Extracting prog: 5m4.62868024s
Minimizing prog: 1h20m56.192781077s
Simplifying prog options: 0s
Extracting C: 2m42.752196893s
Simplifying C: 25m40.775250476s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-socketpair$unix-pause-fcntl$setsig-syz_genetlink_get_family_id$nl80211-tkill-write$binfmt_elf32-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_RESET_ASSOC-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, 0x0)
pause()
fcntl$setsig(0xffffffffffffffff, 0xa, 0x31)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r3, 0x84, 0x78, 0x0, 0x0)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-socketpair$unix-pause-fcntl$setsig-syz_genetlink_get_family_id$nl80211-tkill-write$binfmt_elf32-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_RESET_ASSOC-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, 0x0)
pause()
fcntl$setsig(0xffffffffffffffff, 0xa, 0x31)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r3, 0x84, 0x78, 0x0, 0x0)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
single: successfully extracted reproducer
found reproducer with 13 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-socketpair$unix-pause-fcntl$setsig-syz_genetlink_get_family_id$nl80211-tkill-write$binfmt_elf32-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_RESET_ASSOC-close
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, 0x0)
pause()
fcntl$setsig(0xffffffffffffffff, 0xa, 0x31)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r3, 0x84, 0x78, 0x0, 0x0)
close(r1)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-socketpair$unix-pause-fcntl$setsig-syz_genetlink_get_family_id$nl80211-tkill-write$binfmt_elf32-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_RESET_ASSOC-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, 0x0)
pause()
fcntl$setsig(0xffffffffffffffff, 0xa, 0x31)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r3, 0x84, 0x78, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-socketpair$unix-pause-fcntl$setsig-syz_genetlink_get_family_id$nl80211-tkill-write$binfmt_elf32-socket$inet6_sctp-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, 0x0)
pause()
fcntl$setsig(0xffffffffffffffff, 0xa, 0x31)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
socket$inet6_sctp(0xa, 0x5, 0x84)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-socketpair$unix-pause-fcntl$setsig-syz_genetlink_get_family_id$nl80211-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, 0x0)
pause()
fcntl$setsig(0xffffffffffffffff, 0xa, 0x31)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-socketpair$unix-pause-fcntl$setsig-syz_genetlink_get_family_id$nl80211-tkill-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, 0x0)
pause()
fcntl$setsig(0xffffffffffffffff, 0xa, 0x31)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
tkill(r2, 0x13)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-socketpair$unix-pause-fcntl$setsig-syz_genetlink_get_family_id$nl80211-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
gettid()
socketpair$unix(0x1, 0x5, 0x0, 0x0)
pause()
fcntl$setsig(0xffffffffffffffff, 0xa, 0x31)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-socketpair$unix-pause-fcntl$setsig-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, 0x0)
pause()
fcntl$setsig(0xffffffffffffffff, 0xa, 0x31)
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-socketpair$unix-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, 0x0)
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-socketpair$unix-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, 0x0)
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
pause()
tkill(0x0, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = gettid()
pause()
tkill(r1, 0x13)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(0xffffffffffffffff)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
r1 = gettid()
pause()
tkill(r1, 0x13)
write$binfmt_elf32(r0, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r0)
execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(0x0)
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, 0x0, 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
program crashed: WARNING in task_participate_group_stop
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_create_resource$binfmt-openat$binfmt-gettid-pause-tkill-write$binfmt_elf32-close-execveat$binfmt
detailed listing:
executing program 0:
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = gettid()
pause()
tkill(r2, 0x13)
write$binfmt_elf32(r1, &(0x7f0000001440)=ANY=[@ANYBLOB="7f454c460b397a2dd4000000000000000300060007000000ba03000038000000fd2600e60080ffff060020000100020004000600600000000000000000000000040000000200000006000000"], 0x58)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

program crashed: WARNING in task_participate_group_stop
validation run: crashed=true
reproducing took 2h4m31.125976957s
repro crashed as (corrupted=false):
process '/newroot/74/file0' started with executable stack
------------[ cut here ]------------
WARNING: kernel/signal.c:373 at task_participate_group_stop+0x215/0x2d0 kernel/signal.c:373, CPU#1: file0/7002
Modules linked in:
CPU: 1 UID: 0 PID: 7002 Comm: file0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:task_participate_group_stop+0x215/0x2d0 kernel/signal.c:373
Code: c0 41 89 04 24 b0 01 eb 07 e8 57 3a 38 00 31 c0 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 42 12 07 0a cc e8 3c 3a 38 00 90 <0f> 0b 90 43 0f b6 04 2f 84 c0 0f 85 8b 00 00 00 41 8b 2e e9 4d ff
RSP: 0018:ffffc900053efbd8 EFLAGS: 00010093
RAX: ffffffff8187e264 RBX: 0000000000060013 RCX: ffff888064aa5ac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000a7df70 R12: ffff888025d50740
R13: dffffc0000000000 R14: ffff888025d507e8 R15: 1ffff11004baa0fd
FS:  0000000000000000(0000) GS:ffff88812589c000(0000) knlGS:0000000000000000
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00007fe2decb2f98 CR3: 0000000022b06000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 do_signal_stop+0x4bc/0x6c0 kernel/signal.c:2617
 get_signal+0xa8d/0x1340 kernel/signal.c:2881
 arch_do_signal_or_restart+0xa0/0x790 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0x72/0x130 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x2bd/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0023:0x3ba
Code: Unable to access opcode bytes at 0x390.
RSP: 002b:00000000fffdfe60 EFLAGS: 00000202 ORIG_RAX: 000000000000000b
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>

final repro crashed as (corrupted=false):
process '/newroot/74/file0' started with executable stack
------------[ cut here ]------------
WARNING: kernel/signal.c:373 at task_participate_group_stop+0x215/0x2d0 kernel/signal.c:373, CPU#1: file0/7002
Modules linked in:
CPU: 1 UID: 0 PID: 7002 Comm: file0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:task_participate_group_stop+0x215/0x2d0 kernel/signal.c:373
Code: c0 41 89 04 24 b0 01 eb 07 e8 57 3a 38 00 31 c0 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 42 12 07 0a cc e8 3c 3a 38 00 90 <0f> 0b 90 43 0f b6 04 2f 84 c0 0f 85 8b 00 00 00 41 8b 2e e9 4d ff
RSP: 0018:ffffc900053efbd8 EFLAGS: 00010093
RAX: ffffffff8187e264 RBX: 0000000000060013 RCX: ffff888064aa5ac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000a7df70 R12: ffff888025d50740
R13: dffffc0000000000 R14: ffff888025d507e8 R15: 1ffff11004baa0fd
FS:  0000000000000000(0000) GS:ffff88812589c000(0000) knlGS:0000000000000000
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00007fe2decb2f98 CR3: 0000000022b06000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 do_signal_stop+0x4bc/0x6c0 kernel/signal.c:2617
 get_signal+0xa8d/0x1340 kernel/signal.c:2881
 arch_do_signal_or_restart+0xa0/0x790 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0x72/0x130 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x2bd/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0023:0x3ba
Code: Unable to access opcode bytes at 0x390.
RSP: 002b:00000000fffdfe60 EFLAGS: 00000202 ORIG_RAX: 000000000000000b
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>