Extracting prog: 3m15.53486609s
Minimizing prog: 1h2m52.734198824s
Simplifying prog options: 0s
Extracting C: 36.075313864s
Simplifying C: 19m30.93913167s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
single: successfully extracted reproducer
found reproducer with 8 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
gettid()
pause()
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
pause()
tkill(0x0, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = gettid()
pause()
tkill(r1, 0x13)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(0xffffffffffffffff)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
r1 = gettid()
pause()
tkill(r1, 0x13)
write$binfmt_elf32(r0, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r0)
execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(0x0)
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, 0x0, 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
validation run: crashed=true
reproducing took 1h32m6.191345466s
repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1119 at kernel/signal.c:375 task_participate_group_stop+0x242/0x300 kernel/signal.c:375
Modules linked in:
CPU: 0 UID: 0 PID: 1119 Comm: file0 Not tainted syzkaller #0 fee5265d319350b22cf00991634aaaf1de34201c
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:task_participate_group_stop+0x242/0x300 kernel/signal.c:375
Code: 74 08 4c 89 f7 e8 2e 86 89 00 4d 89 2e f0 83 44 24 fc 00 4c 89 f7 be 15 00 00 00 e8 18 61 10 00 e9 aa fe ff ff e8 2e 50 33 00 <0f> 0b 42 0f b6 04 2b 84 c0 0f 85 8c 00 00 00 45 8b 3e e9 ee fe ff
RSP: 0018:ffffc900027bfc28 EFLAGS: 00010093
RAX: ffffffff815293e2 RBX: 1ffff110212e380e RCX: ffff88812f592600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900027bfc58 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff520004f7f8c R12: ffff88810971c000
R13: dffffc0000000000 R14: ffff88810971c070 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000ffc39fa0 CR3: 000000010f3f2000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 do_signal_stop+0x639/0x840 kernel/signal.c:2516
 get_signal+0xaba/0x14f0 kernel/signal.c:2780
 arch_do_signal_or_restart+0x96/0x720 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x58/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x64/0xf0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0023:0x3ba
Code: Unable to access opcode bytes at 0x390.
RSP: 002b:00000000ffc39fa0 EFLAGS: 00000202 ORIG_RAX: 000000000000000b
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
---[ end trace 0000000000000000 ]---

final repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1119 at kernel/signal.c:375 task_participate_group_stop+0x242/0x300 kernel/signal.c:375
Modules linked in:
CPU: 0 UID: 0 PID: 1119 Comm: file0 Not tainted syzkaller #0 fee5265d319350b22cf00991634aaaf1de34201c
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:task_participate_group_stop+0x242/0x300 kernel/signal.c:375
Code: 74 08 4c 89 f7 e8 2e 86 89 00 4d 89 2e f0 83 44 24 fc 00 4c 89 f7 be 15 00 00 00 e8 18 61 10 00 e9 aa fe ff ff e8 2e 50 33 00 <0f> 0b 42 0f b6 04 2b 84 c0 0f 85 8c 00 00 00 45 8b 3e e9 ee fe ff
RSP: 0018:ffffc900027bfc28 EFLAGS: 00010093
RAX: ffffffff815293e2 RBX: 1ffff110212e380e RCX: ffff88812f592600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900027bfc58 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff520004f7f8c R12: ffff88810971c000
R13: dffffc0000000000 R14: ffff88810971c070 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000ffc39fa0 CR3: 000000010f3f2000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 do_signal_stop+0x639/0x840 kernel/signal.c:2516
 get_signal+0xaba/0x14f0 kernel/signal.c:2780
 arch_do_signal_or_restart+0x96/0x720 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x58/0xb0 kernel/entry/common.c:218
 do_syscall_64+0x64/0xf0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0023:0x3ba
Code: Unable to access opcode bytes at 0x390.
RSP: 002b:00000000ffc39fa0 EFLAGS: 00000202 ORIG_RAX: 000000000000000b
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
---[ end trace 0000000000000000 ]---