Extracting prog: 41m12.119611449s Minimizing prog: 1h38m27.63663081s Simplifying prog options: 12m13.609480684s Extracting C: 5m14.04134758s Simplifying C: 0s extracting reproducer from 67 programs testing a last program of every proc single: executing 17 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$ax25-listen-socket$kcm-sendmsg$kcm-ioctl$NILFS_IOCTL_CHANGE_CPMODE detailed listing: executing program 0: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x7) listen(r0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000580)="6700000011008188040f56ecdb4cb9cca7480ef436000000e3bd6efb440009000e000a0010000000ba80010000005a8c3774fa0af3dc59a933c1e7a6d3361d83b20000319cdf5656826edaaa11032701c61ec666d482078ccebcb9a4f187f7a4e98f09cdc2649f", 0x67}], 0x1}, 0x0) ioctl$NILFS_IOCTL_CHANGE_CPMODE(r0, 0x40106e80, &(0x7f0000000000)={0x0, 0x1}) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-fcntl$setlease-set_mempolicy-syz_open_dev$dvb_frontend-ioctl$FE_SET_PROPERTY-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-socket$vsock_stream-socket$nl_generic-sendmsg$nl_generic-syz_create_resource$binfmt-openat$binfmt detailed listing: executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r0, 0x400, 0x0) (async) set_mempolicy(0x2, &(0x7f0000000280)=0x4, 0x9) (async) r1 = syz_open_dev$dvb_frontend(&(0x7f00000000c0), 0x0, 0x40002) ioctl$FE_SET_PROPERTY(r1, 0x40106f52, &(0x7f00000001c0)={0x3b, &(0x7f0000000500)=[{0x20, '\x00', @data=0x48af, 0x6}, {0x8, '\x00', @st={0x4, [{0x2, @uvalue=0xffffffffffffff01}, {0x0, @svalue=0x3}, {0x2, @svalue=0x7}, {0x0, @svalue=0x6}]}, 0x4cd}, {0x2a, '\x00', @data=0x80000000, 0x4}, {0x1, '\x00', @st={0x4, [{0x0, @svalue=0x2}, {0x1, @svalue=0xfffffffffffffffc}, {0x1, @svalue=0xff}, {0x1, @uvalue=0x1a0815d}]}, 0x3}]}) (async) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x4}]}) socket$vsock_stream(0x28, 0x1, 0x0) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x38, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x1c, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x8, 0x15, 0x0, 0x0, @uid}, @typed={0x8, 0x9, 0x0, 0x0, @fd}]}, @nested={0x4, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x48815}, 0xc000) (async) r3 = syz_create_resource$binfmt(&(0x7f0000000080)='./file1\x00') openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmmsg$inet6-openat$kvm-ioctl$KVM_CREATE_VM-socket$alg-bind$alg-setsockopt$ALG_SET_KEY-accept4-sendmsg$NFT_BATCH-sendmmsg$alg-recvmsg-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-pwritev-syz_usb_connect-syz_usb_control_io$cdc_ncm-syz_kvm_setup_cpu$x86-ioctl$KVM_RUN detailed listing: executing program 0: sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x188}}], 0x1, 0x810) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x8042, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) r5 = syz_usb_connect(0x3, 0x8b3, &(0x7f0000000b40)=ANY=[@ANYBLOB="120110018e776c003d20a114881d010203010902a108020df300060904270701ac912903fc00934542c71d245b943e6572a479fe9bf310c20fcb0e1c286a3f36d0a3236a14309c4eca848dbb076743f6894102fad6053649eaa74fb3b247474e7f94e7e8c91aa8ce32210ad860b847966f4579bef98284a8665726e25474542f410dbd126b2eaaffa6119a0d76a04f7c0704da0d762c100dea35eb7fb027338c40030ba0515409f0c57edaca0535754af4d99955ccb26e80d11ef6fd8c0796a5c328e6da2e8270a1d54c0d7fd49de1b8a7279967dc610a048dac152475b8a74f5be0611da6ba3aac1b66fe10e331645f8a0c21741b4d0559300659cb2198bca50de8578cc9bd8accf2421f38cfa88d38c5c77d2049961a637f3fb7e13b124f8309050c08ff03b8007fd70d9e1276ca403540bf320b520c4b3ff42ee8660cc6ae9e502ab425a27f2b6e97c0db20d5890b6003fbfa8471d3bc5d264cfa3bf2af0fe7fa6878092c049267c67f267b7047a0583227e08b991f76401c45c368e7a9be87aaea886f9f581c09a239c690f1229c6918a468bf503ce3eb285781933bd9c9ecdc3852f3b75e0a8b8bb6a9b7d4a701f4e3338ef33323c7b768b561412d14a9534d73a22f82572ec637316d2dccc6b1a6c328129764e4bf8148a18144d69cc47ba40e1f8dfc7fddecb6c597cf894bcb80b82ff724cb126d9da68e4d5b194ccf0904200310f7fd6d0209210004920122a8040905010008029b7ff80725010c040c0007250104fe0700090502080002730307252322603ad805c9fadd6eadffe7ea62bb1d6130689300747075ba36b64fc86fb5789532afa90f4b761893597a80ffe2338ef87f1b412232aca690b7dc38720771fe398c33b6225362cd9a51833ab3e2b5e25a0b6f27666d1c96caa01e99e79f4b657a4afeb093da072e7044c5e7d24f3985a0855e3641f1c10a8fe12412201854bd66a09dc75aa071fb23ebd3156bcb3f095b6065aeeeed69c089a27883d4b90045315f6db86c8c47317474672a1801a84c8c307f214c5b6ce301aacdbfebbc81eb2fbd1015373d2bb6410f4283090509002000040505bc04707518db0d7b2fb99b74bed4ae9c8318dc882ef4d7a6ff6bdd82bd5cfef81ce4acabc127212969e9f197fa49b686da3a959893dc37f5e0b2279668c8e7a075be49b56d4e4d83a7e1aaf534a03e4403f09e3a4f979ab9e1d113544810a95b44f8c34354ea62e3b5495d2c2cb9768ad62d6a41c06ee6c218de3b151d8aaed3ac8c1bc3131ce20060f1c1eeb081bdb8671754a6684cd7b6cb640eb772b0520a36a985fc143eaf421f0b313d3577c8faf2a2674b1cf61225fd7e783907250100040500090575004000ff01050725010c0b03000905000320001e03010725010c080900bb0b3024524059880d977d1978573874f0f264329af02623e7e5073a7499c3d1b2259910885dbedf8be5cfba94a01256f1e052a56f307e0bf3247a35bbe5c1da830f50453209961cfd8c3d31590fe29d34c0e84a1ba7f2692edfb136281c7868a7abca9620e083428329f452015ac3ab67d9820afc3eb74a4ae29fe86718d9fd10b548298c8b7c3e1b8436a0716665726efed786fb02aed5584aa627663a8c6b9a0e04d55fdbb910f30446b8e18782961bb4495b029bc9aabdc12409050c10ff030803051b02b1ae96f6bd54096b5e1333805e2e92851f4b67fd3af0e823310725010cf6630009050c00080008020c112454a4c0dd35c35aadcaafb50041f24909050f0810000002663d24e82c09cf9ffe1073b236959ecdf8f17742d5a93b6da19c79c14fff2f56849a7a39a249eaec5259c5f184d18440816f6e988327b0c39f9ab84e11d109050300200002ff097423260efbc31a2215fdb012bb56316b11706f82c5eaf8c5495f264d81dbb852a71735df467755d83abefff2f0686765f4d5d941ea213b72b36b9c5d005e58be2d6caa21b70c4cca479d0a802858ecf58715080e9bec17c0137f3dfcac1467b04c3ad148ca034c129a31891b71c8dc3759d9b436090508101000a20902d73166be8f97d7fbda45d92db69337e9c79961a48ff718c96d09fc3082f0db81c59820fc10f4742ab2c8ab0ce3e7ff2c4ef342e8f2ce0b227affcf361f63246efca29ef8fb1aee82ccbfa1c7a866c5e48387e4d3f6033b5ff9c84fe1a962e7bf734a4eb9932c4fecffc85923837bede11d08d73246cbb4fd01ef0e75149c1733ca45d99f47d3708696a60ff42b4f6a344737ad49838a8daaf1bd5d458003c07349c3d452cb217859f91b922272a4d18e68b5f75f9b28027bef90b67076139208a806567beae46050cc2cb0e7540439b1ea391fc25d5533090507004000000e0607250108047f054609313f858e7320af80cccd94fcfab952f9748ede5fa0cd88fee2ee70d1eef9ed5ac931db91f968741e769777ef23c9ce73a6e1d03e95c9dc03f484db3b299f459451abf07009050610080001000507250104040a0009050500200008cde34c0b99cc402be2767d5f33f74b601b444a63ebe7565a9ebc0bc94e4653a1fd8c798b992990b8bac2adad55f6d1c04ef19bdf1a4d98d738bafb7baffd4bfe14b59af5fd0090db3ecf887a93116a0e390b7a2c46df61d4b4c316b8c06106b8fea14cc852f0c69e687e13171d5746a2f25eac2de1354448358b9ac478daf1f9d156a36faacba72ac7ae23ed4b6cc58fd9e8fd862cf56db3f535eb61277fc75fbbd64fe60a6f4e6cfda3edd9a534c815710e162781731fe409050f08ff03060a0807250104ff030009050110000407e00407250104070008090500104000105c22cf2277d0421dea4a4e95cf85813e85095aef085c5a359db5704a54af909baaf2ed0ad80e1b48adc3f3ccee02dac86ee1ddc34579872ed4f40e6005f8c8b23651176a942efb6c2291f78c2b7d6f8a37690d7da3ae3aea3eaccd45b177b69dc7b249e2b396d9dffb3a34ac06d08429d43d86a8f6e9009d98e05e2b5bd053b720c2c37179d52d5f34a7e9c5f2dbe3bb7d6ed9373271a98d35318f14ff7663a1879bdb8f52104fc1c5652f6fe5f5885afe9e8d2a20b76b542dac94c83b77445bf71edddd308913a2b917651eedff08d01c07250100b02501"], &(0x7f0000000540)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x200, 0x3, 0x1, 0x3, 0x40, 0x2}, 0x6b, &(0x7f0000000300)=ANY=[@ANYBLOB="050f6b00060b10010870000307ff7f4e14100a08021000000ff0060030000000000000000b1001088023447ebe2a418491f285a5d69a10100a0c610000000f0005003000000018100a0223000000000001fc30000000c000ff0080010000"], 0x4, [{0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x430}}, {0xf5, &(0x7f0000000600)=@string={0xf5, 0x3, "d572e7610b1be44e401093ef4a74b575160d231a840d4069292473c1695ea05d3fba92e7d16ad105f005c5193025464dca28a98116c9d4d79eee97520863e41ecf029979803baee42162fb782f347208b594f25b5875d12693e4b99aa8fba4b425d605f9544524fef49423bc69ec8ee6e458899058141ca9231ee246d3f7d34d8f382b634202fb8445676c36c246dd7f56b2b1e4f941d75a969528be7080fe14169d62c6c5e1aaf4820e4347120be127304b74b45d6e0ce8e29295161f8d1f56f7bb0145e8f196f6bb4e5a89ad161e78ca7ab9c43c6bdaa1756dd59555f86863ef54947b4f18d1feeac9384183539cdc57a92b"}}, {0xbc, &(0x7f0000000780)=@string={0xbc, 0x3, "f7b2598797e9a2f916606fd65906a16595183cc270c0f2453dae6a3a23d84f76db6d1dedc3785e176f8c7c2b11198cdd5d413fb4d492feb62b901b8fb4a03b062651833a1736bf9db3fa5b51d10a16b5107a96ec0573f26d6aceae4d34a2da3e26dbd846bee5906712a6c2ed76694940a7baa3b74b520c5a9db17af39b4f97e01627a1b2bd0f0c0a5d50daf4b75b8504eb4a616c07632c7608e2a986960e50a612397ae62d07b559a57ddb79cdac9fb7df87b86ee144395a8684"}}, {0xc1, &(0x7f0000000880)=@string={0xc1, 0x3, "3ecce429361ad59f5b3ac8676cf4f8355c9f3dc1505871a1bf5964b56bfb2978fe54209fac981a375779c2c9aa7a32e85fb0585fa0ae5927487e0e39899c069b0d31d1c48d2d09386dd71a0c5a8fe3a306dd3ca915e33ad7455e7f6ba08743c628202d47ab00d8f19fdc60ca16d652455903203f899eb9cda8a5823f15f060269a08cd5e50515ee33924d042c68ad8070f52841d965c8c4f87badc1a6e6b6bdba19164a7ca9e73f682f443dcb610584f86297f366fc791339b057e1fcadd72"}}]}) syz_usb_control_io$cdc_ncm(r5, &(0x7f0000000a40)={0x14, &(0x7f0000000980)={0x20, 0x6, 0x86, {0x86, 0x8, "9dd11bedbbe3e3555ad486f95b0b812f5ca2dae2b4756b474b460a7b2307d1bc34c87435f2166179be0e396f36d2427dc64ac4415316dde8ee805c8a39c16bd03cc0794df383c12e411f21f0fd4c0c5105c35ca3972b69740ce89ce1cf3d2b738399880be35b6015d6cf757a8e7473bfba46ee885e1fd9265d94ab9c4f61e74602b3df07"}}, &(0x7f0000000700)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000001580)={0x44, &(0x7f0000000a80)={0x0, 0x10, 0x4, "ce3f2c03"}, &(0x7f0000000ac0)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000001400)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000001440)={0x20, 0x80, 0x1c, {0x2c3, 0xe9f, 0xdefc, 0x2c06, 0x0, 0x7, 0x1, 0x4, 0x5, 0xfff5, 0x9, 0x9}}, &(0x7f0000001480)={0x20, 0x85, 0x4, 0x8}, &(0x7f00000014c0)={0x20, 0x83, 0x2}, &(0x7f0000001500)={0x20, 0x87, 0x2, 0x7}, &(0x7f0000001540)={0x20, 0x89, 0x2}}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sw_sync-close-syz_usb_connect detailed listing: executing program 0: r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0) close(r0) syz_usb_connect(0x0, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB="120100001b3ebd40d80483009c830102030109022900010000000009042900000202010005"], 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$vnet-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-setsockopt$inet6_group_source_req-ioctl$VHOST_SET_FEATURES-write$vhost_msg-write$vhost_msg-write$vhost_msg_v2-prctl$PR_MCE_KILL-write$vhost_msg-write$vhost_msg_v2 detailed listing: executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310) setsockopt$inet6_group_source_req(r1, 0x29, 0x2c, &(0x7f0000000300)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x108) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000) write$vhost_msg(r0, &(0x7f0000000100)={0x1, {&(0x7f00000007c0)=""/194, 0xc2, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg(r0, &(0x7f0000000080)={0x1, {&(0x7f0000000040)=""/62, 0x3e, 0x0, 0x1, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000002b00)={0x2, 0x0, {&(0x7f00000003c0)=""/14, 0xe, 0x0, 0x2, 0x2}}, 0x48) prctl$PR_MCE_KILL(0x48, 0x0, 0x0) write$vhost_msg(r0, &(0x7f0000000640)={0x1, {&(0x7f0000000400)=""/234, 0xfede, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {0x0, 0x0, 0x0, 0x2, 0x3}}, 0x48) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$vnet-socket$inet6-setsockopt$inet6_MCAST_JOIN_GROUP-setsockopt$inet6_MCAST_MSFILTER-setsockopt$inet6_group_source_req-ioctl$VHOST_SET_FEATURES-write$vhost_msg-write$vhost_msg-write$vhost_msg_v2-prctl$PR_MCE_KILL-write$vhost_msg-write$vhost_msg_v2 detailed listing: executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) r1 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310) setsockopt$inet6_group_source_req(r1, 0x29, 0x2c, &(0x7f0000000300)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x108) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000) write$vhost_msg(r0, &(0x7f0000000100)={0x1, {&(0x7f00000007c0)=""/194, 0xc2, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg(r0, &(0x7f0000000080)={0x1, {&(0x7f0000000040)=""/62, 0x3e, 0x0, 0x1, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000002b00)={0x2, 0x0, {&(0x7f00000003c0)=""/14, 0xe, 0x0, 0x2, 0x2}}, 0x48) prctl$PR_MCE_KILL(0x48, 0x0, 0x0) write$vhost_msg(r0, &(0x7f0000000640)={0x1, {&(0x7f0000000400)=""/234, 0xfede, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x0, {0x0, 0x0, 0x0, 0x2, 0x3}}, 0x48) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read-socket$inet6_mptcp-openat$sequencer-write$P9_RSTATu-socket-connect$tipc-shutdown-openat$cgroup_ro-ioctl$FS_IOC_SETFLAGS-openat$cgroup_ro-sendmsg$NL80211_CMD_GET_MESH_CONFIG-syz_genetlink_get_family_id$nl80211-getsockopt$inet6_tcp_buf-syz_usb_connect-socket$nl_netfilter detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 32) r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) (rerun: 32) write$P9_RSTATu(r7, &(0x7f0000000580)={0x208, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) r8 = socket(0x1e, 0x1, 0x0) connect$tipc(r8, &(0x7f0000000040)=@id, 0x10) shutdown(r8, 0x2) (async) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r9, 0x40086602, &(0x7f0000000080)=0x20) (async, rerun: 32) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) (rerun: 32) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r8, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="14d436cf4c93105f8bdae6ec7db54bf3ff", @ANYRES16=0x0, @ANYBLOB="000125bd7000fcdbdf251c000000"], 0x14}, 0x1, 0x0, 0x0, 0x20004004}, 0x20000000) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r8) (async) getsockopt$inet6_tcp_buf(r6, 0x11c, 0x2, 0xffffffffffffffff, &(0x7f0000000040)=0x10) syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYRESOCT=r0, @ANYBLOB="55932cb64154ae309c3ae6d99430070d7f9903fac03688b06ced0a031ee72740d08b40d7eb4acf4e7646739510f431231fcd21f7452b515f9e2f4dc2081540c7b6c849aa413f1bd2b3aab7aa30f5d50cd25f0ed2308e81f994d7ed3e6444ec217b59a4e1dd", @ANYRESOCT=r1, @ANYRES64, @ANYBLOB="5658366358886fd7065b383588dcdeee8057ff49e984a483f1c6aec46bb977600063b09035a160d2ac1f4b49a9fda53bea495734751e823fb1132de708b938ce622b980007898298dc8b491fef67886dd75a6309b85f9edb58ab3513e3ef5a09664afe68254b8e9103a95e28597e763e181348e19827e50e5f6ffa356c6dfb0a1d1d45941760514e7be18266bb6d7a8d181c744fa77bc9a293fa3a99c6cbba09df48be14fd7d130ba0ad094ab51ce9ce8b89b64ecec80137421b5618"], 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) program crashed: general protection fault in rwsem_mark_wake single: successfully extracted reproducer found reproducer with 28 syscalls minimizing guilty program testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read-socket$inet6_mptcp-openat$sequencer-write$P9_RSTATu-socket-connect$tipc-shutdown-openat$cgroup_ro-ioctl$FS_IOC_SETFLAGS-openat$cgroup_ro-sendmsg$NL80211_CMD_GET_MESH_CONFIG-syz_genetlink_get_family_id$nl80211-getsockopt$inet6_tcp_buf-syz_usb_connect detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 32) r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) (rerun: 32) write$P9_RSTATu(r7, &(0x7f0000000580)={0x208, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) r8 = socket(0x1e, 0x1, 0x0) connect$tipc(r8, &(0x7f0000000040)=@id, 0x10) shutdown(r8, 0x2) (async) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r9, 0x40086602, &(0x7f0000000080)=0x20) (async, rerun: 32) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) (rerun: 32) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r8, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="14d436cf4c93105f8bdae6ec7db54bf3ff", @ANYRES16=0x0, @ANYBLOB="000125bd7000fcdbdf251c000000"], 0x14}, 0x1, 0x0, 0x0, 0x20004004}, 0x20000000) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r8) (async) getsockopt$inet6_tcp_buf(r6, 0x11c, 0x2, 0xffffffffffffffff, &(0x7f0000000040)=0x10) syz_usb_connect(0x2, 0x2d, &(0x7f0000000280)=ANY=[@ANYRESOCT=r0, @ANYBLOB="55932cb64154ae309c3ae6d99430070d7f9903fac03688b06ced0a031ee72740d08b40d7eb4acf4e7646739510f431231fcd21f7452b515f9e2f4dc2081540c7b6c849aa413f1bd2b3aab7aa30f5d50cd25f0ed2308e81f994d7ed3e6444ec217b59a4e1dd", @ANYRESOCT=r1, @ANYRES64, @ANYBLOB="5658366358886fd7065b383588dcdeee8057ff49e984a483f1c6aec46bb977600063b09035a160d2ac1f4b49a9fda53bea495734751e823fb1132de708b938ce622b980007898298dc8b491fef67886dd75a6309b85f9edb58ab3513e3ef5a09664afe68254b8e9103a95e28597e763e181348e19827e50e5f6ffa356c6dfb0a1d1d45941760514e7be18266bb6d7a8d181c744fa77bc9a293fa3a99c6cbba09df48be14fd7d130ba0ad094ab51ce9ce8b89b64ecec80137421b5618"], 0x0) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read-socket$inet6_mptcp-openat$sequencer-write$P9_RSTATu-socket-connect$tipc-shutdown-openat$cgroup_ro-ioctl$FS_IOC_SETFLAGS-openat$cgroup_ro-sendmsg$NL80211_CMD_GET_MESH_CONFIG-syz_genetlink_get_family_id$nl80211-getsockopt$inet6_tcp_buf detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 32) r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) (rerun: 32) write$P9_RSTATu(r7, &(0x7f0000000580)={0x208, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) r8 = socket(0x1e, 0x1, 0x0) connect$tipc(r8, &(0x7f0000000040)=@id, 0x10) shutdown(r8, 0x2) (async) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r9, 0x40086602, &(0x7f0000000080)=0x20) (async, rerun: 32) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) (rerun: 32) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r8, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="14d436cf4c93105f8bdae6ec7db54bf3ff", @ANYRES16=0x0, @ANYBLOB="000125bd7000fcdbdf251c000000"], 0x14}, 0x1, 0x0, 0x0, 0x20004004}, 0x20000000) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r8) (async) getsockopt$inet6_tcp_buf(r6, 0x11c, 0x2, 0xffffffffffffffff, &(0x7f0000000040)=0x10) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read-socket$inet6_mptcp-openat$sequencer-write$P9_RSTATu-socket-connect$tipc-shutdown-openat$cgroup_ro-ioctl$FS_IOC_SETFLAGS-openat$cgroup_ro-sendmsg$NL80211_CMD_GET_MESH_CONFIG-syz_genetlink_get_family_id$nl80211 detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 32) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) (rerun: 32) write$P9_RSTATu(r6, &(0x7f0000000580)={0x208, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) r7 = socket(0x1e, 0x1, 0x0) connect$tipc(r7, &(0x7f0000000040)=@id, 0x10) shutdown(r7, 0x2) (async) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r8, 0x40086602, &(0x7f0000000080)=0x20) (async, rerun: 32) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) (rerun: 32) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r7, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="14d436cf4c93105f8bdae6ec7db54bf3ff", @ANYRES16=0x0, @ANYBLOB="000125bd7000fcdbdf251c000000"], 0x14}, 0x1, 0x0, 0x0, 0x20004004}, 0x20000000) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r7) (async) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read-socket$inet6_mptcp-openat$sequencer-write$P9_RSTATu-socket-connect$tipc-shutdown-openat$cgroup_ro-ioctl$FS_IOC_SETFLAGS-openat$cgroup_ro-sendmsg$NL80211_CMD_GET_MESH_CONFIG detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 32) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) (rerun: 32) write$P9_RSTATu(r6, &(0x7f0000000580)={0x208, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) r7 = socket(0x1e, 0x1, 0x0) connect$tipc(r7, &(0x7f0000000040)=@id, 0x10) shutdown(r7, 0x2) (async) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r8, 0x40086602, &(0x7f0000000080)=0x20) (async, rerun: 32) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) (rerun: 32) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r7, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="14d436cf4c93105f8bdae6ec7db54bf3ff", @ANYRES16=0x0, @ANYBLOB="000125bd7000fcdbdf251c000000"], 0x14}, 0x1, 0x0, 0x0, 0x20004004}, 0x20000000) (async) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read-socket$inet6_mptcp-openat$sequencer-write$P9_RSTATu-socket-connect$tipc-shutdown-openat$cgroup_ro-ioctl$FS_IOC_SETFLAGS-openat$cgroup_ro detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 32) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) (rerun: 32) write$P9_RSTATu(r6, &(0x7f0000000580)={0x208, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) r7 = socket(0x1e, 0x1, 0x0) connect$tipc(r7, &(0x7f0000000040)=@id, 0x10) shutdown(r7, 0x2) (async) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r8, 0x40086602, &(0x7f0000000080)=0x20) (async, rerun: 32) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) (rerun: 32) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read-socket$inet6_mptcp-openat$sequencer-write$P9_RSTATu-socket-connect$tipc-shutdown-openat$cgroup_ro-ioctl$FS_IOC_SETFLAGS detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 32) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) (rerun: 32) write$P9_RSTATu(r6, &(0x7f0000000580)={0x208, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) r7 = socket(0x1e, 0x1, 0x0) connect$tipc(r7, &(0x7f0000000040)=@id, 0x10) shutdown(r7, 0x2) (async) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r8, 0x40086602, &(0x7f0000000080)=0x20) (async, rerun: 32) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read-socket$inet6_mptcp-openat$sequencer-write$P9_RSTATu-socket-connect$tipc-shutdown-openat$cgroup_ro detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 32) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) (rerun: 32) write$P9_RSTATu(r6, &(0x7f0000000580)={0x208, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) r7 = socket(0x1e, 0x1, 0x0) connect$tipc(r7, &(0x7f0000000040)=@id, 0x10) shutdown(r7, 0x2) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read-socket$inet6_mptcp-openat$sequencer-write$P9_RSTATu-socket-connect$tipc-shutdown detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 32) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) (rerun: 32) write$P9_RSTATu(r6, &(0x7f0000000580)={0x208, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) r7 = socket(0x1e, 0x1, 0x0) connect$tipc(r7, &(0x7f0000000040)=@id, 0x10) shutdown(r7, 0x2) (async) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read-socket$inet6_mptcp-openat$sequencer-write$P9_RSTATu-socket-connect$tipc detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 32) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) (rerun: 32) write$P9_RSTATu(r6, &(0x7f0000000580)={0x208, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) r7 = socket(0x1e, 0x1, 0x0) connect$tipc(r7, &(0x7f0000000040)=@id, 0x10) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read-socket$inet6_mptcp-openat$sequencer-write$P9_RSTATu-socket detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 32) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) (rerun: 32) write$P9_RSTATu(r6, &(0x7f0000000580)={0x208, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) socket(0x1e, 0x1, 0x0) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read-socket$inet6_mptcp-openat$sequencer-write$P9_RSTATu detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 32) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) (rerun: 32) write$P9_RSTATu(r6, &(0x7f0000000580)={0x208, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read-socket$inet6_mptcp-openat$sequencer detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 32) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x8042, 0x0) (rerun: 32) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read-socket$inet6_mptcp detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) (async, rerun: 32) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT-read detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) r5 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) read(r5, 0x0, 0x0) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset-ioctl$VIDIOC_SUBSCRIBE_EVENT detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000200)={0x3, 0x2, 0x2}) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise-landlock_create_ruleset detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise-madvise detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap-madvise detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup-mmap detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) r4 = dup(r3) mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0) (async) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb-dup detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) dup(r3) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap-openat$nullb detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-syz_genetlink_get_family_id$nl80211 detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) (async, rerun: 64) program crashed: lost connection to test machine suppressed program crash: lost connection to test machine testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-setsockopt$inet_int-mmap detailed listing: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0x40045612, &(0x7f0000000080)={0xa}) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000000)=0xffffffff, 0x4) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-ioctl$VIDIOC_EXPBUF-syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: socket$inet_udp(0x2, 0x2, 0x0) (async) r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r0, 0x40045612, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, 0xffffffffffffffff}) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-openat$vimc2-syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: socket$inet_udp(0x2, 0x2, 0x0) (async) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: socket$inet_udp(0x2, 0x2, 0x0) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) (rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (async, rerun: 64) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) (rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (rerun: 64) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) (rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-mmap program crashed: no output from test machine a never seen crash title: no output from test machine, ignore simplifying guilty program options testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) (rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (rerun: 64) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) (rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (rerun: 64) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) (rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (rerun: 64) program crashed: general protection fault in rwsem_mark_wake validation run: crashed=true testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) (rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (rerun: 64) program crashed: general protection fault in rwsem_mark_wake validation run: crashed=true testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-mmap detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) (rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) (rerun: 64) program crashed: general protection fault in rwsem_mark_wake validation run: crashed=true reproducing took 2h42m40.364953495s repro crashed as (corrupted=false): Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 1 UID: 0 PID: 6098 Comm: syz.0.22 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 RIP: 0010:rwsem_mark_wake+0xfa/0x7c0 kernel/locking/rwsem.c:445 Code: 01 00 74 08 4c 89 f7 e8 74 d8 8d 00 4c 89 74 24 10 4d 8b 26 4d 8d 74 24 18 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 75 06 00 00 41 83 3e 00 74 64 4c 89 ef be RSP: 0018:ffffc900035d7960 EFLAGS: 00010006 RAX: 0000000000000003 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 1ffff920006baf38 RSI: ffffffff8e4d2edc RDI: ffffffff8c4a8700 RBP: ffffc900035d7a60 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffff520006baf48 R12: 0000000000000000 R13: ffff88807ea6a850 R14: 0000000000000018 R15: ffffc900035d7be0 FS: 00007f8b468046c0(0000) GS:ffff888124ee1000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f87a1aa8e9c CR3: 00000000768b6000 CR4: 00000000003526f0 Call Trace: rwsem_del_wake_waiter+0x25d/0x2e0 kernel/locking/rwsem.c:612 rwsem_down_write_slowpath+0xa6f/0x1080 kernel/locking/rwsem.c:1234 __down_write_common kernel/locking/rwsem.c:1347 [inline] __down_write_killable kernel/locking/rwsem.c:1361 [inline] down_write_killable+0x1eb/0x240 kernel/locking/rwsem.c:1639 mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline] __vm_munmap+0x163/0x3d0 mm/vma.c:3249 __do_sys_munmap mm/mmap.c:1078 [inline] __se_sys_munmap mm/mmap.c:1075 [inline] __x64_sys_munmap+0x60/0x70 mm/mmap.c:1075 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f8b4599c5c7 Code: 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f8b46802d18 EFLAGS: 00000206 ORIG_RAX: 000000000000000b RAX: ffffffffffffffda RBX: 00007f8b40000000 RCX: 00007f8b4599c5c7 RDX: 0000000000000000 RSI: 0000000003200000 RDI: 00007f8b3ce00000 RBP: 0000000000021000 R08: 00000000ffffffff R09: 0000000000000000 R10: 0000000000000022 R11: 0000000000000206 R12: 0000000004000000 R13: 0000000000001000 R14: 00007f8b44000000 R15: 0000000003200000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:rwsem_mark_wake+0xfa/0x7c0 kernel/locking/rwsem.c:445 Code: 01 00 74 08 4c 89 f7 e8 74 d8 8d 00 4c 89 74 24 10 4d 8b 26 4d 8d 74 24 18 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 75 06 00 00 41 83 3e 00 74 64 4c 89 ef be RSP: 0018:ffffc900035d7960 EFLAGS: 00010006 RAX: 0000000000000003 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 1ffff920006baf38 RSI: ffffffff8e4d2edc RDI: ffffffff8c4a8700 RBP: ffffc900035d7a60 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffff520006baf48 R12: 0000000000000000 R13: ffff88807ea6a850 R14: 0000000000000018 R15: ffffc900035d7be0 FS: 00007f8b468046c0(0000) GS:ffff888124ee1000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f87a1aa8e9c CR3: 00000000768b6000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 01 00 add %eax,(%rax) 2: 74 08 je 0xc 4: 4c 89 f7 mov %r14,%rdi 7: e8 74 d8 8d 00 call 0x8dd880 c: 4c 89 74 24 10 mov %r14,0x10(%rsp) 11: 4d 8b 26 mov (%r14),%r12 14: 4d 8d 74 24 18 lea 0x18(%r12),%r14 19: 4c 89 f0 mov %r14,%rax 1c: 48 c1 e8 03 shr $0x3,%rax 20: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx 27: fc ff df * 2a: 0f b6 04 08 movzbl (%rax,%rcx,1),%eax <-- trapping instruction 2e: 84 c0 test %al,%al 30: 0f 85 75 06 00 00 jne 0x6ab 36: 41 83 3e 00 cmpl $0x0,(%r14) 3a: 74 64 je 0xa0 3c: 4c 89 ef mov %r13,%rdi 3f: be .byte 0xbe final repro crashed as (corrupted=false): Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 1 UID: 0 PID: 6098 Comm: syz.0.22 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 RIP: 0010:rwsem_mark_wake+0xfa/0x7c0 kernel/locking/rwsem.c:445 Code: 01 00 74 08 4c 89 f7 e8 74 d8 8d 00 4c 89 74 24 10 4d 8b 26 4d 8d 74 24 18 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 75 06 00 00 41 83 3e 00 74 64 4c 89 ef be RSP: 0018:ffffc900035d7960 EFLAGS: 00010006 RAX: 0000000000000003 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 1ffff920006baf38 RSI: ffffffff8e4d2edc RDI: ffffffff8c4a8700 RBP: ffffc900035d7a60 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffff520006baf48 R12: 0000000000000000 R13: ffff88807ea6a850 R14: 0000000000000018 R15: ffffc900035d7be0 FS: 00007f8b468046c0(0000) GS:ffff888124ee1000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f87a1aa8e9c CR3: 00000000768b6000 CR4: 00000000003526f0 Call Trace: rwsem_del_wake_waiter+0x25d/0x2e0 kernel/locking/rwsem.c:612 rwsem_down_write_slowpath+0xa6f/0x1080 kernel/locking/rwsem.c:1234 __down_write_common kernel/locking/rwsem.c:1347 [inline] __down_write_killable kernel/locking/rwsem.c:1361 [inline] down_write_killable+0x1eb/0x240 kernel/locking/rwsem.c:1639 mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline] __vm_munmap+0x163/0x3d0 mm/vma.c:3249 __do_sys_munmap mm/mmap.c:1078 [inline] __se_sys_munmap mm/mmap.c:1075 [inline] __x64_sys_munmap+0x60/0x70 mm/mmap.c:1075 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f8b4599c5c7 Code: 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f8b46802d18 EFLAGS: 00000206 ORIG_RAX: 000000000000000b RAX: ffffffffffffffda RBX: 00007f8b40000000 RCX: 00007f8b4599c5c7 RDX: 0000000000000000 RSI: 0000000003200000 RDI: 00007f8b3ce00000 RBP: 0000000000021000 R08: 00000000ffffffff R09: 0000000000000000 R10: 0000000000000022 R11: 0000000000000206 R12: 0000000004000000 R13: 0000000000001000 R14: 00007f8b44000000 R15: 0000000003200000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:rwsem_mark_wake+0xfa/0x7c0 kernel/locking/rwsem.c:445 Code: 01 00 74 08 4c 89 f7 e8 74 d8 8d 00 4c 89 74 24 10 4d 8b 26 4d 8d 74 24 18 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 75 06 00 00 41 83 3e 00 74 64 4c 89 ef be RSP: 0018:ffffc900035d7960 EFLAGS: 00010006 RAX: 0000000000000003 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 1ffff920006baf38 RSI: ffffffff8e4d2edc RDI: ffffffff8c4a8700 RBP: ffffc900035d7a60 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffff520006baf48 R12: 0000000000000000 R13: ffff88807ea6a850 R14: 0000000000000018 R15: ffffc900035d7be0 FS: 00007f8b468046c0(0000) GS:ffff888124ee1000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f87a1aa8e9c CR3: 00000000768b6000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 01 00 add %eax,(%rax) 2: 74 08 je 0xc 4: 4c 89 f7 mov %r14,%rdi 7: e8 74 d8 8d 00 call 0x8dd880 c: 4c 89 74 24 10 mov %r14,0x10(%rsp) 11: 4d 8b 26 mov (%r14),%r12 14: 4d 8d 74 24 18 lea 0x18(%r12),%r14 19: 4c 89 f0 mov %r14,%rax 1c: 48 c1 e8 03 shr $0x3,%rax 20: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx 27: fc ff df * 2a: 0f b6 04 08 movzbl (%rax,%rcx,1),%eax <-- trapping instruction 2e: 84 c0 test %al,%al 30: 0f 85 75 06 00 00 jne 0x6ab 36: 41 83 3e 00 cmpl $0x0,(%r14) 3a: 74 64 je 0xa0 3c: 4c 89 ef mov %r13,%rdi 3f: be .byte 0xbe