Extracting prog: 5m51.172843873s
Minimizing prog: 31m6.002907445s
Simplifying prog options: 17m8.436112176s
Extracting C: 5m14.136095495s
Simplifying C: 0s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_BLKTRACESETUP-ioctl$SG_BLKTRACETEARDOWN
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x0, 0x10000, 0x7ffb, 0x2})
ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x0)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_BLKTRACESETUP-ioctl$SG_BLKTRACETEARDOWN
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x0, 0x10000, 0x7ffb, 0x2})
ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x0)

program crashed: kernel panic: hung_task: blocked tasks
single: successfully extracted reproducer
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_BLKTRACESETUP
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x0, 0x10000, 0x7ffb, 0x2})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_BLKTRACETEARDOWN
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$SG_BLKTRACESETUP-ioctl$SG_BLKTRACETEARDOWN
detailed listing:
executing program 0:
ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000040)={'\x00', 0x0, 0x10000, 0x7ffb, 0x2})
ioctl$SG_BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_BLKTRACESETUP-ioctl$SG_BLKTRACETEARDOWN
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x0, 0x10000, 0x7ffb, 0x2})
ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_BLKTRACESETUP-ioctl$SG_BLKTRACETEARDOWN
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_BLKTRACESETUP(r0, 0xc0481273, 0x0)
ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_BLKTRACESETUP-ioctl$SG_BLKTRACETEARDOWN
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_BLKTRACESETUP-ioctl$SG_BLKTRACETEARDOWN
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x0, 0x10000, 0x7ffb, 0x2})
ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_BLKTRACESETUP-ioctl$SG_BLKTRACETEARDOWN
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x0, 0x10000, 0x7ffb, 0x2})
ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x0)

program crashed: kernel panic: hung_task: blocked tasks
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_BLKTRACESETUP-ioctl$SG_BLKTRACETEARDOWN
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
reproducing took 59m19.591278701s
repro crashed as (corrupted=true):
Kernel panic - not syncing: hung_task: blocked tasks
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x3d/0x1f0 lib/dump_stack.c:120
 panic+0x71c/0x800 kernel/panic.c:354
 check_hung_uninterruptible_tasks kernel/hung_task.c:240 [inline]
 watchdog+0xdeb/0x12c0 kernel/hung_task.c:399
 kthread+0x3a7/0x760 kernel/kthread.c:464
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..

report is corrupted, running repro again
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_BLKTRACESETUP-ioctl$SG_BLKTRACETEARDOWN
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x0, 0x10000, 0x7ffb, 0x2})
ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x0)

program crashed: kernel panic: hung_task: blocked tasks
report is corrupted, running repro again
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_BLKTRACESETUP-ioctl$SG_BLKTRACETEARDOWN
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x0, 0x10000, 0x7ffb, 0x2})
ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x0)

program crashed: kernel panic: hung_task: blocked tasks
report is corrupted, running repro again
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_BLKTRACESETUP-ioctl$SG_BLKTRACETEARDOWN
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x0, 0x10000, 0x7ffb, 0x2})
ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x0)

program crashed: kernel panic: hung_task: blocked tasks
final repro crashed as (corrupted=true):
Kernel panic - not syncing: hung_task: blocked tasks
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x3d/0x1f0 lib/dump_stack.c:120
 panic+0x71c/0x800 kernel/panic.c:354
 check_hung_uninterruptible_tasks kernel/hung_task.c:240 [inline]
 watchdog+0xdeb/0x12c0 kernel/hung_task.c:399
 kthread+0x3a7/0x760 kernel/kthread.c:464
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..