Extracting prog: 47.724020882s
Minimizing prog: 25m32.22707821s
Simplifying prog options: 0s
Extracting C: 24.061112941s
Simplifying C: 4m4.591268083s


24 programs, timeouts [30s 1m40s 6m0s]
extracting reproducer from 24 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-timer_create-timer_settime-openat$cgroup_ro-write$binfmt_script-ioctl$sock_inet_SIOCSIFADDR-sendfile-write$sndseq-write$sndseq-bind$bt_hci-ioctl$SG_GET_REQUEST_TABLE-bpf$PROG_LOAD-bpf$BPF_PROG_TEST_RUN
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000002c0)={'veth0_virt_wifi\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}})
sendfile(r3, r4, &(0x7f0000000100), 0x10001)
write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r2, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0xfc, @time={0x1, 0x81}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time={0xfffffff9, 0x1005}, {}, {}, @addr={0xa, 0xe}}, {0x9, 0x3f, 0x0, 0x0, @time={0x4, 0x2}, {0x10}, {}, @time}, {0x0, 0x0, 0x0, 0x10, @time={0xbf9e}, {}, {}, @queue={0xbe, {0x3, 0x8}}}, {0x0, 0x3, 0x0, 0xfe, @time, {0x0, 0x1f}, {}, @connect={{0x3}, {0x4, 0x3}}}], 0x8c)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)
ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f00000018c0))
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000e8ffffff00000000000000008500000036000000850000000700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r5, 0x27, 0x0, 0x0, 0x0, 0x0, 0x8ff, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xa6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
single: successfully extracted reproducer
found reproducer with 25 syscalls
minimizing guilty program
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-timer_create-timer_settime-openat$cgroup_ro-write$binfmt_script-ioctl$sock_inet_SIOCSIFADDR-sendfile-write$sndseq-write$sndseq-bind$bt_hci-ioctl$SG_GET_REQUEST_TABLE-bpf$PROG_LOAD
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000002c0)={'veth0_virt_wifi\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}})
sendfile(r3, r4, &(0x7f0000000100), 0x10001)
write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r2, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0xfc, @time={0x1, 0x81}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time={0xfffffff9, 0x1005}, {}, {}, @addr={0xa, 0xe}}, {0x9, 0x3f, 0x0, 0x0, @time={0x4, 0x2}, {0x10}, {}, @time}, {0x0, 0x0, 0x0, 0x10, @time={0xbf9e}, {}, {}, @queue={0xbe, {0x3, 0x8}}}, {0x0, 0x3, 0x0, 0xfe, @time, {0x0, 0x1f}, {}, @connect={{0x3}, {0x4, 0x3}}}], 0x8c)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)
ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f00000018c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000e8ffffff00000000000000008500000036000000850000000700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-timer_create-timer_settime-openat$cgroup_ro-write$binfmt_script-ioctl$sock_inet_SIOCSIFADDR-sendfile-write$sndseq-write$sndseq-bind$bt_hci-ioctl$SG_GET_REQUEST_TABLE
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000002c0)={'veth0_virt_wifi\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}})
sendfile(r3, r4, &(0x7f0000000100), 0x10001)
write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r2, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0xfc, @time={0x1, 0x81}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time={0xfffffff9, 0x1005}, {}, {}, @addr={0xa, 0xe}}, {0x9, 0x3f, 0x0, 0x0, @time={0x4, 0x2}, {0x10}, {}, @time}, {0x0, 0x0, 0x0, 0x10, @time={0xbf9e}, {}, {}, @queue={0xbe, {0x3, 0x8}}}, {0x0, 0x3, 0x0, 0xfe, @time, {0x0, 0x1f}, {}, @connect={{0x3}, {0x4, 0x3}}}], 0x8c)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)
ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f00000018c0))

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-timer_create-timer_settime-openat$cgroup_ro-write$binfmt_script-ioctl$sock_inet_SIOCSIFADDR-sendfile-write$sndseq-write$sndseq-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000002c0)={'veth0_virt_wifi\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}})
sendfile(r3, r4, &(0x7f0000000100), 0x10001)
write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r2, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0xfc, @time={0x1, 0x81}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time={0xfffffff9, 0x1005}, {}, {}, @addr={0xa, 0xe}}, {0x9, 0x3f, 0x0, 0x0, @time={0x4, 0x2}, {0x10}, {}, @time}, {0x0, 0x0, 0x0, 0x10, @time={0xbf9e}, {}, {}, @queue={0xbe, {0x3, 0x8}}}, {0x0, 0x3, 0x0, 0xfe, @time, {0x0, 0x1f}, {}, @connect={{0x3}, {0x4, 0x3}}}], 0x8c)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-timer_create-timer_settime-openat$cgroup_ro-write$binfmt_script-ioctl$sock_inet_SIOCSIFADDR-sendfile-write$sndseq-write$sndseq
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000002c0)={'veth0_virt_wifi\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}})
sendfile(r3, r4, &(0x7f0000000100), 0x10001)
write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r2, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0xfc, @time={0x1, 0x81}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time={0xfffffff9, 0x1005}, {}, {}, @addr={0xa, 0xe}}, {0x9, 0x3f, 0x0, 0x0, @time={0x4, 0x2}, {0x10}, {}, @time}, {0x0, 0x0, 0x0, 0x10, @time={0xbf9e}, {}, {}, @queue={0xbe, {0x3, 0x8}}}, {0x0, 0x3, 0x0, 0xfe, @time, {0x0, 0x1f}, {}, @connect={{0x3}, {0x4, 0x3}}}], 0x8c)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-timer_create-timer_settime-openat$cgroup_ro-write$binfmt_script-ioctl$sock_inet_SIOCSIFADDR-sendfile-write$sndseq-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000002c0)={'veth0_virt_wifi\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}})
sendfile(r3, r4, &(0x7f0000000100), 0x10001)
write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-timer_create-timer_settime-openat$cgroup_ro-write$binfmt_script-ioctl$sock_inet_SIOCSIFADDR-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000002c0)={'veth0_virt_wifi\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}})
sendfile(r3, r4, &(0x7f0000000100), 0x10001)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-timer_create-timer_settime-openat$cgroup_ro-write$binfmt_script-ioctl$sock_inet_SIOCSIFADDR-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f000000e0c0), 0x10010)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000002c0)={'veth0_virt_wifi\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}})
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-timer_create-timer_settime-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010)
sendfile(r3, r4, &(0x7f0000000100), 0x10001)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-timer_create-timer_settime-openat$cgroup_ro-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
sendfile(r3, r4, &(0x7f0000000100), 0x10001)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-timer_create-timer_settime-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f000000e0c0), 0x10010)
sendfile(r3, 0xffffffffffffffff, &(0x7f0000000100), 0x10001)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-timer_create-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040))
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010)
sendfile(r3, r4, &(0x7f0000000100), 0x10001)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010)
sendfile(r3, r4, &(0x7f0000000100), 0x10001)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-socket$inet6_tcp-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010)
sendfile(r3, r4, &(0x7f0000000100), 0x10001)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-ioperm-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f000000e0c0), 0x10010)
sendfile(0xffffffffffffffff, r3, &(0x7f0000000100), 0x10001)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-fcntl$dupfd-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010)
sendfile(r3, r4, &(0x7f0000000100), 0x10001)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-write$binfmt_script-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f000000e0c0), 0x10010)
sendfile(r2, r3, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-openat$cgroup_ro-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f000000e0c0), 0x10010)
sendfile(r2, r3, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f000000e0c0), 0x10010)
sendfile(r1, r2, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-timer_settime-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f000000e0c0), 0x10010)
sendfile(r1, r2, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-timer_create-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
chdir(&(0x7f0000000400)='./file0\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f000000e0c0), 0x10010)
sendfile(r1, r2, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000400)='./file0\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f000000e0c0), 0x10010)
sendfile(r1, r2, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mkdirat-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f000000e0c0), 0x10010)
sendfile(r1, r2, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-ioctl$SG_IO-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000400)='./file0\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f000000e0c0), 0x10010)
sendfile(r1, r2, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000400)='./file0\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
sendfile(r0, r1, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000400)='./file0\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
sendfile(r0, r1, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000400)='./file0\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
sendfile(r0, r1, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000400)='./file0\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
sendfile(r0, r1, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), 0x0, &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000400)='./file0\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
sendfile(r0, r1, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', 0x0, 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000400)='./file0\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
sendfile(r0, r1, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
sendfile(r0, r1, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB])
chdir(&(0x7f0000000400)='./file0\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
sendfile(r0, r1, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
sendfile(r0, r1, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000400)='./file0\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
sendfile(r0, r1, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000400)='./file0\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
sendfile(r0, r1, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000400)='./file0\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, 0x0, 0x0)
sendfile(r0, r1, &(0x7f0000000100), 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program did not crash
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000400)='./file0\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
sendfile(r0, r1, 0x0, 0x10001)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000400)='./file0\x00')
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
sendfile(r0, r1, 0x0, 0x10001)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)

program crashed: kernel BUG in __iov_iter_get_pages_alloc
extracting C reproducer
testing compiled C program (duration=36.594166959s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
program crashed: kernel BUG in __iov_iter_get_pages_alloc
simplifying C reproducer
testing compiled C program (duration=36.594166959s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing compiled C program (duration=36.594166959s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
program did not crash
testing compiled C program (duration=36.594166959s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing compiled C program (duration=36.594166959s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing compiled C program (duration=36.594166959s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing compiled C program (duration=36.594166959s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing compiled C program (duration=36.594166959s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
program crashed: kernel BUG in __iov_iter_get_pages_alloc
testing compiled C program (duration=36.594166959s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-socket$inet6_tcp-sendmsg$AUDIT_MAKE_EQUIV-openat$cgroup_ro-write$binfmt_script-sendfile-bind$bt_hci
program crashed: kernel BUG in __iov_iter_get_pages_alloc
reproducing took 30m48.603504767s
repro crashed as (corrupted=false):
 __do_sys_exit_group kernel/exit.c:1042 [inline]
 __se_sys_exit_group kernel/exit.c:1040 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1040
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
------------[ cut here ]------------
kernel BUG at include/linux/mm.h:1460!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 3 UID: 0 PID: 5328 Comm: syz-executor424 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:folio_get include/linux/mm.h:1460 [inline]
RIP: 0010:get_page include/linux/mm.h:1466 [inline]
RIP: 0010:iter_folioq_get_pages lib/iov_iter.c:1030 [inline]
RIP: 0010:__iov_iter_get_pages_alloc+0x1d1e/0x2240 lib/iov_iter.c:1201
Code: b0 8b 48 89 df e8 82 b1 48 fd 90 0f 0b 49 89 c5 e9 99 f6 ff ff e8 42 30 04 fd 48 c7 c6 00 b7 b0 8b 4c 89 e7 e8 63 b1 48 fd 90 <0f> 0b e8 2b 30 04 fd 4c 8b 64 24 48 49 83 ec 01 e9 94 fd ff ff 4c
RSP: 0018:ffffc90004276ec8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffc90004276d70
RDX: ffff888029128000 RSI: ffffffff8487a8ad RDI: ffff888029128444
RBP: ffffea0000e68174 R08: 0000000000000000 R09: fffffbfff203b333
R10: ffffffff901d999f R11: 0000000000000000 R12: ffffea0000e68140
R13: ffff88802c710800 R14: 0000000000001000 R15: 0000000000001000
FS:  0000000000000000(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa4675e2110 CR3: 000000000db7c000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 iov_iter_get_pages_alloc2+0x53/0xf0 lib/iov_iter.c:1225
 p9_get_mapped_pages.part.0.constprop.0+0x4ca/0x7d0 net/9p/trans_virtio.c:333
 p9_get_mapped_pages net/9p/trans_virtio.c:318 [inline]
 p9_virtio_zc_request+0x1be/0x1390 net/9p/trans_virtio.c:439
 p9_client_zc_rpc.constprop.0+0x29a/0x880 net/9p/client.c:808
 p9_client_write+0x447/0x680 net/9p/client.c:1631
 v9fs_issue_write+0xe2/0x180 fs/9p/vfs_addr.c:59
 netfs_do_issue_write+0x92/0x110 fs/netfs/write_issue.c:223
 netfs_issue_write fs/netfs/write_issue.c:250 [inline]
 netfs_advance_write fs/netfs/write_issue.c:291 [inline]
 netfs_advance_write+0x384/0xbd0 fs/netfs/write_issue.c:259
 netfs_write_folio+0xc44/0x18f0 fs/netfs/write_issue.c:469
 netfs_writepages+0x2ba/0xb90 fs/netfs/write_issue.c:541
 do_writepages+0x1a3/0x7f0 mm/page-writeback.c:2683
 filemap_fdatawrite_wbc mm/filemap.c:397 [inline]
 filemap_fdatawrite_wbc+0x148/0x1c0 mm/filemap.c:387
 __filemap_fdatawrite_range+0xba/0x100 mm/filemap.c:430
 v9fs_dir_release+0x429/0x590 fs/9p/vfs_dir.c:219
 __fput+0x3f6/0xb60 fs/file_table.c:431
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xaa3/0x2bb0 kernel/exit.c:882
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1031
 __do_sys_exit_group kernel/exit.c:1042 [inline]
 __se_sys_exit_group kernel/exit.c:1040 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1040
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa467566c89
Code: Unable to access opcode bytes at 0x7fa467566c5f.
RSP: 002b:00007ffc50f57838 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa467566c89
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007fa4675e12b0 R08: ffffffffffffffb8 R09: 0000000000000006
R10: 0000000000000006 R11: 0000000000000246 R12: 00007fa4675e12b0
R13: 0000000000000000 R14: 00007fa4675e1d00 R15: 00007fa467537ed0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:folio_get include/linux/mm.h:1460 [inline]
RIP: 0010:get_page include/linux/mm.h:1466 [inline]
RIP: 0010:iter_folioq_get_pages lib/iov_iter.c:1030 [inline]
RIP: 0010:__iov_iter_get_pages_alloc+0x1d1e/0x2240 lib/iov_iter.c:1201
Code: b0 8b 48 89 df e8 82 b1 48 fd 90 0f 0b 49 89 c5 e9 99 f6 ff ff e8 42 30 04 fd 48 c7 c6 00 b7 b0 8b 4c 89 e7 e8 63 b1 48 fd 90 <0f> 0b e8 2b 30 04 fd 4c 8b 64 24 48 49 83 ec 01 e9 94 fd ff ff 4c
RSP: 0018:ffffc90004276ec8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffc90004276d70
RDX: ffff888029128000 RSI: ffffffff8487a8ad RDI: ffff888029128444
RBP: ffffea0000e68174 R08: 0000000000000000 R09: fffffbfff203b333
R10: ffffffff901d999f R11: 0000000000000000 R12: ffffea0000e68140
R13: ffff88802c710800 R14: 0000000000001000 R15: 0000000000001000
FS:  0000000000000000(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa4675e2110 CR3: 000000000db7c000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

final repro crashed as (corrupted=false):
 __do_sys_exit_group kernel/exit.c:1042 [inline]
 __se_sys_exit_group kernel/exit.c:1040 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1040
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
------------[ cut here ]------------
kernel BUG at include/linux/mm.h:1460!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 3 UID: 0 PID: 5328 Comm: syz-executor424 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:folio_get include/linux/mm.h:1460 [inline]
RIP: 0010:get_page include/linux/mm.h:1466 [inline]
RIP: 0010:iter_folioq_get_pages lib/iov_iter.c:1030 [inline]
RIP: 0010:__iov_iter_get_pages_alloc+0x1d1e/0x2240 lib/iov_iter.c:1201
Code: b0 8b 48 89 df e8 82 b1 48 fd 90 0f 0b 49 89 c5 e9 99 f6 ff ff e8 42 30 04 fd 48 c7 c6 00 b7 b0 8b 4c 89 e7 e8 63 b1 48 fd 90 <0f> 0b e8 2b 30 04 fd 4c 8b 64 24 48 49 83 ec 01 e9 94 fd ff ff 4c
RSP: 0018:ffffc90004276ec8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffc90004276d70
RDX: ffff888029128000 RSI: ffffffff8487a8ad RDI: ffff888029128444
RBP: ffffea0000e68174 R08: 0000000000000000 R09: fffffbfff203b333
R10: ffffffff901d999f R11: 0000000000000000 R12: ffffea0000e68140
R13: ffff88802c710800 R14: 0000000000001000 R15: 0000000000001000
FS:  0000000000000000(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa4675e2110 CR3: 000000000db7c000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 iov_iter_get_pages_alloc2+0x53/0xf0 lib/iov_iter.c:1225
 p9_get_mapped_pages.part.0.constprop.0+0x4ca/0x7d0 net/9p/trans_virtio.c:333
 p9_get_mapped_pages net/9p/trans_virtio.c:318 [inline]
 p9_virtio_zc_request+0x1be/0x1390 net/9p/trans_virtio.c:439
 p9_client_zc_rpc.constprop.0+0x29a/0x880 net/9p/client.c:808
 p9_client_write+0x447/0x680 net/9p/client.c:1631
 v9fs_issue_write+0xe2/0x180 fs/9p/vfs_addr.c:59
 netfs_do_issue_write+0x92/0x110 fs/netfs/write_issue.c:223
 netfs_issue_write fs/netfs/write_issue.c:250 [inline]
 netfs_advance_write fs/netfs/write_issue.c:291 [inline]
 netfs_advance_write+0x384/0xbd0 fs/netfs/write_issue.c:259
 netfs_write_folio+0xc44/0x18f0 fs/netfs/write_issue.c:469
 netfs_writepages+0x2ba/0xb90 fs/netfs/write_issue.c:541
 do_writepages+0x1a3/0x7f0 mm/page-writeback.c:2683
 filemap_fdatawrite_wbc mm/filemap.c:397 [inline]
 filemap_fdatawrite_wbc+0x148/0x1c0 mm/filemap.c:387
 __filemap_fdatawrite_range+0xba/0x100 mm/filemap.c:430
 v9fs_dir_release+0x429/0x590 fs/9p/vfs_dir.c:219
 __fput+0x3f6/0xb60 fs/file_table.c:431
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xaa3/0x2bb0 kernel/exit.c:882
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1031
 __do_sys_exit_group kernel/exit.c:1042 [inline]
 __se_sys_exit_group kernel/exit.c:1040 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1040
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa467566c89
Code: Unable to access opcode bytes at 0x7fa467566c5f.
RSP: 002b:00007ffc50f57838 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa467566c89
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007fa4675e12b0 R08: ffffffffffffffb8 R09: 0000000000000006
R10: 0000000000000006 R11: 0000000000000246 R12: 00007fa4675e12b0
R13: 0000000000000000 R14: 00007fa4675e1d00 R15: 00007fa467537ed0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:folio_get include/linux/mm.h:1460 [inline]
RIP: 0010:get_page include/linux/mm.h:1466 [inline]
RIP: 0010:iter_folioq_get_pages lib/iov_iter.c:1030 [inline]
RIP: 0010:__iov_iter_get_pages_alloc+0x1d1e/0x2240 lib/iov_iter.c:1201
Code: b0 8b 48 89 df e8 82 b1 48 fd 90 0f 0b 49 89 c5 e9 99 f6 ff ff e8 42 30 04 fd 48 c7 c6 00 b7 b0 8b 4c 89 e7 e8 63 b1 48 fd 90 <0f> 0b e8 2b 30 04 fd 4c 8b 64 24 48 49 83 ec 01 e9 94 fd ff ff 4c
RSP: 0018:ffffc90004276ec8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffc90004276d70
RDX: ffff888029128000 RSI: ffffffff8487a8ad RDI: ffff888029128444
RBP: ffffea0000e68174 R08: 0000000000000000 R09: fffffbfff203b333
R10: ffffffff901d999f R11: 0000000000000000 R12: ffffea0000e68140
R13: ffff88802c710800 R14: 0000000000001000 R15: 0000000000001000
FS:  0000000000000000(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa4675e2110 CR3: 000000000db7c000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400