Extracting prog: 1h39m33.038274549s Minimizing prog: 19m28.452147472s Simplifying prog options: 0s Extracting C: 3m52.947928924s Simplifying C: 28m33.691780769s extracting reproducer from 74 programs testing a last program of every proc single: executing 24 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$xdp-socket$inet6_sctp-socket$inet6_tcp-setsockopt$inet6_tcp_int-connect$inet6-setsockopt$inet6_tcp_TCP_ULP-setsockopt$inet6_tcp_TLS_TX-syz_init_net_socket$nl_generic-syz_open_procfs-fchdir-mount-setsockopt$inet6_group_source_req-syz_clone-syz_open_procfs-pread64-syz_genetlink_get_family_id$nbd-sendmsg$NBD_CMD_CONNECT-openat$cgroup_ro-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_usb_control_io$printer-syz_usb_control_io$printer-syz_usb_control_io$cdc_ecm-syz_usb_control_io$lan78xx-write$cgroup_int-sendfile-setsockopt$XDP_UMEM_REG-setsockopt$XDP_RX_RING-socketpair$unix-ioctl$sock_SIOCGIFINDEX detailed listing: executing program 0: r0 = socket$xdp(0x2c, 0x3, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x31}}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000280)=@gcm_256={{0x303}, "1afc7c14d332bcc6", "a9ba0c85d68723369f51322151d9f41aaa2832bb07cc1e49ad714beac6f1ade8", "49960d8f", "bff2a81527ae4190"}, 0x38) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='task\x00') fchdir(r3) mount(0x0, &(0x7f0000000100)='.\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x29, 0x0, 0x0) r4 = syz_clone(0x0, 0x0, 0x21, 0x0, 0x0, 0x0) r5 = syz_open_procfs(r4, &(0x7f0000000240)='cmdline\x00') pread64(r5, 0x0, 0x0, 0x40000000007) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200), r2) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010029bd7000fbdbdf25010000000c00020000000000000000001c0007801800018008000100", @ANYBLOB="04"], 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) r8 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xd9, 0x72, 0xa4, 0x40, 0x20b7, 0x1540, 0xb75a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r8, 0x0, 0x0) syz_usb_control_io$printer(r8, 0x0, &(0x7f0000000500)={0x34, &(0x7f0000000100)={0x40, 0x17, 0x3, 'f3l'}, 0x0, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x7}, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r8, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000180)={0x40, 0x0, 0x1, "c4"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r8, 0x0, &(0x7f00000000c0)={0x1c, &(0x7f0000000140)={0x0, 0xa, 0x1, '\x00'}, 0x0, 0x0}) syz_usb_control_io$lan78xx(r8, 0x0, &(0x7f0000000440)={0x34, &(0x7f00000001c0)=ANY=[@ANYBLOB="20140100"], 0x0, 0x0, 0x0, 0x0, 0x0}) write$cgroup_int(r7, &(0x7f0000000000), 0xffffff6a) sendfile(r1, r7, 0x0, 0x20000000002) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000, 0x100, 0x1}, 0x20) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000300)={'netdevsim0\x00'}) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io$lan78xx-socket-sendmmsg$inet-accept4$llc-syz_usb_control_io$hid-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT-syz_usb_connect-syz_usb_connect-openat$fuse-syz_usb_connect-syz_usb_control_io$lan78xx-socket-sendmmsg$inet-accept4$llc-syz_usb_control_io$hid-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT-syz_usb_connect-syz_usb_connect-openat$fuse detailed listing: executing program 0: r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ff4ae0086d04dd08f4ff080203010902120001000000000904"], 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) r1 = socket(0x840000000002, 0x3, 0xff) sendmmsg$inet(r1, &(0x7f00000015c0)=[{{&(0x7f00000001c0)={0x2, 0x400, @local}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000002074640000000000003552bde5c064c6", 0x15}, {&(0x7f0000001140)="17463ab6d80fb6eedc81ba60ccbb9d", 0xf}], 0x2}, 0xf5ffffff}], 0x1, 0x0) accept4$llc(r1, 0x0, &(0x7f00000000c0), 0x800) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001880)={0x18, &(0x7f0000001600)={0x40, 0x31}, 0x0, 0x0, 0x0, 0x0}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000000)=0xfffffff7, 0x4) r3 = syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b04101e8c00000001090212000100000000090401"], 0x0) syz_usb_connect(0x2, 0x36, &(0x7f0000000140)=ANY=[@ANYRES8=r3], 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ff4ae0086d04dd08f4ff080203010902120001000000000904"], 0x0) (async) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) (async) socket(0x840000000002, 0x3, 0xff) (async) sendmmsg$inet(r1, &(0x7f00000015c0)=[{{&(0x7f00000001c0)={0x2, 0x400, @local}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000002074640000000000003552bde5c064c6", 0x15}, {&(0x7f0000001140)="17463ab6d80fb6eedc81ba60ccbb9d", 0xf}], 0x2}, 0xf5ffffff}], 0x1, 0x0) (async) accept4$llc(r1, 0x0, &(0x7f00000000c0), 0x800) (async) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001880)={0x18, &(0x7f0000001600)={0x40, 0x31}, 0x0, 0x0, 0x0, 0x0}) (async) socket$inet6_sctp(0xa, 0x5, 0x84) (async) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000000)=0xfffffff7, 0x4) (async) syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b04101e8c00000001090212000100000000090401"], 0x0) (async) syz_usb_connect(0x2, 0x36, &(0x7f0000000140)=ANY=[@ANYRES8=r3], 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$sierra_net-socket$igmp-syz_usb_control_io$hid detailed listing: executing program 0: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, &(0x7f0000000000)={0x20, 0xc, 0x39, {0x39, 0x31, "93d1cc5a589351b9570c02d6b3ac07a210356fe6811c3045d99fc5a0345d10ed381a60141fb4690263d8f6d979915b753bc9500832431a"}}, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf4ff}}, &(0x7f00000000c0)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x5, "9bf3505c"}]}}, &(0x7f0000000100)={0x0, 0x21, 0x9, {0x9, 0x21, 0x8, 0xd1, 0x1, {0x22, 0x697}}}}, &(0x7f0000000400)={0x2c, &(0x7f0000000180)={0x0, 0x31, 0xf2, "84f59ec84302f64e5f88d7271773262967277805495b454bdcaa4c962f2c521379233714422534e91d1093b8248378a63e85069a5439d55631f1827f3677e8f6538b7fa9aebc923a17d1fa1f258f6a41dd996c9c59ecbdb37bd4e14b22381a29b063c2f920677fbd8ff211a8eed67a4486c2c803916697f18a14db62b27eff6a47a1dfd4f250699a59037c643203571bd8519ebcb6cbd1cc707374c06c46dd7bc1a4d240b890f3a2f49643d57410181174d70ea46aca41c47fb5dfb8d1378d11a73bbb6721bda0e7c8ceaf93debb2f444294d72b49a7c96510157ce1139c1802fa6f84641f69dfef588c8a85950ae3601955"}, &(0x7f0000000280)={0x0, 0xa, 0x1}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000300)={0x20, 0x1, 0x82, "c8b4ec796877c74f3823d12169f7ade10b774552d90f04cf5a1355f14ae626e3a5c9e3339d02d7ef303c0368c901fb102a3b395bc89cb2cc477c6cf2c3d99539275a51fe9864ba709c6df24f06a1b9b8c7efde09d52723fb52715d493fa0821ca014908378445f773babe109d997b7498fc847f15db22aaede891b355ae547cbbf47"}, &(0x7f00000003c0)={0x20, 0x3, 0x1, 0x6}}) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_bnep-socket-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-setsockopt$SO_BINDTODEVICE-openat$dsp-capset-syz_init_net_socket$x25-ioctl$SIOCX25SSUBSCRIP-sendmsg$IPCTNL_MSG_EXP_NEW-socket-sendto-recvmmsg-write$dsp-syz_open_dev$sndctrl-ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE-syz_open_dev$sndpcmp-ioctl$SNDRV_PCM_IOCTL_SW_PARAMS-syz_open_dev$radio-ioctl$VIDIOC_S_MODULATOR-sendto$unix-syz_open_dev$vim2m-ioctl$vim2m_VIDIOC_S_FMT-sendto$unix-ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD-ioctl$sock_SIOCGIFCONF-syz_usb_connect$uac1 detailed listing: executing program 0: r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) r1 = socket(0x2, 0x3, 0x67) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x409}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x60}, 0x1, 0x0, 0x0, 0x8890}, 0x24000000) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x52c) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x8, 0x0, 0x0, 0xea2}) r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SSUBSCRIP(r4, 0x89e1, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000880)={0xac, 0x0, 0x2, 0x801, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x34e6}, @CTA_EXPECT_NAT={0x90, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x54, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @remote}}}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x28, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000) r5 = socket(0x10, 0x803, 0x0) sendto(r5, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400}) write$dsp(r3, &(0x7f0000000200)='m', 0x1) r6 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r6, 0x40045532, &(0x7f0000000100)) r7 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r7, 0xc0884113, &(0x7f0000000ac0)={0x0, 0x9, 0x5, 0x6, 0x1, 0x4, 0x2, 0x6, 0x80000000, 0x6, 0x7, 0x1}) r8 = syz_open_dev$radio(&(0x7f0000000040), 0x1, 0x2) ioctl$VIDIOC_S_MODULATOR(r8, 0x40445637, &(0x7f0000000140)={0x0, "c42e68848c23f06c24533283c4761272f298e3e99dc1450727d16a1d245b6d11"}) sendto$unix(r1, &(0x7f0000000240)="695d1aff", 0x4, 0x4008000, &(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e) r9 = syz_open_dev$vim2m(&(0x7f0000001180), 0x2, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f0000000140)={0x1, @pix={0x0, 0x0, 0x3432564e}}) sendto$unix(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@abs={0x0, 0x7, 0xd0000e0}, 0x6e) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000000)={0x2, 'batadv0\x00', {0x9}, 0x1}) ioctl$sock_SIOCGIFCONF(r2, 0x8912, &(0x7f0000000440)=@req={0x28, &(0x7f0000000400)={'ip6gretap0\x00', @ifru_addrs=@ethernet={0x1, @remote}}}) syz_usb_connect$uac1(0x2, 0xb2, &(0x7f0000000200)=ANY=[@ANYRES8=r1], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0xaf, &(0x7f0000000100)=@string={0xaf, 0x3, "602dd2d162f05709865a5010f59420c160eceeb9d11de24c0cdcbba35fb34c3733714b735e37a596f9b99c13fb92857aa93a95ccca5405b1431adb3d3d6fe285817638c611565dded79060d9c20fb899f9a8ea10d77d0790d18eb5dfc4ccc933946b8af9a23dc685fffba77033f2624c04b524bc6947ae6784791f50ad03c4005ca31eb007ed90131e286244c166ca26d4ae25ee53d8cb509d3268e5c2124f33b711e9aa31ee8eec78668b5e05"}}]}) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-syz_init_net_socket$nl_generic-socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-sendmsg$inet-syz_open_dev$vim2m-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-syz_usb_control_io$hid-write$tun-openat$nullb-mkdir-openat$cgroup_root-openat$cgroup_pressure-write$cgroup_pressure-sendfile-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nl802154-openat$autofs-socket$kcm-sendmsg$kcm-ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD-ioctl$sock_SIOCGIFINDEX_802154-sendmsg$NL802154_CMD_DEL_SEC_LEVEL detailed listing: executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0x0, {0x1, 0x1, 0x4}, 0xff}, 0x18) sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20048005) r4 = syz_open_dev$vim2m(&(0x7f0000000100), 0x800, 0x2) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000700)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000600), 0x0}) write$tun(r5, &(0x7f00000005c0)=ANY=[@ANYBLOB="0a000201bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000011288ff00000000000000000000ffffe0000002ff020000000000000000000000000001"], 0x14c) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r9 = openat$cgroup_pressure(r8, &(0x7f00000000c0)='cpu.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r9, &(0x7f0000000100)={'some', 0x20, 0x3, 0x20, 0xcc4}, 0x2f) sendfile(r4, r7, 0x0, 0x2000000009) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r12 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x204000, 0x0) r13 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r13, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)}, 0x48800) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r12, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r13, {r0}}, './file0\x00'}) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000340)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x30, r11, 0x20, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_LEVEL={0x14, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x1}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r14}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-syz_init_net_socket$nl_generic-socket$can_j1939-ioctl$ifreq_SIOCGIFINDEX_vcan-bind$can_j1939-sendmsg$inet-syz_open_dev$vim2m-openat$tun-ioctl$TUNSETIFF-socket$kcm-ioctl$SIOCSIFHWADDR-syz_usb_control_io$hid-write$tun-openat$nullb-mkdir-openat$cgroup_root-openat$cgroup_pressure-write$cgroup_pressure-sendfile-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nl802154-openat$autofs-socket$kcm-sendmsg$kcm-ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD-ioctl$sock_SIOCGIFINDEX_802154-sendmsg$NL802154_CMD_DEL_SEC_LEVEL detailed listing: executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0x0, {0x1, 0x1, 0x4}, 0xff}, 0x18) sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20048005) r4 = syz_open_dev$vim2m(&(0x7f0000000100), 0x800, 0x2) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000700)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000600), 0x0}) write$tun(r5, &(0x7f00000005c0)=ANY=[@ANYBLOB="0a000201bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000011288ff00000000000000000000ffffe0000002ff020000000000000000000000000001"], 0x14c) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r9 = openat$cgroup_pressure(r8, &(0x7f00000000c0)='cpu.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r9, &(0x7f0000000100)={'some', 0x20, 0x3, 0x20, 0xcc4}, 0x2f) sendfile(r4, r7, 0x0, 0x2000000009) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r12 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x204000, 0x0) r13 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r13, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)}, 0x48800) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r12, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r13, {r0}}, './file0\x00'}) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000340)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x30, r11, 0x20, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_LEVEL={0x14, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x1}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r14}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-openat$cgroup_ro-socket$can_bcm-ioctl$ifreq_SIOCGIFINDEX_vcan-connect$can_bcm-sendmsg$can_bcm-sendmsg$can_bcm-getsockopt$WPAN_SECURITY-mknod$loop-openat$fuse-mount$fuse-mount$fuse-write$cgroup_subtree-mmap-ioctl$BINDER_GET_NODE_DEBUG_INFO detailed listing: executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r2, &(0x7f00000000c0)={0x1d, r3}, 0x10) sendmsg$can_bcm(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x1, 0x400, 0x0, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @can={{0x4, 0x0, 0x1}, 0x2, 0x3, 0x0, 0x0, "7b442856bfec870b"}}, 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0x0) (async) sendmsg$can_bcm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x1, 0x202, 0x80000000, {0x77359400}, {}, {}, 0x1, @can={{0x0, 0x1, 0x1, 0x1}, 0x4, 0x1, 0x0, 0x0, "4c86b8b1f25c1517"}}, 0x48}}, 0x40000) getsockopt$WPAN_SECURITY(r1, 0x0, 0x1, &(0x7f0000000000), &(0x7f0000000200)=0x4) (async) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) (async) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x808025, &(0x7f0000000340)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (async) write$cgroup_subtree(r1, &(0x7f0000000200)=ANY=[], 0x32600) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) (async) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000280)={0x2}) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_bcm-connect$can_bcm-socket-write-recvmmsg-sendmsg$can_bcm-syz_init_net_socket$netrom-socket-ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL-openat$nci-openat$cgroup_ro-mmap-socket$igmp6-setsockopt$inet6_group_source_req-ioctl$IOCTL_GET_NCIDEV_IDX-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-sendmsg$NFC_CMD_DEV_UP-connect$nfc_llcp-recvmsg-socket$netlink-sendmsg$netlink detailed listing: executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) r1 = socket(0x10, 0x3, 0x0) write(r1, &(0x7f0000000080)="1400000052004f030e789e7ee2ce2fa4ff612d27", 0x14) recvmmsg(r1, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)=ANY=[@ANYBLOB="05"], 0x48}, 0x1, 0x0, 0x0, 0x40021}, 0x0) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000100)={'ip6tnl0\x00', 0x0}) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0) r6 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$inet6_group_source_req(r6, 0x29, 0x7, &(0x7f0000000000)={0x7, {{0xa, 0x4e21, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x10}}, {{0xa, 0x4e22, 0x18000, @remote, 0x8}}}, 0x108) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r9) sendmsg$NFC_CMD_DEV_UP(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010029bd7000fedbdf250200000008000100", @ANYRES32=r7], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x4008004) connect$nfc_llcp(r3, &(0x7f0000000340)={0x27, r7, 0x0, 0x5, 0xfe, 0x5, "040c66e57cb20e6aff1049a08f9352166fee65135bebf5f30016b9166a8e5ff64362db990ec56a0915f3ebe11381cef2a8e6a2d456f51bfc9416eab4f90a76", 0x1a}, 0x60) recvmsg(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f0000000040)=""/30, 0x1e}, {&(0x7f0000000100)=""/223, 0xdf}, {&(0x7f0000000200)=""/118, 0x76}], 0x4, &(0x7f0000000280)=""/28, 0x1c}, 0x10023) r11 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r11, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)={0x2c, 0x11, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x1c, 0x0, 0x0, 0x0, [@typed={0x15, 0x0, 0x0, 0x0, @binary="56ccabd869c2033840919fdc5a8d2527ef"}]}]}, 0x2c}], 0x1, 0x0, 0x0, 0xc010}, 0x40080) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_bcm-connect$can_bcm-socket-write-recvmmsg-sendmsg$can_bcm-syz_init_net_socket$netrom-socket-ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL-openat$nci-openat$cgroup_ro-mmap-socket$igmp6-setsockopt$inet6_group_source_req-ioctl$IOCTL_GET_NCIDEV_IDX-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-sendmsg$NFC_CMD_DEV_UP-connect$nfc_llcp-recvmsg-socket$netlink-sendmsg$netlink detailed listing: executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) r1 = socket(0x10, 0x3, 0x0) write(r1, &(0x7f0000000080)="1400000052004f030e789e7ee2ce2fa4ff612d27", 0x14) recvmmsg(r1, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)=ANY=[@ANYBLOB="05"], 0x48}, 0x1, 0x0, 0x0, 0x40021}, 0x0) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000100)={'ip6tnl0\x00', 0x0}) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0) r6 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$inet6_group_source_req(r6, 0x29, 0x7, &(0x7f0000000000)={0x7, {{0xa, 0x4e21, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x10}}, {{0xa, 0x4e22, 0x18000, @remote, 0x8}}}, 0x108) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r9) sendmsg$NFC_CMD_DEV_UP(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010029bd7000fedbdf250200000008000100", @ANYRES32=r7], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x4008004) connect$nfc_llcp(r3, &(0x7f0000000340)={0x27, r7, 0x0, 0x5, 0xfe, 0x5, "040c66e57cb20e6aff1049a08f9352166fee65135bebf5f30016b9166a8e5ff64362db990ec56a0915f3ebe11381cef2a8e6a2d456f51bfc9416eab4f90a76", 0x1a}, 0x60) recvmsg(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f0000000040)=""/30, 0x1e}, {&(0x7f0000000100)=""/223, 0xdf}, {&(0x7f0000000200)=""/118, 0x76}], 0x4, &(0x7f0000000280)=""/28, 0x1c}, 0x10023) r11 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r11, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)={0x2c, 0x11, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x1c, 0x0, 0x0, 0x0, [@typed={0x15, 0x0, 0x0, 0x0, @binary="56ccabd869c2033840919fdc5a8d2527ef"}]}]}, 0x2c}], 0x1, 0x0, 0x0, 0xc010}, 0x40080) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-openat$cgroup_ro-socket$can_bcm-ioctl$ifreq_SIOCGIFINDEX_vcan-connect$can_bcm-sendmsg$can_bcm-sendmsg$can_bcm-getsockopt$WPAN_SECURITY-mknod$loop-openat$fuse-mount$fuse-mount$fuse-write$cgroup_subtree-mmap-ioctl$BINDER_GET_NODE_DEBUG_INFO detailed listing: executing program 0: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r2, &(0x7f00000000c0)={0x1d, r3}, 0x10) sendmsg$can_bcm(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x1, 0x400, 0x0, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @can={{0x4, 0x0, 0x1}, 0x2, 0x3, 0x0, 0x0, "7b442856bfec870b"}}, 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0x0) (async) sendmsg$can_bcm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x1, 0x202, 0x80000000, {0x77359400}, {}, {}, 0x1, @can={{0x0, 0x1, 0x1, 0x1}, 0x4, 0x1, 0x0, 0x0, "4c86b8b1f25c1517"}}, 0x48}}, 0x40000) getsockopt$WPAN_SECURITY(r1, 0x0, 0x1, &(0x7f0000000000), &(0x7f0000000200)=0x4) (async) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) (async) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x808025, &(0x7f0000000340)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x1000}}) (async) write$cgroup_subtree(r1, &(0x7f0000000200)=ANY=[], 0x32600) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) (async) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000280)={0x2}) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_netfilter-syz_open_dev$evdev-syz_open_dev$evdev-ioctl$EVIOCGKEY-ioctl$EVIOCGKEY-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_X86_SETUP_MCE-syz_open_procfs-getdents64-getdents64-sendmsg$IPCTNL_MSG_EXP_NEW detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae03, 0xbb) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) (async) r2 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCGKEY(r2, 0x80404529, 0x0) (async) ioctl$EVIOCGKEY(r2, 0x80404529, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x90900, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000480)={0x7, 0x3, 0x9}) r6 = syz_open_procfs(0x0, &(0x7f0000000500)='fdinfo\x00') getdents64(r6, 0xffffffffffffffff, 0x0) (async) getdents64(r6, 0xffffffffffffffff, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="40000000000203000000000000000000020000052400028014000180080001000000000008000200ac1e00010c000280050001000000000004000380040001805df5b1f88806afab3f5e1a6aeb2c1fe0fda1ab63bcc59282f939b19d5824f18211e9673dfa387b0752c4a78a25db793c0ef6c54dc4ce4612941cdaf1e7fcbc6c05aa4d998005b48171"], 0x40}}, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-socket$nl_netfilter-syz_open_dev$evdev-syz_open_dev$evdev-ioctl$EVIOCGKEY-ioctl$EVIOCGKEY-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_X86_SETUP_MCE-syz_open_procfs-getdents64-getdents64-sendmsg$IPCTNL_MSG_EXP_NEW detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae03, 0xbb) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) (async) r2 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCGKEY(r2, 0x80404529, 0x0) (async) ioctl$EVIOCGKEY(r2, 0x80404529, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x90900, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000480)={0x7, 0x3, 0x9}) r6 = syz_open_procfs(0x0, &(0x7f0000000500)='fdinfo\x00') getdents64(r6, 0xffffffffffffffff, 0x0) (async) getdents64(r6, 0xffffffffffffffff, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="40000000000203000000000000000000020000052400028014000180080001000000000008000200ac1e00010c000280050001000000000004000380040001805df5b1f88806afab3f5e1a6aeb2c1fe0fda1ab63bcc59282f939b19d5824f18211e9673dfa387b0752c4a78a25db793c0ef6c54dc4ce4612941cdaf1e7fcbc6c05aa4d998005b48171"], 0x40}}, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$TCSETSF2-openat$ptmx-ioctl$TIOCSETD-ioctl$TCSETS-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_GET_MSRS_cpu-openat$nullb-kexec_load-dup-mmap-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-sendmsg$NFT_MSG_GETOBJ-syz_genetlink_get_family_id$nl80211-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_FRAME-sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH-write$binfmt_aout-ioctl$TCSETSF detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x3, 0x0, 0x717e387b, 0x40, "1ae34e0626788a22b2fb12dab240794233a5bd", 0x4, 0x2}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r1, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x1, 0x400000, 0x18, "3eccd8000000000000000010000000040100"}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r3, 0xc008ae88, &(0x7f0000000300)={0x1, 0x0, [{0x287, 0x0, 0x4}]}) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) kexec_load(0xd, 0x0, 0x0, 0x1) r5 = dup(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r5, 0x2000) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)={0x20, 0x15, 0xa, 0x201, 0x0, 0x0, {}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x24040810}, 0x24040808) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r5) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000003540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000003740)={0x0, 0x0, &(0x7f0000003700)={&(0x7f0000000200)={0x54, r9, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x38, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xe}, @broadcast, @device_a, @initial, {0x3, 0x9}}, 0x0, @val={0x8c, 0x18, {0xb04, "8102c39cce7a", @long="34f65f0783a1827c1990d436b1aab92d"}}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20040080}, 0x28004800) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r5, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x34, r7, 0x20, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) write$binfmt_aout(r5, 0x0, 0xffffffdb) ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000040)={0x1, 0x4, 0x800, 0x7, 0x1a, "784428eac5f5d6c5444da209cf4d280168636c"}) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$TCSETSF2-openat$ptmx-ioctl$TIOCSETD-ioctl$TCSETS-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_GET_MSRS_cpu-openat$nullb-kexec_load-dup-mmap-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-sendmsg$NFT_MSG_GETOBJ-syz_genetlink_get_family_id$nl80211-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_FRAME-sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH-write$binfmt_aout-ioctl$TCSETSF detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x3, 0x0, 0x717e387b, 0x40, "1ae34e0626788a22b2fb12dab240794233a5bd", 0x4, 0x2}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r1, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x1, 0x400000, 0x18, "3eccd8000000000000000010000000040100"}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r3, 0xc008ae88, &(0x7f0000000300)={0x1, 0x0, [{0x287, 0x0, 0x4}]}) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) kexec_load(0xd, 0x0, 0x0, 0x1) r5 = dup(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r5, 0x2000) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)={0x20, 0x15, 0xa, 0x201, 0x0, 0x0, {}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x24040810}, 0x24040808) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r5) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000003540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000003740)={0x0, 0x0, &(0x7f0000003700)={&(0x7f0000000200)={0x54, r9, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x38, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xe}, @broadcast, @device_a, @initial, {0x3, 0x9}}, 0x0, @val={0x8c, 0x18, {0xb04, "8102c39cce7a", @long="34f65f0783a1827c1990d436b1aab92d"}}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20040080}, 0x28004800) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r5, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x34, r7, 0x20, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) write$binfmt_aout(r5, 0x0, 0xffffffdb) ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000040)={0x1, 0x4, 0x800, 0x7, 0x1a, "784428eac5f5d6c5444da209cf4d280168636c"}) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x42002, 0x0) fallocate(r0, 0x11, 0x600, 0x8000000000203) program crashed: INFO: task hung in blkdev_fallocate single: successfully extracted reproducer found reproducer with 2 syscalls minimizing guilty program testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb detailed listing: executing program 0: openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x42002, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fallocate detailed listing: executing program 0: fallocate(0xffffffffffffffff, 0x11, 0x600, 0x8000000000203) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x42002, 0x0) fallocate(r0, 0x11, 0x600, 0x8000000000203) program did not crash extracting C reproducer testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate program crashed: INFO: task hung in blkdev_fallocate simplifying C reproducer testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate program crashed: INFO: task hung in blkdev_fallocate testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate program crashed: INFO: task hung in blkdev_fallocate testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate program crashed: INFO: task hung in blkdev_fallocate testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate program crashed: INFO: task hung in blkdev_fallocate testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate program crashed: INFO: task hung in blkdev_fallocate testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate program crashed: INFO: task hung in blkdev_fallocate testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x42002, 0x0) fallocate(r0, 0x11, 0x600, 0x8000000000203) program crashed: INFO: task hung in blkdev_fallocate validation run: crashed=true testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x42002, 0x0) fallocate(r0, 0x11, 0x600, 0x8000000000203) program crashed: INFO: task hung in blkdev_fallocate validation run: crashed=true testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-fallocate detailed listing: executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x42002, 0x0) fallocate(r0, 0x11, 0x600, 0x8000000000203) program crashed: INFO: task hung in blkdev_fallocate validation run: crashed=true reproducing took 2h41m1.521011638s repro crashed as (corrupted=false): INFO: task syz.2.19:6071 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.2.19 state:D stack:27072 pid:6071 tgid:6071 ppid:5964 task_flags:0x400040 flags:0x00080002 Call Trace: context_switch kernel/sched/core.c:5295 [inline] __schedule+0x1585/0x5340 kernel/sched/core.c:6907 __schedule_loop kernel/sched/core.c:6989 [inline] schedule+0x164/0x360 kernel/sched/core.c:7004 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061 rwsem_down_write_slowpath+0x899/0x1040 kernel/locking/rwsem.c:1185 __down_write_common kernel/locking/rwsem.c:1317 [inline] __down_write kernel/locking/rwsem.c:1326 [inline] down_write+0x1bc/0x200 kernel/locking/rwsem.c:1591 inode_lock include/linux/fs.h:1028 [inline] blkdev_fallocate+0x260/0x530 block/fops.c:908 vfs_fallocate+0x669/0x7e0 fs/open.c:340 ksys_fallocate fs/open.c:364 [inline] __do_sys_fallocate fs/open.c:369 [inline] __se_sys_fallocate fs/open.c:367 [inline] __x64_sys_fallocate+0xc0/0x110 fs/open.c:367 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f6b4b19c629 RSP: 002b:00007fff6a58c2a8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 00007f6b4b415fa0 RCX: 00007f6b4b19c629 RDX: 0000000000000600 RSI: 0000000000000011 RDI: 0000000000000003 RBP: 00007f6b4b232b39 R08: 0000000000000000 R09: 0000000000000000 R10: 0008000000000203 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f6b4b415fac R14: 00007f6b4b415fa0 R15: 00007f6b4b415fa0 INFO: task syz.3.20:6072 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.3.20 state:D stack:27072 pid:6072 tgid:6072 ppid:5960 task_flags:0x400040 flags:0x00080002 Call Trace: context_switch kernel/sched/core.c:5295 [inline] __schedule+0x1585/0x5340 kernel/sched/core.c:6907 __schedule_loop kernel/sched/core.c:6989 [inline] schedule+0x164/0x360 kernel/sched/core.c:7004 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061 rwsem_down_write_slowpath+0x899/0x1040 kernel/locking/rwsem.c:1185 __down_write_common kernel/locking/rwsem.c:1317 [inline] __down_write kernel/locking/rwsem.c:1326 [inline] down_write+0x1bc/0x200 kernel/locking/rwsem.c:1591 inode_lock include/linux/fs.h:1028 [inline] blkdev_fallocate+0x260/0x530 block/fops.c:908 vfs_fallocate+0x669/0x7e0 fs/open.c:340 ksys_fallocate fs/open.c:364 [inline] __do_sys_fallocate fs/open.c:369 [inline] __se_sys_fallocate fs/open.c:367 [inline] __x64_sys_fallocate+0xc0/0x110 fs/open.c:367 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f4355d9c629 RSP: 002b:00007ffedadc1e78 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 00007f4356015fa0 RCX: 00007f4355d9c629 RDX: 0000000000000600 RSI: 0000000000000011 RDI: 0000000000000003 RBP: 00007f4355e32b39 R08: 0000000000000000 R09: 0000000000000000 R10: 0008000000000203 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f4356015fac R14: 00007f4356015fa0 R15: 00007f4356015fa0 INFO: task syz.1.18:6073 blocked for more than 144 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.1.18 state:D stack:27072 pid:6073 tgid:6073 ppid:5969 task_flags:0x400040 flags:0x00080002 Call Trace: context_switch kernel/sched/core.c:5295 [inline] __schedule+0x1585/0x5340 kernel/sched/core.c:6907 __schedule_loop kernel/sched/core.c:6989 [inline] schedule+0x164/0x360 kernel/sched/core.c:7004 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061 rwsem_down_write_slowpath+0x899/0x1040 kernel/locking/rwsem.c:1185 __down_write_common kernel/locking/rwsem.c:1317 [inline] __down_write kernel/locking/rwsem.c:1326 [inline] down_write+0x1bc/0x200 kernel/locking/rwsem.c:1591 inode_lock include/linux/fs.h:1028 [inline] blkdev_fallocate+0x260/0x530 block/fops.c:908 vfs_fallocate+0x669/0x7e0 fs/open.c:340 ksys_fallocate fs/open.c:364 [inline] __do_sys_fallocate fs/open.c:369 [inline] __se_sys_fallocate fs/open.c:367 [inline] __x64_sys_fallocate+0xc0/0x110 fs/open.c:367 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3f3a39c629 RSP: 002b:00007ffecce0b388 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 00007f3f3a615fa0 RCX: 00007f3f3a39c629 RDX: 0000000000000600 RSI: 0000000000000011 RDI: 0000000000000003 RBP: 00007f3f3a432b39 R08: 0000000000000000 R09: 0000000000000000 R10: 0008000000000203 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f3f3a615fac R14: 00007f3f3a615fa0 R15: 00007f3f3a615fa0 Showing all locks held in the system: 1 lock held by ksoftirqd/1/23: #0: ffff8880b853ade0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 kernel/sched/core.c:647 1 lock held by khungtaskd/31: #0: ffffffff8e9602e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #0: ffffffff8e9602e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #0: ffffffff8e9602e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775 3 locks held by kworker/u8:3/49: #0: ffff888032890148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x855/0x1650 kernel/workqueue.c:3254 #1: ffffc90000b97c40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650 kernel/workqueue.c:3255 #2: ffffffff8fdf0d08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline] #2: ffffffff8fdf0d08 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x11e/0x14c0 net/ipv6/addrconf.c:4199 2 locks held by getty/5585: #0: ffff888037cb30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243 #1: ffffc900033332f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211 3 locks held by kworker/0:5/6069: #0: ffff88813ff47548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x855/0x1650 kernel/workqueue.c:3254 #1: ffff8880b8424588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 kernel/sched/psi.c:933 #2: ffff8880b84271d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base kernel/time/timer.c:1004 [inline] #2: ffff8880b84271d8 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30 kernel/time/timer.c:1085 2 locks held by syz.0.17/6070: 1 lock held by syz.2.19/6071: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.3.20/6072: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.1.18/6073: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.5.22/6190: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.7.24/6191: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.4.21/6192: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.6.23/6193: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.8.25/6270: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.1.28/6287: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.0.27/6288: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.9.26/6289: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.2.29/6352: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.5.31/6383: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.3.30/6384: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.4.32/6385: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.6.33/6447: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.8.35/6491: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.9.36/6497: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.7.34/6498: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.0.37/6521: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.1.38/6579: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.2.39/6580: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.3.40/6581: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.5.41/6608: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 3 locks held by syz-executor/6629: #0: ffffffff8fdf0d08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline] #0: ffffffff8fdf0d08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline] #0: ffffffff8fdf0d08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071 #1: ffff88804f895528 (&wg->device_update_lock){+.+.}-{4:4}, at: wg_open+0x227/0x420 drivers/net/wireguard/device.c:50 #2: ffffffff8e966578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:311 [inline] #2: ffffffff8e966578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770 kernel/rcu/tree_exp.h:961 1 lock held by syz.4.42/6690: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.6.43/6694: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 ============================================= NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline] __sys_info lib/sys_info.c:157 [inline] sys_info+0x135/0x170 lib/sys_info.c:165 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline] watchdog+0xfd9/0x1030 kernel/hung_task.c:515 kthread+0x388/0x470 kernel/kthread.c:467 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 Workqueue: events_unbound nsim_dev_trap_report_work RIP: 0010:stack_trace_save+0x5d/0x100 kernel/stacktrace.c:114 Code: 24 08 fc a2 fc 8d 48 c7 44 24 10 60 15 b1 81 48 89 e3 48 c1 eb 03 48 b9 f1 f1 f1 f1 f8 f8 f8 f3 49 be 00 00 00 00 00 fc ff df <4a> 89 0c 33 42 c7 44 33 08 f3 f3 f3 f3 66 42 c7 44 33 04 00 00 42 RSP: 0018:ffffc90000007a80 EFLAGS: 00000a06 RAX: ffffc90000007aa0 RBX: 1ffff92000000f50 RCX: f3f8f8f8f1f1f1f1 RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffffc90000007b30 RBP: ffffc90000007b20 R08: dffffc0000000000 R09: 0000000000000000 R10: ffffc90000007b30 R11: fffffbfff2067957 R12: ffffea00016b2980 R13: ffff8880767b5880 R14: dffffc0000000000 R15: ffffc90000007b30 FS: 0000000000000000(0000) GS:ffff888124fff000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32863fff CR3: 0000000055960000 CR4: 00000000003526f0 Call Trace: kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584 poison_slab_object mm/kasan/common.c:253 [inline] __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:285 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:2687 [inline] slab_free_after_rcu_debug+0x126/0x220 mm/slub.c:6189 rcu_do_batch kernel/rcu/tree.c:2617 [inline] rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869 handle_softirqs+0x22a/0x870 kernel/softirq.c:626 do_softirq+0x76/0xd0 kernel/softirq.c:523 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450 local_bh_enable include/linux/bottom_half.h:33 [inline] __alloc_skb+0x1aa/0x7d0 net/core/skbuff.c:697 alloc_skb include/linux/skbuff.h:1383 [inline] nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:819 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:876 [inline] nsim_dev_trap_report_work+0x29a/0xb80 drivers/net/netdevsim/dev.c:922 process_one_work+0x949/0x1650 kernel/workqueue.c:3279 process_scheduled_works kernel/workqueue.c:3362 [inline] worker_thread+0xb46/0x1140 kernel/workqueue.c:3443 kthread+0x388/0x470 kernel/kthread.c:467 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 final repro crashed as (corrupted=false): INFO: task syz.2.19:6071 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.2.19 state:D stack:27072 pid:6071 tgid:6071 ppid:5964 task_flags:0x400040 flags:0x00080002 Call Trace: context_switch kernel/sched/core.c:5295 [inline] __schedule+0x1585/0x5340 kernel/sched/core.c:6907 __schedule_loop kernel/sched/core.c:6989 [inline] schedule+0x164/0x360 kernel/sched/core.c:7004 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061 rwsem_down_write_slowpath+0x899/0x1040 kernel/locking/rwsem.c:1185 __down_write_common kernel/locking/rwsem.c:1317 [inline] __down_write kernel/locking/rwsem.c:1326 [inline] down_write+0x1bc/0x200 kernel/locking/rwsem.c:1591 inode_lock include/linux/fs.h:1028 [inline] blkdev_fallocate+0x260/0x530 block/fops.c:908 vfs_fallocate+0x669/0x7e0 fs/open.c:340 ksys_fallocate fs/open.c:364 [inline] __do_sys_fallocate fs/open.c:369 [inline] __se_sys_fallocate fs/open.c:367 [inline] __x64_sys_fallocate+0xc0/0x110 fs/open.c:367 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f6b4b19c629 RSP: 002b:00007fff6a58c2a8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 00007f6b4b415fa0 RCX: 00007f6b4b19c629 RDX: 0000000000000600 RSI: 0000000000000011 RDI: 0000000000000003 RBP: 00007f6b4b232b39 R08: 0000000000000000 R09: 0000000000000000 R10: 0008000000000203 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f6b4b415fac R14: 00007f6b4b415fa0 R15: 00007f6b4b415fa0 INFO: task syz.3.20:6072 blocked for more than 143 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.3.20 state:D stack:27072 pid:6072 tgid:6072 ppid:5960 task_flags:0x400040 flags:0x00080002 Call Trace: context_switch kernel/sched/core.c:5295 [inline] __schedule+0x1585/0x5340 kernel/sched/core.c:6907 __schedule_loop kernel/sched/core.c:6989 [inline] schedule+0x164/0x360 kernel/sched/core.c:7004 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061 rwsem_down_write_slowpath+0x899/0x1040 kernel/locking/rwsem.c:1185 __down_write_common kernel/locking/rwsem.c:1317 [inline] __down_write kernel/locking/rwsem.c:1326 [inline] down_write+0x1bc/0x200 kernel/locking/rwsem.c:1591 inode_lock include/linux/fs.h:1028 [inline] blkdev_fallocate+0x260/0x530 block/fops.c:908 vfs_fallocate+0x669/0x7e0 fs/open.c:340 ksys_fallocate fs/open.c:364 [inline] __do_sys_fallocate fs/open.c:369 [inline] __se_sys_fallocate fs/open.c:367 [inline] __x64_sys_fallocate+0xc0/0x110 fs/open.c:367 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f4355d9c629 RSP: 002b:00007ffedadc1e78 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 00007f4356015fa0 RCX: 00007f4355d9c629 RDX: 0000000000000600 RSI: 0000000000000011 RDI: 0000000000000003 RBP: 00007f4355e32b39 R08: 0000000000000000 R09: 0000000000000000 R10: 0008000000000203 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f4356015fac R14: 00007f4356015fa0 R15: 00007f4356015fa0 INFO: task syz.1.18:6073 blocked for more than 144 seconds. Not tainted syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.1.18 state:D stack:27072 pid:6073 tgid:6073 ppid:5969 task_flags:0x400040 flags:0x00080002 Call Trace: context_switch kernel/sched/core.c:5295 [inline] __schedule+0x1585/0x5340 kernel/sched/core.c:6907 __schedule_loop kernel/sched/core.c:6989 [inline] schedule+0x164/0x360 kernel/sched/core.c:7004 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061 rwsem_down_write_slowpath+0x899/0x1040 kernel/locking/rwsem.c:1185 __down_write_common kernel/locking/rwsem.c:1317 [inline] __down_write kernel/locking/rwsem.c:1326 [inline] down_write+0x1bc/0x200 kernel/locking/rwsem.c:1591 inode_lock include/linux/fs.h:1028 [inline] blkdev_fallocate+0x260/0x530 block/fops.c:908 vfs_fallocate+0x669/0x7e0 fs/open.c:340 ksys_fallocate fs/open.c:364 [inline] __do_sys_fallocate fs/open.c:369 [inline] __se_sys_fallocate fs/open.c:367 [inline] __x64_sys_fallocate+0xc0/0x110 fs/open.c:367 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3f3a39c629 RSP: 002b:00007ffecce0b388 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 00007f3f3a615fa0 RCX: 00007f3f3a39c629 RDX: 0000000000000600 RSI: 0000000000000011 RDI: 0000000000000003 RBP: 00007f3f3a432b39 R08: 0000000000000000 R09: 0000000000000000 R10: 0008000000000203 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f3f3a615fac R14: 00007f3f3a615fa0 R15: 00007f3f3a615fa0 Showing all locks held in the system: 1 lock held by ksoftirqd/1/23: #0: ffff8880b853ade0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 kernel/sched/core.c:647 1 lock held by khungtaskd/31: #0: ffffffff8e9602e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #0: ffffffff8e9602e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #0: ffffffff8e9602e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775 3 locks held by kworker/u8:3/49: #0: ffff888032890148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x855/0x1650 kernel/workqueue.c:3254 #1: ffffc90000b97c40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x87c/0x1650 kernel/workqueue.c:3255 #2: ffffffff8fdf0d08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline] #2: ffffffff8fdf0d08 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x11e/0x14c0 net/ipv6/addrconf.c:4199 2 locks held by getty/5585: #0: ffff888037cb30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243 #1: ffffc900033332f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211 3 locks held by kworker/0:5/6069: #0: ffff88813ff47548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x855/0x1650 kernel/workqueue.c:3254 #1: ffff8880b8424588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 kernel/sched/psi.c:933 #2: ffff8880b84271d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base kernel/time/timer.c:1004 [inline] #2: ffff8880b84271d8 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30 kernel/time/timer.c:1085 2 locks held by syz.0.17/6070: 1 lock held by syz.2.19/6071: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.3.20/6072: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.1.18/6073: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.5.22/6190: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.7.24/6191: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.4.21/6192: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.6.23/6193: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.8.25/6270: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.1.28/6287: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.0.27/6288: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.9.26/6289: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.2.29/6352: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.5.31/6383: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.3.30/6384: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.4.32/6385: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.6.33/6447: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.8.35/6491: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.9.36/6497: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.7.34/6498: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.0.37/6521: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.1.38/6579: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.2.39/6580: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.3.40/6581: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.5.41/6608: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 3 locks held by syz-executor/6629: #0: ffffffff8fdf0d08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline] #0: ffffffff8fdf0d08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline] #0: ffffffff8fdf0d08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071 #1: ffff88804f895528 (&wg->device_update_lock){+.+.}-{4:4}, at: wg_open+0x227/0x420 drivers/net/wireguard/device.c:50 #2: ffffffff8e966578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:311 [inline] #2: ffffffff8e966578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770 kernel/rcu/tree_exp.h:961 1 lock held by syz.4.42/6690: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 1 lock held by syz.6.43/6694: #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline] #0: ffff8880241187a8 (&sb->s_type->i_mutex_key#11){++++}-{4:4}, at: blkdev_fallocate+0x260/0x530 block/fops.c:908 ============================================= NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline] __sys_info lib/sys_info.c:157 [inline] sys_info+0x135/0x170 lib/sys_info.c:165 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline] watchdog+0xfd9/0x1030 kernel/hung_task.c:515 kthread+0x388/0x470 kernel/kthread.c:467 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 Workqueue: events_unbound nsim_dev_trap_report_work RIP: 0010:stack_trace_save+0x5d/0x100 kernel/stacktrace.c:114 Code: 24 08 fc a2 fc 8d 48 c7 44 24 10 60 15 b1 81 48 89 e3 48 c1 eb 03 48 b9 f1 f1 f1 f1 f8 f8 f8 f3 49 be 00 00 00 00 00 fc ff df <4a> 89 0c 33 42 c7 44 33 08 f3 f3 f3 f3 66 42 c7 44 33 04 00 00 42 RSP: 0018:ffffc90000007a80 EFLAGS: 00000a06 RAX: ffffc90000007aa0 RBX: 1ffff92000000f50 RCX: f3f8f8f8f1f1f1f1 RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffffc90000007b30 RBP: ffffc90000007b20 R08: dffffc0000000000 R09: 0000000000000000 R10: ffffc90000007b30 R11: fffffbfff2067957 R12: ffffea00016b2980 R13: ffff8880767b5880 R14: dffffc0000000000 R15: ffffc90000007b30 FS: 0000000000000000(0000) GS:ffff888124fff000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32863fff CR3: 0000000055960000 CR4: 00000000003526f0 Call Trace: kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:78 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584 poison_slab_object mm/kasan/common.c:253 [inline] __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:285 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:2687 [inline] slab_free_after_rcu_debug+0x126/0x220 mm/slub.c:6189 rcu_do_batch kernel/rcu/tree.c:2617 [inline] rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869 handle_softirqs+0x22a/0x870 kernel/softirq.c:626 do_softirq+0x76/0xd0 kernel/softirq.c:523 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450 local_bh_enable include/linux/bottom_half.h:33 [inline] __alloc_skb+0x1aa/0x7d0 net/core/skbuff.c:697 alloc_skb include/linux/skbuff.h:1383 [inline] nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:819 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:876 [inline] nsim_dev_trap_report_work+0x29a/0xb80 drivers/net/netdevsim/dev.c:922 process_one_work+0x949/0x1650 kernel/workqueue.c:3279 process_scheduled_works kernel/workqueue.c:3362 [inline] worker_thread+0xb46/0x1140 kernel/workqueue.c:3443 kthread+0x388/0x470 kernel/kthread.c:467 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245