Extracting prog: 53m35.975738365s
Minimizing prog: 59m54.014540201s
Simplifying prog options: 0s
Extracting C: 3m14.231136876s
Simplifying C: 57m15.061960272s


extracting reproducer from 51 programs
testing a last program of every proc
single: executing 11 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-socket$inet-getsockopt$IPT_SO_GET_REVISION_TARGET-syz_init_net_socket$nl_rdma-socket$netlink-socket$inet6_sctp-socket$inet6_sctp-sendmsg$rds-getsockopt$inet_sctp6_SCTP_MAX_BURST-getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-sendmsg$netlink
detailed listing:
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, &(0x7f0000001640)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff48700000020000005c0600000000000095000000000000002ba728041598d6fbd307ce99e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f071326bd9174842fa9ea4318123341cf9d90a0e168c1884d005d94f204e345c652fbc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc84e974a22a550d6f97181980400003e05df3ceb9f1feae5737ecaa81d666963c474c2a19eed87b277be335c75e04ad6ee1cbf9b0a4def23d410f6296b32ae343881dcc7b1b85f3c3d44aeaced3641110bec4e90a634196508000000000000f0f4ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d4dcecb0c005d2a1bcf9436e101040000f73902ebcf0200822775985b231f000040ccb0ecf31b715f5888b2a858ab3f11afc9bd08c676d2b89432fb465b3dad9d2aa7f1521bc9901de2eb879a15943b6dc8ea15aab9dd6968698e3095c4c5c7a156cec33a7bb727667d81ff2757ca1e6bfdd4c968dacf81e65998b9091957d1d11a5730baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba165d876defd3541772f26e27c44cfd7bb5097379cf1756869cebc7b0b2d85d6d29983e830a9cdd1d0a017c100344c52a6f387a1340a1c8889464f90c284a4db539621fbb70f01a2c02dec4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae610afd01409d9a337ac5d58bcb5e5fc231514952c5255f22bd8b325d9b76e57f041b665ab0249886c0a65cc99d5893521372c8d8b7bacac24000020a4a24d8dbd75062e1daef9dead619cc6e7baa72706287793c3d2a2661edcd3545236c204682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b993508000000e480cd9d4850a049ee19b67d17ef0477aeb12b1d2502000000d9051f22614d1f62734d678039a97d3e783df8b8a17e3aa9fe9c502f9acee4f1b56e1f23128d743792cead3c058a5b700d64d160abe33df726608510136ce8bf239414a1d98ea93e3d35dbb6c23b90cf36e83b8a4309b402d264b09f2779a0bcd7cd6dfc06b02e69d384146056d125cf4aadd80800000000000000e88d10acd06864eac44c42fbe334bdc3e9768fc360b130dc6111fe3293e8e02f819a2aa34dba1c25be27945507a3477b437525b81aef2f0b4c4f63483026b5e34d44705b76ef29f7f6e0a2be625eae975e02069f6f24e1e1bc976d965ddabb01085f16bff63a06578d6d184f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8eae87691fae365a70c3f15871565bba8dd8a8ca049f798abe646f738bebdfc9d8a5edd7a19ca6a42bc3f1db37c17f22a287c6d31a13db5dfef409eb1d3c91c6e6f80d215c9e16e0c47365e78c80854b2baf8eb320d8c34cfc81936315418f26770cca4e2f89800d18c89d7f46f679df6c9e2005f209dda94302a30003b952ae1ebfd0ca88368ee6ce139e8b5822422cf4c9dde943d34c432e1001171792c65986146666a549092398af45ba38c41df7e0fffeac41824ca1fd0eb68aa243c9035c788d5480e5aee9c9e5f2e5a3628995b1531bd20360d33d8f9ffffff5f4bf6ea8a1850c4f83306dbca02ee3686da707b6d85db491ba0cc33f6be92c55969a2b52a25419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9bc31f09834b4788be2a442aa81b259e9eb1bf5314844051f3a642aca9ff98c9036471ccff0522903e7bcf62e18f7796bbc280b95e8e0d6fd5644b0ebde330289d6348d183ed9d3dae3cccf109f7c78e8479a345e805e47dfa82cafc6b64b1f4659834aecbeded44b11a443c5ba92a326dd10921aa79c62800844c7a59f55ee205a11ab50fb402e7da6ada561ec1117cc186b01fd5c2061d22156b1b7d5f80c580dc31b0963ff953ce09148e8dfea9d03a61bbd2bb173518507a3cd0e37c4da0a71eee31071d5d642498181c69cee3b2e414ddd6a12ff4bdf6e96c247b6025d4376067e25357d3b521a5b927d3392a7503718aea24179528f6a0c6de4e61b49cad1e4d6b000000000000005b2d16877299acefc0655bc1422c3d425d988eedebcf242b780a687c9acae2a5a71c2a16a32ceb377f5d54f9b2fa90b2905925e611be56e9ebe20cab20c290a1f6c09272dbc3b2c0ab2b5baa1b07b16e81f278e54a479f1a06bc06e3656cfa196d6c050000000000000000814955c62a7d72b317399e572a7f6afd0fa1d46cfb110e3e8cff5579e83f2820f95eaa0c609f666950c24311740e36de8f65708cfffce788c99ef8f62fd2398e999b220125da8eb07947512365abbc5b84ef524bdf184727c67910051f204662264607d548dbdffe14b41dd0843cf3d85bb820656a88a9e52a4cd7b3eeadfe00007267f226019ef0a25bc15da71e893856a2182c3167d8ba73f709294b159a426ce44cd73f000000a66fc501eae0c3504c1400697ba69fd9b7eaf49aff6a6aea529610db8dfef86c3cc698e9fddf1b132876159972281a90c3a4cf415df25fbcdd35cf8368f068c4481844bdd0dda553e1cb0966d5686013d382956d50055dce0d1bc225c1d77612b1ec52e743dbc51f25cc07a202b704577316913cf067fa65e476f688de2d6c54ea192a569eed05d0d7536b3205c68d4ee0fe318ed3112c76dcf128a1d5595b773ef4c8a7ba4e10381de8808ff02dd0a7b996ecf1c65e6d9db90c87123d9cb3945330f7a270ee0cca35b1331ca8fec0b2f39f505140751b60f29a83e4bc0ef2ffea443e4aa221cc38a503add16a2c98cb589e1dac1912b4142a3be30f50b2d9479c5bde0beb38030d0c0ce0598700130000000000000000000000554361e1628ee0017ad19ca787f2c078aa260701ce0800000080623902000000000000000000003d118a04fa6a80c4928c01ccab57b5f4eb265ad15004f967543fe6e6ddc2a12165fe3a08bf9475ee0eee3539369b0e566fedbd215a6ddd4fe03dcc7a922e16410d820747b7e806c0f3b6f14c884d150a0ff07f2e0000bfb083c56d3bed0a61fab880f8885c612ebff8523d14cfb12aca274c000000005e5155611969f6e67dd83b20206207cb8b2cd2fab6fa6d7fdaed6a27a2e4db1d5adc80014ff11d9dbceba41d8dfce410333a054e82b1d0504f1ce0aeacb843b94d67f69f49eb4dd3b1b85b018359c32df01db8ebce0dbc36cade09c6b44f6bb956fac1ae4db5624d8a02f7be91bec65e4b3373059587dd6528bbc48e3379d477d482faff738c39c61cac1195043bd5b70cea5fc1083a169a8263e9aec56b9f7795fa27634a7f06359e3058d2dd69c4e5cc11b36d9ed9c4b2867f583de6fc582f789722bd1500e64c495abdb72de2c739d38c72f6f4fb1946081dcc825d5b5b747e9fa1b5226cd31e131263f1fcd7d45a630b46d04af906f0be464d829dd2dfcf7400002b7827f6d957e51bb1f1b44a50200c9dfadfaff2e32baa9c0edaac7144e174dba582a951d2b03c27219cec4fbc7b6e99c3f00188941e3fbf008cbace177ae250fd757a22e21ec05aa45c91e1345ca936184c3fc28153283e13654123cfaf4e661f4b6d430adad1e2116bc385f888405d48f0d386da0cc6747b33395772a68f2ea3fb7e7207000000b24088014c8e64f03d053c4e02ddd08b262e422eff1c9f124b892b0a9462b07d4f88c0693bd9c54ad2ab5227aa59ef2b53ac528c0800000000000000ebfd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$inet(0x2, 0x3, 0xa)
getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, 0x0, &(0x7f00000003c0)=0x1e)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0xfffffffffffffe7e, 0x0, 0x1c, 0x0, 0x0, 0xc800}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000380)=0x8)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000000040)={r5}, &(0x7f0000000100)=0x8)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'bridge_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001d00070f000200000000000007000000", @ANYRES32=r6, @ANYBLOB='\x00\x00g\x00\b\x00\b'], 0x24}}, 0x0)
sendmsg$netlink(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000002080)=ANY=[@ANYBLOB="140100001e00010000000077fc8b000003"], 0x114}], 0x1}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-setsockopt$MRT6_DEL_MIF-socket$nl_route-socket$inet6-sendto$inet6-socket-syz_init_net_socket$llc-setsockopt$sock_timeval-connect$llc-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r2 = socket(0x1a, 0x1, 0x1) (async)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$sock_timeval(r3, 0x1, 0x15, &(0x7f0000000140)={0x0, 0x7530}, 0x10) (async)
connect$llc(r3, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x10) (async)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYRES8, @ANYRES32=r1, @ANYBLOB="10220008140001984f2ca3f3071a234f80e8a2294e1dda3555352c270ee10b000000000000000000000067e21a50f0c6d206b2c5acfbc61f4175ddb859305003f3fdb4d8c7973cad7d026e0998ea7db4b052a7245e62d0066e1c95c2bb2b49b555084952c9198895749e8449302c5b6276fa7be0d5a221f9601a564961b5f5e30be9771a3462ad8e58b50820332fb093eb6a924c39608349b0d1abb37fa7d54c1667a8615d8ff4da3e0a11764bad96424eceec873c18b09ea6c70d7c37b09fc6b28e68432a8347ca98315a518fa87c9aa69fb88a3a9d1b4a3c1277a894348475029f980434ed1e232bc37eaf0ea18b7e365645b5eafaee1a5564a5fd1b0c09"], 0x30}}, 0x80)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$PROG_LOAD_XDP-bpf$BPF_PROG_TEST_RUN-shutdown-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-socket$nl_netfilter-syz_init_net_socket$netrom-socket$nl_netfilter-sendmsg$IPCTNL_MSG_CT_NEW-socket$nl_route-mmap-socket$rds-bind$rds-sendmsg$rds-mmap-sendmsg$nl_route
detailed listing:
executing program 0:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000bc0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffefe, @void, @value}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1400000010000100005553f80b0000000100000a20000000000a01040000000000000000010000030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000088000000060a010400000000000000000100000808000b40e47f9f4288d1fda9140001800b000100657874686472000004000280480001800c00010062697477697365003800028008000340000000020800014000000014080002400000001214000780040001000400010007000100dc47a20008000640000000020900010073797a3000000000140000001100010000000000000000000700000a"], 0xfc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000001a2142800008586dd61bcc1d700006cff0000010000000000000000000002000100"/53], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
shutdown(r0, 0x1)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2)
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x50, r3, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x2}, {0x5}, {0x5, 0x3, 0x1}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x50}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="80000000000101040000000000000000020000002400018014000180080001"], 0x80}, 0x1, 0x0, 0x0, 0x4004011}, 0x4000000)
r5 = socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10)
sendmsg$rds(r6, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=@ipv6_getaddr={0x30, 0x16, 0x20, 0x70bd29, 0x25dfdbfc, {0xa, 0x1f, 0x64}, [@IFA_FLAGS={0x8, 0x8, 0x80}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x2}, @IFA_RT_PRIORITY={0x8, 0x9, 0x7a3}]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x8090)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-syz_emit_ethernet-socket$packet-socket$packet-setsockopt$packet_int-ioctl$sock_SIOCGIFINDEX-sendto$packet
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x9)
syz_emit_ethernet(0x4e, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60f900f500180600fe8000000000000000000000000000aafe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="05003960145362e2586088f1"], 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x800009, 0x4)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bond0\x00', <r3=>0x0})
sendto$packet(r1, &(0x7f0000000180)="02030c65420002000000ab5d71acedd7c9560385dcb1080084d7dc039806112405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-socket$packet-setsockopt$packet_int-socketpair-getsockname$packet-bind$packet-sendto$inet6-bpf$PROG_LOAD-bpf$MAP_CREATE_CONST_STR-bpf$MAP_CREATE_RINGBUF-bpf$PROG_LOAD
detailed listing:
executing program 0:
socket$inet6(0xa, 0x802, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14)
sendto$inet6(r0, &(0x7f0000000280)="02042c08ec074802010e0200c52cf7c20675e005b02f0800eb2b2ff0dac8897c6b112002faffffff3066090cb600c5471d130a66321a54e7df305f80a88161b6fd8f24286a57c3feffff", 0xfc13, 0x800, 0x0, 0x2f)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0xd, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bb000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000ba00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x66, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc85, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0xb}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x9, 0xfe04}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-socket$packet-setsockopt$packet_int-socket-setsockopt$packet_rx_ring-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD-bind$bt_l2cap-mmap-socket-sendmsg$nl_route-socket$packet-setsockopt$SO_ATTACH_FILTER-openat$tun-bpf$BPF_BTF_LOAD-bpf$ITER_CREATE-bpf$MAP_CREATE_TAIL_CALL-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-ioctl$TUNSETIFF-bpf$PROG_LOAD-bpf$BPF_PROG_TEST_RUN-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-socketpair-setsockopt$bt_BT_DEFER_SETUP-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$PROG_LOAD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
socket(0x18, 0xa, 0x101)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x8, 0x1, &(0x7f0000000fc0)="c0", 0xe, 0x52, 0xb57, 0x401, 0x9, 0x0, 0xd, 'syz1\x00'})
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x20000000ec071, r0, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000006800010000000000000000000200000000000000080006000100000004000b"], 0x24}}, 0x4004094)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x6, 0x0, 0x0, 0x4}]}, 0x10)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x6, [@func={0x8, 0x0, 0x0, 0xc, 0x3}, @volatile={0x6, 0x0, 0x0, 0x9, 0x5}]}, {0x0, [0x2e, 0x17, 0x5f, 0x2e]}}, &(0x7f0000000600)=""/14, 0x36, 0xe, 0x1, 0x5ecd3cd, 0x10000, @value}, 0x28)
r8 = bpf$ITER_CREATE(0x21, &(0x7f00000006c0), 0x8)
r9 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xa, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x9, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x9}, [@jmp={0x5, 0x1, 0x4, 0x1, 0x3, 0xfffffffffffffffc, 0x4}, @ldst={0x3, 0x0, 0x2, 0x9, 0x8, 0xffffffffffffffc0, 0x10}, @call={0x85, 0x0, 0x0, 0x96}, @cb_func={0x18, 0xb, 0x4, 0x0, 0x4}, @func={0x85, 0x0, 0x1, 0x0, 0x3}]}, &(0x7f0000000300)='GPL\x00', 0xfbef, 0x79, &(0x7f00000004c0)=""/121, 0x100, 0x40, '\x00', 0x0, 0x0, r7, 0x8, &(0x7f0000000640)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0xb, 0x7fff, 0x4}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000780)=[r8, 0xffffffffffffffff, r9, 0x1], 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062c30bc068829afff36b31fa7e358e95cfa"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000200)={r10, 0x2000000, 0xf, 0x0, &(0x7f0000000000)="13435cd378c66a90bd307e0aa47095", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r11 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r11, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @multicast})
write$tun(r6, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef)
socketpair(0x2a, 0x1, 0x94ec, &(0x7f00000001c0))
setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0xf, &(0x7f0000000340)=0x2000001, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x2, &(0x7f00000008c0)=ANY=[@ANYBLOB="85000000b40000009500000000000000fe5f07df7fa151e17ffb0a9e17f1c64274aef7de74c72bfd57ce498740df579aa0a773e86424ee7bc490758646b060f8ab92f95c59d651fbf5c09b7f2a3127045a711ed632d25640c13e5147715e0003327921c594380722bbc21553902ad8e20ea2cdf02b53ca65fdcf4318506de00f66b1a225b347f9942cb85acbbe582a12c29093bebf4ee9f13ff25e3ff8f6f60fc63f959c652567ca7c929e21"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1c, 0x16, &(0x7f0000000f40)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x8, 0x10, &(0x7f0000000000)={0x0, 0xa, 0x2}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-socket$packet-setsockopt$packet_int-socket-setsockopt$packet_rx_ring-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD-bind$bt_l2cap-mmap-socket-sendmsg$nl_route-socket$packet-setsockopt$SO_ATTACH_FILTER-openat$tun-bpf$BPF_BTF_LOAD-bpf$ITER_CREATE-bpf$MAP_CREATE_TAIL_CALL-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-ioctl$TUNSETIFF-bpf$PROG_LOAD-bpf$BPF_PROG_TEST_RUN-socket$kcm-ioctl$SIOCSIFHWADDR-write$tun-socketpair-setsockopt$bt_BT_DEFER_SETUP-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$PROG_LOAD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
socket(0x18, 0xa, 0x101)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x8, 0x1, &(0x7f0000000fc0)="c0", 0xe, 0x52, 0xb57, 0x401, 0x9, 0x0, 0xd, 'syz1\x00'})
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x20000000ec071, r0, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000006800010000000000000000000200000000000000080006000100000004000b"], 0x24}}, 0x4004094)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x6, 0x0, 0x0, 0x4}]}, 0x10)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x6, [@func={0x8, 0x0, 0x0, 0xc, 0x3}, @volatile={0x6, 0x0, 0x0, 0x9, 0x5}]}, {0x0, [0x2e, 0x17, 0x5f, 0x2e]}}, &(0x7f0000000600)=""/14, 0x36, 0xe, 0x1, 0x5ecd3cd, 0x10000, @value}, 0x28)
r8 = bpf$ITER_CREATE(0x21, &(0x7f00000006c0), 0x8)
r9 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xa, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x9, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x9}, [@jmp={0x5, 0x1, 0x4, 0x1, 0x3, 0xfffffffffffffffc, 0x4}, @ldst={0x3, 0x0, 0x2, 0x9, 0x8, 0xffffffffffffffc0, 0x10}, @call={0x85, 0x0, 0x0, 0x96}, @cb_func={0x18, 0xb, 0x4, 0x0, 0x4}, @func={0x85, 0x0, 0x1, 0x0, 0x3}]}, &(0x7f0000000300)='GPL\x00', 0xfbef, 0x79, &(0x7f00000004c0)=""/121, 0x100, 0x40, '\x00', 0x0, 0x0, r7, 0x8, &(0x7f0000000640)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0xb, 0x7fff, 0x4}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000780)=[r8, 0xffffffffffffffff, r9, 0x1], 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062c30bc068829afff36b31fa7e358e95cfa"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000200)={r10, 0x2000000, 0xf, 0x0, &(0x7f0000000000)="13435cd378c66a90bd307e0aa47095", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r11 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r11, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @multicast})
write$tun(r6, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef)
socketpair(0x2a, 0x1, 0x94ec, &(0x7f00000001c0))
setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0xf, &(0x7f0000000340)=0x2000001, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x2, &(0x7f00000008c0)=ANY=[@ANYBLOB="85000000b40000009500000000000000fe5f07df7fa151e17ffb0a9e17f1c64274aef7de74c72bfd57ce498740df579aa0a773e86424ee7bc490758646b060f8ab92f95c59d651fbf5c09b7f2a3127045a711ed632d25640c13e5147715e0003327921c594380722bbc21553902ad8e20ea2cdf02b53ca65fdcf4318506de00f66b1a225b347f9942cb85acbbe582a12c29093bebf4ee9f13ff25e3ff8f6f60fc63f959c652567ca7c929e21"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1c, 0x16, &(0x7f0000000f40)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x8, 0x10, &(0x7f0000000000)={0x0, 0xa, 0x2}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-socket-socket-bind$vsock_stream-syz_init_net_socket$ax25-connect$llc-socket$nl_netfilter-socket$pppl2tp-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_init_net_socket$ax25-connect$ax25-bpf$PROG_LOAD-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-getsockopt$inet6_IPV6_FLOWLABEL_MGR-syz_init_net_socket$bt_l2cap-ioctl$FS_IOC_GETFSLABEL-bpf$PROG_LOAD-socket$inet6-socket$packet-setsockopt$packet_fanout-setsockopt$packet_fanout_data-sendto$inet6-unshare-syz_init_net_socket$rose-connect$rose-sendto$inet6-socket$kcm-sendmsg$inet
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
socket(0x28, 0x5, 0x0)
r1 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
connect$llc(r2, &(0x7f0000000400)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x968beaa118edb421, '\x00', 0x0, 0x2, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
connect$ax25(r4, &(0x7f0000000040)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, [@bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @bcast, @null, @bcast]}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r5}, 0x10)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@remote, 0x0, 0x2}, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r6, 0x400452c8, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = socket$inet6(0xa, 0x802, 0x88)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r8, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r8, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48}, {0x6, 0x37, 0x0, 0x9}]}, 0x10)
sendto$inet6(r7, 0x0, 0x0, 0x4008840, &(0x7f0000000180)={0xa, 0x4e23, 0x8be6, @mcast2}, 0x1c)
unshare(0x22020600)
r9 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r9, &(0x7f00000002c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, 0x2, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, 0x1c)
sendto$inet6(r7, 0x0, 0x0, 0x0, 0x0, 0x0)
r10 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000280)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64e9f4080003000601000004000200d700", 0x5a}, {&(0x7f0000000680)="ffaf", 0x2}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x4080)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNDEL
detailed listing:
executing program 0:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfff8, &(0x7f0000000340)='\x00', 0x9, 0x1, 0x457, 0x9, 0x9, 0x1, 0x1, 'syz1\x00'})
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})

program crashed: INFO: task hung in hidp_session_remove
single: successfully extracted reproducer
found reproducer with 7 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD-syz_init_net_socket$bt_hidp
detailed listing:
executing program 0:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfff8, &(0x7f0000000340)='\x00', 0x9, 0x1, 0x457, 0x9, 0x9, 0x1, 0x1, 'syz1\x00'})
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfff8, &(0x7f0000000340)='\x00', 0x9, 0x1, 0x457, 0x9, 0x9, 0x1, 0x1, 'syz1\x00'})

program crashed: INFO: task hung in uevent_show
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp
detailed listing:
executing program 0:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfff8, &(0x7f0000000340)='\x00', 0x9, 0x1, 0x457, 0x9, 0x9, 0x1, 0x1, 'syz1\x00'})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-syz_init_net_socket$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfff8, &(0x7f0000000340)='\x00', 0x9, 0x1, 0x457, 0x9, 0x9, 0x1, 0x1, 'syz1\x00'})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0xc, 0xfff8, &(0x7f0000000340)='\x00', 0x9, 0x1, 0x457, 0x9, 0x9, 0x1, 0x1, 'syz1\x00'})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfff8, &(0x7f0000000340)='\x00', 0x9, 0x1, 0x457, 0x9, 0x9, 0x1, 0x1, 'syz1\x00'})

program crashed: INFO: task hung in hidp_session_remove
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, 0x0, 0x0)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0xfff8, &(0x7f0000000340)='\x00', 0x9, 0x1, 0x457, 0x9, 0x9, 0x1, 0x1, 'syz1\x00'})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0x0, 0x0, 0x9, 0x1, 0x457, 0x9, 0x9, 0x1, 0x1, 'syz1\x00'})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0x0, &(0x7f0000000340), 0x9, 0x1, 0x457, 0x9, 0x9, 0x1, 0x1, 'syz1\x00'})

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: INFO: task hung in uevent_show
reproducing took 2h53m59.283409846s
repro crashed as (corrupted=false):
INFO: task udevd:5211 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc2-syzkaller-00682-gcd7276ecac9c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:udevd           state:D stack:24744 pid:5211  tgid:5211  ppid:1      task_flags:0x400140 flags:0x00000002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x163/0x360 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x805/0x10c0 kernel/locking/mutex.c:746
 device_lock include/linux/device.h:922 [inline]
 uevent_show+0x17d/0x340 drivers/base/core.c:2730
 dev_attr_show+0x55/0xc0 drivers/base/core.c:2424
 sysfs_kf_seq_show+0x32b/0x4a0 fs/sysfs/file.c:65
 seq_read_iter+0x461/0xda0 fs/seq_file.c:230
 new_sync_read fs/read_write.c:489 [inline]
 vfs_read+0x9a0/0xb90 fs/read_write.c:570
 ksys_read+0x19d/0x2d0 fs/read_write.c:713
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5d1c916b6a
RSP: 002b:00007ffc2065b288 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 000055f3ce1f0e10 RCX: 00007f5d1c916b6a
RDX: 0000000000001000 RSI: 000055f3ce20ae80 RDI: 000000000000000c
RBP: 000055f3ce1f0e10 R08: 000000000000000c R09: 0000000000000000
R10: 000000000000010f R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000003fff R14: 00007ffc2065b768 R15: 000000000000000a
 </TASK>
INFO: task khidpd_04570009:5842 blocked for more than 144 seconds.
      Not tainted 6.15.0-rc2-syzkaller-00682-gcd7276ecac9c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:khidpd_04570009 state:D stack:27896 pid:5842  tgid:5842  ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x163/0x360 kernel/sched/core.c:6860
 schedule_timeout+0xb1/0x2b0 kernel/time/sleep_timeout.c:75
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common kernel/sched/completion.c:127 [inline]
 wait_for_completion+0x32f/0x600 kernel/sched/completion.c:148
 __flush_work+0xa48/0xc60 kernel/workqueue.c:4244
 __cancel_work_sync+0xbc/0x110 kernel/workqueue.c:4364
 hidp_session_remove+0x64/0x260 net/bluetooth/hidp/core.c:1169
 l2cap_unregister_user+0x19c/0x1c0 net/bluetooth/l2cap_core.c:1733
 hidp_session_thread+0x450/0x490 net/bluetooth/hidp/core.c:1304
 kthread+0x7b7/0x940 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task syz-executor887:5907 blocked for more than 145 seconds.
      Not tainted 6.15.0-rc2-syzkaller-00682-gcd7276ecac9c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor887 state:D stack:26696 pid:5907  tgid:5907  ppid:5836   task_flags:0x400140 flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x163/0x360 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x805/0x10c0 kernel/locking/mutex.c:746
 l2cap_chan_connect+0x102/0xea0 net/bluetooth/l2cap_core.c:6955
 l2cap_sock_connect+0x622/0x950 net/bluetooth/l2cap_sock.c:256
 __sys_connect_file net/socket.c:2038 [inline]
 __sys_connect+0x28c/0x2d0 net/socket.c:2057
 __do_sys_connect net/socket.c:2063 [inline]
 __se_sys_connect net/socket.c:2060 [inline]
 __x64_sys_connect+0x7a/0x90 net/socket.c:2060
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdbc5bf20c9
RSP: 002b:00007ffe5fcf8bc8 EFLAGS: 00000246
 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdbc5bf20c9
RDX: 000000000000000e RSI: 0000200000000080 RDI: 0000000000000004
RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000555500000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe5fcf8c10
R13: 00007ffe5fcf8c20 R14: 000000000001ea12 R15: 00007ffe5fcf8be0
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}
, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
, at: debug_show_all_locks+0x30/0x180 kernel/locking/lockdep.c:6764
8 locks held by kworker/1:3/1208:
1 lock held by klogd/5200:
 #0: 
ffff8880b8639b18
 (
&rq->__lock
){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:605
4 locks held by udevd/5211:
 #0: 
ffff888033375b08
 (
&p->lock
){+.+.}-{4:4}
, at: seq_read_iter+0xb4/0xda0 fs/seq_file.c:182
 #1: ffff8880301c5488 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x53/0x3b0 fs/kernfs/file.c:154
 #2: 
ffff888031fb53c8
 (
kn->active
#5
){.+.+}-{0:0}
, at: kernfs_seq_start+0x72/0x3b0 fs/kernfs/file.c:155
 #3: 
ffff888075889a20
 (
&dev->mutex
){....}-{4:4}
, at: device_lock include/linux/device.h:922 [inline]
, at: uevent_show+0x17d/0x340 drivers/base/core.c:2730
2 locks held by getty/5593:
 #0: 
ffff88803106c0a0
 (
&tty->ldisc_sem
){++++}-{0:0}
, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: 
ffffc9000333b2f0
 (
&ldata->atomic_read_lock
){+.+.}-{4:4}
, at: n_tty_read+0x5bb/0x1700 drivers/tty/n_tty.c:2222
2 locks held by khidpd_04570009/5842:
 #0: ffff8880343c4078 (&hdev->lock
){+.+.}-{4:4}
, at: l2cap_unregister_user+0x6a/0x1c0 net/bluetooth/l2cap_core.c:1727
 #1: ffffffff9028e210 (hidp_session_sem){++++}-{4:4}, at: hidp_session_remove+0x2d/0x260 net/bluetooth/hidp/core.c:1165
1 lock held by syz-executor887/5907:
 #0: 
ffff8880343c4078
 (
&hdev->lock
){+.+.}-{4:4}, at: l2cap_chan_connect+0x102/0xea0 net/bluetooth/l2cap_core.c:6955

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc2-syzkaller-00682-gcd7276ecac9c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x4ab/0x4e0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]
 watchdog+0x1058/0x10a0 kernel/hung_task.c:437
 kthread+0x7b7/0x940 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 1208 Comm: kworker/1:3 Not tainted 6.15.0-rc2-syzkaller-00682-gcd7276ecac9c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: events hidp_session_dev_work
RIP: 0010:io_serial_in+0x76/0xb0 drivers/tty/serial/8250/8250_port.c:409
Code: e0 57 2b fc 89 e9 41 d3 e6 48 83 c3 40 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 31 97 95 fc 44 03 33 44 89 f2 ec <0f> b6 c0 5b 41 5e 41 5f 5d c3 cc cc cc cc 89 e9 80 e1 07 38 c1 7c
RSP: 0018:ffffc90003efeb58 EFLAGS: 00000006
RAX: 1ffffffff354df05 RBX: ffffffff9aa6fbc0 RCX: 0000000000000000
RDX: 00000000000003f9 RSI: 0000000000000000 RDI: 0000000000000020
RBP: 0000000000000000 R08: ffffffff859762d6 R09: fffff520007dfd4c
R10: dffffc0000000000 R11: ffffffff85976290 R12: 0000000000000000
R13: dffffc0000000000 R14: 00000000000003f9 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8881250a8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdbc5c487c8 CR3: 0000000033f18000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 serial_port_in include/linux/serial_core.h:791 [inline]
 serial8250_console_write+0x4c0/0x1e00 drivers/tty/serial/8250/8250_port.c:3420
 console_emit_next_record kernel/printk/printk.c:3138 [inline]
 console_flush_all+0x86b/0xec0 kernel/printk/printk.c:3226
 __console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
 console_unlock+0x151/0x3b0 kernel/printk/printk.c:3325
 vprintk_emit+0x761/0xa40 kernel/printk/printk.c:2450
 dev_vprintk_emit+0x358/0x420 drivers/base/core.c:4891
 dev_printk_emit+0xdf/0x130 drivers/base/core.c:4902
 _dev_warn+0x12d/0x180 drivers/base/core.c:4958
 hid_parser_main+0x896/0xc40 drivers/hid/hid-core.c:-1
 hid_open_report+0xbda/0x1590 drivers/hid/hid-core.c:1328
 hid_parse include/linux/hid.h:1126 [inline]
 mt_probe+0x522/0xbd0 drivers/hid/hid-multitouch.c:1822
 __hid_device_probe drivers/hid/hid-core.c:2717 [inline]
 hid_device_probe+0x3bf/0x710 drivers/hid/hid-core.c:2754
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x2b9/0xad0 drivers/base/dd.c:658
 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800
 driver_probe_device+0x50/0x430 drivers/base/dd.c:830
 __device_attach_driver+0x2d6/0x530 drivers/base/dd.c:958
 bus_for_each_drv+0x258/0x2e0 drivers/base/bus.c:462
 __device_attach+0x341/0x530 drivers/base/dd.c:1030
 bus_probe_device+0x189/0x260 drivers/base/bus.c:537
 device_add+0x856/0xbf0 drivers/base/core.c:3666
 hid_add_device+0x3b6/0x520 drivers/hid/hid-core.c:2900
 hidp_session_dev_add net/bluetooth/hidp/core.c:856 [inline]
 hidp_session_dev_work+0x46/0x160 net/bluetooth/hidp/core.c:895
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xac3/0x18e0 kernel/workqueue.c:3319
 worker_thread+0x870/0xd50 kernel/workqueue.c:3400
 kthread+0x7b7/0x940 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 2.113 msecs

final repro crashed as (corrupted=false):
INFO: task udevd:5211 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc2-syzkaller-00682-gcd7276ecac9c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:udevd           state:D stack:24744 pid:5211  tgid:5211  ppid:1      task_flags:0x400140 flags:0x00000002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x163/0x360 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x805/0x10c0 kernel/locking/mutex.c:746
 device_lock include/linux/device.h:922 [inline]
 uevent_show+0x17d/0x340 drivers/base/core.c:2730
 dev_attr_show+0x55/0xc0 drivers/base/core.c:2424
 sysfs_kf_seq_show+0x32b/0x4a0 fs/sysfs/file.c:65
 seq_read_iter+0x461/0xda0 fs/seq_file.c:230
 new_sync_read fs/read_write.c:489 [inline]
 vfs_read+0x9a0/0xb90 fs/read_write.c:570
 ksys_read+0x19d/0x2d0 fs/read_write.c:713
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5d1c916b6a
RSP: 002b:00007ffc2065b288 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 000055f3ce1f0e10 RCX: 00007f5d1c916b6a
RDX: 0000000000001000 RSI: 000055f3ce20ae80 RDI: 000000000000000c
RBP: 000055f3ce1f0e10 R08: 000000000000000c R09: 0000000000000000
R10: 000000000000010f R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000003fff R14: 00007ffc2065b768 R15: 000000000000000a
 </TASK>
INFO: task khidpd_04570009:5842 blocked for more than 144 seconds.
      Not tainted 6.15.0-rc2-syzkaller-00682-gcd7276ecac9c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:khidpd_04570009 state:D stack:27896 pid:5842  tgid:5842  ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x163/0x360 kernel/sched/core.c:6860
 schedule_timeout+0xb1/0x2b0 kernel/time/sleep_timeout.c:75
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common kernel/sched/completion.c:127 [inline]
 wait_for_completion+0x32f/0x600 kernel/sched/completion.c:148
 __flush_work+0xa48/0xc60 kernel/workqueue.c:4244
 __cancel_work_sync+0xbc/0x110 kernel/workqueue.c:4364
 hidp_session_remove+0x64/0x260 net/bluetooth/hidp/core.c:1169
 l2cap_unregister_user+0x19c/0x1c0 net/bluetooth/l2cap_core.c:1733
 hidp_session_thread+0x450/0x490 net/bluetooth/hidp/core.c:1304
 kthread+0x7b7/0x940 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task syz-executor887:5907 blocked for more than 145 seconds.
      Not tainted 6.15.0-rc2-syzkaller-00682-gcd7276ecac9c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor887 state:D stack:26696 pid:5907  tgid:5907  ppid:5836   task_flags:0x400140 flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x163/0x360 kernel/sched/core.c:6860
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6917
 __mutex_lock_common kernel/locking/mutex.c:678 [inline]
 __mutex_lock+0x805/0x10c0 kernel/locking/mutex.c:746
 l2cap_chan_connect+0x102/0xea0 net/bluetooth/l2cap_core.c:6955
 l2cap_sock_connect+0x622/0x950 net/bluetooth/l2cap_sock.c:256
 __sys_connect_file net/socket.c:2038 [inline]
 __sys_connect+0x28c/0x2d0 net/socket.c:2057
 __do_sys_connect net/socket.c:2063 [inline]
 __se_sys_connect net/socket.c:2060 [inline]
 __x64_sys_connect+0x7a/0x90 net/socket.c:2060
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdbc5bf20c9
RSP: 002b:00007ffe5fcf8bc8 EFLAGS: 00000246
 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdbc5bf20c9
RDX: 000000000000000e RSI: 0000200000000080 RDI: 0000000000000004
RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000555500000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe5fcf8c10
R13: 00007ffe5fcf8c20 R14: 000000000001ea12 R15: 00007ffe5fcf8be0
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}
, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
, at: debug_show_all_locks+0x30/0x180 kernel/locking/lockdep.c:6764
8 locks held by kworker/1:3/1208:
1 lock held by klogd/5200:
 #0: 
ffff8880b8639b18
 (
&rq->__lock
){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:605
4 locks held by udevd/5211:
 #0: 
ffff888033375b08
 (
&p->lock
){+.+.}-{4:4}
, at: seq_read_iter+0xb4/0xda0 fs/seq_file.c:182
 #1: ffff8880301c5488 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x53/0x3b0 fs/kernfs/file.c:154
 #2: 
ffff888031fb53c8
 (
kn->active
#5
){.+.+}-{0:0}
, at: kernfs_seq_start+0x72/0x3b0 fs/kernfs/file.c:155
 #3: 
ffff888075889a20
 (
&dev->mutex
){....}-{4:4}
, at: device_lock include/linux/device.h:922 [inline]
, at: uevent_show+0x17d/0x340 drivers/base/core.c:2730
2 locks held by getty/5593:
 #0: 
ffff88803106c0a0
 (
&tty->ldisc_sem
){++++}-{0:0}
, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: 
ffffc9000333b2f0
 (
&ldata->atomic_read_lock
){+.+.}-{4:4}
, at: n_tty_read+0x5bb/0x1700 drivers/tty/n_tty.c:2222
2 locks held by khidpd_04570009/5842:
 #0: ffff8880343c4078 (&hdev->lock
){+.+.}-{4:4}
, at: l2cap_unregister_user+0x6a/0x1c0 net/bluetooth/l2cap_core.c:1727
 #1: ffffffff9028e210 (hidp_session_sem){++++}-{4:4}, at: hidp_session_remove+0x2d/0x260 net/bluetooth/hidp/core.c:1165
1 lock held by syz-executor887/5907:
 #0: 
ffff8880343c4078
 (
&hdev->lock
){+.+.}-{4:4}, at: l2cap_chan_connect+0x102/0xea0 net/bluetooth/l2cap_core.c:6955

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc2-syzkaller-00682-gcd7276ecac9c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x4ab/0x4e0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]
 watchdog+0x1058/0x10a0 kernel/hung_task.c:437
 kthread+0x7b7/0x940 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 1208 Comm: kworker/1:3 Not tainted 6.15.0-rc2-syzkaller-00682-gcd7276ecac9c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: events hidp_session_dev_work
RIP: 0010:io_serial_in+0x76/0xb0 drivers/tty/serial/8250/8250_port.c:409
Code: e0 57 2b fc 89 e9 41 d3 e6 48 83 c3 40 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 31 97 95 fc 44 03 33 44 89 f2 ec <0f> b6 c0 5b 41 5e 41 5f 5d c3 cc cc cc cc 89 e9 80 e1 07 38 c1 7c
RSP: 0018:ffffc90003efeb58 EFLAGS: 00000006
RAX: 1ffffffff354df05 RBX: ffffffff9aa6fbc0 RCX: 0000000000000000
RDX: 00000000000003f9 RSI: 0000000000000000 RDI: 0000000000000020
RBP: 0000000000000000 R08: ffffffff859762d6 R09: fffff520007dfd4c
R10: dffffc0000000000 R11: ffffffff85976290 R12: 0000000000000000
R13: dffffc0000000000 R14: 00000000000003f9 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8881250a8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdbc5c487c8 CR3: 0000000033f18000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 serial_port_in include/linux/serial_core.h:791 [inline]
 serial8250_console_write+0x4c0/0x1e00 drivers/tty/serial/8250/8250_port.c:3420
 console_emit_next_record kernel/printk/printk.c:3138 [inline]
 console_flush_all+0x86b/0xec0 kernel/printk/printk.c:3226
 __console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
 console_unlock+0x151/0x3b0 kernel/printk/printk.c:3325
 vprintk_emit+0x761/0xa40 kernel/printk/printk.c:2450
 dev_vprintk_emit+0x358/0x420 drivers/base/core.c:4891
 dev_printk_emit+0xdf/0x130 drivers/base/core.c:4902
 _dev_warn+0x12d/0x180 drivers/base/core.c:4958
 hid_parser_main+0x896/0xc40 drivers/hid/hid-core.c:-1
 hid_open_report+0xbda/0x1590 drivers/hid/hid-core.c:1328
 hid_parse include/linux/hid.h:1126 [inline]
 mt_probe+0x522/0xbd0 drivers/hid/hid-multitouch.c:1822
 __hid_device_probe drivers/hid/hid-core.c:2717 [inline]
 hid_device_probe+0x3bf/0x710 drivers/hid/hid-core.c:2754
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x2b9/0xad0 drivers/base/dd.c:658
 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800
 driver_probe_device+0x50/0x430 drivers/base/dd.c:830
 __device_attach_driver+0x2d6/0x530 drivers/base/dd.c:958
 bus_for_each_drv+0x258/0x2e0 drivers/base/bus.c:462
 __device_attach+0x341/0x530 drivers/base/dd.c:1030
 bus_probe_device+0x189/0x260 drivers/base/bus.c:537
 device_add+0x856/0xbf0 drivers/base/core.c:3666
 hid_add_device+0x3b6/0x520 drivers/hid/hid-core.c:2900
 hidp_session_dev_add net/bluetooth/hidp/core.c:856 [inline]
 hidp_session_dev_work+0x46/0x160 net/bluetooth/hidp/core.c:895
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xac3/0x18e0 kernel/workqueue.c:3319
 worker_thread+0x870/0xd50 kernel/workqueue.c:3400
 kthread+0x7b7/0x940 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 2.113 msecs