Extracting prog: 1h47m9.871023796s Minimizing prog: 4h32m31.092999803s Simplifying prog options: 18m51.898023758s Extracting C: 6m0.809908569s Simplifying C: 0s extracting reproducer from 75 programs testing a last program of every proc single: executing 25 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-madvise-syz_usb_connect$cdc_ncm-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ncm-syz_usb_control_io$cdc_ncm-mlock detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000004, 0x20011, r0, 0xf648d000) madvise(&(0x7f00002a7000/0x1000)=nil, 0x1000, 0x2) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c1f02010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0000180905810300020000000904010000020d000009040101"], 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000500)={0x44, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x20, 0x80, 0x1c, {0xa, 0xb, 0x2, 0xe6f0, 0x6, 0xac4a, 0xc, 0x4, 0x3, 0x2, 0x7ff, 0x6}}, 0x0, 0x0, 0x0, 0x0}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) program crashed: lost connection to test machine suppressed program crash: lost connection to test machine testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-mmap-syz_usb_connect_ath9k-syz_usb_connect-syz_usb_disconnect-syz_usb_connect-madvise-mlock detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000004, 0x20011, r0, 0xf648d000) r1 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe9f}}]}}, 0x0) syz_usb_connect(0x0, 0x6d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100003cda2a200a111022"], 0x0) syz_usb_disconnect(r1) syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[], 0x0) madvise(&(0x7f00002a7000/0x1000)=nil, 0x1000, 0x2) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CHECK_EXTENSION-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-mmap-openat$kvm-openat$rnullb-mmap detailed listing: executing program 0: ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xdb) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x7fff, 0x6576, 0xd}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x12001, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r1, 0x5708e000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CHECK_EXTENSION-signalfd-ioctl$PPPIOCATTACH-ioctl$PPPIOCATTACH-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-mmap-openat$rnullb-mmap detailed listing: executing program 0: ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xdb) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000080)={[0x8]}, 0x8) ioctl$PPPIOCATTACH(r0, 0x4004743d, &(0x7f00000000c0)) (async) ioctl$PPPIOCATTACH(r0, 0x4004743d, &(0x7f00000000c0)) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x7fff, 0x6576, 0xd}) (async) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x7fff, 0x6576, 0xd}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r1, 0x100000000) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r2, 0x5708e000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CHECK_EXTENSION-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-mmap-openat$kvm-openat$rnullb-mmap detailed listing: executing program 0: ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xdb) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x7fff, 0x6576, 0xd}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x12001, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r1, 0x5708e000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$dri-set_mempolicy-syz_open_procfs-read$FUSE-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-mmap-openat$rnullb-writev-openat$cgroup_int-write$cgroup_int-syz_open_dev$dri-syz_usb_connect-ioctl$sock_SIOCETHTOOL-mprotect-socket$inet_udplite-socket$tipc-mmap-setsockopt$TIPC_GROUP_JOIN-ioctl$SNDRV_CTL_IOCTL_TLV_READ-poll-socket$inet_udp-openat$apparmor_thread_exec-ioctl$FS_IOC_MEASURE_VERITY-ioctl$sock_SIOCETHTOOL-ioctl$DRM_IOCTL_MODE_DESTROY_DUMB-mmap detailed listing: executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) (async) set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00') read$FUSE(r1, &(0x7f0000002140)={0x2020}, 0x2020) (async) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x809, 0x9, 0x200c, 0x0, 0x0}) (async) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000001, 0x11, r0, 0x102000) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0) (async) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000)="480000001400190d09004beafc0d8c560a8447608004000000000000000000a2bc5603ca00000f7f89000000200000000101", 0x32}], 0x1) r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000100)='blkio.throttle.read_bps_device\x00', 0x2, 0x0) write$cgroup_int(r4, &(0x7f0000000180)=0xe, 0x12) syz_open_dev$dri(&(0x7f00000000c0), 0x9, 0x148c1) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0) (async) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'team_slave_0\x00', &(0x7f0000000140)=@ethtool_gstrings={0x1b, 0x6}}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) socket$inet_udplite(0x2, 0x2, 0x88) (async, rerun: 32) r5 = socket$tipc(0x1e, 0x2, 0x0) (rerun: 32) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2, 0x10010, r4, 0x3afc3000) (async) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000080)={0x42, 0x80000009, 0x2}, 0x10) (async) ioctl$SNDRV_CTL_IOCTL_TLV_READ(0xffffffffffffffff, 0xc008551a, &(0x7f0000000580)={0xb53, 0x4, [0x4]}) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) (async) r6 = socket$inet_udp(0x2, 0x2, 0x0) r7 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$FS_IOC_MEASURE_VERITY(r7, 0xc0046686, &(0x7f0000000240)={0x1, 0x7f, "9102572fb7aaef4f98bf78e43bf85301b4f5ca77e91e026f207aca0b87862b680530bad60de6ee05f63537e2694b91dc9facab9f023324d5f9f3652d9224f393fe2f82b8a9762a448b64cc0f70c193b67cedb950f46f50fc163ab593598ca5a9de5d7aae5b893e61ad5d934eb6626568a5f562ee6e7eedca3836dc1ad2d2c6"}) (async) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'wlan0\x00', 0x0}) (async) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r0, 0xc00464b4, &(0x7f0000000200)={r2}) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r3, 0x5708e000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$dri-set_mempolicy-syz_open_procfs-read$FUSE-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-mmap-openat$rnullb-writev-openat$cgroup_int-write$cgroup_int-syz_open_dev$dri-syz_usb_connect-ioctl$sock_SIOCETHTOOL-mprotect-socket$inet_udplite-socket$tipc-mmap-setsockopt$TIPC_GROUP_JOIN-ioctl$SNDRV_CTL_IOCTL_TLV_READ-poll-socket$inet_udp-openat$apparmor_thread_exec-ioctl$FS_IOC_MEASURE_VERITY-ioctl$sock_SIOCETHTOOL-ioctl$DRM_IOCTL_MODE_DESTROY_DUMB-mmap detailed listing: executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) (async) set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00') read$FUSE(r1, &(0x7f0000002140)={0x2020}, 0x2020) (async) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x809, 0x9, 0x200c, 0x0, 0x0}) (async) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000001, 0x11, r0, 0x102000) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0) (async) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000)="480000001400190d09004beafc0d8c560a8447608004000000000000000000a2bc5603ca00000f7f89000000200000000101", 0x32}], 0x1) r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000100)='blkio.throttle.read_bps_device\x00', 0x2, 0x0) write$cgroup_int(r4, &(0x7f0000000180)=0xe, 0x12) syz_open_dev$dri(&(0x7f00000000c0), 0x9, 0x148c1) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0) (async) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'team_slave_0\x00', &(0x7f0000000140)=@ethtool_gstrings={0x1b, 0x6}}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) socket$inet_udplite(0x2, 0x2, 0x88) (async, rerun: 32) r5 = socket$tipc(0x1e, 0x2, 0x0) (rerun: 32) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2, 0x10010, r4, 0x3afc3000) (async) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000080)={0x42, 0x80000009, 0x2}, 0x10) (async) ioctl$SNDRV_CTL_IOCTL_TLV_READ(0xffffffffffffffff, 0xc008551a, &(0x7f0000000580)={0xb53, 0x4, [0x4]}) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) (async) r6 = socket$inet_udp(0x2, 0x2, 0x0) r7 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$FS_IOC_MEASURE_VERITY(r7, 0xc0046686, &(0x7f0000000240)={0x1, 0x7f, "9102572fb7aaef4f98bf78e43bf85301b4f5ca77e91e026f207aca0b87862b680530bad60de6ee05f63537e2694b91dc9facab9f023324d5f9f3652d9224f393fe2f82b8a9762a448b64cc0f70c193b67cedb950f46f50fc163ab593598ca5a9de5d7aae5b893e61ad5d934eb6626568a5f562ee6e7eedca3836dc1ad2d2c6"}) (async) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'wlan0\x00', 0x0}) (async) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r0, 0xc00464b4, &(0x7f0000000200)={r2}) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r3, 0x5708e000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$iommufd-ioctl$IOMMU_IOAS_ALLOC-ioctl$IOMMU_TEST_OP_CREATE_ACCESS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_ADDFB2-ioctl$IOMMU_TEST_OP_DESTROY_ACCESS_PAGES-ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_RES_QP_GET-socket$pppoe-socketpair$nbd-ioctl$SIOCSIFHWADDR-connect$pppoe-ioctl$PPPIOCGCHAN-ioctl$PPPOEIOCSFWD-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-syz_init_net_socket$nl_generic-accept4$x25-close_range-syz_genetlink_get_family_id$nfc-sendmsg$NFC_CMD_ENABLE_SE-ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL detailed listing: executing program 0: r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r1, 0x0, 0x0, 0x1}) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r3, 0xc06864b8, &(0x7f00000000c0)={0x0, 0x3ff, 0xe0, 0x0, 0x3}) ioctl$IOMMU_TEST_OP_DESTROY_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000b80)={0x48, 0x6, r2}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000000)={"abde140cf04b6b2dd03b8fda435fcb3d", 0x0, 0x0, {0x7, 0x8}, {0x3, 0x8588}, 0x8, [0x400, 0x8001, 0x67c, 0x0, 0x7, 0x1, 0xffffffffffffffb3, 0x4, 0x9, 0x0, 0x401, 0xffff, 0x4, 0x4, 0x5, 0x1]}) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r5, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000000a14000227bd7000fedbdf2508000100000000000002000000080003000000000008000100020000000800010002000000"], 0x50}, 0x1, 0x0, 0x0, 0x81}, 0x20048080) r6 = socket$pppoe(0x18, 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r7, 0x8923, &(0x7f00000000c0)={'team_slave_1\x00', @random="2f304136b1ff"}) connect$pppoe(r6, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r6, 0x80047437, &(0x7f0000001f00)) ioctl$PPPOEIOCSFWD(r6, 0x4008b100, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, 0x0, 0x810) sendmsg$RDMA_NLDEV_CMD_DELLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = accept4$x25(r0, &(0x7f0000000340), &(0x7f00000003c0)=0x12, 0x0) close_range(r6, r9, 0x0) r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000003300), r8) sendmsg$NFC_CMD_ENABLE_SE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000033c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010029bd7000fcdbdf25110000000800150001000000080001"], 0x24}, 0x1, 0x0, 0x0, 0x20000044}, 0x20000010) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000100)={"000000000000000000020000000600", r4, r4, {0x4, 0x2}, {0x6, 0x2}, 0x8, [0x5, 0x4034db8a, 0x40000000000008, 0x1ff, 0xbae, 0x1cf9, 0x9, 0x8400001, 0x6000000000000, 0x8, 0xffff, 0x10000, 0x4000000000008, 0x1, 0x7, 0x200000000000001]}) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$iommufd-ioctl$IOMMU_IOAS_ALLOC-ioctl$IOMMU_TEST_OP_CREATE_ACCESS-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_ADDFB2-ioctl$IOMMU_TEST_OP_DESTROY_ACCESS_PAGES-ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_RES_QP_GET-socket$pppoe-socketpair$nbd-ioctl$SIOCSIFHWADDR-connect$pppoe-ioctl$PPPIOCGCHAN-ioctl$PPPOEIOCSFWD-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-syz_init_net_socket$nl_generic-accept4$x25-close_range-syz_genetlink_get_family_id$nfc-sendmsg$NFC_CMD_ENABLE_SE-ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL detailed listing: executing program 0: r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r1, 0x0, 0x0, 0x1}) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r3, 0xc06864b8, &(0x7f00000000c0)={0x0, 0x3ff, 0xe0, 0x0, 0x3}) ioctl$IOMMU_TEST_OP_DESTROY_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000b80)={0x48, 0x6, r2}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000000)={"abde140cf04b6b2dd03b8fda435fcb3d", 0x0, 0x0, {0x7, 0x8}, {0x3, 0x8588}, 0x8, [0x400, 0x8001, 0x67c, 0x0, 0x7, 0x1, 0xffffffffffffffb3, 0x4, 0x9, 0x0, 0x401, 0xffff, 0x4, 0x4, 0x5, 0x1]}) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r5, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000000a14000227bd7000fedbdf2508000100000000000002000000080003000000000008000100020000000800010002000000"], 0x50}, 0x1, 0x0, 0x0, 0x81}, 0x20048080) r6 = socket$pppoe(0x18, 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r7, 0x8923, &(0x7f00000000c0)={'team_slave_1\x00', @random="2f304136b1ff"}) connect$pppoe(r6, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r6, 0x80047437, &(0x7f0000001f00)) ioctl$PPPOEIOCSFWD(r6, 0x4008b100, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, 0x0, 0x810) sendmsg$RDMA_NLDEV_CMD_DELLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = accept4$x25(r0, &(0x7f0000000340), &(0x7f00000003c0)=0x12, 0x0) close_range(r6, r9, 0x0) r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000003300), r8) sendmsg$NFC_CMD_ENABLE_SE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000033c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010029bd7000fcdbdf25110000000800150001000000080001"], 0x24}, 0x1, 0x0, 0x0, 0x20000044}, 0x20000010) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000100)={"000000000000000000020000000600", r4, r4, {0x4, 0x2}, {0x6, 0x2}, 0x8, [0x5, 0x4034db8a, 0x40000000000008, 0x1ff, 0xbae, 0x1cf9, 0x9, 0x8400001, 0x6000000000000, 0x8, 0xffff, 0x10000, 0x4000000000008, 0x1, 0x7, 0x200000000000001]}) program crashed: lost connection to test machine suppressed program crash: lost connection to test machine testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CHECK_EXTENSION-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-mmap-openat-sendmsg$unix-syz_init_net_socket$bt_sco-setsockopt$inet6_IPV6_ADDRFORM-mount-openat$rnullb-mmap detailed listing: executing program 0: ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xdb) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x7fff, 0x6576, 0xd}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5, &(0x7f0000000040), 0xfffffffffffffd75, 0x4040000}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000040), 0x4) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01') r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r1, 0x5708e000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_netfilter-syz_genetlink_get_family_id$batadv-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_TP_METER_CANCEL-ioctl$KVM_CHECK_EXTENSION-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-socket$alg-bind$alg-accept$alg-write$binfmt_script-mmap-openat$rnullb-mmap detailed listing: executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000001100), 0xffffffffffffffff) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000001140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000080)=ANY=[@ANYBLOB="d8e16fd989700d67fa29b25a18ea2a7b610eec1861bb3a264b1bcbd288296075112a4a1d7606341b63438834ea0228a2705e7d38fba8767f66c6eb5608de39c38374e0fd5d3cb67d4ad7c93c5d77203c1790ee403fb5aeb005d73ff0e12100000000000000", @ANYRES16=r2, @ANYBLOB="010026bd7000fddbdf250300000008000300", @ANYRES32=r3, @ANYBLOB="0a000900f9b7b5acfe1e0000"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8000000) (async) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xdb) (async, rerun: 32) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) (rerun: 32) ioctl$VT_ACTIVATE(r4, 0x5606, 0x0) (async) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x7fff, 0x6576, 0xd}) (async) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r7 = accept$alg(r6, 0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) (async) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r5, 0x100000000) r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r8, 0x5708e000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CHECK_EXTENSION-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-mmap-openat-sendmsg$unix-syz_init_net_socket$bt_sco-setsockopt$inet6_IPV6_ADDRFORM-mount-openat$rnullb-mmap detailed listing: executing program 0: ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xdb) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x7fff, 0x6576, 0xd}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5, &(0x7f0000000040), 0xfffffffffffffd75, 0x4040000}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000040), 0x4) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01') r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r1, 0x5708e000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$nl_netfilter-syz_genetlink_get_family_id$batadv-ioctl$ifreq_SIOCGIFINDEX_batadv_mesh-sendmsg$BATADV_CMD_TP_METER_CANCEL-ioctl$KVM_CHECK_EXTENSION-syz_open_dev$tty1-ioctl$VT_ACTIVATE-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_CREATE_DUMB-socket$alg-bind$alg-accept$alg-write$binfmt_script-mmap-openat$rnullb-mmap detailed listing: executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000001100), 0xffffffffffffffff) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000001140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000080)=ANY=[@ANYBLOB="d8e16fd989700d67fa29b25a18ea2a7b610eec1861bb3a264b1bcbd288296075112a4a1d7606341b63438834ea0228a2705e7d38fba8767f66c6eb5608de39c38374e0fd5d3cb67d4ad7c93c5d77203c1790ee403fb5aeb005d73ff0e12100000000000000", @ANYRES16=r2, @ANYBLOB="010026bd7000fddbdf250300000008000300", @ANYRES32=r3, @ANYBLOB="0a000900f9b7b5acfe1e0000"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8000000) (async) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xdb) (async, rerun: 32) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) (rerun: 32) ioctl$VT_ACTIVATE(r4, 0x5606, 0x0) (async) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x7fff, 0x6576, 0xd}) (async) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r7 = accept$alg(r6, 0x0, 0x0) write$binfmt_script(r7, 0x0, 0x0) (async) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r5, 0x100000000) r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x88980, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r8, 0x5708e000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$vicodec1-ioctl$VIDIOC_SUBDEV_G_EDID-openat$nci-write$nci-syz_init_net_socket$nl_generic-sendmsg$NFC_CMD_DEV_UP-ioctl$FIGETBSZ-ioctl$DMA_HEAP_IOCTL_ALLOC-ioctl$KVM_CREATE_VCPU-ioctl$VIDIOC_S_INPUT-ioctl$KVM_REGISTER_COALESCED_MMIO-ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID-syz_genetlink_get_family_id$ieee802154-ioctl$KVM_RUN-shmget-shmctl$SHM_STAT_ANY-mkdirat$cgroup_root-shmctl$IPC_SET-bind$netlink-ioctl$SNDRV_CTL_IOCTL_ELEM_LIST-setsockopt$bt_BT_VOICE-syz_genetlink_get_family_id$netlbl_calipso-sendmsg$NLBL_CALIPSO_C_ADD-connect$vsock_stream-ioctl$KVM_REGISTER_COALESCED_MMIO-ioctl$sock_FIOGETOWN-fcntl$getown-ioctl$sock_SIOCGIFINDEX_802154-ioctl$TIOCGSID-sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS detailed listing: executing program 0: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(r0, 0xc0285628, &(0x7f0000000080)={0x0, 0xb, 0x1, '\x00', &(0x7f0000000040)=0x9}) r1 = openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$nci(r1, &(0x7f0000000100)=@NCI_OP_CORE_INIT_RSP={0x0, 0x1, 0x2, 0x1, 0x41, {{0x0, 0x59d}, {0xfc, 0x3, 0x8, 0x10, 0x1, 0x1}}}, 0x14) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000041}, 0x0) ioctl$FIGETBSZ(r1, 0x2, &(0x7f00000001c0)) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000200)={0x5, r1, 0x1}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000240)=0x8) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000280)={0x80a0000, 0x10000}) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r4, 0x4068aea3, &(0x7f00000002c0)) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r5 = shmget(0x1, 0x3000, 0x8, &(0x7f0000ffc000/0x3000)=nil) shmctl$SHM_STAT_ANY(r5, 0xf, &(0x7f0000000380)=""/60) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.net/syz0\x00', 0x1ff) shmctl$IPC_SET(r5, 0x1, 0xfffffffffffffffc) bind$netlink(0xffffffffffffffff, &(0x7f0000000400)={0x10, 0x0, 0x25dfdbfb, 0x40000}, 0xc) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0505510, &(0x7f00000004c0)={0x7f, 0x2, 0x0, 0x8a4, &(0x7f0000000440)=[{}, {}]}) setsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000540)=0x63, 0x2) r6 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000005c0), r2) sendmsg$NLBL_CALIPSO_C_ADD(r2, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, r6, 0x4, 0x70bd28, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x4000000) connect$vsock_stream(r3, &(0x7f00000006c0), 0x10) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000700)={0x8000000, 0x10000}) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000780)=0x0) r8 = fcntl$getown(r4, 0x9) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan1\x00', 0x0}) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000800)=0x0) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r2, &(0x7f0000000900)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x64, 0x0, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_PID={0x8, 0x1c, r7}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r3}, @NL802154_ATTR_PID={0x8, 0x1c, r10}]}, 0x64}, 0x1, 0x0, 0x0, 0x48881}, 0x800) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$vicodec1-ioctl$VIDIOC_SUBDEV_G_EDID-openat$nci-write$nci-syz_init_net_socket$nl_generic-sendmsg$NFC_CMD_DEV_UP-ioctl$FIGETBSZ-ioctl$DMA_HEAP_IOCTL_ALLOC-ioctl$KVM_CREATE_VCPU-ioctl$VIDIOC_S_INPUT-ioctl$KVM_REGISTER_COALESCED_MMIO-ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID-syz_genetlink_get_family_id$ieee802154-ioctl$KVM_RUN-shmget-shmctl$SHM_STAT_ANY-mkdirat$cgroup_root-shmctl$IPC_SET-bind$netlink-ioctl$SNDRV_CTL_IOCTL_ELEM_LIST-setsockopt$bt_BT_VOICE-syz_genetlink_get_family_id$netlbl_calipso-sendmsg$NLBL_CALIPSO_C_ADD-connect$vsock_stream-ioctl$KVM_REGISTER_COALESCED_MMIO-ioctl$sock_FIOGETOWN-fcntl$getown-ioctl$sock_SIOCGIFINDEX_802154-ioctl$TIOCGSID-sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS detailed listing: executing program 0: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(r0, 0xc0285628, &(0x7f0000000080)={0x0, 0xb, 0x1, '\x00', &(0x7f0000000040)=0x9}) r1 = openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$nci(r1, &(0x7f0000000100)=@NCI_OP_CORE_INIT_RSP={0x0, 0x1, 0x2, 0x1, 0x41, {{0x0, 0x59d}, {0xfc, 0x3, 0x8, 0x10, 0x1, 0x1}}}, 0x14) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000041}, 0x0) ioctl$FIGETBSZ(r1, 0x2, &(0x7f00000001c0)) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000200)={0x5, r1, 0x1}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000240)=0x8) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000280)={0x80a0000, 0x10000}) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r4, 0x4068aea3, &(0x7f00000002c0)) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r5 = shmget(0x1, 0x3000, 0x8, &(0x7f0000ffc000/0x3000)=nil) shmctl$SHM_STAT_ANY(r5, 0xf, &(0x7f0000000380)=""/60) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.net/syz0\x00', 0x1ff) shmctl$IPC_SET(r5, 0x1, 0xfffffffffffffffc) bind$netlink(0xffffffffffffffff, &(0x7f0000000400)={0x10, 0x0, 0x25dfdbfb, 0x40000}, 0xc) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0505510, &(0x7f00000004c0)={0x7f, 0x2, 0x0, 0x8a4, &(0x7f0000000440)=[{}, {}]}) setsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000540)=0x63, 0x2) r6 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000005c0), r2) sendmsg$NLBL_CALIPSO_C_ADD(r2, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, r6, 0x4, 0x70bd28, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x4000000) connect$vsock_stream(r3, &(0x7f00000006c0), 0x10) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000700)={0x8000000, 0x10000}) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000780)=0x0) r8 = fcntl$getown(r4, 0x9) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000007c0)={'wpan1\x00', 0x0}) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000800)=0x0) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r2, &(0x7f0000000900)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x64, 0x0, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_PID={0x8, 0x1c, r7}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, r8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r3}, @NL802154_ATTR_PID={0x8, 0x1c, r10}]}, 0x64}, 0x1, 0x0, 0x0, 0x48881}, 0x800) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-syz_genetlink_get_family_id$mptcp-socket$nl_generic-syz_genetlink_get_family_id$batadv-sendmsg$BATADV_CMD_SET_MESH-ftruncate-sendfile-openat-openat-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) syz_genetlink_get_family_id$mptcp(0x0, r6) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYBLOB, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x200000c0) ftruncate(r7, 0x2007ffb) sendfile(r7, r7, 0x0, 0x1000000201005) r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) sendfile(r9, r8, 0x0, 0x7ffff000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-syz_genetlink_get_family_id$mptcp-socket$nl_generic-syz_genetlink_get_family_id$batadv-sendmsg$BATADV_CMD_SET_MESH-ftruncate-sendfile-openat-openat-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) syz_genetlink_get_family_id$mptcp(0x0, r6) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYBLOB, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x200000c0) ftruncate(r7, 0x2007ffb) sendfile(r7, r7, 0x0, 0x1000000201005) r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) sendfile(r9, r8, 0x0, 0x7ffff000) program crashed: WARNING in copy_process single: successfully extracted reproducer found reproducer with 30 syscalls minimizing guilty program testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-syz_genetlink_get_family_id$mptcp-socket$nl_generic-syz_genetlink_get_family_id$batadv-sendmsg$BATADV_CMD_SET_MESH-ftruncate-sendfile-openat-openat detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) syz_genetlink_get_family_id$mptcp(0x0, r6) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYBLOB, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x200000c0) ftruncate(r7, 0x2007ffb) sendfile(r7, r7, 0x0, 0x1000000201005) openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0) openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-syz_genetlink_get_family_id$mptcp-socket$nl_generic-syz_genetlink_get_family_id$batadv-sendmsg$BATADV_CMD_SET_MESH-ftruncate-sendfile-openat detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) syz_genetlink_get_family_id$mptcp(0x0, r6) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYBLOB, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x200000c0) ftruncate(r7, 0x2007ffb) sendfile(r7, r7, 0x0, 0x1000000201005) openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-syz_genetlink_get_family_id$mptcp-socket$nl_generic-syz_genetlink_get_family_id$batadv-sendmsg$BATADV_CMD_SET_MESH-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) syz_genetlink_get_family_id$mptcp(0x0, r6) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYBLOB, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x200000c0) ftruncate(r7, 0x2007ffb) sendfile(r7, r7, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-syz_genetlink_get_family_id$mptcp-socket$nl_generic-syz_genetlink_get_family_id$batadv-sendmsg$BATADV_CMD_SET_MESH-ftruncate detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) syz_genetlink_get_family_id$mptcp(0x0, r6) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYBLOB, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x200000c0) ftruncate(r7, 0x2007ffb) program did not crash testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-syz_genetlink_get_family_id$mptcp-socket$nl_generic-syz_genetlink_get_family_id$batadv-sendmsg$BATADV_CMD_SET_MESH-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) syz_genetlink_get_family_id$mptcp(0x0, r6) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYBLOB, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x200000c0) sendfile(r7, r7, 0x0, 0x1000000201005) program did not crash testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-syz_genetlink_get_family_id$mptcp-socket$nl_generic-syz_genetlink_get_family_id$batadv-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) syz_genetlink_get_family_id$mptcp(0x0, r6) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) ftruncate(r7, 0x2007ffb) sendfile(r7, r7, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-syz_genetlink_get_family_id$mptcp-socket$nl_generic-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) syz_genetlink_get_family_id$mptcp(0x0, r6) socket$nl_generic(0x10, 0x3, 0x10) ftruncate(r7, 0x2007ffb) sendfile(r7, r7, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-syz_genetlink_get_family_id$mptcp-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) syz_genetlink_get_family_id$mptcp(0x0, r6) ftruncate(r7, 0x2007ffb) sendfile(r7, r7, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r7, 0x2007ffb) sendfile(r7, r7, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) fchdir(r6) ftruncate(0xffffffffffffffff, 0x2007ffb) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1000000201005) program did not crash testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) fsmount(r5, 0x0, 0x0) r6 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r6, 0x2007ffb) sendfile(r6, r6, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-fsconfig$FSCONFIG_CMD_CREATE-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r6, 0x2007ffb) sendfile(r6, r6, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-fsopen-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) r5 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r5, 0x2007ffb) sendfile(r5, r5, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-umount2-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000180)='./file0\x00', 0x1) r5 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r5, 0x2007ffb) sendfile(r5, r5, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open_tree-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r5 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r5, 0x2007ffb) sendfile(r5, r5, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r5 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r5, 0x2007ffb) sendfile(r5, r5, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) r3 = open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r4, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x1}}, './file0\x00'}) r5 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r5, 0x2007ffb) sendfile(r5, r5, 0x0, 0x1000000201005) program did not crash testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-mount$bind-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r2, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x803400, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r3, 0x2007ffb) sendfile(r3, r3, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-write-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) write(r2, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76546bdea5727b99", 0x24) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r3, 0x2007ffb) sendfile(r3, r3, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-setsockopt$netlink_NETLINK_TX_RING-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000180)={0x1000003, 0x0, 0x4, 0x722}, 0x10) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r3, 0x2007ffb) sendfile(r3, r3, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-socket-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) socket(0x10, 0x3, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-open-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) open(&(0x7f0000000080)='.\x00', 0x323303, 0x122) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-open-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46faf) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-signalfd-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) signalfd(r0, &(0x7f0000000000)={[0x9]}, 0x8) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mount$9p_fd-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}}) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r1, 0x2007ffb) sendfile(r1, r1, 0x0, 0x1000000201005) program crashed: lost connection to test machine suppressed program crash: lost connection to test machine testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-syz_open_procfs-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r1, 0x2007ffb) sendfile(r1, r1, 0x0, 0x1000000201005) program did not crash testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-openat$sndtimer-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r1, 0x2007ffb) sendfile(r1, r1, 0x0, 0x1000000201005) program did not crash testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program crashed: WARNING in copy_process testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r1, 0x2007ffb) sendfile(r1, r1, 0x0, 0x1000000201005) program did not crash testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, 0x0, 0x141342, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program did not crash testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r1 = syz_open_procfs(0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program did not crash testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program did not crash testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program did not crash testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r1, 0x2007ffb) sendfile(r1, r1, 0x0, 0x1000000201005) program did not crash testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(0x0, 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program did not crash extracting C reproducer testing compiled C program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile program crashed: no output from test machine a never seen crash title: no output from test machine, ignore simplifying guilty program options testing program (duration=8m49.935319144s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program did not crash testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program did not crash testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program crashed: WARNING in copy_process validation run: crashed=true testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program crashed: WARNING in copy_process suppressed program crash: WARNING in copy_process validation run: crashed=false testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program did not crash validation run: crashed=false testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program crashed: WARNING in copy_process validation run: crashed=true testing program (duration=8m49.935319144s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rnullb-syz_open_procfs-mount$9p_fd-mmap-syz_clone-open-ftruncate-sendfile detailed listing: executing program 0: r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) program crashed: WARNING in copy_process validation run: crashed=true reproducing took 7h22m11.561614691s repro crashed as (corrupted=false): ------------[ cut here ]------------ pvqspinlock: lock 0xffff8881c5419bc0 has corrupted value 0x0! WARNING: kernel/locking/qspinlock_paravirt.h:506 at __pv_queued_spin_unlock_slowpath+0x1fe/0x2a0 kernel/locking/qspinlock_paravirt.h:504, CPU#1: syz.6.106/8286 Modules linked in: CPU: 1 UID: 0 PID: 8286 Comm: syz.6.106 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:__pv_queued_spin_unlock_slowpath+0x1fe/0x2a0 kernel/locking/qspinlock_paravirt.h:504 Code: f8 a8 9b f6 48 89 d8 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 93 00 00 00 8b 13 48 c7 c7 00 0c ab 8b 48 89 de e8 73 9c fb f5 90 <0f> 0b 90 90 eb 95 48 c7 c7 90 e4 40 8e 4c 89 f6 4c 89 fa e8 fa c5 RSP: 0018:ffffc900100c78c0 EFLAGS: 00010246 RAX: 9e0501aa69750800 RBX: ffff8881c5419bc0 RCX: ffff8881921f9e00 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 RBP: 1ffff11038a83379 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffffbfff1c7a604 R12: dffffc0000000000 R13: dffffc0000000000 R14: ffff8881c5419bd0 R15: ffff8881c5419bc8 FS: 0000555565514500(0000) GS:ffff8881258c4000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8801a12e9c CR3: 00000001d6f0c000 CR4: 00000000003526f0 Call Trace: __raw_callee_save___pv_queued_spin_unlock_slowpath+0x15/0x30 .slowpath+0x9/0x18 pv_queued_spin_unlock arch/x86/include/asm/paravirt.h:562 [inline] queued_spin_unlock arch/x86/include/asm/qspinlock.h:57 [inline] do_raw_spin_unlock+0x122/0x240 kernel/locking/spinlock_debug.c:142 __raw_spin_unlock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_unlock+0x1e/0x50 kernel/locking/spinlock.c:186 spin_unlock include/linux/spinlock.h:391 [inline] copy_process+0x2793/0x3c00 kernel/fork.c:2435 kernel_clone+0x21e/0x840 kernel/fork.c:2608 __do_sys_clone3 kernel/fork.c:2912 [inline] __se_sys_clone3+0x256/0x2d0 kernel/fork.c:2891 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb44b1c3449 Code: d7 08 00 48 8d 3d fc d7 08 00 e8 12 29 f6 ff 66 90 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 RSP: 002b:00007ffc514a7578 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 RAX: ffffffffffffffda RBX: 00007fb44b145860 RCX: 00007fb44b1c3449 RDX: 00007fb44b145860 RSI: 0000000000000058 RDI: 00007ffc514a75c0 RBP: 00007fb44a7fe6c0 R08: 00007fb44a7fe6c0 R09: 00007ffc514a76a7 R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffa8 R13: 000000000000000b R14: 00007ffc514a75c0 R15: 00007ffc514a76a8 final repro crashed as (corrupted=false): ------------[ cut here ]------------ pvqspinlock: lock 0xffff8881c5419bc0 has corrupted value 0x0! WARNING: kernel/locking/qspinlock_paravirt.h:506 at __pv_queued_spin_unlock_slowpath+0x1fe/0x2a0 kernel/locking/qspinlock_paravirt.h:504, CPU#1: syz.6.106/8286 Modules linked in: CPU: 1 UID: 0 PID: 8286 Comm: syz.6.106 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:__pv_queued_spin_unlock_slowpath+0x1fe/0x2a0 kernel/locking/qspinlock_paravirt.h:504 Code: f8 a8 9b f6 48 89 d8 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 93 00 00 00 8b 13 48 c7 c7 00 0c ab 8b 48 89 de e8 73 9c fb f5 90 <0f> 0b 90 90 eb 95 48 c7 c7 90 e4 40 8e 4c 89 f6 4c 89 fa e8 fa c5 RSP: 0018:ffffc900100c78c0 EFLAGS: 00010246 RAX: 9e0501aa69750800 RBX: ffff8881c5419bc0 RCX: ffff8881921f9e00 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 RBP: 1ffff11038a83379 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffffbfff1c7a604 R12: dffffc0000000000 R13: dffffc0000000000 R14: ffff8881c5419bd0 R15: ffff8881c5419bc8 FS: 0000555565514500(0000) GS:ffff8881258c4000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8801a12e9c CR3: 00000001d6f0c000 CR4: 00000000003526f0 Call Trace: __raw_callee_save___pv_queued_spin_unlock_slowpath+0x15/0x30 .slowpath+0x9/0x18 pv_queued_spin_unlock arch/x86/include/asm/paravirt.h:562 [inline] queued_spin_unlock arch/x86/include/asm/qspinlock.h:57 [inline] do_raw_spin_unlock+0x122/0x240 kernel/locking/spinlock_debug.c:142 __raw_spin_unlock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_unlock+0x1e/0x50 kernel/locking/spinlock.c:186 spin_unlock include/linux/spinlock.h:391 [inline] copy_process+0x2793/0x3c00 kernel/fork.c:2435 kernel_clone+0x21e/0x840 kernel/fork.c:2608 __do_sys_clone3 kernel/fork.c:2912 [inline] __se_sys_clone3+0x256/0x2d0 kernel/fork.c:2891 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb44b1c3449 Code: d7 08 00 48 8d 3d fc d7 08 00 e8 12 29 f6 ff 66 90 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 RSP: 002b:00007ffc514a7578 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 RAX: ffffffffffffffda RBX: 00007fb44b145860 RCX: 00007fb44b1c3449 RDX: 00007fb44b145860 RSI: 0000000000000058 RDI: 00007ffc514a75c0 RBP: 00007fb44a7fe6c0 R08: 00007fb44a7fe6c0 R09: 00007ffc514a76a7 R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffa8 R13: 000000000000000b R14: 00007ffc514a75c0 R15: 00007ffc514a76a8