Extracting prog: 2h6m42.044119682s
Minimizing prog: 46m37.031020348s
Simplifying prog options: 0s
Extracting C: 3m15.335579637s
Simplifying C: 53m52.583297286s


extracting reproducer from 45 programs
testing a last program of every proc
single: executing 10 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-setsockopt$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x200000000000011, 0x2, 0x0)
setsockopt$auto(r0, 0x107, 0x17, 0x0, 0x4)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_vhost_net_fops_net-ioctl$auto_VHOST_SET_OWNER-ioctl$auto_VHOST_SET_VRING_CALL
detailed listing:
executing program 0:
r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x101600, 0x0)
ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$auto_VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000002600))

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_tty_fops_tty_io-ioctl$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b4a, 0x9)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_evdev_fops_evdev-ioctl$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
ioctl$auto(r0, 0x8100451b, r0)

program did not crash
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-connect$auto
detailed listing:
executing program 0:
socket(0x2b, 0x1, 0x1)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-connect$auto
detailed listing:
executing program 0:
socket(0x2b, 0x1, 0x1)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto
detailed listing:
executing program 0:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/smbd_max_send_size\x00', 0x1, 0x0)
write$auto(r0, 0x0, 0x401)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto
detailed listing:
executing program 0:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/smbd_max_send_size\x00', 0x1, 0x0)
write$auto(r0, 0x0, 0x401)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setpriority$auto
detailed listing:
executing program 0:
setpriority$auto(0x7, 0x2, 0x5)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setpriority$auto
detailed listing:
executing program 0:
setpriority$auto(0x7, 0x2, 0x5)

program did not crash
single: failed to extract reproducer
bisect: bisecting 45 programs with base timeout 6m0s
testing program (duration=6m11s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3]
detailed listing:
executing program 3:
lsetxattr$auto(0x0, &(0x7f0000005500)='[!*)\x00', &(0x7f0000005540), 0xd843, 0x0)
executing program 3:
bpf$auto(0x0, &(0x7f0000000380)=@task_fd_query={0x12, 0x3, 0x4, 0x88, 0x8, 0xae85, 0x66b, 0x4, 0x7ff}, 0x6f4)
executing program 3:
syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), 0xffffffffffffffff)
executing program 3:
bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_11={0xb, 0x4, 0x8, 0x1, 0x9, 0x7fffffff, 0x2}, 0x3)
executing program 3:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
executing program 3:
setpriority$auto(0x7, 0x2, 0x5)
executing program 32:
setpriority$auto(0x7, 0x2, 0x5)
executing program 4:
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages_mempolicy\x00', 0x0, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)=""/17, 0x11)
executing program 4:
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x8b, 0x400, 0x9}]})
executing program 4:
r0 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x2, 0x0)
ioctl$auto_FBIOPAN_DISPLAY(r0, 0x4606, &(0x7f0000000000)="db580300cb6c3b383ffc93530400000000000000f8ce")
executing program 4:
r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000240)='/dev/mtd0\x00', 0x2142, 0x0)
ioctl$auto_MEMWRITEOOB(r0, 0xc0104d03, &(0x7f0000000340)={0x1ff, 0x3109, 0x0})
executing program 4:
ioperm$auto(0xd44, 0x6, 0x8)
tkill$auto(0x80000000000001, 0x7)
executing program 4:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/smbd_max_send_size\x00', 0x1, 0x0)
write$auto(r0, 0x0, 0x401)
executing program 33:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/smbd_max_send_size\x00', 0x1, 0x0)
write$auto(r0, 0x0, 0x401)
executing program 1:
r0 = openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$auto_IOCTL_START_ACCEL_DEV(r0, 0x40096102, &(0x7f0000000080)={@padding})
executing program 1:
r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5)
executing program 1:
r0 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000440), 0x1e9001, 0x0)
write$auto(r0, &(0x7f0000000480)='/dev/snd/pcmC0D0p\x00', 0x47f)
executing program 1:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
executing program 1:
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
executing program 1:
socket(0x2b, 0x1, 0x1)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55)
executing program 34:
socket(0x2b, 0x1, 0x1)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55)
executing program 0:
r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0)
ioctl$auto_MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7})
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/010/001\x00', 0x20000, 0x0)
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
madvise$auto(0x0, 0x200007, 0x8)
executing program 2:
memfd_create$auto(&(0x7f00000000c0)='..\x007\x10t\x1a\xf9,\xe1\x8b\x02k\x8e\v\xb04\x01\x92\xa5\xb5W\xce\x93yE\x97l\xecw/\x1f\xb4\xf7&\x7f%\x1a', 0x5)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000002e40)={0x0, 0x0, &(0x7f0000002e00)={&(0x7f0000002e80)={0x30, r1, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x8050}, 0x4000080)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b69, 0x7)
executing program 6:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x801, 0x84)
setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x8)
executing program 2:
r0 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0)
mq_notify$auto(r0, &(0x7f0000000000)={@sival_int=0x7ff, @inferred, 0x1, @_sigev_thread={0x0, 0x0}})
mq_timedsend$auto(r0, &(0x7f0000000080)='\\*)A\x00', 0x6, 0xa, 0x0)
executing program 5:
mmap$auto(0x0, 0x9, 0x72, 0x8b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
ioctl$auto(0x1, 0x5421, 0xa)
executing program 6:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/afs/stats\x00', 0x20000, 0x0)
pread64$auto(r0, 0x0, 0x3ff, 0x9)
executing program 2:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x10004)
sync_file_range$auto(r0, 0xfffffffffffffff1, 0xa, 0x1)
executing program 0:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
ioctl$auto_BLKRRPART(r0, 0x125f, 0x0)
executing program 6:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3)
writev$auto(r0, &(0x7f0000001d40)={0x0, 0x2}, 0x6)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100253d7008fddbdf2501000000180007800c00018008a16c4f2600000000002300", @ANYRES32=0x0, @ANYBLOB="0c0002"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x8880)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x400c000)
bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101)
executing program 6:
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 2:
r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, r0, 0x13, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x117}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004080}, 0x0)
executing program 5:
socket(0x2, 0x3, 0xa)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
setsockopt$auto(0x3, 0x0, 0x23, 0x0, 0x28)
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
ioctl$auto(0x3, 0x2287, 0x38)
executing program 6:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
write$auto(0x3, 0x0, 0x100082)
executing program 2:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
ioctl$auto(r0, 0x8100451b, r0)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001880), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f0000003fc0)={0x0, 0x0, &(0x7f0000003f80)={&(0x7f00000018c0)={0x2c4, r1, 0xa05ea4b1dbb828eb, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_BEACON_TAIL={0x2ae, 0xf, "79e024dae38d261dc770c5d496a17b715b3a18c99d992c9972b72a24a701ad86c94543a2b6f30238ebf044065786a25b373813ea8bffa232ad4f4f125b1547a0b8c4ba50866383afee082065971c3787655a77c5141b09f550e1d65fa47de71e3c9beb576c696576c74fdfb20b3e76756d7c39937027457f947c68dcdef6130751e4e2141d9f7bca2cb17da5418a57dccf48bf1a147d09d5762f5779046fce0fd5142c77b868391344beb7d20b1b50fafcf2a1e4815b117758411a4f7f64929a40f2553f7d7a66dcd49af15a126129b922bd28086a88a73b03428b7bbe4a6ebbd79760dc1c2f152b172764f8c08f48fd7b12c3dfbe53edf47f97be09c95181e78878854d6d4637218d3bb49e10523fcc6acb3d310a0a53c9978b9349f27597164971e3e9d9acc7bfeec789ed673439d1283185a4e73bee592fa4daca421db54c4bb737febec9ca0f3561fb2fc35ae7ebca0b7bd51c75cac599129af10f65ed8d5ab8e26f58be6ae93db9a586c8940b8f67ad30ec0d9379b5e0a5d309dd85e18422e68bfca0a5e0d36769ae2a973e964ceae76592f73d1df3a7a93499e825b7f02f6c1642c2187ad14a0733246087e72580746dff4b1ef4182934a6787fdf53bd6983ba2839bea3ef4ad2c1ddacb5acc7f2ba9cb5441f002cd9c37ff2abd29eedad8b765af15e6a6443df6ba6781fb0e131d5aa103a3d2bfe2d98b6d99f76bff3327a80078440541aba89f273c0ce03f2833af2b8b90423cce915c97e516a6f8e9e8bd6647649cfe0e4bdb1246cc056393034105124fd460eca611326ebc743d9468160e2494563914157ccf352ce67ecf18f0418e9afc10b6c66c92bc8c1cf61cbeee65e63429392365ee631928ad649c8738280088457dca068de4d88761ad4d4aa50e7e00fcb65a624ac2b907fe119bc36d117fb43d88d23b67c0a3fdedf4f10a438ebf57aec0cfcc7"}]}, 0x2c4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
executing program 0:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b4a, 0x9)
executing program 6:
r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x101600, 0x0)
ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$auto_VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000002600))
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x200000000000011, 0x2, 0x0)
setsockopt$auto(r0, 0x107, 0x17, 0x0, 0x4)

program crashed: INFO: task hung in do_get_write_access
bisect: bisecting 45 programs
bisect: split chunks (needed=false): <45>
bisect: split chunk #0 of len 45 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=6m7s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3]
detailed listing:
executing program 1:
r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5)
executing program 1:
r0 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000440), 0x1e9001, 0x0)
write$auto(r0, &(0x7f0000000480)='/dev/snd/pcmC0D0p\x00', 0x47f)
executing program 1:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
executing program 1:
tkill$auto(0x1, 0x7)
keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x0, 0x0, 0x0, 0x48eafc79)
executing program 1:
socket(0x2b, 0x1, 0x1)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55)
executing program 34:
socket(0x2b, 0x1, 0x1)
connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55)
executing program 0:
r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0)
ioctl$auto_MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7})
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/010/001\x00', 0x20000, 0x0)
executing program 0:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
madvise$auto(0x0, 0xffffffffffff0004, 0x19)
madvise$auto(0x0, 0x200007, 0x8)
executing program 2:
memfd_create$auto(&(0x7f00000000c0)='..\x007\x10t\x1a\xf9,\xe1\x8b\x02k\x8e\v\xb04\x01\x92\xa5\xb5W\xce\x93yE\x97l\xecw/\x1f\xb4\xf7&\x7f%\x1a', 0x5)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000002e40)={0x0, 0x0, &(0x7f0000002e00)={&(0x7f0000002e80)={0x30, r1, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x8050}, 0x4000080)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b69, 0x7)
executing program 6:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x801, 0x84)
setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x8)
executing program 2:
r0 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0)
mq_notify$auto(r0, &(0x7f0000000000)={@sival_int=0x7ff, @inferred, 0x1, @_sigev_thread={0x0, 0x0}})
mq_timedsend$auto(r0, &(0x7f0000000080)='\\*)A\x00', 0x6, 0xa, 0x0)
executing program 5:
mmap$auto(0x0, 0x9, 0x72, 0x8b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
ioctl$auto(0x1, 0x5421, 0xa)
executing program 6:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/afs/stats\x00', 0x20000, 0x0)
pread64$auto(r0, 0x0, 0x3ff, 0x9)
executing program 2:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x10004)
sync_file_range$auto(r0, 0xfffffffffffffff1, 0xa, 0x1)
executing program 0:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
ioctl$auto_BLKRRPART(r0, 0x125f, 0x0)
executing program 6:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3)
writev$auto(r0, &(0x7f0000001d40)={0x0, 0x2}, 0x6)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100253d7008fddbdf2501000000180007800c00018008a16c4f2600000000002300", @ANYRES32=0x0, @ANYBLOB="0c0002"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x8880)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x400c000)
bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101)
executing program 6:
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 2:
r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, r0, 0x13, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x117}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004080}, 0x0)
executing program 5:
socket(0x2, 0x3, 0xa)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
setsockopt$auto(0x3, 0x0, 0x23, 0x0, 0x28)
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
ioctl$auto(0x3, 0x2287, 0x38)
executing program 6:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
write$auto(0x3, 0x0, 0x100082)
executing program 2:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
ioctl$auto(r0, 0x8100451b, r0)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001880), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f0000003fc0)={0x0, 0x0, &(0x7f0000003f80)={&(0x7f00000018c0)={0x2c4, r1, 0xa05ea4b1dbb828eb, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_BEACON_TAIL={0x2ae, 0xf, "79e024dae38d261dc770c5d496a17b715b3a18c99d992c9972b72a24a701ad86c94543a2b6f30238ebf044065786a25b373813ea8bffa232ad4f4f125b1547a0b8c4ba50866383afee082065971c3787655a77c5141b09f550e1d65fa47de71e3c9beb576c696576c74fdfb20b3e76756d7c39937027457f947c68dcdef6130751e4e2141d9f7bca2cb17da5418a57dccf48bf1a147d09d5762f5779046fce0fd5142c77b868391344beb7d20b1b50fafcf2a1e4815b117758411a4f7f64929a40f2553f7d7a66dcd49af15a126129b922bd28086a88a73b03428b7bbe4a6ebbd79760dc1c2f152b172764f8c08f48fd7b12c3dfbe53edf47f97be09c95181e78878854d6d4637218d3bb49e10523fcc6acb3d310a0a53c9978b9349f27597164971e3e9d9acc7bfeec789ed673439d1283185a4e73bee592fa4daca421db54c4bb737febec9ca0f3561fb2fc35ae7ebca0b7bd51c75cac599129af10f65ed8d5ab8e26f58be6ae93db9a586c8940b8f67ad30ec0d9379b5e0a5d309dd85e18422e68bfca0a5e0d36769ae2a973e964ceae76592f73d1df3a7a93499e825b7f02f6c1642c2187ad14a0733246087e72580746dff4b1ef4182934a6787fdf53bd6983ba2839bea3ef4ad2c1ddacb5acc7f2ba9cb5441f002cd9c37ff2abd29eedad8b765af15e6a6443df6ba6781fb0e131d5aa103a3d2bfe2d98b6d99f76bff3327a80078440541aba89f273c0ce03f2833af2b8b90423cce915c97e516a6f8e9e8bd6647649cfe0e4bdb1246cc056393034105124fd460eca611326ebc743d9468160e2494563914157ccf352ce67ecf18f0418e9afc10b6c66c92bc8c1cf61cbeee65e63429392365ee631928ad649c8738280088457dca068de4d88761ad4d4aa50e7e00fcb65a624ac2b907fe119bc36d117fb43d88d23b67c0a3fdedf4f10a438ebf57aec0cfcc7"}]}, 0x2c4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
executing program 0:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b4a, 0x9)
executing program 6:
r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x101600, 0x0)
ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$auto_VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000002600))
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x200000000000011, 0x2, 0x0)
setsockopt$auto(r0, 0x107, 0x17, 0x0, 0x4)

program crashed: INFO: task hung in do_get_write_access
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=6m3s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3]
detailed listing:
executing program 2:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x10004)
sync_file_range$auto(r0, 0xfffffffffffffff1, 0xa, 0x1)
executing program 0:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
ioctl$auto_BLKRRPART(r0, 0x125f, 0x0)
executing program 6:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3)
writev$auto(r0, &(0x7f0000001d40)={0x0, 0x2}, 0x6)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100253d7008fddbdf2501000000180007800c00018008a16c4f2600000000002300", @ANYRES32=0x0, @ANYBLOB="0c0002"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x8880)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x400c000)
bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101)
executing program 6:
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 2:
r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, r0, 0x13, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x117}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004080}, 0x0)
executing program 5:
socket(0x2, 0x3, 0xa)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
setsockopt$auto(0x3, 0x0, 0x23, 0x0, 0x28)
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
ioctl$auto(0x3, 0x2287, 0x38)
executing program 6:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
write$auto(0x3, 0x0, 0x100082)
executing program 2:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
ioctl$auto(r0, 0x8100451b, r0)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001880), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f0000003fc0)={0x0, 0x0, &(0x7f0000003f80)={&(0x7f00000018c0)={0x2c4, r1, 0xa05ea4b1dbb828eb, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_BEACON_TAIL={0x2ae, 0xf, "79e024dae38d261dc770c5d496a17b715b3a18c99d992c9972b72a24a701ad86c94543a2b6f30238ebf044065786a25b373813ea8bffa232ad4f4f125b1547a0b8c4ba50866383afee082065971c3787655a77c5141b09f550e1d65fa47de71e3c9beb576c696576c74fdfb20b3e76756d7c39937027457f947c68dcdef6130751e4e2141d9f7bca2cb17da5418a57dccf48bf1a147d09d5762f5779046fce0fd5142c77b868391344beb7d20b1b50fafcf2a1e4815b117758411a4f7f64929a40f2553f7d7a66dcd49af15a126129b922bd28086a88a73b03428b7bbe4a6ebbd79760dc1c2f152b172764f8c08f48fd7b12c3dfbe53edf47f97be09c95181e78878854d6d4637218d3bb49e10523fcc6acb3d310a0a53c9978b9349f27597164971e3e9d9acc7bfeec789ed673439d1283185a4e73bee592fa4daca421db54c4bb737febec9ca0f3561fb2fc35ae7ebca0b7bd51c75cac599129af10f65ed8d5ab8e26f58be6ae93db9a586c8940b8f67ad30ec0d9379b5e0a5d309dd85e18422e68bfca0a5e0d36769ae2a973e964ceae76592f73d1df3a7a93499e825b7f02f6c1642c2187ad14a0733246087e72580746dff4b1ef4182934a6787fdf53bd6983ba2839bea3ef4ad2c1ddacb5acc7f2ba9cb5441f002cd9c37ff2abd29eedad8b765af15e6a6443df6ba6781fb0e131d5aa103a3d2bfe2d98b6d99f76bff3327a80078440541aba89f273c0ce03f2833af2b8b90423cce915c97e516a6f8e9e8bd6647649cfe0e4bdb1246cc056393034105124fd460eca611326ebc743d9468160e2494563914157ccf352ce67ecf18f0418e9afc10b6c66c92bc8c1cf61cbeee65e63429392365ee631928ad649c8738280088457dca068de4d88761ad4d4aa50e7e00fcb65a624ac2b907fe119bc36d117fb43d88d23b67c0a3fdedf4f10a438ebf57aec0cfcc7"}]}, 0x2c4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
executing program 0:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b4a, 0x9)
executing program 6:
r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x101600, 0x0)
ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$auto_VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000002600))
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x200000000000011, 0x2, 0x0)
setsockopt$auto(r0, 0x107, 0x17, 0x0, 0x4)

program crashed: INFO: task hung in do_get_write_access
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
bisect: split chunks (needed=true): <15>
bisect: split chunk #0 of len 15 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3, 3]
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0)
ioctl$auto(0x3, 0x2287, 0x38)
executing program 6:
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
write$auto(0x3, 0x0, 0x100082)
executing program 2:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0)
ioctl$auto(r0, 0x8100451b, r0)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001880), 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f0000003fc0)={0x0, 0x0, &(0x7f0000003f80)={&(0x7f00000018c0)={0x2c4, r1, 0xa05ea4b1dbb828eb, 0x70bd28, 0x25dfdbfc, {}, [@NL80211_ATTR_BEACON_TAIL={0x2ae, 0xf, "79e024dae38d261dc770c5d496a17b715b3a18c99d992c9972b72a24a701ad86c94543a2b6f30238ebf044065786a25b373813ea8bffa232ad4f4f125b1547a0b8c4ba50866383afee082065971c3787655a77c5141b09f550e1d65fa47de71e3c9beb576c696576c74fdfb20b3e76756d7c39937027457f947c68dcdef6130751e4e2141d9f7bca2cb17da5418a57dccf48bf1a147d09d5762f5779046fce0fd5142c77b868391344beb7d20b1b50fafcf2a1e4815b117758411a4f7f64929a40f2553f7d7a66dcd49af15a126129b922bd28086a88a73b03428b7bbe4a6ebbd79760dc1c2f152b172764f8c08f48fd7b12c3dfbe53edf47f97be09c95181e78878854d6d4637218d3bb49e10523fcc6acb3d310a0a53c9978b9349f27597164971e3e9d9acc7bfeec789ed673439d1283185a4e73bee592fa4daca421db54c4bb737febec9ca0f3561fb2fc35ae7ebca0b7bd51c75cac599129af10f65ed8d5ab8e26f58be6ae93db9a586c8940b8f67ad30ec0d9379b5e0a5d309dd85e18422e68bfca0a5e0d36769ae2a973e964ceae76592f73d1df3a7a93499e825b7f02f6c1642c2187ad14a0733246087e72580746dff4b1ef4182934a6787fdf53bd6983ba2839bea3ef4ad2c1ddacb5acc7f2ba9cb5441f002cd9c37ff2abd29eedad8b765af15e6a6443df6ba6781fb0e131d5aa103a3d2bfe2d98b6d99f76bff3327a80078440541aba89f273c0ce03f2833af2b8b90423cce915c97e516a6f8e9e8bd6647649cfe0e4bdb1246cc056393034105124fd460eca611326ebc743d9468160e2494563914157ccf352ce67ecf18f0418e9afc10b6c66c92bc8c1cf61cbeee65e63429392365ee631928ad649c8738280088457dca068de4d88761ad4d4aa50e7e00fcb65a624ac2b907fe119bc36d117fb43d88d23b67c0a3fdedf4f10a438ebf57aec0cfcc7"}]}, 0x2c4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
executing program 0:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(r0, 0x4b4a, 0x9)
executing program 6:
r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x101600, 0x0)
ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$auto_VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000002600))
executing program 5:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x200000000000011, 0x2, 0x0)
setsockopt$auto(r0, 0x107, 0x17, 0x0, 0x4)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m2s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3, 3, 3]
detailed listing:
executing program 2:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x10004)
sync_file_range$auto(r0, 0xfffffffffffffff1, 0xa, 0x1)
executing program 0:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
ioctl$auto_BLKRRPART(r0, 0x125f, 0x0)
executing program 6:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3)
writev$auto(r0, &(0x7f0000001d40)={0x0, 0x2}, 0x6)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100253d7008fddbdf2501000000180007800c00018008a16c4f2600000000002300", @ANYRES32=0x0, @ANYBLOB="0c0002"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x8880)
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x400c000)
bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101)
executing program 6:
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 2:
r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, r0, 0x13, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x117}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004080}, 0x0)
executing program 5:
socket(0x2, 0x3, 0xa)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
setsockopt$auto(0x3, 0x0, 0x23, 0x0, 0x28)

program crashed: INFO: task hung in do_get_write_access
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <8>
bisect: split chunk #0 of len 8 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3]
detailed listing:
executing program 5:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x400c000)
bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101)
executing program 6:
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8)
executing program 2:
r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, r0, 0x13, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x117}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004080}, 0x0)
executing program 5:
socket(0x2, 0x3, 0xa)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
setsockopt$auto(0x3, 0x0, 0x23, 0x0, 0x28)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3]
detailed listing:
executing program 2:
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x10004)
sync_file_range$auto(r0, 0xfffffffffffffff1, 0xa, 0x1)
executing program 0:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
ioctl$auto_BLKRRPART(r0, 0x125f, 0x0)
executing program 6:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3)
writev$auto(r0, &(0x7f0000001d40)={0x0, 0x2}, 0x6)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100253d7008fddbdf2501000000180007800c00018008a16c4f2600000000002300", @ANYRES32=0x0, @ANYBLOB="0c0002"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x8880)

program crashed: INFO: task hung in do_get_write_access
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <4>
bisect: split chunk #0 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3]
detailed listing:
executing program 6:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3)
writev$auto(r0, &(0x7f0000001d40)={0x0, 0x2}, 0x6)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100253d7008fddbdf2501000000180007800c00018008a16c4f2600000000002300", @ANYRES32=0x0, @ANYBLOB="0c0002"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x8880)

program crashed: INFO: task hung in do_get_write_access
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$auto_nbd-sendmsg$auto_NBD_CMD_CONNECT
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100253d7008fddbdf2501000000180007800c00018008a16c4f2600000000002300", @ANYRES32=0x0, @ANYBLOB="0c0002"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x8880)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
detailed listing:
executing program 6:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3)
writev$auto(r0, &(0x7f0000001d40)={0x0, 0x2}, 0x6)

program crashed: INFO: task hung in do_get_write_access
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 1 programs left: 

executing program 6:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3)
writev$auto(r0, &(0x7f0000001d40)={0x0, 0x2}, 0x6)


bisect: trying to concatenate
bisect: concatenate 1 entries
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
detailed listing:
executing program 0:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3)
writev$auto(r0, &(0x7f0000001d40)={0x0, 0x2}, 0x6)

program crashed: INFO: task hung in do_get_write_access
bisect: concatenation succeeded
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=6m18.87212653s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode
detailed listing:
executing program 0:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3)

program did not crash
testing program (duration=6m18.87212653s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-writev$auto
detailed listing:
executing program 0:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0)
writev$auto(r0, &(0x7f0000001d40)={0x0, 0x2}, 0x6)

program did not crash
testing program (duration=6m18.87212653s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): write$auto_proc_reg_file_ops_compat_inode-writev$auto
detailed listing:
executing program 0:
write$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000001140)="8cbdca", 0x3)
writev$auto(0xffffffffffffffff, &(0x7f0000001d40)={0x0, 0x2}, 0x6)

program did not crash
testing program (duration=6m18.87212653s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
detailed listing:
executing program 0:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xa0581, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3)
writev$auto(r0, &(0x7f0000001d40)={0x0, 0x2}, 0x6)

program did not crash
testing program (duration=6m18.87212653s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
detailed listing:
executing program 0:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, 0x0, 0x0)
writev$auto(r0, &(0x7f0000001d40)={0x0, 0x2}, 0x6)

program did not crash
testing program (duration=6m18.87212653s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
detailed listing:
executing program 0:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140), 0x0)
writev$auto(r0, &(0x7f0000001d40)={0x0, 0x2}, 0x6)

program did not crash
testing program (duration=6m18.87212653s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
detailed listing:
executing program 0:
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000001100)='/proc/bus/pci/00/03.0\x00', 0xa0581, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001140)="8cbdca", 0x3)
writev$auto(r0, 0x0, 0x6)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m18.87212653s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
simplifying C reproducer
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in jbd2_journal_commit_transaction
a never seen crash title: INFO: task hung in jbd2_journal_commit_transaction, ignore
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
testing compiled C program (duration=6m18.87212653s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-writev$auto
program crashed: INFO: task hung in do_get_write_access
reproducing took 3h50m26.994030932s
repro crashed as (corrupted=false):
INFO: task kworker/u8:2:36 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:2    state:D stack:24504 pid:36    tgid:36    ppid:2      task_flags:0x4248060 flags:0x00004000
Workqueue: writeback wb_workfn (flush-8:0)
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 io_schedule+0xbf/0x130 kernel/sched/core.c:7742
 bit_wait_io+0x15/0xe0 kernel/sched/wait_bit.c:247
 __wait_on_bit+0x62/0x180 kernel/sched/wait_bit.c:49
 out_of_line_wait_on_bit+0xd9/0x110 kernel/sched/wait_bit.c:64
 wait_on_bit_io include/linux/wait_bit.h:105 [inline]
 do_get_write_access+0x93d/0x12a0 fs/jbd2/transaction.c:1092
 jbd2_journal_get_write_access+0x1d6/0x280 fs/jbd2/transaction.c:1241
 __ext4_journal_get_write_access+0x6a/0x340 fs/ext4/ext4_jbd2.c:241
 ext4_mb_mark_context+0x1db/0xd40 fs/ext4/mballoc.c:4014
 ext4_mb_mark_diskspace_used+0x466/0x8c0 fs/ext4/mballoc.c:4131
 ext4_mb_new_blocks+0xa5b/0x4f00 fs/ext4/mballoc.c:6233
 ext4_ext_map_blocks+0x1b95/0x5d60 fs/ext4/extents.c:4379
 ext4_map_create_blocks fs/ext4/inode.c:520 [inline]
 ext4_map_blocks+0x45b/0x1390 fs/ext4/inode.c:706
 mpage_map_one_extent fs/ext4/inode.c:2224 [inline]
 mpage_map_and_submit_extent fs/ext4/inode.c:2277 [inline]
 ext4_do_writepages+0x1a2c/0x3490 fs/ext4/inode.c:2739
 ext4_writepages+0x37a/0x7d0 fs/ext4/inode.c:2829
 do_writepages+0x1b2/0x820 mm/page-writeback.c:2656
 __writeback_single_inode+0x160/0xfb0 fs/fs-writeback.c:1680
 writeback_sb_inodes+0x601/0xf90 fs/fs-writeback.c:1976
 __writeback_inodes_wb+0xf8/0x2d0 fs/fs-writeback.c:2047
 wb_writeback+0x7f3/0xb70 fs/fs-writeback.c:2158
 wb_check_old_data_flush fs/fs-writeback.c:2262 [inline]
 wb_do_writeback fs/fs-writeback.c:2315 [inline]
 wb_workfn+0x8ca/0xbe0 fs/fs-writeback.c:2343
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6764
6 locks held by kworker/u8:2/36:
 #0: ffff88801c6f3148 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc90000ad7d18 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffff888033f580e0 (&type->s_umount_key#31){++++}-{4:4}, at: super_trylock_shared+0x1e/0xf0 fs/super.c:562
 #3: ffff888033f5ab98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x1b2/0x820 mm/page-writeback.c:2656
 #4: ffff888033f5c950 (jbd2_handle){.+.+}-{0:0}, at: start_this_handle+0x5e4/0x1410 fs/jbd2/transaction.c:444
 #5: ffff88807bc03450 (&ei->i_data_sem){++++}-{4:4}, at: ext4_map_blocks+0x355/0x1390 fs/ext4/inode.c:705
2 locks held by getty/5599:
 #0: ffff888035c020a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]
 watchdog+0xf70/0x12c0 kernel/hung_task.c:437
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:__sanitizer_cov_trace_const_cmp4+0xc/0x20 kernel/kcov.c:314
Code: 00 e9 58 fe ff ff 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 89 f2 89 fe <bf> 05 00 00 00 e9 2a fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 90
RSP: 0018:ffffc90000be7838 EFLAGS: 00000046
RAX: 0000000000000003 RBX: 0000000000000000 RCX: ffffffff815d8e5b
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100368e0fd
R10: ffff88801b4707eb R11: 0000000000000000 R12: ffff88801b4707e8
R13: 0000000000021f91 R14: 0000000000000002 R15: ffff888022ad0558
FS:  0000000000000000(0000) GS:ffff8881249bf000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f730970f0f0 CR3: 000000001b478000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 switch_ldt+0xab/0x1c0 arch/x86/kernel/ldt.c:113
 switch_mm_irqs_off+0x400/0x890 arch/x86/mm/tlb.c:949
 use_temporary_mm arch/x86/kernel/alternative.c:2175 [inline]
 __text_poke+0x3fa/0xd00 arch/x86/kernel/alternative.c:2290
 text_poke_bp_batch+0x498/0x760 arch/x86/kernel/alternative.c:2743
 text_poke_flush arch/x86/kernel/alternative.c:2856 [inline]
 text_poke_flush arch/x86/kernel/alternative.c:2853 [inline]
 text_poke_finish+0x30/0x40 arch/x86/kernel/alternative.c:2863
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 jump_label_update+0x376/0x550 kernel/jump_label.c:919
 static_key_enable_cpuslocked+0x1b7/0x270 kernel/jump_label.c:210
 static_key_enable+0x1a/0x20 kernel/jump_label.c:223
 toggle_allocation_gate mm/kfence/core.c:850 [inline]
 toggle_allocation_gate+0xfa/0x280 mm/kfence/core.c:842
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.690 msecs

final repro crashed as (corrupted=false):
INFO: task kworker/u8:2:36 blocked for more than 143 seconds.
      Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:2    state:D stack:24504 pid:36    tgid:36    ppid:2      task_flags:0x4248060 flags:0x00004000
Workqueue: writeback wb_workfn (flush-8:0)
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x116f/0x5de0 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6860
 io_schedule+0xbf/0x130 kernel/sched/core.c:7742
 bit_wait_io+0x15/0xe0 kernel/sched/wait_bit.c:247
 __wait_on_bit+0x62/0x180 kernel/sched/wait_bit.c:49
 out_of_line_wait_on_bit+0xd9/0x110 kernel/sched/wait_bit.c:64
 wait_on_bit_io include/linux/wait_bit.h:105 [inline]
 do_get_write_access+0x93d/0x12a0 fs/jbd2/transaction.c:1092
 jbd2_journal_get_write_access+0x1d6/0x280 fs/jbd2/transaction.c:1241
 __ext4_journal_get_write_access+0x6a/0x340 fs/ext4/ext4_jbd2.c:241
 ext4_mb_mark_context+0x1db/0xd40 fs/ext4/mballoc.c:4014
 ext4_mb_mark_diskspace_used+0x466/0x8c0 fs/ext4/mballoc.c:4131
 ext4_mb_new_blocks+0xa5b/0x4f00 fs/ext4/mballoc.c:6233
 ext4_ext_map_blocks+0x1b95/0x5d60 fs/ext4/extents.c:4379
 ext4_map_create_blocks fs/ext4/inode.c:520 [inline]
 ext4_map_blocks+0x45b/0x1390 fs/ext4/inode.c:706
 mpage_map_one_extent fs/ext4/inode.c:2224 [inline]
 mpage_map_and_submit_extent fs/ext4/inode.c:2277 [inline]
 ext4_do_writepages+0x1a2c/0x3490 fs/ext4/inode.c:2739
 ext4_writepages+0x37a/0x7d0 fs/ext4/inode.c:2829
 do_writepages+0x1b2/0x820 mm/page-writeback.c:2656
 __writeback_single_inode+0x160/0xfb0 fs/fs-writeback.c:1680
 writeback_sb_inodes+0x601/0xf90 fs/fs-writeback.c:1976
 __writeback_inodes_wb+0xf8/0x2d0 fs/fs-writeback.c:2047
 wb_writeback+0x7f3/0xb70 fs/fs-writeback.c:2158
 wb_check_old_data_flush fs/fs-writeback.c:2262 [inline]
 wb_do_writeback fs/fs-writeback.c:2315 [inline]
 wb_workfn+0x8ca/0xbe0 fs/fs-writeback.c:2343
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/31:
 #0: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6764
6 locks held by kworker/u8:2/36:
 #0: ffff88801c6f3148 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3213
 #1: ffffc90000ad7d18 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3214
 #2: ffff888033f580e0 (&type->s_umount_key#31){++++}-{4:4}, at: super_trylock_shared+0x1e/0xf0 fs/super.c:562
 #3: ffff888033f5ab98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x1b2/0x820 mm/page-writeback.c:2656
 #4: ffff888033f5c950 (jbd2_handle){.+.+}-{0:0}, at: start_this_handle+0x5e4/0x1410 fs/jbd2/transaction.c:444
 #5: ffff88807bc03450 (&ei->i_data_sem){++++}-{4:4}, at: ext4_map_blocks+0x355/0x1390 fs/ext4/inode.c:705
2 locks held by getty/5599:
 #0: ffff888035c020a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:158 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:274 [inline]
 watchdog+0xf70/0x12c0 kernel/hung_task.c:437
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:__sanitizer_cov_trace_const_cmp4+0xc/0x20 kernel/kcov.c:314
Code: 00 e9 58 fe ff ff 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 89 f2 89 fe <bf> 05 00 00 00 e9 2a fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 90
RSP: 0018:ffffc90000be7838 EFLAGS: 00000046
RAX: 0000000000000003 RBX: 0000000000000000 RCX: ffffffff815d8e5b
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100368e0fd
R10: ffff88801b4707eb R11: 0000000000000000 R12: ffff88801b4707e8
R13: 0000000000021f91 R14: 0000000000000002 R15: ffff888022ad0558
FS:  0000000000000000(0000) GS:ffff8881249bf000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f730970f0f0 CR3: 000000001b478000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 switch_ldt+0xab/0x1c0 arch/x86/kernel/ldt.c:113
 switch_mm_irqs_off+0x400/0x890 arch/x86/mm/tlb.c:949
 use_temporary_mm arch/x86/kernel/alternative.c:2175 [inline]
 __text_poke+0x3fa/0xd00 arch/x86/kernel/alternative.c:2290
 text_poke_bp_batch+0x498/0x760 arch/x86/kernel/alternative.c:2743
 text_poke_flush arch/x86/kernel/alternative.c:2856 [inline]
 text_poke_flush arch/x86/kernel/alternative.c:2853 [inline]
 text_poke_finish+0x30/0x40 arch/x86/kernel/alternative.c:2863
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 jump_label_update+0x376/0x550 kernel/jump_label.c:919
 static_key_enable_cpuslocked+0x1b7/0x270 kernel/jump_label.c:210
 static_key_enable+0x1a/0x20 kernel/jump_label.c:223
 toggle_allocation_gate mm/kfence/core.c:850 [inline]
 toggle_allocation_gate+0xfa/0x280 mm/kfence/core.c:842
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.690 msecs