Extracting prog: 5m57.556445025s
Minimizing prog: 59m48.905569824s
Simplifying prog options: 8m35.104616138s
Extracting C: 2m58.957665559s
Simplifying C: 0s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$cgroup_ro-syz_mount_image$ext4-socket$nl_generic-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000a40), 0x1, 0x57c, &(0x7f0000000380)="$eJzs3d9rW1UcAPDvTdOtW6frYAz1QQp7sDKXrq0/JghOEEF0OND3GdqsjKbLaNKx1sG2B/fiiwxBxIH4B/ju4/Af8K8Y6GDIKPrgS+QmN11sk/5aa+ry+cDdzrn3Zud8c+45OfeehAXQt0bTP3IRL0bE10nE0bZj+cgOjjbPW3l8YzrdkqjXP/0jiSTb1zo/yf4ezjIvRMQvX0acyq0vt7q0PFcsl0sLWX68Nn91vLq0fPryfHG2NFu6Mjk1dfaNqcm333pz12J99cJf331y/8OzX51c+fanh8fuJnEujmTH2uNY5/3hrRZxqz0zGqPZezIY59acOLGtmu9/Sa8rwI4MZP18MNIx4GgMRF5TQp+4GRF1oE8l+j/0qdY8oHVvv+F98DPo0XvNG6D18eebz0ZiqHFvdHglyZ6HNKU3SSO7UH5axs+/37ubbrHJc4ibu1AeQMut2xFxJp9fP/4l2fi3c2caD483traMfvv8gV66n85/Xus0/8mtzn+iw/xnuEPf3YnN+3/u4S4U01U6/3un4/x3degaGchyzzXmfIPJpcvl0pmIeD4ixmLwYJrfaD3n7MqDerdj7fO/dEvLb80Fs3o8zB/892tmirXi08Tc7tHtiJc6zn+T1fZPOrR/+n5c2GIZJ0r3Xu52bPP491b9x4hXOrb/k2WQZO36ZHboVnN9crxxPYy3ror1/rxz4tdu5Y990Nv40/Y/vHH8I0n7em11+2X8MPR3qduxnV7/B5LPGukD2b7rxVptYSLiQPLx+v2TT17byrfOT+MfO7nx+Nfp+j8UEZ9vMf47x+90PbXX138a/8y22n/7iQcfffF9t/K31v6vN1Jj2Z5O4199zarlViv41G8gAAAAAAAA7CO5iDgSSa6wms7lCoXm9zuOx+FcuVKtnbpUWbwyE43fyo7EYK610n207fsQE9n3YVv5yTX5qYg4FhHfDBxq5AvTlfJMr4MHAAAAAAAAAAAAAAAAAACAfWK4y+//U78N9Lp2wJ7L97oCQM9s2v934396AvYln//Qv/R/6F/6P/Qv/R/6l/4P/Uv/h/6l/0P/avT/oV7XAgAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4ZF86fT7f6yuMb02l+5trS4lzl2umZUnWuML84XZiuLFwtzFYqs+VSYboyv9m/V65Urk5MxuL18VqpWhuvLi1fnK8sXqldvDxfnC1dLA3+J1EBAAAAAAAAAAAAAAAAAADA/0t1aXmuWC6XFiS6Jt6NfVGNvQywaUcvz++XKCS6JoZ20Lg9HpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM0/AQAA//956jNb")
socket$nl_generic(0x11, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00', r0}, 0x5e)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$cgroup_ro-syz_mount_image$ext4-socket$nl_generic-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000a40), 0x1, 0x57c, &(0x7f0000000380)="$eJzs3d9rW1UcAPDvTdOtW6frYAz1QQp7sDKXrq0/JghOEEF0OND3GdqsjKbLaNKx1sG2B/fiiwxBxIH4B/ju4/Af8K8Y6GDIKPrgS+QmN11sk/5aa+ry+cDdzrn3Zud8c+45OfeehAXQt0bTP3IRL0bE10nE0bZj+cgOjjbPW3l8YzrdkqjXP/0jiSTb1zo/yf4ezjIvRMQvX0acyq0vt7q0PFcsl0sLWX68Nn91vLq0fPryfHG2NFu6Mjk1dfaNqcm333pz12J99cJf331y/8OzX51c+fanh8fuJnEujmTH2uNY5/3hrRZxqz0zGqPZezIY59acOLGtmu9/Sa8rwI4MZP18MNIx4GgMRF5TQp+4GRF1oE8l+j/0qdY8oHVvv+F98DPo0XvNG6D18eebz0ZiqHFvdHglyZ6HNKU3SSO7UH5axs+/37ubbrHJc4ibu1AeQMut2xFxJp9fP/4l2fi3c2caD483traMfvv8gV66n85/Xus0/8mtzn+iw/xnuEPf3YnN+3/u4S4U01U6/3un4/x3degaGchyzzXmfIPJpcvl0pmIeD4ixmLwYJrfaD3n7MqDerdj7fO/dEvLb80Fs3o8zB/892tmirXi08Tc7tHtiJc6zn+T1fZPOrR/+n5c2GIZJ0r3Xu52bPP491b9x4hXOrb/k2WQZO36ZHboVnN9crxxPYy3ror1/rxz4tdu5Y990Nv40/Y/vHH8I0n7em11+2X8MPR3qduxnV7/B5LPGukD2b7rxVptYSLiQPLx+v2TT17byrfOT+MfO7nx+Nfp+j8UEZ9vMf47x+90PbXX138a/8y22n/7iQcfffF9t/K31v6vN1Jj2Z5O4199zarlViv41G8gAAAAAAAA7CO5iDgSSa6wms7lCoXm9zuOx+FcuVKtnbpUWbwyE43fyo7EYK610n207fsQE9n3YVv5yTX5qYg4FhHfDBxq5AvTlfJMr4MHAAAAAAAAAAAAAAAAAACAfWK4y+//U78N9Lp2wJ7L97oCQM9s2v934396AvYln//Qv/R/6F/6P/Qv/R/6l/4P/Uv/h/6l/0P/avT/oV7XAgAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4ZF86fT7f6yuMb02l+5trS4lzl2umZUnWuML84XZiuLFwtzFYqs+VSYboyv9m/V65Urk5MxuL18VqpWhuvLi1fnK8sXqldvDxfnC1dLA3+J1EBAAAAAAAAAAAAAAAAAADA/0t1aXmuWC6XFiS6Jt6NfVGNvQywaUcvz++XKCS6JoZ20Lg9HpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM0/AQAA//956jNb")
socket$nl_generic(0x11, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00', r0}, 0x5e)

program crashed: lost connection to test machine
single: successfully extracted reproducer
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$cgroup_ro-syz_mount_image$ext4-socket$nl_generic-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD
detailed listing:
executing program 0:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000a40), 0x1, 0x57c, &(0x7f0000000380)="$eJzs3d9rW1UcAPDvTdOtW6frYAz1QQp7sDKXrq0/JghOEEF0OND3GdqsjKbLaNKx1sG2B/fiiwxBxIH4B/ju4/Af8K8Y6GDIKPrgS+QmN11sk/5aa+ry+cDdzrn3Zud8c+45OfeehAXQt0bTP3IRL0bE10nE0bZj+cgOjjbPW3l8YzrdkqjXP/0jiSTb1zo/yf4ezjIvRMQvX0acyq0vt7q0PFcsl0sLWX68Nn91vLq0fPryfHG2NFu6Mjk1dfaNqcm333pz12J99cJf331y/8OzX51c+fanh8fuJnEujmTH2uNY5/3hrRZxqz0zGqPZezIY59acOLGtmu9/Sa8rwI4MZP18MNIx4GgMRF5TQp+4GRF1oE8l+j/0qdY8oHVvv+F98DPo0XvNG6D18eebz0ZiqHFvdHglyZ6HNKU3SSO7UH5axs+/37ubbrHJc4ibu1AeQMut2xFxJp9fP/4l2fi3c2caD483traMfvv8gV66n85/Xus0/8mtzn+iw/xnuEPf3YnN+3/u4S4U01U6/3un4/x3degaGchyzzXmfIPJpcvl0pmIeD4ixmLwYJrfaD3n7MqDerdj7fO/dEvLb80Fs3o8zB/892tmirXi08Tc7tHtiJc6zn+T1fZPOrR/+n5c2GIZJ0r3Xu52bPP491b9x4hXOrb/k2WQZO36ZHboVnN9crxxPYy3ror1/rxz4tdu5Y990Nv40/Y/vHH8I0n7em11+2X8MPR3qduxnV7/B5LPGukD2b7rxVptYSLiQPLx+v2TT17byrfOT+MfO7nx+Nfp+j8UEZ9vMf47x+90PbXX138a/8y22n/7iQcfffF9t/K31v6vN1Jj2Z5O4199zarlViv41G8gAAAAAAAA7CO5iDgSSa6wms7lCoXm9zuOx+FcuVKtnbpUWbwyE43fyo7EYK610n207fsQE9n3YVv5yTX5qYg4FhHfDBxq5AvTlfJMr4MHAAAAAAAAAAAAAAAAAACAfWK4y+//U78N9Lp2wJ7L97oCQM9s2v934396AvYln//Qv/R/6F/6P/Qv/R/6l/4P/Uv/h/6l/0P/avT/oV7XAgAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4ZF86fT7f6yuMb02l+5trS4lzl2umZUnWuML84XZiuLFwtzFYqs+VSYboyv9m/V65Urk5MxuL18VqpWhuvLi1fnK8sXqldvDxfnC1dLA3+J1EBAAAAAAAAAAAAAAAAAADA/0t1aXmuWC6XFiS6Jt6NfVGNvQywaUcvz++XKCS6JoZ20Lg9HpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM0/AQAA//956jNb")
socket$nl_generic(0x11, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$cgroup_ro-syz_mount_image$ext4-socket$nl_generic-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000a40), 0x1, 0x57c, &(0x7f0000000380)="$eJzs3d9rW1UcAPDvTdOtW6frYAz1QQp7sDKXrq0/JghOEEF0OND3GdqsjKbLaNKx1sG2B/fiiwxBxIH4B/ju4/Af8K8Y6GDIKPrgS+QmN11sk/5aa+ry+cDdzrn3Zud8c+45OfeehAXQt0bTP3IRL0bE10nE0bZj+cgOjjbPW3l8YzrdkqjXP/0jiSTb1zo/yf4ezjIvRMQvX0acyq0vt7q0PFcsl0sLWX68Nn91vLq0fPryfHG2NFu6Mjk1dfaNqcm333pz12J99cJf331y/8OzX51c+fanh8fuJnEujmTH2uNY5/3hrRZxqz0zGqPZezIY59acOLGtmu9/Sa8rwI4MZP18MNIx4GgMRF5TQp+4GRF1oE8l+j/0qdY8oHVvv+F98DPo0XvNG6D18eebz0ZiqHFvdHglyZ6HNKU3SSO7UH5axs+/37ubbrHJc4ibu1AeQMut2xFxJp9fP/4l2fi3c2caD483traMfvv8gV66n85/Xus0/8mtzn+iw/xnuEPf3YnN+3/u4S4U01U6/3un4/x3degaGchyzzXmfIPJpcvl0pmIeD4ixmLwYJrfaD3n7MqDerdj7fO/dEvLb80Fs3o8zB/892tmirXi08Tc7tHtiJc6zn+T1fZPOrR/+n5c2GIZJ0r3Xu52bPP491b9x4hXOrb/k2WQZO36ZHboVnN9crxxPYy3ror1/rxz4tdu5Y990Nv40/Y/vHH8I0n7em11+2X8MPR3qduxnV7/B5LPGukD2b7rxVptYSLiQPLx+v2TT17byrfOT+MfO7nx+Nfp+j8UEZ9vMf47x+90PbXX138a/8y22n/7iQcfffF9t/K31v6vN1Jj2Z5O4199zarlViv41G8gAAAAAAAA7CO5iDgSSa6wms7lCoXm9zuOx+FcuVKtnbpUWbwyE43fyo7EYK610n207fsQE9n3YVv5yTX5qYg4FhHfDBxq5AvTlfJMr4MHAAAAAAAAAAAAAAAAAACAfWK4y+//U78N9Lp2wJ7L97oCQM9s2v934396AvYln//Qv/R/6F/6P/Qv/R/6l/4P/Uv/h/6l/0P/avT/oV7XAgAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4ZF86fT7f6yuMb02l+5trS4lzl2umZUnWuML84XZiuLFwtzFYqs+VSYboyv9m/V65Urk5MxuL18VqpWhuvLi1fnK8sXqldvDxfnC1dLA3+J1EBAAAAAAAAAAAAAAAAAADA/0t1aXmuWC6XFiS6Jt6NfVGNvQywaUcvz++XKCS6JoZ20Lg9HpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM0/AQAA//956jNb")
socket$nl_generic(0x11, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00'}, 0x5e)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$cgroup_ro-syz_mount_image$ext4-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000a40), 0x1, 0x57c, &(0x7f0000000380)="$eJzs3d9rW1UcAPDvTdOtW6frYAz1QQp7sDKXrq0/JghOEEF0OND3GdqsjKbLaNKx1sG2B/fiiwxBxIH4B/ju4/Af8K8Y6GDIKPrgS+QmN11sk/5aa+ry+cDdzrn3Zud8c+45OfeehAXQt0bTP3IRL0bE10nE0bZj+cgOjjbPW3l8YzrdkqjXP/0jiSTb1zo/yf4ezjIvRMQvX0acyq0vt7q0PFcsl0sLWX68Nn91vLq0fPryfHG2NFu6Mjk1dfaNqcm333pz12J99cJf331y/8OzX51c+fanh8fuJnEujmTH2uNY5/3hrRZxqz0zGqPZezIY59acOLGtmu9/Sa8rwI4MZP18MNIx4GgMRF5TQp+4GRF1oE8l+j/0qdY8oHVvv+F98DPo0XvNG6D18eebz0ZiqHFvdHglyZ6HNKU3SSO7UH5axs+/37ubbrHJc4ibu1AeQMut2xFxJp9fP/4l2fi3c2caD483traMfvv8gV66n85/Xus0/8mtzn+iw/xnuEPf3YnN+3/u4S4U01U6/3un4/x3degaGchyzzXmfIPJpcvl0pmIeD4ixmLwYJrfaD3n7MqDerdj7fO/dEvLb80Fs3o8zB/892tmirXi08Tc7tHtiJc6zn+T1fZPOrR/+n5c2GIZJ0r3Xu52bPP491b9x4hXOrb/k2WQZO36ZHboVnN9crxxPYy3ror1/rxz4tdu5Y990Nv40/Y/vHH8I0n7em11+2X8MPR3qduxnV7/B5LPGukD2b7rxVptYSLiQPLx+v2TT17byrfOT+MfO7nx+Nfp+j8UEZ9vMf47x+90PbXX138a/8y22n/7iQcfffF9t/K31v6vN1Jj2Z5O4199zarlViv41G8gAAAAAAAA7CO5iDgSSa6wms7lCoXm9zuOx+FcuVKtnbpUWbwyE43fyo7EYK610n207fsQE9n3YVv5yTX5qYg4FhHfDBxq5AvTlfJMr4MHAAAAAAAAAAAAAAAAAACAfWK4y+//U78N9Lp2wJ7L97oCQM9s2v934396AvYln//Qv/R/6F/6P/Qv/R/6l/4P/Uv/h/6l/0P/avT/oV7XAgAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4ZF86fT7f6yuMb02l+5trS4lzl2umZUnWuML84XZiuLFwtzFYqs+VSYboyv9m/V65Urk5MxuL18VqpWhuvLi1fnK8sXqldvDxfnC1dLA3+J1EBAAAAAAAAAAAAAAAAAADA/0t1aXmuWC6XFiS6Jt6NfVGNvQywaUcvz++XKCS6JoZ20Lg9HpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM0/AQAA//956jNb")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00', r0}, 0x5e)

program crashed: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$cgroup_ro-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00', r0}, 0x5e)

program crashed: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00', r0}, 0x5e)

program crashed: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00', r0}, 0x5e)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00', r0}, 0x5e)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00', r0}, 0x5e)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00', r0}, 0x5e)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
program did not crash
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00', r0}, 0x5e)

program crashed: KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
a never seen crash title: KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user, ignore
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00', r0}, 0x5e)

program crashed: lost connection to test machine
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00', r0}, 0x5e)

program crashed: KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00', r0}, 0x5e)

program crashed: lost connection to test machine
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN
detailed listing:
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000dc0)='rcu_utilization\x00', r0}, 0x5e)

program crashed: KMSAN: kernel-infoleak-after-free in copy_siginfo_to_user
validation run: crashed=true
reproducing took 1h22m14.91843249s
repro crashed as (corrupted=false):
=====================================================
BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak-after-free in _inline_copy_to_user include/linux/uaccess.h:196 [inline]
BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 _inline_copy_to_user include/linux/uaccess.h:196 [inline]
 _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:225 [inline]
 copy_siginfo_to_user+0x3f/0x140 kernel/signal.c:3503
 x64_setup_rt_frame+0x1392/0x2590 arch/x86/kernel/signal_64.c:194
 setup_rt_frame arch/x86/kernel/signal.c:250 [inline]
 handle_signal arch/x86/kernel/signal.c:294 [inline]
 arch_do_signal_or_restart+0x5db/0xb90 arch/x86/kernel/signal.c:339
 exit_to_user_mode_loop+0xe7/0x370 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x1e3/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 copy_siginfo include/linux/signal.h:18 [inline]
 collect_signal kernel/signal.c:575 [inline]
 __dequeue_signal+0x4d6/0x970 kernel/signal.c:609
 dequeue_signal+0x1c0/0x840 kernel/signal.c:632
 get_signal+0xbf6/0x2a20 kernel/signal.c:2914
 arch_do_signal_or_restart+0x53/0xb90 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0xe7/0x370 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x1e3/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_free_hook mm/slub.c:2469 [inline]
 slab_free mm/slub.c:6642 [inline]
 kmem_cache_free+0x2b0/0x1490 mm/slub.c:6752
 __sigqueue_free+0x23a/0x270 kernel/signal.c:475
 collect_signal kernel/signal.c:587 [inline]
 __dequeue_signal+0x66b/0x970 kernel/signal.c:609
 dequeue_signal+0x1c0/0x840 kernel/signal.c:632
 get_signal+0xbf6/0x2a20 kernel/signal.c:2914
 arch_do_signal_or_restart+0x53/0xb90 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0xe7/0x370 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x1e3/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Bytes 12-15 of 48 are uninitialized
Memory access of size 48 starts at ffff888118003de0
Data copied to user address 00007ffe3e026fb0

CPU: 0 UID: 0 PID: 6011 Comm: syz.0.29 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
=====================================================

final repro crashed as (corrupted=false):
=====================================================
BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak-after-free in _inline_copy_to_user include/linux/uaccess.h:196 [inline]
BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 instrument_copy_to_user include/linux/instrumented.h:114 [inline]
 _inline_copy_to_user include/linux/uaccess.h:196 [inline]
 _copy_to_user+0xcc/0x120 lib/usercopy.c:26
 copy_to_user include/linux/uaccess.h:225 [inline]
 copy_siginfo_to_user+0x3f/0x140 kernel/signal.c:3503
 x64_setup_rt_frame+0x1392/0x2590 arch/x86/kernel/signal_64.c:194
 setup_rt_frame arch/x86/kernel/signal.c:250 [inline]
 handle_signal arch/x86/kernel/signal.c:294 [inline]
 arch_do_signal_or_restart+0x5db/0xb90 arch/x86/kernel/signal.c:339
 exit_to_user_mode_loop+0xe7/0x370 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x1e3/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was stored to memory at:
 copy_siginfo include/linux/signal.h:18 [inline]
 collect_signal kernel/signal.c:575 [inline]
 __dequeue_signal+0x4d6/0x970 kernel/signal.c:609
 dequeue_signal+0x1c0/0x840 kernel/signal.c:632
 get_signal+0xbf6/0x2a20 kernel/signal.c:2914
 arch_do_signal_or_restart+0x53/0xb90 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0xe7/0x370 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x1e3/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_free_hook mm/slub.c:2469 [inline]
 slab_free mm/slub.c:6642 [inline]
 kmem_cache_free+0x2b0/0x1490 mm/slub.c:6752
 __sigqueue_free+0x23a/0x270 kernel/signal.c:475
 collect_signal kernel/signal.c:587 [inline]
 __dequeue_signal+0x66b/0x970 kernel/signal.c:609
 dequeue_signal+0x1c0/0x840 kernel/signal.c:632
 get_signal+0xbf6/0x2a20 kernel/signal.c:2914
 arch_do_signal_or_restart+0x53/0xb90 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0xe7/0x370 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x1e3/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Bytes 12-15 of 48 are uninitialized
Memory access of size 48 starts at ffff888118003de0
Data copied to user address 00007ffe3e026fb0

CPU: 0 UID: 0 PID: 6011 Comm: syz.0.29 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
=====================================================