Extracting prog: 2m8.951889476s
Minimizing prog: 4m49.986402028s
Simplifying prog options: 0s
Extracting C: 1m43.622034425s
Simplifying C: 8m59.432412261s
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): perf_event_open-syz_clone
detailed listing:
executing program 0:
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0xffffffff}, 0x7402, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
syz_clone(0x43100000, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: WARNING in perf_pending_task
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=1m5.230180192s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): perf_event_open
detailed listing:
executing program 0:
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0xffffffff}, 0x7402, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
program did not crash
testing program (duration=1m5.230180192s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone
detailed listing:
executing program 0:
syz_clone(0x43100000, 0x0, 0x0, 0x0, 0x0, 0x0)
program did not crash
testing program (duration=1m5.230180192s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): perf_event_open-syz_clone
detailed listing:
executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
syz_clone(0x43100000, 0x0, 0x0, 0x0, 0x0, 0x0)
program did not crash
extracting C reproducer
testing compiled C program (duration=1m5.230180192s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): perf_event_open-syz_clone
program crashed: WARNING in perf_pending_task
simplifying C reproducer
testing compiled C program (duration=1m5.230180192s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): perf_event_open-syz_clone
program crashed: WARNING in perf_pending_task
testing compiled C program (duration=1m5.230180192s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): perf_event_open-syz_clone
program crashed: WARNING in perf_pending_task
testing compiled C program (duration=1m5.230180192s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): perf_event_open-syz_clone
program crashed: WARNING in perf_pending_task
testing compiled C program (duration=1m5.230180192s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): perf_event_open-syz_clone
program crashed: WARNING in perf_pending_task
testing compiled C program (duration=1m5.230180192s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): perf_event_open-syz_clone
program crashed: WARNING in perf_pending_task
testing compiled C program (duration=1m5.230180192s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): perf_event_open-syz_clone
program crashed: WARNING in perf_pending_task
testing compiled C program (duration=1m5.230180192s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): perf_event_open-syz_clone
program crashed: WARNING in perf_pending_task
testing program (duration=1m5.230180192s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): perf_event_open-syz_clone
detailed listing:
executing program 0:
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0xffffffff}, 0x7402, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
syz_clone(0x43100000, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: WARNING in perf_pending_task
validation run: crashed=true
testing program (duration=1m5.230180192s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): perf_event_open-syz_clone
detailed listing:
executing program 0:
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0xffffffff}, 0x7402, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
syz_clone(0x43100000, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: WARNING in perf_pending_task
validation run: crashed=true
testing program (duration=1m5.230180192s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): perf_event_open-syz_clone
detailed listing:
executing program 0:
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0xffffffff}, 0x7402, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
syz_clone(0x43100000, 0x0, 0x0, 0x0, 0x0, 0x0)
program crashed: WARNING in perf_pending_task
validation run: crashed=true
reproducing took 22m21.585953503s
repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4843 at kernel/events/core.c:6592 perf_sigtrap kernel/events/core.c:6592 [inline]
WARNING: CPU: 0 PID: 4843 at kernel/events/core.c:6592 perf_pending_task+0x358/0x470 kernel/events/core.c:6704
Modules linked in:
CPU: 0 PID: 4843 Comm: syz.0.165 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:perf_sigtrap kernel/events/core.c:6592 [inline]
RIP: 0010:perf_pending_task+0x358/0x470 kernel/events/core.c:6704
Code: ff 84 db 75 14 e8 b8 d1 da ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 a4 d1 da ff e8 f7 7b 5a ff eb e5 e8 98 d1 da ff <0f> 0b e9 f3 fe ff ff e8 8c d1 da ff 48 c7 c7 d0 03 bc 8c 4c 89 f6
RSP: 0018:ffffc90004f47c60 EFLAGS: 00010293
RAX: ffffffff81a604c8 RBX: ffff88805f135258 RCX: ffff8880747f3b80
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: dffffc0000000000 R09: ffffed100e8fe8b1
R10: ffffed100e8fe8b1 R11: 1ffff1100e8fe8b0 R12: ffff8880747f3b80
R13: ffff8880740cb160 R14: ffff88805f135020 R15: 1ffff1100be26a04
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555578efb808 CR3: 000000000c88e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
task_work_run+0x1ca/0x250 kernel/task_work.c:203
exit_task_work include/linux/task_work.h:39 [inline]
do_exit+0x93e/0x2400 kernel/exit.c:880
do_group_exit+0x217/0x2d0 kernel/exit.c:1022
__do_sys_exit_group kernel/exit.c:1033 [inline]
__se_sys_exit_group kernel/exit.c:1031 [inline]
__x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1031
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f37e398f6c9
Code: Unable to access opcode bytes at 0x7f37e398f69f.
RSP: 002b:00007ffe03c1c568 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f37e398f6c9
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007ffe03c1c5cc R08: 0000000203c1c65f R09: 00000000000927c0
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000094
R13: 00000000000927c0 R14: 000000000001459f R15: 00007ffe03c1c620
final repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4843 at kernel/events/core.c:6592 perf_sigtrap kernel/events/core.c:6592 [inline]
WARNING: CPU: 0 PID: 4843 at kernel/events/core.c:6592 perf_pending_task+0x358/0x470 kernel/events/core.c:6704
Modules linked in:
CPU: 0 PID: 4843 Comm: syz.0.165 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:perf_sigtrap kernel/events/core.c:6592 [inline]
RIP: 0010:perf_pending_task+0x358/0x470 kernel/events/core.c:6704
Code: ff 84 db 75 14 e8 b8 d1 da ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 a4 d1 da ff e8 f7 7b 5a ff eb e5 e8 98 d1 da ff <0f> 0b e9 f3 fe ff ff e8 8c d1 da ff 48 c7 c7 d0 03 bc 8c 4c 89 f6
RSP: 0018:ffffc90004f47c60 EFLAGS: 00010293
RAX: ffffffff81a604c8 RBX: ffff88805f135258 RCX: ffff8880747f3b80
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: dffffc0000000000 R09: ffffed100e8fe8b1
R10: ffffed100e8fe8b1 R11: 1ffff1100e8fe8b0 R12: ffff8880747f3b80
R13: ffff8880740cb160 R14: ffff88805f135020 R15: 1ffff1100be26a04
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555578efb808 CR3: 000000000c88e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
task_work_run+0x1ca/0x250 kernel/task_work.c:203
exit_task_work include/linux/task_work.h:39 [inline]
do_exit+0x93e/0x2400 kernel/exit.c:880
do_group_exit+0x217/0x2d0 kernel/exit.c:1022
__do_sys_exit_group kernel/exit.c:1033 [inline]
__se_sys_exit_group kernel/exit.c:1031 [inline]
__x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1031
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f37e398f6c9
Code: Unable to access opcode bytes at 0x7f37e398f69f.
RSP: 002b:00007ffe03c1c568 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f37e398f6c9
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007ffe03c1c5cc R08: 0000000203c1c65f R09: 00000000000927c0
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000094
R13: 00000000000927c0 R14: 000000000001459f R15: 00007ffe03c1c620