Extracting prog: 3m21.243683614s
Minimizing prog: 19m28.73212905s
Simplifying prog options: 0s
Extracting C: 39.131807758s
Simplifying C: 9m47.989623389s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap-syz_open_procfs
detailed listing:
executing program 0:
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = memfd_create(&(0x7f00000001c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb8x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\x00\x00\x00\x00\x00\x00\x00\a\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`\x1e\x0e\xf6\x80\x86\xd4\x003?Dji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x99\xb1\x03\x8am\xb8\xaa\x1f\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x00\x00\x00\x00\xe4\xc2MR\xaf\a\x14j\x1aX\xd7\x19)mx>\xc2\xe3\xe8\xca\x88\xdb\xbf\x9b%\xf25Ha\xd6\x12\t.dGnV\xd6\x8c89.\xc9\xb1\xc7\xda\xb1\xea7\r\xf2u!\xad\xdbCVn\xd2\f0\xae\x88\x9e4D!\xc1nq\xda@\x16\x00\xb4\x99I\xcf\x8abK\xdc )\x19\xb3\xda\x8c\x15\x1d\xc1\xf7\x98\xdeO@Y8-\xe5\xa3LLl', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap-syz_open_procfs
detailed listing:
executing program 0:
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = memfd_create(&(0x7f00000001c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb8x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\x00\x00\x00\x00\x00\x00\x00\a\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`\x1e\x0e\xf6\x80\x86\xd4\x003?Dji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x99\xb1\x03\x8am\xb8\xaa\x1f\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x00\x00\x00\x00\xe4\xc2MR\xaf\a\x14j\x1aX\xd7\x19)mx>\xc2\xe3\xe8\xca\x88\xdb\xbf\x9b%\xf25Ha\xd6\x12\t.dGnV\xd6\x8c89.\xc9\xb1\xc7\xda\xb1\xea7\r\xf2u!\xad\xdbCVn\xd2\f0\xae\x88\x9e4D!\xc1nq\xda@\x16\x00\xb4\x99I\xcf\x8abK\xdc )\x19\xb3\xda\x8c\x15\x1d\xc1\xf7\x98\xdeO@Y8-\xe5\xa3LLl', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')

program crashed: WARNING in path_noexec
single: successfully extracted reproducer
found reproducer with 7 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
detailed listing:
executing program 0:
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = memfd_create(&(0x7f00000001c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb8x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\x00\x00\x00\x00\x00\x00\x00\a\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`\x1e\x0e\xf6\x80\x86\xd4\x003?Dji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x99\xb1\x03\x8am\xb8\xaa\x1f\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x00\x00\x00\x00\xe4\xc2MR\xaf\a\x14j\x1aX\xd7\x19)mx>\xc2\xe3\xe8\xca\x88\xdb\xbf\x9b%\xf25Ha\xd6\x12\t.dGnV\xd6\x8c89.\xc9\xb1\xc7\xda\xb1\xea7\r\xf2u!\xad\xdbCVn\xd2\f0\xae\x88\x9e4D!\xc1nq\xda@\x16\x00\xb4\x99I\xcf\x8abK\xdc )\x19\xb3\xda\x8c\x15\x1d\xc1\xf7\x98\xdeO@Y8-\xe5\xa3LLl', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r2, 0x0)

program crashed: WARNING in path_noexec
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE
detailed listing:
executing program 0:
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = memfd_create(&(0x7f00000001c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb8x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\x00\x00\x00\x00\x00\x00\x00\a\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`\x1e\x0e\xf6\x80\x86\xd4\x003?Dji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x99\xb1\x03\x8am\xb8\xaa\x1f\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x00\x00\x00\x00\xe4\xc2MR\xaf\a\x14j\x1aX\xd7\x19)mx>\xc2\xe3\xe8\xca\x88\xdb\xbf\x9b%\xf25Ha\xd6\x12\t.dGnV\xd6\x8c89.\xc9\xb1\xc7\xda\xb1\xea7\r\xf2u!\xad\xdbCVn\xd2\f0\xae\x88\x9e4D!\xc1nq\xda@\x16\x00\xb4\x99I\xcf\x8abK\xdc )\x19\xb3\xda\x8c\x15\x1d\xc1\xf7\x98\xdeO@Y8-\xe5\xa3LLl', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-mmap
detailed listing:
executing program 0:
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r0 = memfd_create(&(0x7f00000001c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb8x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\x00\x00\x00\x00\x00\x00\x00\a\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`\x1e\x0e\xf6\x80\x86\xd4\x003?Dji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x99\xb1\x03\x8am\xb8\xaa\x1f\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x00\x00\x00\x00\xe4\xc2MR\xaf\a\x14j\x1aX\xd7\x19)mx>\xc2\xe3\xe8\xca\x88\xdb\xbf\x9b%\xf25Ha\xd6\x12\t.dGnV\xd6\x8c89.\xc9\xb1\xc7\xda\xb1\xea7\r\xf2u!\xad\xdbCVn\xd2\f0\xae\x88\x9e4D!\xc1nq\xda@\x16\x00\xb4\x99I\xcf\x8abK\xdc )\x19\xb3\xda\x8c\x15\x1d\xc1\xf7\x98\xdeO@Y8-\xe5\xa3LLl', 0x2)
ftruncate(r0, 0xffff)
fcntl$addseals(r0, 0x409, 0x7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-ioctl$UDMABUF_CREATE-mmap
detailed listing:
executing program 0:
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = memfd_create(&(0x7f00000001c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb8x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\x00\x00\x00\x00\x00\x00\x00\a\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`\x1e\x0e\xf6\x80\x86\xd4\x003?Dji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x99\xb1\x03\x8am\xb8\xaa\x1f\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x00\x00\x00\x00\xe4\xc2MR\xaf\a\x14j\x1aX\xd7\x19)mx>\xc2\xe3\xe8\xca\x88\xdb\xbf\x9b%\xf25Ha\xd6\x12\t.dGnV\xd6\x8c89.\xc9\xb1\xc7\xda\xb1\xea7\r\xf2u!\xad\xdbCVn\xd2\f0\xae\x88\x9e4D!\xc1nq\xda@\x16\x00\xb4\x99I\xcf\x8abK\xdc )\x19\xb3\xda\x8c\x15\x1d\xc1\xf7\x98\xdeO@Y8-\xe5\xa3LLl', 0x2)
ftruncate(r1, 0xffff)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r2, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
detailed listing:
executing program 0:
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = memfd_create(&(0x7f00000001c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb8x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\x00\x00\x00\x00\x00\x00\x00\a\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`\x1e\x0e\xf6\x80\x86\xd4\x003?Dji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x99\xb1\x03\x8am\xb8\xaa\x1f\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x00\x00\x00\x00\xe4\xc2MR\xaf\a\x14j\x1aX\xd7\x19)mx>\xc2\xe3\xe8\xca\x88\xdb\xbf\x9b%\xf25Ha\xd6\x12\t.dGnV\xd6\x8c89.\xc9\xb1\xc7\xda\xb1\xea7\r\xf2u!\xad\xdbCVn\xd2\f0\xae\x88\x9e4D!\xc1nq\xda@\x16\x00\xb4\x99I\xcf\x8abK\xdc )\x19\xb3\xda\x8c\x15\x1d\xc1\xf7\x98\xdeO@Y8-\xe5\xa3LLl', 0x2)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r2, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
detailed listing:
executing program 0:
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
ftruncate(0xffffffffffffffff, 0xffff)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
r1 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r1, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
detailed listing:
executing program 0:
r0 = memfd_create(&(0x7f00000001c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb8x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\x00\x00\x00\x00\x00\x00\x00\a\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`\x1e\x0e\xf6\x80\x86\xd4\x003?Dji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x99\xb1\x03\x8am\xb8\xaa\x1f\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x00\x00\x00\x00\xe4\xc2MR\xaf\a\x14j\x1aX\xd7\x19)mx>\xc2\xe3\xe8\xca\x88\xdb\xbf\x9b%\xf25Ha\xd6\x12\t.dGnV\xd6\x8c89.\xc9\xb1\xc7\xda\xb1\xea7\r\xf2u!\xad\xdbCVn\xd2\f0\xae\x88\x9e4D!\xc1nq\xda@\x16\x00\xb4\x99I\xcf\x8abK\xdc )\x19\xb3\xda\x8c\x15\x1d\xc1\xf7\x98\xdeO@Y8-\xe5\xa3LLl', 0x2)
ftruncate(r0, 0xffff)
fcntl$addseals(r0, 0x409, 0x7)
r1 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000140)={r0, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r1, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
detailed listing:
executing program 0:
r0 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
r1 = memfd_create(&(0x7f00000001c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb8x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\x00\x00\x00\x00\x00\x00\x00\a\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`\x1e\x0e\xf6\x80\x86\xd4\x003?Dji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x99\xb1\x03\x8am\xb8\xaa\x1f\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x00\x00\x00\x00\xe4\xc2MR\xaf\a\x14j\x1aX\xd7\x19)mx>\xc2\xe3\xe8\xca\x88\xdb\xbf\x9b%\xf25Ha\xd6\x12\t.dGnV\xd6\x8c89.\xc9\xb1\xc7\xda\xb1\xea7\r\xf2u!\xad\xdbCVn\xd2\f0\xae\x88\x9e4D!\xc1nq\xda@\x16\x00\xb4\x99I\xcf\x8abK\xdc )\x19\xb3\xda\x8c\x15\x1d\xc1\xf7\x98\xdeO@Y8-\xe5\xa3LLl', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r2, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
detailed listing:
executing program 0:
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = memfd_create(0x0, 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r2, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
detailed listing:
executing program 0:
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = memfd_create(&(0x7f00000001c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb8x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\x00\x00\x00\x00\x00\x00\x00\a\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`\x1e\x0e\xf6\x80\x86\xd4\x003?Dji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x99\xb1\x03\x8am\xb8\xaa\x1f\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x00\x00\x00\x00\xe4\xc2MR\xaf\a\x14j\x1aX\xd7\x19)mx>\xc2\xe3\xe8\xca\x88\xdb\xbf\x9b%\xf25Ha\xd6\x12\t.dGnV\xd6\x8c89.\xc9\xb1\xc7\xda\xb1\xea7\r\xf2u!\xad\xdbCVn\xd2\f0\xae\x88\x9e4D!\xc1nq\xda@\x16\x00\xb4\x99I\xcf\x8abK\xdc )\x19\xb3\xda\x8c\x15\x1d\xc1\xf7\x98\xdeO@Y8-\xe5\xa3LLl', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r2, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
program crashed: WARNING in path_noexec
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
program crashed: WARNING in path_noexec
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
program crashed: WARNING in path_noexec
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
program crashed: WARNING in path_noexec
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
program crashed: WARNING in path_noexec
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
program crashed: WARNING in path_noexec
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
program crashed: WARNING in path_noexec
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
program crashed: WARNING in path_noexec
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
detailed listing:
executing program 0:
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = memfd_create(&(0x7f00000001c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb8x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\x00\x00\x00\x00\x00\x00\x00\a\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`\x1e\x0e\xf6\x80\x86\xd4\x003?Dji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x99\xb1\x03\x8am\xb8\xaa\x1f\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x00\x00\x00\x00\xe4\xc2MR\xaf\a\x14j\x1aX\xd7\x19)mx>\xc2\xe3\xe8\xca\x88\xdb\xbf\x9b%\xf25Ha\xd6\x12\t.dGnV\xd6\x8c89.\xc9\xb1\xc7\xda\xb1\xea7\r\xf2u!\xad\xdbCVn\xd2\f0\xae\x88\x9e4D!\xc1nq\xda@\x16\x00\xb4\x99I\xcf\x8abK\xdc )\x19\xb3\xda\x8c\x15\x1d\xc1\xf7\x98\xdeO@Y8-\xe5\xa3LLl', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r2, 0x0)

program crashed: WARNING in path_noexec
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
detailed listing:
executing program 0:
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = memfd_create(&(0x7f00000001c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb8x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\x00\x00\x00\x00\x00\x00\x00\a\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`\x1e\x0e\xf6\x80\x86\xd4\x003?Dji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x99\xb1\x03\x8am\xb8\xaa\x1f\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x00\x00\x00\x00\xe4\xc2MR\xaf\a\x14j\x1aX\xd7\x19)mx>\xc2\xe3\xe8\xca\x88\xdb\xbf\x9b%\xf25Ha\xd6\x12\t.dGnV\xd6\x8c89.\xc9\xb1\xc7\xda\xb1\xea7\r\xf2u!\xad\xdbCVn\xd2\f0\xae\x88\x9e4D!\xc1nq\xda@\x16\x00\xb4\x99I\xcf\x8abK\xdc )\x19\xb3\xda\x8c\x15\x1d\xc1\xf7\x98\xdeO@Y8-\xe5\xa3LLl', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r2, 0x0)

program crashed: WARNING in path_noexec
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$udambuf-memfd_create-ftruncate-fcntl$addseals-ioctl$UDMABUF_CREATE-mmap
detailed listing:
executing program 0:
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = memfd_create(&(0x7f00000001c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb8x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\x00\x00\x00\x00\x00\x00\x00\a\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`\x1e\x0e\xf6\x80\x86\xd4\x003?Dji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x99\xb1\x03\x8am\xb8\xaa\x1f\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x00\x00\x00\x00\xe4\xc2MR\xaf\a\x14j\x1aX\xd7\x19)mx>\xc2\xe3\xe8\xca\x88\xdb\xbf\x9b%\xf25Ha\xd6\x12\t.dGnV\xd6\x8c89.\xc9\xb1\xc7\xda\xb1\xea7\r\xf2u!\xad\xdbCVn\xd2\f0\xae\x88\x9e4D!\xc1nq\xda@\x16\x00\xb4\x99I\xcf\x8abK\xdc )\x19\xb3\xda\x8c\x15\x1d\xc1\xf7\x98\xdeO@Y8-\xe5\xa3LLl', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x11, r2, 0x0)

program crashed: WARNING in path_noexec
validation run: crashed=true
reproducing took 37m43.341992193s
repro crashed as (corrupted=false):
------------[ cut here ]------------
((d_inode(path->dentry))->i_flags & (1 << 19)) && !(path->mnt->mnt_sb->s_iflags & 0x00000002)
WARNING: fs/exec.c:119 at path_noexec+0x1af/0x200 fs/exec.c:118, CPU#0: syz.0.17/5943
Modules linked in:
CPU: 0 UID: 0 PID: 5943 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:path_noexec+0x1af/0x200 fs/exec.c:118
Code: 02 31 ff 48 89 de e8 b0 ba 87 ff d1 eb eb 07 e8 47 b5 87 ff b3 01 89 d8 5b 41 5e 41 5f 5d e9 88 f8 f8 08 cc e8 32 b5 87 ff 90 <0f> 0b 90 e9 48 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c a6
RSP: 0018:ffffc90002f2fbf8 EFLAGS: 00010293
RAX: ffffffff823d321e RBX: ffff888039d77cc0 RCX: ffff88803f18dc40
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000080000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000003 R12: 0000000000000011
R13: 1ffff920005e5f90 R14: 0000000000000000 R15: dffffc0000000000
FS:  0000555594976500(0000) GS:ffff888125cd3000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2db63fff CR3: 0000000031a86000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 do_mmap+0xa2c/0x10c0 mm/mmap.c:471
 vm_mmap_pgoff+0x2cc/0x4f0 mm/util.c:581
 ksys_mmap_pgoff+0x4e8/0x720 mm/mmap.c:606
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f99e8e9cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdc0a89b18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f99e9115fa0 RCX: 00007f99e8e9cdd9
RDX: 0000000003000007 RSI: 0000000000003000 RDI: 0000200000000000
RBP: 00007f99e8f32d69 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f99e9115fac R14: 00007f99e9115fa0 R15: 00007f99e9115fa0
 </TASK>

final repro crashed as (corrupted=false):
------------[ cut here ]------------
((d_inode(path->dentry))->i_flags & (1 << 19)) && !(path->mnt->mnt_sb->s_iflags & 0x00000002)
WARNING: fs/exec.c:119 at path_noexec+0x1af/0x200 fs/exec.c:118, CPU#0: syz.0.17/5943
Modules linked in:
CPU: 0 UID: 0 PID: 5943 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:path_noexec+0x1af/0x200 fs/exec.c:118
Code: 02 31 ff 48 89 de e8 b0 ba 87 ff d1 eb eb 07 e8 47 b5 87 ff b3 01 89 d8 5b 41 5e 41 5f 5d e9 88 f8 f8 08 cc e8 32 b5 87 ff 90 <0f> 0b 90 e9 48 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c a6
RSP: 0018:ffffc90002f2fbf8 EFLAGS: 00010293
RAX: ffffffff823d321e RBX: ffff888039d77cc0 RCX: ffff88803f18dc40
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000080000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000003 R12: 0000000000000011
R13: 1ffff920005e5f90 R14: 0000000000000000 R15: dffffc0000000000
FS:  0000555594976500(0000) GS:ffff888125cd3000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2db63fff CR3: 0000000031a86000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 do_mmap+0xa2c/0x10c0 mm/mmap.c:471
 vm_mmap_pgoff+0x2cc/0x4f0 mm/util.c:581
 ksys_mmap_pgoff+0x4e8/0x720 mm/mmap.c:606
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f99e8e9cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdc0a89b18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f99e9115fa0 RCX: 00007f99e8e9cdd9
RDX: 0000000003000007 RSI: 0000000000003000 RDI: 0000200000000000
RBP: 00007f99e8f32d69 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f99e9115fac R14: 00007f99e9115fa0 R15: 00007f99e9115fa0
 </TASK>