Extracting prog: 14m38.257909722s
Minimizing prog: 1h33m12.44928952s
Simplifying prog options: 0s
Extracting C: 1m0.908701s
Simplifying C: 17m57.309832911s


extracting reproducer from 45 programs
testing a last program of every proc
single: executing 10 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-syz_usb_connect-syz_usb_connect$cdc_ecm-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-connect$unix-sendmmsg$unix-recvmmsg-syz_open_dev$dri-syz_open_dev$dri-syz_open_dev$dri-prctl$PR_SET_MM-brk-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD-ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE-sendmsg$nl_xfrm-close_range
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x56, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x3ffffffffffffffd, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
brk(0x400000ffc020)
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000003c0)={0x0, 0xffffffffffffff53, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r4, 0x800000, 0x0, 0x0, 0x0, [<r5=>0x0], [0x0, 0x0, 0x0, 0xffffffff], [0x1000, 0x0, 0x0, 0xfffffffc], [0x1, 0x7]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f00000001c0)={r5, 0x80000, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, r6})
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-syz_open_procfs-recvmmsg-sched_setaffinity-bpf$MAP_CREATE_CONST_STR-bpf$MAP_CREATE_RINGBUF-bpf$PROG_LOAD-bpf$MAP_CREATE-bpf$PROG_LOAD-syz_clone-mbind-prctl$PR_SCHED_CORE-prlimit64-syz_emit_ethernet-sched_setaffinity-syz_open_dev$MSR-sched_setscheduler
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffe, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000030000008500000086", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
syz_open_procfs(r3, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x2f)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000000)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r7}, {}, {0x7, 0x0, 0xb, 0x6, 0x0, 0x0, 0x5}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x1, 0xa, 0x9, 0x9}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r6}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8, 0x9, 0xffff}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x9, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000f000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mbind(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, &(0x7f0000000040)=0x4, 0xfed, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x1000088}, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000680)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "e400ff", 0x30, 0x3a, 0x0, @private2, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x11, 0x0, @empty, @ipv4={'\x00', '\xff\xff', @multicast1}}}}}}}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-fcntl$getown-mmap-madvise-chroot-openat$cuse-read$FUSE-fcntl$setlease-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_MSRS-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
chroot(0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
fcntl$setlease(r0, 0x400, 0x1) (async)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r3, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100)=0xdb) (async)
ioctl$TIOCSTI(r0, 0x5412, 0x0)

program crashed: general protection fault in bcsp_recv
single: successfully extracted reproducer
found reproducer with 16 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-fcntl$getown-mmap-madvise-chroot-openat$cuse-read$FUSE-fcntl$setlease-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_MSRS-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
chroot(0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
fcntl$setlease(r0, 0x400, 0x1) (async)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r3, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100)=0xdb) (async)

program crashed: general protection fault in bcsp_recv
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-fcntl$getown-mmap-madvise-chroot-openat$cuse-read$FUSE-fcntl$setlease-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_MSRS-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
chroot(0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
fcntl$setlease(r0, 0x400, 0x1) (async)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r3, 0x400455c8, 0x1) (async)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-fcntl$getown-mmap-madvise-chroot-openat$cuse-read$FUSE-fcntl$setlease-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_MSRS-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
chroot(0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
fcntl$setlease(r0, 0x400, 0x1) (async)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100)=0xdb) (async)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-fcntl$getown-mmap-madvise-chroot-openat$cuse-read$FUSE-fcntl$setlease-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_MSRS-ioctl$TIOCSETD-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
chroot(0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
fcntl$setlease(r0, 0x400, 0x1) (async)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000100)=0xdb) (async)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-fcntl$getown-mmap-madvise-chroot-openat$cuse-read$FUSE-fcntl$setlease-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_MSRS-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
chroot(0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
fcntl$setlease(r0, 0x400, 0x1) (async)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)) (async)
r3 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r3, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100)=0xdb) (async)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-fcntl$getown-mmap-madvise-chroot-openat$cuse-read$FUSE-fcntl$setlease-ioctl$KVM_CREATE_VCPU-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
chroot(0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
fcntl$setlease(r0, 0x400, 0x1) (async)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r2, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000100)=0xdb) (async)

program crashed: general protection fault in bcsp_recv
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-fcntl$getown-mmap-madvise-chroot-openat$cuse-read$FUSE-fcntl$setlease-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
chroot(0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
fcntl$setlease(r0, 0x400, 0x1) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r2, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000100)=0xdb) (async)

program crashed: general protection fault in bcsp_recv
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-fcntl$getown-mmap-madvise-chroot-openat$cuse-read$FUSE-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
chroot(0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r2, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000100)=0xdb) (async)

program crashed: general protection fault in bcsp_recv
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-fcntl$getown-mmap-madvise-chroot-openat$cuse-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
chroot(0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb) (async)

program crashed: general protection fault in bcsp_recv
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-fcntl$getown-mmap-madvise-chroot-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
chroot(0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb) (async)

program crashed: general protection fault in bcsp_recv
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-fcntl$getown-mmap-madvise-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb) (async)

program crashed: general protection fault in bcsp_recv
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-fcntl$getown-mmap-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb) (async)

program crashed: general protection fault in bcsp_recv
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-fcntl$getown-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb) (async)

program crashed: general protection fault in bcsp_recv
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb) (async)

program crashed: general protection fault in bcsp_recv
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb) (async)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$TCFLSH(r0, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0xdb) (async)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680))
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb) (async)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb) (async)

program crashed: general protection fault in bcsp_recv
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, 0x0) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb) (async)

program crashed: general protection fault in bcsp_recv
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb) (async)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, 0x0) (async)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb) (async)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, 0x0) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb) (async)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, 0x0) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r1, 0x5412, 0x0) (async)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, 0x0) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xdb)

program crashed: general protection fault in bcsp_recv
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
program crashed: general protection fault in bcsp_recv
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
program crashed: general protection fault in bcsp_recv
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
program crashed: general protection fault in bcsp_recv
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
program crashed: general protection fault in bcsp_recv
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
program crashed: general protection fault in bcsp_recv
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
program crashed: general protection fault in bcsp_recv
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI
program crashed: general protection fault in bcsp_recv
reproducing took 2h6m48.925759361s
repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000021: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]
CPU: 1 UID: 0 PID: 8848 Comm: syz-executor204 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:bcsp_recv+0x10a/0x17f0 drivers/bluetooth/hci_bcsp.c:590
Code: 18 48 c1 e8 03 48 01 e8 48 89 04 24 48 8d 83 78 01 00 00 48 89 44 24 28 48 c1 e8 03 48 89 44 24 08 e8 aa 07 5c f9 48 8b 04 24 <80> 38 00 0f 85 d1 12 00 00 4c 8b ab 08 01 00 00 31 ff 4c 89 ee e8
RSP: 0018:ffffc9000cfb7bf0 EFLAGS: 00010293
RAX: dffffc0000000021 RBX: 0000000000000000 RCX: ffffffff885f47fa
RDX: ffff888057ad8000 RSI: ffffffff885f4846 RDI: 0000000000000005
RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffc9000cfb7d88
R13: ffffc9000cfb7d88 R14: 0000000000000001 R15: ffff88807ea8ec00
FS:  00007f5e1232e6c0(0000) GS:ffff888124ab2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5e12377b30 CR3: 0000000053bbc000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hci_uart_tty_receive+0x251/0x7e0 drivers/bluetooth/hci_ldisc.c:627
 tiocsti drivers/tty/tty_io.c:2299 [inline]
 tty_ioctl+0x57d/0x1610 drivers/tty/tty_io.c:2716
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl fs/ioctl.c:892 [inline]
 __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5e123b73e9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5e1232e218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f5e12441348 RCX: 00007f5e123b73e9
RDX: 0000200000000100 RSI: 0000000000005412 RDI: 0000000000000004
RBP: 00007f5e12441340 R08: 00007ffc3a359837 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5e1240e074
R13: 0000200000000000 R14: 00002000000000c0 R15: 0000200000000100
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:bcsp_recv+0x10a/0x17f0 drivers/bluetooth/hci_bcsp.c:590
Code: 18 48 c1 e8 03 48 01 e8 48 89 04 24 48 8d 83 78 01 00 00 48 89 44 24 28 48 c1 e8 03 48 89 44 24 08 e8 aa 07 5c f9 48 8b 04 24 <80> 38 00 0f 85 d1 12 00 00 4c 8b ab 08 01 00 00 31 ff 4c 89 ee e8
RSP: 0018:ffffc9000cfb7bf0 EFLAGS: 00010293
RAX: dffffc0000000021 RBX: 0000000000000000 RCX: ffffffff885f47fa
RDX: ffff888057ad8000 RSI: ffffffff885f4846 RDI: 0000000000000005
RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffc9000cfb7d88
R13: ffffc9000cfb7d88 R14: 0000000000000001 R15: ffff88807ea8ec00
FS:  00007f5e1232e6c0(0000) GS:ffff8881249b2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564d751800b8 CR3: 0000000053bbc000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	18 48 c1             	sbb    %cl,-0x3f(%rax)
   3:	e8 03 48 01 e8       	call   0xe801480b
   8:	48 89 04 24          	mov    %rax,(%rsp)
   c:	48 8d 83 78 01 00 00 	lea    0x178(%rbx),%rax
  13:	48 89 44 24 28       	mov    %rax,0x28(%rsp)
  18:	48 c1 e8 03          	shr    $0x3,%rax
  1c:	48 89 44 24 08       	mov    %rax,0x8(%rsp)
  21:	e8 aa 07 5c f9       	call   0xf95c07d0
  26:	48 8b 04 24          	mov    (%rsp),%rax
* 2a:	80 38 00             	cmpb   $0x0,(%rax) <-- trapping instruction
  2d:	0f 85 d1 12 00 00    	jne    0x1304
  33:	4c 8b ab 08 01 00 00 	mov    0x108(%rbx),%r13
  3a:	31 ff                	xor    %edi,%edi
  3c:	4c 89 ee             	mov    %r13,%rsi
  3f:	e8                   	.byte 0xe8

final repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000021: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]
CPU: 1 UID: 0 PID: 8848 Comm: syz-executor204 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:bcsp_recv+0x10a/0x17f0 drivers/bluetooth/hci_bcsp.c:590
Code: 18 48 c1 e8 03 48 01 e8 48 89 04 24 48 8d 83 78 01 00 00 48 89 44 24 28 48 c1 e8 03 48 89 44 24 08 e8 aa 07 5c f9 48 8b 04 24 <80> 38 00 0f 85 d1 12 00 00 4c 8b ab 08 01 00 00 31 ff 4c 89 ee e8
RSP: 0018:ffffc9000cfb7bf0 EFLAGS: 00010293
RAX: dffffc0000000021 RBX: 0000000000000000 RCX: ffffffff885f47fa
RDX: ffff888057ad8000 RSI: ffffffff885f4846 RDI: 0000000000000005
RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffc9000cfb7d88
R13: ffffc9000cfb7d88 R14: 0000000000000001 R15: ffff88807ea8ec00
FS:  00007f5e1232e6c0(0000) GS:ffff888124ab2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5e12377b30 CR3: 0000000053bbc000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hci_uart_tty_receive+0x251/0x7e0 drivers/bluetooth/hci_ldisc.c:627
 tiocsti drivers/tty/tty_io.c:2299 [inline]
 tty_ioctl+0x57d/0x1610 drivers/tty/tty_io.c:2716
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl fs/ioctl.c:892 [inline]
 __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5e123b73e9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5e1232e218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f5e12441348 RCX: 00007f5e123b73e9
RDX: 0000200000000100 RSI: 0000000000005412 RDI: 0000000000000004
RBP: 00007f5e12441340 R08: 00007ffc3a359837 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5e1240e074
R13: 0000200000000000 R14: 00002000000000c0 R15: 0000200000000100
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:bcsp_recv+0x10a/0x17f0 drivers/bluetooth/hci_bcsp.c:590
Code: 18 48 c1 e8 03 48 01 e8 48 89 04 24 48 8d 83 78 01 00 00 48 89 44 24 28 48 c1 e8 03 48 89 44 24 08 e8 aa 07 5c f9 48 8b 04 24 <80> 38 00 0f 85 d1 12 00 00 4c 8b ab 08 01 00 00 31 ff 4c 89 ee e8
RSP: 0018:ffffc9000cfb7bf0 EFLAGS: 00010293
RAX: dffffc0000000021 RBX: 0000000000000000 RCX: ffffffff885f47fa
RDX: ffff888057ad8000 RSI: ffffffff885f4846 RDI: 0000000000000005
RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffc9000cfb7d88
R13: ffffc9000cfb7d88 R14: 0000000000000001 R15: ffff88807ea8ec00
FS:  00007f5e1232e6c0(0000) GS:ffff8881249b2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564d751800b8 CR3: 0000000053bbc000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	18 48 c1             	sbb    %cl,-0x3f(%rax)
   3:	e8 03 48 01 e8       	call   0xe801480b
   8:	48 89 04 24          	mov    %rax,(%rsp)
   c:	48 8d 83 78 01 00 00 	lea    0x178(%rbx),%rax
  13:	48 89 44 24 28       	mov    %rax,0x28(%rsp)
  18:	48 c1 e8 03          	shr    $0x3,%rax
  1c:	48 89 44 24 08       	mov    %rax,0x8(%rsp)
  21:	e8 aa 07 5c f9       	call   0xf95c07d0
  26:	48 8b 04 24          	mov    (%rsp),%rax
* 2a:	80 38 00             	cmpb   $0x0,(%rax) <-- trapping instruction
  2d:	0f 85 d1 12 00 00    	jne    0x1304
  33:	4c 8b ab 08 01 00 00 	mov    0x108(%rbx),%r13
  3a:	31 ff                	xor    %edi,%edi
  3c:	4c 89 ee             	mov    %r13,%rsi
  3f:	e8                   	.byte 0xe8