Extracting prog: 35.340481356s
Minimizing prog: 16m9.279682679s
Simplifying prog options: 0s
Extracting C: 1m15.997847419s
Simplifying C: 8m58.1039573s


extracting reproducer from 11 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$dri-fsopen-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS-setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD-sendto$inet6-fsconfig$FSCONFIG_SET_STRING-openat$snapshot-close_range
detailed listing:
executing program 0:
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r1 = fsopen(&(0x7f0000000080)='efivarfs\x00', 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x85, &(0x7f00000001c0)={0x0, @in={{0x2, 0xa, @empty}}, 0x27c0}, 0x90)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
fsconfig$FSCONFIG_SET_STRING(r1, 0x6, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
single: successfully extracted reproducer
found reproducer with 9 syscalls
minimizing guilty program
testing program (duration=45.347560639s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$dri-fsopen-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS-setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD-sendto$inet6-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
detailed listing:
executing program 0:
syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r0 = fsopen(&(0x7f0000000080)='efivarfs\x00', 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f00000001c0)={0x0, @in={{0x2, 0xa, @empty}}, 0x27c0}, 0x90)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)

program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
testing program (duration=45.347560639s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$dri-fsopen-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS-setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD-sendto$inet6-fsconfig$FSCONFIG_SET_STRING
detailed listing:
executing program 0:
syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r0 = fsopen(&(0x7f0000000080)='efivarfs\x00', 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f00000001c0)={0x0, @in={{0x2, 0xa, @empty}}, 0x27c0}, 0x90)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=45.347560639s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$dri-fsopen-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS-setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD-sendto$inet6-openat$snapshot
detailed listing:
executing program 0:
syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
fsopen(&(0x7f0000000080)='efivarfs\x00', 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f00000001c0)={0x0, @in={{0x2, 0xa, @empty}}, 0x27c0}, 0x90)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)

program did not crash
testing program (duration=45.347560639s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$dri-fsopen-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS-setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
detailed listing:
executing program 0:
syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r0 = fsopen(&(0x7f0000000080)='efivarfs\x00', 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f00000001c0)={0x0, @in={{0x2, 0xa, @empty}}, 0x27c0}, 0x90)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)

program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
testing program (duration=45.347560639s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$dri-fsopen-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
detailed listing:
executing program 0:
syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r0 = fsopen(&(0x7f0000000080)='efivarfs\x00', 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f00000001c0)={0x0, @in={{0x2, 0xa, @empty}}, 0x27c0}, 0x90)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)

program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
testing program (duration=45.347560639s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$dri-fsopen-socket$inet6_sctp-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
detailed listing:
executing program 0:
syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r0 = fsopen(&(0x7f0000000080)='efivarfs\x00', 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)

program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
testing program (duration=45.347560639s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$dri-fsopen-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
detailed listing:
executing program 0:
syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r0 = fsopen(&(0x7f0000000080)='efivarfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)

program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
testing program (duration=45.347560639s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$dri-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
detailed listing:
executing program 0:
syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)

program did not crash
testing program (duration=45.347560639s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000080)='efivarfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)

program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
testing program (duration=45.347560639s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
detailed listing:
executing program 0:
r0 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)

program did not crash
testing program (duration=45.347560639s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000080)='efivarfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, 0x0, 0x800, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=45.347560639s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
simplifying C reproducer
testing compiled C program (duration=45.347560639s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
testing compiled C program (duration=45.347560639s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
program did not crash
testing compiled C program (duration=45.347560639s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
testing compiled C program (duration=45.347560639s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
testing compiled C program (duration=45.347560639s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
testing compiled C program (duration=45.347560639s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
testing compiled C program (duration=45.347560639s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
testing compiled C program (duration=45.347560639s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-openat$snapshot
program crashed: BUG: unable to handle kernel paging request in alloc_fs_context
reproducing took 26m58.721993694s
repro crashed as (corrupted=false):
efivarfs: resyncing variable state
Unable to handle kernel paging request at virtual address dfff800000000005
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff800000000005] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1]  SMP
Modules linked in:
CPU: 1 UID: 0 PID: 6487 Comm: syz-executor120 Not tainted 6.15.0-rc5-syzkaller-gc32f8dc5aaf9 #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : alloc_fs_context+0x1b4/0x76c fs/fs_context.c:294
lr : __lse_atomic64_add arch/arm64/include/asm/atomic_lse.h:134 [inline]
lr : arch_atomic64_add arch/arm64/include/asm/atomic.h:67 [inline]
lr : raw_atomic64_add include/linux/atomic/atomic-arch-fallback.h:2672 [inline]
lr : raw_atomic_long_add include/linux/atomic/atomic-long.h:121 [inline]
lr : atomic_long_add include/linux/atomic/atomic-instrumented.h:3261 [inline]
lr : get_cred_many include/linux/cred.h:203 [inline]
lr : get_cred include/linux/cred.h:218 [inline]
lr : alloc_fs_context+0x150/0x76c fs/fs_context.c:293
sp : ffff8000a31b7760
x29: ffff8000a31b7790 x28: dfff800000000000 x27: ffff0000c8ef88d8
x26: 0000000000000028 x25: ffff0000c7e6f4c8 x24: ffff80008fb953e0
x23: 0000000000000000 x22: ffff0000c7e6f498 x21: ffff0000c8ef8000
x20: 0000000000000000 x19: ffff0000c7e6f400 x18: 00000000ffffffff
x17: ffff800092f27000 x16: ffff80008adb31c0 x15: 0000000000000001
x14: 1fffe0001a05b0e0 x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001a05b0e1 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 0000000000000005 x7 : ffff80008022b2b8 x6 : ffff80008022b4b4
x5 : ffff0000dabc9c90 x4 : ffff8000a31b7520 x3 : ffff800080dfa950
x2 : 0000000000000001 x1 : 0000000000000008 x0 : 0000000000000001
Call trace:
 alloc_fs_context+0x1b4/0x76c fs/fs_context.c:294 (P)
 fs_context_for_mount+0x34/0x44 fs/fs_context.c:332
 vfs_kern_mount+0x38/0x178 fs/namespace.c:1313
 efivarfs_pm_notify+0x1c4/0x4b4 fs/efivarfs/super.c:529
 notifier_call_chain+0x1b8/0x4e4 kernel/notifier.c:85
 blocking_notifier_call_chain+0x70/0xa0 kernel/notifier.c:380
 pm_notifier_call_chain+0x2c/0x3c kernel/power/main.c:109
 snapshot_release+0x104/0x1c4 kernel/power/user.c:125
 __fput+0x340/0x75c fs/file_table.c:465
 ____fput+0x20/0x58 fs/file_table.c:493
 task_work_run+0x1dc/0x260 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x4e8/0x1998 kernel/exit.c:953
 do_group_exit+0x194/0x22c kernel/exit.c:1102
 __do_sys_exit_group kernel/exit.c:1113 [inline]
 __se_sys_exit_group kernel/exit.c:1111 [inline]
 pid_child_should_wake+0x0/0x1dc kernel/exit.c:1111
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
Code: 97f8a879 f9400368 9100a11a d343ff48 (387c6908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	97f8a879 	bl	0xffffffffffe2a1e4
   4:	f9400368 	ldr	x8, [x27]
   8:	9100a11a 	add	x26, x8, #0x28
   c:	d343ff48 	lsr	x8, x26, #3
* 10:	387c6908 	ldrb	w8, [x8, x28] <-- trapping instruction

final repro crashed as (corrupted=false):
efivarfs: resyncing variable state
Unable to handle kernel paging request at virtual address dfff800000000005
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff800000000005] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1]  SMP
Modules linked in:
CPU: 1 UID: 0 PID: 6487 Comm: syz-executor120 Not tainted 6.15.0-rc5-syzkaller-gc32f8dc5aaf9 #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : alloc_fs_context+0x1b4/0x76c fs/fs_context.c:294
lr : __lse_atomic64_add arch/arm64/include/asm/atomic_lse.h:134 [inline]
lr : arch_atomic64_add arch/arm64/include/asm/atomic.h:67 [inline]
lr : raw_atomic64_add include/linux/atomic/atomic-arch-fallback.h:2672 [inline]
lr : raw_atomic_long_add include/linux/atomic/atomic-long.h:121 [inline]
lr : atomic_long_add include/linux/atomic/atomic-instrumented.h:3261 [inline]
lr : get_cred_many include/linux/cred.h:203 [inline]
lr : get_cred include/linux/cred.h:218 [inline]
lr : alloc_fs_context+0x150/0x76c fs/fs_context.c:293
sp : ffff8000a31b7760
x29: ffff8000a31b7790 x28: dfff800000000000 x27: ffff0000c8ef88d8
x26: 0000000000000028 x25: ffff0000c7e6f4c8 x24: ffff80008fb953e0
x23: 0000000000000000 x22: ffff0000c7e6f498 x21: ffff0000c8ef8000
x20: 0000000000000000 x19: ffff0000c7e6f400 x18: 00000000ffffffff
x17: ffff800092f27000 x16: ffff80008adb31c0 x15: 0000000000000001
x14: 1fffe0001a05b0e0 x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001a05b0e1 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 0000000000000005 x7 : ffff80008022b2b8 x6 : ffff80008022b4b4
x5 : ffff0000dabc9c90 x4 : ffff8000a31b7520 x3 : ffff800080dfa950
x2 : 0000000000000001 x1 : 0000000000000008 x0 : 0000000000000001
Call trace:
 alloc_fs_context+0x1b4/0x76c fs/fs_context.c:294 (P)
 fs_context_for_mount+0x34/0x44 fs/fs_context.c:332
 vfs_kern_mount+0x38/0x178 fs/namespace.c:1313
 efivarfs_pm_notify+0x1c4/0x4b4 fs/efivarfs/super.c:529
 notifier_call_chain+0x1b8/0x4e4 kernel/notifier.c:85
 blocking_notifier_call_chain+0x70/0xa0 kernel/notifier.c:380
 pm_notifier_call_chain+0x2c/0x3c kernel/power/main.c:109
 snapshot_release+0x104/0x1c4 kernel/power/user.c:125
 __fput+0x340/0x75c fs/file_table.c:465
 ____fput+0x20/0x58 fs/file_table.c:493
 task_work_run+0x1dc/0x260 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x4e8/0x1998 kernel/exit.c:953
 do_group_exit+0x194/0x22c kernel/exit.c:1102
 __do_sys_exit_group kernel/exit.c:1113 [inline]
 __se_sys_exit_group kernel/exit.c:1111 [inline]
 pid_child_should_wake+0x0/0x1dc kernel/exit.c:1111
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767
 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
Code: 97f8a879 f9400368 9100a11a d343ff48 (387c6908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	97f8a879 	bl	0xffffffffffe2a1e4
   4:	f9400368 	ldr	x8, [x27]
   8:	9100a11a 	add	x26, x8, #0x28
   c:	d343ff48 	lsr	x8, x26, #3
* 10:	387c6908 	ldrb	w8, [x8, x28] <-- trapping instruction