Extracting prog: 39m20.427815683s
Minimizing prog: 11m14.569742733s
Simplifying prog options: 0s
Extracting C: 1m6.446790371s
Simplifying C: 16m30.607348299s


extracting reproducer from 68 programs
testing a last program of every proc
single: executing 18 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): madvise$auto-mmap$auto-clone$auto-socket-io_uring_setup$auto-setsockopt$auto-recvmmsg$auto-close_range$auto-socket$nl_generic-socket-bpf$auto
detailed listing:
executing program 0:
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0x0, 0x20009, 0xe, 0xeb1, 0x403, 0x8000)
clone$auto(0x21, 0x7, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6)
socket(0xa, 0x2, 0x88)
io_uring_setup$auto(0x6, 0x0)
setsockopt$auto(0x3, 0x1, 0x2e, 0x0, 0x9)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x801, 0x106)
bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x8, 0xf, 0x66b, 0x0, 0x5}, 0x6f4)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range$auto-mmap$auto-socket-setresuid$auto-socket-socket$nl_generic-socket$nl_generic-socket$nl_generic-socket$nl_generic-socket-getsockopt$auto
detailed listing:
executing program 0:
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x3, 0x6)
setresuid$auto(0x8, 0x8, 0x0)
socket(0xa, 0x801, 0x106)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x5, 0x0)
getsockopt$auto(0x6, 0x0, 0x41, 0xfffffffffffffffe, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range$auto-socket-close_range$auto-fanotify_init$auto-open-fanotify_init$auto-socket-socket-fanotify_mark$auto-fanotify_mark$auto-fanotify_mark$auto
detailed listing:
executing program 0:
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = socket(0x1e, 0x1, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
fanotify_init$auto(0x200, 0x1)
r1 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
fanotify_init$auto(0x5, 0x2000000000002)
socket(0x26, 0x80805, 0x0)
socket(0x10, 0x2, 0xc)
fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0)
fanotify_mark$auto(0x0, 0x1, 0x9, r1, 0x0)
fanotify_mark$auto(r0, 0x90, 0x3, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket-socket$nl_generic-syz_genetlink_get_family_id$auto_macsec-sendmsg$auto_MACSEC_CMD_ADD_RXSC-mmap$auto-mmap$auto-socket-select$auto-connect$auto-sendmmsg$auto
detailed listing:
executing program 0:
socket(0x25, 0x1, 0x0)
socket(0x10, 0x2, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_MACSEC_CMD_ADD_RXSC(r0, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001380)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40b4ff742f26f502}, 0x20000812)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0xce, 0xf, 0x9, 0x3bb4155d, 0xff, 0x3)
socket(0xa, 0x2, 0x88)
select$auto(0x3, 0x0, 0x0, 0x0, 0x0)
connect$auto(0x3, 0x0, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto-mmap$auto-syz_open_procfs$namespace-prctl$auto-mmap$auto-mmap$auto-capget$auto-setns-mount$auto-pivot_root$auto
detailed listing:
executing program 0:
unshare$auto(0x20000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00')
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8002)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
capget$auto(0x0, 0x0)
setns(r0, 0x0)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0)
pivot_root$auto(&(0x7f0000000040)='..\x00', &(0x7f0000000080)='.\x00')

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto-mmap$auto-syz_open_procfs$namespace-prctl$auto-mmap$auto-mmap$auto-capget$auto-setns-mount$auto-pivot_root$auto
detailed listing:
executing program 0:
unshare$auto(0x20000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00')
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8002)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
capget$auto(0x0, 0x0)
setns(r0, 0x0)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0)
pivot_root$auto(&(0x7f0000000040)='..\x00', &(0x7f0000000080)='.\x00')

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto-mlockall$auto-socket$nl_generic-socket-sendmsg$auto_NFC_CMD_VENDOR-syz_genetlink_get_family_id$auto_nlctrl-sendmsg$auto_CTRL_CMD_GETFAMILY-mprotect$auto-sendmsg$auto_NFSD_CMD_THREADS_SET
detailed listing:
executing program 0:
unshare$auto(0x40000080)
mlockall$auto(0x7)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NFC_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c001}, 0x8008)
r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETFAMILY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd77dcb7fcdf25030000000a"], 0x24}, 0x1, 0x0, 0x0, 0x4008810}, 0x30040005)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0xfffffffe, 0x0, 0x40000021}, 0x8004)

program crashed: WARNING in ip6mr_free_table
single: successfully extracted reproducer
found reproducer with 9 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto-mlockall$auto-socket$nl_generic-socket-sendmsg$auto_NFC_CMD_VENDOR-syz_genetlink_get_family_id$auto_nlctrl-sendmsg$auto_CTRL_CMD_GETFAMILY-mprotect$auto
detailed listing:
executing program 0:
unshare$auto(0x40000080)
mlockall$auto(0x7)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NFC_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c001}, 0x8008)
r0 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETFAMILY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002abd77dcb7fcdf25030000000a"], 0x24}, 0x1, 0x0, 0x0, 0x4008810}, 0x30040005)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)

program crashed: WARNING in ip6mr_free_table
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto-mlockall$auto-socket$nl_generic-socket-sendmsg$auto_NFC_CMD_VENDOR-syz_genetlink_get_family_id$auto_nlctrl-sendmsg$auto_CTRL_CMD_GETFAMILY
detailed listing:
executing program 0:
unshare$auto(0x40000080)
mlockall$auto(0x7)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NFC_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c001}, 0x8008)
r0 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_CTRL_CMD_GETFAMILY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002abd77dcb7fcdf25030000000a"], 0x24}, 0x1, 0x0, 0x0, 0x4008810}, 0x30040005)

program crashed: WARNING in ip6mr_free_table
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto-mlockall$auto-socket$nl_generic-socket-sendmsg$auto_NFC_CMD_VENDOR-syz_genetlink_get_family_id$auto_nlctrl
detailed listing:
executing program 0:
unshare$auto(0x40000080)
mlockall$auto(0x7)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NFC_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c001}, 0x8008)
syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff)

program crashed: WARNING in ip6mr_free_table
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto-mlockall$auto-socket$nl_generic-socket-sendmsg$auto_NFC_CMD_VENDOR
detailed listing:
executing program 0:
unshare$auto(0x40000080)
mlockall$auto(0x7)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NFC_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c001}, 0x8008)

program crashed: WARNING in ip6mr_free_table
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto-mlockall$auto-socket$nl_generic-socket
detailed listing:
executing program 0:
unshare$auto(0x40000080)
mlockall$auto(0x7)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)

program crashed: WARNING in ip6mr_free_table
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto-mlockall$auto-socket$nl_generic
detailed listing:
executing program 0:
unshare$auto(0x40000080)
mlockall$auto(0x7)
socket$nl_generic(0x10, 0x3, 0x10)

program crashed: WARNING in ip6mr_free_table
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto-mlockall$auto
detailed listing:
executing program 0:
unshare$auto(0x40000080)
mlockall$auto(0x7)

program crashed: WARNING in ip6mr_free_table
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto
detailed listing:
executing program 0:
unshare$auto(0x40000080)

program crashed: WARNING in ip6mr_free_table
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto
program crashed: WARNING in ip6mr_free_table
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto
program crashed: WARNING in ip6mr_free_table
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto
program crashed: WARNING in ip6mr_free_table
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto
program crashed: WARNING in ip6mr_free_table
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto
program crashed: WARNING in ip6mr_free_table
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare$auto
program crashed: WARNING in ip6mr_free_table
reproducing took 1h8m12.05171521s
repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5863 at net/ipv6/ip6mr.c:419 ip6mr_free_table+0xbd/0x120 net/ipv6/ip6mr.c:419
Modules linked in:
CPU: 0 UID: 0 PID: 5863 Comm: syz-executor415 Not tainted 6.12.0-syzkaller-12113-gbcc8eda6d349 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:ip6mr_free_table+0xbd/0x120 net/ipv6/ip6mr.c:419
Code: 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 58 49 83 bc 24 c0 0e 00 00 00 74 09 e8 d4 3f bb f7 90 <0f> 0b 90 e8 cb 3f bb f7 48 8d 7b 38 e8 a2 17 a8 f7 48 89 df be 0f
RSP: 0018:ffffc9000400fbd8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888033324000 RCX: ffffffff89ddff84
RDX: ffff8880720e9e00 RSI: ffffffff89ddffbc RDI: ffff888073c8cb40
RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff888073c8bc80
R13: ffff888033324000 R14: ffff888033324008 R15: dead000000000100
FS:  00007fbad32146c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbad32af938 CR3: 0000000024a14000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 ip6mr_rules_exit+0x176/0x2d0 net/ipv6/ip6mr.c:283
 ip6mr_net_exit_batch+0x53/0xa0 net/ipv6/ip6mr.c:1388
 ops_exit_list+0x128/0x180 net/core/net_namespace.c:177
 setup_net+0x4fe/0x860 net/core/net_namespace.c:394
 copy_net_ns+0x2b4/0x6b0 net/core/net_namespace.c:500
 create_new_namespaces+0x3ea/0xad0 kernel/nsproxy.c:110
 unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228
 ksys_unshare+0x45d/0xa40 kernel/fork.c:3334
 __do_sys_unshare kernel/fork.c:3405 [inline]
 __se_sys_unshare kernel/fork.c:3403 [inline]
 __x64_sys_unshare+0x31/0x40 kernel/fork.c:3403
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbad32592d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbad3214238 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007fbad32e3308 RCX: 00007fbad32592d9
RDX: 00007fbad32592d9 RSI: 0000000000000000 RDI: 0000000040000080
RBP: 00007fbad32e3300 R08: 00007fbad32146c0 R09: 00007fbad32146c0
R10: 00007ffc1e5ebfa7 R11: 0000000000000246 R12: 00007fbad32e330c
R13: 0000000000000000 R14: 00007ffc1e5ebec0 R15: 00007ffc1e5ebfa8
 </TASK>

final repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5863 at net/ipv6/ip6mr.c:419 ip6mr_free_table+0xbd/0x120 net/ipv6/ip6mr.c:419
Modules linked in:
CPU: 0 UID: 0 PID: 5863 Comm: syz-executor415 Not tainted 6.12.0-syzkaller-12113-gbcc8eda6d349 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:ip6mr_free_table+0xbd/0x120 net/ipv6/ip6mr.c:419
Code: 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 58 49 83 bc 24 c0 0e 00 00 00 74 09 e8 d4 3f bb f7 90 <0f> 0b 90 e8 cb 3f bb f7 48 8d 7b 38 e8 a2 17 a8 f7 48 89 df be 0f
RSP: 0018:ffffc9000400fbd8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888033324000 RCX: ffffffff89ddff84
RDX: ffff8880720e9e00 RSI: ffffffff89ddffbc RDI: ffff888073c8cb40
RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff888073c8bc80
R13: ffff888033324000 R14: ffff888033324008 R15: dead000000000100
FS:  00007fbad32146c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbad32af938 CR3: 0000000024a14000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 ip6mr_rules_exit+0x176/0x2d0 net/ipv6/ip6mr.c:283
 ip6mr_net_exit_batch+0x53/0xa0 net/ipv6/ip6mr.c:1388
 ops_exit_list+0x128/0x180 net/core/net_namespace.c:177
 setup_net+0x4fe/0x860 net/core/net_namespace.c:394
 copy_net_ns+0x2b4/0x6b0 net/core/net_namespace.c:500
 create_new_namespaces+0x3ea/0xad0 kernel/nsproxy.c:110
 unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228
 ksys_unshare+0x45d/0xa40 kernel/fork.c:3334
 __do_sys_unshare kernel/fork.c:3405 [inline]
 __se_sys_unshare kernel/fork.c:3403 [inline]
 __x64_sys_unshare+0x31/0x40 kernel/fork.c:3403
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbad32592d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbad3214238 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007fbad32e3308 RCX: 00007fbad32592d9
RDX: 00007fbad32592d9 RSI: 0000000000000000 RDI: 0000000040000080
RBP: 00007fbad32e3300 R08: 00007fbad32146c0 R09: 00007fbad32146c0
R10: 00007ffc1e5ebfa7 R11: 0000000000000246 R12: 00007fbad32e330c
R13: 0000000000000000 R14: 00007ffc1e5ebec0 R15: 00007ffc1e5ebfa8
 </TASK>