Extracting prog: 2h8m22.158282729s
Minimizing prog: 58m47.86733041s
Simplifying prog options: 0s
Extracting C: 4m57.389371226s
Simplifying C: 1h43m45.524392247s


4 programs, timeouts [30s 1m40s 6m0s]
extracting reproducer from 4 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 4 programs with base timeout 30s
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 6, 5, 4]
detailed listing:
executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 1:
r0 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})
r3 = open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='.\x00', 0x0)
symlinkat(&(0x7f0000000140)='./file1\x00', r3, &(0x7f0000000340)='./file0\x00')
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b408"], 0x0, 0x4}, 0x90)
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x7a, &(0x7f0000000080)={r2, 0x4, "179da51e"}, &(0x7f00000000c0)=0xc)
executing program 3:
syz_mount_image$nilfs2(&(0x7f0000000040), &(0x7f0000000300)='./file0\x00', 0x1a08008, &(0x7f00000002c0)=ANY=[], 0x1, 0xb0a, &(0x7f0000000340)="$eJzs3U2MW0fhAPCxd73JJuk/Tv8JXdLQJC205aObZrOEjwiSKhESUVMBl0oVlyhNQ0QIEkWiRJVIcuJGqypIcOFDnHqpCkKiFxT1gLhUopEqpJ4KBw5EQUTiQAOJ0XpnvPbE7rP3w8+7+/tJ4/G8efbMe37v+X3OBGDdqjZfZ2enKiFceeOVY39/+G+Tc0MOt8aoN1/H21K1EEIlpsez73tvbD6+ffPFU21xNaUrYab5mtLhqRutz24OIVwMe8LVUA87r1x7+a2ZJ09cOn5579uvHrq+QpMPAADryleuHprd8Zc/3b/t1msPHAkbWsPT/nk9prfE/f4jccc/7f9XQ2e60hbaTWTjjcdQnewcb6zLeO3l1LLxxnuUP5GVX+sx3obwweWPtQ3rNt2wmqXluB4q1emOdLU6PT1/TB6ax/UTlenzZ88993xJFQWW3b92hxD2tIWjlzvToxYO9zleGIG6ZqExAnUoK1SX8nscGV49bzXmlT2/hhUaW8vd/gAk2XXDu13MzywsTevbxvsr/8YT1e6fh2Uw7OV/oPInSi4/rFD5c/uXzfsS5ozw/A8h/OqSLQ7LZ60uTWm60nq0Jabz6wj5/Uu917/8Skfn0Px6RK3Peva6jrBari/0qufYkOuxWL3qny8Xa9UXYpzmwxez/Pb1J/9NV8tvDHT37/z8//DCwiX6ETgPKgirJnSuM7WlfFejtC0PMOry++Ya6fpolN/Xl+dvKMjfWJA/WZC/qSB/c54/OdDkw5r2m+/+KLxUWTjOz4/pBz0fn86z3RPj/xuwPvn5yEHLz+/7HdRSy8/vJ4ZR9ruTT5/+7LPPXJu//7/SWv7vxOU9HW7U47p1NY6Qzhfm59Vb9/7XO8up9hjv3qw+93QZv/l+e+d4le0L3xPatjN31WOq83Nbe423q3O8ejbeZAwbs/rm+yebss+l/Y+0XU3zazyb3lo2HRNZPdJ2ZVuM83rAYqTlsdf9/2n5nAq1ynNnz51+PKbTcvrHsdqGueH7h1xvYOn6ff5nKnQ+/7OlNbxWbd8ubF0YXpnfLrwev69z+EyrnDj8/fnhB2I6/c99Y2yyOXz61LfPPbv8kw/r2vPfv/DNk+fOnf6ON4t+86XRqMYgb9Jhy6jUZ928CdWRqEYfb0reMAErbt8P5ncCHjv7rZNnTp85ff7AwYMHZmYOfu7A7L7mfv2+9r37dhdLqC2wnBb+9MuuCQAAAAAAAAAAANCv7x0/du2dNz/z7vzz/wvP/6Xn/9Odv+n5/x9mz//nz8mn5+DTc4DbuuQ3x8kaWJ3IxqvF8P9Zfbdn5ezIPvehGLf68YvP/6fi8nZdU33uy4bXeiSz5gTuai9lImuDJO8v8MEYX47xL88M2kIKLKNK9wax8uW2V/vWaVlP7VO0tUvR0D7w6pF+t7Q0pHZM0vPfXdt1avuxt/VZju6mRsswHicsexqB7v5RXvvfQwiHs/Q/Fya89LoJvcP4cMv7yfpdJho999L77cEGYHmU1f9nOq+Rznum+Pzvv7xxLqTxbzzRub3M2y+FQfz5nc70yPb/+dPhlJ/323eXtdj/6ADlL3f/n63+7+IGsHj7l/WYV19cue//7Pq7bcWGnf2Wn09/agd6+2Dl34rlp6l5JPRXfuMXWfn5BaE+/Scrf1Of5d81/bsWV/5/Y/lptj36UL/lz9e4Uu2sR37eOJ3nzc8bJ7ez6U9te35A+V+70G36F9lR451YPqxnq6Wf2UFl+xGtnfbF9/8bXVze/n9blc02a/l9GJ+O6bQhTvc55P2dDFr/dH9F+h/YkX1/peD/Tf+/q9vnY1y0PqT+f9PyWI9/+W3p5rxM6VqXebtWtzWwWr23O4RG7ejNF0bgWkTX8OAfvnqh7DoMN2wcgTr0CPEor/R6jFRojC3ic61+4kquf6PRWNkTWgVKLZzS53/Zxwlll1/2/C+S9/+b78Pn/f/m+Xn/v3l+3v9vnj8Zf6Fe+Xn/v/n8zPv/zfPvy7437z94qiD/wwX5O7vntw7b7y/4/K6C/I8s5Dc7b8zz97byD3d8Q8p/oOD7dxfk31uQ/1BB/kcL8j9WkP9wQf6jbfntfUSn/I/3+Px66SY6PY/Sa/4Ba1f+fJ71H9aPdP2n1/q/vSAfWL1+/Nr+o8/8+uv1+ef/J1rnQ9J1vCMxXYvHTy/EdH7dO7Sl5/LejOm/Zvmjfr4D1pO8/Yz8//2Rgnxg9Ur3eVm/YR2qbOw+OMY9262Kca/9fFaXT8T4kzH+VIwfi/F0jPfFeH+MZ4ZUP1bG0dd/e+ilysLxft4+U7/3k+fPA3W0ExVCONBnffLzA4Pez5634zeopZa/yMfBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASlNtvs7OTlVCuPLGK8eePnF239yQw60x6s3X8bZUrfW5EB6P8ViMfx7f3L754qn2+E6MK2EmVEKlNTw8daNV0uYQwsWwJ1wN9bDzyrWX35p58sSl45f3vv3qoesrNwcAAABg7ftfAAAA//8BewvK")
open(&(0x7f0000000140)='./file1\x00', 0x141042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x40086e81, 0xfffffffffffffffe)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 4 programs with base timeout 1m40s
testing program (duration=1m41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 6, 5, 4]
detailed listing:
executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 1:
r0 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})
r3 = open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='.\x00', 0x0)
symlinkat(&(0x7f0000000140)='./file1\x00', r3, &(0x7f0000000340)='./file0\x00')
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b408"], 0x0, 0x4}, 0x90)
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x7a, &(0x7f0000000080)={r2, 0x4, "179da51e"}, &(0x7f00000000c0)=0xc)
executing program 3:
syz_mount_image$nilfs2(&(0x7f0000000040), &(0x7f0000000300)='./file0\x00', 0x1a08008, &(0x7f00000002c0)=ANY=[], 0x1, 0xb0a, &(0x7f0000000340)="$eJzs3U2MW0fhAPCxd73JJuk/Tv8JXdLQJC205aObZrOEjwiSKhESUVMBl0oVlyhNQ0QIEkWiRJVIcuJGqypIcOFDnHqpCkKiFxT1gLhUopEqpJ4KBw5EQUTiQAOJ0XpnvPbE7rP3w8+7+/tJ4/G8efbMe37v+X3OBGDdqjZfZ2enKiFceeOVY39/+G+Tc0MOt8aoN1/H21K1EEIlpsez73tvbD6+ffPFU21xNaUrYab5mtLhqRutz24OIVwMe8LVUA87r1x7+a2ZJ09cOn5579uvHrq+QpMPAADryleuHprd8Zc/3b/t1msPHAkbWsPT/nk9prfE/f4jccc/7f9XQ2e60hbaTWTjjcdQnewcb6zLeO3l1LLxxnuUP5GVX+sx3obwweWPtQ3rNt2wmqXluB4q1emOdLU6PT1/TB6ax/UTlenzZ88993xJFQWW3b92hxD2tIWjlzvToxYO9zleGIG6ZqExAnUoK1SX8nscGV49bzXmlT2/hhUaW8vd/gAk2XXDu13MzywsTevbxvsr/8YT1e6fh2Uw7OV/oPInSi4/rFD5c/uXzfsS5ozw/A8h/OqSLQ7LZ60uTWm60nq0Jabz6wj5/Uu917/8Skfn0Px6RK3Peva6jrBari/0qufYkOuxWL3qny8Xa9UXYpzmwxez/Pb1J/9NV8tvDHT37/z8//DCwiX6ETgPKgirJnSuM7WlfFejtC0PMOry++Ya6fpolN/Xl+dvKMjfWJA/WZC/qSB/c54/OdDkw5r2m+/+KLxUWTjOz4/pBz0fn86z3RPj/xuwPvn5yEHLz+/7HdRSy8/vJ4ZR9ruTT5/+7LPPXJu//7/SWv7vxOU9HW7U47p1NY6Qzhfm59Vb9/7XO8up9hjv3qw+93QZv/l+e+d4le0L3xPatjN31WOq83Nbe423q3O8ejbeZAwbs/rm+yebss+l/Y+0XU3zazyb3lo2HRNZPdJ2ZVuM83rAYqTlsdf9/2n5nAq1ynNnz51+PKbTcvrHsdqGueH7h1xvYOn6ff5nKnQ+/7OlNbxWbd8ubF0YXpnfLrwev69z+EyrnDj8/fnhB2I6/c99Y2yyOXz61LfPPbv8kw/r2vPfv/DNk+fOnf6ON4t+86XRqMYgb9Jhy6jUZ928CdWRqEYfb0reMAErbt8P5ncCHjv7rZNnTp85ff7AwYMHZmYOfu7A7L7mfv2+9r37dhdLqC2wnBb+9MuuCQAAAAAAAAAAANCv7x0/du2dNz/z7vzz/wvP/6Xn/9Odv+n5/x9mz//nz8mn5+DTc4DbuuQ3x8kaWJ3IxqvF8P9Zfbdn5ezIPvehGLf68YvP/6fi8nZdU33uy4bXeiSz5gTuai9lImuDJO8v8MEYX47xL88M2kIKLKNK9wax8uW2V/vWaVlP7VO0tUvR0D7w6pF+t7Q0pHZM0vPfXdt1avuxt/VZju6mRsswHicsexqB7v5RXvvfQwiHs/Q/Fya89LoJvcP4cMv7yfpdJho999L77cEGYHmU1f9nOq+Rznum+Pzvv7xxLqTxbzzRub3M2y+FQfz5nc70yPb/+dPhlJ/323eXtdj/6ADlL3f/n63+7+IGsHj7l/WYV19cue//7Pq7bcWGnf2Wn09/agd6+2Dl34rlp6l5JPRXfuMXWfn5BaE+/Scrf1Of5d81/bsWV/5/Y/lptj36UL/lz9e4Uu2sR37eOJ3nzc8bJ7ez6U9te35A+V+70G36F9lR451YPqxnq6Wf2UFl+xGtnfbF9/8bXVze/n9blc02a/l9GJ+O6bQhTvc55P2dDFr/dH9F+h/YkX1/peD/Tf+/q9vnY1y0PqT+f9PyWI9/+W3p5rxM6VqXebtWtzWwWr23O4RG7ejNF0bgWkTX8OAfvnqh7DoMN2wcgTr0CPEor/R6jFRojC3ic61+4kquf6PRWNkTWgVKLZzS53/Zxwlll1/2/C+S9/+b78Pn/f/m+Xn/v3l+3v9vnj8Zf6Fe+Xn/v/n8zPv/zfPvy7437z94qiD/wwX5O7vntw7b7y/4/K6C/I8s5Dc7b8zz97byD3d8Q8p/oOD7dxfk31uQ/1BB/kcL8j9WkP9wQf6jbfntfUSn/I/3+Px66SY6PY/Sa/4Ba1f+fJ71H9aPdP2n1/q/vSAfWL1+/Nr+o8/8+uv1+ef/J1rnQ9J1vCMxXYvHTy/EdH7dO7Sl5/LejOm/Zvmjfr4D1pO8/Yz8//2Rgnxg9Ur3eVm/YR2qbOw+OMY9262Kca/9fFaXT8T4kzH+VIwfi/F0jPfFeH+MZ4ZUP1bG0dd/e+ilysLxft4+U7/3k+fPA3W0ExVCONBnffLzA4Pez5634zeopZa/yMfBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASlNtvs7OTlVCuPLGK8eePnF239yQw60x6s3X8bZUrfW5EB6P8ViMfx7f3L754qn2+E6MK2EmVEKlNTw8daNV0uYQwsWwJ1wN9bDzyrWX35p58sSl45f3vv3qoesrNwcAAABg7ftfAAAA//8BewvK")
open(&(0x7f0000000140)='./file1\x00', 0x141042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x40086e81, 0xfffffffffffffffe)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 4 programs with base timeout 6m0s
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 6, 5, 4]
detailed listing:
executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 1:
r0 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})
r3 = open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='.\x00', 0x0)
symlinkat(&(0x7f0000000140)='./file1\x00', r3, &(0x7f0000000340)='./file0\x00')
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b408"], 0x0, 0x4}, 0x90)
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x7a, &(0x7f0000000080)={r2, 0x4, "179da51e"}, &(0x7f00000000c0)=0xc)
executing program 3:
syz_mount_image$nilfs2(&(0x7f0000000040), &(0x7f0000000300)='./file0\x00', 0x1a08008, &(0x7f00000002c0)=ANY=[], 0x1, 0xb0a, &(0x7f0000000340)="$eJzs3U2MW0fhAPCxd73JJuk/Tv8JXdLQJC205aObZrOEjwiSKhESUVMBl0oVlyhNQ0QIEkWiRJVIcuJGqypIcOFDnHqpCkKiFxT1gLhUopEqpJ4KBw5EQUTiQAOJ0XpnvPbE7rP3w8+7+/tJ4/G8efbMe37v+X3OBGDdqjZfZ2enKiFceeOVY39/+G+Tc0MOt8aoN1/H21K1EEIlpsez73tvbD6+ffPFU21xNaUrYab5mtLhqRutz24OIVwMe8LVUA87r1x7+a2ZJ09cOn5579uvHrq+QpMPAADryleuHprd8Zc/3b/t1msPHAkbWsPT/nk9prfE/f4jccc/7f9XQ2e60hbaTWTjjcdQnewcb6zLeO3l1LLxxnuUP5GVX+sx3obwweWPtQ3rNt2wmqXluB4q1emOdLU6PT1/TB6ax/UTlenzZ88993xJFQWW3b92hxD2tIWjlzvToxYO9zleGIG6ZqExAnUoK1SX8nscGV49bzXmlT2/hhUaW8vd/gAk2XXDu13MzywsTevbxvsr/8YT1e6fh2Uw7OV/oPInSi4/rFD5c/uXzfsS5ozw/A8h/OqSLQ7LZ60uTWm60nq0Jabz6wj5/Uu917/8Skfn0Px6RK3Peva6jrBari/0qufYkOuxWL3qny8Xa9UXYpzmwxez/Pb1J/9NV8tvDHT37/z8//DCwiX6ETgPKgirJnSuM7WlfFejtC0PMOry++Ya6fpolN/Xl+dvKMjfWJA/WZC/qSB/c54/OdDkw5r2m+/+KLxUWTjOz4/pBz0fn86z3RPj/xuwPvn5yEHLz+/7HdRSy8/vJ4ZR9ruTT5/+7LPPXJu//7/SWv7vxOU9HW7U47p1NY6Qzhfm59Vb9/7XO8up9hjv3qw+93QZv/l+e+d4le0L3xPatjN31WOq83Nbe423q3O8ejbeZAwbs/rm+yebss+l/Y+0XU3zazyb3lo2HRNZPdJ2ZVuM83rAYqTlsdf9/2n5nAq1ynNnz51+PKbTcvrHsdqGueH7h1xvYOn6ff5nKnQ+/7OlNbxWbd8ubF0YXpnfLrwev69z+EyrnDj8/fnhB2I6/c99Y2yyOXz61LfPPbv8kw/r2vPfv/DNk+fOnf6ON4t+86XRqMYgb9Jhy6jUZ928CdWRqEYfb0reMAErbt8P5ncCHjv7rZNnTp85ff7AwYMHZmYOfu7A7L7mfv2+9r37dhdLqC2wnBb+9MuuCQAAAAAAAAAAANCv7x0/du2dNz/z7vzz/wvP/6Xn/9Odv+n5/x9mz//nz8mn5+DTc4DbuuQ3x8kaWJ3IxqvF8P9Zfbdn5ezIPvehGLf68YvP/6fi8nZdU33uy4bXeiSz5gTuai9lImuDJO8v8MEYX47xL88M2kIKLKNK9wax8uW2V/vWaVlP7VO0tUvR0D7w6pF+t7Q0pHZM0vPfXdt1avuxt/VZju6mRsswHicsexqB7v5RXvvfQwiHs/Q/Fya89LoJvcP4cMv7yfpdJho999L77cEGYHmU1f9nOq+Rznum+Pzvv7xxLqTxbzzRub3M2y+FQfz5nc70yPb/+dPhlJ/323eXtdj/6ADlL3f/n63+7+IGsHj7l/WYV19cue//7Pq7bcWGnf2Wn09/agd6+2Dl34rlp6l5JPRXfuMXWfn5BaE+/Scrf1Of5d81/bsWV/5/Y/lptj36UL/lz9e4Uu2sR37eOJ3nzc8bJ7ez6U9te35A+V+70G36F9lR451YPqxnq6Wf2UFl+xGtnfbF9/8bXVze/n9blc02a/l9GJ+O6bQhTvc55P2dDFr/dH9F+h/YkX1/peD/Tf+/q9vnY1y0PqT+f9PyWI9/+W3p5rxM6VqXebtWtzWwWr23O4RG7ejNF0bgWkTX8OAfvnqh7DoMN2wcgTr0CPEor/R6jFRojC3ic61+4kquf6PRWNkTWgVKLZzS53/Zxwlll1/2/C+S9/+b78Pn/f/m+Xn/v3l+3v9vnj8Zf6Fe+Xn/v/n8zPv/zfPvy7437z94qiD/wwX5O7vntw7b7y/4/K6C/I8s5Dc7b8zz97byD3d8Q8p/oOD7dxfk31uQ/1BB/kcL8j9WkP9wQf6jbfntfUSn/I/3+Px66SY6PY/Sa/4Ba1f+fJ71H9aPdP2n1/q/vSAfWL1+/Nr+o8/8+uv1+ef/J1rnQ9J1vCMxXYvHTy/EdH7dO7Sl5/LejOm/Zvmjfr4D1pO8/Yz8//2Rgnxg9Ur3eVm/YR2qbOw+OMY9262Kca/9fFaXT8T4kzH+VIwfi/F0jPfFeH+MZ4ZUP1bG0dd/e+ilysLxft4+U7/3k+fPA3W0ExVCONBnffLzA4Pez5634zeopZa/yMfBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASlNtvs7OTlVCuPLGK8eePnF239yQw60x6s3X8bZUrfW5EB6P8ViMfx7f3L754qn2+E6MK2EmVEKlNTw8daNV0uYQwsWwJ1wN9bDzyrWX35p58sSl45f3vv3qoesrNwcAAABg7ftfAAAA//8BewvK")
open(&(0x7f0000000140)='./file1\x00', 0x141042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x40086e81, 0xfffffffffffffffe)

program crashed: KMSAN: kernel-infoleak in iowarrior_read
bisect: bisecting 4 programs
bisect: split chunks (needed=false): <3>
bisect: split chunk #0 of len 3 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5, 4]
detailed listing:
executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b408"], 0x0, 0x4}, 0x90)
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x7a, &(0x7f0000000080)={r2, 0x4, "179da51e"}, &(0x7f00000000c0)=0xc)
executing program 3:
syz_mount_image$nilfs2(&(0x7f0000000040), &(0x7f0000000300)='./file0\x00', 0x1a08008, &(0x7f00000002c0)=ANY=[], 0x1, 0xb0a, &(0x7f0000000340)="$eJzs3U2MW0fhAPCxd73JJuk/Tv8JXdLQJC205aObZrOEjwiSKhESUVMBl0oVlyhNQ0QIEkWiRJVIcuJGqypIcOFDnHqpCkKiFxT1gLhUopEqpJ4KBw5EQUTiQAOJ0XpnvPbE7rP3w8+7+/tJ4/G8efbMe37v+X3OBGDdqjZfZ2enKiFceeOVY39/+G+Tc0MOt8aoN1/H21K1EEIlpsez73tvbD6+ffPFU21xNaUrYab5mtLhqRutz24OIVwMe8LVUA87r1x7+a2ZJ09cOn5579uvHrq+QpMPAADryleuHprd8Zc/3b/t1msPHAkbWsPT/nk9prfE/f4jccc/7f9XQ2e60hbaTWTjjcdQnewcb6zLeO3l1LLxxnuUP5GVX+sx3obwweWPtQ3rNt2wmqXluB4q1emOdLU6PT1/TB6ax/UTlenzZ88993xJFQWW3b92hxD2tIWjlzvToxYO9zleGIG6ZqExAnUoK1SX8nscGV49bzXmlT2/hhUaW8vd/gAk2XXDu13MzywsTevbxvsr/8YT1e6fh2Uw7OV/oPInSi4/rFD5c/uXzfsS5ozw/A8h/OqSLQ7LZ60uTWm60nq0Jabz6wj5/Uu917/8Skfn0Px6RK3Peva6jrBari/0qufYkOuxWL3qny8Xa9UXYpzmwxez/Pb1J/9NV8tvDHT37/z8//DCwiX6ETgPKgirJnSuM7WlfFejtC0PMOry++Ya6fpolN/Xl+dvKMjfWJA/WZC/qSB/c54/OdDkw5r2m+/+KLxUWTjOz4/pBz0fn86z3RPj/xuwPvn5yEHLz+/7HdRSy8/vJ4ZR9ruTT5/+7LPPXJu//7/SWv7vxOU9HW7U47p1NY6Qzhfm59Vb9/7XO8up9hjv3qw+93QZv/l+e+d4le0L3xPatjN31WOq83Nbe423q3O8ejbeZAwbs/rm+yebss+l/Y+0XU3zazyb3lo2HRNZPdJ2ZVuM83rAYqTlsdf9/2n5nAq1ynNnz51+PKbTcvrHsdqGueH7h1xvYOn6ff5nKnQ+/7OlNbxWbd8ubF0YXpnfLrwev69z+EyrnDj8/fnhB2I6/c99Y2yyOXz61LfPPbv8kw/r2vPfv/DNk+fOnf6ON4t+86XRqMYgb9Jhy6jUZ928CdWRqEYfb0reMAErbt8P5ncCHjv7rZNnTp85ff7AwYMHZmYOfu7A7L7mfv2+9r37dhdLqC2wnBb+9MuuCQAAAAAAAAAAANCv7x0/du2dNz/z7vzz/wvP/6Xn/9Odv+n5/x9mz//nz8mn5+DTc4DbuuQ3x8kaWJ3IxqvF8P9Zfbdn5ezIPvehGLf68YvP/6fi8nZdU33uy4bXeiSz5gTuai9lImuDJO8v8MEYX47xL88M2kIKLKNK9wax8uW2V/vWaVlP7VO0tUvR0D7w6pF+t7Q0pHZM0vPfXdt1avuxt/VZju6mRsswHicsexqB7v5RXvvfQwiHs/Q/Fya89LoJvcP4cMv7yfpdJho999L77cEGYHmU1f9nOq+Rznum+Pzvv7xxLqTxbzzRub3M2y+FQfz5nc70yPb/+dPhlJ/323eXtdj/6ADlL3f/n63+7+IGsHj7l/WYV19cue//7Pq7bcWGnf2Wn09/agd6+2Dl34rlp6l5JPRXfuMXWfn5BaE+/Scrf1Of5d81/bsWV/5/Y/lptj36UL/lz9e4Uu2sR37eOJ3nzc8bJ7ez6U9te35A+V+70G36F9lR451YPqxnq6Wf2UFl+xGtnfbF9/8bXVze/n9blc02a/l9GJ+O6bQhTvc55P2dDFr/dH9F+h/YkX1/peD/Tf+/q9vnY1y0PqT+f9PyWI9/+W3p5rxM6VqXebtWtzWwWr23O4RG7ejNF0bgWkTX8OAfvnqh7DoMN2wcgTr0CPEor/R6jFRojC3ic61+4kquf6PRWNkTWgVKLZzS53/Zxwlll1/2/C+S9/+b78Pn/f/m+Xn/v3l+3v9vnj8Zf6Fe+Xn/v/n8zPv/zfPvy7437z94qiD/wwX5O7vntw7b7y/4/K6C/I8s5Dc7b8zz97byD3d8Q8p/oOD7dxfk31uQ/1BB/kcL8j9WkP9wQf6jbfntfUSn/I/3+Px66SY6PY/Sa/4Ba1f+fJ71H9aPdP2n1/q/vSAfWL1+/Nr+o8/8+uv1+ef/J1rnQ9J1vCMxXYvHTy/EdH7dO7Sl5/LejOm/Zvmjfr4D1pO8/Yz8//2Rgnxg9Ur3eVm/YR2qbOw+OMY9262Kca/9fFaXT8T4kzH+VIwfi/F0jPfFeH+MZ4ZUP1bG0dd/e+ilysLxft4+U7/3k+fPA3W0ExVCONBnffLzA4Pez5634zeopZa/yMfBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASlNtvs7OTlVCuPLGK8eePnF239yQw60x6s3X8bZUrfW5EB6P8ViMfx7f3L754qn2+E6MK2EmVEKlNTw8daNV0uYQwsWwJ1wN9bDzyrWX35p58sSl45f3vv3qoesrNwcAAABg7ftfAAAA//8BewvK")
open(&(0x7f0000000140)='./file1\x00', 0x141042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x40086e81, 0xfffffffffffffffe)

program did not crash
bisect: testing without sub-chunk 2/3
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 6, 4]
detailed listing:
executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 1:
r0 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})
r3 = open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='.\x00', 0x0)
symlinkat(&(0x7f0000000140)='./file1\x00', r3, &(0x7f0000000340)='./file0\x00')
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)
executing program 3:
syz_mount_image$nilfs2(&(0x7f0000000040), &(0x7f0000000300)='./file0\x00', 0x1a08008, &(0x7f00000002c0)=ANY=[], 0x1, 0xb0a, &(0x7f0000000340)="$eJzs3U2MW0fhAPCxd73JJuk/Tv8JXdLQJC205aObZrOEjwiSKhESUVMBl0oVlyhNQ0QIEkWiRJVIcuJGqypIcOFDnHqpCkKiFxT1gLhUopEqpJ4KBw5EQUTiQAOJ0XpnvPbE7rP3w8+7+/tJ4/G8efbMe37v+X3OBGDdqjZfZ2enKiFceeOVY39/+G+Tc0MOt8aoN1/H21K1EEIlpsez73tvbD6+ffPFU21xNaUrYab5mtLhqRutz24OIVwMe8LVUA87r1x7+a2ZJ09cOn5579uvHrq+QpMPAADryleuHprd8Zc/3b/t1msPHAkbWsPT/nk9prfE/f4jccc/7f9XQ2e60hbaTWTjjcdQnewcb6zLeO3l1LLxxnuUP5GVX+sx3obwweWPtQ3rNt2wmqXluB4q1emOdLU6PT1/TB6ax/UTlenzZ88993xJFQWW3b92hxD2tIWjlzvToxYO9zleGIG6ZqExAnUoK1SX8nscGV49bzXmlT2/hhUaW8vd/gAk2XXDu13MzywsTevbxvsr/8YT1e6fh2Uw7OV/oPInSi4/rFD5c/uXzfsS5ozw/A8h/OqSLQ7LZ60uTWm60nq0Jabz6wj5/Uu917/8Skfn0Px6RK3Peva6jrBari/0qufYkOuxWL3qny8Xa9UXYpzmwxez/Pb1J/9NV8tvDHT37/z8//DCwiX6ETgPKgirJnSuM7WlfFejtC0PMOry++Ya6fpolN/Xl+dvKMjfWJA/WZC/qSB/c54/OdDkw5r2m+/+KLxUWTjOz4/pBz0fn86z3RPj/xuwPvn5yEHLz+/7HdRSy8/vJ4ZR9ruTT5/+7LPPXJu//7/SWv7vxOU9HW7U47p1NY6Qzhfm59Vb9/7XO8up9hjv3qw+93QZv/l+e+d4le0L3xPatjN31WOq83Nbe423q3O8ejbeZAwbs/rm+yebss+l/Y+0XU3zazyb3lo2HRNZPdJ2ZVuM83rAYqTlsdf9/2n5nAq1ynNnz51+PKbTcvrHsdqGueH7h1xvYOn6ff5nKnQ+/7OlNbxWbd8ubF0YXpnfLrwev69z+EyrnDj8/fnhB2I6/c99Y2yyOXz61LfPPbv8kw/r2vPfv/DNk+fOnf6ON4t+86XRqMYgb9Jhy6jUZ928CdWRqEYfb0reMAErbt8P5ncCHjv7rZNnTp85ff7AwYMHZmYOfu7A7L7mfv2+9r37dhdLqC2wnBb+9MuuCQAAAAAAAAAAANCv7x0/du2dNz/z7vzz/wvP/6Xn/9Odv+n5/x9mz//nz8mn5+DTc4DbuuQ3x8kaWJ3IxqvF8P9Zfbdn5ezIPvehGLf68YvP/6fi8nZdU33uy4bXeiSz5gTuai9lImuDJO8v8MEYX47xL88M2kIKLKNK9wax8uW2V/vWaVlP7VO0tUvR0D7w6pF+t7Q0pHZM0vPfXdt1avuxt/VZju6mRsswHicsexqB7v5RXvvfQwiHs/Q/Fya89LoJvcP4cMv7yfpdJho999L77cEGYHmU1f9nOq+Rznum+Pzvv7xxLqTxbzzRub3M2y+FQfz5nc70yPb/+dPhlJ/323eXtdj/6ADlL3f/n63+7+IGsHj7l/WYV19cue//7Pq7bcWGnf2Wn09/agd6+2Dl34rlp6l5JPRXfuMXWfn5BaE+/Scrf1Of5d81/bsWV/5/Y/lptj36UL/lz9e4Uu2sR37eOJ3nzc8bJ7ez6U9te35A+V+70G36F9lR451YPqxnq6Wf2UFl+xGtnfbF9/8bXVze/n9blc02a/l9GJ+O6bQhTvc55P2dDFr/dH9F+h/YkX1/peD/Tf+/q9vnY1y0PqT+f9PyWI9/+W3p5rxM6VqXebtWtzWwWr23O4RG7ejNF0bgWkTX8OAfvnqh7DoMN2wcgTr0CPEor/R6jFRojC3ic61+4kquf6PRWNkTWgVKLZzS53/Zxwlll1/2/C+S9/+b78Pn/f/m+Xn/v3l+3v9vnj8Zf6Fe+Xn/v/n8zPv/zfPvy7437z94qiD/wwX5O7vntw7b7y/4/K6C/I8s5Dc7b8zz97byD3d8Q8p/oOD7dxfk31uQ/1BB/kcL8j9WkP9wQf6jbfntfUSn/I/3+Px66SY6PY/Sa/4Ba1f+fJ71H9aPdP2n1/q/vSAfWL1+/Nr+o8/8+uv1+ef/J1rnQ9J1vCMxXYvHTy/EdH7dO7Sl5/LejOm/Zvmjfr4D1pO8/Yz8//2Rgnxg9Ur3eVm/YR2qbOw+OMY9262Kca/9fFaXT8T4kzH+VIwfi/F0jPfFeH+MZ4ZUP1bG0dd/e+ilysLxft4+U7/3k+fPA3W0ExVCONBnffLzA4Pez5634zeopZa/yMfBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASlNtvs7OTlVCuPLGK8eePnF239yQw60x6s3X8bZUrfW5EB6P8ViMfx7f3L754qn2+E6MK2EmVEKlNTw8daNV0uYQwsWwJ1wN9bDzyrWX35p58sSl45f3vv3qoesrNwcAAABg7ftfAAAA//8BewvK")
open(&(0x7f0000000140)='./file1\x00', 0x141042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x40086e81, 0xfffffffffffffffe)

program crashed: KMSAN: kernel-infoleak in iowarrior_read
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 6]
detailed listing:
executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 1:
r0 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})
r3 = open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='.\x00', 0x0)
symlinkat(&(0x7f0000000140)='./file1\x00', r3, &(0x7f0000000340)='./file0\x00')
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

program crashed: KMSAN: kernel-infoleak in iowarrior_read
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 2 programs left: 

executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 1:
r0 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})
r3 = open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='.\x00', 0x0)
symlinkat(&(0x7f0000000140)='./file1\x00', r3, &(0x7f0000000340)='./file0\x00')
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)


bisect: trying to concatenate
bisect: concatenate 2 entries
minimizing program #0 before concatenation
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 6]
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
executing program 1:
r0 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})
r3 = open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='.\x00', 0x0)
symlinkat(&(0x7f0000000140)='./file1\x00', r3, &(0x7f0000000340)='./file0\x00')
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 6]
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 1:
r0 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})
r3 = open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='.\x00', 0x0)
symlinkat(&(0x7f0000000140)='./file1\x00', r3, &(0x7f0000000340)='./file0\x00')
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 6]
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
read$char_usb(0xffffffffffffffff, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 1:
r0 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})
r3 = open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='.\x00', 0x0)
symlinkat(&(0x7f0000000140)='./file1\x00', r3, &(0x7f0000000340)='./file0\x00')
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 6]
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 1:
r0 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})
r3 = open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='.\x00', 0x0)
symlinkat(&(0x7f0000000140)='./file1\x00', r3, &(0x7f0000000340)='./file0\x00')
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 6]
detailed listing:
executing program 0:
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r0, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x0, 0x0)
executing program 1:
r0 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})
r3 = open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='.\x00', 0x0)
symlinkat(&(0x7f0000000140)='./file1\x00', r3, &(0x7f0000000340)='./file0\x00')
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

program did not crash
minimized 5 calls -> 5 calls
minimizing program #1 before concatenation
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5]
detailed listing:
executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 0:
syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r0=>0x0, &(0x7f0000000280)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})
r2 = open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='.\x00', 0x0)
symlinkat(&(0x7f0000000140)='./file1\x00', r2, &(0x7f0000000340)='./file0\x00')

program crashed: KMSAN: kernel-infoleak in iowarrior_read
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 4]
detailed listing:
executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 0:
syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r0=>0x0, &(0x7f0000000280)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})
open_tree(0xffffffffffffff9c, &(0x7f00000006c0)='.\x00', 0x0)

program crashed: KMSAN: kernel-infoleak in iowarrior_read
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 3]
detailed listing:
executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 0:
syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r0=>0x0, &(0x7f0000000280)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18})

program crashed: KMSAN: kernel-infoleak in iowarrior_read
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 2]
detailed listing:
executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 0:
syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=<r0=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

program crashed: KMSAN: kernel-infoleak in iowarrior_read
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 1]
detailed listing:
executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 0:
syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280))

program crashed: KMSAN: kernel-infoleak in iowarrior_read
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 0]
detailed listing:
executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)
executing program 0:

program crashed: KMSAN: kernel-infoleak in iowarrior_read
minimized 6 calls -> 0 calls
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

program crashed: KMSAN: kernel-infoleak in iowarrior_read
bisect: concatenation succeeded
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)

program did not crash
testing program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

program did not crash
testing program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-read$char_usb-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
read$char_usb(0xffffffffffffffff, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

program did not crash
testing program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

program did not crash
testing program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r0, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x0, 0x0)

program did not crash
testing program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

program did not crash
testing program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

program did not crash
testing program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: KMSAN: kernel-infoleak in iowarrior_read
simplifying C reproducer
testing compiled C program (duration=6m12.015161918s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: KMSAN: kernel-infoleak in iowarrior_read
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: KMSAN: kernel-infoleak in iowarrior_read
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: KMSAN: kernel-infoleak in iowarrior_read
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: KMSAN: kernel-infoleak in iowarrior_read
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:false Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m12.015161918s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-read$char_usb-syz_usb_ep_write$ath9k_ep1
program crashed: KMSAN: kernel-infoleak in iowarrior_read
reproducing took 4h55m52.939426613s
repro crashed as (corrupted=false):
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in _inline_copy_to_user include/linux/uaccess.h:180 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:26
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 _inline_copy_to_user include/linux/uaccess.h:180 [inline]
 _copy_to_user+0xbc/0x110 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:209 [inline]
 iowarrior_read+0xb02/0xdc0 drivers/usb/misc/iowarrior.c:326
 vfs_read+0x2a1/0xf60 fs/read_write.c:474
 ksys_read+0x20f/0x4c0 fs/read_write.c:619
 __do_sys_read fs/read_write.c:629 [inline]
 __se_sys_read fs/read_write.c:627 [inline]
 __x64_sys_read+0x93/0xe0 fs/read_write.c:627
 x64_sys_call+0x3055/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:1
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:3998 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_noprof+0x661/0xf30 mm/slub.c:4174
 kmalloc_noprof include/linux/slab.h:685 [inline]
 kmalloc_array_noprof include/linux/slab.h:726 [inline]
 iowarrior_probe+0x10ea/0x1b90 drivers/usb/misc/iowarrior.c:836
 usb_probe_interface+0xd6f/0x1350 drivers/usb/core/driver.c:399
 really_probe+0x4db/0xd90 drivers/base/dd.c:657
 __driver_probe_device+0x2ab/0x5d0 drivers/base/dd.c:799
 driver_probe_device+0x72/0x890 drivers/base/dd.c:829
 __device_attach_driver+0x568/0x9e0 drivers/base/dd.c:957
 bus_for_each_drv+0x403/0x620 drivers/base/bus.c:457
 __device_attach+0x3c1/0x650 drivers/base/dd.c:1029
 device_initial_probe+0x32/0x40 drivers/base/dd.c:1078
 bus_probe_device+0x3dc/0x5c0 drivers/base/bus.c:532
 device_add+0x13aa/0x1ba0 drivers/base/core.c:3682
 usb_set_configuration+0x31c9/0x38d0 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0x109/0x2a0 drivers/usb/core/generic.c:254
 usb_probe_device+0x3a7/0x690 drivers/usb/core/driver.c:294
 really_probe+0x4db/0xd90 drivers/base/dd.c:657
 __driver_probe_device+0x2ab/0x5d0 drivers/base/dd.c:799
 driver_probe_device+0x72/0x890 drivers/base/dd.c:829
 __device_attach_driver+0x568/0x9e0 drivers/base/dd.c:957
 bus_for_each_drv+0x403/0x620 drivers/base/bus.c:457
 __device_attach+0x3c1/0x650 drivers/base/dd.c:1029
 device_initial_probe+0x32/0x40 drivers/base/dd.c:1078
 bus_probe_device+0x3dc/0x5c0 drivers/base/bus.c:532
 device_add+0x13aa/0x1ba0 drivers/base/core.c:3682
 usb_new_device+0x15f4/0x2470 drivers/usb/core/hub.c:2651
 hub_port_connect drivers/usb/core/hub.c:5521 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
 port_event drivers/usb/core/hub.c:5821 [inline]
 hub_event+0x4ffb/0x72d0 drivers/usb/core/hub.c:5903
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xae0/0x1c40 kernel/workqueue.c:3312
 worker_thread+0xea7/0x14d0 kernel/workqueue.c:3389
 kthread+0x3e2/0x540 kernel/kthread.c:389
 ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Bytes 0-72 of 73 are uninitialized
Memory access of size 73 starts at ffff88811c4b2000
Data copied to user address 0000000020000000

CPU: 1 UID: 0 PID: 5743 Comm: syz-executor183 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
=====================================================

final repro crashed as (corrupted=false):
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in _inline_copy_to_user include/linux/uaccess.h:180 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:26
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 _inline_copy_to_user include/linux/uaccess.h:180 [inline]
 _copy_to_user+0xbc/0x110 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:209 [inline]
 iowarrior_read+0xb02/0xdc0 drivers/usb/misc/iowarrior.c:326
 vfs_read+0x2a1/0xf60 fs/read_write.c:474
 ksys_read+0x20f/0x4c0 fs/read_write.c:619
 __do_sys_read fs/read_write.c:629 [inline]
 __se_sys_read fs/read_write.c:627 [inline]
 __x64_sys_read+0x93/0xe0 fs/read_write.c:627
 x64_sys_call+0x3055/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:1
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_post_alloc_hook mm/slub.c:3998 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_noprof+0x661/0xf30 mm/slub.c:4174
 kmalloc_noprof include/linux/slab.h:685 [inline]
 kmalloc_array_noprof include/linux/slab.h:726 [inline]
 iowarrior_probe+0x10ea/0x1b90 drivers/usb/misc/iowarrior.c:836
 usb_probe_interface+0xd6f/0x1350 drivers/usb/core/driver.c:399
 really_probe+0x4db/0xd90 drivers/base/dd.c:657
 __driver_probe_device+0x2ab/0x5d0 drivers/base/dd.c:799
 driver_probe_device+0x72/0x890 drivers/base/dd.c:829
 __device_attach_driver+0x568/0x9e0 drivers/base/dd.c:957
 bus_for_each_drv+0x403/0x620 drivers/base/bus.c:457
 __device_attach+0x3c1/0x650 drivers/base/dd.c:1029
 device_initial_probe+0x32/0x40 drivers/base/dd.c:1078
 bus_probe_device+0x3dc/0x5c0 drivers/base/bus.c:532
 device_add+0x13aa/0x1ba0 drivers/base/core.c:3682
 usb_set_configuration+0x31c9/0x38d0 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0x109/0x2a0 drivers/usb/core/generic.c:254
 usb_probe_device+0x3a7/0x690 drivers/usb/core/driver.c:294
 really_probe+0x4db/0xd90 drivers/base/dd.c:657
 __driver_probe_device+0x2ab/0x5d0 drivers/base/dd.c:799
 driver_probe_device+0x72/0x890 drivers/base/dd.c:829
 __device_attach_driver+0x568/0x9e0 drivers/base/dd.c:957
 bus_for_each_drv+0x403/0x620 drivers/base/bus.c:457
 __device_attach+0x3c1/0x650 drivers/base/dd.c:1029
 device_initial_probe+0x32/0x40 drivers/base/dd.c:1078
 bus_probe_device+0x3dc/0x5c0 drivers/base/bus.c:532
 device_add+0x13aa/0x1ba0 drivers/base/core.c:3682
 usb_new_device+0x15f4/0x2470 drivers/usb/core/hub.c:2651
 hub_port_connect drivers/usb/core/hub.c:5521 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
 port_event drivers/usb/core/hub.c:5821 [inline]
 hub_event+0x4ffb/0x72d0 drivers/usb/core/hub.c:5903
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xae0/0x1c40 kernel/workqueue.c:3312
 worker_thread+0xea7/0x14d0 kernel/workqueue.c:3389
 kthread+0x3e2/0x540 kernel/kthread.c:389
 ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Bytes 0-72 of 73 are uninitialized
Memory access of size 73 starts at ffff88811c4b2000
Data copied to user address 0000000020000000

CPU: 1 UID: 0 PID: 5743 Comm: syz-executor183 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
=====================================================