Extracting prog: 20m31.233464933s
Minimizing prog: 1h2m36.128303705s
Simplifying prog options: 0s
Extracting C: 32.358177862s
Simplifying C: 12m51.248611399s


extracting reproducer from 69 programs
testing a last program of every proc
single: executing 19 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$ax25-ioctl$SIOCAX25NOUID-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_calipso-sendmsg$NLBL_CALIPSO_C_ADD-sendmsg$NLBL_CALIPSO_C_REMOVE-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_usb_ep_write$ath9k_ep1-syz_genetlink_get_family_id$nfc-ioctl$IOCTL_GET_NCIDEV_IDX-openat$nci-ioctl$IOCTL_GET_NCIDEV_IDX-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-sendmsg$NFC_CMD_DEV_UP-ioctl$IOCTL_GET_NCIDEV_IDX-ioctl$IOCTL_GET_NCIDEV_IDX-ioctl$IOCTL_GET_NCIDEV_IDX-sendmsg$NFC_CMD_LLC_GET_PARAMS
detailed listing:
executing program 0:
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x1)
ioctl$SIOCAX25NOUID(r0, 0x89e3, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1)
sendmsg$NLBL_CALIPSO_C_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\b\x00\x00', @ANYRES16=r2, @ANYBLOB="010026bd7000fddbdfa50100000008000200020000000800010000000000"], 0x24}, 0x1, 0x0, 0x0, 0x24000801}, 0x4044054)
sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x44, r2, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
r3 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b14201040000010902380001000000000904000003717d1c00090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ecm(r3, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000000c0)={0x1c, &(0x7f0000000080)=ANY=[@ANYBLOB="2014120000001b19fabda560da0781c2106a5bd2cb999f14"], 0x0, 0x0})
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0xc38, &(0x7f0000000080)=ANY=[])
r4 = syz_genetlink_get_family_id$nfc(&(0x7f00000002c0), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000300)=<r5=>0x0)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=<r7=>0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9)
sendmsg$NFC_CMD_DEV_UP(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010028bd7000070000000200000008000100", @ANYRES32=r7], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000340)=<r11=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000380)=<r12=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000003c0)=<r13=>0x0)
sendmsg$NFC_CMD_LLC_GET_PARAMS(r1, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x60, r4, 0xe029b09d165f2301, 0x70bd27, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r11}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r12}, @NFC_ATTR_FIRMWARE_NAME={0x4}, @NFC_ATTR_FIRMWARE_NAME={0x4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r13}, @NFC_ATTR_FIRMWARE_NAME={0x11, 0x14, 'NLBL_CALIPSO\x00'}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x8001}, 0x40)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$ax25-ioctl$SIOCAX25NOUID-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_calipso-sendmsg$NLBL_CALIPSO_C_ADD-sendmsg$NLBL_CALIPSO_C_REMOVE-syz_usb_connect-syz_usb_control_io$cdc_ecm-syz_usb_ep_write$ath9k_ep1-syz_genetlink_get_family_id$nfc-ioctl$IOCTL_GET_NCIDEV_IDX-openat$nci-ioctl$IOCTL_GET_NCIDEV_IDX-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-sendmsg$NFC_CMD_DEV_UP-ioctl$IOCTL_GET_NCIDEV_IDX-ioctl$IOCTL_GET_NCIDEV_IDX-ioctl$IOCTL_GET_NCIDEV_IDX-sendmsg$NFC_CMD_LLC_GET_PARAMS
detailed listing:
executing program 0:
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x1)
ioctl$SIOCAX25NOUID(r0, 0x89e3, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1)
sendmsg$NLBL_CALIPSO_C_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\b\x00\x00', @ANYRES16=r2, @ANYBLOB="010026bd7000fddbdfa50100000008000200020000000800010000000000"], 0x24}, 0x1, 0x0, 0x0, 0x24000801}, 0x4044054)
sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x44, r2, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
r3 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b14201040000010902380001000000000904000003717d1c00090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ecm(r3, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000000c0)={0x1c, &(0x7f0000000080)=ANY=[@ANYBLOB="2014120000001b19fabda560da0781c2106a5bd2cb999f14"], 0x0, 0x0})
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0xc38, &(0x7f0000000080)=ANY=[])
r4 = syz_genetlink_get_family_id$nfc(&(0x7f00000002c0), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000300)=<r5=>0x0)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=<r7=>0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9)
sendmsg$NFC_CMD_DEV_UP(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010028bd7000070000000200000008000100", @ANYRES32=r7], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000340)=<r11=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000380)=<r12=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000003c0)=<r13=>0x0)
sendmsg$NFC_CMD_LLC_GET_PARAMS(r1, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x60, r4, 0xe029b09d165f2301, 0x70bd27, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r11}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r12}, @NFC_ATTR_FIRMWARE_NAME={0x4}, @NFC_ATTR_FIRMWARE_NAME={0x4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r13}, @NFC_ATTR_FIRMWARE_NAME={0x11, 0x14, 'NLBL_CALIPSO\x00'}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x8001}, 0x40)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rfkill-mkdirat-openat$ptmx-open_tree-add_key$user-keyctl$dh_compute-mount-syz_open_procfs-faccessat2-ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT-chdir-open-quotactl_fd$Q_SETINFO-write$rfkill-mount$9p_fd-openat$uinput
detailed listing:
executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
open_tree(0xffffffffffffffff, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000800)={r1, r1, r1}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}})
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000007c0)='usrquota')
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='attr/prev\x00')
faccessat2(r2, &(0x7f0000000040)='\x00', 0x1, 0x1300)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x2}}, './bus\x00'})
chdir(&(0x7f00000000c0)='./file1\x00')
r3 = open(&(0x7f0000000080)='./bus\x00', 0x4001410c2, 0x766c618eb221465a)
quotactl_fd$Q_SETINFO(r3, 0xffffffff80000601, 0x0, &(0x7f00000001c0)={0x20000006, 0x401})
write$rfkill(r0, &(0x7f0000000080)={0xd, 0x0, 0x3, 0x1}, 0x8)
mount$9p_fd(0x0, &(0x7f0000000100)='\x00', &(0x7f0000000140), 0x2000002, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_none}, {@msize={'msize', 0x3d, 0x3}}]}})
openat$uinput(0xffffffffffffff9c, &(0x7f0000000900), 0x802, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-openat$nci-ioctl$IOCTL_GET_NCIDEV_IDX-sendmsg$NFC_CMD_SE_IO-sendmsg$NFC_CMD_DEV_UP-openat$comedi-ioctl$COMEDI_DEVCONFIG-socket$inet6_tcp-listen-setsockopt$inet6_tcp_int-ioctl$COMEDI_DEVCONFIG-sendmsg$IEEE802154_ADD_IFACE
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2)
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r5)
r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f0000000000)=<r8=>0x0)
sendmsg$NFC_CMD_SE_IO(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2c, r6, 0xd03, 0x70bd25, 0x25dfdbfb, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_SE_APDU={0x5, 0x19, "a7"}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4c814)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r4, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}]}, 0x1c}}, 0x40000)
r9 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r9, 0x40946400, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r10, 0x0)
setsockopt$inet6_tcp_int(r10, 0x6, 0xc, &(0x7f0000000080)=0x2c, 0x4)
ioctl$COMEDI_DEVCONFIG(r9, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2c, r1, 0x201, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

program crashed: general protection fault in pcl818_ai_cancel
single: successfully extracted reproducer
found reproducer with 20 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-openat$nci-ioctl$IOCTL_GET_NCIDEV_IDX-sendmsg$NFC_CMD_SE_IO-sendmsg$NFC_CMD_DEV_UP-openat$comedi-ioctl$COMEDI_DEVCONFIG-socket$inet6_tcp-listen-setsockopt$inet6_tcp_int-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r4)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000000000)=<r7=>0x0)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2c, r5, 0xd03, 0x70bd25, 0x25dfdbfb, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_SE_APDU={0x5, 0x19, "a7"}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4c814)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x1c}}, 0x40000)
r8 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r9, 0x0)
setsockopt$inet6_tcp_int(r9, 0x6, 0xc, &(0x7f0000000080)=0x2c, 0x4)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-openat$nci-ioctl$IOCTL_GET_NCIDEV_IDX-sendmsg$NFC_CMD_SE_IO-sendmsg$NFC_CMD_DEV_UP-openat$comedi-ioctl$COMEDI_DEVCONFIG-socket$inet6_tcp-listen-setsockopt$inet6_tcp_int
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r4)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000000000)=<r7=>0x0)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2c, r5, 0xd03, 0x70bd25, 0x25dfdbfb, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_SE_APDU={0x5, 0x19, "a7"}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4c814)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x1c}}, 0x40000)
r8 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r9, 0x0)
setsockopt$inet6_tcp_int(r9, 0x6, 0xc, &(0x7f0000000080)=0x2c, 0x4)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-openat$nci-ioctl$IOCTL_GET_NCIDEV_IDX-sendmsg$NFC_CMD_SE_IO-sendmsg$NFC_CMD_DEV_UP-openat$comedi-ioctl$COMEDI_DEVCONFIG-socket$inet6_tcp-listen-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r4)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000000000)=<r7=>0x0)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2c, r5, 0xd03, 0x70bd25, 0x25dfdbfb, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_SE_APDU={0x5, 0x19, "a7"}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4c814)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x1c}}, 0x40000)
r8 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r9, 0x0)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-openat$nci-ioctl$IOCTL_GET_NCIDEV_IDX-sendmsg$NFC_CMD_SE_IO-sendmsg$NFC_CMD_DEV_UP-openat$comedi-ioctl$COMEDI_DEVCONFIG-socket$inet6_tcp-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r4)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000000000)=<r7=>0x0)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2c, r5, 0xd03, 0x70bd25, 0x25dfdbfb, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_SE_APDU={0x5, 0x19, "a7"}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4c814)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x1c}}, 0x40000)
r8 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-openat$nci-ioctl$IOCTL_GET_NCIDEV_IDX-sendmsg$NFC_CMD_SE_IO-sendmsg$NFC_CMD_DEV_UP-openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r4)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000000000)=<r7=>0x0)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2c, r5, 0xd03, 0x70bd25, 0x25dfdbfb, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_SE_APDU={0x5, 0x19, "a7"}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4c814)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x1c}}, 0x40000)
r8 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-openat$nci-ioctl$IOCTL_GET_NCIDEV_IDX-sendmsg$NFC_CMD_SE_IO-sendmsg$NFC_CMD_DEV_UP-openat$comedi-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r4)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000000000)=<r7=>0x0)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2c, r5, 0xd03, 0x70bd25, 0x25dfdbfb, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_SE_APDU={0x5, 0x19, "a7"}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4c814)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x1c}}, 0x40000)
r8 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-openat$nci-ioctl$IOCTL_GET_NCIDEV_IDX-sendmsg$NFC_CMD_SE_IO-sendmsg$NFC_CMD_DEV_UP-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r4)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000000000)=<r7=>0x0)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2c, r5, 0xd03, 0x70bd25, 0x25dfdbfb, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_SE_APDU={0x5, 0x19, "a7"}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4c814)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x1c}}, 0x40000)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-openat$nci-ioctl$IOCTL_GET_NCIDEV_IDX-sendmsg$NFC_CMD_SE_IO-openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r3)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f0000000000)=<r6=>0x0)
sendmsg$NFC_CMD_SE_IO(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2c, r4, 0xd03, 0x70bd25, 0x25dfdbfb, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_SE_APDU={0x5, 0x19, "a7"}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4c814)
r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-openat$nci-ioctl$IOCTL_GET_NCIDEV_IDX-openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r3)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f0000000000))
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-openat$nci-openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r3)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$nfc-openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r3)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-syz_init_net_socket$nl_generic-openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-syz_genetlink_get_family_id$nfc-openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-sendmsg$NLBL_CIPSOV4_C_ADD-openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000500)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fedbdf250100000008000100ff03000100000005000300020000000500030005000000050003000500000005000300060000000800020002000000"], 0x50}, 0x1, 0x0, 0x0, 0x400c095}, 0x0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_cipso-openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-syz_init_net_socket$nl_generic-openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$ieee802154-openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
program crashed: general protection fault in pcl818_ai_cancel
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
program crashed: general protection fault in pcl818_ai_cancel
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
program crashed: general protection fault in pcl818_ai_cancel
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
program crashed: general protection fault in pcl818_ai_cancel
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
program crashed: general protection fault in pcl818_ai_cancel
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
program crashed: general protection fault in pcl818_ai_cancel
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
program crashed: general protection fault in pcl818_ai_cancel
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
program crashed: general protection fault in pcl818_ai_cancel
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$comedi-ioctl$COMEDI_DEVCONFIG-ioctl$COMEDI_DEVCONFIG
detailed listing:
executing program 0:
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x4, 0x3, 0x0, 0x8, 0xcc9, 0x6, 0x7, 0x5, 0x10, 0xfffffffd, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1000, 0x1a449, 0x3, 0xb, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x2, 0x4, 0x1]})

program crashed: general protection fault in pcl818_ai_cancel
validation run: crashed=true
reproducing took 1h41m36.592451662s
repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
CPU: 1 UID: 0 PID: 6025 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 drivers/comedi/drivers/pcl818.c:762
Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 49 7e 27 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 28 7e 27 f9 4d 8b 24 24 48 83 c3
RSP: 0018:ffffc90003597a40 EFLAGS: 00010206
RAX: 0000000000000005 RBX: ffff888077101600 RCX: ffff888027945ac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88802f9b4800
RBP: 0000000000000001 R08: ffff88802f9b492f R09: 1ffff11005f36925
R10: dffffc0000000000 R11: ffffffff88fd1170 R12: 0000000000000028
R13: dffffc0000000000 R14: ffff88802f9b4800 R15: dffffc0000000000
FS:  0000555591c36500(0000) GS:ffff8881258a2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32363fff CR3: 00000000733fe000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 pcl818_detach+0x66/0xd0 drivers/comedi/drivers/pcl818.c:1115
 comedi_device_detach_locked+0x178/0x750 drivers/comedi/drivers.c:207
 do_devconfig_ioctl drivers/comedi/comedi_fops.c:848 [inline]
 comedi_unlocked_ioctl+0xcde/0x1020 drivers/comedi/comedi_fops.c:2178
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2029d8ec29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc089aa998 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f2029fd5fa0 RCX: 00007f2029d8ec29
RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000003
RBP: 00007f2029e11e41 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2029fd5fa0 R14: 00007f2029fd5fa0 R15: 0000000000000003
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 drivers/comedi/drivers/pcl818.c:762
Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 49 7e 27 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 28 7e 27 f9 4d 8b 24 24 48 83 c3
RSP: 0018:ffffc90003597a40 EFLAGS: 00010206
RAX: 0000000000000005 RBX: ffff888077101600 RCX: ffff888027945ac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88802f9b4800
RBP: 0000000000000001 R08: ffff88802f9b492f R09: 1ffff11005f36925
R10: dffffc0000000000 R11: ffffffff88fd1170 R12: 0000000000000028
R13: dffffc0000000000 R14: ffff88802f9b4800 R15: dffffc0000000000
FS:  0000555591c36500(0000) GS:ffff8881257a2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555591c515c8 CR3: 00000000733fe000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	8b 1b                	mov    (%rbx),%ebx
   2:	48 89 d8             	mov    %rbx,%rax
   5:	48 c1 e8 03          	shr    $0x3,%rax
   9:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
   e:	74 08                	je     0x18
  10:	48 89 df             	mov    %rbx,%rdi
  13:	e8 49 7e 27 f9       	call   0xf9277e61
  18:	48 8b 03             	mov    (%rbx),%rax
  1b:	48 89 04 24          	mov    %rax,(%rsp)
  1f:	49 83 c4 28          	add    $0x28,%r12
  23:	4c 89 e0             	mov    %r12,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 e7             	mov    %r12,%rdi
  34:	e8 28 7e 27 f9       	call   0xf9277e61
  39:	4d 8b 24 24          	mov    (%r12),%r12
  3d:	48                   	rex.W
  3e:	83                   	.byte 0x83
  3f:	c3                   	ret

final repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
CPU: 1 UID: 0 PID: 6025 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 drivers/comedi/drivers/pcl818.c:762
Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 49 7e 27 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 28 7e 27 f9 4d 8b 24 24 48 83 c3
RSP: 0018:ffffc90003597a40 EFLAGS: 00010206
RAX: 0000000000000005 RBX: ffff888077101600 RCX: ffff888027945ac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88802f9b4800
RBP: 0000000000000001 R08: ffff88802f9b492f R09: 1ffff11005f36925
R10: dffffc0000000000 R11: ffffffff88fd1170 R12: 0000000000000028
R13: dffffc0000000000 R14: ffff88802f9b4800 R15: dffffc0000000000
FS:  0000555591c36500(0000) GS:ffff8881258a2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32363fff CR3: 00000000733fe000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 pcl818_detach+0x66/0xd0 drivers/comedi/drivers/pcl818.c:1115
 comedi_device_detach_locked+0x178/0x750 drivers/comedi/drivers.c:207
 do_devconfig_ioctl drivers/comedi/comedi_fops.c:848 [inline]
 comedi_unlocked_ioctl+0xcde/0x1020 drivers/comedi/comedi_fops.c:2178
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2029d8ec29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc089aa998 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f2029fd5fa0 RCX: 00007f2029d8ec29
RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000003
RBP: 00007f2029e11e41 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2029fd5fa0 R14: 00007f2029fd5fa0 R15: 0000000000000003
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 drivers/comedi/drivers/pcl818.c:762
Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 49 7e 27 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 28 7e 27 f9 4d 8b 24 24 48 83 c3
RSP: 0018:ffffc90003597a40 EFLAGS: 00010206
RAX: 0000000000000005 RBX: ffff888077101600 RCX: ffff888027945ac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88802f9b4800
RBP: 0000000000000001 R08: ffff88802f9b492f R09: 1ffff11005f36925
R10: dffffc0000000000 R11: ffffffff88fd1170 R12: 0000000000000028
R13: dffffc0000000000 R14: ffff88802f9b4800 R15: dffffc0000000000
FS:  0000555591c36500(0000) GS:ffff8881257a2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555591c515c8 CR3: 00000000733fe000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	8b 1b                	mov    (%rbx),%ebx
   2:	48 89 d8             	mov    %rbx,%rax
   5:	48 c1 e8 03          	shr    $0x3,%rax
   9:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
   e:	74 08                	je     0x18
  10:	48 89 df             	mov    %rbx,%rdi
  13:	e8 49 7e 27 f9       	call   0xf9277e61
  18:	48 8b 03             	mov    (%rbx),%rax
  1b:	48 89 04 24          	mov    %rax,(%rsp)
  1f:	49 83 c4 28          	add    $0x28,%r12
  23:	4c 89 e0             	mov    %r12,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 e7             	mov    %r12,%rdi
  34:	e8 28 7e 27 f9       	call   0xf9277e61
  39:	4d 8b 24 24          	mov    (%r12),%r12
  3d:	48                   	rex.W
  3e:	83                   	.byte 0x83
  3f:	c3                   	ret