Extracting prog: 16m32.567982682s
Minimizing prog: 2h46m56.068395581s
Simplifying prog options: 18m59.169708476s
Extracting C: 5m13.195321726s
Simplifying C: 0s


extracting reproducer from 25 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-openat$auto_ecryptfs_miscdev_fops_miscdev-write$auto-bind$auto-connect$auto-socketpair$auto-socket$nl_generic-syz_genetlink_get_family_id$auto_nfsd-sendmsg$auto_NFSD_CMD_THREADS_SET-recvmmsg$auto-prctl$auto-openat$auto_seq_oss_f_ops_seq_oss-socketpair$auto-select$auto-sendmmsg$auto-socket-socket-read$auto-mmap$auto-io_uring_setup$auto-sendmmsg$auto-openat$auto_def_blk_fops_fs-mmap$auto-mmap$auto-sendmmsg$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
r0 = socket(0x2, 0x2, 0x0)
r1 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0)
write$auto(r1, &(0x7f0000000c40)='gthtool\x00', 0x5)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff)
sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x24, r3, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0xfffffffc}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0xffff}]}, 0x24}, 0x1, 0x0, 0x0, 0x4002000}, 0x40010)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x8, 0x1, 0x2, 0x4, 0x15f4da0e, 0x3, 0xd08, 0xc, 0x8, 0x4, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
socket(0x2c, 0x1, 0x3)
socket(0xa, 0x2, 0x3a)
read$auto(r0, 0x0, 0x2000000000007)
mmap$auto(0x1f00, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000)
io_uring_setup$auto(0x52, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0)
r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r4, 0x8000)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-close_range$auto-socket-preadv2$auto-mmap$auto-socket-openat$auto_def_blk_fops_fs-syz_open_procfs$namespace-fstat$auto-sendmsg$auto_GTP_CMD_NEWPDP-socketpair$auto-read$auto_ftrace_enable_fops_trace_events-ioctl$auto-write$auto-mmap$auto-madvise$auto-mmap$auto-madvise$auto-getpid-shmctl$auto_SHM_UNLOCK-mmap$auto-close_range$auto-sendmsg$auto_NETDEV_CMD_DEV_GET-io_uring_setup$auto-madvise$auto-io_uring_register$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x2, 0x3, 0x100)
preadv2$auto(r0, &(0x7f0000001000)={0x0, 0x80000000}, 0xffffffffffffffff, 0xffffe00000000002, 0x7, 0x2e)
mmap$auto(0x0, 0x400008, 0xdf, 0x1ff, 0x2, 0x8000)
r1 = socket(0x37, 0x4, 0xa)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0)
r2 = syz_open_procfs$namespace(0x0, 0x0)
fstat$auto(r2, 0x0)
sendmsg$auto_GTP_CMD_NEWPDP(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r3 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
read$auto_ftrace_enable_fops_trace_events(r3, &(0x7f0000000200)=""/34, 0x22)
ioctl$auto(0x3, 0x40081271, 0x38)
write$auto(0x3, 0x0, 0xfdef)
mmap$auto(0x0, 0x580f, 0xffb, 0x8000000008011, 0x3, 0x0)
madvise$auto(0x0, 0x2003f0, 0x15)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
madvise$auto(0x0, 0xfffffffffff70001, 0x1)
r4 = getpid()
shmctl$auto_SHM_UNLOCK(0x40a03811, 0xc, &(0x7f0000000240)={{0x200, 0x0, 0x0, 0x10001, 0x8, 0x400, 0x3}, 0x8, 0x3b04, 0xc, 0x81, @raw=0x10000, @inferred=r4, 0x7, 0x0, &(0x7f0000000480), 0x0})
mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0)
io_uring_setup$auto(0x6, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-faccessat2$auto-read$auto-openat$dir-faccessat$auto-openat$auto_proc_fail_nth_operations_base-writev$auto-openat$auto_kvm_chardev_ops_kvm_main-mmap$auto-openat$auto_snd_ctl_f_ops_control-socket-openat$auto_nsim_dev_health_break_fops_health-write$auto-unlink$auto-openat$auto_ubi_ctrl_cdev_operations_ubi
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
read$auto(r1, 0x0, 0x20)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48)
faccessat$auto(r2, 0x0, 0x2)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc44c1, 0x0)
mmap$auto(0x5b2, 0x80005, 0xfff, 0x8000000000000011, 0x10006, 0x300000000006)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC2\x00', 0x440501, 0x0)
socket(0x10, 0x2, 0x0)
r4 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r4, 0x0, 0x1ff)
unlink$auto(&(0x7f0000000640)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00')
openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f00000000c0), 0x100000, 0x0)

program crashed: INFO: task hung in remove_one
single: successfully extracted reproducer
found reproducer with 26 syscalls
minimizing guilty program
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-faccessat2$auto-read$auto-openat$dir-faccessat$auto-openat$auto_proc_fail_nth_operations_base-writev$auto-openat$auto_kvm_chardev_ops_kvm_main-mmap$auto-openat$auto_snd_ctl_f_ops_control-socket-openat$auto_nsim_dev_health_break_fops_health-write$auto-unlink$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
read$auto(r1, 0x0, 0x20)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48)
faccessat$auto(r2, 0x0, 0x2)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc44c1, 0x0)
mmap$auto(0x5b2, 0x80005, 0xfff, 0x8000000000000011, 0x10006, 0x300000000006)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC2\x00', 0x440501, 0x0)
socket(0x10, 0x2, 0x0)
r4 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r4, 0x0, 0x1ff)
unlink$auto(&(0x7f0000000640)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00')

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-faccessat2$auto-read$auto-openat$dir-faccessat$auto-openat$auto_proc_fail_nth_operations_base-writev$auto-openat$auto_kvm_chardev_ops_kvm_main-mmap$auto-openat$auto_snd_ctl_f_ops_control-socket-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
read$auto(r1, 0x0, 0x20)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48)
faccessat$auto(r2, 0x0, 0x2)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc44c1, 0x0)
mmap$auto(0x5b2, 0x80005, 0xfff, 0x8000000000000011, 0x10006, 0x300000000006)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC2\x00', 0x440501, 0x0)
socket(0x10, 0x2, 0x0)
r4 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r4, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-faccessat2$auto-read$auto-openat$dir-faccessat$auto-openat$auto_proc_fail_nth_operations_base-writev$auto-openat$auto_kvm_chardev_ops_kvm_main-mmap$auto-openat$auto_snd_ctl_f_ops_control-socket-openat$auto_nsim_dev_health_break_fops_health
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
read$auto(r1, 0x0, 0x20)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48)
faccessat$auto(r2, 0x0, 0x2)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc44c1, 0x0)
mmap$auto(0x5b2, 0x80005, 0xfff, 0x8000000000000011, 0x10006, 0x300000000006)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC2\x00', 0x440501, 0x0)
socket(0x10, 0x2, 0x0)
openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)

program did not crash
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-faccessat2$auto-read$auto-openat$dir-faccessat$auto-openat$auto_proc_fail_nth_operations_base-writev$auto-openat$auto_kvm_chardev_ops_kvm_main-mmap$auto-openat$auto_snd_ctl_f_ops_control-socket-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
read$auto(r1, 0x0, 0x20)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48)
faccessat$auto(r2, 0x0, 0x2)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc44c1, 0x0)
mmap$auto(0x5b2, 0x80005, 0xfff, 0x8000000000000011, 0x10006, 0x300000000006)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC2\x00', 0x440501, 0x0)
socket(0x10, 0x2, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0x1ff)

program did not crash
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-faccessat2$auto-read$auto-openat$dir-faccessat$auto-openat$auto_proc_fail_nth_operations_base-writev$auto-openat$auto_kvm_chardev_ops_kvm_main-mmap$auto-openat$auto_snd_ctl_f_ops_control-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
read$auto(r1, 0x0, 0x20)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48)
faccessat$auto(r2, 0x0, 0x2)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc44c1, 0x0)
mmap$auto(0x5b2, 0x80005, 0xfff, 0x8000000000000011, 0x10006, 0x300000000006)
openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC2\x00', 0x440501, 0x0)
r4 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r4, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-faccessat2$auto-read$auto-openat$dir-faccessat$auto-openat$auto_proc_fail_nth_operations_base-writev$auto-openat$auto_kvm_chardev_ops_kvm_main-mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
read$auto(r1, 0x0, 0x20)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48)
faccessat$auto(r2, 0x0, 0x2)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc44c1, 0x0)
mmap$auto(0x5b2, 0x80005, 0xfff, 0x8000000000000011, 0x10006, 0x300000000006)
r4 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r4, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-faccessat2$auto-read$auto-openat$dir-faccessat$auto-openat$auto_proc_fail_nth_operations_base-writev$auto-openat$auto_kvm_chardev_ops_kvm_main-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
read$auto(r1, 0x0, 0x20)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48)
faccessat$auto(r2, 0x0, 0x2)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc44c1, 0x0)
r4 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r4, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-faccessat2$auto-read$auto-openat$dir-faccessat$auto-openat$auto_proc_fail_nth_operations_base-writev$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
read$auto(r1, 0x0, 0x20)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48)
faccessat$auto(r2, 0x0, 0x2)
r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3)
r4 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r4, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-faccessat2$auto-read$auto-openat$dir-faccessat$auto-openat$auto_proc_fail_nth_operations_base-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
read$auto(r1, 0x0, 0x20)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48)
faccessat$auto(r2, 0x0, 0x2)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r3 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r3, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-faccessat2$auto-read$auto-openat$dir-faccessat$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
read$auto(r1, 0x0, 0x20)
r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48)
faccessat$auto(r2, 0x0, 0x2)
r3 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r3, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-faccessat2$auto-read$auto-openat$dir-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
read$auto(r1, 0x0, 0x20)
openat$dir(0xffffffffffffff9c, 0x0, 0x2d2802, 0x48)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r2, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-faccessat2$auto-read$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
read$auto(r1, 0x0, 0x20)
r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r2, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-faccessat2$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
faccessat2$auto(0xffffffffffffffff, 0x0, 0x0, 0x7)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r1, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r1, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_kernfs_file_fops_kernfs_internal-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r1, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_mon_fops_binary_mon_bin-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x4821c0, 0x0)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r1, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-readv$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
readv$auto(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x7}, 0x8)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r1, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-ioctl$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
ioctl$auto(0x3, 0xae64, 0x38)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r1, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-ioctl$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0xffffffffffffffff)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r1, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-ioctl$auto_KVM_CREATE_VM-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r1, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_kvm_chardev_ops_kvm_main-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-close_range$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)

program crashed: lost connection to test machine
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-execve$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)

program did not crash
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): lseek$auto-mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
lseek$auto(0x3, 0x7ffffffffffffffd, 0x2)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
testing program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, 0x0, 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)

program did not crash
extracting C reproducer
testing compiled C program (duration=8m45.99123381s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=8m45.99123381s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
extracting C reproducer
testing compiled C program (duration=8m45.99123381s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing program (duration=8m45.99123381s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)

program did not crash
testing program (duration=8m45.99123381s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
validation run: crashed=true
testing program (duration=8m45.99123381s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
validation run: crashed=true
testing program (duration=8m45.99123381s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-openat$auto_nsim_dev_health_break_fops_health-write$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0)
write$auto(r0, 0x0, 0x1ff)

program crashed: INFO: task hung in remove_one
validation run: crashed=true
reproducing took 3h42m32.46483041s
repro crashed as (corrupted=false):
INFO: task kworker/u8:0:12 blocked for more than 143 seconds.
      Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:0    state:D stack:24392 pid:12    tgid:12    ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: netns cleanup_net
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7058
 schedule_timeout+0x257/0x290 kernel/time/sleep_timeout.c:75
 do_wait_for_common kernel/sched/completion.c:100 [inline]
 __wait_for_common+0x2fc/0x4e0 kernel/sched/completion.c:121
 __debugfs_file_removed fs/debugfs/inode.c:760 [inline]
 remove_one+0x312/0x420 fs/debugfs/inode.c:767
 __simple_recursive_removal+0x15b/0x610 fs/libfs.c:631
 debugfs_remove+0x5d/0x80 fs/debugfs/inode.c:790
 nsim_dev_health_exit+0x3b/0xe0 drivers/net/netdevsim/health.c:227
 nsim_dev_reload_destroy+0x144/0x4d0 drivers/net/netdevsim/dev.c:1710
 nsim_dev_reload_down+0x6e/0xd0 drivers/net/netdevsim/dev.c:983
 devlink_reload+0x1a1/0x7c0 net/devlink/dev.c:461
 devlink_pernet_pre_exit+0x1a0/0x2b0 net/devlink/core.c:509
 ops_pre_exit_list net/core/net_namespace.c:160 [inline]
 ops_undo_list+0x184/0xab0 net/core/net_namespace.c:233
 cleanup_net+0x408/0x890 net/core/net_namespace.c:682
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task syz-executor:10260 blocked for more than 143 seconds.
      Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:24536 pid:10260 tgid:10260 ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7058
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
 __mutex_lock_common kernel/locking/mutex.c:676 [inline]
 __mutex_lock+0x82a/0x10b0 kernel/locking/mutex.c:760
 device_lock include/linux/device.h:911 [inline]
 device_del+0xa0/0x9f0 drivers/base/core.c:3840
 device_unregister+0x1d/0xc0 drivers/base/core.c:3919
 nsim_bus_dev_del drivers/net/netdevsim/bus.c:483 [inline]
 del_device_store+0x355/0x4a0 drivers/net/netdevsim/bus.c:244
 bus_attr_store+0x71/0xb0 drivers/base/bus.c:172
 sysfs_kf_write+0xef/0x150 fs/sysfs/file.c:145
 kernfs_fop_write_iter+0x351/0x510 fs/kernfs/file.c:334
 new_sync_write fs/read_write.c:593 [inline]
 vfs_write+0x6c7/0x1150 fs/read_write.c:686
 ksys_write+0x12a/0x250 fs/read_write.c:738
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f44c758d61f
RSP: 002b:00007ffd18075740 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f44c758d61f
RDX: 0000000000000001 RSI: 00007ffd18075790 RDI: 0000000000000005
RBP: 00007f44c7613085 R08: 0000000000000000 R09: 00007ffd18075597
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 00007ffd18075790 R14: 00007f44c82e4620 R15: 0000000000000003
 </TASK>
INFO: task syz.0.4040:10272 blocked for more than 143 seconds.
      Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.4040      state:D stack:28168 pid:10272 tgid:10272 ppid:9682   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7058
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
 __mutex_lock_common kernel/locking/mutex.c:676 [inline]
 __mutex_lock+0x82a/0x10b0 kernel/locking/mutex.c:760
 devlink_health_report+0x3ba/0x9c0 net/devlink/health.c:627
 nsim_dev_health_break_write+0x166/0x210 drivers/net/netdevsim/health.c:162
 full_proxy_write+0x12e/0x1a0 fs/debugfs/file.c:388
 vfs_write+0x29d/0x1150 fs/read_write.c:684
 ksys_write+0x12a/0x250 fs/read_write.c:738
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f68c1b8eb69
RSP: 002b:00007ffdd9ee6c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f68c1db5fa0 RCX: 00007f68c1b8eb69
RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f68c1c11df1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f68c1db5fa0 R14: 00007f68c1db5fa0 R15: 0000000000000003
 </TASK>
INFO: task syz.1.4060:10294 blocked for more than 144 seconds.
      Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.4060      state:D stack:28168 pid:10294 tgid:10294 ppid:8453   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7058
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
 rwsem_down_read_slowpath+0x62f/0xb60 kernel/locking/rwsem.c:1082
 __down_read_common kernel/locking/rwsem.c:1246 [inline]
 __down_read kernel/locking/rwsem.c:1259 [inline]
 down_read+0xef/0x480 kernel/locking/rwsem.c:1524
 inode_lock_shared include/linux/fs.h:884 [inline]
 open_last_lookups fs/namei.c:3806 [inline]
 path_openat+0x818/0x2cb0 fs/namei.c:4043
 do_filp_open+0x20b/0x470 fs/namei.c:4073
 do_sys_openat2+0x11b/0x1d0 fs/open.c:1435
 do_sys_open fs/open.c:1450 [inline]
 __do_sys_openat fs/open.c:1466 [inline]
 __se_sys_openat fs/open.c:1461 [inline]
 __x64_sys_openat+0x174/0x210 fs/open.c:1461
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f565578eb69
RSP: 002b:00007ffd67d5b548 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f56559b5fa0 RCX: 00007f565578eb69
RDX: 0000000000048081 RSI: 0000200000000000 RDI: ffffffffffffff9c
RBP: 00007f5655811df1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f56559b5fa0 R14: 00007f56559b5fa0 R15: 0000000000000004
 </TASK>
INFO: task syz.3.4062:10295 blocked for more than 144 seconds.
      Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.4062      state:D stack:28168 pid:10295 tgid:10295 ppid:9024   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7058
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
 rwsem_down_read_slowpath+0x62f/0xb60 kernel/locking/rwsem.c:1082
 __down_read_common kernel/locking/rwsem.c:1246 [inline]
 __down_read kernel/locking/rwsem.c:1259 [inline]
 down_read+0xef/0x480 kernel/locking/rwsem.c:1524
 inode_lock_shared include/linux/fs.h:884 [inline]
 open_last_lookups fs/namei.c:3806 [inline]
 path_openat+0x818/0x2cb0 fs/namei.c:4043
 do_filp_open+0x20b/0x470 fs/namei.c:4073
 do_sys_openat2+0x11b/0x1d0 fs/open.c:1435
 do_sys_open fs/open.c:1450 [inline]
 __do_sys_openat fs/open.c:1466 [inline]
 __se_sys_openat fs/open.c:1461 [inline]
 __x64_sys_openat+0x174/0x210 fs/open.c:1461
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ffbe0d8eb69
RSP: 002b:00007ffe5d628118 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffbe0fb5fa0 RCX: 00007ffbe0d8eb69
RDX: 0000000000048081 RSI: 0000200000000000 RDI: ffffffffffffff9c
RBP: 00007ffbe0e11df1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffbe0fb5fa0 R14: 00007ffbe0fb5fa0 R15: 0000000000000004
 </TASK>

Showing all locks held in the system:
6 locks held by kworker/u8:0/12:
 #0: ffff88801c6fe948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211
 #1: ffffc90000117d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212
 #2: ffffffff90367a70 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 net/core/net_namespace.c:658
 #3: ffff8880335950e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:911 [inline]
 #3: ffff8880335950e8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
 #3: ffff8880335950e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x12c/0x2b0 net/devlink/core.c:506
 #4: ffff888033596250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
 #4: ffff888033596250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
 #4: ffff888033596250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x136/0x2b0 net/devlink/core.c:506
 #5: ffff88805801aa08 (&sb->s_type->i_mutex_key#3/2){+.+.}-{4:4}, at: inode_lock_nested include/linux/fs.h:914 [inline]
 #5: ffff88805801aa08 (&sb->s_type->i_mutex_key#3/2){+.+.}-{4:4}, at: __simple_recursive_removal+0x354/0x610 fs/libfs.c:627
1 lock held by khungtaskd/32:
 #0: ffffffff8e5c0fa0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e5c0fa0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8e5c0fa0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775
2 locks held by getty/5623:
 #0: ffff8880315690a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222
2 locks held by kworker/u8:5/8762:
5 locks held by syz-executor/10260:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888073353888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
 #4: ffff8880335950e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:911 [inline]
 #4: ffff8880335950e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa0/0x9f0 drivers/base/core.c:3840
2 locks held by syz.0.4040/10272:
 #0: ffff888141aca428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888033596250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_health_report+0x3ba/0x9c0 net/devlink/health.c:627
2 locks held by syz.1.4060/10294:
 #0: ffff888141aca428 (sb_writers#8){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3796 [inline]
 #0: ffff888141aca428 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x1ec8/0x2cb0 fs/namei.c:4043
 #1: ffff88805801aa08 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:884 [inline]
 #1: ffff88805801aa08 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3806 [inline]
 #1: ffff88805801aa08 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 fs/namei.c:4043
2 locks held by syz.3.4062/10295:
 #0: ffff888141aca428 (sb_writers#8){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3796 [inline]
 #0: ffff888141aca428 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x1ec8/0x2cb0 fs/namei.c:4043
 #1: ffff88805801aa08 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:884 [inline]
 #1: ffff88805801aa08 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3806 [inline]
 #1: ffff88805801aa08 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 fs/namei.c:4043
4 locks held by syz-executor/10302:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888079a15c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10313:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888078057c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10315:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888145b51888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10337:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff88807cc3b088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10348:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888031751c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10359:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff88805c11d488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10361:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff88805c310c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10380:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888032b06c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10396:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888079a13888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10407:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888072b27888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10409:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888025fb7c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 32 Comm: khungtaskd Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:307 [inline]
 watchdog+0xf0e/0x1260 kernel/hung_task.c:470
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: kworker/u8:2 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: events_unbound cfg80211_wiphy_work
RIP: 0010:unwind_next_frame+0x20/0x20a0 arch/x86/kernel/unwind_orc.c:469
Code: 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 b8 00 00 00 00 00 fc ff df 41 57 48 89 fa 41 56 48 c1 ea 03 41 55 49 89 fd 41 54 <55> 53 48 83 ec 38 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 02 0b 00 00
RSP: 0018:ffffc90000a56b70 EFLAGS: 00000a02
RAX: dffffc0000000000 RBX: ffffc90000a56b98 RCX: ffffc90000a56aec
RDX: 1ffff9200014ad73 RSI: ffffffff8b11a17b RDI: ffffc90000a56b98
RBP: ffffc90000a56c28 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000004 R11: 00000000000115b1 R12: ffffffff81a672b0
R13: ffffc90000a56b98 R14: 0000000000000000 R15: ffff88801eaa1e00
FS:  0000000000000000(0000) GS:ffff8881247d6000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056365d4f30a8 CR3: 000000000e380000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __do_kmalloc_node mm/slub.c:4365 [inline]
 __kmalloc_noprof+0x223/0x510 mm/slub.c:4377
 kmalloc_noprof include/linux/slab.h:909 [inline]
 kzalloc_noprof include/linux/slab.h:1039 [inline]
 ieee802_11_parse_elems_full+0x1db/0x3780 net/mac80211/parse.c:1011
 ieee802_11_parse_elems_crc net/mac80211/ieee80211_i.h:2462 [inline]
 ieee802_11_parse_elems net/mac80211/ieee80211_i.h:2469 [inline]
 ieee80211_inform_bss+0x10b/0x1140 net/mac80211/scan.c:79
 rdev_inform_bss net/wireless/rdev-ops.h:418 [inline]
 cfg80211_inform_single_bss_data+0x8e7/0x1df0 net/wireless/scan.c:2379
 cfg80211_inform_bss_data+0x224/0x3bd0 net/wireless/scan.c:3234
 cfg80211_inform_bss_frame_data+0x26f/0x750 net/wireless/scan.c:3325
 ieee80211_bss_info_update+0x310/0xab0 net/mac80211/scan.c:226
 ieee80211_rx_bss_info net/mac80211/ibss.c:1094 [inline]
 ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1573 [inline]
 ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0 net/mac80211/ibss.c:1600
 ieee80211_iface_process_skb net/mac80211/iface.c:1699 [inline]
 ieee80211_iface_work+0xe2e/0x1360 net/mac80211/iface.c:1753
 cfg80211_wiphy_work+0x2c4/0x580 net/wireless/core.c:435
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

final repro crashed as (corrupted=false):
INFO: task kworker/u8:0:12 blocked for more than 143 seconds.
      Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:0    state:D stack:24392 pid:12    tgid:12    ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: netns cleanup_net
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7058
 schedule_timeout+0x257/0x290 kernel/time/sleep_timeout.c:75
 do_wait_for_common kernel/sched/completion.c:100 [inline]
 __wait_for_common+0x2fc/0x4e0 kernel/sched/completion.c:121
 __debugfs_file_removed fs/debugfs/inode.c:760 [inline]
 remove_one+0x312/0x420 fs/debugfs/inode.c:767
 __simple_recursive_removal+0x15b/0x610 fs/libfs.c:631
 debugfs_remove+0x5d/0x80 fs/debugfs/inode.c:790
 nsim_dev_health_exit+0x3b/0xe0 drivers/net/netdevsim/health.c:227
 nsim_dev_reload_destroy+0x144/0x4d0 drivers/net/netdevsim/dev.c:1710
 nsim_dev_reload_down+0x6e/0xd0 drivers/net/netdevsim/dev.c:983
 devlink_reload+0x1a1/0x7c0 net/devlink/dev.c:461
 devlink_pernet_pre_exit+0x1a0/0x2b0 net/devlink/core.c:509
 ops_pre_exit_list net/core/net_namespace.c:160 [inline]
 ops_undo_list+0x184/0xab0 net/core/net_namespace.c:233
 cleanup_net+0x408/0x890 net/core/net_namespace.c:682
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task syz-executor:10260 blocked for more than 143 seconds.
      Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:24536 pid:10260 tgid:10260 ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7058
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
 __mutex_lock_common kernel/locking/mutex.c:676 [inline]
 __mutex_lock+0x82a/0x10b0 kernel/locking/mutex.c:760
 device_lock include/linux/device.h:911 [inline]
 device_del+0xa0/0x9f0 drivers/base/core.c:3840
 device_unregister+0x1d/0xc0 drivers/base/core.c:3919
 nsim_bus_dev_del drivers/net/netdevsim/bus.c:483 [inline]
 del_device_store+0x355/0x4a0 drivers/net/netdevsim/bus.c:244
 bus_attr_store+0x71/0xb0 drivers/base/bus.c:172
 sysfs_kf_write+0xef/0x150 fs/sysfs/file.c:145
 kernfs_fop_write_iter+0x351/0x510 fs/kernfs/file.c:334
 new_sync_write fs/read_write.c:593 [inline]
 vfs_write+0x6c7/0x1150 fs/read_write.c:686
 ksys_write+0x12a/0x250 fs/read_write.c:738
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f44c758d61f
RSP: 002b:00007ffd18075740 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f44c758d61f
RDX: 0000000000000001 RSI: 00007ffd18075790 RDI: 0000000000000005
RBP: 00007f44c7613085 R08: 0000000000000000 R09: 00007ffd18075597
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 00007ffd18075790 R14: 00007f44c82e4620 R15: 0000000000000003
 </TASK>
INFO: task syz.0.4040:10272 blocked for more than 143 seconds.
      Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.4040      state:D stack:28168 pid:10272 tgid:10272 ppid:9682   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7058
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
 __mutex_lock_common kernel/locking/mutex.c:676 [inline]
 __mutex_lock+0x82a/0x10b0 kernel/locking/mutex.c:760
 devlink_health_report+0x3ba/0x9c0 net/devlink/health.c:627
 nsim_dev_health_break_write+0x166/0x210 drivers/net/netdevsim/health.c:162
 full_proxy_write+0x12e/0x1a0 fs/debugfs/file.c:388
 vfs_write+0x29d/0x1150 fs/read_write.c:684
 ksys_write+0x12a/0x250 fs/read_write.c:738
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f68c1b8eb69
RSP: 002b:00007ffdd9ee6c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f68c1db5fa0 RCX: 00007f68c1b8eb69
RDX: 00000000000001ff RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f68c1c11df1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f68c1db5fa0 R14: 00007f68c1db5fa0 R15: 0000000000000003
 </TASK>
INFO: task syz.1.4060:10294 blocked for more than 144 seconds.
      Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.4060      state:D stack:28168 pid:10294 tgid:10294 ppid:8453   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7058
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
 rwsem_down_read_slowpath+0x62f/0xb60 kernel/locking/rwsem.c:1082
 __down_read_common kernel/locking/rwsem.c:1246 [inline]
 __down_read kernel/locking/rwsem.c:1259 [inline]
 down_read+0xef/0x480 kernel/locking/rwsem.c:1524
 inode_lock_shared include/linux/fs.h:884 [inline]
 open_last_lookups fs/namei.c:3806 [inline]
 path_openat+0x818/0x2cb0 fs/namei.c:4043
 do_filp_open+0x20b/0x470 fs/namei.c:4073
 do_sys_openat2+0x11b/0x1d0 fs/open.c:1435
 do_sys_open fs/open.c:1450 [inline]
 __do_sys_openat fs/open.c:1466 [inline]
 __se_sys_openat fs/open.c:1461 [inline]
 __x64_sys_openat+0x174/0x210 fs/open.c:1461
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f565578eb69
RSP: 002b:00007ffd67d5b548 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f56559b5fa0 RCX: 00007f565578eb69
RDX: 0000000000048081 RSI: 0000200000000000 RDI: ffffffffffffff9c
RBP: 00007f5655811df1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f56559b5fa0 R14: 00007f56559b5fa0 R15: 0000000000000004
 </TASK>
INFO: task syz.3.4062:10295 blocked for more than 144 seconds.
      Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.4062      state:D stack:28168 pid:10295 tgid:10295 ppid:9024   task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7058
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
 rwsem_down_read_slowpath+0x62f/0xb60 kernel/locking/rwsem.c:1082
 __down_read_common kernel/locking/rwsem.c:1246 [inline]
 __down_read kernel/locking/rwsem.c:1259 [inline]
 down_read+0xef/0x480 kernel/locking/rwsem.c:1524
 inode_lock_shared include/linux/fs.h:884 [inline]
 open_last_lookups fs/namei.c:3806 [inline]
 path_openat+0x818/0x2cb0 fs/namei.c:4043
 do_filp_open+0x20b/0x470 fs/namei.c:4073
 do_sys_openat2+0x11b/0x1d0 fs/open.c:1435
 do_sys_open fs/open.c:1450 [inline]
 __do_sys_openat fs/open.c:1466 [inline]
 __se_sys_openat fs/open.c:1461 [inline]
 __x64_sys_openat+0x174/0x210 fs/open.c:1461
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ffbe0d8eb69
RSP: 002b:00007ffe5d628118 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffbe0fb5fa0 RCX: 00007ffbe0d8eb69
RDX: 0000000000048081 RSI: 0000200000000000 RDI: ffffffffffffff9c
RBP: 00007ffbe0e11df1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffbe0fb5fa0 R14: 00007ffbe0fb5fa0 R15: 0000000000000004
 </TASK>

Showing all locks held in the system:
6 locks held by kworker/u8:0/12:
 #0: ffff88801c6fe948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211
 #1: ffffc90000117d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212
 #2: ffffffff90367a70 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 net/core/net_namespace.c:658
 #3: ffff8880335950e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:911 [inline]
 #3: ffff8880335950e8 (&dev->mutex){....}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:108 [inline]
 #3: ffff8880335950e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x12c/0x2b0 net/devlink/core.c:506
 #4: ffff888033596250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devl_lock net/devlink/core.c:276 [inline]
 #4: ffff888033596250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devl_dev_lock net/devlink/devl_internal.h:109 [inline]
 #4: ffff888033596250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x136/0x2b0 net/devlink/core.c:506
 #5: ffff88805801aa08 (&sb->s_type->i_mutex_key#3/2){+.+.}-{4:4}, at: inode_lock_nested include/linux/fs.h:914 [inline]
 #5: ffff88805801aa08 (&sb->s_type->i_mutex_key#3/2){+.+.}-{4:4}, at: __simple_recursive_removal+0x354/0x610 fs/libfs.c:627
1 lock held by khungtaskd/32:
 #0: ffffffff8e5c0fa0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e5c0fa0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8e5c0fa0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 kernel/locking/lockdep.c:6775
2 locks held by getty/5623:
 #0: ffff8880315690a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 drivers/tty/n_tty.c:2222
2 locks held by kworker/u8:5/8762:
5 locks held by syz-executor/10260:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888073353888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
 #4: ffff8880335950e8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:911 [inline]
 #4: ffff8880335950e8 (&dev->mutex){....}-{4:4}, at: device_del+0xa0/0x9f0 drivers/base/core.c:3840
2 locks held by syz.0.4040/10272:
 #0: ffff888141aca428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888033596250 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_health_report+0x3ba/0x9c0 net/devlink/health.c:627
2 locks held by syz.1.4060/10294:
 #0: ffff888141aca428 (sb_writers#8){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3796 [inline]
 #0: ffff888141aca428 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x1ec8/0x2cb0 fs/namei.c:4043
 #1: ffff88805801aa08 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:884 [inline]
 #1: ffff88805801aa08 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3806 [inline]
 #1: ffff88805801aa08 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 fs/namei.c:4043
2 locks held by syz.3.4062/10295:
 #0: ffff888141aca428 (sb_writers#8){.+.+}-{0:0}, at: open_last_lookups fs/namei.c:3796 [inline]
 #0: ffff888141aca428 (sb_writers#8){.+.+}-{0:0}, at: path_openat+0x1ec8/0x2cb0 fs/namei.c:4043
 #1: ffff88805801aa08 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:884 [inline]
 #1: ffff88805801aa08 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: open_last_lookups fs/namei.c:3806 [inline]
 #1: ffff88805801aa08 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: path_openat+0x818/0x2cb0 fs/namei.c:4043
4 locks held by syz-executor/10302:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888079a15c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10313:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888078057c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10315:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888145b51888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10337:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff88807cc3b088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10348:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888031751c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10359:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff88805c11d488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10361:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff88805c310c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10380:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888032b06c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10396:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888079a13888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10407:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888072b27888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/10409:
 #0: ffff88807e8f0428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 fs/read_write.c:738
 #1: ffff888025fb7c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 fs/kernfs/file.c:325
 #2: ffff8881433f83c8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 fs/kernfs/file.c:326
 #3: ffffffff8f8ee388 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0 drivers/net/netdevsim/bus.c:234

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 32 Comm: khungtaskd Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:307 [inline]
 watchdog+0xf0e/0x1260 kernel/hung_task.c:470
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 30 Comm: kworker/u8:2 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: events_unbound cfg80211_wiphy_work
RIP: 0010:unwind_next_frame+0x20/0x20a0 arch/x86/kernel/unwind_orc.c:469
Code: 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 b8 00 00 00 00 00 fc ff df 41 57 48 89 fa 41 56 48 c1 ea 03 41 55 49 89 fd 41 54 <55> 53 48 83 ec 38 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 02 0b 00 00
RSP: 0018:ffffc90000a56b70 EFLAGS: 00000a02
RAX: dffffc0000000000 RBX: ffffc90000a56b98 RCX: ffffc90000a56aec
RDX: 1ffff9200014ad73 RSI: ffffffff8b11a17b RDI: ffffc90000a56b98
RBP: ffffc90000a56c28 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000004 R11: 00000000000115b1 R12: ffffffff81a672b0
R13: ffffc90000a56b98 R14: 0000000000000000 R15: ffff88801eaa1e00
FS:  0000000000000000(0000) GS:ffff8881247d6000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056365d4f30a8 CR3: 000000000e380000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __do_kmalloc_node mm/slub.c:4365 [inline]
 __kmalloc_noprof+0x223/0x510 mm/slub.c:4377
 kmalloc_noprof include/linux/slab.h:909 [inline]
 kzalloc_noprof include/linux/slab.h:1039 [inline]
 ieee802_11_parse_elems_full+0x1db/0x3780 net/mac80211/parse.c:1011
 ieee802_11_parse_elems_crc net/mac80211/ieee80211_i.h:2462 [inline]
 ieee802_11_parse_elems net/mac80211/ieee80211_i.h:2469 [inline]
 ieee80211_inform_bss+0x10b/0x1140 net/mac80211/scan.c:79
 rdev_inform_bss net/wireless/rdev-ops.h:418 [inline]
 cfg80211_inform_single_bss_data+0x8e7/0x1df0 net/wireless/scan.c:2379
 cfg80211_inform_bss_data+0x224/0x3bd0 net/wireless/scan.c:3234
 cfg80211_inform_bss_frame_data+0x26f/0x750 net/wireless/scan.c:3325
 ieee80211_bss_info_update+0x310/0xab0 net/mac80211/scan.c:226
 ieee80211_rx_bss_info net/mac80211/ibss.c:1094 [inline]
 ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1573 [inline]
 ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0 net/mac80211/ibss.c:1600
 ieee80211_iface_process_skb net/mac80211/iface.c:1699 [inline]
 ieee80211_iface_work+0xe2e/0x1360 net/mac80211/iface.c:1753
 cfg80211_wiphy_work+0x2c4/0x580 net/wireless/core.c:435
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>