Extracting prog: 8m17.927715207s
Minimizing prog: 24m5.546453614s
Simplifying prog options: 6m10.349050479s
Extracting C: 1m11.04678373s
Simplifying C: 0s
extracting reproducer from 129 programs
testing a last program of every proc
single: executing 79 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-openat$sysfs-sendfile-ioctl$SG_GET_NUM_WAITING-mmap-mlock-remap_file_pages
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_async', 0x20202, 0xac)
sendfile(r1, r1, 0x0, 0x68)
ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000000))
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
remap_file_pages(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x38c3df74215107e6, 0x5, 0x40)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare-bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-mmap-syz_open_procfs-io_uring_setup-io_uring_register$IORING_REGISTER_BUFFERS-syz_clone-syz_clone-bpf$MAP_CREATE-bpf$MAP_UPDATE_ELEM_TAIL_CALL-socket$inet6_tcp-syz_usb_connect-socket$nl_netfilter-syz_emit_ethernet-ioctl$KVM_GET_XSAVE-socket$nl_netfilter-sendmsg$IPSET_CMD_CREATE-openat$nullb-mmap-socket$inet6-setsockopt$inet6_int-cachestat-sendmsg$NFT_BATCH-syz_open_dev$char_usb-read$char_usb-socket$nl_netfilter-sendmsg$IPCTNL_MSG_CT_NEW-close_range
detailed listing:
executing program 0:
unshare(0x28000600)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000400000009"], 0x48)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48140, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, 0x0)
r3 = io_uring_setup(0x2eae, &(0x7f0000000080)={0x0, 0x3a9, 0x1000, 0x0, 0x3ffffff})
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x838c1200, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d00000004000000040000000010000001000000", @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00040000000000000000000000000000008200"/28], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r4}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYRES16=r5, @ANYRESOCT], 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x32, &(0x7f0000000240)={@remote, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x2, 0x8, 0x24, 0x66, 0x0, 0x2, 0x11, 0x0, @dev={0xac, 0x14, 0x14, 0x36}, @loopback}, {0x4e21, 0x4e22, 0x10, 0x0, @gue={{0x2, 0x1, 0x2, 0x0, 0x100}}}}}}}, 0x0)
ioctl$KVM_GET_XSAVE(r2, 0x9000aea4, &(0x7f0000003700))
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="600000000206030000000000000000000000f90605000400000000000900020073797a310000000014000780080013000000000008001240000000000500050002000000050001000700000014000300686173683a6970050000000000000000"], 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x4010)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r8, 0x0)
r9 = socket$inet6(0xa, 0x1, 0x84)
setsockopt$inet6_int(r9, 0x29, 0x11, 0x0, 0x0)
cachestat(r8, &(0x7f0000000000)={0x7, 0x80000001}, &(0x7f00000000c0), 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010000030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000098000000060a010400000000000000000100000008000b400000000070000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000380001800c0001006269747769736500280002800800034000000002080001400016460e08000240000000000000008008000640000000010900010073797a30"], 0x10c}}, 0x0)
r10 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r10, &(0x7f00000000c0)=""/17, 0x11)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x18, 0x0, 0x1, 0x3, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-openat$cuse-write$FUSE_NOTIFY_INVAL_ENTRY-syz_usb_control_io$hid-syz_usb_control_io-syz_usb_control_io$printer-syz_usb_control_io-recvmmsg-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-syz_kvm_setup_cpu$x86-socket$key-ioctl$KVM_SET_VAPIC_ADDR-ioctl$KVM_SET_VCPU_EVENTS-ioctl$KVM_RUN-socket$nl_route-ioctl$KVM_RUN-sendmmsg$unix-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-socket$inet6_sctp-setsockopt-syz_usb_control_io$cdc_ecm-syz_usb_control_io$hid-syz_usb_control_io$printer-syz_usb_control_io$uac1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x1, 0x2d, &(0x7f00000001c0)=ANY=[], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f0000001fc0)={0x42, 0x3, 0x0, {0x0, 0x21, 0x0, '/proc/sys/net/ipv4/vs/secure_tcp\x00'}}, 0x42)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000340)={0x40, 0xf, 0x1, 'V'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10002, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101080, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f00000aa000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000000)=@x86={0x1, 0x1, 0x5, 0x0, 0x5, 0x5, 0x7, 0x7f, 0x3d, 0x8, 0x6, 0x91, 0x0, 0x3, 0x0, 0xff, 0x0, 0x8, 0x0, '\x00', 0x4, 0x5})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f0000000080)=0x1)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000140)=@x86={0x4, 0x8, 0xc, 0x0, 0x9, 0x10, 0x5, 0x2, 0xe, 0x3, 0x6, 0x11, 0x0, 0x0, 0x615, 0x3, 0x4, 0x3e, 0xa, '\x00', 0x7, 0x3})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x2, 0x0, @local, 0x2}]}, &(0x7f00000002c0)=0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(0xffffffffffffffff, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t', 0x5)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000780)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_VCPU_EVENTS-syz_usb_connect
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, 0x0)
syz_usb_connect(0x0, 0xffffffffffffff6d, &(0x7f0000000000)={{0x12, 0x1, 0x1, 0x4b, 0xae, 0x7d, 0x10, 0x1199, 0x9011, 0xa94d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x6, 0x0, 0xf0, 0xf9, [{{0x9, 0x4, 0x74, 0x0, 0x0, 0x61, 0xe1, 0xd4, 0x8, [@cdc_ncm={{0x0, 0x24, 0x6, 0x0, 0x1, 'x'}, {0x0, 0x24, 0x0, 0x9}, {0x0, 0x24, 0xf, 0x1, 0x4, 0xfffb, 0x8c11, 0x4}, {0x0, 0x24, 0x1a, 0xef00, 0x8}, [@mbim_extended={0xfffffe32, 0x24, 0x1c, 0x0, 0x3, 0x8}]}]}}]}}]}}, 0x0)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_disconnect-socket-bind$netlink-bpf$PROG_LOAD-setsockopt$sock_attach_bpf-socket-sendmsg$nl_route_sched-socket$inet-socket$inet6_tcp-remap_file_pages-syz_emit_ethernet-syz_emit_ethernet-getsockopt$inet_pktinfo-shutdown-syz_usb_connect$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xa, 0x86, 0xf3, 0x40, 0x1110, 0x9024, 0xdb24, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0xe9, 0x50, 0x9, [{{0x9, 0x4, 0x62, 0x4, 0x0, 0x6f, 0x6f, 0x49, 0x5}}]}}]}}, 0x0)
syz_usb_disconnect(r0)
r1 = socket(0x1000000000000010, 0x80802, 0x0)
bind$netlink(r1, &(0x7f0000000440)={0x10, 0x0, 0x0, 0x10004400}, 0xc)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000200000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36b26fb0b71d0e6adfefcf1d8f7faf75e0f226bd99eea7960717142fa9ea4318123741c4a0e168c1886d0d4d94f2f4e345c652fbc16ee988e6e0dc8cedf3ce99fbfbf9b0a4def23d410f6296b32a334388107200759cda9036b4e369a9e152ddcc7f05a5f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c3b35967deabe802f5ab3e89bd6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ececb0cd2b6d357b85a0218ce740068725837074e098ee207d2f73902fbcfcf49822775985bf32d715f5888b24efa000000000000ffffffdf000000000000000000000089a7b9b00000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52faf449c3bfd09000000b91ab219efdebb7b3de8f67581cf796a1d4223b9ff7ffcad3f6c962b9f292324b7ab7f91a31cf41ab11f12fb1e0a494034127de7c6592df1a6c64d8f20a67745409e011f1264d43e153b3d34899f40159e800ea2474b544035a30b23bcee46762c2093bcc9eae5dff5adbdee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d337c56abf1128744bab6677fcb78e313841ec309baed0495f06d058a75fa4c81e5c9f42d9383e41d277b10392a912ffaf6f658f3fadd16286744f839c3f128f8f92d0992239eafce5c1b3f97a297c9e49a0c3510ef74080e6d1e0c8a868a353409e34d3e82279637598f37ad380a447483cac394c7bbdcd0e3b1c39b6e00916de48a4e70f03cc4146a77af02c1d4cef5379da860aed8477dfa8ceefb405005c6977c78cdbf37704ec73755539280b064bda154910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06cd58b61799257ab55ff413c86ba9affb12ec757c7234c270246c87a901160e6c07bc6cf8809c3a0d46ff7f008000000000ad1e1f493354b2822b98371d000000167d78e65b90eba0768e825972ea3b774a1467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4c51b3fa00675cd1b66c5fd9c26a54d43fa050645bd9109b7e7131421c0f39113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e3344b155cc20f49e298727340e97cdefb40e56e9cfad973347d0de7ba4754ff231a1b033d8f931ba3442b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2ef79b8d4c2ff030000000000000007b82e6044f643068cd47ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c99220002af8c5e53d52c83ac3fa7c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942fe0bc9f2a1a7506d35e5b439edeb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0b6c91996d65da6c24a702a86c814459f3cdaaf99000000000000000000bfb32c826563c518d0ad23bc83ba3f3757210a057eff7615c868bd7d74233da1a3b56d4e04a7ec4792b1c4cffddbbdcfdd23ab5268f1b3d08ebb8ce498cbaaf5aaab812201d1aba3d70471fcd9b466569f3ef72f39d87fcccab514fc02b70be8629c9b73ce7bc4be7f8be71cb7b2d0a4acff8f6abe7dbad64dfa44966945d93c33b038ce0d890f851811e387723a25dda119f64b35e71c5400000000000000000000000000000034c751ebdf3f20a95b817ea3df3d6c0002a41783058e56c70afe8016b3dd9dc7785b36e609f173cc6b893ecd138289709839747837d6a6283b3452c57a5d44cacd363589845637071320921d22c1663964eddec902fc7cc33158bc306d8c3bdae8108a23d2dc96a5cdb518f58832ec0906aaec43659c79c8ad37b0f961f3beaa3e02f7762c5dd633d13b5e487e996597b2ab42c898b7dd8390e13b395aacce4683e55bcfe8c17615257364365fd48bd77da79e52ce9adfe6dca9c42c4d719347f39ef006c2df747ee6adb7cd04faf05c36de72354c64ebaf28a3de18607ebc4b70f50f71dae565749568a23319232dc213342fb472e98c9a412199ce7976bee5eaf40e60cb3fbe8b92dae5008e92d17d05ce74ffffe74ae71d5b8bd43a4e0bf0390335aa489689f5e3a4ac5adca96caab658b43cd499d95d3876c220d147ad1d0e626621d88f1370982f663793cac52ea0d14e595ff1f56427a0a813bb3b84d31d021eeea8faeff25bb66f5940d08a5509a66fc43962bcb2f7415bc38e355e80ec935aa6fe2d74bd475d89449fb46320fee40faff2fd005549fe6a042bd95decfde5e166971935f4cfd9c9e5bfd2d803644f4e5b7e6dc1a7a35df7134e2fad79269bf24bea4eb0213068e3054d9e4a8d1a9eb032cb390e2016d0ce10549728cb4732dc5adab16fa19ac70780b29e079be27c95d3dd2bd91a584c46d84d430fc6ea31ce0ba62fa27be9f6bc435203da7c3a5d68bf4dd4f81cbfaa1c87a15b9272853c9837db930952dca667194b71815a9eb49b495360dcdf31e0e560857d0541a916d6b5469ac1b36babc5a91e1d58925f20d9d5f8a0da3c30711b0d101cabceffbe072be69613ea0003c6e9bb5cd2413c8ddc17cfa319cf7aaeed0ffb07a08f8fb439f709dfe0732fe42192819870bdd87d5f612ade03540a28be446095269d9ea5a60bba1f2462f9921f2a731dbcf1d03964ea1e4f79514914d37877f57617b60fa2b58aa694fcb023024653c4b73efb12a57ffc6f8943262b77be933051e12bd4d768a422ea652d45b04a9c43b5c97fc3edea7002d51a0a74889334ee"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x29, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000000)=r2, 0x4)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000cc0)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000e00)=@newqdisc={0x24}, 0x24}}, 0x0)
r4 = socket$inet(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
remap_file_pages(&(0x7f0000ffd000/0x3000)=nil, 0xa00, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000700)={@random="1f00000000db", @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000200)={@random="e90c630faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0xdffc, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0)
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000002180)={0x0, @empty, @broadcast}, &(0x7f00000021c0)=0x2)
shutdown(r4, 0x1)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c040000100001040000000000000000004800", @ANYRES32=r1, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1], 0x40c}}, 0x0)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c040000100001040000000000000000004800", @ANYRES32=r1, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1], 0x40c}}, 0x0)
program crashed: WARNING in call_timer_fn
single: successfully extracted reproducer
found reproducer with 7 syscalls
minimizing guilty program
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c040000100001040000000000000000004800", @ANYRES32, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16], 0x40c}}, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c040000100001040000000000000000004800", @ANYRES32=r1, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1], 0x40c}}, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c040000100001040000000000000000004800", @ANYRES32=r1, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1], 0x40c}}, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c040000100001040000000000000000004800", @ANYRES32=r1, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1], 0x40c}}, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c040000100001040000000000000000004800", @ANYRES32=r1, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1], 0x40c}}, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c040000100001040000000000000000004800", @ANYRES32=r0, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r0], 0x40c}}, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c040000100001040000000000000000004800", @ANYRES32=r1, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1], 0x40c}}, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x40c}}, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0x40c}}, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c040000100001040000000000000000004800", @ANYRES32=r1, @ANYBLOB, @ANYRES16=r1], 0x40c}}, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1], 0x40c}}, 0x0)
program did not crash
extracting C reproducer
testing compiled C program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
program did not crash
simplifying guilty program options
testing program (duration=57.161999128s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c040000100001040000000000000000004800", @ANYRES32=r1, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1], 0x40c}}, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c040000100001040000000000000000004800", @ANYRES32=r1, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1], 0x40c}}, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c040000100001040000000000000000004800", @ANYRES32=r1, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1], 0x40c}}, 0x0)
program did not crash
testing program (duration=57.161999128s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-setsockopt$inet6_int-recvmmsg-socket-syz_emit_ethernet-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dbdd9ede7e2313a7a23925f03dbbcf5cde982cab6b38bf7b463ae5f42c35dd1d", "6a7710ebcf55344ae76b375fa62e3502b74659d7dbde072d61b6238412ad5f1a0a4f358515e45cea781c9e9b26806f68", "dd72b3bd460f4ebd662f8cd823dfd0d963970deffa6dd57d8176d2b5", {"4e3bc06c34c945e45e27e747494b407f", "256d9ddc3e6e1f7c5f7b4c5e69c1dd72"}}}}}}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c040000100001040000000000000000004800", @ANYRES32=r1, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1], 0x40c}}, 0x0)
program did not crash
reproducing took 39m44.870021262s
repro crashed as (corrupted=false):
------------[ cut here ]------------
workqueue: cannot queue hci_cmd_timeout on wq hci0
WARNING: CPU: 0 PID: 5147 at kernel/workqueue.c:2258 __queue_work+0xdf6/0x1090 kernel/workqueue.c:2256
Modules linked in:
CPU: 0 UID: 0 PID: 5147 Comm: kworker/u9:1 Not tainted 6.14.0-rc4-syzkaller-00199-g76544811c850 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: hci1 hci_rx_work
RIP: 0010:__queue_work+0xdf6/0x1090 kernel/workqueue.c:2256
Code: e8 03 80 3c 28 00 74 08 4c 89 ff e8 54 ed 9f 00 49 8b 37 49 81 c5 78 01 00 00 48 c7 c7 60 d8 29 8c 4c 89 ea e8 ab 6f f8 ff 90 <0f> 0b 90 90 e9 66 f4 ff ff e8 3c b3 38 00 90 0f 0b 90 e9 ad fc ff
RSP: 0018:ffffc90000007b08 EFLAGS: 00010046
RAX: 6b0effead71fac00 RBX: 0000000000000100 RCX: ffff888035999e00
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: dffffc0000000000 R08: ffffffff81817e32 R09: 1ffff110170c519a
R10: dffffc0000000000 R11: ffffed10170c519b R12: 1ffff1100427ce38
R13: ffff8880213e7178 R14: 0000000000000008 R15: ffff88801b17c948
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7cba5fed00 CR3: 0000000079f78000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
call_timer_fn+0x187/0x650 kernel/time/timer.c:1789
expire_timers kernel/time/timer.c:1835 [inline]
__run_timers kernel/time/timer.c:2414 [inline]
__run_timer_base+0x695/0x8e0 kernel/time/timer.c:2426
run_timer_base kernel/time/timer.c:2435 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2445
handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
__do_softirq kernel/softirq.c:595 [inline]
invoke_softirq kernel/softirq.c:435 [inline]
__irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:console_flush_all+0x996/0xeb0
Code: 48 21 c3 0f 85 16 02 00 00 e8 56 ee 20 00 4c 8b 7c 24 10 4d 85 f6 75 07 e8 47 ee 20 00 eb 06 e8 40 ee 20 00 fb 48 8b 5c 24 18 <48> 8b 44 24 30 42 80 3c 28 00 74 08 48 89 df e8 16 28 88 00 4c 8b
RSP: 0018:ffffc9000e1772c0 EFLAGS: 00000293
RAX: ffffffff81a0d100 RBX: ffffffff8f38c1b8 RCX: ffff888035999e00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000e177470 R08: ffffffff81a0d0d7 R09: 1ffffffff28a9308
R10: dffffc0000000000 R11: fffffbfff28a9309 R12: ffffffff8f38c160
R13: dffffc0000000000 R14: 0000000000000200 R15: ffffc9000e1774c0
__console_flush_and_unlock kernel/printk/printk.c:3269 [inline]
console_unlock+0x14f/0x3b0 kernel/printk/printk.c:3309
vprintk_emit+0x730/0xa10 kernel/printk/printk.c:2432
_printk+0xd5/0x120 kernel/printk/printk.c:2457
bt_warn+0x127/0x180 net/bluetooth/lib.c:276
hci_cc_func net/bluetooth/hci_event.c:4184 [inline]
hci_cmd_complete_evt+0x3ef/0x8b0 net/bluetooth/hci_event.c:4208
hci_event_func net/bluetooth/hci_event.c:7470 [inline]
hci_event_packet+0xa54/0x1540 net/bluetooth/hci_event.c:7525
hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4015
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xabe/0x18e0 kernel/workqueue.c:3319
worker_thread+0x870/0xd30 kernel/workqueue.c:3400
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
----------------
Code disassembly (best guess):
0: 48 21 c3 and %rax,%rbx
3: 0f 85 16 02 00 00 jne 0x21f
9: e8 56 ee 20 00 call 0x20ee64
e: 4c 8b 7c 24 10 mov 0x10(%rsp),%r15
13: 4d 85 f6 test %r14,%r14
16: 75 07 jne 0x1f
18: e8 47 ee 20 00 call 0x20ee64
1d: eb 06 jmp 0x25
1f: e8 40 ee 20 00 call 0x20ee64
24: fb sti
25: 48 8b 5c 24 18 mov 0x18(%rsp),%rbx
* 2a: 48 8b 44 24 30 mov 0x30(%rsp),%rax <-- trapping instruction
2f: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1)
34: 74 08 je 0x3e
36: 48 89 df mov %rbx,%rdi
39: e8 16 28 88 00 call 0x882854
3e: 4c rex.WR
3f: 8b .byte 0x8b
final repro crashed as (corrupted=false):
------------[ cut here ]------------
workqueue: cannot queue hci_cmd_timeout on wq hci0
WARNING: CPU: 0 PID: 5147 at kernel/workqueue.c:2258 __queue_work+0xdf6/0x1090 kernel/workqueue.c:2256
Modules linked in:
CPU: 0 UID: 0 PID: 5147 Comm: kworker/u9:1 Not tainted 6.14.0-rc4-syzkaller-00199-g76544811c850 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: hci1 hci_rx_work
RIP: 0010:__queue_work+0xdf6/0x1090 kernel/workqueue.c:2256
Code: e8 03 80 3c 28 00 74 08 4c 89 ff e8 54 ed 9f 00 49 8b 37 49 81 c5 78 01 00 00 48 c7 c7 60 d8 29 8c 4c 89 ea e8 ab 6f f8 ff 90 <0f> 0b 90 90 e9 66 f4 ff ff e8 3c b3 38 00 90 0f 0b 90 e9 ad fc ff
RSP: 0018:ffffc90000007b08 EFLAGS: 00010046
RAX: 6b0effead71fac00 RBX: 0000000000000100 RCX: ffff888035999e00
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: dffffc0000000000 R08: ffffffff81817e32 R09: 1ffff110170c519a
R10: dffffc0000000000 R11: ffffed10170c519b R12: 1ffff1100427ce38
R13: ffff8880213e7178 R14: 0000000000000008 R15: ffff88801b17c948
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7cba5fed00 CR3: 0000000079f78000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
call_timer_fn+0x187/0x650 kernel/time/timer.c:1789
expire_timers kernel/time/timer.c:1835 [inline]
__run_timers kernel/time/timer.c:2414 [inline]
__run_timer_base+0x695/0x8e0 kernel/time/timer.c:2426
run_timer_base kernel/time/timer.c:2435 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2445
handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
__do_softirq kernel/softirq.c:595 [inline]
invoke_softirq kernel/softirq.c:435 [inline]
__irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:console_flush_all+0x996/0xeb0
Code: 48 21 c3 0f 85 16 02 00 00 e8 56 ee 20 00 4c 8b 7c 24 10 4d 85 f6 75 07 e8 47 ee 20 00 eb 06 e8 40 ee 20 00 fb 48 8b 5c 24 18 <48> 8b 44 24 30 42 80 3c 28 00 74 08 48 89 df e8 16 28 88 00 4c 8b
RSP: 0018:ffffc9000e1772c0 EFLAGS: 00000293
RAX: ffffffff81a0d100 RBX: ffffffff8f38c1b8 RCX: ffff888035999e00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000e177470 R08: ffffffff81a0d0d7 R09: 1ffffffff28a9308
R10: dffffc0000000000 R11: fffffbfff28a9309 R12: ffffffff8f38c160
R13: dffffc0000000000 R14: 0000000000000200 R15: ffffc9000e1774c0
__console_flush_and_unlock kernel/printk/printk.c:3269 [inline]
console_unlock+0x14f/0x3b0 kernel/printk/printk.c:3309
vprintk_emit+0x730/0xa10 kernel/printk/printk.c:2432
_printk+0xd5/0x120 kernel/printk/printk.c:2457
bt_warn+0x127/0x180 net/bluetooth/lib.c:276
hci_cc_func net/bluetooth/hci_event.c:4184 [inline]
hci_cmd_complete_evt+0x3ef/0x8b0 net/bluetooth/hci_event.c:4208
hci_event_func net/bluetooth/hci_event.c:7470 [inline]
hci_event_packet+0xa54/0x1540 net/bluetooth/hci_event.c:7525
hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4015
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xabe/0x18e0 kernel/workqueue.c:3319
worker_thread+0x870/0xd30 kernel/workqueue.c:3400
kthread+0x7a9/0x920 kernel/kthread.c:464
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
----------------
Code disassembly (best guess):
0: 48 21 c3 and %rax,%rbx
3: 0f 85 16 02 00 00 jne 0x21f
9: e8 56 ee 20 00 call 0x20ee64
e: 4c 8b 7c 24 10 mov 0x10(%rsp),%r15
13: 4d 85 f6 test %r14,%r14
16: 75 07 jne 0x1f
18: e8 47 ee 20 00 call 0x20ee64
1d: eb 06 jmp 0x25
1f: e8 40 ee 20 00 call 0x20ee64
24: fb sti
25: 48 8b 5c 24 18 mov 0x18(%rsp),%rbx
* 2a: 48 8b 44 24 30 mov 0x30(%rsp),%rax <-- trapping instruction
2f: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1)
34: 74 08 je 0x3e
36: 48 89 df mov %rbx,%rdi
39: e8 16 28 88 00 call 0x882854
3e: 4c rex.WR
3f: 8b .byte 0x8b