Extracting prog: 37m49.610251593s Minimizing prog: 1h2m37.801541741s Simplifying prog options: 15m59.884510792s Extracting C: 5m12.445153436s Simplifying C: 0s extracting reproducer from 49 programs testing a last program of every proc single: executing 11 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_FRAME detailed listing: executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x398}}, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-bind$netlink-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-bpf$PROG_LOAD-bpf$BPF_PROG_TEST_RUN detailed listing: executing program 0: r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000000200)={0x10, 0x0, 0x25dfdbfe, 0x2}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x10}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0x2f9, 0xffffca88, &(0x7f0000000040)="b90103600040f000009e0ff008001fffffe100004000632f77fb7f0200017f020001be3e7d2a182fff", 0x0, 0x104, 0x6000000000000000, 0x0, 0xfeb9, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7"}, 0x28) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close_range detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$loop-sendmsg$nl_route_sched-getpid-socketpair$unix-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-openat$cgroup_ro-sendmmsg$unix-sched_setaffinity-recvmmsg-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-io_uring_register$IORING_REGISTER_PERSONALITY-syz_io_uring_submit-io_uring_enter-memfd_create-pwritev-sendfile-ioctl$LOOP_SET_STATUS detailed listing: executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fsopen(&(0x7f0000000400)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat$cgroup_ro(r5, &(0x7f0000000340)='cgroup.stat\x00', 0x300, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = syz_io_uring_setup(0x11a, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xfffffffc, 0x245}, &(0x7f0000000000)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) syz_io_uring_submit(r8, r9, &(0x7f00000000c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd=r6, 0x9, 0x0, 0x0, 0x0, 0x0, {0xfffe, r10}}) io_uring_enter(r7, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) r11 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r0, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x2, {0x0, 0x0, 0x0, r6, {0xffff}, {}, {0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT-syz_open_dev$ndb detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) syz_open_dev$ndb(&(0x7f00000002c0), 0x0, 0x0) program crashed: INFO: task hung in bdev_open single: successfully extracted reproducer found reproducer with 7 syscalls minimizing guilty program testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) program crashed: INFO: task hung in bdev_release testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) ioctl$NBD_DO_IT(r1, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, 0xffffffffffffffff) ioctl$NBD_DO_IT(r1, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r1) ioctl$NBD_DO_IT(0xffffffffffffffff, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) r0 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: ioctl$NBD_SET_SIZE_BLOCKS(0xffffffffffffffff, 0xab07, 0xb) r0 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_DO_IT(r0, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(0x0, 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, 0xffffffffffffffff) ioctl$NBD_DO_IT(r1, 0xab03) program did not crash extracting C reproducer testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT program crashed: no output from test machine a never seen crash title: no output from test machine, ignore simplifying guilty program options testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT detailed listing: executing program 0: r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xb) r1 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) program crashed: INFO: task hung in bdev_release extracting C reproducer testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ndb-ioctl$NBD_SET_SIZE_BLOCKS-syz_open_dev$ndb-socketpair$nbd-ioctl$NBD_SET_SOCK-ioctl$NBD_DO_IT program crashed: no output from test machine a never seen crash title: no output from test machine, ignore reproducing took 2h1m37.974213175s repro crashed as (corrupted=false): INFO: task syz.0.16:6577 blocked for more than 143 seconds. Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.16 state:D stack:0 pid:6577 tgid:6577 ppid:6522 flags:0x00000001 Call trace: __switch_to+0x414/0x788 arch/arm64/kernel/process.c:701 (T) context_switch kernel/sched/core.c:5369 [inline] __schedule+0x1744/0x27f0 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0xbc/0x238 kernel/sched/core.c:6848 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6905 __mutex_lock_common+0xeec/0x28f4 kernel/locking/mutex.c:665 __mutex_lock kernel/locking/mutex.c:735 [inline] mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:787 bdev_release+0x168/0x644 block/bdev.c:1086 blkdev_release+0x20/0x34 block/fops.c:635 __fput+0x1bc/0x75c fs/file_table.c:450 ____fput+0x20/0x30 fs/file_table.c:478 task_work_run+0x230/0x2e0 kernel/task_work.c:239 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] do_notify_resume+0x178/0x1f4 arch/arm64/kernel/entry-common.c:151 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:745 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 INFO: task syz.0.16:6578 blocked for more than 143 seconds. Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.16 state:D stack:0 pid:6578 tgid:6577 ppid:6522 flags:0x00000009 Call trace: __switch_to+0x414/0x788 arch/arm64/kernel/process.c:701 (T) context_switch kernel/sched/core.c:5369 [inline] __schedule+0x1744/0x27f0 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0xbc/0x238 kernel/sched/core.c:6848 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6905 __mutex_lock_common+0xeec/0x28f4 kernel/locking/mutex.c:665 __mutex_lock kernel/locking/mutex.c:735 [inline] mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:787 bdev_release+0x168/0x644 block/bdev.c:1086 blkdev_release+0x20/0x34 block/fops.c:635 __fput+0x1bc/0x75c fs/file_table.c:450 ____fput+0x20/0x30 fs/file_table.c:478 task_work_run+0x230/0x2e0 kernel/task_work.c:239 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] do_notify_resume+0x178/0x1f4 arch/arm64/kernel/entry-common.c:151 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:745 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Showing all locks held in the system: 1 lock held by khungtaskd/31: #0: ffff80008fb83160 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:336 3 locks held by kworker/u9:1/5988: #0: ffff0000ce5f2948 ((wq_completion)hci2){+.+.}-{0:0}, at: process_one_work+0x60c/0x15cc kernel/workqueue.c:3210 #1: ffff8000a26a7c20 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x6a4/0x15cc kernel/workqueue.c:3210 #2: ffff0000d6fb8d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x194/0x34c net/bluetooth/hci_sync.c:331 2 locks held by getty/6184: #0: ffff0000d27060a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340 #1: ffff80009ba1b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41c/0x1228 drivers/tty/n_tty.c:2211 1 lock held by udevd/6551: #0: ffff0000ca2d94c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.0.16/6577: #0: ffff0000ca2d94c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.0.16/6578: #0: ffff0000ca2d94c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6579: #0: ffff0000ca2dd4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by udevd/6589: #0: ffff0000ca8d94c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.1.17/6600: #0: ffff0000ca2dd4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.1.17/6601: #0: ffff0000ca2dd4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6605: #0: ffff0000ca3f14c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.2.18/6616: #0: ffff0000ca3f14c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.2.18/6617: #0: ffff0000ca3f14c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6621: #0: ffff0000ca3f54c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.3.19/6632: #0: ffff0000ca3f54c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.3.19/6633: #0: ffff0000ca3f54c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6639: #0: ffff0000ca8194c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.4.20/6659: #0: ffff0000ca8194c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.4.20/6660: #0: ffff0000ca8194c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6664: #0: ffff0000ca81d4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.5.21/6685: #0: ffff0000ca81d4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.5.21/6686: #0: ffff0000ca81d4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.6.22/6710: #0: ffff0000ca8d94c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.6.22/6711: #0: ffff0000ca8d94c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6714: #0: ffff0000c9eb44c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.7.23/6736: #0: ffff0000c9eb44c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.7.23/6737: #0: ffff0000c9eb44c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6738: #0: ffff0000ca8dd4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.8.24/6762: #0: ffff0000ca8dd4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.8.24/6764: #0: ffff0000ca8dd4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6771: #0: ffff0000ca9b84c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.9.25/6795: #0: ffff0000ca9b84c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.9.25/6796: #0: ffff0000ca9b84c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 ============================================= final repro crashed as (corrupted=false): INFO: task syz.0.16:6577 blocked for more than 143 seconds. Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.16 state:D stack:0 pid:6577 tgid:6577 ppid:6522 flags:0x00000001 Call trace: __switch_to+0x414/0x788 arch/arm64/kernel/process.c:701 (T) context_switch kernel/sched/core.c:5369 [inline] __schedule+0x1744/0x27f0 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0xbc/0x238 kernel/sched/core.c:6848 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6905 __mutex_lock_common+0xeec/0x28f4 kernel/locking/mutex.c:665 __mutex_lock kernel/locking/mutex.c:735 [inline] mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:787 bdev_release+0x168/0x644 block/bdev.c:1086 blkdev_release+0x20/0x34 block/fops.c:635 __fput+0x1bc/0x75c fs/file_table.c:450 ____fput+0x20/0x30 fs/file_table.c:478 task_work_run+0x230/0x2e0 kernel/task_work.c:239 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] do_notify_resume+0x178/0x1f4 arch/arm64/kernel/entry-common.c:151 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:745 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 INFO: task syz.0.16:6578 blocked for more than 143 seconds. Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.0.16 state:D stack:0 pid:6578 tgid:6577 ppid:6522 flags:0x00000009 Call trace: __switch_to+0x414/0x788 arch/arm64/kernel/process.c:701 (T) context_switch kernel/sched/core.c:5369 [inline] __schedule+0x1744/0x27f0 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0xbc/0x238 kernel/sched/core.c:6848 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6905 __mutex_lock_common+0xeec/0x28f4 kernel/locking/mutex.c:665 __mutex_lock kernel/locking/mutex.c:735 [inline] mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:787 bdev_release+0x168/0x644 block/bdev.c:1086 blkdev_release+0x20/0x34 block/fops.c:635 __fput+0x1bc/0x75c fs/file_table.c:450 ____fput+0x20/0x30 fs/file_table.c:478 task_work_run+0x230/0x2e0 kernel/task_work.c:239 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] do_notify_resume+0x178/0x1f4 arch/arm64/kernel/entry-common.c:151 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:745 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Showing all locks held in the system: 1 lock held by khungtaskd/31: #0: ffff80008fb83160 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0xc/0x44 include/linux/rcupdate.h:336 3 locks held by kworker/u9:1/5988: #0: ffff0000ce5f2948 ((wq_completion)hci2){+.+.}-{0:0}, at: process_one_work+0x60c/0x15cc kernel/workqueue.c:3210 #1: ffff8000a26a7c20 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x6a4/0x15cc kernel/workqueue.c:3210 #2: ffff0000d6fb8d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x194/0x34c net/bluetooth/hci_sync.c:331 2 locks held by getty/6184: #0: ffff0000d27060a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340 #1: ffff80009ba1b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41c/0x1228 drivers/tty/n_tty.c:2211 1 lock held by udevd/6551: #0: ffff0000ca2d94c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.0.16/6577: #0: ffff0000ca2d94c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.0.16/6578: #0: ffff0000ca2d94c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6579: #0: ffff0000ca2dd4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by udevd/6589: #0: ffff0000ca8d94c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.1.17/6600: #0: ffff0000ca2dd4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.1.17/6601: #0: ffff0000ca2dd4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6605: #0: ffff0000ca3f14c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.2.18/6616: #0: ffff0000ca3f14c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.2.18/6617: #0: ffff0000ca3f14c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6621: #0: ffff0000ca3f54c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.3.19/6632: #0: ffff0000ca3f54c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.3.19/6633: #0: ffff0000ca3f54c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6639: #0: ffff0000ca8194c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.4.20/6659: #0: ffff0000ca8194c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.4.20/6660: #0: ffff0000ca8194c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6664: #0: ffff0000ca81d4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.5.21/6685: #0: ffff0000ca81d4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.5.21/6686: #0: ffff0000ca81d4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.6.22/6710: #0: ffff0000ca8d94c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.6.22/6711: #0: ffff0000ca8d94c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6714: #0: ffff0000c9eb44c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.7.23/6736: #0: ffff0000c9eb44c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.7.23/6737: #0: ffff0000c9eb44c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6738: #0: ffff0000ca8dd4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.8.24/6762: #0: ffff0000ca8dd4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.8.24/6764: #0: ffff0000ca8dd4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by udevd/6771: #0: ffff0000ca9b84c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xd0/0xbd0 block/bdev.c:903 1 lock held by syz.9.25/6795: #0: ffff0000ca9b84c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 1 lock held by syz.9.25/6796: #0: ffff0000ca9b84c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x168/0x644 block/bdev.c:1086 =============================================