Extracting prog: 17m15.015173204s Minimizing prog: 24m19.45856444s Simplifying prog options: 0s Extracting C: 2m15.209635189s Simplifying C: 10m55.265869911s extracting reproducer from 24 programs testing a last program of every proc single: executing 4 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): gettid-timer_create-timer_settime-socket$unix-socket$unix-connect$unix-sendmmsg detailed listing: executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000000)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$unix(0x1, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sequencer2-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$sndmidi-writev-openat$nullb-sendfile detailed listing: executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r1, r1, 0x0, 0x200000) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): preadv-socket$nl_route-socket$netlink-setsockopt$netlink_NETLINK_BROADCAST_ERROR-openat$audio-ioctl$SNDCTL_DSP_SETFRAGMENT-write$RDMA_USER_CM_CMD_CREATE_ID-openat$binderfs-prctl$PR_SCHED_CORE-prlimit64-socket-connect$inet-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-pselect6-mmap$IORING_OFF_SQ_RING-userfaultfd-ioctl$UFFDIO_API-read-syz_io_uring_setup-ioctl$UFFDIO_CONTINUE detailed listing: executing program 0: preadv(0xffffffffffffffff, &(0x7f00000026c0)=[{&(0x7f0000002700)=""/4088, 0xff8}], 0x1, 0x17c, 0x2) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x17ff, 0x4) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080)) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r2 = socket(0x840000000002, 0x3, 0x100) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x1000001000, 0x46}, 0x0, &(0x7f0000000000)={0x3ff, 0x7, 0xff00, 0x9, 0x0, 0xf, 0x7ffffffe}, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x1) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x8}) read(r4, &(0x7f0000000140)=""/116, 0x74) syz_io_uring_setup(0x131, &(0x7f0000000600)={0x0, 0x800006, 0x2}, &(0x7f0000ffe000), 0x0, 0x0) ioctl$UFFDIO_CONTINUE(r4, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ecm-syz_usb_control_io$hid-syz_open_dev$char_usb-syz_usb_control_io$rtl8150-write$char_usb-syz_usb_control_io$cdc_ncm-syz_usb_control_io$printer-close-socket-connect$tipc-landlock_create_ruleset-syz_usb_control_io$hid-landlock_restrict_self detailed listing: executing program 0: r0 = syz_usb_connect(0x0, 0x371, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000057ec0020c215dcff30bd0102030109025f03019b000000090400000b403b4e000905e2379c"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) write$char_usb(r1, &(0x7f0000006800), 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) close(r1) r2 = socket(0x1e, 0x1, 0x0) connect$tipc(r2, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) r3 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) landlock_restrict_self(r3, 0xe) program did not crash single: failed to extract reproducer bisect: bisecting 24 programs with base timeout 30s testing program (duration=36s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [8, 8, 8, 7, 10, 3, 2, 8, 3, 23, 8, 7, 3, 3, 2, 3, 15, 8, 5, 2, 23, 5, 8, 7] detailed listing: executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r1, r1, 0x0, 0x200000) executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000280)='veno', 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}], 0x5) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r1, r1, 0x0, 0x200000) executing program 1: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000000)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$unix(0x1, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) executing program 0: r0 = syz_usb_connect(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b510f210950b2a7773820102030109022400010000000009042200028953950009050a02ff0300fa000905820250"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000380)={0x1c, &(0x7f0000000240)=ANY=[@ANYBLOB="200507"], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000580)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="400d03"], 0x0, 0x0}) syz_usb_control_io$uac2(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac3(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, 0x0) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000002dc0)=@userptr={0x20, 0x1, 0x4, 0x0, 0x1, {}, {0x1, 0xc, 0x9, 0xc, 0x6, 0x8, "bf240fef"}, 0x3, 0x2, {0x0}, 0x96000}) executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCFLSH(r0, 0x80045439, 0x40bea7b87a0000) executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000280)='veno', 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}], 0x5) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) executing program 2: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = dup(r0) connect$inet(r1, 0x0, 0x0) executing program 2: preadv(0xffffffffffffffff, &(0x7f00000026c0)=[{&(0x7f0000002700)=""/4088, 0xff8}], 0x1, 0x17c, 0x2) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x17ff, 0x4) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080)) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r2 = socket(0x840000000002, 0x3, 0x100) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x1000001000, 0x46}, 0x0, &(0x7f0000000000)={0x3ff, 0x7, 0xff00, 0x9, 0x0, 0xf, 0x7ffffffe}, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x1) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x8}) read(r4, &(0x7f0000000140)=""/116, 0x74) syz_io_uring_setup(0x131, &(0x7f0000000600)={0x0, 0x800006, 0x2}, &(0x7f0000ffe000), 0x0, 0x0) ioctl$UFFDIO_CONTINUE(r4, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) executing program 1: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r1, r1, 0x0, 0x200000) executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000000)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$unix(0x1, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x109201, 0x0) ioctl$DMA_BUF_SET_NAME_A(0xffffffffffffffff, 0x40046201, &(0x7f0000000180)='/dev/dma_heap/system\x00') executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, 0x0) executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCFLSH(r0, 0x80045439, 0x40bea7b87a0000) executing program 3: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = dup(r0) connect$inet(r1, 0x0, 0x0) executing program 1: r0 = syz_usb_connect(0x0, 0x371, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000057ec0020c215dcff30bd0102030109025f03019b000000090400000b403b4e000905e2379c"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) write$char_usb(r1, &(0x7f0000006800), 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) close(r1) r2 = socket(0x1e, 0x1, 0x0) connect$tipc(r2, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) r3 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) landlock_restrict_self(r3, 0xe) executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000280)='veno', 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window], 0x5) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000c00), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000cc0), 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000380)={0x5, r2}) executing program 3: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000003fc0), 0x0, 0x0) ioctl$SOUND_MIXER_READ_DEVMASK(r0, 0xc0044dff, 0x0) executing program 3: preadv(0xffffffffffffffff, &(0x7f00000026c0)=[{&(0x7f0000002700)=""/4088, 0xff8}], 0x1, 0x17c, 0x2) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x17ff, 0x4) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080)) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r2 = socket(0x840000000002, 0x3, 0x100) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x1000001000, 0x46}, 0x0, &(0x7f0000000000)={0x3ff, 0x7, 0xff00, 0x9, 0x0, 0xf, 0x7ffffffe}, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x1) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x8}) read(r4, &(0x7f0000000140)=""/116, 0x74) syz_io_uring_setup(0x131, &(0x7f0000000600)={0x0, 0x800006, 0x2}, &(0x7f0000ffe000), 0x0, 0x0) ioctl$UFFDIO_CONTINUE(r4, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x109201, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0}) ioctl$DMA_BUF_SET_NAME_A(r2, 0x40046201, &(0x7f0000000180)='/dev/dma_heap/system\x00') ioctl$DMA_BUF_SET_NAME_A(r2, 0x40046201, &(0x7f0000000140)='GPL\x00') executing program 2: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r1, r1, 0x0, 0x200000) executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000000)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$unix(0x1, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) program did not crash replaying the whole log did not cause a kernel crash single: executing 4 programs separately with timeout 1m40s testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): gettid-timer_create-timer_settime-socket$unix-socket$unix-connect$unix-sendmmsg detailed listing: executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000000)=0x0) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$unix(0x1, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sequencer2-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$sndmidi-writev-openat$nullb-sendfile detailed listing: executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r1, r1, 0x0, 0x200000) program crashed: WARNING in hrtick_start_fair single: successfully extracted reproducer found reproducer with 8 syscalls minimizing guilty program testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sequencer2-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$sndmidi-writev-openat$nullb detailed listing: executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) program crashed: WARNING in hrtick_start_fair testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sequencer2-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$sndmidi-writev detailed listing: executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) program crashed: WARNING in hrtick_start_fair testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sequencer2-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$sndmidi detailed listing: executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) program crashed: WARNING in hrtick_start_fair testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sequencer2-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler detailed listing: executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) program crashed: general protection fault in __schedule testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sequencer2-prctl$PR_SCHED_CORE-prlimit64 detailed listing: executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) program crashed: WARNING in hrtick_start_fair testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sequencer2-prctl$PR_SCHED_CORE detailed listing: executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sequencer2-prlimit64 detailed listing: executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64 detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) program crashed: WARNING in hrtick_start_fair testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64 detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) program crashed: general protection fault in __schedule extracting C reproducer testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64 program crashed: WARNING in hrtick_start_fair simplifying C reproducer testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64 program crashed: WARNING in hrtick_start_fair testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64 program crashed: WARNING in hrtick_start_fair testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64 program crashed: WARNING in hrtick_start_fair testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64 program crashed: WARNING in hrtick_start_fair testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64 program crashed: WARNING in hrtick_start_fair testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64 program crashed: WARNING in hrtick_start_fair testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64 program crashed: WARNING in hrtick_start_fair testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64 detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) program crashed: WARNING in hrtick_start_fair validation run: crashed=true testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64 detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) program crashed: WARNING in hrtick_start_fair validation run: crashed=true testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64 detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) program crashed: WARNING in hrtick_start_fair validation run: crashed=true reproducing took 1h1m37.278617541s repro crashed as (corrupted=false): ------------[ cut here ]------------ task_rq(p) != rq WARNING: kernel/sched/fair.c:7656 at hrtick_start_fair+0x196/0x1f0 kernel/sched/fair.c:7656, CPU#0: kworker/0:2/898 Modules linked in: CPU: 0 UID: 0 PID: 898 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Workqueue: events_power_efficient wg_ratelimiter_gc_entries RIP: 0010:hrtick_start_fair+0x196/0x1f0 kernel/sched/fair.c:7656 Code: 42 80 3c 20 00 74 08 4c 89 ff e8 85 e3 97 00 4d 39 37 0f 85 0c ff ff ff 48 89 df 5b 41 5c 41 5d 41 5e 41 5f e9 4b 65 fa ff 90 <0f> 0b 90 e9 d1 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 82 RSP: 0018:ffffc900052f75e0 EFLAGS: 00010087 RAX: ffff8880b873ba40 RBX: ffff8880b863ba40 RCX: ffffffff8197c7de RDX: 0000000000000000 RSI: ffff88802d8ddd00 RDI: ffff8880b863ba40 RBP: dffffc0000000000 R08: ffffffff8fcf0b0f R09: 1ffffffff1f9e161 R10: dffffc0000000000 R11: fffffbfff1f9e162 R12: dffffc0000000000 R13: 1ffff110170c78d6 R14: ffff88802d8ddd00 R15: ffffffff8dc217d8 FS: 0000000000000000(0000) GS:ffff888125a76000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b33e63fff CR3: 000000000e1b8000 CR4: 00000000003526f0 Call Trace: set_next_task_fair+0xa68/0xce0 kernel/sched/fair.c:15058 put_prev_set_next_task kernel/sched/sched.h:2770 [inline] pick_next_task kernel/sched/core.c:6443 [inline] __schedule+0x3e03/0x5550 kernel/sched/core.c:7144 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7553 irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline] irqentry_exit+0x14f/0x8c0 kernel/entry/common.c:167 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674 RIP: 0010:lock_is_held_type+0x106/0x150 kernel/locking/lockdep.c:5947 Code: 1a 00 00 b8 ff ff ff ff 65 0f c1 05 6c bd 7d 07 83 f8 01 75 25 9c 58 a9 00 02 00 00 75 39 41 f7 c4 00 02 00 00 74 01 fb 89 d8 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 90 0f 0b 90 48 c7 RSP: 0018:ffffc900052f7990 EFLAGS: 00000206 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000046 RDX: 0000000000000000 RSI: ffffffff8dbda93e RDI: ffffffff8bcc4580 RBP: 00000000ffffffff R08: ffffffff860c74cd R09: ffffffff8eeeddd8 R10: dffffc0000000000 R11: fffffbfff1f9e15f R12: 0000000000000246 R13: ffff888026b89f00 R14: ffffffff8e3cb360 R15: 0000000000000003 lock_is_held include/linux/lockdep.h:249 [inline] __might_resched+0x37/0x480 kernel/sched/core.c:9156 __rt_spin_lock kernel/locking/spinlock_rt.c:48 [inline] rt_spin_lock+0xc2/0x400 kernel/locking/spinlock_rt.c:57 spin_lock include/linux/spinlock_rt.h:45 [inline] wg_ratelimiter_gc_entries+0x5d/0x480 drivers/net/wireguard/ratelimiter.c:63 process_one_work+0x98b/0x1630 kernel/workqueue.c:3326 process_scheduled_works kernel/workqueue.c:3409 [inline] worker_thread+0xb49/0x1140 kernel/workqueue.c:3490 kthread+0x388/0x470 kernel/kthread.c:436 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 ---------------- Code disassembly (best guess): 0: 1a 00 sbb (%rax),%al 2: 00 b8 ff ff ff ff add %bh,-0x1(%rax) 8: 65 0f c1 05 6c bd 7d xadd %eax,%gs:0x77dbd6c(%rip) # 0x77dbd7c f: 07 10: 83 f8 01 cmp $0x1,%eax 13: 75 25 jne 0x3a 15: 9c pushf 16: 58 pop %rax 17: a9 00 02 00 00 test $0x200,%eax 1c: 75 39 jne 0x57 1e: 41 f7 c4 00 02 00 00 test $0x200,%r12d 25: 74 01 je 0x28 27: fb sti 28: 89 d8 mov %ebx,%eax * 2a: 5b pop %rbx <-- trapping instruction 2b: 41 5c pop %r12 2d: 41 5d pop %r13 2f: 41 5e pop %r14 31: 41 5f pop %r15 33: 5d pop %rbp 34: c3 ret 35: cc int3 36: cc int3 37: cc int3 38: cc int3 39: cc int3 3a: 90 nop 3b: 0f 0b ud2 3d: 90 nop 3e: 48 rex.W 3f: c7 .byte 0xc7 final repro crashed as (corrupted=false): ------------[ cut here ]------------ task_rq(p) != rq WARNING: kernel/sched/fair.c:7656 at hrtick_start_fair+0x196/0x1f0 kernel/sched/fair.c:7656, CPU#0: kworker/0:2/898 Modules linked in: CPU: 0 UID: 0 PID: 898 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Workqueue: events_power_efficient wg_ratelimiter_gc_entries RIP: 0010:hrtick_start_fair+0x196/0x1f0 kernel/sched/fair.c:7656 Code: 42 80 3c 20 00 74 08 4c 89 ff e8 85 e3 97 00 4d 39 37 0f 85 0c ff ff ff 48 89 df 5b 41 5c 41 5d 41 5e 41 5f e9 4b 65 fa ff 90 <0f> 0b 90 e9 d1 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 82 RSP: 0018:ffffc900052f75e0 EFLAGS: 00010087 RAX: ffff8880b873ba40 RBX: ffff8880b863ba40 RCX: ffffffff8197c7de RDX: 0000000000000000 RSI: ffff88802d8ddd00 RDI: ffff8880b863ba40 RBP: dffffc0000000000 R08: ffffffff8fcf0b0f R09: 1ffffffff1f9e161 R10: dffffc0000000000 R11: fffffbfff1f9e162 R12: dffffc0000000000 R13: 1ffff110170c78d6 R14: ffff88802d8ddd00 R15: ffffffff8dc217d8 FS: 0000000000000000(0000) GS:ffff888125a76000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b33e63fff CR3: 000000000e1b8000 CR4: 00000000003526f0 Call Trace: set_next_task_fair+0xa68/0xce0 kernel/sched/fair.c:15058 put_prev_set_next_task kernel/sched/sched.h:2770 [inline] pick_next_task kernel/sched/core.c:6443 [inline] __schedule+0x3e03/0x5550 kernel/sched/core.c:7144 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7553 irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline] irqentry_exit+0x14f/0x8c0 kernel/entry/common.c:167 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674 RIP: 0010:lock_is_held_type+0x106/0x150 kernel/locking/lockdep.c:5947 Code: 1a 00 00 b8 ff ff ff ff 65 0f c1 05 6c bd 7d 07 83 f8 01 75 25 9c 58 a9 00 02 00 00 75 39 41 f7 c4 00 02 00 00 74 01 fb 89 d8 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 90 0f 0b 90 48 c7 RSP: 0018:ffffc900052f7990 EFLAGS: 00000206 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000046 RDX: 0000000000000000 RSI: ffffffff8dbda93e RDI: ffffffff8bcc4580 RBP: 00000000ffffffff R08: ffffffff860c74cd R09: ffffffff8eeeddd8 R10: dffffc0000000000 R11: fffffbfff1f9e15f R12: 0000000000000246 R13: ffff888026b89f00 R14: ffffffff8e3cb360 R15: 0000000000000003 lock_is_held include/linux/lockdep.h:249 [inline] __might_resched+0x37/0x480 kernel/sched/core.c:9156 __rt_spin_lock kernel/locking/spinlock_rt.c:48 [inline] rt_spin_lock+0xc2/0x400 kernel/locking/spinlock_rt.c:57 spin_lock include/linux/spinlock_rt.h:45 [inline] wg_ratelimiter_gc_entries+0x5d/0x480 drivers/net/wireguard/ratelimiter.c:63 process_one_work+0x98b/0x1630 kernel/workqueue.c:3326 process_scheduled_works kernel/workqueue.c:3409 [inline] worker_thread+0xb49/0x1140 kernel/workqueue.c:3490 kthread+0x388/0x470 kernel/kthread.c:436 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 ---------------- Code disassembly (best guess): 0: 1a 00 sbb (%rax),%al 2: 00 b8 ff ff ff ff add %bh,-0x1(%rax) 8: 65 0f c1 05 6c bd 7d xadd %eax,%gs:0x77dbd6c(%rip) # 0x77dbd7c f: 07 10: 83 f8 01 cmp $0x1,%eax 13: 75 25 jne 0x3a 15: 9c pushf 16: 58 pop %rax 17: a9 00 02 00 00 test $0x200,%eax 1c: 75 39 jne 0x57 1e: 41 f7 c4 00 02 00 00 test $0x200,%r12d 25: 74 01 je 0x28 27: fb sti 28: 89 d8 mov %ebx,%eax * 2a: 5b pop %rbx <-- trapping instruction 2b: 41 5c pop %r12 2d: 41 5d pop %r13 2f: 41 5e pop %r14 31: 41 5f pop %r15 33: 5d pop %rbp 34: c3 ret 35: cc int3 36: cc int3 37: cc int3 38: cc int3 39: cc int3 3a: 90 nop 3b: 0f 0b ud2 3d: 90 nop 3e: 48 rex.W 3f: c7 .byte 0xc7