Extracting prog: 44.799695018s Minimizing prog: 14m19.078124434s Simplifying prog options: 0s Extracting C: 1m22.768497305s Simplifying C: 15m46.012634568s extracting reproducer from 45 programs testing a last program of every proc single: executing 10 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode-read$auto_proc_reg_file_ops_compat_inode detailed listing: executing program 0: r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/afs/addr_prefs\x00', 0x2, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000000)="09c532bb350173e247868941db60df6c3561f648b086659dce84b71751e0dcbef9317b5607e903139ecb41cf1a0da9a3438097ba745c5805819b8c736d02e22079ef6620fe2ffc0e776bc987bb8a3e70983c52dc5ae90dca814333aa25c0", 0x5e) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f00000000c0), 0x0) program crashed: WARNING: lock held when returning to user space in afs_proc_addr_prefs_write single: successfully extracted reproducer found reproducer with 3 syscalls minimizing guilty program testing program (duration=53.369697576s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode detailed listing: executing program 0: r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/afs/addr_prefs\x00', 0x2, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000000)="09c532bb350173e247868941db60df6c3561f648b086659dce84b71751e0dcbef9317b5607e903139ecb41cf1a0da9a3438097ba745c5805819b8c736d02e22079ef6620fe2ffc0e776bc987bb8a3e70983c52dc5ae90dca814333aa25c0", 0x5e) program crashed: WARNING: lock held when returning to user space in afs_proc_addr_prefs_write testing program (duration=53.369697576s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode detailed listing: executing program 0: openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/afs/addr_prefs\x00', 0x2, 0x0) program did not crash testing program (duration=53.369697576s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): write$auto_proc_reg_file_ops_compat_inode detailed listing: executing program 0: write$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000000)="09c532bb350173e247868941db60df6c3561f648b086659dce84b71751e0dcbef9317b5607e903139ecb41cf1a0da9a3438097ba745c5805819b8c736d02e22079ef6620fe2ffc0e776bc987bb8a3e70983c52dc5ae90dca814333aa25c0", 0x5e) program did not crash testing program (duration=53.369697576s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode detailed listing: executing program 0: r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000000)="09c532bb350173e247868941db60df6c3561f648b086659dce84b71751e0dcbef9317b5607e903139ecb41cf1a0da9a3438097ba745c5805819b8c736d02e22079ef6620fe2ffc0e776bc987bb8a3e70983c52dc5ae90dca814333aa25c0", 0x5e) program did not crash testing program (duration=53.369697576s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode detailed listing: executing program 0: r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/afs/addr_prefs\x00', 0x2, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, 0x0, 0x0) program did not crash testing program (duration=53.369697576s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode detailed listing: executing program 0: r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/afs/addr_prefs\x00', 0x2, 0x0) write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000000), 0x0) program did not crash extracting C reproducer testing compiled C program (duration=53.369697576s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space in afs_proc_addr_prefs_write simplifying C reproducer testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space in afs_proc_addr_prefs_write testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space in afs_proc_addr_prefs_write testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space! a never seen crash title: WARNING: lock held when returning to user space!, ignore testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space! a never seen crash title: WARNING: lock held when returning to user space!, ignore testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space in afs_proc_addr_prefs_write testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space in afs_proc_addr_prefs_write testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space in afs_proc_addr_prefs_write testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space in afs_proc_addr_prefs_write testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space! a never seen crash title: WARNING: lock held when returning to user space!, ignore testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space! a never seen crash title: WARNING: lock held when returning to user space!, ignore testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space in afs_proc_addr_prefs_write testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space in afs_proc_addr_prefs_write testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space in afs_proc_addr_prefs_write testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program crashed: WARNING: lock held when returning to user space! a never seen crash title: WARNING: lock held when returning to user space!, ignore testing compiled C program (duration=53.369697576s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$auto_proc_reg_file_ops_compat_inode-write$auto_proc_reg_file_ops_compat_inode program did not crash reproducing took 32m12.658978875s repro crashed as (corrupted=false): kafs: addr_prefs: Too many elements in string ================================================ WARNING: lock held when returning to user space! 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 Not tainted ------------------------------------------------ syz-executor980/5829 is leaving the kernel with locks still held! 1 lock held by syz-executor980/5829: #0: ffff888079bf6c10 (&sb->s_type->i_mutex_key#9){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline] #0: ffff888079bf6c10 (&sb->s_type->i_mutex_key#9){++++}-{4:4}, at: afs_proc_addr_prefs_write+0x2bb/0x14e0 fs/afs/addr_prefs.c:388 final repro crashed as (corrupted=false): kafs: addr_prefs: Too many elements in string ================================================ WARNING: lock held when returning to user space! 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 Not tainted ------------------------------------------------ syz-executor980/5829 is leaving the kernel with locks still held! 1 lock held by syz-executor980/5829: #0: ffff888079bf6c10 (&sb->s_type->i_mutex_key#9){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline] #0: ffff888079bf6c10 (&sb->s_type->i_mutex_key#9){++++}-{4:4}, at: afs_proc_addr_prefs_write+0x2bb/0x14e0 fs/afs/addr_prefs.c:388