e357f0bbc54135c719b1f2dfd01debf9803661a9fe61de50a6502ba8e9aec24d177a256aa2d72fcc7c14ee028fb68d1ae75b72a8fce17e5ca68aaada973836e3eb89feb4ec03d5860198550bab2001e39e8c45476b73c356a5a7ab0d298f967756984fde17b096881e363c8edb544cc5ec58376ece05ab952a1a02e809451cc444450d29628c62b0fa6c63f7d93d1102e2c013254aebf26e3085514f4462c7264460c161142a8b740014651344dab02f105f60e581efd1dfa30a41dbd49c813a2b7b4eff736d1b9507348f594f8ac9397cc3b1b51c75aa071a3133b2d281b62c81c100b94d0a3991a88fe73e3232495a8d39ed8b7a5d1e52bf500c0e8f1cb4bf73d8e1749067df830a92489bd4cda18a4bf1ecf16c9e7e1d1480ed08e6ce2946d42a8c22db4d3f3ef895a64ddf72cb8eae26304029a1c88829a1cd34f547a4d06ef50de273085e815d45ac9536f259f2808ac4de5ae86f698ac662ac8fa1e03af2db5ad90901b7f90095b0a409b1ca1d1ff874bc73375fbd581ad014c56b14f86f7f3f992168b58158f1dac92780db608340e4e187509f85e94d5cbea602b3c6104e8dc090d12d8a41faeb1c981b6fdfecc82d7b65b4fb18c94440ea7060d7c5997aa69e4b1c9e9b6d788f0e46c1c592c8b5b7a81fe6fcb27b747ddea4a1e90bbaedfb76445db1be67ab78693c382795fe80356bab396bf9717015063d4a43ce0f9db0b6f88f4cbe92c26a7cd63db2b2c5f10186d6d10633d5b30b80f8e39c0c37d83bf027fd0c62d4f5a037c3377cd2504ebc0effa4830000000000000000"}, 0x854)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
execveat(r1, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)={[&(0x7f0000000040)='/dev/nullb0\x00', &(0x7f0000000080)='^{\\+\\)\x00', &(0x7f00000000c0)='/dev/nullb0\x00', &(0x7f0000000100)='/dev/nullb0\x00', &(0x7f0000000140)='/dev/nullb0\x00', &(0x7f0000000180)='/dev/nullb0\x00']}, &(0x7f0000000240)={[&(0x7f0000000200)='/dev/nullb0\x00']}, 0x1000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-dup-mmap-write$binfmt_elf64-socket$inet6_mptcp-socket$nl_netfilter-execveat-socket$nl_route-setsockopt$SO_BINDTODEVICE
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r1 = dup(r0)
mmap(&(0x7f000007d000/0x3000)=nil, 0x3000, 0x300000a, 0x13, r1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000001040)={{0x7f, 0x45, 0x4c, 0x46, 0x46, 0x9, 0x3, 0x3, 0x7fffffffffffffff, 0x2, 0x3e, 0x4, 0x2da, 0x40, 0x201, 0x4, 0x400, 0x38, 0x2, 0x0, 0x4, 0x7}, [{0x4, 0x10000, 0x401, 0x7, 0x7, 0x3, 0x9}, {0x10000000, 0x20000b8, 0x1, 0x1, 0x8, 0x2, 0x7ff, 0x3}], "dd0f9c81ecba8c5778dbf701e7c47c426712e932fa7b2b99f1d45f4069c23d5abe702d742e569f5190d7c56151c94ff1eb7d7af29f32ef4dbdd0a07def0ef493062eab0e0c103252550ccd237fbffc21e0a48c2e323c7e74ac81e7e3a9248428fd22d02b96d3f072874944c86f8dea01f3c6c7b1c5577be1767f8a8a3c7a54dffc600395e925124c8fd6315a9dcd297ad16f5baa6c0f86382738306b460683b160cf3414d624d293c0a31d72008343b28c9ccac517ff57397035c3e63da529e7950e0265bb77716b875ed48d1279e106ec6aaa36f2c8726fec1bb00f231dc7661fcb7a37b258d8e1dcb8d00d9421d09093cdb05840c6d2362aeccda0e72d23a1e8d9f34eaca15a47da316fcfeac5c869a68474ff2af0e939b519a6d9cedd4cafde7c9a1b36b26af4ecb0f269ad1ea420db7faa6720a315a3f6eb8527de2a3375a63df03365febe2bd008dc057c0a211d278f29e93f58dbbb29bf344ea4e264afe03a19b49062dc5c9e882b1f122505789378ad53679d28412bb6dc0be062276d3f6fd497043f9719a8be48210567c006c63283db44aed6087c84c884a4eb64a92343ace189a7f9ed9ef8b3e28fbb9d9778eb6ea93ed0ddae46480ce170edff804bfaad954fdc5780b91e28ecf745f3d6e8576ec51e0f44ec8b3ca17fa867059a32c29ef63885bfb11a6f8727c10eecc9e602a7b4f7fc383fa76c044883aec42f49f6a0ecae3b1c6bd75439cb3afae65314f75ce6f77cdcdb8df920b8c3763806575ae33bd67c3745eaf0f1ece0f1bdffa3a493af11e791c94b6f522bf21d92e7e06c53bfc7e1e0fbe81add249786ef5ee84f19b7741b34a6d4f4da88d8e0da04e54acba1ff12f3cda4d600115d406351696c9192908764c4211bcb9332fb5700f4be119e28c7de910469109b7c0dd655c3dec0656ec9a0e9e2f8b0339f805a5f39b67f41ace42cc5177018cfb350fa70ba569601ed56cb79ac9a1a94871ce9d0d4f6601b2b26b487d3ca710a03401895543b6d34de94a5c60ea4201cb2bef7b92d6438e444a89a8167df1b9ddfacfcefbf450f2dcc69e05d7f44e9599712b959d96c3bcfed28677e462a1d6417b8c29a531c8a6090ccad1dee1a06c66704c0fd526c30cd1bba63fa7fb7e0b5c6c6dcf37dc9c66a99ab0a4abfcbf6de568a27afc8161480cac2f7b4e613d672f76c55453fb84d2f7798ee751db8bbc552bb28d737db9ec658cf630fd843c4c44ea14980895a4af592e84ca9e64ab0ceeeaaef42ce0488c844fa7b5074138478b1d71b33809f2631423d6ad57d8a90efc6af837d92b41226632df570f1bffd2c3dc19e81ef62a0be99879fdaabd40a2664cab36901d8ba2cb98d957c48814ac8b85467e03dafd6516c2aad580429d2727476ad4e8556c6258472c5bdebb13f7c931ab116062f64c089445620326b2698d5c6567f563226791435a931444715799fcad6adc6530b8e5117380e9501b1d93de74d673c1606fe0c5bdaa955c0314edd60a7ee562236891ccb600eb51bbffef0595d25b946f3b7ed43530db270ca0c7c02019e21eb5b5a21bc9c9e3be0a5fb6b9403c5c95683f5c0390e3dce94c2954335aaf008f8fb873a87a7a1db6d952072ca2e3699d83690c0aca992e761b399afd5c3c7c0c63f769644befc9fd35eee13233853f05baf2875b50d6bcdac6b864198d3c965cb48d60d18c684ccba04a0d18d55442b855d1bfc156969463d669aaec98ed585cd6bed28118d893b5a20738f96e66c494e4a525f42807137c58e413b145f9047358a659dded2fe746bf2ec60bfe0c8861efe171184b51076c96d14efa03f031970c7ad96fe057d28a562419f5452a978385d0fce6aac8c490336906de3ae5b0c5c32b9bc0314070d8da576f778e10fce72c0163619ba1f54c5498c68d1b6dc69a29f8ac9a69c2c7aed3fb834e48148c83f4f7312e357f0bbc54135c719b1f2dfd01debf9803661a9fe61de50a6502ba8e9aec24d177a256aa2d72fcc7c14ee028fb68d1ae75b72a8fce17e5ca68aaada973836e3eb89feb4ec03d5860198550bab2001e39e8c45476b73c356a5a7ab0d298f967756984fde17b096881e363c8edb544cc5ec58376ece05ab952a1a02e809451cc444450d29628c62b0fa6c63f7d93d1102e2c013254aebf26e3085514f4462c7264460c161142a8b740014651344dab02f105f60e581efd1dfa30a41dbd49c813a2b7b4eff736d1b9507348f594f8ac9397cc3b1b51c75aa071a3133b2d281b62c81c100b94d0a3991a88fe73e3232495a8d39ed8b7a5d1e52bf500c0e8f1cb4bf73d8e1749067df830a92489bd4cda18a4bf1ecf16c9e7e1d1480ed08e6ce2946d42a8c22db4d3f3ef895a64ddf72cb8eae26304029a1c88829a1cd34f547a4d06ef50de273085e815d45ac9536f259f2808ac4de5ae86f698ac662ac8fa1e03af2db5ad90901b7f90095b0a409b1ca1d1ff874bc73375fbd581ad014c56b14f86f7f3f992168b58158f1dac92780db608340e4e187509f85e94d5cbea602b3c6104e8dc090d12d8a41faeb1c981b6fdfecc82d7b65b4fb18c94440ea7060d7c5997aa69e4b1c9e9b6d788f0e46c1c592c8b5b7a81fe6fcb27b747ddea4a1e90bbaedfb76445db1be67ab78693c382795fe80356bab396bf9717015063d4a43ce0f9db0b6f88f4cbe92c26a7cd63db2b2c5f10186d6d10633d5b30b80f8e39c0c37d83bf027fd0c62d4f5a037c3377cd2504ebc0effa4830000000000000000"}, 0x854)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
execveat(r1, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)={[&(0x7f0000000040)='/dev/nullb0\x00', &(0x7f0000000080)='^{\\+\\)\x00', &(0x7f00000000c0)='/dev/nullb0\x00', &(0x7f0000000100)='/dev/nullb0\x00', &(0x7f0000000140)='/dev/nullb0\x00', &(0x7f0000000180)='/dev/nullb0\x00']}, &(0x7f0000000240)={[&(0x7f0000000200)='/dev/nullb0\x00']}, 0x1000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_rfcomm-syz_ublk_setup_io_uring-syz_io_uring_submit-syz_ublk_add_dev-openat$nullb-openat$nullb-fallocate-setsockopt$bt_rfcomm_RFCOMM_LM
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000800)={0x0, 0xfffffffe, 0x80, 0x2, 0x396}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r2, r3, r4, &(0x7f0000000980)=@IORING_OP_FILES_UPDATE={0x14, 0x44, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1})
syz_ublk_add_dev(r1, r2, r3, r4, &(0x7f0000000480)={0x2e, 0x66, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000200)=@any_dev={0x4, 0x1d73, 0x0, 0x0, 0x1000, 0x68ba, 0x0, 0x0, 0x10}}}, &(0x7f0000000440))
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x10b502, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x8a82, 0x0)
fallocate(r5, 0x11, 0x600, 0x1800000007c000)
setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000240)=0x95477e3e1f60a97f, 0x4)

program crashed: INFO: task hung in blkdev_fallocate
single: successfully extracted reproducer
found reproducer with 8 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_rfcomm-syz_ublk_setup_io_uring-syz_io_uring_submit-syz_ublk_add_dev-openat$nullb-openat$nullb-fallocate
detailed listing:
executing program 0:
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r0 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000800)={0x0, 0xfffffffe, 0x80, 0x2, 0x396}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r1, r2, r3, &(0x7f0000000980)=@IORING_OP_FILES_UPDATE={0x14, 0x44, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1})
syz_ublk_add_dev(r0, r1, r2, r3, &(0x7f0000000480)={0x2e, 0x66, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000200)=@any_dev={0x4, 0x1d73, 0x0, 0x0, 0x1000, 0x68ba, 0x0, 0x0, 0x10}}}, &(0x7f0000000440))
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x10b502, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x8a82, 0x0)
fallocate(r4, 0x11, 0x600, 0x1800000007c000)

program crashed: INFO: task hung in blkdev_fallocate
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_rfcomm-syz_ublk_setup_io_uring-syz_io_uring_submit-syz_ublk_add_dev-openat$nullb-openat$nullb
detailed listing:
executing program 0:
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r0 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000800)={0x0, 0xfffffffe, 0x80, 0x2, 0x396}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r1, r2, r3, &(0x7f0000000980)=@IORING_OP_FILES_UPDATE={0x14, 0x44, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1})
syz_ublk_add_dev(r0, r1, r2, r3, &(0x7f0000000480)={0x2e, 0x66, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000200)=@any_dev={0x4, 0x1d73, 0x0, 0x0, 0x1000, 0x68ba, 0x0, 0x0, 0x10}}}, &(0x7f0000000440))
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x10b502, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x8a82, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_rfcomm-syz_ublk_setup_io_uring-syz_io_uring_submit-syz_ublk_add_dev-openat$nullb-fallocate
detailed listing:
executing program 0:
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r0 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000800)={0x0, 0xfffffffe, 0x80, 0x2, 0x396}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r1, r2, r3, &(0x7f0000000980)=@IORING_OP_FILES_UPDATE={0x14, 0x44, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1})
syz_ublk_add_dev(r0, r1, r2, r3, &(0x7f0000000480)={0x2e, 0x66, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000200)=@any_dev={0x4, 0x1d73, 0x0, 0x0, 0x1000, 0x68ba, 0x0, 0x0, 0x10}}}, &(0x7f0000000440))
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x10b502, 0x0)
fallocate(r4, 0x11, 0x600, 0x1800000007c000)

program crashed: INFO: task hung in blkdev_fallocate
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_rfcomm-syz_ublk_setup_io_uring-syz_io_uring_submit-syz_ublk_add_dev-fallocate
detailed listing:
executing program 0:
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r0 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000800)={0x0, 0xfffffffe, 0x80, 0x2, 0x396}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r1, r2, r3, &(0x7f0000000980)=@IORING_OP_FILES_UPDATE={0x14, 0x44, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1})
syz_ublk_add_dev(r0, r1, r2, r3, &(0x7f0000000480)={0x2e, 0x66, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000200)=@any_dev={0x4, 0x1d73, 0x0, 0x0, 0x1000, 0x68ba, 0x0, 0x0, 0x10}}}, &(0x7f0000000440))
fallocate(0xffffffffffffffff, 0x11, 0x600, 0x1800000007c000)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_rfcomm-syz_ublk_setup_io_uring-syz_io_uring_submit-openat$nullb-fallocate
detailed listing:
executing program 0:
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
syz_ublk_setup_io_uring(0x20, &(0x7f0000000800)={0x0, 0xfffffffe, 0x80, 0x2, 0x396}, &(0x7f0000000000)=<r0=>0x0, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r0, r1, r2, &(0x7f0000000980)=@IORING_OP_FILES_UPDATE={0x14, 0x44, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1})
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x10b502, 0x0)
fallocate(r3, 0x11, 0x600, 0x1800000007c000)

program crashed: INFO: task hung in blkdev_fallocate
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_rfcomm-syz_ublk_setup_io_uring-openat$nullb-fallocate
detailed listing:
executing program 0:
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
syz_ublk_setup_io_uring(0x20, &(0x7f0000000800)={0x0, 0xfffffffe, 0x80, 0x2, 0x396}, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000140))
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x10b502, 0x0)
fallocate(r0, 0x11, 0x600, 0x1800000007c000)

program crashed: INFO: task hung in blkdev_fallocate
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_rfcomm-openat$nullb-fallocate
detailed listing:
executing program 0:
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x10b502, 0x0)
fallocate(r0, 0x11, 0x600, 0x1800000007c000)

program crashed: INFO: task hung in blkdev_fallocate
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x10b502, 0x0)
fallocate(r0, 0x11, 0x600, 0x1800000007c000)

program crashed: INFO: task hung in blkdev_fallocate
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x10b502, 0x0)
fallocate(r0, 0x11, 0x600, 0x1800000007c000)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate
program crashed: INFO: task hung in corrupted
a never seen crash title: INFO: task hung in corrupted, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x10b502, 0x0)
fallocate(r0, 0x11, 0x600, 0x1800000007c000)

program crashed: INFO: task hung in blkdev_fallocate
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate
program crashed: INFO: task hung in blkdev_fallocate
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate
program crashed: INFO: task hung in blkdev_fallocate
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate
program crashed: INFO: task hung in blkdev_fallocate
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate
program crashed: INFO: task hung in blkdev_fallocate
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate
program crashed: INFO: task hung in blkdev_fallocate
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate
program crashed: INFO: task hung in blkdev_fallocate
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x10b502, 0x0)
fallocate(r0, 0x11, 0x600, 0x1800000007c000)

program crashed: INFO: task hung in blkdev_fallocate
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x10b502, 0x0)
fallocate(r0, 0x11, 0x600, 0x1800000007c000)

program crashed: INFO: task hung in blkdev_fallocate
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x10b502, 0x0)
fallocate(r0, 0x11, 0x600, 0x1800000007c000)

program crashed: INFO: task hung in blkdev_fallocate
validation run: crashed=true
reproducing took 2h34m22.722436355s
repro crashed as (corrupted=false):
INFO: task syz.0.17:5989 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.17        state:D stack:27352 pid:5989  tgid:5989  ppid:5769   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5504 [inline]
 __schedule+0x172b/0x5550 kernel/sched/core.c:7228
 __schedule_loop kernel/sched/core.c:7307 [inline]
 rt_mutex_schedule+0x76/0xf0 kernel/sched/core.c:7603
 rt_mutex_slowlock_block kernel/locking/rtmutex.c:1669 [inline]
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1746 [inline]
 __rt_mutex_slowlock_locked+0x1f3a/0x2560 kernel/locking/rtmutex.c:1786
 rt_mutex_slowlock+0xbd/0x170 kernel/locking/rtmutex.c:1826
 __rt_mutex_lock kernel/locking/rtmutex.c:1841 [inline]
 rwbase_write_lock+0x14d/0x730 kernel/locking/rwbase_rt.c:245
 inode_lock include/linux/fs.h:1024 [inline]
 blkdev_fallocate+0x263/0x550 block/fops.c:882
 vfs_fallocate+0x672/0x7f0 fs/open.c:338
 __x64_sy[  348.170353][   T39]  ksys_fallocate fs/open.c:362 [inline]
 __x64_sy[  348.170353][   T39]  __do_sys_fallocate fs/open.c:367 [inline]
 __x64_sy[  348.170353][   T39]  __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sy[  348.170353][   T39]  __x64_sys_fallocate+0xc0/0x110 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb6b5d7ce59
RSP: 002b:00007fff9a766fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007fb6b5ff5fa0 RCX: 00007fb6b5d7ce59
RDX: 0000000000000600 RSI: 0000000000000011 RDI: 0000000000000003
RBP: 00007fb6b5e12d6f R08: 0000000000000000 R09: 0000000000000000
R10: 001800000007c000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fb6b5ff5fac R14: 00007fb6b5ff5fa0 R15: 00007fb6b5ff5fa0
 </TASK>
INFO: task syz.2.19:5991 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.19        state:D stack:27352 pid:5991  tgid:5991  ppid:5774   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5504 [inline]
 __schedule+0x172b/0x5550 kernel/sched/core.c:7228
 __schedule_loop kernel/sched/core.c:7307 [inline]
 rt_mutex_schedule+0x76/0xf0 kernel/sched/core.c:7603
 rt_mutex_slowlock_block kernel/locking/rtmutex.c:1669 [inline]
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1746 [inline]
 __rt_mutex_slowlock_locked+0x1f3a/0x2560 kernel/locking/rtmutex.c:1786
 rt_mutex_slowlock+0xbd/0x170 kernel/locking/rtmutex.c:1826
 __rt_mutex_lock kernel/locking/rtmutex.c:1841 [inline]
 rwbase_write_lock+0x14d/0x730 kernel/locking/rwbase_rt.c:245
 inode_lock include/linux/fs.h:1024 [inline]
 blkdev_fallocate+0x263/0x550 block/fops.c:882
 vfs_fallocate+0x672/0x7f0 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0xc0/0x110 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0eb16bce59
RSP: 002b:00007ffcc9d5e948 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f0eb1935fa0 RCX: 00007f0eb16bce59
RDX: 0000000000000600 RSI: 0000000000000011 RDI: 0000000000000003
RBP: 00007f0eb1752d6f R08: 0000000000000000 R09: 0000000000000000
R10: 001800000007c000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0eb1935fac R14: 00007f0eb1935fa0 R15: 00007f0eb1935fa0
 </TASK>
INFO: task syz.3.20:5992 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.20        state:D stack:26136 pid:5992  tgid:5992  ppid:5775   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5504 [inline]
 __schedule+0x172b/0x5550 kernel/sched/core.c:7228
 __schedule_loop kernel/sched/core.c:7307 [inline]
 rt_mutex_schedule+0x76/0xf0 kernel/sched/core.c:7603
 rt_mutex_slowlock_block kernel/locking/rtmutex.c:1669 [inline]
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1746 [inline]
 __rt_mutex_slowlock_locked+0x1f3a/0x2560 kernel/locking/rtmutex.c:1786
 rt_mutex_slowlock+0xbd/0x170 kernel/locking/rtmutex.c:1826
 __rt_mutex_lock kernel/locking/rtmutex.c:1841 [inline]
 rwbase_write_lock+0x14d/0x730 kernel/locking/rwbase_rt.c:245
 inode_lock include/linux/fs.h:1024 [inline]
 blkdev_fallocate+0x263/0x550 block/fops.c:882
 vfs_fallocate+0x672/0x7f0 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0xc0/0x110 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f927404ce59
RSP: 002b:00007ffe8edce188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f92742c5fa0 RCX: 00007f927404ce59
RDX: 0000000000000600 RSI: 0000000000000011 RDI: 0000000000000003
RBP: 00007f92740e2d6f R08: 0000000000000000 R09: 0000000000000000
R10: 001800000007c000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f92742c5fac R14: 00007f92742c5fa0 R15: 00007f92742c5fa0
 </TASK>

Showing all locks held in the system:
6 locks held by kworker/1:0/32:
 #0: ffff88813fe56538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3301
 #1: ffffc90000a6fc40 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3302
 #2: ffffffff8e261520 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #4: ffffffff8f8e0778 (&tbl->lock){+...}-{3:3}, at: spin_lock_bh include/linux/spinlock_rt.h:90 [inline]
 #4: ffffffff8f8e0778 (&tbl->lock){+...}-{3:3}, at: neigh_periodic_work+0xc64/0xe90 net/core/neighbour.c:1037
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
1 lock held by khungtaskd/39:
 #0: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
 #0: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6777
4 locks held by kworker/0:2/822:
 #0: ffff88813fe56538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3301
 #1: ffffc90005537c40 ((gc_work).work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3302
 #2: ffffffff8eeef1f8 ("ratelimiter_table_lock"){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #2: ffffffff8eeef1f8 ("ratelimiter_table_lock"){+.+.}-{3:3}, at: wg_ratelimiter_gc_entries+0x5d/0x480 drivers/net/wireguard/ratelimiter.c:63
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
2 locks held by kworker/u8:13/2990:
 #0: ffff88801ae94138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3301
 #1: ffffc9000dc0fc40 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3302
8 locks held by kworker/u8:16/3495:
 #0: ffff888031df5938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3301
 #1: ffffc9000e9efc40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3302
 #2: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x124/0x1680 net/ipv6/addrconf.c:4221
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: ndisc_send_skb+0x215/0x1670 net/ipv6/ndisc.c:482
 #4: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #4: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
 #4: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: ip6_output+0x126/0x550 net/ipv6/ip6_output.c:234
 #5: ffffffff8e261520 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #6: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #7: ffffffff8f8e0778 (&tbl->lock){+...}-{3:3}, at: spin_lock_bh include/linux/spinlock_rt.h:90 [inline]
 #7: ffffffff8f8e0778 (&tbl->lock){+...}-{3:3}, at: ___neigh_create+0xf0b/0x2360 net/core/neighbour.c:686
2 locks held by getty/5367:
 #0: ffff888036d2b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x465/0x1490 drivers/tty/n_tty.c:2211
2 locks held by syz.1.18/5976:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
 #1: ffff8880232032d8 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock include/linux/fs.h:1079 [inline]
 #1: ffff8880232032d8 (mapping.invalidate_lock){++++}-{4:4}, at: blkdev_fallocate+0x294/0x550 block/fops.c:883
1 lock held by syz.0.17/5989:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.2.19/5991:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.3.20/5992:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.4.21/6134:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.5.22/6158:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.7.24/6159:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.6.23/6160:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.8.25/6277:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.9.26/6300:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.1.27/6322:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.0.28/6324:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.2.29/6408:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.3.30/6444:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.4.31/6503:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.5.32/6504:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.6.33/6546:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
6 locks held by syz-executor/6615:
 #0: ffffffff8f821ac0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1217
 #1: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: nl80211_pre_doit+0x5f/0x8d0 net/wireless/nl80211.c:19287
 #2: ffff88806c5c08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: wiphy_lock include/net/cfg80211.h:6868 [inline]
 #2: ffff88806c5c08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: nl80211_pre_doit+0x3f0/0x8d0 net/wireless/nl80211.c:19360
 #3: ffff88805e7ce960 (&sb->s_type->i_mutex_key#4/1){+.+.}-{4:4}, at: inode_lock_nested include/linux/fs.h:1069 [inline]
 #3: ffff88805e7ce960 (&sb->s_type->i_mutex_key#4/1){+.+.}-{4:4}, at: __start_dirop fs/namei.c:2918 [inline]
 #3: ffff88805e7ce960 (&sb->s_type->i_mutex_key#4/1){+.+.}-{4:4}, at: start_dirop+0x4f/0x90 fs/namei.c:2942
 #4: ffff88805e7fd858 (&sb->s_type->i_lock_key#9){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #4: ffff88805e7fd858 (&sb->s_type->i_lock_key#9){+.+.}-{3:3}, at: d_make_persistent+0x74/0x180 fs/dcache.c:2971
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
1 lock held by syz.7.34/6616:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.8.35/6686:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz-executor/6695:
 #0: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 net/core/rtnetlink.c:4150
1 lock held by syz.9.36/6705:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:122
 nmi_trigger_cpumask_backtrace+0x17a/0x380 lib/nmi_backtrace.c:65
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
 watchdog+0xfd3/0x1030 kernel/hung_task.c:561
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 17 Comm: pr/legacy Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:io_serial_in+0x77/0xc0 drivers/tty/serial/8250/8250_port.c:401
Code: e8 6e 25 78 fc 44 89 f9 d3 e3 49 83 ee 80 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 2f fd e3 fc 41 03 1e 89 da ec <0f> b6 c0 5b 41 5c 41 5e 41 5f c3 cc cc cc cc cc 44 89 f9 80 e1 07
RSP: 0018:ffffc900001679f0 EFLAGS: 00000202
RAX: 1ffffffff3404100 RBX: 00000000000003fd RCX: 0000000000000000
RDX: 00000000000003fd RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffffff9a020f90 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: ffffffff854da5e0 R12: dffffc0000000000
R13: 0000000000000000 R14: ffffffff9a020d00 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125a6b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5a74627048 CR3: 000000006945a000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 serial_in drivers/tty/serial/8250/8250.h:128 [inline]
 serial_lsr_in drivers/tty/serial/8250/8250.h:150 [inline]
 wait_for_lsr+0x1aa/0x2f0 drivers/tty/serial/8250/8250_port.c:1982
 serial8250_fifo_wait_for_lsr_thre drivers/tty/serial/8250/8250_port.c:3229 [inline]
 serial8250_console_fifo_write drivers/tty/serial/8250/8250_port.c:3294 [inline]
 serial8250_console_write+0x114b/0x1b50 drivers/tty/serial/8250/8250_port.c:3379
 console_emit_next_record kernel/printk/printk.c:3163 [inline]
 console_flush_one_record+0x68b/0xb90 kernel/printk/printk.c:3269
 legacy_kthread_func+0x1b6/0x250 kernel/printk/printk.c:3712
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

final repro crashed as (corrupted=false):
INFO: task syz.0.17:5989 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.17        state:D stack:27352 pid:5989  tgid:5989  ppid:5769   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5504 [inline]
 __schedule+0x172b/0x5550 kernel/sched/core.c:7228
 __schedule_loop kernel/sched/core.c:7307 [inline]
 rt_mutex_schedule+0x76/0xf0 kernel/sched/core.c:7603
 rt_mutex_slowlock_block kernel/locking/rtmutex.c:1669 [inline]
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1746 [inline]
 __rt_mutex_slowlock_locked+0x1f3a/0x2560 kernel/locking/rtmutex.c:1786
 rt_mutex_slowlock+0xbd/0x170 kernel/locking/rtmutex.c:1826
 __rt_mutex_lock kernel/locking/rtmutex.c:1841 [inline]
 rwbase_write_lock+0x14d/0x730 kernel/locking/rwbase_rt.c:245
 inode_lock include/linux/fs.h:1024 [inline]
 blkdev_fallocate+0x263/0x550 block/fops.c:882
 vfs_fallocate+0x672/0x7f0 fs/open.c:338
 __x64_sy[  348.170353][   T39]  ksys_fallocate fs/open.c:362 [inline]
 __x64_sy[  348.170353][   T39]  __do_sys_fallocate fs/open.c:367 [inline]
 __x64_sy[  348.170353][   T39]  __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sy[  348.170353][   T39]  __x64_sys_fallocate+0xc0/0x110 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb6b5d7ce59
RSP: 002b:00007fff9a766fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007fb6b5ff5fa0 RCX: 00007fb6b5d7ce59
RDX: 0000000000000600 RSI: 0000000000000011 RDI: 0000000000000003
RBP: 00007fb6b5e12d6f R08: 0000000000000000 R09: 0000000000000000
R10: 001800000007c000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fb6b5ff5fac R14: 00007fb6b5ff5fa0 R15: 00007fb6b5ff5fa0
 </TASK>
INFO: task syz.2.19:5991 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.19        state:D stack:27352 pid:5991  tgid:5991  ppid:5774   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5504 [inline]
 __schedule+0x172b/0x5550 kernel/sched/core.c:7228
 __schedule_loop kernel/sched/core.c:7307 [inline]
 rt_mutex_schedule+0x76/0xf0 kernel/sched/core.c:7603
 rt_mutex_slowlock_block kernel/locking/rtmutex.c:1669 [inline]
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1746 [inline]
 __rt_mutex_slowlock_locked+0x1f3a/0x2560 kernel/locking/rtmutex.c:1786
 rt_mutex_slowlock+0xbd/0x170 kernel/locking/rtmutex.c:1826
 __rt_mutex_lock kernel/locking/rtmutex.c:1841 [inline]
 rwbase_write_lock+0x14d/0x730 kernel/locking/rwbase_rt.c:245
 inode_lock include/linux/fs.h:1024 [inline]
 blkdev_fallocate+0x263/0x550 block/fops.c:882
 vfs_fallocate+0x672/0x7f0 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0xc0/0x110 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0eb16bce59
RSP: 002b:00007ffcc9d5e948 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f0eb1935fa0 RCX: 00007f0eb16bce59
RDX: 0000000000000600 RSI: 0000000000000011 RDI: 0000000000000003
RBP: 00007f0eb1752d6f R08: 0000000000000000 R09: 0000000000000000
R10: 001800000007c000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0eb1935fac R14: 00007f0eb1935fa0 R15: 00007f0eb1935fa0
 </TASK>
INFO: task syz.3.20:5992 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.20        state:D stack:26136 pid:5992  tgid:5992  ppid:5775   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5504 [inline]
 __schedule+0x172b/0x5550 kernel/sched/core.c:7228
 __schedule_loop kernel/sched/core.c:7307 [inline]
 rt_mutex_schedule+0x76/0xf0 kernel/sched/core.c:7603
 rt_mutex_slowlock_block kernel/locking/rtmutex.c:1669 [inline]
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1746 [inline]
 __rt_mutex_slowlock_locked+0x1f3a/0x2560 kernel/locking/rtmutex.c:1786
 rt_mutex_slowlock+0xbd/0x170 kernel/locking/rtmutex.c:1826
 __rt_mutex_lock kernel/locking/rtmutex.c:1841 [inline]
 rwbase_write_lock+0x14d/0x730 kernel/locking/rwbase_rt.c:245
 inode_lock include/linux/fs.h:1024 [inline]
 blkdev_fallocate+0x263/0x550 block/fops.c:882
 vfs_fallocate+0x672/0x7f0 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0xc0/0x110 fs/open.c:365
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f927404ce59
RSP: 002b:00007ffe8edce188 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f92742c5fa0 RCX: 00007f927404ce59
RDX: 0000000000000600 RSI: 0000000000000011 RDI: 0000000000000003
RBP: 00007f92740e2d6f R08: 0000000000000000 R09: 0000000000000000
R10: 001800000007c000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f92742c5fac R14: 00007f92742c5fa0 R15: 00007f92742c5fa0
 </TASK>

Showing all locks held in the system:
6 locks held by kworker/1:0/32:
 #0: ffff88813fe56538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3301
 #1: ffffc90000a6fc40 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3302
 #2: ffffffff8e261520 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #4: ffffffff8f8e0778 (&tbl->lock){+...}-{3:3}, at: spin_lock_bh include/linux/spinlock_rt.h:90 [inline]
 #4: ffffffff8f8e0778 (&tbl->lock){+...}-{3:3}, at: neigh_periodic_work+0xc64/0xe90 net/core/neighbour.c:1037
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
1 lock held by khungtaskd/39:
 #0: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
 #0: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6777
4 locks held by kworker/0:2/822:
 #0: ffff88813fe56538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3301
 #1: ffffc90005537c40 ((gc_work).work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3302
 #2: ffffffff8eeef1f8 ("ratelimiter_table_lock"){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #2: ffffffff8eeef1f8 ("ratelimiter_table_lock"){+.+.}-{3:3}, at: wg_ratelimiter_gc_entries+0x5d/0x480 drivers/net/wireguard/ratelimiter.c:63
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
2 locks held by kworker/u8:13/2990:
 #0: ffff88801ae94138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3301
 #1: ffffc9000dc0fc40 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3302
8 locks held by kworker/u8:16/3495:
 #0: ffff888031df5938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 kernel/workqueue.c:3301
 #1: ffffc9000e9efc40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 kernel/workqueue.c:3302
 #2: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x124/0x1680 net/ipv6/addrconf.c:4221
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
 #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: ndisc_send_skb+0x215/0x1670 net/ipv6/ndisc.c:482
 #4: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #4: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
 #4: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: ip6_output+0x126/0x550 net/ipv6/ip6_output.c:234
 #5: ffffffff8e261520 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #6: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #7: ffffffff8f8e0778 (&tbl->lock){+...}-{3:3}, at: spin_lock_bh include/linux/spinlock_rt.h:90 [inline]
 #7: ffffffff8f8e0778 (&tbl->lock){+...}-{3:3}, at: ___neigh_create+0xf0b/0x2360 net/core/neighbour.c:686
2 locks held by getty/5367:
 #0: ffff888036d2b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x465/0x1490 drivers/tty/n_tty.c:2211
2 locks held by syz.1.18/5976:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
 #1: ffff8880232032d8 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock include/linux/fs.h:1079 [inline]
 #1: ffff8880232032d8 (mapping.invalidate_lock){++++}-{4:4}, at: blkdev_fallocate+0x294/0x550 block/fops.c:883
1 lock held by syz.0.17/5989:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.2.19/5991:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.3.20/5992:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.4.21/6134:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.5.22/6158:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.7.24/6159:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.6.23/6160:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.8.25/6277:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.9.26/6300:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.1.27/6322:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.0.28/6324:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.2.29/6408:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.3.30/6444:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.4.31/6503:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.5.32/6504:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.6.33/6546:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
6 locks held by syz-executor/6615:
 #0: ffffffff8f821ac0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1217
 #1: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: nl80211_pre_doit+0x5f/0x8d0 net/wireless/nl80211.c:19287
 #2: ffff88806c5c08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: wiphy_lock include/net/cfg80211.h:6868 [inline]
 #2: ffff88806c5c08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: nl80211_pre_doit+0x3f0/0x8d0 net/wireless/nl80211.c:19360
 #3: ffff88805e7ce960 (&sb->s_type->i_mutex_key#4/1){+.+.}-{4:4}, at: inode_lock_nested include/linux/fs.h:1069 [inline]
 #3: ffff88805e7ce960 (&sb->s_type->i_mutex_key#4/1){+.+.}-{4:4}, at: __start_dirop fs/namei.c:2918 [inline]
 #3: ffff88805e7ce960 (&sb->s_type->i_mutex_key#4/1){+.+.}-{4:4}, at: start_dirop+0x4f/0x90 fs/namei.c:2942
 #4: ffff88805e7fd858 (&sb->s_type->i_lock_key#9){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #4: ffff88805e7fd858 (&sb->s_type->i_lock_key#9){+.+.}-{3:3}, at: d_make_persistent+0x74/0x180 fs/dcache.c:2971
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:840 [inline]
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #5: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 kernel/locking/spinlock_rt.c:57
1 lock held by syz.7.34/6616:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz.8.35/6686:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882
1 lock held by syz-executor/6695:
 #0: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 net/core/rtnetlink.c:4150
1 lock held by syz.9.36/6705:
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: inode_lock include/linux/fs.h:1024 [inline]
 #0: ffff888023203108 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_fallocate+0x263/0x550 block/fops.c:882

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:122
 nmi_trigger_cpumask_backtrace+0x17a/0x380 lib/nmi_backtrace.c:65
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
 watchdog+0xfd3/0x1030 kernel/hung_task.c:561
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 17 Comm: pr/legacy Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:io_serial_in+0x77/0xc0 drivers/tty/serial/8250/8250_port.c:401
Code: e8 6e 25 78 fc 44 89 f9 d3 e3 49 83 ee 80 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 2f fd e3 fc 41 03 1e 89 da ec <0f> b6 c0 5b 41 5c 41 5e 41 5f c3 cc cc cc cc cc 44 89 f9 80 e1 07
RSP: 0018:ffffc900001679f0 EFLAGS: 00000202
RAX: 1ffffffff3404100 RBX: 00000000000003fd RCX: 0000000000000000
RDX: 00000000000003fd RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffffff9a020f90 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: ffffffff854da5e0 R12: dffffc0000000000
R13: 0000000000000000 R14: ffffffff9a020d00 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125a6b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5a74627048 CR3: 000000006945a000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 serial_in drivers/tty/serial/8250/8250.h:128 [inline]
 serial_lsr_in drivers/tty/serial/8250/8250.h:150 [inline]
 wait_for_lsr+0x1aa/0x2f0 drivers/tty/serial/8250/8250_port.c:1982
 serial8250_fifo_wait_for_lsr_thre drivers/tty/serial/8250/8250_port.c:3229 [inline]
 serial8250_console_fifo_write drivers/tty/serial/8250/8250_port.c:3294 [inline]
 serial8250_console_write+0x114b/0x1b50 drivers/tty/serial/8250/8250_port.c:3379
 console_emit_next_record kernel/printk/printk.c:3163 [inline]
 console_flush_one_record+0x68b/0xb90 kernel/printk/printk.c:3269
 legacy_kthread_func+0x1b6/0x250 kernel/printk/printk.c:3712
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>