Extracting prog: 3m21.547143622s
Minimizing prog: 1h8m51.585041708s
Simplifying prog options: 0s
Extracting C: 38.854051506s
Simplifying C: 1h9m39.760772248s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
single: successfully extracted reproducer
found reproducer with 8 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
gettid()
pause()
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
pause()
tkill(0x0, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = gettid()
pause()
tkill(r1, 0x13)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(0xffffffffffffffff)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
r1 = gettid()
pause()
tkill(r1, 0x13)
write$binfmt_elf32(r0, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r0)
execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(0x0)
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, 0x0, 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program did not crash
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
validation run: crashed=true
reproducing took 2h55m36.054206072s
repro crashed as (corrupted=false):
process '/newroot/110/file0' started with executable stack
------------[ cut here ]------------
WARNING: kernel/signal.c:373 at task_participate_group_stop+0x215/0x2d0 kernel/signal.c:373, CPU#0: file0/6448
Modules linked in:
CPU: 0 UID: 0 PID: 6448 Comm: file0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:task_participate_group_stop+0x215/0x2d0 kernel/signal.c:373
Code: c0 41 89 04 24 b0 01 eb 07 e8 57 3a 38 00 31 c0 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 42 12 07 0a cc e8 3c 3a 38 00 90 <0f> 0b 90 43 0f b6 04 2f 84 c0 0f 85 8b 00 00 00 41 8b 2e e9 4d ff
RSP: 0018:ffffc90003537bd8 EFLAGS: 00010093
RAX: ffffffff8187e264 RBX: 0000000000060013 RCX: ffff8880249cdac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff520006a6f70 R12: ffff88802b085e40
R13: dffffc0000000000 R14: ffff88802b085ee8 R15: 1ffff11005610bdd
FS:  0000000000000000(0000) GS:ffff88812579c000(0000) knlGS:0000000000000000
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00007f9ba2585f98 CR3: 000000007d9f6000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 do_signal_stop+0x4bc/0x6c0 kernel/signal.c:2617
 get_signal+0xa8d/0x1340 kernel/signal.c:2881
 arch_do_signal_or_restart+0xa0/0x790 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0x72/0x130 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x2bd/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0023:0x3ba
Code: Unable to access opcode bytes at 0x390.
RSP: 002b:00000000ffa4d2f0 EFLAGS: 00000202 ORIG_RAX: 000000000000000b
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>

final repro crashed as (corrupted=false):
process '/newroot/110/file0' started with executable stack
------------[ cut here ]------------
WARNING: kernel/signal.c:373 at task_participate_group_stop+0x215/0x2d0 kernel/signal.c:373, CPU#0: file0/6448
Modules linked in:
CPU: 0 UID: 0 PID: 6448 Comm: file0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:task_participate_group_stop+0x215/0x2d0 kernel/signal.c:373
Code: c0 41 89 04 24 b0 01 eb 07 e8 57 3a 38 00 31 c0 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 42 12 07 0a cc e8 3c 3a 38 00 90 <0f> 0b 90 43 0f b6 04 2f 84 c0 0f 85 8b 00 00 00 41 8b 2e e9 4d ff
RSP: 0018:ffffc90003537bd8 EFLAGS: 00010093
RAX: ffffffff8187e264 RBX: 0000000000060013 RCX: ffff8880249cdac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff520006a6f70 R12: ffff88802b085e40
R13: dffffc0000000000 R14: ffff88802b085ee8 R15: 1ffff11005610bdd
FS:  0000000000000000(0000) GS:ffff88812579c000(0000) knlGS:0000000000000000
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00007f9ba2585f98 CR3: 000000007d9f6000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 do_signal_stop+0x4bc/0x6c0 kernel/signal.c:2617
 get_signal+0xa8d/0x1340 kernel/signal.c:2881
 arch_do_signal_or_restart+0xa0/0x790 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0x72/0x130 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x2bd/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0023:0x3ba
Code: Unable to access opcode bytes at 0x390.
RSP: 002b:00000000ffa4d2f0 EFLAGS: 00000202 ORIG_RAX: 000000000000000b
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>