Extracting prog: 26m9.012369452s
Minimizing prog: 1h50m13.863026147s
Simplifying prog options: 19m59.453119594s
Extracting C: 5m13.097636538s
Simplifying C: 0s
extracting reproducer from 25 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$auto_SECCOMP_SET_MODE_FILTER
detailed listing:
executing program 0:
seccomp$auto_SECCOMP_SET_MODE_FILTER(0x1, 0xc, &(0x7f0000002940)="a6045e9bcc07263b55ee55bafb0ba02080f93184fcdf646a803192b35f7c0d35c4abb9e82945ef458e9c5973be6ac15c20ea04240d1bd929593061ef840d539a2ee2ed0a4079e43733c05357c0f1e6a48e17e6ef893f8a250815aa63de6c8edd2fa3347ccc6f0d349d4d82186ea976e05291e23139b61df112d2274bef78f6460ff91cf79ca6da309fe3208ce87b89e28ec36b5a43e4ff2593df80e8c16203ac9d683c670d5b745fe3a0aa36892ad8713139d9d74dd5")
program did not crash
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_proc_single_file_operations_base-readv$auto-mmap$auto-socket$nl_generic-ioctl$sock_SIOCGIFINDEX-close_range$auto-socket-socket$nl_generic-socket-socket-connect$auto-writev$auto-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_proc_oom_adj_operations_base-read$auto-writev$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000)
openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/oom_score\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0\x00'})
close_range$auto(0x0, 0xffffffffffffffff, 0x2)
socket(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x801, 0x84)
r1 = socket(0x18, 0x5, 0x1)
connect$auto(r1, &(0x7f0000000000)=@in={0x2, 0x100}, 0x3a)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/bus/netdevsim/new_device\x00', 0x149b01, 0x0)
r3 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0)
read$auto(r3, 0x0, 0x1f40)
writev$auto(r2, &(0x7f0000000200)={0x0, 0x9}, 0x7)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_vhci_fops_hci_vhci-openat$auto_nsim_dev_health_break_fops_health-openat$auto_v4l2_fops_v4l2_dev-mmap$auto-syz_genetlink_get_family_id$auto_smc_gen_netlink-sendmsg$auto_SMC_NETLINK_ENABLE_SEID-openat$auto_kernfs_file_fops_kernfs_internal-read$auto_kernfs_file_fops_kernfs_internal-ioctl$auto-write$auto-sync_file_range$auto-setsockopt$auto-socketcall$auto_SYS_SOCKET
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x5, 0x0)
r1 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x42c00, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r3 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000080), r0)
sendmsg$auto_SMC_NETLINK_ENABLE_SEID(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x78, r3, 0x1, 0x70bd2c, 0x25dfdbff, {}, "038540f2de1aa1df762ab3d0ea17cf67ddf6bde4319891fb841f61172c8f7f1776943f2aa8ca187afaa402f40e4ca746538265a2681e05950622a6b52bb47ee7b30486ac30a9fb633c3e45b8309ae5765c7183c0319646fc1ffefffbb03fd8baf525"}, 0x78}, 0x1, 0x0, 0x0, 0x4000881}, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-256kB/stats/shmem_fallback_charge\x00', 0x101100, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000640)=""/177, 0xb1)
ioctl$auto(0x3, 0xc0205649, 0x38)
write$auto(r2, 0x0, 0x1ff)
sync_file_range$auto(r1, 0x8001, 0x6, 0x2)
setsockopt$auto(r0, 0x10000008, 0xfffffffe, 0x0, 0x6)
socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000200)=0xee)
program crashed: INFO: task hung in remove_one
single: successfully extracted reproducer
found reproducer with 15 syscalls
minimizing guilty program
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_vhci_fops_hci_vhci-openat$auto_nsim_dev_health_break_fops_health-openat$auto_v4l2_fops_v4l2_dev-mmap$auto-syz_genetlink_get_family_id$auto_smc_gen_netlink-sendmsg$auto_SMC_NETLINK_ENABLE_SEID-openat$auto_kernfs_file_fops_kernfs_internal-read$auto_kernfs_file_fops_kernfs_internal-ioctl$auto-write$auto-sync_file_range$auto-setsockopt$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x5, 0x0)
r1 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x42c00, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r3 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000080), r0)
sendmsg$auto_SMC_NETLINK_ENABLE_SEID(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x78, r3, 0x1, 0x70bd2c, 0x25dfdbff, {}, "038540f2de1aa1df762ab3d0ea17cf67ddf6bde4319891fb841f61172c8f7f1776943f2aa8ca187afaa402f40e4ca746538265a2681e05950622a6b52bb47ee7b30486ac30a9fb633c3e45b8309ae5765c7183c0319646fc1ffefffbb03fd8baf525"}, 0x78}, 0x1, 0x0, 0x0, 0x4000881}, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-256kB/stats/shmem_fallback_charge\x00', 0x101100, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000640)=""/177, 0xb1)
ioctl$auto(0x3, 0xc0205649, 0x38)
write$auto(r2, 0x0, 0x1ff)
sync_file_range$auto(r1, 0x8001, 0x6, 0x2)
setsockopt$auto(r0, 0x10000008, 0xfffffffe, 0x0, 0x6)
program crashed: INFO: task hung in remove_one
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_vhci_fops_hci_vhci-openat$auto_nsim_dev_health_break_fops_health-openat$auto_v4l2_fops_v4l2_dev-mmap$auto-syz_genetlink_get_family_id$auto_smc_gen_netlink-sendmsg$auto_SMC_NETLINK_ENABLE_SEID-openat$auto_kernfs_file_fops_kernfs_internal-read$auto_kernfs_file_fops_kernfs_internal-ioctl$auto-write$auto-sync_file_range$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x5, 0x0)
r1 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x42c00, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r3 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000080), r0)
sendmsg$auto_SMC_NETLINK_ENABLE_SEID(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x78, r3, 0x1, 0x70bd2c, 0x25dfdbff, {}, "038540f2de1aa1df762ab3d0ea17cf67ddf6bde4319891fb841f61172c8f7f1776943f2aa8ca187afaa402f40e4ca746538265a2681e05950622a6b52bb47ee7b30486ac30a9fb633c3e45b8309ae5765c7183c0319646fc1ffefffbb03fd8baf525"}, 0x78}, 0x1, 0x0, 0x0, 0x4000881}, 0x0)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-256kB/stats/shmem_fallback_charge\x00', 0x101100, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000640)=""/177, 0xb1)
ioctl$auto(0x3, 0xc0205649, 0x38)
write$auto(r2, 0x0, 0x1ff)
sync_file_range$auto(r1, 0x8001, 0x6, 0x2)
program crashed: INFO: task hung in remove_one
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_vhci_fops_hci_vhci-openat$auto_nsim_dev_health_break_fops_health-openat$auto_v4l2_fops_v4l2_dev-mmap$auto-syz_genetlink_get_family_id$auto_smc_gen_netlink-sendmsg$auto_SMC_NETLINK_ENABLE_SEID-openat$auto_kernfs_file_fops_kernfs_internal-read$auto_kernfs_file_fops_kernfs_internal-ioctl$auto-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x5, 0x0)
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x42c00, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r2 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000080), r0)
sendmsg$auto_SMC_NETLINK_ENABLE_SEID(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x78, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, "038540f2de1aa1df762ab3d0ea17cf67ddf6bde4319891fb841f61172c8f7f1776943f2aa8ca187afaa402f40e4ca746538265a2681e05950622a6b52bb47ee7b30486ac30a9fb633c3e45b8309ae5765c7183c0319646fc1ffefffbb03fd8baf525"}, 0x78}, 0x1, 0x0, 0x0, 0x4000881}, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-256kB/stats/shmem_fallback_charge\x00', 0x101100, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000640)=""/177, 0xb1)
ioctl$auto(0x3, 0xc0205649, 0x38)
write$auto(r1, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_vhci_fops_hci_vhci-openat$auto_nsim_dev_health_break_fops_health-openat$auto_v4l2_fops_v4l2_dev-mmap$auto-syz_genetlink_get_family_id$auto_smc_gen_netlink-sendmsg$auto_SMC_NETLINK_ENABLE_SEID-openat$auto_kernfs_file_fops_kernfs_internal-read$auto_kernfs_file_fops_kernfs_internal-ioctl$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x5, 0x0)
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x42c00, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000080), r0)
sendmsg$auto_SMC_NETLINK_ENABLE_SEID(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x78, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, "038540f2de1aa1df762ab3d0ea17cf67ddf6bde4319891fb841f61172c8f7f1776943f2aa8ca187afaa402f40e4ca746538265a2681e05950622a6b52bb47ee7b30486ac30a9fb633c3e45b8309ae5765c7183c0319646fc1ffefffbb03fd8baf525"}, 0x78}, 0x1, 0x0, 0x0, 0x4000881}, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-256kB/stats/shmem_fallback_charge\x00', 0x101100, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000640)=""/177, 0xb1)
ioctl$auto(0x3, 0xc0205649, 0x38)
program did not crash
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_vhci_fops_hci_vhci-openat$auto_nsim_dev_health_break_fops_health-openat$auto_v4l2_fops_v4l2_dev-mmap$auto-syz_genetlink_get_family_id$auto_smc_gen_netlink-sendmsg$auto_SMC_NETLINK_ENABLE_SEID-openat$auto_kernfs_file_fops_kernfs_internal-read$auto_kernfs_file_fops_kernfs_internal-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x5, 0x0)
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x42c00, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r2 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000080), r0)
sendmsg$auto_SMC_NETLINK_ENABLE_SEID(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x78, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, "038540f2de1aa1df762ab3d0ea17cf67ddf6bde4319891fb841f61172c8f7f1776943f2aa8ca187afaa402f40e4ca746538265a2681e05950622a6b52bb47ee7b30486ac30a9fb633c3e45b8309ae5765c7183c0319646fc1ffefffbb03fd8baf525"}, 0x78}, 0x1, 0x0, 0x0, 0x4000881}, 0x0)
r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-256kB/stats/shmem_fallback_charge\x00', 0x101100, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000640)=""/177, 0xb1)
write$auto(r1, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_vhci_fops_hci_vhci-openat$auto_nsim_dev_health_break_fops_health-openat$auto_v4l2_fops_v4l2_dev-mmap$auto-syz_genetlink_get_family_id$auto_smc_gen_netlink-sendmsg$auto_SMC_NETLINK_ENABLE_SEID-openat$auto_kernfs_file_fops_kernfs_internal-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x5, 0x0)
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x42c00, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r2 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000080), r0)
sendmsg$auto_SMC_NETLINK_ENABLE_SEID(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x78, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, "038540f2de1aa1df762ab3d0ea17cf67ddf6bde4319891fb841f61172c8f7f1776943f2aa8ca187afaa402f40e4ca746538265a2681e05950622a6b52bb47ee7b30486ac30a9fb633c3e45b8309ae5765c7183c0319646fc1ffefffbb03fd8baf525"}, 0x78}, 0x1, 0x0, 0x0, 0x4000881}, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-256kB/stats/shmem_fallback_charge\x00', 0x101100, 0x0)
write$auto(r1, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_vhci_fops_hci_vhci-openat$auto_nsim_dev_health_break_fops_health-openat$auto_v4l2_fops_v4l2_dev-mmap$auto-syz_genetlink_get_family_id$auto_smc_gen_netlink-sendmsg$auto_SMC_NETLINK_ENABLE_SEID-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x5, 0x0)
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x42c00, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r2 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000080), r0)
sendmsg$auto_SMC_NETLINK_ENABLE_SEID(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x78, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, "038540f2de1aa1df762ab3d0ea17cf67ddf6bde4319891fb841f61172c8f7f1776943f2aa8ca187afaa402f40e4ca746538265a2681e05950622a6b52bb47ee7b30486ac30a9fb633c3e45b8309ae5765c7183c0319646fc1ffefffbb03fd8baf525"}, 0x78}, 0x1, 0x0, 0x0, 0x4000881}, 0x0)
write$auto(r1, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_vhci_fops_hci_vhci-openat$auto_nsim_dev_health_break_fops_health-openat$auto_v4l2_fops_v4l2_dev-mmap$auto-syz_genetlink_get_family_id$auto_smc_gen_netlink-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x5, 0x0)
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x42c00, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000080), r0)
write$auto(r1, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_vhci_fops_hci_vhci-openat$auto_nsim_dev_health_break_fops_health-openat$auto_v4l2_fops_v4l2_dev-mmap$auto-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x5, 0x0)
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x42c00, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_vhci_fops_hci_vhci-openat$auto_nsim_dev_health_break_fops_health-openat$auto_v4l2_fops_v4l2_dev-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x5, 0x0)
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x42c00, 0x0)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_vhci_fops_hci_vhci-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x5, 0x0)
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_vhci_fops_hci_vhci-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x5, 0x0)
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000140), 0x880, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x1ff)
program did not crash
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x5, 0x0)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program did not crash
testing program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, 0x0, 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program did not crash
extracting C reproducer
testing compiled C program (duration=8m43.89486132s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=8m43.89486132s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
extracting C reproducer
testing compiled C program (duration=8m43.89486132s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing program (duration=8m43.89486132s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program did not crash
testing program (duration=8m43.89486132s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
validation run: crashed=true
testing program (duration=8m43.89486132s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
validation run: crashed=true
testing program (duration=8m43.89486132s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)
program crashed: INFO: task hung in remove_one
validation run: crashed=true
reproducing took 2h58m39.810135854s
repro crashed as (corrupted=false):
INFO: task kworker/u8:11:3586 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:11 state:D stack:24824 pid:3586 tgid:3586 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: netns cleanup_net
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_timeout+0x257/0x290 kernel/time/sleep_timeout.c:75
do_wait_for_common kernel/sched/completion.c:100 [inline]
__wait_for_common+0x2fc/0x4e0 kernel/sched/completion.c:121
__debugfs_file_removed fs/debugfs/inode.c:770 [inline]
remove_one+0x312/0x420 fs/debugfs/inode.c:777
__simple_recursive_removal+0x15b/0x610 fs/libfs.c:631
debugfs_remove+0x5d/0x80 fs/debugfs/inode.c:800
nsim_dev_health_exit+0x3b/0xe0 drivers/net/netdevsim/health.c:227
nsim_dev_reload_destroy+0x144/0x4d0 drivers/net/netdevsim/dev.c:1710
nsim_dev_reload_down+0x6e/0xd0 drivers/net/netdevsim/dev.c:983
devlink_reload+0x1a1/0x7c0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1a0/0x2b0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0xab0 net/core/net_namespace.c:234
cleanup_net+0x41b/0x8b0 net/core/net_namespace.c:695
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task syz-executor:9151 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:24760 pid:9151 tgid:9151 ppid:1 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x818/0x1060 kernel/locking/mutex.c:760
device_lock include/linux/device.h:914 [inline]
device_del+0xa0/0x9f0 drivers/base/core.c:3840
device_unregister+0x1d/0xc0 drivers/base/core.c:3919
nsim_bus_dev_del drivers/net/netdevsim/bus.c:483 [inline]
del_device_store+0x355/0x4a0 drivers/net/netdevsim/bus.c:244
bus_attr_store+0x74/0xb0 drivers/base/bus.c:172
sysfs_kf_write+0xf2/0x150 fs/sysfs/file.c:142
kernfs_fop_write_iter+0x3af/0x570 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x7d3/0x11d0 fs/read_write.c:686
ksys_write+0x12a/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc3d0f8e17f
RSP: 002b:00007ffeb4949150 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fc3d0f8e17f
RDX: 0000000000000001 RSI: 00007ffeb49491a0 RDI: 0000000000000005
RBP: 00007fc3d10132cb R08: 0000000000000000 R09: 00007ffeb4948fa7
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 00007ffeb49491a0 R14: 00007fc3d1d14620 R15: 0000000000000003
INFO: task syz.3.2792:9154 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.2792 state:D stack:27264 pid:9154 tgid:9154 ppid:8683 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x818/0x1060 kernel/locking/mutex.c:760
devlink_health_report+0x6b4/0xb00 net/devlink/health.c:680
nsim_dev_health_break_write+0x166/0x210 drivers/net/netdevsim/health.c:162
full_proxy_write+0x131/0x1a0 fs/debugfs/file.c:388
vfs_write+0x2a0/0x11d0 fs/read_write.c:684
ksys_write+0x12a/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7100f8f6c9
RSP: 002b:00007ffd2526e5d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f71011e5fa0 RCX: 00007f7100f8f6c9
RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f7101011f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f71011e5fa0 R14: 00007f71011e5fa0 R15: 0000000000000003
INFO: task syz.0.2799:9164 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.2799 state:D stack:27288 pid:9164 tgid:9164 ppid:8935 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
rwsem_down_read_slowpath+0x64b/0xbf0 kernel/locking/rwsem.c:1086
__down_read_common kernel/locking/rwsem.c:1261 [inline]
__down_read kernel/locking/rwsem.c:1274 [inline]
down_read+0xef/0x480 kernel/locking/rwsem.c:1539
inode_lock_shared include/linux/fs.h:995 [inline]
open_last_lookups fs/namei.c:3894 [inline]
path_openat+0x818/0x2cb0 fs/namei.c:4131
do_filp_open+0x20b/0x470 fs/namei.c:4161
do_sys_openat2+0x11b/0x1d0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_openat fs/open.c:1468 [inline]
__se_sys_openat fs/open.c:1463 [inline]
__x64_sys_openat+0x174/0x210 fs/open.c:1463
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5d6818f6c9
RSP: 002b:00007ffdcf261da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f5d683e5fa0 RCX: 00007f5d6818f6c9
RDX: 0000000000048081 RSI: 0000200000000000 RDI: ffffffffffffff9c
RBP: 00007f5d68211f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5d683e5fa0 R14: 00007f5d683e5fa0 R15: 0000000000000004
INFO: task syz.1.2800:9165 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.2800 state:D stack:27208 pid:9165 tgid:9165 ppid:8464 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
rwsem_down_read_slowpath+0x64b/0xbf0 kernel/locking/rwsem.c:1086
__down_read_common kernel/locking/rwsem.c:1261 [inline]
__down_read kernel/locking/rwsem.c:1274 [inline]
down_read+0xef/0x480 kernel/locking/rwsem.c:1539
inode_lock_shared include/linux/fs.h:995 [inline]
open_last_lookups fs/namei.c:3894 [inline]
path_openat+0x818/0x2cb0 fs/namei.c:4131
do_filp_open+0x20b/0x470 fs/namei.c:4161
do_sys_openat2+0x11b/0x1d0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_openat fs/open.c:1468 [inline]
__se_sys_openat fs/open.c:1463 [inline]
__x64_sys_openat+0x174/0x210 fs/open.c:1463
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f06df58f6c9
RSP: 002b:00007fff3bfbc758 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f06df7e5fa0 RCX: 00007f06df58f6c9
RDX: 0000000000048081 RSI: 0000200000000000 RDI: ffffffffffffff9c
RBP: 00007f06df611f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f06df7e5fa0 R14: 00007f06df7e5fa0 R15: 0000000000000004
Showing all locks held in the system:
1 lock held by khungtaskd/31:
#0: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#0: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775
6 locks held by kworker/u8:11/3586:
#0: ffff88801ba9f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3238
#1: ffffc9000bf07d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3239
#2: ffffffff900d4610 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x8b0 net/core/net_namespace.c:669
#3: ffff888031d8a0e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:914 [inline]
#3: ffff888031d8a0e8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
#3: ffff888031d8a0e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x12c/0x2b0 net/devlink/core.c:506
#4: ffff888031d8b250 (&devlink->lock_key#3){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
#4: ffff888031d8b250 (&devlink->lock_key#3){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
#4: ffff888031d8b250 (&devlink->lock_key#3){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x136/0x2b0 net/devlink/core.c:506
#5: ffff888059f61568 (&sb->s_type->i_mutex_key#3/2){+.+.}-{4:4}, at: inode_lock_nested include/linux/fs.h:1025 [inline]
#5: ffff888059f61568 (&sb->s_type->i_mutex_key#3/2){+.+.}-{4:4}, at: __simple_recursive_removal+0x354/0x610 fs/libfs.c:627
1 lock held by klogd/5191:
#0: ffff8880b853a4d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:638
2 locks held by getty/5595:
#0: ffff888034ce30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222
5 locks held by syz-executor/9151:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805beaa088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
#4: ffff888031d8a0e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:914 [inline]
#4: ffff888031d8a0e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa0/0x9f0 drivers/base/core.c:3840
2 locks held by syz.3.2792/9154:
#0: ffff88801eea8420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888031d8b250 (&devlink->lock_key#3){+.+.}-{4:4}, at: devlink_health_report+0x6b4/0xb00 net/devlink/health.c:680
2 locks held by syz.0.2799/9164:
#0: ffff88801eea8420 (sb_writers#8){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3884 [inline]
#0: ffff88801eea8420 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x1ec8/0x2cb0 fs/namei.c:4131
#1: ffff888059f61568 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:995 [inline]
#1: ffff888059f61568 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3894 [inline]
#1: ffff888059f61568 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 fs/namei.c:4131
2 locks held by syz.1.2800/9165:
#0: ffff88801eea8420 (sb_writers#8){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3884 [inline]
#0: ffff88801eea8420 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x1ec8/0x2cb0 fs/namei.c:4131
#1: ffff888059f61568 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:995 [inline]
#1: ffff888059f61568 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3894 [inline]
#1: ffff888059f61568 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 fs/namei.c:4131
4 locks held by syz-executor/9174:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88814c6b6488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9177:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88806028e488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9180:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88814cf18c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9209:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888012b52c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9221:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88807cf33c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9224:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888021f6d888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9225:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805fbe5888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9260:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88807504ac88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9273:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888078476488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9276:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888055532888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9277:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805aeed088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:332 [inline]
watchdog+0xf3f/0x1170 kernel/hung_task.c:495
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:82
Code: a7 6f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 c3 2c 00 fb f4 3c 0a 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6
RAX: 000000000015f32d RBX: 0000000000000001 RCX: ffffffff8b5d62a9
RDX: 0000000000000000 RSI: ffffffff8da283d7 RDI: ffffffff8bf075c0
RBP: ffffed1003a59b58 R08: 0000000000000001 R09: ffffed10170a6655
R10: ffff8880b85332ab R11: 0000000000000001 R12: 0000000000000001
R13: ffff88801d2cdac0 R14: ffffffff908241d0 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff888124b0e000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561937c89d08 CR3: 000000000e182000 CR4: 00000000003526f0
Call Trace:
arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:190 [inline]
do_idle+0x38d/0x500 kernel/sched/idle.c:330
cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:428
start_secondary+0x21d/0x2b0 arch/x86/kernel/smpboot.c:315
common_startup_64+0x13e/0x148
final repro crashed as (corrupted=false):
INFO: task kworker/u8:11:3586 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:11 state:D stack:24824 pid:3586 tgid:3586 ppid:2 task_flags:0x4208060 flags:0x00080000
Workqueue: netns cleanup_net
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_timeout+0x257/0x290 kernel/time/sleep_timeout.c:75
do_wait_for_common kernel/sched/completion.c:100 [inline]
__wait_for_common+0x2fc/0x4e0 kernel/sched/completion.c:121
__debugfs_file_removed fs/debugfs/inode.c:770 [inline]
remove_one+0x312/0x420 fs/debugfs/inode.c:777
__simple_recursive_removal+0x15b/0x610 fs/libfs.c:631
debugfs_remove+0x5d/0x80 fs/debugfs/inode.c:800
nsim_dev_health_exit+0x3b/0xe0 drivers/net/netdevsim/health.c:227
nsim_dev_reload_destroy+0x144/0x4d0 drivers/net/netdevsim/dev.c:1710
nsim_dev_reload_down+0x6e/0xd0 drivers/net/netdevsim/dev.c:983
devlink_reload+0x1a1/0x7c0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1a0/0x2b0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0xab0 net/core/net_namespace.c:234
cleanup_net+0x41b/0x8b0 net/core/net_namespace.c:695
process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
process_scheduled_works kernel/workqueue.c:3346 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
INFO: task syz-executor:9151 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:24760 pid:9151 tgid:9151 ppid:1 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x818/0x1060 kernel/locking/mutex.c:760
device_lock include/linux/device.h:914 [inline]
device_del+0xa0/0x9f0 drivers/base/core.c:3840
device_unregister+0x1d/0xc0 drivers/base/core.c:3919
nsim_bus_dev_del drivers/net/netdevsim/bus.c:483 [inline]
del_device_store+0x355/0x4a0 drivers/net/netdevsim/bus.c:244
bus_attr_store+0x74/0xb0 drivers/base/bus.c:172
sysfs_kf_write+0xf2/0x150 fs/sysfs/file.c:142
kernfs_fop_write_iter+0x3af/0x570 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x7d3/0x11d0 fs/read_write.c:686
ksys_write+0x12a/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc3d0f8e17f
RSP: 002b:00007ffeb4949150 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fc3d0f8e17f
RDX: 0000000000000001 RSI: 00007ffeb49491a0 RDI: 0000000000000005
RBP: 00007fc3d10132cb R08: 0000000000000000 R09: 00007ffeb4948fa7
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 00007ffeb49491a0 R14: 00007fc3d1d14620 R15: 0000000000000003
INFO: task syz.3.2792:9154 blocked for more than 143 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.2792 state:D stack:27264 pid:9154 tgid:9154 ppid:8683 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
__mutex_lock_common kernel/locking/mutex.c:676 [inline]
__mutex_lock+0x818/0x1060 kernel/locking/mutex.c:760
devlink_health_report+0x6b4/0xb00 net/devlink/health.c:680
nsim_dev_health_break_write+0x166/0x210 drivers/net/netdevsim/health.c:162
full_proxy_write+0x131/0x1a0 fs/debugfs/file.c:388
vfs_write+0x2a0/0x11d0 fs/read_write.c:684
ksys_write+0x12a/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7100f8f6c9
RSP: 002b:00007ffd2526e5d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f71011e5fa0 RCX: 00007f7100f8f6c9
RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f7101011f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f71011e5fa0 R14: 00007f71011e5fa0 R15: 0000000000000003
INFO: task syz.0.2799:9164 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.2799 state:D stack:27288 pid:9164 tgid:9164 ppid:8935 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
rwsem_down_read_slowpath+0x64b/0xbf0 kernel/locking/rwsem.c:1086
__down_read_common kernel/locking/rwsem.c:1261 [inline]
__down_read kernel/locking/rwsem.c:1274 [inline]
down_read+0xef/0x480 kernel/locking/rwsem.c:1539
inode_lock_shared include/linux/fs.h:995 [inline]
open_last_lookups fs/namei.c:3894 [inline]
path_openat+0x818/0x2cb0 fs/namei.c:4131
do_filp_open+0x20b/0x470 fs/namei.c:4161
do_sys_openat2+0x11b/0x1d0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_openat fs/open.c:1468 [inline]
__se_sys_openat fs/open.c:1463 [inline]
__x64_sys_openat+0x174/0x210 fs/open.c:1463
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5d6818f6c9
RSP: 002b:00007ffdcf261da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f5d683e5fa0 RCX: 00007f5d6818f6c9
RDX: 0000000000048081 RSI: 0000200000000000 RDI: ffffffffffffff9c
RBP: 00007f5d68211f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5d683e5fa0 R14: 00007f5d683e5fa0 R15: 0000000000000004
INFO: task syz.1.2800:9165 blocked for more than 144 seconds.
Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.2800 state:D stack:27208 pid:9165 tgid:9165 ppid:8464 task_flags:0x400140 flags:0x00080002
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7026
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7083
rwsem_down_read_slowpath+0x64b/0xbf0 kernel/locking/rwsem.c:1086
__down_read_common kernel/locking/rwsem.c:1261 [inline]
__down_read kernel/locking/rwsem.c:1274 [inline]
down_read+0xef/0x480 kernel/locking/rwsem.c:1539
inode_lock_shared include/linux/fs.h:995 [inline]
open_last_lookups fs/namei.c:3894 [inline]
path_openat+0x818/0x2cb0 fs/namei.c:4131
do_filp_open+0x20b/0x470 fs/namei.c:4161
do_sys_openat2+0x11b/0x1d0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_openat fs/open.c:1468 [inline]
__se_sys_openat fs/open.c:1463 [inline]
__x64_sys_openat+0x174/0x210 fs/open.c:1463
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f06df58f6c9
RSP: 002b:00007fff3bfbc758 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f06df7e5fa0 RCX: 00007f06df58f6c9
RDX: 0000000000048081 RSI: 0000200000000000 RDI: ffffffffffffff9c
RBP: 00007f06df611f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f06df7e5fa0 R14: 00007f06df7e5fa0 R15: 0000000000000004
Showing all locks held in the system:
1 lock held by khungtaskd/31:
#0: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#0: ffffffff8e3c45a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775
6 locks held by kworker/u8:11/3586:
#0: ffff88801ba9f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3238
#1: ffffc9000bf07d00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3239
#2: ffffffff900d4610 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x8b0 net/core/net_namespace.c:669
#3: ffff888031d8a0e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:914 [inline]
#3: ffff888031d8a0e8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
#3: ffff888031d8a0e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x12c/0x2b0 net/devlink/core.c:506
#4: ffff888031d8b250 (&devlink->lock_key#3){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
#4: ffff888031d8b250 (&devlink->lock_key#3){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
#4: ffff888031d8b250 (&devlink->lock_key#3){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x136/0x2b0 net/devlink/core.c:506
#5: ffff888059f61568 (&sb->s_type->i_mutex_key#3/2){+.+.}-{4:4}, at: inode_lock_nested include/linux/fs.h:1025 [inline]
#5: ffff888059f61568 (&sb->s_type->i_mutex_key#3/2){+.+.}-{4:4}, at: __simple_recursive_removal+0x354/0x610 fs/libfs.c:627
1 lock held by klogd/5191:
#0: ffff8880b853a4d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:638
2 locks held by getty/5595:
#0: ffff888034ce30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222
5 locks held by syz-executor/9151:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805beaa088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
#4: ffff888031d8a0e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:914 [inline]
#4: ffff888031d8a0e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa0/0x9f0 drivers/base/core.c:3840
2 locks held by syz.3.2792/9154:
#0: ffff88801eea8420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888031d8b250 (&devlink->lock_key#3){+.+.}-{4:4}, at: devlink_health_report+0x6b4/0xb00 net/devlink/health.c:680
2 locks held by syz.0.2799/9164:
#0: ffff88801eea8420 (sb_writers#8){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3884 [inline]
#0: ffff88801eea8420 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x1ec8/0x2cb0 fs/namei.c:4131
#1: ffff888059f61568 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:995 [inline]
#1: ffff888059f61568 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3894 [inline]
#1: ffff888059f61568 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 fs/namei.c:4131
2 locks held by syz.1.2800/9165:
#0: ffff88801eea8420 (sb_writers#8){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3884 [inline]
#0: ffff88801eea8420 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x1ec8/0x2cb0 fs/namei.c:4131
#1: ffff888059f61568 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:995 [inline]
#1: ffff888059f61568 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3894 [inline]
#1: ffff888059f61568 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 fs/namei.c:4131
4 locks held by syz-executor/9174:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88814c6b6488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9177:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88806028e488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9180:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88814cf18c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9209:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888012b52c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9221:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88807cf33c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9224:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888021f6d888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9225:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805fbe5888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9260:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88807504ac88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9273:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888078476488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9276:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff888055532888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/9277:
#0: ffff88803517e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
#1: ffff88805aeed088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 fs/kernfs/file.c:343
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
#2: ffff888145312788 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 fs/kernfs/file.c:344
#3: ffffffff8f66cbc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
=============================================
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:332 [inline]
watchdog+0xf3f/0x1170 kernel/hung_task.c:495
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:82
Code: a7 6f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 c3 2c 00 fb f4 3c 0a 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6
RAX: 000000000015f32d RBX: 0000000000000001 RCX: ffffffff8b5d62a9
RDX: 0000000000000000 RSI: ffffffff8da283d7 RDI: ffffffff8bf075c0
RBP: ffffed1003a59b58 R08: 0000000000000001 R09: ffffed10170a6655
R10: ffff8880b85332ab R11: 0000000000000001 R12: 0000000000000001
R13: ffff88801d2cdac0 R14: ffffffff908241d0 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff888124b0e000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561937c89d08 CR3: 000000000e182000 CR4: 00000000003526f0
Call Trace:
arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:190 [inline]
do_idle+0x38d/0x500 kernel/sched/idle.c:330
cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:428
start_secondary+0x21d/0x2b0 arch/x86/kernel/smpboot.c:315
common_startup_64+0x13e/0x148