Extracting prog: 4h25m6.507057684s
Minimizing prog: 13m44.943285283s
Simplifying prog options: 5m41.316710619s
Extracting C: 1m24.020319344s
Simplifying C: 0s
extracting reproducer from 43 programs
testing a last program of every proc
single: executing 10 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-ioctl$NS_GET_PARENT
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-wait4$auto
detailed listing:
executing program 0:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-close_range$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-write$auto
detailed listing:
executing program 0:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_debug_help_fops_orangefs_debugfs-read$auto_debug_help_fops_orangefs_debugfs
detailed listing:
executing program 0:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_debug_help_fops_orangefs_debugfs-read$auto_debug_help_fops_orangefs_debugfs
detailed listing:
executing program 0:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_usbdev_file_operations_usb-ppoll$auto
detailed listing:
executing program 0:
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/011/001\x00', 0x121002, 0x0)
ppoll$auto(&(0x7f0000000000)={r0, 0x9, 0x8}, 0x1, 0x0, 0x0, 0x8)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_usbdev_file_operations_usb-ppoll$auto
detailed listing:
executing program 0:
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/011/001\x00', 0x121002, 0x0)
ppoll$auto(&(0x7f0000000000)={r0, 0x9, 0x8}, 0x1, 0x0, 0x0, 0x8)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_uring_setup$auto
detailed listing:
executing program 0:
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x103, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_uring_setup$auto
detailed listing:
executing program 0:
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x103, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
program did not crash
single: failed to extract reproducer
bisect: bisecting 43 programs with base timeout 30s
testing program (duration=40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 0:
truncate$auto(0x0, 0x80)
executing program 0:
finit_module$auto(0x1, 0xfffffffffffffffc, 0x1)
executing program 0:
prctl$auto(0x21, 0x0, 0x0, 0x0, 0x0)
executing program 0:
io_cancel$auto(0x8, 0xfffffffffffffffd, 0xfffffffffffffffc)
executing program 0:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffe, @_sigpoll={0x52, 0x7}}})
executing program 0:
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x103, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
executing program 32:
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x103, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
executing program 2:
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0)
ioctl$auto(0x3, 0x40081271, 0x38)
executing program 2:
setreuid$auto(0x3, 0x7)
keyctl$auto(0x12, 0x0, 0x0, 0x1, 0xa0)
executing program 2:
r0 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
pwrite64$auto(r0, 0x0, 0x1, 0x7fff000000000000)
executing program 2:
socket(0x2, 0x5, 0x0)
connect$auto(0x3, &(0x7f0000000280), 0x55)
executing program 2:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
migrate_pages$auto(0x1, 0x9, 0x0, &(0x7f0000000840)=0x2)
executing program 2:
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/011/001\x00', 0x121002, 0x0)
ppoll$auto(&(0x7f0000000000)={r0, 0x9, 0x8}, 0x1, 0x0, 0x0, 0x8)
executing program 33:
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/011/001\x00', 0x121002, 0x0)
ppoll$auto(&(0x7f0000000000)={r0, 0x9, 0x8}, 0x1, 0x0, 0x0, 0x8)
executing program 1:
openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/error_log\x00', 0x60481, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 6:
socket(0x2, 0x3, 0x2)
setsockopt$auto(0x3, 0x0, 0xd3, 0xfffffffffffffffc, 0xfd72)
executing program 3:
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00'})
executing program 4:
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x40000, 0x0)
ioctl$auto_SOUND_PCM_READ_RATE(r0, 0x80045014, 0x0)
executing program 6:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
futex$auto(0x0, 0x7, 0x47, 0x0, 0x0, 0x0)
executing program 3:
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
open(&(0x7f0000000140)='./file0\x00', 0xd79583, 0x84)
executing program 5:
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/rt_cache\x00', 0x40000, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/250, 0xfa)
executing program 6:
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x39, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
replaying the whole log did not cause a kernel crash
single: executing 10 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-ioctl$NS_GET_PARENT
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-wait4$auto
detailed listing:
executing program 0:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-close_range$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-write$auto
detailed listing:
executing program 0:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_debug_help_fops_orangefs_debugfs-read$auto_debug_help_fops_orangefs_debugfs
detailed listing:
executing program 0:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_debug_help_fops_orangefs_debugfs-read$auto_debug_help_fops_orangefs_debugfs
detailed listing:
executing program 0:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_usbdev_file_operations_usb-ppoll$auto
detailed listing:
executing program 0:
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/011/001\x00', 0x121002, 0x0)
ppoll$auto(&(0x7f0000000000)={r0, 0x9, 0x8}, 0x1, 0x0, 0x0, 0x8)
program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_usbdev_file_operations_usb-ppoll$auto
detailed listing:
executing program 0:
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/011/001\x00', 0x121002, 0x0)
ppoll$auto(&(0x7f0000000000)={r0, 0x9, 0x8}, 0x1, 0x0, 0x0, 0x8)
program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_uring_setup$auto
detailed listing:
executing program 0:
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x103, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_uring_setup$auto
detailed listing:
executing program 0:
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x103, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
program did not crash
single: failed to extract reproducer
bisect: bisecting 43 programs with base timeout 1m40s
testing program (duration=1m50s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 0:
truncate$auto(0x0, 0x80)
executing program 0:
finit_module$auto(0x1, 0xfffffffffffffffc, 0x1)
executing program 0:
prctl$auto(0x21, 0x0, 0x0, 0x0, 0x0)
executing program 0:
io_cancel$auto(0x8, 0xfffffffffffffffd, 0xfffffffffffffffc)
executing program 0:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffe, @_sigpoll={0x52, 0x7}}})
executing program 0:
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x103, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
executing program 32:
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x103, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
executing program 2:
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0)
ioctl$auto(0x3, 0x40081271, 0x38)
executing program 2:
setreuid$auto(0x3, 0x7)
keyctl$auto(0x12, 0x0, 0x0, 0x1, 0xa0)
executing program 2:
r0 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
pwrite64$auto(r0, 0x0, 0x1, 0x7fff000000000000)
executing program 2:
socket(0x2, 0x5, 0x0)
connect$auto(0x3, &(0x7f0000000280), 0x55)
executing program 2:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
migrate_pages$auto(0x1, 0x9, 0x0, &(0x7f0000000840)=0x2)
executing program 2:
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/011/001\x00', 0x121002, 0x0)
ppoll$auto(&(0x7f0000000000)={r0, 0x9, 0x8}, 0x1, 0x0, 0x0, 0x8)
executing program 33:
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/011/001\x00', 0x121002, 0x0)
ppoll$auto(&(0x7f0000000000)={r0, 0x9, 0x8}, 0x1, 0x0, 0x0, 0x8)
executing program 1:
openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/error_log\x00', 0x60481, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 6:
socket(0x2, 0x3, 0x2)
setsockopt$auto(0x3, 0x0, 0xd3, 0xfffffffffffffffc, 0xfd72)
executing program 3:
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00'})
executing program 4:
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x40000, 0x0)
ioctl$auto_SOUND_PCM_READ_RATE(r0, 0x80045014, 0x0)
executing program 6:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
futex$auto(0x0, 0x7, 0x47, 0x0, 0x0, 0x0)
executing program 3:
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
open(&(0x7f0000000140)='./file0\x00', 0xd79583, 0x84)
executing program 5:
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/rt_cache\x00', 0x40000, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/250, 0xfa)
executing program 6:
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x39, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: general protection fault in sctp_inet6addr_event
bisect: bisecting 43 programs
bisect: split chunks (needed=false): <43>
bisect: split chunk #0 of len 43 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=1m47s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 6:
socket(0x2, 0x3, 0x2)
setsockopt$auto(0x3, 0x0, 0xd3, 0xfffffffffffffffc, 0xfd72)
executing program 3:
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00'})
executing program 4:
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x40000, 0x0)
ioctl$auto_SOUND_PCM_READ_RATE(r0, 0x80045014, 0x0)
executing program 6:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
futex$auto(0x0, 0x7, 0x47, 0x0, 0x0, 0x0)
executing program 3:
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
open(&(0x7f0000000140)='./file0\x00', 0xd79583, 0x84)
executing program 5:
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/rt_cache\x00', 0x40000, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/250, 0xfa)
executing program 6:
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x39, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: general protection fault in sctp_inet6addr_event
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=1m43s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 6:
socket(0x2, 0x3, 0x2)
setsockopt$auto(0x3, 0x0, 0xd3, 0xfffffffffffffffc, 0xfd72)
executing program 3:
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00'})
executing program 4:
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x40000, 0x0)
ioctl$auto_SOUND_PCM_READ_RATE(r0, 0x80045014, 0x0)
executing program 6:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
futex$auto(0x0, 0x7, 0x47, 0x0, 0x0, 0x0)
executing program 3:
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
open(&(0x7f0000000140)='./file0\x00', 0xd79583, 0x84)
executing program 5:
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/rt_cache\x00', 0x40000, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/250, 0xfa)
executing program 6:
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x39, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: testing without sub-chunk 3/3
testing program (duration=1m43s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
program did not crash
bisect: split chunks (needed=true): <15>, <13>
bisect: split chunk #0 of len 15 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 6:
socket(0x2, 0x3, 0x2)
setsockopt$auto(0x3, 0x0, 0xd3, 0xfffffffffffffffc, 0xfd72)
executing program 3:
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00'})
executing program 4:
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x40000, 0x0)
ioctl$auto_SOUND_PCM_READ_RATE(r0, 0x80045014, 0x0)
executing program 6:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
futex$auto(0x0, 0x7, 0x47, 0x0, 0x0, 0x0)
executing program 3:
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
open(&(0x7f0000000140)='./file0\x00', 0xd79583, 0x84)
executing program 5:
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/rt_cache\x00', 0x40000, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/250, 0xfa)
executing program 6:
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x39, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 6:
socket(0x2, 0x3, 0x2)
setsockopt$auto(0x3, 0x0, 0xd3, 0xfffffffffffffffc, 0xfd72)
executing program 3:
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00'})
executing program 4:
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x40000, 0x0)
ioctl$auto_SOUND_PCM_READ_RATE(r0, 0x80045014, 0x0)
executing program 6:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
futex$auto(0x0, 0x7, 0x47, 0x0, 0x0, 0x0)
executing program 3:
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
open(&(0x7f0000000140)='./file0\x00', 0xd79583, 0x84)
executing program 5:
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/rt_cache\x00', 0x40000, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/250, 0xfa)
executing program 6:
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x39, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: split chunk #1 of len 13 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: WARNING in retire_sysctl_set
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <8>, <7>, <6>
bisect: split chunk #0 of len 8 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m44s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m44s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: split chunk #1 of len 7 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m44s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m44s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: split chunk #2 of len 6 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m44s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m44s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
program did not crash
bisect: split chunks (needed=true): <4>, <4>, <4>, <3>, <3>, <3>
bisect: split chunk #0 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m44s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: general protection fault in sctp_inet6addr_event
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunk #1 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m44s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: general protection fault in sctp_inet6addr_event
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunk #2 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m43s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m43s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: split chunk #3 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m43s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m44s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: split chunk #4 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m43s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: general protection fault in mptcp_net_exit
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunk #5 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m43s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: general protection fault in sctp_inet6addr_event
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: too many guilty chunks, aborting
single: executing 10 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-ioctl$NS_GET_PARENT
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone-wait4$auto
detailed listing:
executing program 0:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-close_range$auto
detailed listing:
executing program 0:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-write$auto
detailed listing:
executing program 0:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_debug_help_fops_orangefs_debugfs-read$auto_debug_help_fops_orangefs_debugfs
detailed listing:
executing program 0:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_debug_help_fops_orangefs_debugfs-read$auto_debug_help_fops_orangefs_debugfs
detailed listing:
executing program 0:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_usbdev_file_operations_usb-ppoll$auto
detailed listing:
executing program 0:
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/011/001\x00', 0x121002, 0x0)
ppoll$auto(&(0x7f0000000000)={r0, 0x9, 0x8}, 0x1, 0x0, 0x0, 0x8)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_usbdev_file_operations_usb-ppoll$auto
detailed listing:
executing program 0:
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/011/001\x00', 0x121002, 0x0)
ppoll$auto(&(0x7f0000000000)={r0, 0x9, 0x8}, 0x1, 0x0, 0x0, 0x8)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_uring_setup$auto
detailed listing:
executing program 0:
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x103, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_uring_setup$auto
detailed listing:
executing program 0:
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x103, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
program did not crash
single: failed to extract reproducer
bisect: bisecting 43 programs with base timeout 6m0s
testing program (duration=6m10s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 0:
truncate$auto(0x0, 0x80)
executing program 0:
finit_module$auto(0x1, 0xfffffffffffffffc, 0x1)
executing program 0:
prctl$auto(0x21, 0x0, 0x0, 0x0, 0x0)
executing program 0:
io_cancel$auto(0x8, 0xfffffffffffffffd, 0xfffffffffffffffc)
executing program 0:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffe, @_sigpoll={0x52, 0x7}}})
executing program 0:
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x103, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
executing program 32:
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x2, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x103, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x2, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}})
executing program 2:
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0)
ioctl$auto(0x3, 0x40081271, 0x38)
executing program 2:
setreuid$auto(0x3, 0x7)
keyctl$auto(0x12, 0x0, 0x0, 0x1, 0xa0)
executing program 2:
r0 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
pwrite64$auto(r0, 0x0, 0x1, 0x7fff000000000000)
executing program 2:
socket(0x2, 0x5, 0x0)
connect$auto(0x3, &(0x7f0000000280), 0x55)
executing program 2:
rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}})
migrate_pages$auto(0x1, 0x9, 0x0, &(0x7f0000000840)=0x2)
executing program 2:
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/011/001\x00', 0x121002, 0x0)
ppoll$auto(&(0x7f0000000000)={r0, 0x9, 0x8}, 0x1, 0x0, 0x0, 0x8)
executing program 33:
r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/011/001\x00', 0x121002, 0x0)
ppoll$auto(&(0x7f0000000000)={r0, 0x9, 0x8}, 0x1, 0x0, 0x0, 0x8)
executing program 1:
openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/error_log\x00', 0x60481, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 6:
socket(0x2, 0x3, 0x2)
setsockopt$auto(0x3, 0x0, 0xd3, 0xfffffffffffffffc, 0xfd72)
executing program 3:
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00'})
executing program 4:
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x40000, 0x0)
ioctl$auto_SOUND_PCM_READ_RATE(r0, 0x80045014, 0x0)
executing program 6:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
futex$auto(0x0, 0x7, 0x47, 0x0, 0x0, 0x0)
executing program 3:
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
open(&(0x7f0000000140)='./file0\x00', 0xd79583, 0x84)
executing program 5:
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/rt_cache\x00', 0x40000, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/250, 0xfa)
executing program 6:
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x39, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: BUG: unable to handle kernel NULL pointer dereference in fib_seq_sum
bisect: bisecting 43 programs
bisect: split chunks (needed=false): <43>
bisect: split chunk #0 of len 43 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=6m7s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 6:
socket(0x2, 0x3, 0x2)
setsockopt$auto(0x3, 0x0, 0xd3, 0xfffffffffffffffc, 0xfd72)
executing program 3:
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00'})
executing program 4:
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x40000, 0x0)
ioctl$auto_SOUND_PCM_READ_RATE(r0, 0x80045014, 0x0)
executing program 6:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
futex$auto(0x0, 0x7, 0x47, 0x0, 0x0, 0x0)
executing program 3:
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
open(&(0x7f0000000140)='./file0\x00', 0xd79583, 0x84)
executing program 5:
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/rt_cache\x00', 0x40000, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/250, 0xfa)
executing program 6:
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x39, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: general protection fault in sctp_inet6addr_event
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=6m3s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 6:
socket(0x2, 0x3, 0x2)
setsockopt$auto(0x3, 0x0, 0xd3, 0xfffffffffffffffc, 0xfd72)
executing program 3:
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00'})
executing program 4:
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x40000, 0x0)
ioctl$auto_SOUND_PCM_READ_RATE(r0, 0x80045014, 0x0)
executing program 6:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
futex$auto(0x0, 0x7, 0x47, 0x0, 0x0, 0x0)
executing program 3:
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
open(&(0x7f0000000140)='./file0\x00', 0xd79583, 0x84)
executing program 5:
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/rt_cache\x00', 0x40000, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/250, 0xfa)
executing program 6:
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x39, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: testing without sub-chunk 3/3
testing program (duration=6m3s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
program did not crash
bisect: split chunks (needed=true): <15>, <13>
bisect: split chunk #0 of len 15 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 6:
socket(0x2, 0x3, 0x2)
setsockopt$auto(0x3, 0x0, 0xd3, 0xfffffffffffffffc, 0xfd72)
executing program 3:
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00'})
executing program 4:
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x40000, 0x0)
ioctl$auto_SOUND_PCM_READ_RATE(r0, 0x80045014, 0x0)
executing program 6:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
futex$auto(0x0, 0x7, 0x47, 0x0, 0x0, 0x0)
executing program 3:
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
open(&(0x7f0000000140)='./file0\x00', 0xd79583, 0x84)
executing program 5:
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/rt_cache\x00', 0x40000, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/250, 0xfa)
executing program 6:
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x39, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 6:
socket(0x2, 0x3, 0x2)
setsockopt$auto(0x3, 0x0, 0xd3, 0xfffffffffffffffc, 0xfd72)
executing program 3:
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x89b0, &(0x7f0000000140)={'bridge0\x00'})
executing program 4:
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/adsp1\x00', 0x40000, 0x0)
ioctl$auto_SOUND_PCM_READ_RATE(r0, 0x80045014, 0x0)
executing program 6:
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
futex$auto(0x0, 0x7, 0x47, 0x0, 0x0, 0x0)
executing program 3:
open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84)
open(&(0x7f0000000140)='./file0\x00', 0xd79583, 0x84)
executing program 5:
r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/rt_cache\x00', 0x40000, 0x0)
read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/250, 0xfa)
executing program 6:
r0 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r0, 0x29, 0x39, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: split chunk #1 of len 13 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: general protection fault in devlink_trap_policer_unregister
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <8>, <7>, <6>
bisect: split chunk #0 of len 8 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m4s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 34:
r0 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000053c0), 0xa0200, 0x0)
read$auto_debug_help_fops_orangefs_debugfs(r0, &(0x7f0000005400)=""/70, 0x46)
executing program 5:
r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x80, 0x0)
ioctl$auto_evdev_fops_evdev(r0, 0xffffffff80004506, 0x0)
executing program 5:
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x0, 0x0)
ioctl$auto_def_blk_fops_fs(r0, 0x125f, 0x0)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m4s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: WARNING in retire_sysctl_set
bisect: the chunk can be dropped
bisect: split chunk #1 of len 7 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m3s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 4:
r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cec28\x00', 0x80, 0x0)
ioctl$auto_CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)=0xc369)
executing program 4:
prctl$auto(0x1000000001c, 0x6e, 0x8, 0x9, 0x3)
prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x2)
executing program 5:
r0 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r0, 0x43403d05, 0x0)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m3s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0)
poll$auto(&(0x7f0000000180)={r0, 0x3569, 0x8}, 0x34, 0x5)
executing program 3:
r0 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/environ\x00', 0x800, 0x0)
read$auto_proc_environ_operations_base(r0, &(0x7f0000000c40)=""/141, 0x8d)
executing program 5:
socket(0x23, 0x2, 0x0)
write$auto(0x3, 0x0, 0xffd8)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: BUG: corrupted list in __team_options_unregister
bisect: the chunk can be dropped
bisect: split chunk #2 of len 6 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m2s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x1, 0x0)
write$auto_tracing_cpumask_fops_trace(r0, 0x0, 0x0)
executing program 1:
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: general protection fault in devl_traps_unregister
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <4>, <4>, <3>
bisect: split chunk #0 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m2s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 3:
prctl$auto(0x41, 0x1, 0x0, 0x0, 0x0)
prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0)
executing program 5:
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
ioctl$auto(r0, 0x80044940, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: general protection fault in sctp_inet6addr_event
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunk #1 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x0, 0xfffffffffffff000, 0x0)
executing program 6:
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4$auto(0x0, &(0x7f0000000000)=0x9, 0x2, &(0x7f0000000040)={{0x583, 0x3}, {0x3, 0x6}, 0x0, 0x3, 0x7, 0xfffffffffffffff9, 0x64c9, 0x100000000, 0xfffffffeffffffff, 0xd, 0x4, 0x233980000, 0xfffffffffffffffe, 0x1, 0x7, 0x7ff})
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: WARNING in retire_sysctl_set
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunk #2 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: general protection fault in sctp_inet6addr_event
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <2>, <2>, <1>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2]
detailed listing:
executing program 1:
setresuid$auto(0xffffffffffffffff, 0x8, 0x8000)
tkill$auto(0x80000000000001, 0x7)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 4:
socket(0x11, 0x80003, 0x10300)
close_range$auto(0x2, 0x8, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: kernel BUG in vfree
bisect: the chunk can be dropped
bisect: split chunk #1 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2]
detailed listing:
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: KASAN: null-ptr-deref Write in tomoyo_task_alloc
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunk #2 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: split chunks (needed=true): <1>, <1>, <1, final>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: split chunk #1 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 3 programs left:
executing program 1:
r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
bisect: trying to concatenate
bisect: concatenate 3 entries
minimizing program #0 before concatenation
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 2, 2]
detailed listing:
executing program 0:
openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000a80), 0x8c0001, 0x0)
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: general protection fault in sctp_inet6addr_event
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 2, 2]
detailed listing:
executing program 0:
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core
minimized 2 calls -> 0 calls
minimizing program #1 before concatenation
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 1, 2]
detailed listing:
executing program 1:
executing program 0:
openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 1, 2]
detailed listing:
executing program 1:
executing program 0:
write$auto_configfs_file_operations_configfs_internal(0xffffffffffffffff, &(0x7f0000000140)="8e00", 0x2)
executing program 3:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
ioctl$NS_GET_PARENT(r0, 0xff0a, 0x0)
program did not crash
minimized 2 calls -> 2 calls
minimizing program #2 before concatenation
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 2, 1]
detailed listing:
executing program 1:
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 0:
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
program crashed: general protection fault in tomoyo_init_request_info
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [0, 2, 0]
detailed listing:
executing program 1:
executing program 3:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
executing program 0:
program crashed: general protection fault in tomoyo_init_request_info
minimized 2 calls -> 0 calls
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_configfs_file_operations_configfs_internal-write$auto_configfs_file_operations_configfs_internal
detailed listing:
executing program 0:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
program crashed: general protection fault in find_lock_task_mm
bisect: concatenation succeeded
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=2m19.039168934s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_configfs_file_operations_configfs_internal
detailed listing:
executing program 0:
openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
program did not crash
testing program (duration=2m19.039168934s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): write$auto_configfs_file_operations_configfs_internal
detailed listing:
executing program 0:
write$auto_configfs_file_operations_configfs_internal(0xffffffffffffffff, &(0x7f0000000140)="8e00", 0x2)
program did not crash
testing program (duration=2m19.039168934s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_configfs_file_operations_configfs_internal-write$auto_configfs_file_operations_configfs_internal
detailed listing:
executing program 0:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, 0x0, 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
program did not crash
testing program (duration=2m19.039168934s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_configfs_file_operations_configfs_internal-write$auto_configfs_file_operations_configfs_internal
detailed listing:
executing program 0:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, 0x0, 0x0)
program did not crash
testing program (duration=2m19.039168934s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_configfs_file_operations_configfs_internal-write$auto_configfs_file_operations_configfs_internal
detailed listing:
executing program 0:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140), 0x0)
program did not crash
extracting C reproducer
testing compiled C program (duration=2m19.039168934s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_configfs_file_operations_configfs_internal-write$auto_configfs_file_operations_configfs_internal
program crashed: general protection fault in account_kernel_stack
a never seen crash title: general protection fault in account_kernel_stack, ignore
simplifying guilty program options
testing program (duration=2m19.039168934s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_configfs_file_operations_configfs_internal-write$auto_configfs_file_operations_configfs_internal
detailed listing:
executing program 0:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
program did not crash
testing program (duration=2m19.039168934s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_configfs_file_operations_configfs_internal-write$auto_configfs_file_operations_configfs_internal
detailed listing:
executing program 0:
r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/config/nvmet/discovery_nqn\x00', 0x189002, 0x0)
write$auto_configfs_file_operations_configfs_internal(r0, &(0x7f0000000140)="8e00", 0x2)
program did not crash
reproducing took 4h45m56.787390589s
repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc000000006c: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000360-0x0000000000000367]
CPU: 0 UID: 0 PID: 8122 Comm: syz-executor Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
RIP: 0010:__lock_acquire+0xe4/0x3c40 kernel/locking/lockdep.c:5089
Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d 4a 00 a7 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 17 32 93 0f 84
RSP: 0018:ffffc9000d087990 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000006c RSI: 1ffff92001a10f44 RDI: 0000000000000360
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff901cc317 R11: 0000000000000002 R12: 0000000000000360
R13: ffff888034c38000 R14: 0000000000000000 R15: 0000000000000000
FS: 00005555879c4500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555879c4808 CR3: 0000000030ed6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
task_lock include/linux/sched/task.h:229 [inline]
find_lock_task_mm+0xd4/0x2f0 mm/oom_kill.c:140
__set_oom_adj.isra.0+0xcd8/0x1120 fs/proc/base.c:1157
oom_score_adj_write+0x1b8/0x200 fs/proc/base.c:1294
vfs_write+0x24c/0x1150 fs/read_write.c:677
ksys_write+0x12b/0x250 fs/read_write.c:731
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3c079847cf
Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
RSP: 002b:00007fffc0defcf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3c079847cf
RDX: 0000000000000004 RSI: 00007fffc0defd40 RDI: 0000000000000003
RBP: 00007f3c07a0320c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
R13: 00007fffc0defd40 R14: 00007fffc0df02a0 R15: 00007fffc0df02a0
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__lock_acquire+0xe4/0x3c40 kernel/locking/lockdep.c:5089
Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d 4a 00 a7 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 17 32 93 0f 84
RSP: 0018:ffffc9000d087990 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000006c RSI: 1ffff92001a10f44 RDI: 0000000000000360
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff901cc317 R11: 0000000000000002 R12: 0000000000000360
R13: ffff888034c38000 R14: 0000000000000000 R15: 0000000000000000
FS: 00005555879c4500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555879c4808 CR3: 0000000030ed6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 08 84 d2 0f 85 15 14 or %al,0x1415850f(%rdx,%rdx,8)
7: 00 00 add %al,(%rax)
9: 44 8b 0d 4a 00 a7 0e mov 0xea7004a(%rip),%r9d # 0xea7005a
10: 45 85 c9 test %r9d,%r9d
13: 0f 84 b4 0e 00 00 je 0xecd
19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
20: fc ff df
23: 4c 89 e2 mov %r12,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
* 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 0f 85 96 2c 00 00 jne 0x2cca
34: 49 8b 04 24 mov (%r12),%rax
38: 48 3d a0 17 32 93 cmp $0xffffffff933217a0,%rax
3e: 0f .byte 0xf
3f: 84 .byte 0x84
final repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc000000006c: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000360-0x0000000000000367]
CPU: 0 UID: 0 PID: 8122 Comm: syz-executor Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
RIP: 0010:__lock_acquire+0xe4/0x3c40 kernel/locking/lockdep.c:5089
Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d 4a 00 a7 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 17 32 93 0f 84
RSP: 0018:ffffc9000d087990 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000006c RSI: 1ffff92001a10f44 RDI: 0000000000000360
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff901cc317 R11: 0000000000000002 R12: 0000000000000360
R13: ffff888034c38000 R14: 0000000000000000 R15: 0000000000000000
FS: 00005555879c4500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555879c4808 CR3: 0000000030ed6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
task_lock include/linux/sched/task.h:229 [inline]
find_lock_task_mm+0xd4/0x2f0 mm/oom_kill.c:140
__set_oom_adj.isra.0+0xcd8/0x1120 fs/proc/base.c:1157
oom_score_adj_write+0x1b8/0x200 fs/proc/base.c:1294
vfs_write+0x24c/0x1150 fs/read_write.c:677
ksys_write+0x12b/0x250 fs/read_write.c:731
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3c079847cf
Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
RSP: 002b:00007fffc0defcf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3c079847cf
RDX: 0000000000000004 RSI: 00007fffc0defd40 RDI: 0000000000000003
RBP: 00007f3c07a0320c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
R13: 00007fffc0defd40 R14: 00007fffc0df02a0 R15: 00007fffc0df02a0
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__lock_acquire+0xe4/0x3c40 kernel/locking/lockdep.c:5089
Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d 4a 00 a7 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 17 32 93 0f 84
RSP: 0018:ffffc9000d087990 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000006c RSI: 1ffff92001a10f44 RDI: 0000000000000360
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff901cc317 R11: 0000000000000002 R12: 0000000000000360
R13: ffff888034c38000 R14: 0000000000000000 R15: 0000000000000000
FS: 00005555879c4500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555879c4808 CR3: 0000000030ed6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 08 84 d2 0f 85 15 14 or %al,0x1415850f(%rdx,%rdx,8)
7: 00 00 add %al,(%rax)
9: 44 8b 0d 4a 00 a7 0e mov 0xea7004a(%rip),%r9d # 0xea7005a
10: 45 85 c9 test %r9d,%r9d
13: 0f 84 b4 0e 00 00 je 0xecd
19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
20: fc ff df
23: 4c 89 e2 mov %r12,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
* 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 0f 85 96 2c 00 00 jne 0x2cca
34: 49 8b 04 24 mov (%r12),%rax
38: 48 3d a0 17 32 93 cmp $0xffffffff933217a0,%rax
3e: 0f .byte 0xf
3f: 84 .byte 0x84