Extracting prog: 3m11.263936258s
Minimizing prog: 36.864µs
Simplifying prog options: 0s
Extracting C: 1m47.405026493s
Simplifying C: 8m48.53016902s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone
detailed listing:
executing program 0:
syz_clone(0x80004080, 0x0, 0x2b, 0x0, 0x0, 0x0)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone
detailed listing:
executing program 0:
syz_clone(0x80004080, 0x0, 0x2b, 0x0, 0x0, 0x0)

program crashed: WARNING in do_notify_parent
single: successfully extracted reproducer
found reproducer with 1 syscalls
minimizing guilty program
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone
program crashed: WARNING in do_notify_parent
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone
program crashed: WARNING in do_notify_parent
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone
program crashed: WARNING in do_notify_parent
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone
program crashed: WARNING in do_notify_parent
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone
program crashed: WARNING in do_notify_parent
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone
program crashed: WARNING in do_notify_parent
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone
program crashed: WARNING in do_notify_parent
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone
program crashed: WARNING in do_notify_parent
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone
detailed listing:
executing program 0:
syz_clone(0x80004080, 0x0, 0x2b, 0x0, 0x0, 0x0)

program crashed: WARNING in do_notify_parent
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone
detailed listing:
executing program 0:
syz_clone(0x80004080, 0x0, 0x2b, 0x0, 0x0, 0x0)

program crashed: WARNING in do_notify_parent
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone
detailed listing:
executing program 0:
syz_clone(0x80004080, 0x0, 0x2b, 0x0, 0x0, 0x0)

program crashed: WARNING in do_notify_parent
validation run: crashed=true
reproducing took 21m2.156002499s
repro crashed as (corrupted=false):
------------[ cut here ]------------
!valid_signal(sig)
WARNING: kernel/signal.c:2174 at do_notify_parent+0xea8/0x10b0 kernel/signal.c:2174, CPU#1: syz.0.17/5891
Modules linked in:
CPU: 1 UID: 0 PID: 5891 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:do_notify_parent+0xea8/0x10b0 kernel/signal.c:2174
Code: f4 ff ff e8 ba 9a 3d 00 41 c1 ff 08 c7 84 24 90 00 00 00 01 00 00 00 44 89 bc 24 a0 00 00 00 e9 92 f8 ff ff e8 99 9a 3d 00 90 <0f> 0b 90 45 31 f6 e9 f5 f9 ff ff e8 88 9a 3d 00 90 0f 0b 90 e9 43
RSP: 0018:ffffc900033a7aa8 EFLAGS: 00010093
RAX: 0000000000000000 RBX: ffff88801e375c40 RCX: ffffffff81ca469b
RDX: ffff88801e375c40 RSI: ffffffff81ca5487 RDI: ffff88801e375c40
RBP: 0000000000000080 R08: 0000000000000007 R09: 0000000000000040
R10: 0000000000000080 R11: 0000000000000000 R12: 1ffff92000674f58
R13: dffffc0000000000 R14: 0000000000000080 R15: ffff88807a0dbd80
FS:  0000000000000000(0000) GS:ffff88812447d000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f15630ee368 CR3: 0000000036d42000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 exit_notify kernel/exit.c:757 [inline]
 do_exit+0x1b05/0x2a60 kernel/exit.c:987
 do_group_exit+0xd5/0x2a0 kernel/exit.c:1117
 get_signal+0x1ec7/0x21e0 kernel/signal.c:3037
 arch_do_signal_or_restart+0x91/0x770 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:98 [inline]
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:252 [inline]
 irqentry_exit_to_user_mode include/linux/irq-entry-common.h:323 [inline]
 irqentry_exit+0x403/0x790 kernel/entry/common.c:162
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7f9adb99cde1
Code: Unable to access opcode bytes at 0x7f9adb99cdb7.
RSP: 002b:0000000000000020 EFLAGS: 00010217
RAX: 0000000000000000 RBX: 00007f9adbc15fa0 RCX: 00007f9adb99cdd9
RDX: 0000000000000000 RSI: 0000000000000020 RDI: 0000000080004080
RBP: 00007f9adba32d69 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007f9adbc15fac R14: 00007f9adbc15fa0 R15: 00007f9adbc15fa0
 </TASK>

final repro crashed as (corrupted=false):
------------[ cut here ]------------
!valid_signal(sig)
WARNING: kernel/signal.c:2174 at do_notify_parent+0xea8/0x10b0 kernel/signal.c:2174, CPU#1: syz.0.17/5891
Modules linked in:
CPU: 1 UID: 0 PID: 5891 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:do_notify_parent+0xea8/0x10b0 kernel/signal.c:2174
Code: f4 ff ff e8 ba 9a 3d 00 41 c1 ff 08 c7 84 24 90 00 00 00 01 00 00 00 44 89 bc 24 a0 00 00 00 e9 92 f8 ff ff e8 99 9a 3d 00 90 <0f> 0b 90 45 31 f6 e9 f5 f9 ff ff e8 88 9a 3d 00 90 0f 0b 90 e9 43
RSP: 0018:ffffc900033a7aa8 EFLAGS: 00010093
RAX: 0000000000000000 RBX: ffff88801e375c40 RCX: ffffffff81ca469b
RDX: ffff88801e375c40 RSI: ffffffff81ca5487 RDI: ffff88801e375c40
RBP: 0000000000000080 R08: 0000000000000007 R09: 0000000000000040
R10: 0000000000000080 R11: 0000000000000000 R12: 1ffff92000674f58
R13: dffffc0000000000 R14: 0000000000000080 R15: ffff88807a0dbd80
FS:  0000000000000000(0000) GS:ffff88812447d000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f15630ee368 CR3: 0000000036d42000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 exit_notify kernel/exit.c:757 [inline]
 do_exit+0x1b05/0x2a60 kernel/exit.c:987
 do_group_exit+0xd5/0x2a0 kernel/exit.c:1117
 get_signal+0x1ec7/0x21e0 kernel/signal.c:3037
 arch_do_signal_or_restart+0x91/0x770 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:98 [inline]
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:252 [inline]
 irqentry_exit_to_user_mode include/linux/irq-entry-common.h:323 [inline]
 irqentry_exit+0x403/0x790 kernel/entry/common.c:162
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7f9adb99cde1
Code: Unable to access opcode bytes at 0x7f9adb99cdb7.
RSP: 002b:0000000000000020 EFLAGS: 00010217
RAX: 0000000000000000 RBX: 00007f9adbc15fa0 RCX: 00007f9adb99cdd9
RDX: 0000000000000000 RSI: 0000000000000020 RDI: 0000000080004080
RBP: 00007f9adba32d69 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007f9adbc15fac R14: 00007f9adbc15fa0 R15: 00007f9adbc15fa0
 </TASK>