Extracting prog: 3m1.613645655s
Minimizing prog: 34m1.513432697s
Simplifying prog options: 0s
Extracting C: 30.438841607s
Simplifying C: 10m30.973719354s
extracting reproducer from 24 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-prctl$auto-ioperm$auto-mseal$auto-unshare$auto-syz_open_procfs$namespace-setns-mount$auto-close_range$auto-socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET-socket-recvmmsg$auto-pivot_root$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64)
ioperm$auto(0x7fb, 0x1, 0x4000007) (rerun: 64)
mseal$auto(0x0, 0x7dda, 0x0) (async, rerun: 64)
unshare$auto(0x20000) (async, rerun: 64)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid\x00')
setns(r0, 0x0)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64)
socket(0xa, 0x1, 0x100) (async, rerun: 64)
r1 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
socket(0x2b, 0x1, 0x1)
recvmmsg$auto(r1, &(0x7f0000000580)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x5, 0x80000001}, 0x4}, 0x3, 0x6, 0x0) (async, rerun: 64)
pivot_root$auto(&(0x7f0000000040)='..\x00', &(0x7f0000000080)='.\x00') (rerun: 64)
program crashed: general protection fault in __smc_diag_dump
single: successfully extracted reproducer
found reproducer with 15 syscalls
minimizing guilty program
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-prctl$auto-ioperm$auto-mseal$auto-unshare$auto-syz_open_procfs$namespace-setns-mount$auto-close_range$auto-socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET-socket-recvmmsg$auto
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64)
ioperm$auto(0x7fb, 0x1, 0x4000007) (rerun: 64)
mseal$auto(0x0, 0x7dda, 0x0) (async, rerun: 64)
unshare$auto(0x20000) (async, rerun: 64)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid\x00')
setns(r0, 0x0)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64)
socket(0xa, 0x1, 0x100) (async, rerun: 64)
r1 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
socket(0x2b, 0x1, 0x1)
recvmmsg$auto(r1, &(0x7f0000000580)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x5, 0x80000001}, 0x4}, 0x3, 0x6, 0x0) (async, rerun: 64)
program crashed: general protection fault in __smc_diag_dump
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-prctl$auto-ioperm$auto-mseal$auto-unshare$auto-syz_open_procfs$namespace-setns-mount$auto-close_range$auto-socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET-socket
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64)
ioperm$auto(0x7fb, 0x1, 0x4000007) (rerun: 64)
mseal$auto(0x0, 0x7dda, 0x0) (async, rerun: 64)
unshare$auto(0x20000) (async, rerun: 64)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid\x00')
setns(r0, 0x0)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64)
socket(0xa, 0x1, 0x100) (async, rerun: 64)
r1 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
socket(0x2b, 0x1, 0x1)
program crashed: general protection fault in __smc_diag_dump
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-prctl$auto-ioperm$auto-mseal$auto-unshare$auto-syz_open_procfs$namespace-setns-mount$auto-close_range$auto-socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64)
ioperm$auto(0x7fb, 0x1, 0x4000007) (rerun: 64)
mseal$auto(0x0, 0x7dda, 0x0) (async, rerun: 64)
unshare$auto(0x20000) (async, rerun: 64)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid\x00')
setns(r0, 0x0)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64)
socket(0xa, 0x1, 0x100) (async, rerun: 64)
r1 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program crashed: general protection fault in __smc_diag_dump
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-prctl$auto-ioperm$auto-mseal$auto-unshare$auto-syz_open_procfs$namespace-setns-mount$auto-close_range$auto-socket-socket
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64)
ioperm$auto(0x7fb, 0x1, 0x4000007) (rerun: 64)
mseal$auto(0x0, 0x7dda, 0x0) (async, rerun: 64)
unshare$auto(0x20000) (async, rerun: 64)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid\x00')
setns(r0, 0x0)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64)
socket(0xa, 0x1, 0x100) (async, rerun: 64)
socket(0x10, 0x2, 0x4)
program did not crash
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-prctl$auto-ioperm$auto-mseal$auto-unshare$auto-syz_open_procfs$namespace-setns-mount$auto-close_range$auto-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64)
ioperm$auto(0x7fb, 0x1, 0x4000007) (rerun: 64)
mseal$auto(0x0, 0x7dda, 0x0) (async, rerun: 64)
unshare$auto(0x20000) (async, rerun: 64)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid\x00')
setns(r0, 0x0)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64)
socket(0xa, 0x1, 0x100) (async, rerun: 64)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program did not crash
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-prctl$auto-ioperm$auto-mseal$auto-unshare$auto-syz_open_procfs$namespace-setns-mount$auto-close_range$auto-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64)
ioperm$auto(0x7fb, 0x1, 0x4000007) (rerun: 64)
mseal$auto(0x0, 0x7dda, 0x0) (async, rerun: 64)
unshare$auto(0x20000) (async, rerun: 64)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid\x00')
setns(r0, 0x0)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) (async)
close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64)
r1 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program did not crash
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-prctl$auto-ioperm$auto-mseal$auto-unshare$auto-syz_open_procfs$namespace-setns-mount$auto-socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64)
ioperm$auto(0x7fb, 0x1, 0x4000007) (rerun: 64)
mseal$auto(0x0, 0x7dda, 0x0) (async, rerun: 64)
unshare$auto(0x20000) (async, rerun: 64)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid\x00')
setns(r0, 0x0)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) (async)
socket(0xa, 0x1, 0x100) (async, rerun: 64)
r1 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program crashed: general protection fault in __smc_diag_dump
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-prctl$auto-ioperm$auto-mseal$auto-unshare$auto-syz_open_procfs$namespace-setns-socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64)
ioperm$auto(0x7fb, 0x1, 0x4000007) (rerun: 64)
mseal$auto(0x0, 0x7dda, 0x0) (async, rerun: 64)
unshare$auto(0x20000) (async, rerun: 64)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid\x00')
setns(r0, 0x0)
socket(0xa, 0x1, 0x100) (async, rerun: 64)
r1 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program crashed: general protection fault in __smc_diag_dump
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-prctl$auto-ioperm$auto-mseal$auto-unshare$auto-syz_open_procfs$namespace-socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64)
ioperm$auto(0x7fb, 0x1, 0x4000007) (rerun: 64)
mseal$auto(0x0, 0x7dda, 0x0) (async, rerun: 64)
unshare$auto(0x20000) (async, rerun: 64)
syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid\x00')
socket(0xa, 0x1, 0x100) (async, rerun: 64)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program crashed: general protection fault in __smc_diag_dump
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-prctl$auto-ioperm$auto-mseal$auto-unshare$auto-socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64)
ioperm$auto(0x7fb, 0x1, 0x4000007) (rerun: 64)
mseal$auto(0x0, 0x7dda, 0x0) (async, rerun: 64)
unshare$auto(0x20000) (async, rerun: 64)
socket(0xa, 0x1, 0x100) (async, rerun: 64)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program crashed: general protection fault in __smc_diag_dump
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-prctl$auto-ioperm$auto-mseal$auto-socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64)
ioperm$auto(0x7fb, 0x1, 0x4000007) (rerun: 64)
mseal$auto(0x0, 0x7dda, 0x0) (async, rerun: 64)
socket(0xa, 0x1, 0x100) (async, rerun: 64)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program crashed: general protection fault in __smc_diag_dump
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-prctl$auto-ioperm$auto-socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64)
ioperm$auto(0x7fb, 0x1, 0x4000007) (rerun: 64)
socket(0xa, 0x1, 0x100) (async, rerun: 64)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program crashed: general protection fault in __smc_diag_dump
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-prctl$auto-socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async, rerun: 64)
socket(0xa, 0x1, 0x100) (async, rerun: 64)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program crashed: general protection fault in __smc_diag_dump
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap$auto-socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x1, 0x100) (async, rerun: 64)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program crashed: general protection fault in __smc_diag_dump
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
socket(0xa, 0x1, 0x100) (async, rerun: 64)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program crashed: general protection fault in __smc_diag_dump
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
socket(0xa, 0x1, 0x100)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program did not crash
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
socket(0xa, 0x1, 0x100) (rerun: 64)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001400c7d2a2e1917949643de42b"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program crashed: general protection fault in __smc_diag_dump
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
socket(0xa, 0x1, 0x100) (rerun: 64)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, 0x0, 0x400c000)
program did not crash
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
socket(0xa, 0x1, 0x100) (rerun: 64)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program did not crash
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
socket(0xa, 0x1, 0x100) (rerun: 64)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program did not crash
testing program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
socket(0xa, 0x1, 0x100) (rerun: 64)
r0 = socket(0x10, 0x2, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000)
program did not crash
extracting C reproducer
testing compiled C program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
program crashed: general protection fault in __smc_diag_dump
simplifying C reproducer
testing compiled C program (duration=53.184905757s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
program did not crash
testing compiled C program (duration=53.184905757s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
program did not crash
testing compiled C program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
program did not crash
testing compiled C program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
program crashed: general protection fault in __smc_diag_dump
testing compiled C program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
program crashed: general protection fault in __smc_diag_dump
testing compiled C program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
program crashed: general protection fault in __smc_diag_dump
testing compiled C program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
program crashed: general protection fault in __smc_diag_dump
testing compiled C program (duration=53.184905757s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-sendmsg$auto_NFSD_CMD_THREADS_SET
program crashed: general protection fault in __smc_diag_dump
reproducing took 48m4.539657328s
repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc00000a2403: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: probably user-memory-access in range [0x0000000000512018-0x000000000051201f]
CPU: 0 UID: 0 PID: 5830 Comm: syz-executor600 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:smc_diag_msg_common_fill net/smc/smc_diag.c:44 [inline]
RIP: 0010:__smc_diag_dump.constprop.0+0x3de/0x23d0 net/smc/smc_diag.c:89
Code: 4c 8b b3 58 05 00 00 4d 85 f6 0f 84 f6 02 00 00 e8 97 07 b4 f6 49 8d 7e 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 eb 1d 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b
RSP: 0018:ffffc90003d87170 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff888079a3ec00 RCX: ffffffff894016a4
RDX: 00000000000a2403 RSI: ffffffff8b05d829 RDI: 0000000000512018
RBP: ffff8880348f0190 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000001 R11: 0000000000000002 R12: ffff888020f7c5e0
R13: 0000000000000000 R14: 0000000000512000 R15: ffff888079a3f158
FS: 00007fc87d4886c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000400000000140 CR3: 00000000784f6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
smc_diag_dump_proto+0x26d/0x420 net/smc/smc_diag.c:217
smc_diag_dump+0x84/0x90 net/smc/smc_diag.c:236
netlink_dump+0x53c/0xd00 net/netlink/af_netlink.c:2318
__netlink_dump_start+0x6ca/0x970 net/netlink/af_netlink.c:2433
netlink_dump_start include/linux/netlink.h:340 [inline]
smc_diag_handler_dump+0x1fb/0x240 net/smc/smc_diag.c:251
__sock_diag_cmd net/core/sock_diag.c:249 [inline]
sock_diag_rcv_msg+0x437/0x790 net/core/sock_diag.c:287
netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2543
netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1348
netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1892
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:733 [inline]
____sys_sendmsg+0xaaf/0xc90 net/socket.c:2573
___sys_sendmsg+0x135/0x1e0 net/socket.c:2627
__sys_sendmsg+0x16e/0x220 net/socket.c:2659
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc87d4cd459
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc87d488218 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc87d4cd459
RDX: 000000000400c000 RSI: 0000400000000140 RDI: 0000000000000044
RBP: 00007fc87d557308 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc87d557300
R13: 0000400000000380 R14: 0000400000000340 R15: 0000400000000150
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:smc_diag_msg_common_fill net/smc/smc_diag.c:44 [inline]
RIP: 0010:__smc_diag_dump.constprop.0+0x3de/0x23d0 net/smc/smc_diag.c:89
Code: 4c 8b b3 58 05 00 00 4d 85 f6 0f 84 f6 02 00 00 e8 97 07 b4 f6 49 8d 7e 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 eb 1d 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b
RSP: 0018:ffffc90003d87170 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff888079a3ec00 RCX: ffffffff894016a4
RDX: 00000000000a2403 RSI: ffffffff8b05d829 RDI: 0000000000512018
RBP: ffff8880348f0190 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000001 R11: 0000000000000002 R12: ffff888020f7c5e0
R13: 0000000000000000 R14: 0000000000512000 R15: ffff888079a3f158
FS: 00007fc87d4886c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000400000000140 CR3: 00000000784f6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 4c 8b b3 58 05 00 00 mov 0x558(%rbx),%r14
7: 4d 85 f6 test %r14,%r14
a: 0f 84 f6 02 00 00 je 0x306
10: e8 97 07 b4 f6 call 0xf6b407ac
15: 49 8d 7e 18 lea 0x18(%r14),%rdi
19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
20: fc ff df
23: 48 89 fa mov %rdi,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
* 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 0f 85 eb 1d 00 00 jne 0x1e1f
34: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
3b: fc ff df
3e: 4d rex.WRB
3f: 8b .byte 0x8b
final repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc00000a2403: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: probably user-memory-access in range [0x0000000000512018-0x000000000051201f]
CPU: 0 UID: 0 PID: 5830 Comm: syz-executor600 Not tainted 6.14.0-rc4-syzkaller-00090-gdd83757f6e68 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:smc_diag_msg_common_fill net/smc/smc_diag.c:44 [inline]
RIP: 0010:__smc_diag_dump.constprop.0+0x3de/0x23d0 net/smc/smc_diag.c:89
Code: 4c 8b b3 58 05 00 00 4d 85 f6 0f 84 f6 02 00 00 e8 97 07 b4 f6 49 8d 7e 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 eb 1d 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b
RSP: 0018:ffffc90003d87170 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff888079a3ec00 RCX: ffffffff894016a4
RDX: 00000000000a2403 RSI: ffffffff8b05d829 RDI: 0000000000512018
RBP: ffff8880348f0190 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000001 R11: 0000000000000002 R12: ffff888020f7c5e0
R13: 0000000000000000 R14: 0000000000512000 R15: ffff888079a3f158
FS: 00007fc87d4886c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000400000000140 CR3: 00000000784f6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
smc_diag_dump_proto+0x26d/0x420 net/smc/smc_diag.c:217
smc_diag_dump+0x84/0x90 net/smc/smc_diag.c:236
netlink_dump+0x53c/0xd00 net/netlink/af_netlink.c:2318
__netlink_dump_start+0x6ca/0x970 net/netlink/af_netlink.c:2433
netlink_dump_start include/linux/netlink.h:340 [inline]
smc_diag_handler_dump+0x1fb/0x240 net/smc/smc_diag.c:251
__sock_diag_cmd net/core/sock_diag.c:249 [inline]
sock_diag_rcv_msg+0x437/0x790 net/core/sock_diag.c:287
netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2543
netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1348
netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1892
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:733 [inline]
____sys_sendmsg+0xaaf/0xc90 net/socket.c:2573
___sys_sendmsg+0x135/0x1e0 net/socket.c:2627
__sys_sendmsg+0x16e/0x220 net/socket.c:2659
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc87d4cd459
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc87d488218 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc87d4cd459
RDX: 000000000400c000 RSI: 0000400000000140 RDI: 0000000000000044
RBP: 00007fc87d557308 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc87d557300
R13: 0000400000000380 R14: 0000400000000340 R15: 0000400000000150
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:smc_diag_msg_common_fill net/smc/smc_diag.c:44 [inline]
RIP: 0010:__smc_diag_dump.constprop.0+0x3de/0x23d0 net/smc/smc_diag.c:89
Code: 4c 8b b3 58 05 00 00 4d 85 f6 0f 84 f6 02 00 00 e8 97 07 b4 f6 49 8d 7e 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 eb 1d 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b
RSP: 0018:ffffc90003d87170 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff888079a3ec00 RCX: ffffffff894016a4
RDX: 00000000000a2403 RSI: ffffffff8b05d829 RDI: 0000000000512018
RBP: ffff8880348f0190 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000001 R11: 0000000000000002 R12: ffff888020f7c5e0
R13: 0000000000000000 R14: 0000000000512000 R15: ffff888079a3f158
FS: 00007fc87d4886c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000400000000140 CR3: 00000000784f6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 4c 8b b3 58 05 00 00 mov 0x558(%rbx),%r14
7: 4d 85 f6 test %r14,%r14
a: 0f 84 f6 02 00 00 je 0x306
10: e8 97 07 b4 f6 call 0xf6b407ac
15: 49 8d 7e 18 lea 0x18(%r14),%rdi
19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
20: fc ff df
23: 48 89 fa mov %rdi,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
* 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 0f 85 eb 1d 00 00 jne 0x1e1f
34: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
3b: fc ff df
3e: 4d rex.WRB
3f: 8b .byte 0x8b