Extracting prog: 47m54.166552323s
Minimizing prog: 2h17m51.469731465s
Simplifying prog options: 0s
Extracting C: 3m11.09893311s
Simplifying C: 24m10.039975778s


extracting reproducer from 53 programs
testing a last program of every proc
single: executing 13 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$kvm-socket$nl_xfrm-sendmsg$nl_xfrm-sendmsg$nl_xfrm-ioctl$KVM_CREATE_VM-syz_usb_connect-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID-syz_kvm_setup_cpu$x86-bind$inet6-syz_kvm_setup_cpu$x86-ioctl$KVM_RUN-openat$procfs-write$cgroup_freezer_state-fcntl$setstatus-gettid-fcntl$setown-ioctl$SNDRV_CTL_IOCTL_ELEM_ADD-ioctl$KVM_INTERRUPT-syz_usb_connect$hid-socket$nl_netfilter-sendmsg$NFT_BATCH-creat-fadvise64-mmap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1414bb000000000000000000000000000024004e2100050200002062000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000100000000000000000000001000000000000000000000000007b4979000003000000000000000000000000000000e307000000000000000000006afde9e93dc41d0000000000001300000000000000000000000000000000000000020000"], 0xb8}, 0x1, 0x0, 0x0, 0x40002}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x2500, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}}, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000001080)={{0x12, 0x1, 0x0, 0x78, 0x82, 0xb7, 0x40, 0x2c42, 0x1709, 0xcab7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xbf, 0x60, 0xe7}}]}}]}}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1cb000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x6)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r7, 0x4068aea3, &(0x7f0000000280)={0xbe, 0x0, 0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000140)="66baf80cb8044fdc87efed660f388059e0b805000000b91e4200000f01c10f20c035000000200f22c0f20fa20f01cb36263e660f381efc660f7c150c000000b805000000b9210000000f01c1c4e17929d8", 0x51}], 0x1, 0x11, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x6, @empty, 0x8004a}, 0x1c)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0xd, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sysvipc/sem\x00', 0x41, 0x0)
write$cgroup_freezer_state(r8, 0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2c00)
r9 = gettid()
fcntl$setown(0xffffffffffffffff, 0x8, r9)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r8, 0xc1105517, &(0x7f0000000300)={{0x0, 0x5, 0x9, 0x5, '\x00', 0x6}, 0x2, 0x100, 0x9, r9, 0x9, 0x3, 'syz1\x00', &(0x7f00000004c0)=['/dev/kvm\x00', '\x00', '/dev/kvm\x00', '', '\x00', '/dev/kvm\x00', '\x80\xcd\x83H\xce\xcc8\x16\xa3\xb8{\nX_d\xfdf\xae\xf8\x00\x8a\v\xd1;\x00nU\xb7\'3\xdc\x93\xb7a\xf03\x1e\xa6y\xaf\xe1\x15\xb2\xeaD\x1b\xa0\x14\x9e\x992\x91\xdeSg\x80\xafA \xb5\x96gti\xadm\x00\fQ\x97AZr\xc9\xce$\xb8\xfd\x93mO\xfd$\xe6u$\xdcE\x02\xcb%f\x91;Qn\xb8\xf7\xb8m\xa7\x88\xe4\xfd\f\x18\x8e\xbagX/w\xd0\x87\x84q\x94\xf3,\xca6a\xb5\xf3\x18\xcdD\xf8-\xef\x99L|>\x1f\xc04\xec\x11\xbda\xa9G\x8as\xc9\xe2\x01VE\xa0&\x00\r5hX\xb6\xc0A\x818lj\xe9#\x8f\xfbs\xcdM%e5\xb3\x9d\x84\xda\xceT\x8ew\x9al\xc6\xc4E\x98@\xbcH\x00'/207, ')%\xad#-)\'\x00', '\\\x00'], 0xf6})
ioctl$KVM_INTERRUPT(r4, 0x4004ae86, &(0x7f0000000440)=0x2)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000020ac050f02220001828301090224000101000000090400000203010200092100050001220000090581", @ANYBLOB="87e9"], 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a300000000084000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff00080003400000000838001180090001006c61737400000000280002800c00024000000000000000090800014000000ba308000140000010000800014000003f5e980000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000006c0003806800008008000340000000025c0002800c00028008000340000000024c000280080003400000000408000180ff"], 0x164}, 0x1, 0x0, 0x0, 0x400480d}, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0x1c)
fadvise64(r0, 0x92, 0x5, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r0, 0x5708e000)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): creat-mount-openat$ocfs2_control
detailed listing:
executing program 0:
creat(&(0x7f0000001380)='./file0\x00', 0x4)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)='qnx4\x00', 0x0, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040), 0x280880, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setsockopt$RXRPC_MIN_SECURITY_LEVEL-socket$rxrpc-connect$rxrpc-socket$rxrpc-setsockopt$RXRPC_SECURITY_KEYRING-ioctl$int_in-sendmsg$inet-socket$rxrpc-bind$rxrpc-connect$rxrpc-sendmsg$NL80211_CMD_SET_WOWLAN-setsockopt$RXRPC_SECURITY_KEYRING-socket$rxrpc-connect$rxrpc-sendmsg$NL80211_CMD_SET_PMKSA-syz_usb_connect$hid-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-ioctl$EVIOCGBITSND-socket$kcm-openat$cgroup_ro-setsockopt$packet_fanout-getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS-setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR-getpeername$packet-openat$dsp-syz_init_net_socket$bt_rfcomm-ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD-ioctl$sock_bt_hidp_HIDPCONNDEL-bind$rxrpc-sendmsg$IPVS_CMD_SET_DEST
detailed listing:
executing program 0:
setsockopt$RXRPC_MIN_SECURITY_LEVEL(0xffffffffffffffff, 0x110, 0x4, &(0x7f0000000000)=0x1, 0x4)
r0 = socket$rxrpc(0x21, 0x2, 0x0)
connect$rxrpc(r0, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e21, 0x8, @mcast1, 0xd}}, 0x24)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, &(0x7f0000000080)=']&\'.\x00', 0x5)
ioctl$int_in(r1, 0x5452, &(0x7f00000000c0)=0x8)
sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000100)={0x2, 0x4e22, @broadcast}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000140)="93ae768edeb44681c7787f30af10630ac12268ed856994e932ddf746254fa94845d784ea11c9263babeff7a287ea43fc5fb526c6ae9e8a0e247b6808c5b945285ae391837fd650db2a152dccae77e04a9765e3dcfd0300124c4341a08611a8e4cbc0147d5d5ab0f8953fc2c7", 0x6c}, {&(0x7f00000001c0)="a2edcfdc224fd5a241b8ef6d846cdff35d6ce90e1fa0422c73a3e116feb0834bc2f771eb4dacd4fe368163af68c84ece23b3e6014b19baea833ef492db24be08330e240ee033282e3bdd4f8787ab78356c459ef8cb24fa524edb2b5b0428b497ac66d310836b1aeebd75ffaf7964627b6aed691305e7491c06ad0ed466fa3f12f78a9df594ad632b8a40a525abddf2d8efb4f52749623225b366cab9", 0x9c}, {&(0x7f0000000280)="96f2020507ed53cdb18b570f52599e258746f1406947570639e3e932491dae157ff34729f31e62cfb6013176ff004af5668a76fb534610d7a297cdefd5de8f71131ae5d424bc44831989351f0190604fd8ce06ad450977b65cafe712fd", 0x5d}], 0x3, &(0x7f0000000340)=[@ip_retopts={{0x14, 0x0, 0x7, {[@ra={0x94, 0x4, 0x1}]}}}, @ip_retopts={{0x90, 0x0, 0x7, {[@generic={0x7, 0xd, "3cad37e7ff4233aae46d20"}, @generic={0x82, 0xf, "88e3a1c78e74ad37f651764d03"}, @generic={0x89, 0x10, "6bd71649f83b3357f6b0cd17e27e"}, @timestamp_addr={0x44, 0x14, 0x5, 0x1, 0xa, [{@rand_addr=0x64010102, 0x800}, {@private=0xa010101, 0xffff5483}]}, @cipso={0x86, 0x24, 0xffffffffffffffff, [{0x0, 0x10, "4a2029b51ba07dffcca4561df574"}, {0x5, 0x7, "c4655d623a"}, {0x5, 0x7, "391f990dc4"}]}, @rr={0x7, 0x13, 0x80, [@empty, @remote, @local, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @lsrr={0x83, 0x7, 0x81, [@multicast2]}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x8d}}, @ip_ttl={{0x14, 0x0, 0x2, 0x8}}, @ip_retopts={{0x20, 0x0, 0x7, {[@end, @generic={0x88, 0x5, "4f024b"}, @end, @generic={0x44, 0x9, "ccfff63de5dda6"}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x8000}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x4}}], 0x128}, 0xd0)
r2 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r2, &(0x7f00000004c0)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e22, @multicast2}}, 0x24)
connect$rxrpc(r2, &(0x7f0000000500)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e24, @local}}, 0x24)
sendmsg$NL80211_CMD_SET_WOWLAN(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x68, 0x0, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@void, @void, @val={0xc, 0x99, {0xfffffffa, 0x69}}}}, [@NL80211_ATTR_WOWLAN_TRIGGERS={0x4}, @NL80211_ATTR_WOWLAN_TRIGGERS={0x10, 0x75, 0x0, 0x1, [@NL80211_WOWLAN_TRIG_ANY={0x4}, @NL80211_WOWLAN_TRIG_MAGIC_PKT={0x4}, @NL80211_WOWLAN_TRIG_RFKILL_RELEASE={0x4}]}, @NL80211_ATTR_WOWLAN_TRIGGERS={0x1c, 0x75, 0x0, 0x1, [@NL80211_WOWLAN_TRIG_NET_DETECT={0x4}, @NL80211_WOWLAN_TRIG_TCP_CONNECTION={0x4}, @NL80211_WOWLAN_TRIG_ANY={0x4}, @NL80211_WOWLAN_TRIG_DISCONNECT={0x4}, @NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE={0x4}, @NL80211_WOWLAN_TRIG_RFKILL_RELEASE={0x4}]}, @NL80211_ATTR_WOWLAN_TRIGGERS={0x10, 0x75, 0x0, 0x1, [@NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE={0x4}, @NL80211_WOWLAN_TRIG_RFKILL_RELEASE={0x4}, @NL80211_WOWLAN_TRIG_RFKILL_RELEASE={0x4}]}, @NL80211_ATTR_WOWLAN_TRIGGERS={0x8, 0x75, 0x0, 0x1, [@NL80211_WOWLAN_TRIG_RFKILL_RELEASE={0x4}]}]}, 0x68}}, 0x20040050)
setsockopt$RXRPC_SECURITY_KEYRING(r2, 0x110, 0x2, &(0x7f0000000680)=']&\'.\x00', 0x5)
r3 = socket$rxrpc(0x21, 0x2, 0x2)
connect$rxrpc(r3, &(0x7f00000006c0)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x46dc}}, 0x24)
sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x30, 0x0, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x80000001, 0x2a}}}}, [@NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x40}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x40040081}, 0x1)
syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000800)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc219, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0xb3, 0x80, 0x5, [{{0x9, 0x4, 0x0, 0x5, 0x1, 0x3, 0x1, 0x2, 0xa5, {0x9, 0x21, 0xf, 0x6, 0x1, {0x22, 0xf8f}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x9, 0x2, 0xd}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x1, 0x5, 0xed}}]}}}]}}]}}, &(0x7f0000000ac0)={0xa, &(0x7f0000000840)={0xa, 0x6, 0x310, 0x3, 0x2, 0x5, 0x10, 0x9}, 0x31, &(0x7f0000000880)={0x5, 0xf, 0x31, 0x4, [@wireless={0xb, 0x10, 0x1, 0xc, 0x48, 0x9, 0x1, 0x4, 0x5}, @ssp_cap={0xc, 0x10, 0xa, 0xff, 0x0, 0x1bbd, 0xf, 0x6}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xc, 0x8, 0x99, 0xfffd}, @wireless={0xb, 0x10, 0x1, 0x0, 0xd, 0x1b, 0x7, 0x8001, 0x98}]}, 0x4, [{0xde, &(0x7f00000008c0)=@string={0xde, 0x3, "627f890f4be2f97633846eae2cbccf835d80b755a3048beeed8b40fda2331028d42209e9e5f872c452c2e20b4f161e19e89f38109ae2e282ccfcb68c57cfd50af6c20c5dd94360c9bcf8596b27e31d8a39bc3e0ee1365e94627e6f83d32c6cd1f3a64dd7b034f179ae7957a19a9b899f0465d427ab5fea75160c91128229c32f3aaaafc999849de2bc9fa91a6b9c085c97251129630ed913b6221711f4bef8bd2a2d94cbc118ad59a3e895ebdd781100edce87235bc108b056f50d6e5367fecda85e572b50be2f2ee6be5c425e85932133c5dadf5320608070f3bbc9"}}, {0x4d, &(0x7f00000009c0)=@string={0x4d, 0x3, "35c2dc85350aa6cbb0a135c2327db1eaa7e87a0808a54c271facd8ec92d47734ead06089f22ba9e85fa431722af1a5b80f21dbe371f91c89266d229992434ebf1864867edd48bc6cc0520a"}}, {0x4, &(0x7f0000000a40)=@lang_id={0x4, 0x3, 0x412}}, {0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x2801}}]})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000b80)={&(0x7f0000000b40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xa, 0x80000, 0x0, <r4=>0xffffffffffffffff})
ioctl$EVIOCGBITSND(r4, 0x80404532, &(0x7f0000000bc0)=""/28)
socket$kcm(0x29, 0x0, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f0000000c00)='blkio.bfq.time\x00', 0x0, 0x0)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000c40)={0x4, 0x2000}, 0x4)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f0000000c80)={<r6=>0x0, 0x32, "7aa10e2738c74dc57f262fd9a8baf9dbf8f00121068c97eb1bb5ecf2bdd7487fa3d013228ea980e984c15dbbccdda2b1eaac"}, &(0x7f0000000cc0)=0x3a)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f0000000d00)={r6, @in6={{0xa, 0x4e22, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}}}, 0x84)
getpeername$packet(r4, &(0x7f0000000dc0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000e00)=0x14)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000e40), 0x20000, 0x0)
r7 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r7, 0x8982, &(0x7f0000000e80)={0x7, 'team_slave_0\x00', {0x7}, 0x1})
ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000ec0)={@any, 0x7})
bind$rxrpc(r3, &(0x7f0000000f00)=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e24, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2a5b}}, 0x24)
sendmsg$IPVS_CMD_SET_DEST(r4, &(0x7f0000001040)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001000)={&(0x7f0000000fc0)={0x20, 0x0, 0x4, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000000)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ttyS3-openat$tun-ioctl$TUNSETIFF-ioctl$TUNSETTXFILTER-openat$ttyS3-ioctl$TIOCGPGRP-mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_ro-read$FUSE-openat$sndseq-openat$sndtimer-ioctl$SNDRV_TIMER_IOCTL_SELECT-syz_open_dev$vim2m-ioctl$vim2m_VIDIOC_S_FMT-mount
detailed listing:
executing program 0:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'\x00', 0x1})
ioctl$TUNSETTXFILTER(r1, 0x400454d1, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCGPGRP(r0, 0x5437, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
read$FUSE(r3, &(0x7f0000000c80)={0x2020}, 0x2020)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000100)={{0x0, 0x1, 0x10001, 0x0, 0x8}})
r5 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000180)={0x2, @pix_mp={0x0, 0x0, 0x33424752, 0x0, 0x0, [{0x0, 0x3}]}})
mount(&(0x7f0000000140)=@filename='./file0\x00', &(0x7f0000000180)='./cgroup\x00', &(0x7f00000000c0)='efs\x00', 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ttyS3-openat$tun-ioctl$TUNSETIFF-ioctl$TUNSETTXFILTER-openat$ttyS3-ioctl$TIOCGPGRP-mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_ro-read$FUSE-openat$sndseq-openat$sndtimer-ioctl$SNDRV_TIMER_IOCTL_SELECT-syz_open_dev$vim2m-ioctl$vim2m_VIDIOC_S_FMT-mount
detailed listing:
executing program 0:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'\x00', 0x1})
ioctl$TUNSETTXFILTER(r1, 0x400454d1, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCGPGRP(r0, 0x5437, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
read$FUSE(r3, &(0x7f0000000c80)={0x2020}, 0x2020)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000100)={{0x0, 0x1, 0x10001, 0x0, 0x8}})
r5 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000180)={0x2, @pix_mp={0x0, 0x0, 0x33424752, 0x0, 0x0, [{0x0, 0x3}]}})
mount(&(0x7f0000000140)=@filename='./file0\x00', &(0x7f0000000180)='./cgroup\x00', &(0x7f00000000c0)='efs\x00', 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rfkill-ioctl$RFKILL_IOCTL_NOINPUT-openat$rnullb-mmap-socket$kcm-write$cgroup_subtree-socket$nl_netfilter-ioctl$AUTOFS_DEV_IOCTL_REQUESTER-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_ADDFB2-accept$packet-socket$nl_netfilter-socket$nl_generic-sendmsg$nl_generic-sendmsg$IPSET_CMD_CREATE-socket$nl_xfrm-setsockopt$netlink_NETLINK_PKTINFO-mlock-mlock2-openat$rfkill-ioctl$RFKILL_IOCTL_NOINPUT-openat$rnullb-mmap-socket$kcm-write$cgroup_subtree-socket$nl_netfilter-ioctl$AUTOFS_DEV_IOCTL_REQUESTER-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_ADDFB2-accept$packet-socket$nl_netfilter-socket$nl_generic-sendmsg$nl_generic-sendmsg$IPSET_CMD_CREATE-socket$nl_xfrm-setsockopt$netlink_NETLINK_PKTINFO-mlock-mlock2
detailed listing:
executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x541b)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x800, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r1, 0xc3a51000)
r2 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000580)=ANY=[], 0xfe33)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r3=>r1, {0x0, <r4=>0xee00}}, './file0\x00'})
r5 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r5, 0xc06864b8, &(0x7f0000000000)={0x0, 0x40, 0x3f, 0x30315559, 0x0, [], [], [], [0x2]})
accept$packet(r3, &(0x7f0000000140), &(0x7f0000000180)=0x14)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x24, 0x3e, 0x1, 0x70bd2b, 0x0, {0x1}, [@typed={0x4}, @typed={0x4, 0x2, 0x0, 0x0, @binary}, @nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x10}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYRES64=0x0, @ANYRESHEX=r4], 0x64}, 0x1, 0x0, 0x0, 0x4000001}, 0x40)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_PKTINFO(r8, 0x10e, 0x3, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mlock2(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x541b) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x800, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r1, 0xc3a51000) (async)
socket$kcm(0x10, 0x2, 0x0) (async)
write$cgroup_subtree(r2, &(0x7f0000000580)=ANY=[], 0xfe33) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {0x0, 0xee00}}, './file0\x00'}) (async)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) (async)
ioctl$DRM_IOCTL_MODE_ADDFB2(r5, 0xc06864b8, &(0x7f0000000000)={0x0, 0x40, 0x3f, 0x30315559, 0x0, [], [], [], [0x2]}) (async)
accept$packet(r3, &(0x7f0000000140), &(0x7f0000000180)=0x14) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x24, 0x3e, 0x1, 0x70bd2b, 0x0, {0x1}, [@typed={0x4}, @typed={0x4, 0x2, 0x0, 0x0, @binary}, @nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x10}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) (async)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYRES64=0x0, @ANYRESHEX=r4], 0x64}, 0x1, 0x0, 0x0, 0x4000001}, 0x40) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
setsockopt$netlink_NETLINK_PKTINFO(r8, 0x10e, 0x3, 0x0, 0x0) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
mlock2(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1) (async)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rfkill-ioctl$RFKILL_IOCTL_NOINPUT-openat$rnullb-mmap-socket$kcm-write$cgroup_subtree-socket$nl_netfilter-ioctl$AUTOFS_DEV_IOCTL_REQUESTER-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_ADDFB2-accept$packet-socket$nl_netfilter-socket$nl_generic-sendmsg$nl_generic-sendmsg$IPSET_CMD_CREATE-socket$nl_xfrm-setsockopt$netlink_NETLINK_PKTINFO-mlock-mlock2-openat$rfkill-ioctl$RFKILL_IOCTL_NOINPUT-openat$rnullb-mmap-socket$kcm-write$cgroup_subtree-socket$nl_netfilter-ioctl$AUTOFS_DEV_IOCTL_REQUESTER-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_ADDFB2-accept$packet-socket$nl_netfilter-socket$nl_generic-sendmsg$nl_generic-sendmsg$IPSET_CMD_CREATE-socket$nl_xfrm-setsockopt$netlink_NETLINK_PKTINFO-mlock-mlock2
detailed listing:
executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x541b)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x800, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r1, 0xc3a51000)
r2 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000580)=ANY=[], 0xfe33)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r3=>r1, {0x0, <r4=>0xee00}}, './file0\x00'})
r5 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r5, 0xc06864b8, &(0x7f0000000000)={0x0, 0x40, 0x3f, 0x30315559, 0x0, [], [], [], [0x2]})
accept$packet(r3, &(0x7f0000000140), &(0x7f0000000180)=0x14)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x24, 0x3e, 0x1, 0x70bd2b, 0x0, {0x1}, [@typed={0x4}, @typed={0x4, 0x2, 0x0, 0x0, @binary}, @nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x10}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYRES64=0x0, @ANYRESHEX=r4], 0x64}, 0x1, 0x0, 0x0, 0x4000001}, 0x40)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_PKTINFO(r8, 0x10e, 0x3, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mlock2(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x541b) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x800, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r1, 0xc3a51000) (async)
socket$kcm(0x10, 0x2, 0x0) (async)
write$cgroup_subtree(r2, &(0x7f0000000580)=ANY=[], 0xfe33) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {0x0, 0xee00}}, './file0\x00'}) (async)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) (async)
ioctl$DRM_IOCTL_MODE_ADDFB2(r5, 0xc06864b8, &(0x7f0000000000)={0x0, 0x40, 0x3f, 0x30315559, 0x0, [], [], [], [0x2]}) (async)
accept$packet(r3, &(0x7f0000000140), &(0x7f0000000180)=0x14) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x24, 0x3e, 0x1, 0x70bd2b, 0x0, {0x1}, [@typed={0x4}, @typed={0x4, 0x2, 0x0, 0x0, @binary}, @nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x10}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) (async)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYRES64=0x0, @ANYRESHEX=r4], 0x64}, 0x1, 0x0, 0x0, 0x4000001}, 0x40) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
setsockopt$netlink_NETLINK_PKTINFO(r8, 0x10e, 0x3, 0x0, 0x0) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
mlock2(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1) (async)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-fcntl$setownex-write$FUSE_BMAP-write$FUSE_NOTIFY_RETRIEVE-write$FUSE_NOTIFY_RETRIEVE-userfaultfd-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_REGISTER-mremap-madvise-madvise-ioctl$UFFDIO_CONTINUE-mount$9p_fd-utimes
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r4, 0x0) (async)
fchmod(r4, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r6 = dup(r3)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r8 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r8, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r7, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r9=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r9}) (async)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r9})
write$FUSE_BMAP(r6, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f00000000c0)={0x14c}, 0x137) (async)
write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f00000000c0)={0x14c}, 0x137)
userfaultfd(0x801) (async)
r10 = userfaultfd(0x801)
ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r10, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x16) (async)
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x16)
ioctl$UFFDIO_CONTINUE(r10, 0xc020aa08, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="7472616e733d66642c72661cf4f35ec59b646e6f3d", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',k'])
utimes(&(0x7f0000000140)='./file0\x00', 0x0)

program crashed: INFO: task hung in exit_mm
single: successfully extracted reproducer
found reproducer with 40 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-fcntl$setownex-write$FUSE_BMAP-write$FUSE_NOTIFY_RETRIEVE-write$FUSE_NOTIFY_RETRIEVE-userfaultfd-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_REGISTER-mremap-madvise-madvise-ioctl$UFFDIO_CONTINUE-mount$9p_fd
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r4, 0x0) (async)
fchmod(r4, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r6 = dup(r3)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r8 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r8, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r7, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r9=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r9}) (async)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r9})
write$FUSE_BMAP(r6, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f00000000c0)={0x14c}, 0x137) (async)
write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f00000000c0)={0x14c}, 0x137)
userfaultfd(0x801) (async)
r10 = userfaultfd(0x801)
ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r10, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x16) (async)
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x16)
ioctl$UFFDIO_CONTINUE(r10, 0xc020aa08, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="7472616e733d66642c72661cf4f35ec59b646e6f3d", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',k'])

program crashed: INFO: task hung in do_madvise
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-fcntl$setownex-write$FUSE_BMAP-write$FUSE_NOTIFY_RETRIEVE-write$FUSE_NOTIFY_RETRIEVE-userfaultfd-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_REGISTER-mremap-madvise-madvise-ioctl$UFFDIO_CONTINUE
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r5 = dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r6, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r8=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8}) (async)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8})
write$FUSE_BMAP(r5, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) (async)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137)
userfaultfd(0x801) (async)
r9 = userfaultfd(0x801)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x16) (async)
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x16)
ioctl$UFFDIO_CONTINUE(r9, 0xc020aa08, 0x0)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-fcntl$setownex-write$FUSE_BMAP-write$FUSE_NOTIFY_RETRIEVE-write$FUSE_NOTIFY_RETRIEVE-userfaultfd-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_REGISTER-mremap-madvise-madvise
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r5 = dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r6, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r8=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8}) (async)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8})
write$FUSE_BMAP(r5, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) (async)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137)
userfaultfd(0x801) (async)
r9 = userfaultfd(0x801)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x16) (async)
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x16)

program crashed: INFO: task hung in userfaultfd_release_all
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-fcntl$setownex-write$FUSE_BMAP-write$FUSE_NOTIFY_RETRIEVE-write$FUSE_NOTIFY_RETRIEVE-userfaultfd-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_REGISTER-mremap-madvise
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r5 = dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r6, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r8=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8}) (async)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8})
write$FUSE_BMAP(r5, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) (async)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137)
userfaultfd(0x801) (async)
r9 = userfaultfd(0x801)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x16) (async)

program crashed: INFO: task hung in userfaultfd_release_all
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-fcntl$setownex-write$FUSE_BMAP-write$FUSE_NOTIFY_RETRIEVE-write$FUSE_NOTIFY_RETRIEVE-userfaultfd-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_REGISTER-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r5 = dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r6, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r8=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8}) (async)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8})
write$FUSE_BMAP(r5, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) (async)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137)
userfaultfd(0x801) (async)
r9 = userfaultfd(0x801)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in userfaultfd_release_all
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-fcntl$setownex-write$FUSE_BMAP-write$FUSE_NOTIFY_RETRIEVE-write$FUSE_NOTIFY_RETRIEVE-userfaultfd-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_REGISTER
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r5 = dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r6, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r8=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8}) (async)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8})
write$FUSE_BMAP(r5, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) (async)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137)
userfaultfd(0x801) (async)
r9 = userfaultfd(0x801)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-fcntl$setownex-write$FUSE_BMAP-write$FUSE_NOTIFY_RETRIEVE-write$FUSE_NOTIFY_RETRIEVE-userfaultfd-userfaultfd-ioctl$UFFDIO_API-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r5 = dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r6, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r8=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8}) (async)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8})
write$FUSE_BMAP(r5, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) (async)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137)
userfaultfd(0x801) (async)
r9 = userfaultfd(0x801)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in userfaultfd_release_all
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-fcntl$setownex-write$FUSE_BMAP-write$FUSE_NOTIFY_RETRIEVE-write$FUSE_NOTIFY_RETRIEVE-userfaultfd-userfaultfd-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r5 = dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r6, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r8=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8}) (async)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8})
write$FUSE_BMAP(r5, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) (async)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137)
userfaultfd(0x801) (async)
userfaultfd(0x801)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in userfaultfd_release_all
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-fcntl$setownex-write$FUSE_BMAP-write$FUSE_NOTIFY_RETRIEVE-write$FUSE_NOTIFY_RETRIEVE-userfaultfd-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r5 = dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r6, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r8=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8}) (async)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8})
write$FUSE_BMAP(r5, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) (async)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137)
userfaultfd(0x801) (async)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in userfaultfd_release_all
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-fcntl$setownex-write$FUSE_BMAP-write$FUSE_NOTIFY_RETRIEVE-write$FUSE_NOTIFY_RETRIEVE-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r5 = dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r6, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r8=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8}) (async)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8})
write$FUSE_BMAP(r5, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) (async)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-fcntl$setownex-write$FUSE_BMAP-write$FUSE_NOTIFY_RETRIEVE-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r5 = dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r6, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r8=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8}) (async)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8})
write$FUSE_BMAP(r5, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) (async)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-fcntl$setownex-write$FUSE_BMAP-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r5 = dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r6, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r8=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8}) (async)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r8})
write$FUSE_BMAP(r5, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-fcntl$setownex-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r6, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r5, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r7=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r7}) (async)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r7})
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-fcntl$setownex-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r6, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r5, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={<r7=>0x0}, &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
fcntl$setownex(r0, 0xf, &(0x7f00000002c0)={0x0, r7}) (async)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-getsockopt$WPAN_WANTACK-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r6, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r5, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-getsockopt$WPAN_WANTACK-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r6, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r5, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000200)=0xc)
getsockopt$WPAN_WANTACK(r1, 0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-getsockopt$sock_cred-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r3, 0x0) (async)
fchmod(r3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
dup(r2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r6, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r5, &(0x7f0000000000)={0x10, @short}, 0x2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000200)=0xc)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-connect$802154_dgram-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r2, 0x0) (async)
fchmod(r2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
dup(r1)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r5, 0x80087601, &(0x7f0000000380))
connect$802154_dgram(r4, &(0x7f0000000000)={0x10, @short}, 0x2)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-ioctl$FS_IOC_GETVERSION-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r2, 0x0) (async)
fchmod(r2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
dup(r1)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
ioctl$FS_IOC_GETVERSION(r4, 0x80087601, &(0x7f0000000380))
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-openat$vsock-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r2, 0x0) (async)
fchmod(r2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
dup(r1)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x9c000, 0x0)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mmap$KVM_VCPU-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r2, 0x0) (async)
fchmod(r2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
dup(r1)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x100000c, 0x16831, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-syz_init_net_socket$802154_dgram-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r2, 0x0) (async)
fchmod(r2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
dup(r1)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-syz_init_net_socket$802154_dgram-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r2, 0x0) (async)
fchmod(r2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
dup(r1)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-dup-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r2, 0x0) (async)
fchmod(r2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
dup(r1)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r2, 0x0) (async)
fchmod(r2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-sendmsg$NFT_BATCH-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r2, 0x0) (async)
fchmod(r2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-socket$nl_netfilter-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r2, 0x0) (async)
fchmod(r2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-socket$nl_netfilter-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r2, 0x0) (async)
fchmod(r2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-fchmod-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r2, 0x0) (async)
fchmod(r2, 0x0)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-fchmod-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
fchmod(r2, 0x0) (async)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-openat$binder_debug-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-write$P9_RVERSION-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-pipe2$9p-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0), 0x0)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-pipe2$9p-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-creat-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-syz_init_net_socket$bt_rfcomm-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_init_net_socket$bt_rfcomm-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-mremap
detailed listing:
executing program 0:
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, r0, 0xf6489000)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mremap
detailed listing:
executing program 0:
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa8000, 0x0)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-mremap
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, 0xffffffffffffffff, 0xf6489000)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-mremap
program crashed: INFO: task hung in exit_mm
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-mremap
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-mremap
program crashed: INFO: task hung in exit_mm
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-mremap
program crashed: INFO: task hung in exit_mm
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-mremap
program crashed: INFO: task hung in exit_mm
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-mremap
program crashed: INFO: task hung in exit_mm
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-mremap
program crashed: INFO: task hung in exit_mm
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-mremap
program crashed: INFO: task hung in exit_mm
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-mremap
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, 0xffffffffffffffff, 0xf6489000)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-mremap
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, 0xffffffffffffffff, 0xf6489000)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-mremap
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x20011, 0xffffffffffffffff, 0xf6489000)
mremap(&(0x7f0000d59000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000a91000/0x1000)=nil)

program crashed: INFO: task hung in exit_mm
validation run: crashed=true
reproducing took 3h42m46.208528877s
repro crashed as (corrupted=false):
INFO: task syz.0.16:6013 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc6-next-20250718-syzkaller #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.16        state:D stack:26920 pid:6013  tgid:6013  ppid:5967   task_flags:0x40004c flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5351 [inline]
 __schedule+0x1737/0x4d30 kernel/sched/core.c:6954
 __schedule_loop kernel/sched/core.c:7036 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7051
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7108
 rwsem_down_read_slowpath+0x5fd/0x8f0 kernel/locking/rwsem.c:1088
 __down_read_common kernel/locking/rwsem.c:1263 [inline]
 __down_read kernel/locking/rwsem.c:1276 [inline]
 down_read+0x98/0x2e0 kernel/locking/rwsem.c:1541
 mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 exit_mm+0xcc/0x2c0 kernel/exit.c:557
 do_exit+0x648/0x2300 kernel/exit.c:947
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1100
 __do_sys_exit_group kernel/exit.c:1111 [inline]
 __se_sys_exit_group kernel/exit.c:1109 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1109
 x64_sys_call+0x21f7/0x2200 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f72cdb8e9a9
RSP: 002b:00007ffc870dcfe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f72cdb8e9a9
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000003 R08: 00000002870dd0df R09: 00007f72cdd80260
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f72cdd80260 R14: 0000000000000003 R15: 00007ffc870dd0a0
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/u8:0/12:
1 lock held by khungtaskd/31:
 #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6770
3 locks held by kworker/u8:4/59:
 #0: ffff88802f9d7948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88802f9d7948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000210fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000210fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x112/0x14b0 net/ipv6/addrconf.c:4189
2 locks held by getty/5606:
 #0: ffff8880343700a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc900036c32f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222
1 lock held by syz.0.16/6013:
 #0: ffff88802f4962a0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 #0: ffff88802f4962a0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557
1 lock held by syz.0.16/6014:
1 lock held by syz.1.17/6037:
 #0: ffff8880793ded60 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 #0: ffff8880793ded60 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557
1 lock held by syz.1.17/6038:
1 lock held by syz.2.18/6065:
 #0: ffff888079349760 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 #0: ffff888079349760 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557
1 lock held by syz.2.18/6066:
1 lock held by syz.3.19/6088:
 #0: ffff88807934b7a0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 #0: ffff88807934b7a0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557
1 lock held by syz.3.19/6089:
1 lock held by syz.4.20/6117:
 #0: ffff88807a45cd20 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 #0: ffff88807a45cd20 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557
1 lock held by syz.4.20/6118:
1 lock held by syz.5.21/6154:
 #0: ffff8880213fd7e0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 #0: ffff8880213fd7e0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557
1 lock held by syz.5.21/6155:
1 lock held by syz.6.22/6187:
 #0: ffff8880213face0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 #0: ffff8880213face0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557
1 lock held by syz.6.22/6188:
3 locks held by syz-executor/6190:
 #0: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
 #1: ffff888024c794e8 (&wg->device_update_lock){+.+.}-{4:4}, at: wg_open+0x227/0x420 drivers/net/wireguard/device.c:50
 #2: ffffffff8e543338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:311 [inline]
 #2: ffffffff8e543338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730 kernel/rcu/tree_exp.h:967

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline]
 watchdog+0xf93/0xfe0 kernel/hung_task.c:491
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3f9/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 6190 Comm: syz-executor Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:__bfs_next kernel/locking/lockdep.c:1702 [inline]
RIP: 0010:__bfs+0x6e/0x2a0 kernel/locking/lockdep.c:1755
Code: 00 00 00 01 00 00 00 ff 05 57 37 52 14 48 89 05 48 37 52 14 48 89 3d 41 b7 51 14 44 89 cb 45 31 ed 4d 85 ed 74 28 49 8b 45 30 <48> 85 c0 74 1f 48 8b 40 10 48 01 d8 49 8b 4d 00 48 89 4c 24 18 48
RSP: 0018:ffffc90002f866e0 EFLAGS: 00000086
RAX: ffffffff9675d1e0 RBX: 0000000000000020 RCX: 0000000000015e11
RDX: 0000000000000002 RSI: ffff88802a6c4740 RDI: ffffffff9672c560
RBP: ffffffff819e2480 R08: ffffc90002f86780 R09: 0000000000000020
R10: dffffc0000000000 R11: ffffffff819e2480 R12: ffffffff96753930
R13: ffffffff9674d0a0 R14: 0000000000000000 R15: ffffffff939054f0
FS:  0000555587388500(0000) GS:ffff8881257ab000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005639640da048 CR3: 0000000032984000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 __bfs_forwards kernel/locking/lockdep.c:1851 [inline]
 check_path+0x21/0x40 kernel/locking/lockdep.c:2134
 check_noncircular+0xe0/0x160 kernel/locking/lockdep.c:2163
 check_prev_add kernel/locking/lockdep.c:3168 [inline]
 check_prevs_add kernel/locking/lockdep.c:3287 [inline]
 validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3911
 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5240
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
 console_lock_spinning_enable kernel/printk/printk.c:1924 [inline]
 console_emit_next_record kernel/printk/printk.c:3132 [inline]
 console_flush_all+0x6d2/0xc40 kernel/printk/printk.c:3226
 __console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
 console_unlock+0xc4/0x270 kernel/printk/printk.c:3325
 vprintk_emit+0x5b7/0x7a0 kernel/printk/printk.c:2450
 dev_vprintk_emit+0x337/0x3f0 drivers/base/core.c:4914
 dev_printk_emit+0xe0/0x130 drivers/base/core.c:4925
 _dev_printk+0x113/0x160 drivers/base/core.c:4954
 ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 net/mac80211/rate.c:1017
 ieee80211_register_hw+0x3031/0x40b0 net/mac80211/main.c:1508
 mac80211_hwsim_new_radio+0x2f0e/0x5340 drivers/net/wireless/virtual/mac80211_hwsim.c:5568
 hwsim_new_radio_nl+0xea4/0x1b10 drivers/net/wireless/virtual/mac80211_hwsim.c:6252
 genl_family_rcv_msg_doit+0x212/0x300 net/netlink/genetlink.c:1115
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x759/0x8e0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3bd/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f60dd39083c
Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
RSP: 002b:00007ffeedef3500 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f60de0e4620 RCX: 00007f60dd39083c
RDX: 0000000000000024 RSI: 00007f60de0e4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffeedef3554 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f60de0e4670 R15: 0000000000000000
 </TASK>

final repro crashed as (corrupted=false):
INFO: task syz.0.16:6013 blocked for more than 143 seconds.
      Not tainted 6.16.0-rc6-next-20250718-syzkaller #0
      Blocked by coredump.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.16        state:D stack:26920 pid:6013  tgid:6013  ppid:5967   task_flags:0x40004c flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5351 [inline]
 __schedule+0x1737/0x4d30 kernel/sched/core.c:6954
 __schedule_loop kernel/sched/core.c:7036 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7051
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7108
 rwsem_down_read_slowpath+0x5fd/0x8f0 kernel/locking/rwsem.c:1088
 __down_read_common kernel/locking/rwsem.c:1263 [inline]
 __down_read kernel/locking/rwsem.c:1276 [inline]
 down_read+0x98/0x2e0 kernel/locking/rwsem.c:1541
 mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 exit_mm+0xcc/0x2c0 kernel/exit.c:557
 do_exit+0x648/0x2300 kernel/exit.c:947
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1100
 __do_sys_exit_group kernel/exit.c:1111 [inline]
 __se_sys_exit_group kernel/exit.c:1109 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1109
 x64_sys_call+0x21f7/0x2200 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f72cdb8e9a9
RSP: 002b:00007ffc870dcfe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f72cdb8e9a9
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000003 R08: 00000002870dd0df R09: 00007f72cdd80260
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f72cdd80260 R14: 0000000000000003 R15: 00007ffc870dd0a0
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/u8:0/12:
1 lock held by khungtaskd/31:
 #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6770
3 locks held by kworker/u8:4/59:
 #0: ffff88802f9d7948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88802f9d7948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000210fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000210fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x112/0x14b0 net/ipv6/addrconf.c:4189
2 locks held by getty/5606:
 #0: ffff8880343700a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc900036c32f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 drivers/tty/n_tty.c:2222
1 lock held by syz.0.16/6013:
 #0: ffff88802f4962a0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 #0: ffff88802f4962a0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557
1 lock held by syz.0.16/6014:
1 lock held by syz.1.17/6037:
 #0: ffff8880793ded60 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 #0: ffff8880793ded60 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557
1 lock held by syz.1.17/6038:
1 lock held by syz.2.18/6065:
 #0: ffff888079349760 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 #0: ffff888079349760 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557
1 lock held by syz.2.18/6066:
1 lock held by syz.3.19/6088:
 #0: ffff88807934b7a0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 #0: ffff88807934b7a0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557
1 lock held by syz.3.19/6089:
1 lock held by syz.4.20/6117:
 #0: ffff88807a45cd20 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 #0: ffff88807a45cd20 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557
1 lock held by syz.4.20/6118:
1 lock held by syz.5.21/6154:
 #0: ffff8880213fd7e0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 #0: ffff8880213fd7e0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557
1 lock held by syz.5.21/6155:
1 lock held by syz.6.22/6187:
 #0: ffff8880213face0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:412 [inline]
 #0: ffff8880213face0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0 kernel/exit.c:557
1 lock held by syz.6.22/6188:
3 locks held by syz-executor/6190:
 #0: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8f938688 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
 #1: ffff888024c794e8 (&wg->device_update_lock){+.+.}-{4:4}, at: wg_open+0x227/0x420 drivers/net/wireguard/device.c:50
 #2: ffffffff8e543338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:311 [inline]
 #2: ffffffff8e543338 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730 kernel/rcu/tree_exp.h:967

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline]
 watchdog+0xf93/0xfe0 kernel/hung_task.c:491
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3f9/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 6190 Comm: syz-executor Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:__bfs_next kernel/locking/lockdep.c:1702 [inline]
RIP: 0010:__bfs+0x6e/0x2a0 kernel/locking/lockdep.c:1755
Code: 00 00 00 01 00 00 00 ff 05 57 37 52 14 48 89 05 48 37 52 14 48 89 3d 41 b7 51 14 44 89 cb 45 31 ed 4d 85 ed 74 28 49 8b 45 30 <48> 85 c0 74 1f 48 8b 40 10 48 01 d8 49 8b 4d 00 48 89 4c 24 18 48
RSP: 0018:ffffc90002f866e0 EFLAGS: 00000086
RAX: ffffffff9675d1e0 RBX: 0000000000000020 RCX: 0000000000015e11
RDX: 0000000000000002 RSI: ffff88802a6c4740 RDI: ffffffff9672c560
RBP: ffffffff819e2480 R08: ffffc90002f86780 R09: 0000000000000020
R10: dffffc0000000000 R11: ffffffff819e2480 R12: ffffffff96753930
R13: ffffffff9674d0a0 R14: 0000000000000000 R15: ffffffff939054f0
FS:  0000555587388500(0000) GS:ffff8881257ab000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005639640da048 CR3: 0000000032984000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 __bfs_forwards kernel/locking/lockdep.c:1851 [inline]
 check_path+0x21/0x40 kernel/locking/lockdep.c:2134
 check_noncircular+0xe0/0x160 kernel/locking/lockdep.c:2163
 check_prev_add kernel/locking/lockdep.c:3168 [inline]
 check_prevs_add kernel/locking/lockdep.c:3287 [inline]
 validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3911
 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5240
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
 console_lock_spinning_enable kernel/printk/printk.c:1924 [inline]
 console_emit_next_record kernel/printk/printk.c:3132 [inline]
 console_flush_all+0x6d2/0xc40 kernel/printk/printk.c:3226
 __console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
 console_unlock+0xc4/0x270 kernel/printk/printk.c:3325
 vprintk_emit+0x5b7/0x7a0 kernel/printk/printk.c:2450
 dev_vprintk_emit+0x337/0x3f0 drivers/base/core.c:4914
 dev_printk_emit+0xe0/0x130 drivers/base/core.c:4925
 _dev_printk+0x113/0x160 drivers/base/core.c:4954
 ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 net/mac80211/rate.c:1017
 ieee80211_register_hw+0x3031/0x40b0 net/mac80211/main.c:1508
 mac80211_hwsim_new_radio+0x2f0e/0x5340 drivers/net/wireless/virtual/mac80211_hwsim.c:5568
 hwsim_new_radio_nl+0xea4/0x1b10 drivers/net/wireless/virtual/mac80211_hwsim.c:6252
 genl_family_rcv_msg_doit+0x212/0x300 net/netlink/genetlink.c:1115
 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
 genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x759/0x8e0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3bd/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f60dd39083c
Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
RSP: 002b:00007ffeedef3500 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f60de0e4620 RCX: 00007f60dd39083c
RDX: 0000000000000024 RSI: 00007f60de0e4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffeedef3554 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f60de0e4670 R15: 0000000000000000
 </TASK>