Extracting prog: 6m21.398567903s Minimizing prog: 11m59.638740618s Simplifying prog options: 0s Extracting C: 59.70622521s Simplifying C: 8m32.728073589s extracting reproducer from 24 programs testing a last program of every proc single: executing 4 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binderfs-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-socket$nl_netfilter-sendmsg$IPSET_CMD_CREATE-epoll_create1-socket$inet6_sctp-sendto$inet6-setsockopt$inet_sctp6_SCTP_EVENTS-prctl$PR_SCHED_CORE-setsockopt$SO_TIMESTAMPING-recvmmsg-ioctl$ifreq_SIOCGIFINDEX_wireguard-ioctl$sock_inet6_SIOCDELRT-socket$inet6_icmp_raw-mkdir-mkdir-ioprio_set$pid-mkdir-open-write$FUSE_CREATE_OPEN detailed listing: executing program 0: openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0xc0202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x6}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x48}}, 0x0) epoll_create1(0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f0000000640)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0xfec0ffffffffffff, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8c, 0x1, 0x0, 0x3}, 0xe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, &(0x7f0000000100)) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000000)=0x41dc, 0x4) recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x41, 0x0}}], 0x414, 0x406, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wg0\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r2, 0x890c, &(0x7f0000000300)={@ipv4={'\x00', '\xff\xff', @empty}, @mcast1, @empty, 0x5, 0x8, 0x40, 0x0, 0xd45, 0x400303, r3}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) mkdir(&(0x7f0000000040)='./file0\x00', 0x80) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) ioprio_set$pid(0x1, 0x0, 0x6000) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r4, &(0x7f0000000740)={0xa0, 0x0, 0x0, {{0x1000000000003, 0x3, 0x8000000000007, 0xaa, 0x9, 0x80001, {0x0, 0x180, 0x20fe, 0x0, 0x45b, 0xd616, 0x9, 0x9, 0xfffffffe, 0x8000, 0x0, 0xee00, 0xffffffffffffffff, 0x3ff, 0x1}}, {0x0, 0x10}}}, 0xa0) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getsockopt$XDP_STATISTICS-getpid-sched_setscheduler-mmap-ptrace$PTRACE_SECCOMP_GET_METADATA-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-bind$rds-openat$binderfs-ioctl$BINDER_SET_CONTEXT_MGR_EXT-openat$binderfs-ioctl$BINDER_WRITE_READ-dup3-ioctl$BINDER_WRITE_READ-mkdir-pwrite64-mount detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000080), 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000280)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$rds(0xffffffffffffffff, 0x0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) r5 = dup3(r4, r3, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x10, 0x0, &(0x7f00000001c0)=[@request_death], 0x0, 0x0, 0x0}) mkdir(0x0, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x4fed0) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='virtiofs\x00', 0x5, 0x0) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$nl_route-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-creat-close-execve detailed listing: executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x48000) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xfffffffffffffffb}, 0x18) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = creat(0x0, 0xecf86c37d53049cc) close(r4) execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f00000004c0)='\x7f\xb7\xc1\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01aA$\xf6j\x89\xd9_\xa0\x84\xeaT\x94\xaexuTW\xa7\x93\x8d\xbd\xe6~\xa8\x82\xe7LSw\x8b\x0f<\xe6\xbdh\x97\xd4\xb8\x97\xc0\xd2\x8e\x83#`yx\x96\x10M\xef\xab\xcaR*\xf8a\xdb?\xe0\xd5\xa8\xf1\x9f\\\x17I\x1b\xda$\n\x97\x1d\x8e\xad\xdc\x11\xce\x1e\xe4\xa9\xdb\xfc\xfa\xb5\xcb\xec=\xb2\xb7x\xf6\xa7H\r\xaf\xf4|\x9e\x96?%\x9a\xb0\x00V\xca\xf7b\xc1 \x7f\xb5\x87\x16\xe1?9\xb5\xb8sn\xc8\xa8\xbf7{\x80\x12\xfd\a\x00\xef}\x0484\nU\x14\xfc\xb0mV~\x9d\xa6\x01\f\xef\x8f(.[8\xbd\xdf\x1a\xa6\x80\xa2\x8b,\x11/\x02\"\x10\xf7\xd0l\xbd\xfa\xcd$?I\x82K\v\xcc\x19\xdc\xdb\x87\xbd\xe4\xac\xe2\xac\x06\xc5\x88_\x84K\x8dm\xac\x9b\xe7#\xcb\xa9}\x8f\xe0\x9dYb\x88Z\x9c\xb5\xcbj\n\x1b\xee\x1ev\x01\xaf']}) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io detailed listing: executing program 0: r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000a0010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000380)={0x40, 0x11, 0x5, {0x5, 0x22, "8c0500"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) program crashed: general protection fault in u2fzero_rng_read single: successfully extracted reproducer found reproducer with 3 syscalls minimizing guilty program testing program (duration=46.193948232s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io detailed listing: executing program 0: r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000a0010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) program did not crash testing program (duration=46.193948232s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io detailed listing: executing program 0: r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000a0010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000380)={0x40, 0x11, 0x5, {0x5, 0x22, "8c0500"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) program did not crash testing program (duration=46.193948232s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_control_io-syz_usb_control_io detailed listing: executing program 0: syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000002c0)={0x2c, &(0x7f0000000380)={0x40, 0x11, 0x5, {0x5, 0x22, "8c0500"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) program did not crash testing program (duration=46.193948232s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io detailed listing: executing program 0: r0 = syz_usb_connect$hid(0x2, 0x3f, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000380)={0x40, 0x11, 0x5, {0x5, 0x22, "8c0500"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) program did not crash testing program (duration=46.193948232s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io detailed listing: executing program 0: r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000380)={0x40, 0x11, 0x5, {0x5, 0x22, "8c0500"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) program did not crash testing program (duration=46.193948232s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io detailed listing: executing program 0: r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000a0010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) program did not crash testing program (duration=46.193948232s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io detailed listing: executing program 0: r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000a0010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) program did not crash testing program (duration=46.193948232s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io detailed listing: executing program 0: r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000a0010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000380)={0x40, 0x11, 0x2, {0x2, 0x22}}, 0x0, 0x0, 0x0, 0x0}, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=46.193948232s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io program crashed: general protection fault in u2fzero_rng_read simplifying C reproducer testing compiled C program (duration=46.193948232s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io program crashed: general protection fault in u2fzero_rng_read testing compiled C program (duration=46.193948232s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io program crashed: general protection fault in u2fzero_rng_read testing compiled C program (duration=46.193948232s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io program crashed: general protection fault in u2fzero_rng_read testing compiled C program (duration=46.193948232s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io program crashed: general protection fault in u2fzero_rng_read testing compiled C program (duration=46.193948232s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io program crashed: general protection fault in u2fzero_rng_read testing compiled C program (duration=46.193948232s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io program crashed: general protection fault in u2fzero_rng_read testing compiled C program (duration=46.193948232s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io program crashed: general protection fault in u2fzero_rng_read testing program (duration=46.193948232s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io detailed listing: executing program 0: r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000a0010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000380)={0x40, 0x11, 0x5, {0x5, 0x22, "8c0500"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) program crashed: general protection fault in u2fzero_rng_read validation run: crashed=true testing program (duration=46.193948232s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io detailed listing: executing program 0: r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000a0010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000380)={0x40, 0x11, 0x5, {0x5, 0x22, "8c0500"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) program crashed: general protection fault in u2fzero_rng_read validation run: crashed=true testing program (duration=46.193948232s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io detailed listing: executing program 0: r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000a0010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000380)={0x40, 0x11, 0x5, {0x5, 0x22, "8c0500"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) program crashed: general protection fault in u2fzero_rng_read validation run: crashed=true reproducing took 33m32.662785348s repro crashed as (corrupted=false): usb 1-1: config 0 descriptor?? hid-u2fzero 0003:10C4:8ACF.0001: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0 hid-u2fzero 0003:10C4:8ACF.0001: U2F Zero LED initialised general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af] CPU: 1 PID: 23 Comm: kworker/1:0 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Workqueue: usb_hub_wq hub_event RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:137 [inline] RIP: 0010:u2fzero_rng_read+0x241/0x630 drivers/hid/hid-u2fzero.c:223 Code: 24 18 80 3c 01 00 74 08 4c 89 ef e8 69 fa f8 f9 bb a8 00 00 00 49 03 5d 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 e1 fa f8 f9 48 8d 44 24 60 48 89 03 RSP: 0018:ffffc900001d6780 EFLAGS: 00010202 RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffffc900001d68a0 RDI: ffff888078396468 RBP: ffffc900001d6998 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888028448300 R13: ffff888028448030 R14: 1ffff11005089083 R15: 1ffff9200003acf8 FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2d563fff CR3: 000000002e704000 CR4: 00000000003506e0 Call Trace: rng_get_data drivers/char/hw_random/core.c:198 [inline] add_early_randomness+0x7a/0x1a0 drivers/char/hw_random/core.c:72 hwrng_register+0x3db/0x4a0 drivers/char/hw_random/core.c:593 devm_hwrng_register+0x47/0xb0 drivers/char/hw_random/core.c:665 u2fzero_probe+0x348/0x460 drivers/hid/hid-u2fzero.c:358 __hid_device_probe drivers/hid/hid-core.c:2644 [inline] hid_device_probe+0x293/0x5b0 drivers/hid/hid-core.c:2681 call_driver_probe drivers/base/dd.c:-1 [inline] really_probe+0x25b/0xb40 drivers/base/dd.c:658 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:800 driver_probe_device+0x4f/0x420 drivers/base/dd.c:830 __device_attach_driver+0x2ca/0x520 drivers/base/dd.c:958 bus_for_each_drv+0x24b/0x2d0 drivers/base/bus.c:459 __device_attach+0x2b5/0x400 drivers/base/dd.c:1030 bus_probe_device+0x180/0x260 drivers/base/bus.c:534 device_add+0x85b/0xc20 drivers/base/core.c:3683 hid_add_device+0x38d/0x530 drivers/hid/hid-core.c:2827 usbhid_probe+0xe02/0x1220 drivers/hid/usbhid/hid-core.c:1432 usb_probe_interface+0x5a4/0xb00 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:-1 [inline] really_probe+0x25b/0xb40 drivers/base/dd.c:658 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:800 driver_probe_device+0x4f/0x420 drivers/base/dd.c:830 __device_attach_driver+0x2ca/0x520 drivers/base/dd.c:958 bus_for_each_drv+0x24b/0x2d0 drivers/base/bus.c:459 __device_attach+0x2b5/0x400 drivers/base/dd.c:1030 bus_probe_device+0x180/0x260 drivers/base/bus.c:534 device_add+0x85b/0xc20 drivers/base/core.c:3683 usb_set_configuration+0x1a79/0x20c0 drivers/usb/core/message.c:2207 usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:238 usb_probe_device+0x13d/0x280 drivers/usb/core/driver.c:293 call_driver_probe drivers/base/dd.c:-1 [inline] really_probe+0x25b/0xb40 drivers/base/dd.c:658 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:800 driver_probe_device+0x4f/0x420 drivers/base/dd.c:830 __device_attach_driver+0x2ca/0x520 drivers/base/dd.c:958 bus_for_each_drv+0x24b/0x2d0 drivers/base/bus.c:459 __device_attach+0x2b5/0x400 drivers/base/dd.c:1030 bus_probe_device+0x180/0x260 drivers/base/bus.c:534 device_add+0x85b/0xc20 drivers/base/core.c:3683 usb_new_device+0xa31/0x1630 drivers/usb/core/hub.c:2660 hub_port_connect drivers/usb/core/hub.c:5529 [inline] hub_port_connect_change drivers/usb/core/hub.c:5669 [inline] port_event drivers/usb/core/hub.c:5833 [inline] hub_event+0x2962/0x49c0 drivers/usb/core/hub.c:5915 process_one_work kernel/workqueue.c:2634 [inline] process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:137 [inline] RIP: 0010:u2fzero_rng_read+0x241/0x630 drivers/hid/hid-u2fzero.c:223 Code: 24 18 80 3c 01 00 74 08 4c 89 ef e8 69 fa f8 f9 bb a8 00 00 00 49 03 5d 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 e1 fa f8 f9 48 8d 44 24 60 48 89 03 RSP: 0018:ffffc900001d6780 EFLAGS: 00010202 RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffffc900001d68a0 RDI: ffff888078396468 RBP: ffffc900001d6998 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888028448300 R13: ffff888028448030 R14: 1ffff11005089083 R15: 1ffff9200003acf8 FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2d563fff CR3: 0000000060780000 CR4: 00000000003506e0 ---------------- Code disassembly (best guess): 0: 24 18 and $0x18,%al 2: 80 3c 01 00 cmpb $0x0,(%rcx,%rax,1) 6: 74 08 je 0x10 8: 4c 89 ef mov %r13,%rdi b: e8 69 fa f8 f9 call 0xf9f8fa79 10: bb a8 00 00 00 mov $0xa8,%ebx 15: 49 03 5d 00 add 0x0(%r13),%rbx 19: 48 89 d8 mov %rbx,%rax 1c: 48 c1 e8 03 shr $0x3,%rax 20: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx 27: fc ff df * 2a: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) <-- trapping instruction 2e: 74 08 je 0x38 30: 48 89 df mov %rbx,%rdi 33: e8 e1 fa f8 f9 call 0xf9f8fb19 38: 48 8d 44 24 60 lea 0x60(%rsp),%rax 3d: 48 89 03 mov %rax,(%rbx) final repro crashed as (corrupted=false): usb 1-1: config 0 descriptor?? hid-u2fzero 0003:10C4:8ACF.0001: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0 hid-u2fzero 0003:10C4:8ACF.0001: U2F Zero LED initialised general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af] CPU: 1 PID: 23 Comm: kworker/1:0 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Workqueue: usb_hub_wq hub_event RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:137 [inline] RIP: 0010:u2fzero_rng_read+0x241/0x630 drivers/hid/hid-u2fzero.c:223 Code: 24 18 80 3c 01 00 74 08 4c 89 ef e8 69 fa f8 f9 bb a8 00 00 00 49 03 5d 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 e1 fa f8 f9 48 8d 44 24 60 48 89 03 RSP: 0018:ffffc900001d6780 EFLAGS: 00010202 RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffffc900001d68a0 RDI: ffff888078396468 RBP: ffffc900001d6998 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888028448300 R13: ffff888028448030 R14: 1ffff11005089083 R15: 1ffff9200003acf8 FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2d563fff CR3: 000000002e704000 CR4: 00000000003506e0 Call Trace: rng_get_data drivers/char/hw_random/core.c:198 [inline] add_early_randomness+0x7a/0x1a0 drivers/char/hw_random/core.c:72 hwrng_register+0x3db/0x4a0 drivers/char/hw_random/core.c:593 devm_hwrng_register+0x47/0xb0 drivers/char/hw_random/core.c:665 u2fzero_probe+0x348/0x460 drivers/hid/hid-u2fzero.c:358 __hid_device_probe drivers/hid/hid-core.c:2644 [inline] hid_device_probe+0x293/0x5b0 drivers/hid/hid-core.c:2681 call_driver_probe drivers/base/dd.c:-1 [inline] really_probe+0x25b/0xb40 drivers/base/dd.c:658 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:800 driver_probe_device+0x4f/0x420 drivers/base/dd.c:830 __device_attach_driver+0x2ca/0x520 drivers/base/dd.c:958 bus_for_each_drv+0x24b/0x2d0 drivers/base/bus.c:459 __device_attach+0x2b5/0x400 drivers/base/dd.c:1030 bus_probe_device+0x180/0x260 drivers/base/bus.c:534 device_add+0x85b/0xc20 drivers/base/core.c:3683 hid_add_device+0x38d/0x530 drivers/hid/hid-core.c:2827 usbhid_probe+0xe02/0x1220 drivers/hid/usbhid/hid-core.c:1432 usb_probe_interface+0x5a4/0xb00 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:-1 [inline] really_probe+0x25b/0xb40 drivers/base/dd.c:658 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:800 driver_probe_device+0x4f/0x420 drivers/base/dd.c:830 __device_attach_driver+0x2ca/0x520 drivers/base/dd.c:958 bus_for_each_drv+0x24b/0x2d0 drivers/base/bus.c:459 __device_attach+0x2b5/0x400 drivers/base/dd.c:1030 bus_probe_device+0x180/0x260 drivers/base/bus.c:534 device_add+0x85b/0xc20 drivers/base/core.c:3683 usb_set_configuration+0x1a79/0x20c0 drivers/usb/core/message.c:2207 usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:238 usb_probe_device+0x13d/0x280 drivers/usb/core/driver.c:293 call_driver_probe drivers/base/dd.c:-1 [inline] really_probe+0x25b/0xb40 drivers/base/dd.c:658 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:800 driver_probe_device+0x4f/0x420 drivers/base/dd.c:830 __device_attach_driver+0x2ca/0x520 drivers/base/dd.c:958 bus_for_each_drv+0x24b/0x2d0 drivers/base/bus.c:459 __device_attach+0x2b5/0x400 drivers/base/dd.c:1030 bus_probe_device+0x180/0x260 drivers/base/bus.c:534 device_add+0x85b/0xc20 drivers/base/core.c:3683 usb_new_device+0xa31/0x1630 drivers/usb/core/hub.c:2660 hub_port_connect drivers/usb/core/hub.c:5529 [inline] hub_port_connect_change drivers/usb/core/hub.c:5669 [inline] port_event drivers/usb/core/hub.c:5833 [inline] hub_event+0x2962/0x49c0 drivers/usb/core/hub.c:5915 process_one_work kernel/workqueue.c:2634 [inline] process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:137 [inline] RIP: 0010:u2fzero_rng_read+0x241/0x630 drivers/hid/hid-u2fzero.c:223 Code: 24 18 80 3c 01 00 74 08 4c 89 ef e8 69 fa f8 f9 bb a8 00 00 00 49 03 5d 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 e1 fa f8 f9 48 8d 44 24 60 48 89 03 RSP: 0018:ffffc900001d6780 EFLAGS: 00010202 RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffffc900001d68a0 RDI: ffff888078396468 RBP: ffffc900001d6998 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888028448300 R13: ffff888028448030 R14: 1ffff11005089083 R15: 1ffff9200003acf8 FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2d563fff CR3: 0000000060780000 CR4: 00000000003506e0 ---------------- Code disassembly (best guess): 0: 24 18 and $0x18,%al 2: 80 3c 01 00 cmpb $0x0,(%rcx,%rax,1) 6: 74 08 je 0x10 8: 4c 89 ef mov %r13,%rdi b: e8 69 fa f8 f9 call 0xf9f8fa79 10: bb a8 00 00 00 mov $0xa8,%ebx 15: 49 03 5d 00 add 0x0(%r13),%rbx 19: 48 89 d8 mov %rbx,%rax 1c: 48 c1 e8 03 shr $0x3,%rax 20: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx 27: fc ff df * 2a: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) <-- trapping instruction 2e: 74 08 je 0x38 30: 48 89 df mov %rbx,%rdi 33: e8 e1 fa f8 f9 call 0xf9f8fb19 38: 48 8d 44 24 60 lea 0x60(%rsp),%rax 3d: 48 89 03 mov %rax,(%rbx)