Extracting prog: 1h4m51.780292422s
Minimizing prog: 3h1m14.285606663s
Simplifying prog options: 10m33.95957951s
Extracting C: 5m3.05285273s
Simplifying C: 27m30.381978363s


extracting reproducer from 67 programs
testing a last program of every proc
single: executing 17 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-openat-socket$unix-openat$tun-ioctl$TUNSETIFF-socket-socket$unix-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route_sched-sendmsg$nl_route_sched-socket$kcm-openat$tun-close-socket$nl_generic-ioctl$SIOCSIFHWADDR-ioctl$sock_SIOCGIFINDEX-setsockopt$sock_attach_bpf-sendmsg$kcm-mmap-pwrite64-syz_io_uring_setup
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1210090, &(0x7f0000001300)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}]}, 0x1, 0x59c, &(0x7f0000001840)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQ9KArm51N03S3bmI2W7O/H0z2fWdm93nfmX3e7AwzTAB962j9TxrxVERcTCKGNywbiGzh0cZ6qytLxfsrS8UkarVLvySRRMS9laVic/0kez0UEcsR8f+I+CYfcTxd/8h9zUJ1YXFqvFwuzWb1kbnpqyPVhcUTV6bHJ0uTpZlTL7505uzpM2MnxzY2935tYy2/tb7e+PHmuze+e+X2zU8/O7JcfH88iXMxlC3b2I+d1Ngm+Ti3af7pbgTroaTXDWBbclme11PpfzEcuSzrW6ltHBwGd6V5QBfVBiNq6zYUgT6QSHroU83fAfXj3+a0m78/7pxvHIDU466uLBXfiWb8gca5idi/dmxy8NfkoSOT+vHm4d1sKHvS8vWIGB0YePT7n2Tfv+0b3YkG0lVfn2/sqEf3f7o+/kSL8Weoee70b2qOf6vZ+LfaIn6uzfh3scMYv7/+00dt418fjKdbxk/W4yct4qcR8WaH8W+99uXZdstqH0cci9bxm5LHnx8euXylXBpt/G0Z46tjR15u3/+Ig23iN87Z7l9ryMb+78valHbY/y++/fyZ5cfEf/7Zx+//Vtv/QES812H8/9z75NV2y+5cT+7WfwVsdf8nkY/bHcZ/4dzRH7Kis4YAAAAAAAAAALCD0rVr2ZK0sF5O00KhcQ/vf+NgWq5U545frszPTDSueTsc+bR5pdVwo57U62PZ9bjN+slN9VO5LGDuwFq9UKyUJ3rcdwAAAAAAAAAAAAAAAAAAAHhSHNp0//9vubX7/zc/rhrYq9o/8hvY6+Q/9K+H8z/pWTuA3ef/P/StmvyH/iX/oX/Jf+hf8h/6l/yH/iX/oX/JfwAAAAAAAAAAAAAAAAAAAAAAAAAA6IqLFy7Up9r9laVivT4xsDA/VXnrxESpOlWYni8WipXZq4XJSmWyXCoUK9N/9XlJpXJ1NGbmr43MlapzI9WFxTemK/MzzWeKlvJd7xEAAAAAAAAAAAAAAAAAAAD88wytTUlaiMg36mlaKET8KyIOJ5FcvlIujUbEvyPi+1x+sF4f63WjAQAAAAAAAAAAAAAAAAAAYI+pLixOjZfLpdnuFQayUF0M0XlhYCsrR8Tyzjaj/olbflc+24A93nR7o5B7Mr6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qQc3/Xb6jj+62yAAAAAAAAAAAAAAAAAAAADoS+nPSUTUp2PDzw1tXrovWc2tvUbE27cufXBtfG5udqw+/+76/LkPs/kne9F+oFPNPE0jop7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPVhcWp8XK5NLvNwmAH6/S6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb8WcAAAD//y4WzlE=") (async)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) (async)
r1 = socket$unix(0x1, 0x1, 0x0) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x5}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x7}}]}}]}, 0x48}}, 0x0) (async)
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x0, 0x5}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)
r6 = socket$kcm(0x11, 0x3, 0x0) (async)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56) (async)
sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r8, 0xa}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accb", 0x26}], 0x1}, 0x4) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0)
pwrite64(r0, &(0x7f0000000100)="c6", 0x1, 0x8000)
syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1064, 0x80, 0x4, 0x224}, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-setsockopt$packet_fanout-setsockopt$packet_fanout_data-syz_emit_ethernet-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_mount_image$squashfs
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x100, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x50}, {0x6}]}, 0x10)
syz_emit_ethernet(0x38, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6c370c890002060000000000000000000000000000000022fc"], 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000030000002e00000008000300", @ANYRES32=r3, @ANYBLOB="0a0000010101010101003499e22c824e31c100"], 0x30}}, 0x0)
syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="005a30bde191faf68ee37e52583e5f166a65fcf81d10672f46d95ddc85dfab338edce4f14e0e50345e577a11f04d55c97d14dfd7c2d00a6afbfeb0a1db5c0c54bd54b009b33bd9690901047a5b5b23541dba73c14cb724d007c77a701262f89aead285ecf0740b554ed01ea3ba0cb1da8dc1bbeb270cffcd03331ea43384e49c3bc92da50bdfdc53836a2608023b0dec7248e0f567106f00a762d53022f7853fc6c584bb1b4a1bdc0b27c45dbedb7a198ddc173983dab59e227c898bd7ced0bef25225a9ad48cedbb5ccf1dfe90fa7000000007d3da57aac175461e86e7c71db00000000000000000062faaba74af538187ab57cb42d9428558a4fd6d89d591d36069979ca757e9d85d88cdbadc6755251d9625eccc46bf38d95551c11c1ce0c2fe264d05d3169b294552dcc3be8ac1e2ecc3be8db0c6bc3d9f46c309ede19b16093794b4a68a037e25d59726e07a6b0ce186d5ed54ad11b9a3a543bc899ea6aa7a4f1035458200cdaa45f7546960d5eb848071c159ca6"], 0x1, 0x22e, &(0x7f0000000000)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvMGKZxyVejt0v0g9V6hlZsYGNVT+BfN2TDBaSYv2FjGyChkc5gPyMziABnEwMAw+U/EvQcskgwiYLPWXArKnHJVlOOf2KmW5avMOu8zzOiYlsbAaDCLg4GBmYGBYaadAW83E9TM4sqq7MScnNSi4jMMqOZPZtzPpMgIUnfm79XgB4x2DN2xDIwMchv81RZ/+yNVuXFTfeT0qoiaqd1NN5euj2PYpv/3ionU+4kZYf8fHBLUssjL/zBPRun75oY5H2rqnpg4djYqz+Vvvfz33fuY2uIENabH4l2FbPwJblo1n5yd3Cwfz02vbt9SrLggK81l4rGpF/8mHF/LwDD5whNb/Zozh+IVYzil3Crnxtx1ixfkWqZ+vu4NA8PBqM8TGTgZGBiYGBhmhu3cA/UXO8hf5Q3QyAB7WQWsiIUhLTMn1cCDgZGBGcoxZIGqgqlmYuAAS+gl5+ektDMwgpMAWNtyBha4GYaPGVjhHCMYpyEzJ9XYogFqEkM7lFaB0h5QejmUfszAwMaAlLxgyYYFbEI/lKfRAFJWkVhSUmQIUg5hwcWM4GJGAnCbmaC2zmVC9dxxJoZRMApGwSgYBaNgFIyCUTAKRsEoGMkAEAAA//9dNLVw")

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT-socket-semtimedop-write-recvmmsg-ioctl$LOOP_CONFIGURE-syz_emit_ethernet-sendmsg$nl_route-add_key$user-timer_create-mprotect-socket$key-sendmsg$key-recvmmsg-timer_settime-mmap-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-add_key$user-keyctl$dh_compute-openat$kvm-add_key$user-ioctl$KVM_CREATE_VM-dup-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-ioctl$KVM_RUN-syz_mount_image$nilfs2
detailed listing:
executing program 0:
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000002c0)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file2\x00'})
r1 = socket(0x10, 0xa, 0x0)
semtimedop(0x0, &(0x7f0000000340)=[{0x1, 0x0, 0x1800}, {0x2, 0xffff, 0x800}, {0x3, 0x0, 0xc00}, {0x6, 0x3, 0x1800}, {0x2, 0x7, 0x1000}, {0x0, 0x0, 0x1800}, {0x4, 0x0, 0x1000}, {0x4, 0x7, 0x1000}, {0x2, 0x0, 0x1000}, {0x1, 0x0, 0x800}], 0xa, &(0x7f0000000380)={0x77359400})
write(r1, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d)
recvmmsg(r1, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000540)=""/265, 0x109}, {&(0x7f0000004580)=""/4096, 0x1000}], 0x2}, 0x9}], 0x1, 0x40000020, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0x4, 0x400, 0x0, 0x6, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x2, 0x9]}})
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaa"], 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0xc010}, 0x40011)
r2 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000240)="166ec4b16a", 0x5, 0xfffffffffffffffe)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300))
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
recvmmsg(r3, &(0x7f0000000740)=[{{&(0x7f00000005c0)=@tipc, 0x80, &(0x7f0000000800)=[{&(0x7f0000001740)=""/4081, 0xff1}, {&(0x7f0000000640)=""/251, 0xfb}, {&(0x7f0000000300)=""/52, 0x34}, {&(0x7f0000000180)=""/51, 0x33}, {&(0x7f0000000240)=""/140, 0x8c}], 0x5}}], 0x4000000000000b7, 0x2, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000144c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c000180060001"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r2, r5, r2}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = dup(r7)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r7, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000080)='./file2\x00', 0x3200c00, &(0x7f0000000340)=ANY=[], 0x1, 0xab6, &(0x7f0000000ec0)="$eJzs3U2MG1cBAOBn73qTTVLilIQuSWkTftry091ms4SfCJqqERJRU3GrVHGJ0rREpOEnlaBVJZJc6I1WVbhCEaciUQFCai8o6olLJRqJS0+FAweiIFXiAKWJ0drveccvdsfOZtf2+vukt88z79nvzezMeDwz770ATKxq8+/S0lwlhItvvHzkn/f8Y3Z5zoPtHPXm3+k0WQmh1oo650fvTrXia+89f6JbXAmLzb9pOjx6tf3erSGEc2FvuBTqYffFyy+9tfjIsfNHL+x7+9VDV9Zk4QEAYMJ869KhpV1/+8ueHe+/dtfhsKk9P52f1+P0ttA67z8cT/zT+X81dE5XCqFoJss3HUM1yzfVJV+xnFqWb7pH+TPZ59ba6Xs68m0qKX+qMK/bcsM4S9txPcyE+Y7panV+vvWbPDR/189U5s+cOv3k2SFVFLjl/n13CGGvMGhoNBo/aa7AEaiLINxsaGwf9hEIoCW/X3iDc/mVhdVpf9p0f+Vffaja/f1wC6z39q/88Sr/1+cdcbh1NurWlJYr7Ufb4nR+HyF/fmnQ/T99Xn4/otZnPXvdRxiX+wu96jm1zvW4Wb3qn28XG9XX4p2ytB6+nqUX95/8fzou/2Ogu/+s1/X/V2aHfq1zOexd3/Jua6/otSxnrT9/kFAb47pPYGgM5agDjIOV5+ZaGlFKz5/ry9M3laRvLkmfLUnfUpK+tSQdJtkfnvlZeLGy8js//00/6PWwdJ0tnfh+ZMD65NcjBy0/f+53UKstP3+eGEbZ68cfO/nlJx6/3Hr+v9Le/q/H7T39RKvHfetSzJCuF+bX1dvP/tc7y6n2yHd7Vp/bbsjfaJW4szNfZefK54TCceaGeswV3/WDG+rTzndn5+fXs3yzMWzO6pufn2zJ3pfOP9JxNa2v6Wx5a9lyzGT1SMeVHTHO6wE3I22P9VCpdnv+P22fc6FWefLU6ZMPxOm0nf55qrZpef7+4of+Zn3qDqzOyv7eff9P319zobP9z7b2/Fq1eFzYvjK/Ujwu1LP5i63J9m3yNP9AnE7fc9+Zmm3Onz/xvdNP3OqFhwl39tnnvnv89OmTP9wwLw6HVX7O7FislnTkHJX69PPig8ZIVMOLfl6UHTk26pODMDkWnnn6+wtnn33u/lNPH3/q5FMnzxw4ePDA4uLBrxxYWmie1y8Uz+6BjWTlS3/YNQEAAAAAAAAAAAD69aOjRy7/9c0vvdNq/7/S/i+1/09P/qb2/y9k7f/zdvKpVUBqB7ijS3pz3L3XO+sxk+WrxfDRrL47s3J2Ze/7WIzb4/jF9v+pvX3er2uqzx3Z/Lz/3pRvLpuf95cyk/VB0h4vMDbY/2ScvhDjXwUYosps99kx/tD+rX/7Qjt/6p9CvxTjKf3f0taQ+jFJ7b979euUjv871qGO3Hrr0Zxw2MsIdPevkR//s3Am3jvf1PDrGRqN4ddh9eHD17OwwUKjYRQPYDQMe/zPdN0zxWf+9M3NyyFlu/pQ5/Ey778UVmPUx59U/sYa/7M9/l1fx78uvat39PPc/+gK//3FlXcKxYbd/R5/8+VP/UDvLC+z6P1Yflr+e0N/5TdeycrPbwj16X9Z+Vv6LP+G5b+zrKTuIxl+EMtPq+2+T/VbfqvGlWpnPfLrxun+X37dOLmWLX/q23Pg5b/JgRqvx/JhkvUeZ7bfEWxHU7fxf6dHcPzfXvLnML4Yp9OBMD3nkH8jD1r/9HxF+h7YlX1+peT7bVzGKe5l0sf//WqMy/aHNP5v2h7rXaarhelal3U77tsKbDTvjvz9vzEL50agDoOGn45AHSYijMYY2MXQaDSG2pF3eeFb1qUek2rYvbgP++7zsMsf9vovk4//m5/D5+P/VrMfEPn4v/n78/F/8/R8fL08fUsspJLlS/Lxf/P0O7LPza9gz5Wkf7wkfXdJ+p6V9Nks/RvFevZ6/ydK0veVpN9Vkn53SfrtJelTJemfLkn/TEn6PSXp95Wkf7YkfaNrtkcp7FSTtvwwyfL2efZ/mBzp/k+v/X9nSTowvn7+2v6HH//9t+ut9v8z7d9r6T7e4Thdi7+dfxyn8/veoTC9nPZmnP57lj7q1ztgkuT9Z+Tf7/eWpAPjKz3nZf+GCVTp3mNPfr+tV79Vvc7zGS+fi/HnY/yFGN8f4/kYL8R4f4wX16l+rI2Hf/fHQy9WVn7vb8/S+32ePG8PlPcTdaDP+uTXBwZ9nj3vx29Qqy3/JpuDAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADE21+Xdpaa4SwsU3Xj7y2LFTC8tzHmznqDf/Themau33hfBAjKdi/Mv44tp7z58oxtdjXAmLoRIq7fnh0avtkraGEM6FveFSqIfdFy+/9NbiI8fOH72w7+1XD11ZuzUAAAAAG9//AwAA//+1ERnn")

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-sendmsg$nl_route_sched-prlimit64-sched_setscheduler-getpid-sched_setaffinity-mmap-socketpair$unix-connect$unix-sendmmsg$unix-sched_setaffinity-recvmmsg-syz_usbip_server_init-socket$nl_netfilter-sendmsg$IPSET_CMD_GET_BYNAME-socket$netlink-bpf$BPF_RAW_TRACEPOINT_OPEN-pipe-bind$inet6-sendto$inet6-openat$vicodec1-syz_init_net_socket$bt_hci-bind$bt_hci-setsockopt$bt_BT_RCVMTU-sched_getparam-mkdirat-mount$binder-chroot-umount2
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYNAME(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, 0xe, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000808}, 0x10)
socket$netlink(0x10, 0x3, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
pipe(&(0x7f00000001c0))
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$bt_BT_RCVMTU(r4, 0x112, 0xd, &(0x7f0000000040), 0x2)
sched_getparam(r0, &(0x7f0000000100))
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$binder(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1000810, &(0x7f0000000000)={[{@stats}]})
chroot(&(0x7f0000000200)='./file0\x00')
umount2(&(0x7f0000000000)='./file0\x00', 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-openat$cgroup_ro-write$UHID_CREATE2-mmap-syz_usb_connect$uac1-socket$nl_netfilter-sendmsg$IPCTNL_MSG_CT_GET-socket$nl_generic-ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS-syz_genetlink_get_family_id$devlink-sendmsg$DEVLINK_CMD_SB_POOL_GET-syz_genetlink_get_family_id$l2tp-sendmsg$L2TP_CMD_TUNNEL_GET
detailed listing:
executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r0, 0x0)
syz_usb_connect$uac1(0x2, 0x94, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902820003010000000904000000010100000a24010000a60201020c24020000000000000000000904010000010200000904010101010200000724010000000009050109000000000007250101000000090402000001020000090402010101ff0f0009240202000000000007240100000110090582"], 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="500000000101010300000000000000000a0000000c0019800800010002070000300001802c00018000"], 0x50}, 0x1, 0x0, 0x0, 0x8040041}, 0x24008854)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000100)={0x1, @tick=0x3, 0x13, {0x2, 0x8}, 0x6, 0x2})
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r0)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000002c0)={0x158, r3, 0x400, 0x70bd25, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x21c4}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0xff7f}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x4}}, {@pci={{0x8}, {0x11}}, {0x8}, {0x6, 0x11, 0xfffa}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xa}, {0x6, 0x11, 0x5f05}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3ff}, {0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x800}, {0x6, 0x11, 0x101}}]}, 0x158}, 0x1, 0x0, 0x0, 0x1}, 0x400d010)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="0df5"], 0x14}, 0x1, 0x0, 0x0, 0x4040}, 0x8000)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-openat$cgroup_ro-write$UHID_CREATE2-mmap-syz_usb_connect$uac1-socket$nl_netfilter-sendmsg$IPCTNL_MSG_CT_GET-socket$nl_generic-ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS-syz_genetlink_get_family_id$devlink-sendmsg$DEVLINK_CMD_SB_POOL_GET-syz_genetlink_get_family_id$l2tp-sendmsg$L2TP_CMD_TUNNEL_GET
detailed listing:
executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r0, 0x0)
syz_usb_connect$uac1(0x2, 0x94, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902820003010000000904000000010100000a24010000a60201020c24020000000000000000000904010000010200000904010101010200000724010000000009050109000000000007250101000000090402000001020000090402010101ff0f0009240202000000000007240100000110090582"], 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="500000000101010300000000000000000a0000000c0019800800010002070000300001802c00018000"], 0x50}, 0x1, 0x0, 0x0, 0x8040041}, 0x24008854)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000100)={0x1, @tick=0x3, 0x13, {0x2, 0x8}, 0x6, 0x2})
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r0)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000002c0)={0x158, r3, 0x400, 0x70bd25, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x21c4}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0xff7f}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x4}}, {@pci={{0x8}, {0x11}}, {0x8}, {0x6, 0x11, 0xfffa}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xa}, {0x6, 0x11, 0x5f05}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3ff}, {0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x800}, {0x6, 0x11, 0x101}}]}, 0x158}, 0x1, 0x0, 0x0, 0x1}, 0x400d010)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="0df5"], 0x14}, 0x1, 0x0, 0x0, 0x4040}, 0x8000)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-sendmsg$nl_route_sched-prlimit64-sched_setscheduler-getpid-sched_setaffinity-mmap-socketpair$unix-connect$unix-sendmmsg$unix-sched_setaffinity-recvmmsg-syz_usbip_server_init-socket$nl_netfilter-sendmsg$IPSET_CMD_GET_BYNAME-socket$netlink-bpf$BPF_RAW_TRACEPOINT_OPEN-pipe-bind$inet6-sendto$inet6-openat$vicodec1-syz_init_net_socket$bt_hci-bind$bt_hci-setsockopt$bt_BT_RCVMTU-mkdirat-mount$binder-chroot-umount2
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYNAME(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, 0xe, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000808}, 0x10)
socket$netlink(0x10, 0x3, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
pipe(&(0x7f00000001c0))
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$bt_BT_RCVMTU(r4, 0x112, 0xd, &(0x7f0000000040), 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$binder(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1000810, &(0x7f0000000000)={[{@stats}]})
chroot(&(0x7f0000000200)='./file0\x00')
umount2(&(0x7f0000000000)='./file0\x00', 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-sendmsg$nl_route_sched-prlimit64-sched_setscheduler-getpid-sched_setaffinity-mmap-socketpair$unix-connect$unix-sendmmsg$unix-sched_setaffinity-recvmmsg-syz_usbip_server_init-socket$nl_netfilter-sendmsg$IPSET_CMD_GET_BYNAME-socket$netlink-bpf$BPF_RAW_TRACEPOINT_OPEN-pipe-bind$inet6-sendto$inet6-openat$vicodec1-syz_init_net_socket$bt_hci-bind$bt_hci-setsockopt$bt_BT_RCVMTU-mkdirat-mount$binder-chroot-umount2
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYNAME(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, 0xe, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000808}, 0x10)
socket$netlink(0x10, 0x3, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
pipe(&(0x7f00000001c0))
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$bt_BT_RCVMTU(r4, 0x112, 0xd, &(0x7f0000000040), 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$binder(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1000810, &(0x7f0000000000)={[{@stats}]})
chroot(&(0x7f0000000200)='./file0\x00')
umount2(&(0x7f0000000000)='./file0\x00', 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat-getdents64-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-io_setup-io_submit
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r3, &(0x7f0000000180)=""/82, 0x52)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r7 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r8=>0x0, &(0x7f00000000c0)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r7, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r10=>0x0)
io_submit(r10, 0x2, &(0x7f0000000440)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x7, 0x3d8, r0, &(0x7f00000003c0)="ace6112e1122846d3f359998e2cfe920", 0x10, 0x4, 0x0, 0x0, r0}])

program crashed: INFO: task hung in io_wq_put_and_exit
single: successfully extracted reproducer
found reproducer with 23 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat-getdents64-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-io_setup
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000180)=""/82, 0x52)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r5 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r5, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)
io_setup(0x3ff, &(0x7f0000000500))

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat-getdents64-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000180)=""/82, 0x52)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r5 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r5, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat-getdents64-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000180)=""/82, 0x52)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r5=>0x0, &(0x7f00000000c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat-getdents64-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000180)=""/82, 0x52)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r5=>0x0, &(0x7f00000000c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r4, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat-getdents64-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-openat$nullb-syz_io_uring_setup-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000180)=""/82, 0x52)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r5 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r5, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat-getdents64-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-openat$nullb-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000180)=""/82, 0x52)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(0xffffffffffffffff, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat-getdents64-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000180)=""/82, 0x52)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r5=>0x0, &(0x7f00000000c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r4, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat-getdents64-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000180)=""/82, 0x52)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r5 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r5, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat-getdents64-socketpair$unix-connect$unix-sendmmsg$unix-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000180)=""/82, 0x52)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r5 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r5, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat-getdents64-socketpair$unix-connect$unix-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000180)=""/82, 0x52)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r5=>0x0, &(0x7f00000000c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r4, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat-getdents64-socketpair$unix-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000180)=""/82, 0x52)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r4=>0x0, &(0x7f00000000c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r3, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat-getdents64-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000180)=""/82, 0x52)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r4=>0x0, &(0x7f00000000c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r3, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r1, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r2, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-syz_mount_image$cramfs-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8000d0, &(0x7f0000000200)=ANY=[], 0x1, 0x146, &(0x7f0000001380)="$eJzszk1LMlEYxvH/+Pq86KMPGFhQBC0SQxxHbNdCo0jIBgo3raKcKMgShXBZrVv0AVwUQitxES1blK0shbDP4S5wWZyZsRDatD8/GGbOdZ25uZcWuhGC4ETws3hULJWNSsUoTK/rueWNm9u7f6LxAr/Mp1gqi8sF8wfu07An3i7on1rxo9+B26rNcz8NESDzF3b33agO6+4fkYVEdmAksLLIDLTGrEz7Jkva2YQLMgEYvNuuYFbM+/817w2o1oabxKLXk860faBam2s2ntY67WwsOmWca9vjdV/YSd7wAIroX+Pt2Eu82eh1O7lVPafX0bT5pJpQ1VRPf+5kUycXuFZ8x7CpjM7zOIA8nClQU6Bh9v0HxQ+0Lgd6MeAN/QYOg6CMNoq9n9XsbIXdw4TPD0mSJEmSJEmSJEn6qY8AAAD//13ZYaU=")
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r1, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r2, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r1, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r2, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r1, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r2, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
getpid()
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-sched_setscheduler-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-prlimit64-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-bpf$PROG_LOAD-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-mknod$loop-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x20, 0x1)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
pipe(&(0x7f00000000c0))
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, 0x0, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, 0x0, &(0x7f00000000c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r0 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, 0x0)
io_uring_enter(r0, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, 0x0, 0x0, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{0x0}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
program crashed: INFO: task hung in io_wq_put_and_exit
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
program crashed: INFO: task hung in io_wq_put_and_exit
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
program crashed: INFO: task hung in io_wq_put_and_exit
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
program crashed: INFO: task hung in io_wq_put_and_exit
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
program crashed: INFO: task hung in io_wq_put_and_exit
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
program crashed: INFO: task hung in io_wq_put_and_exit
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
program crashed: INFO: task hung in io_wq_put_and_exit
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nullb-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x4106, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x0, 0x20a}, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x3f00, 0xe, 0x0, 0x0)

program crashed: INFO: task hung in io_wq_put_and_exit
validation run: crashed=true
reproducing took 5h4m32.043428334s
repro crashed as (corrupted=false):
INFO: task syz.0.17:5924 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.17        state:D stack:24368 pid:5924  ppid:5875   flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 schedule+0xbd/0x170 kernel/sched/core.c:6773
 schedule_timeout+0x9b/0x280 kernel/time/timer.c:2144
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common kernel/sched/completion.c:127 [inline]
 wait_for_completion+0x2bd/0x590 kernel/sched/completion.c:148
 io_wq_exit_workers io_uring/io-wq.c:1266 [inline]
 io_wq_put_and_exit+0x2f3/0x660 io_uring/io-wq.c:1294
 io_uring_clean_tctx+0x120/0x190 io_uring/tctx.c:204
 io_uring_cancel_generic+0x5f8/0x6a0 io_uring/io_uring.c:3507
 io_uring_files_cancel include/linux/io_uring.h:69 [inline]
 do_exit+0x5a7/0x23c0 kernel/exit.c:829
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024
 __do_sys_exit_group kernel/exit.c:1035 [inline]
 __se_sys_exit_group kernel/exit.c:1033 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f22a338f749
RSP: 002b:00007fff237899d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f22a338f749
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000003 R08: 0000000523789acf R09: 00007f22a35b4280
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f22a35b4280 R14: 0000000000000003 R15: 00007fff23789a90
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/29:
 #0: ffffffff8cd2ff20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 #0: ffffffff8cd2ff20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
 #0: ffffffff8cd2ff20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 kernel/locking/lockdep.c:6633
2 locks held by kworker/u4:4/60:
2 locks held by getty/5529:
 #0: ffff88802c8bd0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x425/0x1380 drivers/tty/n_tty.c:2217
2 locks held by kworker/0:5/5923:
 #0: ffff888017872538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
 #0: ffff888017872538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
 #1: ffffc90003047d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
 #1: ffffc90003047d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
2 locks held by syz-executor/6178:
 #0: ffffffff8dfb5448 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
 #0: ffffffff8dfb5448 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10 net/core/rtnetlink.c:6469
 #1: ffffffff8cd358f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:324 [inline]
 #1: ffffffff8cd358f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x360/0x830 kernel/rcu/tree_exp.h:1004
2 locks held by dhcpcd/6187:
 #0: ffff888073ee6e20 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:804 [inline]
 #0: ffff888073ee6e20 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: __sock_release net/socket.c:658 [inline]
 #0: ffff888073ee6e20 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x9b/0x230 net/socket.c:1421
 #1: ffffffff8cd358f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:292 [inline]
 #1: ffffffff8cd358f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x448/0x830 kernel/rcu/tree_exp.h:1004

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x39b/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x2f0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
 watchdog+0xf41/0xf80 kernel/hung_task.c:379
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 1114 Comm: kworker/u4:6 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
RIP: 0010:find_stack lib/stackdepot.c:349 [inline]
RIP: 0010:__stack_depot_save+0x149/0x630 lib/stackdepot.c:390
Code: e2 c1 c2 04 29 d1 31 c8 c1 c1 0e 29 c8 41 31 c4 c1 c0 18 41 29 c4 48 8b 35 fc e1 c8 12 8b 2d f2 e1 c8 12 44 21 e5 4c 8b 2c ee <4d> 85 ed 74 33 44 89 f0 eb 09 4d 8b 6d 00 4d 85 ed 74 25 45 39 65
RSP: 0018:ffffc9000475f758 EFLAGS: 00000202
RAX: 00000000002d5c67 RBX: ffffc9000475f7b0 RCX: 00000000279dc8e2
RDX: 000000001ebfaf9e RSI: ffff88823b400000 RDI: 0000000000000000
RBP: 00000000000a4192 R08: 00000000642e3a18 R09: 000000005a7f0e92
R10: 0000000000000001 R11: 0000000000000000 R12: 00000000cc8a4192
R13: ffff888026b3b570 R14: 000000000000000b R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe45d317d60 CR3: 000000000cb30000 CR4: 00000000003506e0
Call Trace:
 <TASK>
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x5f/0x70 mm/kasan/common.c:52
 kasan_save_free_info+0x2e/0x50 mm/kasan/generic.c:522
 ____kasan_slab_free+0x126/0x1e0 mm/kasan/common.c:236
 kasan_slab_free include/linux/kasan.h:164 [inline]
 slab_free_hook mm/slub.c:1811 [inline]
 slab_free_freelist_hook+0x130/0x1b0 mm/slub.c:1837
 slab_free mm/slub.c:3830 [inline]
 kmem_cache_free+0xf8/0x280 mm/slub.c:3852
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:821 [inline]
 nsim_dev_trap_report_work+0x76f/0xb00 drivers/net/netdevsim/dev.c:851
 process_one_work kernel/workqueue.c:2634 [inline]
 process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>

final repro crashed as (corrupted=false):
INFO: task syz.0.17:5924 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.17        state:D stack:24368 pid:5924  ppid:5875   flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 schedule+0xbd/0x170 kernel/sched/core.c:6773
 schedule_timeout+0x9b/0x280 kernel/time/timer.c:2144
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common kernel/sched/completion.c:127 [inline]
 wait_for_completion+0x2bd/0x590 kernel/sched/completion.c:148
 io_wq_exit_workers io_uring/io-wq.c:1266 [inline]
 io_wq_put_and_exit+0x2f3/0x660 io_uring/io-wq.c:1294
 io_uring_clean_tctx+0x120/0x190 io_uring/tctx.c:204
 io_uring_cancel_generic+0x5f8/0x6a0 io_uring/io_uring.c:3507
 io_uring_files_cancel include/linux/io_uring.h:69 [inline]
 do_exit+0x5a7/0x23c0 kernel/exit.c:829
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024
 __do_sys_exit_group kernel/exit.c:1035 [inline]
 __se_sys_exit_group kernel/exit.c:1033 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f22a338f749
RSP: 002b:00007fff237899d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f22a338f749
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000003 R08: 0000000523789acf R09: 00007f22a35b4280
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f22a35b4280 R14: 0000000000000003 R15: 00007fff23789a90
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/29:
 #0: ffffffff8cd2ff20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
 #0: ffffffff8cd2ff20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:786 [inline]
 #0: ffffffff8cd2ff20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 kernel/locking/lockdep.c:6633
2 locks held by kworker/u4:4/60:
2 locks held by getty/5529:
 #0: ffff88802c8bd0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x425/0x1380 drivers/tty/n_tty.c:2217
2 locks held by kworker/0:5/5923:
 #0: ffff888017872538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
 #0: ffff888017872538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
 #1: ffffc90003047d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
 #1: ffffc90003047d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
2 locks held by syz-executor/6178:
 #0: ffffffff8dfb5448 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline]
 #0: ffffffff8dfb5448 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10 net/core/rtnetlink.c:6469
 #1: ffffffff8cd358f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:324 [inline]
 #1: ffffffff8cd358f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x360/0x830 kernel/rcu/tree_exp.h:1004
2 locks held by dhcpcd/6187:
 #0: ffff888073ee6e20 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:804 [inline]
 #0: ffff888073ee6e20 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: __sock_release net/socket.c:658 [inline]
 #0: ffff888073ee6e20 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x9b/0x230 net/socket.c:1421
 #1: ffffffff8cd358f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:292 [inline]
 #1: ffffffff8cd358f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x448/0x830 kernel/rcu/tree_exp.h:1004

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x39b/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x2f0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
 watchdog+0xf41/0xf80 kernel/hung_task.c:379
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 1114 Comm: kworker/u4:6 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
RIP: 0010:find_stack lib/stackdepot.c:349 [inline]
RIP: 0010:__stack_depot_save+0x149/0x630 lib/stackdepot.c:390
Code: e2 c1 c2 04 29 d1 31 c8 c1 c1 0e 29 c8 41 31 c4 c1 c0 18 41 29 c4 48 8b 35 fc e1 c8 12 8b 2d f2 e1 c8 12 44 21 e5 4c 8b 2c ee <4d> 85 ed 74 33 44 89 f0 eb 09 4d 8b 6d 00 4d 85 ed 74 25 45 39 65
RSP: 0018:ffffc9000475f758 EFLAGS: 00000202
RAX: 00000000002d5c67 RBX: ffffc9000475f7b0 RCX: 00000000279dc8e2
RDX: 000000001ebfaf9e RSI: ffff88823b400000 RDI: 0000000000000000
RBP: 00000000000a4192 R08: 00000000642e3a18 R09: 000000005a7f0e92
R10: 0000000000000001 R11: 0000000000000000 R12: 00000000cc8a4192
R13: ffff888026b3b570 R14: 000000000000000b R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe45d317d60 CR3: 000000000cb30000 CR4: 00000000003506e0
Call Trace:
 <TASK>
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x5f/0x70 mm/kasan/common.c:52
 kasan_save_free_info+0x2e/0x50 mm/kasan/generic.c:522
 ____kasan_slab_free+0x126/0x1e0 mm/kasan/common.c:236
 kasan_slab_free include/linux/kasan.h:164 [inline]
 slab_free_hook mm/slub.c:1811 [inline]
 slab_free_freelist_hook+0x130/0x1b0 mm/slub.c:1837
 slab_free mm/slub.c:3830 [inline]
 kmem_cache_free+0xf8/0x280 mm/slub.c:3852
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:821 [inline]
 nsim_dev_trap_report_work+0x76f/0xb00 drivers/net/netdevsim/dev.c:851
 process_one_work kernel/workqueue.c:2634 [inline]
 process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>