Extracting prog: 15m16.91394925s
Minimizing prog: 2h56m31.752968586s
Simplifying prog options: 39m32.886439506s
Extracting C: 23m17.542522986s
Simplifying C: 0s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 45s
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-munlockall-mbind-syz_io_uring_setup-syz_clone-madvise
detailed listing:
executing program 0:
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_io_uring_setup(0x541d, &(0x7f0000000340)={0x0, 0x39c0, 0x1000, 0x2, 0x3c8}, &(0x7f00000003c0), &(0x7f0000000400))
syz_clone(0xa9080, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 16m0s
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-munlockall-mbind-syz_io_uring_setup-syz_clone-madvise
detailed listing:
executing program 0:
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_io_uring_setup(0x541d, &(0x7f0000000340)={0x0, 0x39c0, 0x1000, 0x2, 0x3c8}, &(0x7f00000003c0), &(0x7f0000000400))
syz_clone(0xa9080, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

program crashed: panic: runtime error: invalid memory address or nil pointer dereference
single: successfully extracted reproducer
found reproducer with 6 syscalls
minimizing guilty program
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-munlockall-mbind-syz_io_uring_setup-syz_clone
detailed listing:
executing program 0:
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_io_uring_setup(0x541d, &(0x7f0000000340)={0x0, 0x39c0, 0x1000, 0x2, 0x3c8}, &(0x7f00000003c0), &(0x7f0000000400))
syz_clone(0xa9080, 0x0, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-munlockall-mbind-syz_io_uring_setup-madvise
detailed listing:
executing program 0:
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_io_uring_setup(0x541d, &(0x7f0000000340)={0x0, 0x39c0, 0x1000, 0x2, 0x3c8}, &(0x7f00000003c0), &(0x7f0000000400))
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-munlockall-mbind-syz_clone-madvise
detailed listing:
executing program 0:
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_clone(0xa9080, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-munlockall-syz_io_uring_setup-syz_clone-madvise
detailed listing:
executing program 0:
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
syz_io_uring_setup(0x541d, &(0x7f0000000340)={0x0, 0x39c0, 0x1000, 0x2, 0x3c8}, &(0x7f00000003c0), &(0x7f0000000400))
syz_clone(0xa9080, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-mbind-syz_io_uring_setup-syz_clone-madvise
detailed listing:
executing program 0:
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_io_uring_setup(0x541d, &(0x7f0000000340)={0x0, 0x39c0, 0x1000, 0x2, 0x3c8}, &(0x7f00000003c0), &(0x7f0000000400))
syz_clone(0xa9080, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): munlockall-mbind-syz_io_uring_setup-syz_clone-madvise
detailed listing:
executing program 0:
munlockall()
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_io_uring_setup(0x541d, &(0x7f0000000340)={0x0, 0x39c0, 0x1000, 0x2, 0x3c8}, &(0x7f00000003c0), &(0x7f0000000400))
syz_clone(0xa9080, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-munlockall-mbind-syz_io_uring_setup-syz_clone-madvise
detailed listing:
executing program 0:
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_io_uring_setup(0x541d, 0x0, &(0x7f00000003c0), &(0x7f0000000400))
syz_clone(0xa9080, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-munlockall-mbind-syz_io_uring_setup-syz_clone-madvise
detailed listing:
executing program 0:
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_io_uring_setup(0x541d, &(0x7f0000000340)={0x0, 0x39c0, 0x1000, 0x2, 0x3c8}, 0x0, &(0x7f0000000400))
syz_clone(0xa9080, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-munlockall-mbind-syz_io_uring_setup-syz_clone-madvise
detailed listing:
executing program 0:
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_io_uring_setup(0x541d, &(0x7f0000000340)={0x0, 0x39c0, 0x1000, 0x2, 0x3c8}, &(0x7f00000003c0), 0x0)
syz_clone(0xa9080, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

program did not crash
extracting C reproducer
testing compiled C program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-munlockall-mbind-syz_io_uring_setup-syz_clone-madvise
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=16m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-munlockall-mbind-syz_io_uring_setup-syz_clone-madvise
detailed listing:
executing program 0:
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_io_uring_setup(0x541d, &(0x7f0000000340)={0x0, 0x39c0, 0x1000, 0x2, 0x3c8}, &(0x7f00000003c0), &(0x7f0000000400))
syz_clone(0xa9080, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

program did not crash
testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mlock-munlockall-mbind-syz_io_uring_setup-syz_clone-madvise
detailed listing:
executing program 0:
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_io_uring_setup(0x541d, &(0x7f0000000340)={0x0, 0x39c0, 0x1000, 0x2, 0x3c8}, &(0x7f00000003c0), &(0x7f0000000400))
syz_clone(0xa9080, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

program did not crash
reproducing took 4h14m39.095945238s
repro crashed as (corrupted=false):
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x56e068]

goroutine 25 [running]:
github.com/google/syzkaller/prog.(*Prog).serialize(0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/encoding.go:40 +0x80
github.com/google/syzkaller/prog.(*Prog).Serialize(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/encoding.go:30
github.com/google/syzkaller/pkg/rpcserver.(*Runner).handleExecResult(0xc0000c4fc0, 0xc0012c7900)
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpcserver/runner.go:439 +0x17c
github.com/google/syzkaller/pkg/rpcserver.(*Runner).ConnectionLoop(0xc0000c4fc0)
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpcserver/runner.go:203 +0x320
github.com/google/syzkaller/pkg/rpcserver.(*server).connectionLoop(0xc001beae00, 0xc0000c4fc0)
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpcserver/rpcserver.go:356 +0xdc
github.com/google/syzkaller/pkg/rpcserver.(*server).handleRunnerConn(0xc001beae00, 0xc0000c4fc0, 0xc00134c230)
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpcserver/rpcserver.go:294 +0x360
github.com/google/syzkaller/pkg/rpcserver.(*server).handleConn(0xc001beae00, 0xc00134c230)
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpcserver/rpcserver.go:261 +0x254
github.com/google/syzkaller/pkg/flatrpc.ListenAndServe.func1.1()
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/flatrpc/conn.go:55 +0x128
created by github.com/google/syzkaller/pkg/flatrpc.ListenAndServe.func1 in goroutine 21
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/flatrpc/conn.go:52 +0xb0

final repro crashed as (corrupted=false):
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x56e068]

goroutine 25 [running]:
github.com/google/syzkaller/prog.(*Prog).serialize(0x0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/encoding.go:40 +0x80
github.com/google/syzkaller/prog.(*Prog).Serialize(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/encoding.go:30
github.com/google/syzkaller/pkg/rpcserver.(*Runner).handleExecResult(0xc0000c4fc0, 0xc0012c7900)
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpcserver/runner.go:439 +0x17c
github.com/google/syzkaller/pkg/rpcserver.(*Runner).ConnectionLoop(0xc0000c4fc0)
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpcserver/runner.go:203 +0x320
github.com/google/syzkaller/pkg/rpcserver.(*server).connectionLoop(0xc001beae00, 0xc0000c4fc0)
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpcserver/rpcserver.go:356 +0xdc
github.com/google/syzkaller/pkg/rpcserver.(*server).handleRunnerConn(0xc001beae00, 0xc0000c4fc0, 0xc00134c230)
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpcserver/rpcserver.go:294 +0x360
github.com/google/syzkaller/pkg/rpcserver.(*server).handleConn(0xc001beae00, 0xc00134c230)
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/rpcserver/rpcserver.go:261 +0x254
github.com/google/syzkaller/pkg/flatrpc.ListenAndServe.func1.1()
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/flatrpc/conn.go:55 +0x128
created by github.com/google/syzkaller/pkg/flatrpc.ListenAndServe.func1 in goroutine 21
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/flatrpc/conn.go:52 +0xb0