Extracting prog: 6m9.338391616s
Minimizing prog: 32m1.632784633s
Simplifying prog options: 8m17.935266974s
Extracting C: 4m14.951858746s
Simplifying C: 0s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}})

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}})

program crashed: INFO: task hung in inet6_rtm_newaddr
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=6m15.47801122s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix
detailed listing:
executing program 0:
socket$unix(0x1, 0x5, 0x0)

program did not crash
testing program (duration=6m15.47801122s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCETHTOOL
detailed listing:
executing program 0:
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}})

program did not crash
testing program (duration=6m15.47801122s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, 0x0)

program did not crash
testing program (duration=6m15.47801122s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', 0x0})

program did not crash
testing program (duration=6m15.47801122s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs})

program did not crash
extracting C reproducer
testing compiled C program (duration=6m15.47801122s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL
program crashed: INFO: task hung in rtnl_newlink
a never seen crash title: INFO: task hung in rtnl_newlink, ignore
simplifying guilty program options
testing program (duration=6m15.47801122s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}})

program crashed: INFO: task hung in cfg80211_event_work
a never seen crash title: INFO: task hung in cfg80211_event_work, ignore
testing program (duration=6m15.47801122s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL
detailed listing:
executing program 0:
r0 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}})

program crashed: INFO: task hung in reg_check_chans_work
a never seen crash title: INFO: task hung in reg_check_chans_work, ignore
reproducing took 50m43.858319306s
repro crashed as (corrupted=false):
INFO: task dhcpcd:5021 blocked for more than 143 seconds.
      Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:dhcpcd          state:D stack:20352 pid:5021  tgid:5021  ppid:5020   task_flags:0x400140 flags:0x00000002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 inet6_rtm_newaddr+0x7f3/0xef0 net/ipv6/addrconf.c:5023
 rtnetlink_rcv_msg+0x791/0xcf0 net/core/rtnetlink.c:6911
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
 netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348
 netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1892
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:733
 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2573
 ___sys_sendmsg net/socket.c:2627 [inline]
 __sys_sendmsg+0x269/0x350 net/socket.c:2659
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f81eeba7a4b
RSP: 002b:00007ffda5781f28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f81eeacf6c0 RCX: 00007f81eeba7a4b
RDX: 0000000000000000 RSI: 00007ffda57960d8 RDI: 000000000000001b
RBP: 000000000000001b R08: 0000000000000000 R09: 00007ffda57960d8
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 00007ffda57960d8 R14: 0000000000000048 R15: 0000000000000001
 </TASK>
INFO: task syz-executor:5459 blocked for more than 147 seconds.
      Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:20544 pid:5459  tgid:5459  ppid:1      task_flags:0x40054c flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 tun_detach drivers/net/tun.c:698 [inline]
 tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3517
 __fput+0x3e9/0x9f0 fs/file_table.c:464
 task_work_run+0x24f/0x310 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xa2a/0x28e0 kernel/exit.c:938
 do_group_exit+0x207/0x2c0 kernel/exit.c:1087
 get_signal+0x16b2/0x1750 kernel/signal.c:3036
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xce/0x340 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff667b8ec7c
RSP: 002b:00007fff30430ad0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: 0000000000000028 RBX: 00007ff6688d4620 RCX: 00007ff667b8ec7c
RDX: 0000000000000028 RSI: 00007ff6688d4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007fff30430b24 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007ff6688d4670 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:5461 blocked for more than 151 seconds.
      Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:19504 pid:5461  tgid:5461  ppid:1      task_flags:0x40054c flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 tun_detach drivers/net/tun.c:698 [inline]
 tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3517
 __fput+0x3e9/0x9f0 fs/file_table.c:464
 task_work_run+0x24f/0x310 kernel/task_work.c:227

final repro crashed as (corrupted=false):
INFO: task dhcpcd:5021 blocked for more than 143 seconds.
      Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:dhcpcd          state:D stack:20352 pid:5021  tgid:5021  ppid:5020   task_flags:0x400140 flags:0x00000002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
 inet6_rtm_newaddr+0x7f3/0xef0 net/ipv6/addrconf.c:5023
 rtnetlink_rcv_msg+0x791/0xcf0 net/core/rtnetlink.c:6911
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
 netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348
 netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1892
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:733
 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2573
 ___sys_sendmsg net/socket.c:2627 [inline]
 __sys_sendmsg+0x269/0x350 net/socket.c:2659
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f81eeba7a4b
RSP: 002b:00007ffda5781f28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f81eeacf6c0 RCX: 00007f81eeba7a4b
RDX: 0000000000000000 RSI: 00007ffda57960d8 RDI: 000000000000001b
RBP: 000000000000001b R08: 0000000000000000 R09: 00007ffda57960d8
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 00007ffda57960d8 R14: 0000000000000048 R15: 0000000000000001
 </TASK>
INFO: task syz-executor:5459 blocked for more than 147 seconds.
      Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:20544 pid:5459  tgid:5459  ppid:1      task_flags:0x40054c flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 tun_detach drivers/net/tun.c:698 [inline]
 tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3517
 __fput+0x3e9/0x9f0 fs/file_table.c:464
 task_work_run+0x24f/0x310 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xa2a/0x28e0 kernel/exit.c:938
 do_group_exit+0x207/0x2c0 kernel/exit.c:1087
 get_signal+0x16b2/0x1750 kernel/signal.c:3036
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xce/0x340 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff667b8ec7c
RSP: 002b:00007fff30430ad0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: 0000000000000028 RBX: 00007ff6688d4620 RCX: 00007ff667b8ec7c
RDX: 0000000000000028 RSI: 00007ff6688d4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007fff30430b24 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007ff6688d4670 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:5461 blocked for more than 151 seconds.
      Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:19504 pid:5461  tgid:5461  ppid:1      task_flags:0x40054c flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x190e/0x4c90 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6913
 __mutex_lock_common kernel/locking/mutex.c:662 [inline]
 __mutex_lock+0x817/0x1010 kernel/locking/mutex.c:730
 tun_detach drivers/net/tun.c:698 [inline]
 tun_chr_close+0x3b/0x1b0 drivers/net/tun.c:3517
 __fput+0x3e9/0x9f0 fs/file_table.c:464
 task_work_run+0x24f/0x310 kernel/task_work.c:227