Extracting prog: 4m54.309100557s
Minimizing prog: 10m4.46563924s
Simplifying prog options: 0s
Extracting C: 1m37.030476996s
Simplifying C: 7m31.297931716s
extracting reproducer from 24 programs
testing a last program of every proc
single: executing 4 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-dup-setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD-sendmsg$inet6-dup-socket$packet-socket$netlink-write$P9_RSETATTR-setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM-splice
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
r2 = dup(r1)
socket$packet(0x11, 0x2, 0x300)
socket$netlink(0x10, 0x3, 0x0)
write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000140)={0x2, 0x26e9, 0x0, 0x0, 0x10, 0x2, 0xf45}, 0x20)
splice(0xffffffffffffffff, 0x0, r0, 0x0, 0xffff, 0x2)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usbip_server_init-openat$cgroup_ro-openat$sequencer2-openat$sequencer-mlock-mremap-openat$vicodec0-move_pages-openat$sequencer-mknodat-execve-openat$sequencer-mprotect-syz_open_dev$video-syz_open_dev$audion-syz_open_dev$sndctrl-syz_open_dev$usbfs-openat-openat$cgroup_ro-ioctl$I2C_PEC-openat$qrtrtun-openat$tun-openat$cgroup_ro-openat2$dir
detailed listing:
executing program 0:
syz_usbip_server_init(0x1)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
move_pages(0x0, 0x0, 0x0, &(0x7f0000000540)=[0x1], &(0x7f0000000200), 0x2)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x4780, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0)
execve(&(0x7f0000000140)='./file2\x00', 0x0, &(0x7f00000005c0)={[&(0x7f0000000240)='\x00', &(0x7f00000003c0)='\x00']})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_open_dev$video(&(0x7f0000000000), 0x8, 0x20202)
syz_open_dev$audion(&(0x7f0000000040), 0x204, 0x98581)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x80000000, 0x0)
syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x101a01)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0xf5)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x275a, 0x0)
ioctl$I2C_PEC(r0, 0x708, 0x1)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.current\x00', 0x275a, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x8000, 0x44, 0x18}, 0x18)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$exfat-syz_mount_image$erofs-prlimit64-sched_setscheduler-sched_setaffinity-prctl$PR_SCHED_CORE-syz_open_dev$MSR-read$msr-rt_sigprocmask-gettid-mount$overlay-setsockopt$packet_int-set_mempolicy-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-ioctl$UFFDIO_REGISTER-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
syz_mount_image$exfat(&(0x7f0000002bc0), &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x10000, &(0x7f00000001c0)={[{@utf8}, {@keep_last_dots}, {@uid={'uid', 0x3d, 0xee00}}, {@iocharset={'iocharset', 0x3d, 'koi8-r'}}, {@fmask={'fmask', 0x3d, 0x1}}, {@namecase}, {@iocharset={'iocharset', 0x3d, 'koi8-u'}}, {@namecase}, {@allow_utime={'allow_utime', 0x3d, 0xbab5}}, {@zero_size_dir}]}, 0x1, 0x1533, &(0x7f0000006800)="$eJzs3AucTtX6OPDnWWvtMSS9TXIZ1lrP5k0uiyTJJUkuSZIkSW4JSZIjCYkht6QhCcllSC5DSC4Tk8b9fr8kJEmTJCG5Jev/mZi/OnX+55xfnfz+Z57v5/N+Zj2z3mftZ88z73733vPyTZehNRrVrNqAiOAPwYtfEgAgFgAGAsA1ABAAQNm4snEZ89klJvyxjbA/10PJV7oCdiVx/7M27n/Wxv3P2rj/WRv3P2vj/mdt3P+sjfvPWFa2eXr+a/mRdR98/z8r4/f//yLpJcd+sbbk9V0BYv7VFO7////wD+Ry//9rBf/Kk7j/WRv3P6uKvdIFsP8F+PWfFWT7hzPc/6yN+89YVvbLe8GxcOXvR//VD4j8J/8G4ntd/Clf+f38h/vPGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4z9Bc74yxQAZI6vdF2MMcYYY4wxxhj78/hsV7oCxhhjjDHGGGOM/echCJCgIIAYyAaxkB1ygACIyZy/FuLgOsgN10MeyAv5ID/EQwEoCBoMWCAIoRAUhijcAEXgRigKxaA4lAAHJaEU3ASl4WYoA7dAWbgVysFtUB4qQEWoBLdDZbgDqsCdUBXugmpQHWpATbgbasE9UBvuhTpwH9SF+6EePAD14UFoAA9BQ3gYGsEj0BgehSbQFJpBc2jxP8p/AXrAi9ATekEC9IY+8BL0hX7QHwbAQHgZBsErMBhehUQYAkPhNRgGr8NweANGwEgYBW/CaHgLxsBYGAfjIQkmwER4GybBOzAZpsBUmAbJMB1mwLswE2bBbHgP5sD7MBfmwXxYACnwASyERZAKH8Ji+AjSYAkshWWwHFbASlgFq2ENrIV1sB42wEbYBJthC2yFbbAddsBO+Bh2wSewG/bAXvgU9sFn/2b+6b/L74qAgAIFKlQYgzEYi7GYA3NgTsyJuTAXRjCCcRiHuTE35sE8mA/zYTzGY0EsiAYNEhIWwkIYxSgWwSJYFIticSyODh2WwlJYGm/GMlgGy2JZLIflsDxWwApYCSthZayMVbAKVsWqWA2rYQ2sgXfj3dgba2NtrIN1sC7Wzbw9hQ2wATbEhtgIG2FjbIxNsAk2w2bYAltgS2yJrbAVtsE22BbbYjtsh+2xPXbADtgRO2In7ISdsTN2wS7YFbtht/QXsgG+iC9iL6wmemMf7IN9MTFbfxyAA/BlHISv4Cv4KibiEByKr+Fr+DoOx1M44sJIHIWjsLJ4C8fgWCQxHpMwCSfiRJyEk3AyTsEpOA2TcTrOwBk4E2fhLHwP5+D7+D7Ow3m4AFMwBRfiIkzFVFyMpzENl+BSXIbLcQUux1W4GlfhWlyHa3EDbsBNuAm34BbchttwB+7Aj1EB4Ce4B/dgIu7Dfbgf9+MBPIAH8SCmYzoewkN4GA/jETyCR/EoHsPjeAKP40k8iafwNJ7BM3gOz+F5fC7+q4YfF1uTCCKDEkrEiBgRK2JFDpFD5BQ5RS6RS0RERMSJOJFb5BZ5RB6RT+QT8SJeFBQFhRFGkAgzjhQiKqKiiCgiioqiorgoLpxwopQoJUqL0qKMKCPKiltFOXGbKC8qiNaukqgkKos2roq4U1QVVUU1UV3UEDVFTVFL1BK1RW1RR9QRdUVdUU88IOqL3tgfHxIZnWkkhmBjMRSbiKZCXjpCtRTDsZVoLdqIJ8RIHIHtREvXXjwtOogx2FH8TYzFZ0VnMR67iOdFV9FNdBcviB6ilespeonJ2Fv0EdOwr+gn+osBYiZWF+/hnOw1xKsiUQwRQ8VrYgG+LoaLN8QIMVKMEm+K0eItMUaMFePEeJEkJoiJ4m0xSbwjJospYqqYJpLFdDFDvCtmillitnhPzBHvi7linpgvFogU8YFYKBaJVPGhWCw+EmliiVgqlonlYoVYKVaJ1WKNWCvWifVig9goNonNYovYKraJ7WKH2Ck+FrvEJ2K32CP2ik/FPvGZ2C8+FwfEF+Kg+FKki6/EIfG1OCy+EUfEt+Ko+E4cE8fFCfG9OCl+EKfEaXFGnBXnxI/ivPhJXBBegEQppJRKBjJGZpOxMrvMIa+SOWWQefyXcfI6mVteL/PIvDKfzC/jZQFZUGpppJUkQ1lIFpZReYMsIm+URWUxWVyWkE6WlKXkTbK0vFmWkbfIsvJWWU7eJsvLCrKirCRvl5XlHRIiF7dRTVaXNWRNebdMgHtkbXmvrCPvk3Xl/bKefEDWlw/KBvIh2VA+LBvJR2Rj+ahsIpvKZrK5bCEfky3l47KVbC3byCdkW/mkbCefku3l07KD9Jd+RZ6VneVzsot8XnaV3WR3+ZO8IL3sKXtJ6A2yj3xJ9pX9ZH85QA6UL8tB8hU5WL4qE+UQOVS+JofJ1+Vw+YYcIUfKUfJNOVq+JcfIsXKcHC+T5AQ5Ub4tJ8l35GQ5RU6V02SynC77X1pptpT/NP/t38kf/PPWN8nNcovcKrfJ7XKH3Ck/lrvkLrlb7pZ75V65T+6T++V+eUAekAflQZku0+UheUgeloflEXlEHpVH5TF5XJ6V38uT8gd5Sp6Wp+VZeU6ek+cv/QxAoRJKKqUCFaOyqViVXeVQV6mc6mqVS12jIupaFaeuU7nV9SqPyqvyqfwqXhVQBZVWRllFKlSFVGEVVTfgpV8YVVyVUE6VVKXUTf9OviqiblRFVbFf5WfWl/AP6muhWqiWqqVqpVqpNqqNaqvaqnaqnWqv2qsOqoPqqDqqTqqT6qw6qy6qi+qquqruqrvqoXqonqqnSlAJqo96SfVV/VR/NUANVC+LjH0YrAarRJWohqqhapgapoar4WqEGqFGqVFqtBqtxqgxapwap5JUkpqoJqpJapKarCarqWqqSlbJaoaaoWaqmWq2mq3mqDlqrpqr5qv5KkWlqIVqoUpVqWqxWqzS1BK1RC1Ty9QKtUKtUqvUGrVGrVPr1Aa1QaWpzWqz2qq2qu1qu9qpdqpdapfarXarvWqv2qf2qf1qvzqgDqiD6qBKV+nqkDqkDqvD6og6oo6qo+qYOqZOqBPqpDqpTqlT6ow6o86pc+q8Oq8uqAsZp32BCESgAhXEBDFBbBAb5AhyBDmDnEGuIFcQCSJBXBAX5A6uD/IEeYN8Qf4gPigQFAx0YAIbiEtNjwY3BEWCG4OiQbGgeFAicEHJoFRwU1A6uDkoE9wSlA1uDcoFtwXlgwpBxaBScHtQObgjqBLcGVQN7gqqBdWDGkHN4O6gVnBPUDu4N6gT3BfUDe4P6gUPBPWDB4MGwUNBw+DhoFHwSNA4eDRoEjQNmgXNgxZ/6vren8r7uOupe+kE3Vv30S/pvrqf7q8H6IH6ZT1Iv6IH61d1oh6ih+rX9DD9uh6u39Aj9Eg9Sr+pR+u39Bg9Vo/T43WSnqAn6rf1JP2Onqyn6Kl6mk7W0/UM/a6eqWfp2fo9PUe/r+fqeXq+XqBT9Ad6oV6kU/WHerH+SKfpJXqpXqaX6xV6pV6lV+s1eq1ep9frDXqj3qQ36y16q96mt+sdeqf+WO/Sn+jdeo/eqz/V+/Rner/+XB/QX+iD+kudrr/Sh/TX+rD+Rh/R3+qj+jt9TB/XZfT3+qT+QZ/Sp/UZfVaf0z/q8/onfUH7jJP7jLd3o4wyMSbGxJpYk8PkMDlNTpPL5DIREzFxJs7kNrlNHpPH5DP5TLyJNwVNQZOBDJlCppCJmqgpYoqYoqaoKW6KG2ecKWVKmdKmtCljypiypqwpZ8qZ8qa8qWgqmtvN7eYOc4e509xp7jJ3meqmuqlpappappapbWqbOqaOqWvqmnqmnqlv6psGpoFpaBqaRqaRaWwamyamiWlmmpkWpoVpaVqaVqaVaWPamLamrWln2pn2pr3pYDqYjqaj6WQ6mc6ms+liupiupqvpbrqbHqaH6Wl6mgSTYPqYPqav6Wv6m/5moBloBplBZrAZbBJNohlqhpphZpgZboabEWakGZVxomreMmPMWDPOjDdJJslMNBPNJDPJTDaTzVQz1SSbZDPDzDAzzUwz28w2c8wcM9fMNfPNfJNiUsxCs9CkmlSz2Cw2aSbNLDVLzXKz3Kw0K81qs9qsNWvNelhvNpqNZrPZbLaarWa72W52mp1ml9lldpvdZq/Za/aZfWa/2W8OmAPmoDlo0k26OWQOmcPmsDlijpij5qg5Zo6ZE+aEOWlOmlPmlDljzphzJu+l90tvYm12m8NeZXPaq20ue439+zifzW/jbQFb0Gqbx+b9VWystUVtMVvclrDOlrSl7E2/icvbCrairWRvt5XtHbbKb+Ja9h5b295r69j7bE1796/iuvZ+W88+YusjAtimtqFtbhvZR2xj+6htYpvaZra5bWuftO3sU7a9fdp2sM/8Jl5oF9nVdo1da9fZ3XaPPWPP2sP2G3vO/mh72l52oH3ZDrKv2MH2VZtoh/wmHmXftKPtW3aMHWvH2fG/iafaaTbZTrcz7Lt2pp31mzjFfmDn2FQ7186z8+2Cn+OMmlLth3ax/cim2QCW2mV2uV1hV9pV/7fWZXaD3Wg32V32E7vVbrPb7Q67M/NE2O6xe+2ndp/9zB6yX9sD9gt70B6x6farn+OM/Ttiv7VH7Xf2mD1uT9jv7Un7g8rMztj37+1P9oL1FggJSJKigGIoG8VSdspBV1FOuppy0TUUoWspjq6j3HQ95aG8lI/yUzwVoIKkyZAlopAKUWGK0g2UWV5xKkGOSlIpuolK081Uhm6hsnQrlaPbqDxVoIpUiW6nynQHVaE7qSrdRdWoOtWgmnQ31aJ7qDbdS3XoPqpL91M9eoDq04PUgB6ihvQwNaJHqDE9Sk2oKTWj5tSCHqOW9Di1otbUhp6gtvQktaOnqD09TR3oGepIf6NO9Cx1pueoCz1PXakbdacXqAe9SD2pFyVQb+pDL1Ff6kf9aQANpJdpEL1Cg+lVSqQhNJReo2H0Og2nN2gEjaRR9CaNprdoDI2lcTSekmgCTaS3aRK9Q5NpCk2laZRM02kGvUszaRbNpvdoDr1Pc2kezacFlEIf0EJaRKn0IS2mjyiNltBSWkbLaQWtpFW0mtbQWlpH62kDbaRNtJm20FbaRttpB+2kj2kXfUK7aQ/tpU9pH31G++lzOkBf0EH6ktLpKzpEX9Nh+oaO0Le+F31Hx+g4naDv6ST9QKfoNJ2hs3SOfqTz9BNdIE8QYihCGaowCGPCbGFsmD3MEV4V5gyvDnOF14SR8NowLrwuzB1eH+YJ84b5wvxhfFggLBjq0IQ2pDAMC4WFw2h4Q1gkvDEsGhYLi4clQheWDEuFN4Wlw5vDMuEtYdnw1rBceFtYPqwQPnJfpfD2sHJ4R1glvDOsGt4VVgurhzXCmuHdYa3wnrB2eG9YJ7wvLBPeH9YLHwjrhw+GDcKHwobhw2Gj8JGwcfho2CRsGjYLm4ctwsfCluHjYauwddgmvCpsGz4ZtgufCtuHT4cdwmd+nr9/Ueb8E7+ZTwh7h33Cl8KXQu/vlfOjC6Ip0Q+iC6OLoqnRD6OLox9F06JLokujy6LLoyuiK6Oroquja6Jro+ui66Mbohujm6Le18wGDp1w0ikXuBiXzcW67C6Hu8rldFe7XO4aF3HXujh3ncvtrnd5XF6Xz+V38a6AK+i0M846cqEr5Aq7qLvBFXE3uqKumCvuSjjnSrpSrrlr4Vq4lu5x18q1dm3cE+4J96R70j3lnnJPuw7uGdfR/c11cs+6zu4595x73nV13Vx394Lr4SbkuviaTHB9XB/X1/V1/V1/N9ANdIPcIDfYDXaJLtENdUPdMDfMDXfD3Qg3wo1yo9xoN9qNcWPcODfOJbkkN9FNdJPcJDfZTXZT3VSX7JLdDDfDzXQzXeVZF7cy18118918l+JS3EKXcc6Y6ha7xS7Npbmlbqlb7pa7lW6lW+1Wu7VurVvv1ruNbqPb7Da7rW6r2+62u51up9vldrnd/pqLi7p9br/b7w64A+6g+9Klu6/cIfe1O+y+cUfct+6o+84dc8fdCfe9O+l+cKfcaXfGnXXn3I/uvPvJXXDeJUUmRCZG3o5MirwTmRyZEpkamRZJjkyPzIi8G5kZmRWZHXkvMifyfmRuZF5kfmRBJCXyQWRhZFEkNfJhZHHko0haZElkaWRZZHlkRcT7AltDX8gX9lF/gy/ib/RFfTFf3Jfwzpf0pfxNvvTFutO8v9WX87f58r6Cr+gf9U18U9/MN/ct/GO+pX/ct/KtfRv/hG/rn/Tt/FO+vX/ad/DP+I7+b76Tf9Z39s/5Lv5539V38939C76Hf9H39L18gu/t+/iXfF/fz/f3A/xA/7If5F/xg/2rPtEP8UP9a36Yf90P92/4EX6kHxXzph+deYkM432Sn+An+rf9JP+On+yn+Kl+mk/20/0M/66f6Wf52f49P8e/7+f6eX6+X+BT/Ad+oV/kU/2HfrH/yKf5JZk3jf1Kv8qv9mv8Wr/Or/cb/Ea/yW/2W/xWv81v9zv8Tv+x3+U/8bv9Hr/Xf+r3+c/8fv+5P+C/8Af9lz7df+UP+a/9Yf+NP+K/9Uf9d/6YP+5P+O/9Sf+DP+VP+zP+rD/nf/Tn/U/+Av+bNcYYY4yxf8mEy0Px65mLt/N7/06O+MWT+wDA1dvyp/9yPuOMcn2ei+N+Ij424+vTvbo8lPmoVi0hIeHSc9MkBIXnAWT+JSjDzx89uBQvgTbwJLSH1lD6d+vvJ7qdo3+yfvRWgBy/yMkoKDO+vP7nAJjwO+s/9sSoheXCM3H/j/XnARQtfDknO1yOl0Cbn++vtIYy/6D+vC3/Sf3Zv0gCaPWLnJxwOb5cfyl4HJ6B9r96JmOMMcYYY4wxdlE/UbFT5vVn5ic+f+/6PF5dzskGl+N/dn3OGGOMMcYYY4yxK+/Zbt2feqx9+9ad/v1Blf9R1r88aAz/qZV58LsD7wEyv6MA4A8uCJAxkH/lXmz5S7aVeOml8/dTy8/6AP53tPLPGFzhAxNjjDHGGGPsT3f5pP/X31dXqiDGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYywL+iv+O7ErvY+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbYlfZ/AgAA//+1tfsI")
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000001c0)='./file2\x00', 0x0, &(0x7f00000010c0)=ANY=[@ANYRES16=0x0, @ANYRESOCT, @ANYRESHEX], 0x5, 0x191, &(0x7f00000003c0)="$eJzslT1P+lAUxp974c/LP34CFwdJxMHSFjUuJLI4OZj4QhxMJFIJWsRAByFx8BO4uzn4PXT1Qxh00QUnHU3NbS/tlYAaEsWE80s497lwejg90OeCIIix5eH+te2+5B4TACaQQly+/xQJc7iSf5d4Pr1ZXSmc71zdxttasl9N1/3+90cBXOcjcIJrP16dkusGeKA3wTErdQEMmtS74NiS2gLDttQHiq6JfE3br9iWtlezS0LoIhgimCJke/vrnDGUlP6YWOW+0WwdFm3bqv+g+Gp+nTxHTulP/b26s9GV+RngMKTOgmFd6iXEu7PxR6Lc/2Q0rK/8NX7l/kmQGDshHq4/0MbwIvQn95JhRvEn30ouvKMm41SPM41ma65SLZatsnVkmtlFfV7XF8yMZ0R+/MT/kp4//Vfq/xuQG2MxnBQdp274MdibfuznuNzzP470tL8X3h/rLfwWHlpMvri3CpWODGyeIAhihEyBeZ7p+XJXLMsP3QBzbcR9EgRBEARBEARBEAQxPO8BAAD///k7c0A=")
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x6, 0x4000000007}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
gettid()
mount$overlay(0x0, &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
set_mempolicy(0x8006, 0x0, 0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="010000000b0000002f49000005"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xca, r1}, 0x38)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001", @ANYRES16, @ANYRESHEX], 0x7c}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSETELEM={0x50, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x24, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x2df31ab3}]}, {0x4}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
program crashed: general protection fault in u2fzero_rng_read
single: successfully extracted reproducer
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=45.214024254s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
program did not crash
testing program (duration=45.214024254s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
program did not crash
testing program (duration=45.214024254s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_control_io-syz_usb_control_io$hid
detailed listing:
executing program 0:
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
program did not crash
testing program (duration=45.214024254s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x2, 0x3f, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
program did not crash
testing program (duration=45.214024254s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
program did not crash
testing program (duration=45.214024254s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
program did not crash
testing program (duration=45.214024254s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
program did not crash
testing program (duration=45.214024254s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0}, 0x0)
program did not crash
extracting C reproducer
testing compiled C program (duration=45.214024254s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
program crashed: general protection fault in u2fzero_rng_read
simplifying C reproducer
testing compiled C program (duration=45.214024254s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
program crashed: general protection fault in u2fzero_rng_read
testing compiled C program (duration=45.214024254s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
program crashed: general protection fault in u2fzero_rng_read
testing compiled C program (duration=45.214024254s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
program crashed: general protection fault in u2fzero_rng_read
testing compiled C program (duration=45.214024254s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
program crashed: general protection fault in u2fzero_rng_read
testing compiled C program (duration=45.214024254s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
program crashed: general protection fault in u2fzero_rng_read
testing compiled C program (duration=45.214024254s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
program crashed: general protection fault in u2fzero_rng_read
testing compiled C program (duration=45.214024254s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
program crashed: general protection fault in u2fzero_rng_read
testing program (duration=45.214024254s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
program crashed: general protection fault in u2fzero_rng_read
validation run: crashed=true
testing program (duration=45.214024254s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
program crashed: general protection fault in u2fzero_rng_read
validation run: crashed=true
testing program (duration=45.214024254s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010c410cf8a00000000000109022d00010000000009040000020300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
program crashed: general protection fault in u2fzero_rng_read
validation run: crashed=true
reproducing took 29m12.368871017s
repro crashed as (corrupted=false):
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0
hid-u2fzero 0003:10C4:8ACF.0001: U2F Zero LED initialised
general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af]
CPU: 0 PID: 8 Comm: kworker/0:0 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: usb_hub_wq hub_event
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:137 [inline]
RIP: 0010:u2fzero_rng_read+0x2a1/0x700 drivers/hid/hid-u2fzero.c:223
Code: 89 cc 80 3c 01 00 74 08 4c 89 ef e8 f9 ad e5 f9 bb a8 00 00 00 49 03 5d 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 71 ae e5 f9 48 8d 44 24 60 48 89 03
RSP: 0018:ffffc900000d6780 EFLAGS: 00010202
RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffc900000d68a0 RDI: ffff888075236a68
RBP: ffffc900000d6998 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1100ee83006
R13: ffff888077418030 R14: 1ffff1100ee83083 R15: 1ffff9200001acf8
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561850d4dd80 CR3: 0000000031643000 CR4: 00000000003506f0
Call Trace:
rng_get_data drivers/char/hw_random/core.c:198 [inline]
add_early_randomness+0x7a/0x1a0 drivers/char/hw_random/core.c:72
hwrng_register+0x3db/0x4a0 drivers/char/hw_random/core.c:593
devm_hwrng_register+0x47/0xb0 drivers/char/hw_random/core.c:665
u2fzero_probe+0x348/0x460 drivers/hid/hid-u2fzero.c:358
__hid_device_probe drivers/hid/hid-core.c:2649 [inline]
hid_device_probe+0x293/0x5b0 drivers/hid/hid-core.c:2686
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x25b/0xb20 drivers/base/dd.c:658
__driver_probe_device+0x18c/0x330 drivers/base/dd.c:800
driver_probe_device+0x4f/0x420 drivers/base/dd.c:830
__device_attach_driver+0x2ca/0x510 drivers/base/dd.c:958
bus_for_each_drv+0x252/0x2e0 drivers/base/bus.c:459
__device_attach+0x2c2/0x420 drivers/base/dd.c:1030
bus_probe_device+0x180/0x260 drivers/base/bus.c:534
device_add+0x85b/0xc20 drivers/base/core.c:3683
hid_add_device+0x38d/0x530 drivers/hid/hid-core.c:2832
usbhid_probe+0xe02/0x1220 drivers/hid/usbhid/hid-core.c:1447
usb_probe_interface+0x5c9/0xb20 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x25b/0xb20 drivers/base/dd.c:658
__driver_probe_device+0x18c/0x330 drivers/base/dd.c:800
driver_probe_device+0x4f/0x420 drivers/base/dd.c:830
__device_attach_driver+0x2ca/0x510 drivers/base/dd.c:958
bus_for_each_drv+0x252/0x2e0 drivers/base/bus.c:459
__device_attach+0x2c2/0x420 drivers/base/dd.c:1030
bus_probe_device+0x180/0x260 drivers/base/bus.c:534
device_add+0x85b/0xc20 drivers/base/core.c:3683
usb_set_configuration+0x1a79/0x20c0 drivers/usb/core/message.c:2265
usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:238
usb_probe_device+0x13d/0x270 drivers/usb/core/driver.c:293
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x25b/0xb20 drivers/base/dd.c:658
__driver_probe_device+0x18c/0x330 drivers/base/dd.c:800
driver_probe_device+0x4f/0x420 drivers/base/dd.c:830
__device_attach_driver+0x2ca/0x510 drivers/base/dd.c:958
bus_for_each_drv+0x252/0x2e0 drivers/base/bus.c:459
__device_attach+0x2c2/0x420 drivers/base/dd.c:1030
bus_probe_device+0x180/0x260 drivers/base/bus.c:534
device_add+0x85b/0xc20 drivers/base/core.c:3683
usb_new_device+0xa3c/0x1660 drivers/usb/core/hub.c:2660
hub_port_connect drivers/usb/core/hub.c:5529 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5669 [inline]
port_event drivers/usb/core/hub.c:5833 [inline]
hub_event+0x29bf/0x49f0 drivers/usb/core/hub.c:5915
process_one_work kernel/workqueue.c:2653 [inline]
process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:137 [inline]
RIP: 0010:u2fzero_rng_read+0x2a1/0x700 drivers/hid/hid-u2fzero.c:223
Code: 89 cc 80 3c 01 00 74 08 4c 89 ef e8 f9 ad e5 f9 bb a8 00 00 00 49 03 5d 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 71 ae e5 f9 48 8d 44 24 60 48 89 03
RSP: 0018:ffffc900000d6780 EFLAGS: 00010202
RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffc900000d68a0 RDI: ffff888075236a68
RBP: ffffc900000d6998 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1100ee83006
R13: ffff888077418030 R14: 1ffff1100ee83083 R15: 1ffff9200001acf8
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561850d4dd80 CR3: 000000000cf32000 CR4: 00000000003506f0
----------------
Code disassembly (best guess):
0: 89 cc mov %ecx,%esp
2: 80 3c 01 00 cmpb $0x0,(%rcx,%rax,1)
6: 74 08 je 0x10
8: 4c 89 ef mov %r13,%rdi
b: e8 f9 ad e5 f9 call 0xf9e5ae09
10: bb a8 00 00 00 mov $0xa8,%ebx
15: 49 03 5d 00 add 0x0(%r13),%rbx
19: 48 89 d8 mov %rbx,%rax
1c: 48 c1 e8 03 shr $0x3,%rax
20: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx
27: fc ff df
* 2a: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) <-- trapping instruction
2e: 74 08 je 0x38
30: 48 89 df mov %rbx,%rdi
33: e8 71 ae e5 f9 call 0xf9e5aea9
38: 48 8d 44 24 60 lea 0x60(%rsp),%rax
3d: 48 89 03 mov %rax,(%rbx)
final repro crashed as (corrupted=false):
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0
hid-u2fzero 0003:10C4:8ACF.0001: U2F Zero LED initialised
general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af]
CPU: 0 PID: 8 Comm: kworker/0:0 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: usb_hub_wq hub_event
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:137 [inline]
RIP: 0010:u2fzero_rng_read+0x2a1/0x700 drivers/hid/hid-u2fzero.c:223
Code: 89 cc 80 3c 01 00 74 08 4c 89 ef e8 f9 ad e5 f9 bb a8 00 00 00 49 03 5d 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 71 ae e5 f9 48 8d 44 24 60 48 89 03
RSP: 0018:ffffc900000d6780 EFLAGS: 00010202
RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffc900000d68a0 RDI: ffff888075236a68
RBP: ffffc900000d6998 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1100ee83006
R13: ffff888077418030 R14: 1ffff1100ee83083 R15: 1ffff9200001acf8
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561850d4dd80 CR3: 0000000031643000 CR4: 00000000003506f0
Call Trace:
rng_get_data drivers/char/hw_random/core.c:198 [inline]
add_early_randomness+0x7a/0x1a0 drivers/char/hw_random/core.c:72
hwrng_register+0x3db/0x4a0 drivers/char/hw_random/core.c:593
devm_hwrng_register+0x47/0xb0 drivers/char/hw_random/core.c:665
u2fzero_probe+0x348/0x460 drivers/hid/hid-u2fzero.c:358
__hid_device_probe drivers/hid/hid-core.c:2649 [inline]
hid_device_probe+0x293/0x5b0 drivers/hid/hid-core.c:2686
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x25b/0xb20 drivers/base/dd.c:658
__driver_probe_device+0x18c/0x330 drivers/base/dd.c:800
driver_probe_device+0x4f/0x420 drivers/base/dd.c:830
__device_attach_driver+0x2ca/0x510 drivers/base/dd.c:958
bus_for_each_drv+0x252/0x2e0 drivers/base/bus.c:459
__device_attach+0x2c2/0x420 drivers/base/dd.c:1030
bus_probe_device+0x180/0x260 drivers/base/bus.c:534
device_add+0x85b/0xc20 drivers/base/core.c:3683
hid_add_device+0x38d/0x530 drivers/hid/hid-core.c:2832
usbhid_probe+0xe02/0x1220 drivers/hid/usbhid/hid-core.c:1447
usb_probe_interface+0x5c9/0xb20 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x25b/0xb20 drivers/base/dd.c:658
__driver_probe_device+0x18c/0x330 drivers/base/dd.c:800
driver_probe_device+0x4f/0x420 drivers/base/dd.c:830
__device_attach_driver+0x2ca/0x510 drivers/base/dd.c:958
bus_for_each_drv+0x252/0x2e0 drivers/base/bus.c:459
__device_attach+0x2c2/0x420 drivers/base/dd.c:1030
bus_probe_device+0x180/0x260 drivers/base/bus.c:534
device_add+0x85b/0xc20 drivers/base/core.c:3683
usb_set_configuration+0x1a79/0x20c0 drivers/usb/core/message.c:2265
usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:238
usb_probe_device+0x13d/0x270 drivers/usb/core/driver.c:293
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x25b/0xb20 drivers/base/dd.c:658
__driver_probe_device+0x18c/0x330 drivers/base/dd.c:800
driver_probe_device+0x4f/0x420 drivers/base/dd.c:830
__device_attach_driver+0x2ca/0x510 drivers/base/dd.c:958
bus_for_each_drv+0x252/0x2e0 drivers/base/bus.c:459
__device_attach+0x2c2/0x420 drivers/base/dd.c:1030
bus_probe_device+0x180/0x260 drivers/base/bus.c:534
device_add+0x85b/0xc20 drivers/base/core.c:3683
usb_new_device+0xa3c/0x1660 drivers/usb/core/hub.c:2660
hub_port_connect drivers/usb/core/hub.c:5529 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5669 [inline]
port_event drivers/usb/core/hub.c:5833 [inline]
hub_event+0x29bf/0x49f0 drivers/usb/core/hub.c:5915
process_one_work kernel/workqueue.c:2653 [inline]
process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:137 [inline]
RIP: 0010:u2fzero_rng_read+0x2a1/0x700 drivers/hid/hid-u2fzero.c:223
Code: 89 cc 80 3c 01 00 74 08 4c 89 ef e8 f9 ad e5 f9 bb a8 00 00 00 49 03 5d 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 71 ae e5 f9 48 8d 44 24 60 48 89 03
RSP: 0018:ffffc900000d6780 EFLAGS: 00010202
RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffc900000d68a0 RDI: ffff888075236a68
RBP: ffffc900000d6998 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1100ee83006
R13: ffff888077418030 R14: 1ffff1100ee83083 R15: 1ffff9200001acf8
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561850d4dd80 CR3: 000000000cf32000 CR4: 00000000003506f0
----------------
Code disassembly (best guess):
0: 89 cc mov %ecx,%esp
2: 80 3c 01 00 cmpb $0x0,(%rcx,%rax,1)
6: 74 08 je 0x10
8: 4c 89 ef mov %r13,%rdi
b: e8 f9 ad e5 f9 call 0xf9e5ae09
10: bb a8 00 00 00 mov $0xa8,%ebx
15: 49 03 5d 00 add 0x0(%r13),%rbx
19: 48 89 d8 mov %rbx,%rax
1c: 48 c1 e8 03 shr $0x3,%rax
20: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx
27: fc ff df
* 2a: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) <-- trapping instruction
2e: 74 08 je 0x38
30: 48 89 df mov %rbx,%rdi
33: e8 71 ae e5 f9 call 0xf9e5aea9
38: 48 8d 44 24 60 lea 0x60(%rsp),%rax
3d: 48 89 03 mov %rax,(%rbx)