Extracting prog: 2m45.211954697s
Minimizing prog: 10m5.426026514s
Simplifying prog options: 5m13.05632093s
Extracting C: 1m5.280440506s
Simplifying C: 0s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_mount_image$ext4-mmap-syz_clone3
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
listen(r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000300)={[{@init_itable}, {@noquota}, {@nouid32}, {@barrier}, {@resgid}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier}, {@delalloc}, {@bh}]}, 0x10, 0x4d3, &(0x7f0000000ec0)="$eJzs3c9rHG8ZAPBnNtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4g9SEGt9xqTTQjZZEN20zahSIp3BREVPHnyIvgHCNI/QYSC3qWKItrqwYO6srOzmqa73XzpZqcknw9M531ndvZ53rb77rwzLzsBHFkXI+JORIxExNWIGM+2F7Llbquy037dq5dP5ltLEs3m/b8mkWTbOu+VZOtT7UPieER8/W7Et5I349a3tlfmqtXKRlYvN1bXy/Wt7WvLq3NLlaXK2szM9M3ZW7M3ZqcG0s6JiLj9pT/+8Hs/+/LtX3320e8f/PnKt1tpjWX7d7djkNpNL6Z/Fx2jEbFxEMFyMJKtiz32f3dkiMkAANBX6xz/oxHxqfT8fzxG0rNTAAAA4DBpfmEs/pVENAEAAIBDq5DOgU0KpWwuwFgUCqVSew7vx+NkoVqrNz6zWNtcW2jPlZ2IYmFxuVqZyuYKT0QxadWnszm2nfr1PfWZiDgTET8YP5HWS/O16kLeFz8AAADgiDi1Z/z/j/F0/H8s77wAAACAAZvIOwEAAADgwBn/AwAAwOFn/A8AAACH2lfv3Wstzc7zrxcebm2u1B5eW6jUV0qrm/Ol+drGemmpVltKf7Nvtd/7VWu19c/F2ubjcqNSb5TrW9sPVmuba40Hy689AhsAAAAYojMXnv0uiYidz59Il5YP8k4KGIqkz/70ISEvssofhpAQMDQjeScA5GY07wSA3BTzTgDIXb/rAD0n7/x68LkAAAAHY/ITve//uzYAh1sh7wQAgKFz/x+OrqIZgHDkfaTP/ne//99sfqiEAACAgRtLl6RQyu4FjkWhUCpFnE4fC1BMFperlalsfPDb8eKxVn06PTLpO2cYAAAAAAAAAAAAAAAAAAAAAAAAAGhrNpNoAgAAAIdaROFPSfpr/hGT45fH9l4f+CD553i6johHP7n/o8dzjcbGdGv73/63vfHjbPv1PK5gAAAAAHt1xumdcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNKrl0/mO8sw4/7lixEx0TX+hePp6ngUI+Lk35MY3XVcEhEjA4i/8zQiznaLn7TSioloZ9Et/okc4xci4tQA4sNR9qzV/9zp9vkrxMV03f3zN5ot76p3/1eITv83sit+MTuu1f+c3meMc89/Ue4Z/2nEudHu/U8nftKj/7u0z/jf/Mb2dq99zZ9GTHb9/klei1VurK6X61vb15ZX55YqS5W1mZnpm7O3Zm/MTpUXl6uV7M+uMb7/yV/+523tP9kj/kSf9l/eZ/v//fzxy4+1i8Vu8a9c6v79e/bN+F95lPX9rf8Tn87Krf2TnfJOu7zb+Z//5vzb2r/Qo/39/v2v7LP9V7/2nRf7fCkAMAT1re2VuWq1svHeF2In4j1IQ+GgCsfejzQU2oW8eyYAAGDQ/n/Sn3cmAAAAAAAAAAAAAAAAAAAAcHQN4+fE9sbcyaepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv9d8AAAD//9u92ow=")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

program crashed: BUG: unable to handle kernel paging request in lock_sock_nested
program crashed: BUG: unable to handle kernel paging request in lock_sock_nested
single: successfully extracted reproducer
found reproducer with 6 syscalls
minimizing guilty program
testing program (duration=45.440194045s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_mount_image$ext4-mmap
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
listen(r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000300)={[{@init_itable}, {@noquota}, {@nouid32}, {@barrier}, {@resgid}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier}, {@delalloc}, {@bh}]}, 0x10, 0x4d3, &(0x7f0000000ec0)="$eJzs3c9rHG8ZAPBnNtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4g9SEGt9xqTTQjZZEN20zahSIp3BREVPHnyIvgHCNI/QYSC3qWKItrqwYO6srOzmqa73XzpZqcknw9M531ndvZ53rb77rwzLzsBHFkXI+JORIxExNWIGM+2F7Llbquy037dq5dP5ltLEs3m/b8mkWTbOu+VZOtT7UPieER8/W7Et5I349a3tlfmqtXKRlYvN1bXy/Wt7WvLq3NLlaXK2szM9M3ZW7M3ZqcG0s6JiLj9pT/+8Hs/+/LtX3320e8f/PnKt1tpjWX7d7djkNpNL6Z/Fx2jEbFxEMFyMJKtiz32f3dkiMkAANBX6xz/oxHxqfT8fzxG0rNTAAAA4DBpfmEs/pVENAEAAIBDq5DOgU0KpWwuwFgUCqVSew7vx+NkoVqrNz6zWNtcW2jPlZ2IYmFxuVqZyuYKT0QxadWnszm2nfr1PfWZiDgTET8YP5HWS/O16kLeFz8AAADgiDi1Z/z/j/F0/H8s77wAAACAAZvIOwEAAADgwBn/AwAAwOFn/A8AAACH2lfv3Wstzc7zrxcebm2u1B5eW6jUV0qrm/Ol+drGemmpVltKf7Nvtd/7VWu19c/F2ubjcqNSb5TrW9sPVmuba40Hy689AhsAAAAYojMXnv0uiYidz59Il5YP8k4KGIqkz/70ISEvssofhpAQMDQjeScA5GY07wSA3BTzTgDIXb/rAD0n7/x68LkAAAAHY/ITve//uzYAh1sh7wQAgKFz/x+OrqIZgHDkfaTP/ne//99sfqiEAACAgRtLl6RQyu4FjkWhUCpFnE4fC1BMFperlalsfPDb8eKxVn06PTLpO2cYAAAAAAAAAAAAAAAAAAAAAAAAAGhrNpNoAgAAAIdaROFPSfpr/hGT45fH9l4f+CD553i6johHP7n/o8dzjcbGdGv73/63vfHjbPv1PK5gAAAAAHt1xumdcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNKrl0/mO8sw4/7lixEx0TX+hePp6ngUI+Lk35MY3XVcEhEjA4i/8zQiznaLn7TSioloZ9Et/okc4xci4tQA4sNR9qzV/9zp9vkrxMV03f3zN5ot76p3/1eITv83sit+MTuu1f+c3meMc89/Ue4Z/2nEudHu/U8nftKj/7u0z/jf/Mb2dq99zZ9GTHb9/klei1VurK6X61vb15ZX55YqS5W1mZnpm7O3Zm/MTpUXl6uV7M+uMb7/yV/+523tP9kj/kSf9l/eZ/v//fzxy4+1i8Vu8a9c6v79e/bN+F95lPX9rf8Tn87Krf2TnfJOu7zb+Z//5vzb2r/Qo/39/v2v7LP9V7/2nRf7fCkAMAT1re2VuWq1svHeF2In4j1IQ+GgCsfejzQU2oW8eyYAAGDQ/n/Sn3cmAAAAAAAAAAAAAAAAAAAAcHQN4+fE9sbcyaepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv9d8AAAD//9u92ow=")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=45.440194045s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_mount_image$ext4-syz_clone3
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
listen(r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000300)={[{@init_itable}, {@noquota}, {@nouid32}, {@barrier}, {@resgid}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier}, {@delalloc}, {@bh}]}, 0x10, 0x4d3, &(0x7f0000000ec0)="$eJzs3c9rHG8ZAPBnNtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4g9SEGt9xqTTQjZZEN20zahSIp3BREVPHnyIvgHCNI/QYSC3qWKItrqwYO6srOzmqa73XzpZqcknw9M531ndvZ53rb77rwzLzsBHFkXI+JORIxExNWIGM+2F7Llbquy037dq5dP5ltLEs3m/b8mkWTbOu+VZOtT7UPieER8/W7Et5I349a3tlfmqtXKRlYvN1bXy/Wt7WvLq3NLlaXK2szM9M3ZW7M3ZqcG0s6JiLj9pT/+8Hs/+/LtX3320e8f/PnKt1tpjWX7d7djkNpNL6Z/Fx2jEbFxEMFyMJKtiz32f3dkiMkAANBX6xz/oxHxqfT8fzxG0rNTAAAA4DBpfmEs/pVENAEAAIBDq5DOgU0KpWwuwFgUCqVSew7vx+NkoVqrNz6zWNtcW2jPlZ2IYmFxuVqZyuYKT0QxadWnszm2nfr1PfWZiDgTET8YP5HWS/O16kLeFz8AAADgiDi1Z/z/j/F0/H8s77wAAACAAZvIOwEAAADgwBn/AwAAwOFn/A8AAACH2lfv3Wstzc7zrxcebm2u1B5eW6jUV0qrm/Ol+drGemmpVltKf7Nvtd/7VWu19c/F2ubjcqNSb5TrW9sPVmuba40Hy689AhsAAAAYojMXnv0uiYidz59Il5YP8k4KGIqkz/70ISEvssofhpAQMDQjeScA5GY07wSA3BTzTgDIXb/rAD0n7/x68LkAAAAHY/ITve//uzYAh1sh7wQAgKFz/x+OrqIZgHDkfaTP/ne//99sfqiEAACAgRtLl6RQyu4FjkWhUCpFnE4fC1BMFperlalsfPDb8eKxVn06PTLpO2cYAAAAAAAAAAAAAAAAAAAAAAAAAGhrNpNoAgAAAIdaROFPSfpr/hGT45fH9l4f+CD553i6johHP7n/o8dzjcbGdGv73/63vfHjbPv1PK5gAAAAAHt1xumdcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNKrl0/mO8sw4/7lixEx0TX+hePp6ngUI+Lk35MY3XVcEhEjA4i/8zQiznaLn7TSioloZ9Et/okc4xci4tQA4sNR9qzV/9zp9vkrxMV03f3zN5ot76p3/1eITv83sit+MTuu1f+c3meMc89/Ue4Z/2nEudHu/U8nftKj/7u0z/jf/Mb2dq99zZ9GTHb9/klei1VurK6X61vb15ZX55YqS5W1mZnpm7O3Zm/MTpUXl6uV7M+uMb7/yV/+523tP9kj/kSf9l/eZ/v//fzxy4+1i8Vu8a9c6v79e/bN+F95lPX9rf8Tn87Krf2TnfJOu7zb+Z//5vzb2r/Qo/39/v2v7LP9V7/2nRf7fCkAMAT1re2VuWq1svHeF2In4j1IQ+GgCsfejzQU2oW8eyYAAGDQ/n/Sn3cmAAAAAAAAAAAAAAAAAAAAcHQN4+fE9sbcyaepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv9d8AAAD//9u92ow=")
syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

program did not crash
testing program (duration=45.440194045s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-mmap-syz_clone3
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
listen(r0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

program did not crash
testing program (duration=45.440194045s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-syz_mount_image$ext4-mmap-syz_clone3
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000300)={[{@init_itable}, {@noquota}, {@nouid32}, {@barrier}, {@resgid}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier}, {@delalloc}, {@bh}]}, 0x10, 0x4d3, &(0x7f0000000ec0)="$eJzs3c9rHG8ZAPBnNtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4g9SEGt9xqTTQjZZEN20zahSIp3BREVPHnyIvgHCNI/QYSC3qWKItrqwYO6srOzmqa73XzpZqcknw9M531ndvZ53rb77rwzLzsBHFkXI+JORIxExNWIGM+2F7Llbquy037dq5dP5ltLEs3m/b8mkWTbOu+VZOtT7UPieER8/W7Et5I349a3tlfmqtXKRlYvN1bXy/Wt7WvLq3NLlaXK2szM9M3ZW7M3ZqcG0s6JiLj9pT/+8Hs/+/LtX3320e8f/PnKt1tpjWX7d7djkNpNL6Z/Fx2jEbFxEMFyMJKtiz32f3dkiMkAANBX6xz/oxHxqfT8fzxG0rNTAAAA4DBpfmEs/pVENAEAAIBDq5DOgU0KpWwuwFgUCqVSew7vx+NkoVqrNz6zWNtcW2jPlZ2IYmFxuVqZyuYKT0QxadWnszm2nfr1PfWZiDgTET8YP5HWS/O16kLeFz8AAADgiDi1Z/z/j/F0/H8s77wAAACAAZvIOwEAAADgwBn/AwAAwOFn/A8AAACH2lfv3Wstzc7zrxcebm2u1B5eW6jUV0qrm/Ol+drGemmpVltKf7Nvtd/7VWu19c/F2ubjcqNSb5TrW9sPVmuba40Hy689AhsAAAAYojMXnv0uiYidz59Il5YP8k4KGIqkz/70ISEvssofhpAQMDQjeScA5GY07wSA3BTzTgDIXb/rAD0n7/x68LkAAAAHY/ITve//uzYAh1sh7wQAgKFz/x+OrqIZgHDkfaTP/ne//99sfqiEAACAgRtLl6RQyu4FjkWhUCpFnE4fC1BMFperlalsfPDb8eKxVn06PTLpO2cYAAAAAAAAAAAAAAAAAAAAAAAAAGhrNpNoAgAAAIdaROFPSfpr/hGT45fH9l4f+CD553i6johHP7n/o8dzjcbGdGv73/63vfHjbPv1PK5gAAAAAHt1xumdcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNKrl0/mO8sw4/7lixEx0TX+hePp6ngUI+Lk35MY3XVcEhEjA4i/8zQiznaLn7TSioloZ9Et/okc4xci4tQA4sNR9qzV/9zp9vkrxMV03f3zN5ot76p3/1eITv83sit+MTuu1f+c3meMc89/Ue4Z/2nEudHu/U8nftKj/7u0z/jf/Mb2dq99zZ9GTHb9/klei1VurK6X61vb15ZX55YqS5W1mZnpm7O3Zm/MTpUXl6uV7M+uMb7/yV/+523tP9kj/kSf9l/eZ/v//fzxy4+1i8Vu8a9c6v79e/bN+F95lPX9rf8Tn87Krf2TnfJOu7zb+Z//5vzb2r/Qo/39/v2v7LP9V7/2nRf7fCkAMAT1re2VuWq1svHeF2In4j1IQ+GgCsfejzQU2oW8eyYAAGDQ/n/Sn3cmAAAAAAAAAAAAAAAAAAAAcHQN4+fE9sbcyaepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv9d8AAAD//9u92ow=")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

program did not crash
testing program (duration=45.440194045s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-listen-syz_mount_image$ext4-mmap-syz_clone3
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
listen(r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000300)={[{@init_itable}, {@noquota}, {@nouid32}, {@barrier}, {@resgid}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier}, {@delalloc}, {@bh}]}, 0x10, 0x4d3, &(0x7f0000000ec0)="$eJzs3c9rHG8ZAPBnNtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4g9SEGt9xqTTQjZZEN20zahSIp3BREVPHnyIvgHCNI/QYSC3qWKItrqwYO6srOzmqa73XzpZqcknw9M531ndvZ53rb77rwzLzsBHFkXI+JORIxExNWIGM+2F7Llbquy037dq5dP5ltLEs3m/b8mkWTbOu+VZOtT7UPieER8/W7Et5I349a3tlfmqtXKRlYvN1bXy/Wt7WvLq3NLlaXK2szM9M3ZW7M3ZqcG0s6JiLj9pT/+8Hs/+/LtX3320e8f/PnKt1tpjWX7d7djkNpNL6Z/Fx2jEbFxEMFyMJKtiz32f3dkiMkAANBX6xz/oxHxqfT8fzxG0rNTAAAA4DBpfmEs/pVENAEAAIBDq5DOgU0KpWwuwFgUCqVSew7vx+NkoVqrNz6zWNtcW2jPlZ2IYmFxuVqZyuYKT0QxadWnszm2nfr1PfWZiDgTET8YP5HWS/O16kLeFz8AAADgiDi1Z/z/j/F0/H8s77wAAACAAZvIOwEAAADgwBn/AwAAwOFn/A8AAACH2lfv3Wstzc7zrxcebm2u1B5eW6jUV0qrm/Ol+drGemmpVltKf7Nvtd/7VWu19c/F2ubjcqNSb5TrW9sPVmuba40Hy689AhsAAAAYojMXnv0uiYidz59Il5YP8k4KGIqkz/70ISEvssofhpAQMDQjeScA5GY07wSA3BTzTgDIXb/rAD0n7/x68LkAAAAHY/ITve//uzYAh1sh7wQAgKFz/x+OrqIZgHDkfaTP/ne//99sfqiEAACAgRtLl6RQyu4FjkWhUCpFnE4fC1BMFperlalsfPDb8eKxVn06PTLpO2cYAAAAAAAAAAAAAAAAAAAAAAAAAGhrNpNoAgAAAIdaROFPSfpr/hGT45fH9l4f+CD553i6johHP7n/o8dzjcbGdGv73/63vfHjbPv1PK5gAAAAAHt1xumdcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNKrl0/mO8sw4/7lixEx0TX+hePp6ngUI+Lk35MY3XVcEhEjA4i/8zQiznaLn7TSioloZ9Et/okc4xci4tQA4sNR9qzV/9zp9vkrxMV03f3zN5ot76p3/1eITv83sit+MTuu1f+c3meMc89/Ue4Z/2nEudHu/U8nftKj/7u0z/jf/Mb2dq99zZ9GTHb9/klei1VurK6X61vb15ZX55YqS5W1mZnpm7O3Zm/MTpUXl6uV7M+uMb7/yV/+523tP9kj/kSf9l/eZ/v//fzxy4+1i8Vu8a9c6v79e/bN+F95lPX9rf8Tn87Krf2TnfJOu7zb+Z//5vzb2r/Qo/39/v2v7LP9V7/2nRf7fCkAMAT1re2VuWq1svHeF2In4j1IQ+GgCsfejzQU2oW8eyYAAGDQ/n/Sn3cmAAAAAAAAAAAAAAAAAAAAcHQN4+fE9sbcyaepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv9d8AAAD//9u92ow=")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

program did not crash
testing program (duration=45.440194045s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$bt_l2cap-listen-syz_mount_image$ext4-mmap-syz_clone3
detailed listing:
executing program 0:
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
listen(0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000300)={[{@init_itable}, {@noquota}, {@nouid32}, {@barrier}, {@resgid}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier}, {@delalloc}, {@bh}]}, 0x10, 0x4d3, &(0x7f0000000ec0)="$eJzs3c9rHG8ZAPBnNtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4g9SEGt9xqTTQjZZEN20zahSIp3BREVPHnyIvgHCNI/QYSC3qWKItrqwYO6srOzmqa73XzpZqcknw9M531ndvZ53rb77rwzLzsBHFkXI+JORIxExNWIGM+2F7Llbquy037dq5dP5ltLEs3m/b8mkWTbOu+VZOtT7UPieER8/W7Et5I349a3tlfmqtXKRlYvN1bXy/Wt7WvLq3NLlaXK2szM9M3ZW7M3ZqcG0s6JiLj9pT/+8Hs/+/LtX3320e8f/PnKt1tpjWX7d7djkNpNL6Z/Fx2jEbFxEMFyMJKtiz32f3dkiMkAANBX6xz/oxHxqfT8fzxG0rNTAAAA4DBpfmEs/pVENAEAAIBDq5DOgU0KpWwuwFgUCqVSew7vx+NkoVqrNz6zWNtcW2jPlZ2IYmFxuVqZyuYKT0QxadWnszm2nfr1PfWZiDgTET8YP5HWS/O16kLeFz8AAADgiDi1Z/z/j/F0/H8s77wAAACAAZvIOwEAAADgwBn/AwAAwOFn/A8AAACH2lfv3Wstzc7zrxcebm2u1B5eW6jUV0qrm/Ol+drGemmpVltKf7Nvtd/7VWu19c/F2ubjcqNSb5TrW9sPVmuba40Hy689AhsAAAAYojMXnv0uiYidz59Il5YP8k4KGIqkz/70ISEvssofhpAQMDQjeScA5GY07wSA3BTzTgDIXb/rAD0n7/x68LkAAAAHY/ITve//uzYAh1sh7wQAgKFz/x+OrqIZgHDkfaTP/ne//99sfqiEAACAgRtLl6RQyu4FjkWhUCpFnE4fC1BMFperlalsfPDb8eKxVn06PTLpO2cYAAAAAAAAAAAAAAAAAAAAAAAAAGhrNpNoAgAAAIdaROFPSfpr/hGT45fH9l4f+CD553i6johHP7n/o8dzjcbGdGv73/63vfHjbPv1PK5gAAAAAHt1xumdcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNKrl0/mO8sw4/7lixEx0TX+hePp6ngUI+Lk35MY3XVcEhEjA4i/8zQiznaLn7TSioloZ9Et/okc4xci4tQA4sNR9qzV/9zp9vkrxMV03f3zN5ot76p3/1eITv83sit+MTuu1f+c3meMc89/Ue4Z/2nEudHu/U8nftKj/7u0z/jf/Mb2dq99zZ9GTHb9/klei1VurK6X61vb15ZX55YqS5W1mZnpm7O3Zm/MTpUXl6uV7M+uMb7/yV/+523tP9kj/kSf9l/eZ/v//fzxy4+1i8Vu8a9c6v79e/bN+F95lPX9rf8Tn87Krf2TnfJOu7zb+Z//5vzb2r/Qo/39/v2v7LP9V7/2nRf7fCkAMAT1re2VuWq1svHeF2In4j1IQ+GgCsfejzQU2oW8eyYAAGDQ/n/Sn3cmAAAAAAAAAAAAAAAAAAAAcHQN4+fE9sbcyaepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv9d8AAAD//9u92ow=")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

program did not crash
testing program (duration=45.440194045s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_mount_image$ext4-mmap-syz_clone3
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, 0x0, 0x0)
listen(r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000300)={[{@init_itable}, {@noquota}, {@nouid32}, {@barrier}, {@resgid}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier}, {@delalloc}, {@bh}]}, 0x10, 0x4d3, &(0x7f0000000ec0)="$eJzs3c9rHG8ZAPBnNtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4g9SEGt9xqTTQjZZEN20zahSIp3BREVPHnyIvgHCNI/QYSC3qWKItrqwYO6srOzmqa73XzpZqcknw9M531ndvZ53rb77rwzLzsBHFkXI+JORIxExNWIGM+2F7Llbquy037dq5dP5ltLEs3m/b8mkWTbOu+VZOtT7UPieER8/W7Et5I349a3tlfmqtXKRlYvN1bXy/Wt7WvLq3NLlaXK2szM9M3ZW7M3ZqcG0s6JiLj9pT/+8Hs/+/LtX3320e8f/PnKt1tpjWX7d7djkNpNL6Z/Fx2jEbFxEMFyMJKtiz32f3dkiMkAANBX6xz/oxHxqfT8fzxG0rNTAAAA4DBpfmEs/pVENAEAAIBDq5DOgU0KpWwuwFgUCqVSew7vx+NkoVqrNz6zWNtcW2jPlZ2IYmFxuVqZyuYKT0QxadWnszm2nfr1PfWZiDgTET8YP5HWS/O16kLeFz8AAADgiDi1Z/z/j/F0/H8s77wAAACAAZvIOwEAAADgwBn/AwAAwOFn/A8AAACH2lfv3Wstzc7zrxcebm2u1B5eW6jUV0qrm/Ol+drGemmpVltKf7Nvtd/7VWu19c/F2ubjcqNSb5TrW9sPVmuba40Hy689AhsAAAAYojMXnv0uiYidz59Il5YP8k4KGIqkz/70ISEvssofhpAQMDQjeScA5GY07wSA3BTzTgDIXb/rAD0n7/x68LkAAAAHY/ITve//uzYAh1sh7wQAgKFz/x+OrqIZgHDkfaTP/ne//99sfqiEAACAgRtLl6RQyu4FjkWhUCpFnE4fC1BMFperlalsfPDb8eKxVn06PTLpO2cYAAAAAAAAAAAAAAAAAAAAAAAAAGhrNpNoAgAAAIdaROFPSfpr/hGT45fH9l4f+CD553i6johHP7n/o8dzjcbGdGv73/63vfHjbPv1PK5gAAAAAHt1xumdcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNKrl0/mO8sw4/7lixEx0TX+hePp6ngUI+Lk35MY3XVcEhEjA4i/8zQiznaLn7TSioloZ9Et/okc4xci4tQA4sNR9qzV/9zp9vkrxMV03f3zN5ot76p3/1eITv83sit+MTuu1f+c3meMc89/Ue4Z/2nEudHu/U8nftKj/7u0z/jf/Mb2dq99zZ9GTHb9/klei1VurK6X61vb15ZX55YqS5W1mZnpm7O3Zm/MTpUXl6uV7M+uMb7/yV/+523tP9kj/kSf9l/eZ/v//fzxy4+1i8Vu8a9c6v79e/bN+F95lPX9rf8Tn87Krf2TnfJOu7zb+Z//5vzb2r/Qo/39/v2v7LP9V7/2nRf7fCkAMAT1re2VuWq1svHeF2In4j1IQ+GgCsfejzQU2oW8eyYAAGDQ/n/Sn3cmAAAAAAAAAAAAAAAAAAAAcHQN4+fE9sbcyaepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv9d8AAAD//9u92ow=")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

program did not crash
testing program (duration=45.440194045s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_mount_image$ext4-mmap-syz_clone3
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
listen(r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000300)={[{@init_itable}, {@noquota}, {@nouid32}, {@barrier}, {@resgid}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier}, {@delalloc}, {@bh}]}, 0x10, 0x4d3, &(0x7f0000000ec0)="$eJzs3c9rHG8ZAPBnNtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4g9SEGt9xqTTQjZZEN20zahSIp3BREVPHnyIvgHCNI/QYSC3qWKItrqwYO6srOzmqa73XzpZqcknw9M531ndvZ53rb77rwzLzsBHFkXI+JORIxExNWIGM+2F7Llbquy037dq5dP5ltLEs3m/b8mkWTbOu+VZOtT7UPieER8/W7Et5I349a3tlfmqtXKRlYvN1bXy/Wt7WvLq3NLlaXK2szM9M3ZW7M3ZqcG0s6JiLj9pT/+8Hs/+/LtX3320e8f/PnKt1tpjWX7d7djkNpNL6Z/Fx2jEbFxEMFyMJKtiz32f3dkiMkAANBX6xz/oxHxqfT8fzxG0rNTAAAA4DBpfmEs/pVENAEAAIBDq5DOgU0KpWwuwFgUCqVSew7vx+NkoVqrNz6zWNtcW2jPlZ2IYmFxuVqZyuYKT0QxadWnszm2nfr1PfWZiDgTET8YP5HWS/O16kLeFz8AAADgiDi1Z/z/j/F0/H8s77wAAACAAZvIOwEAAADgwBn/AwAAwOFn/A8AAACH2lfv3Wstzc7zrxcebm2u1B5eW6jUV0qrm/Ol+drGemmpVltKf7Nvtd/7VWu19c/F2ubjcqNSb5TrW9sPVmuba40Hy689AhsAAAAYojMXnv0uiYidz59Il5YP8k4KGIqkz/70ISEvssofhpAQMDQjeScA5GY07wSA3BTzTgDIXb/rAD0n7/x68LkAAAAHY/ITve//uzYAh1sh7wQAgKFz/x+OrqIZgHDkfaTP/ne//99sfqiEAACAgRtLl6RQyu4FjkWhUCpFnE4fC1BMFperlalsfPDb8eKxVn06PTLpO2cYAAAAAAAAAAAAAAAAAAAAAAAAAGhrNpNoAgAAAIdaROFPSfpr/hGT45fH9l4f+CD553i6johHP7n/o8dzjcbGdGv73/63vfHjbPv1PK5gAAAAAHt1xumdcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNKrl0/mO8sw4/7lixEx0TX+hePp6ngUI+Lk35MY3XVcEhEjA4i/8zQiznaLn7TSioloZ9Et/okc4xci4tQA4sNR9qzV/9zp9vkrxMV03f3zN5ot76p3/1eITv83sit+MTuu1f+c3meMc89/Ue4Z/2nEudHu/U8nftKj/7u0z/jf/Mb2dq99zZ9GTHb9/klei1VurK6X61vb15ZX55YqS5W1mZnpm7O3Zm/MTpUXl6uV7M+uMb7/yV/+523tP9kj/kSf9l/eZ/v//fzxy4+1i8Vu8a9c6v79e/bN+F95lPX9rf8Tn87Krf2TnfJOu7zb+Z//5vzb2r/Qo/39/v2v7LP9V7/2nRf7fCkAMAT1re2VuWq1svHeF2In4j1IQ+GgCsfejzQU2oW8eyYAAGDQ/n/Sn3cmAAAAAAAAAAAAAAAAAAAAcHQN4+fE9sbcyaepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv9d8AAAD//9u92ow=")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_clone3(0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=45.440194045s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_mount_image$ext4-mmap-syz_clone3
program did not crash
simplifying guilty program options
testing program (duration=45.440194045s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_mount_image$ext4-mmap-syz_clone3
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
listen(r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000300)={[{@init_itable}, {@noquota}, {@nouid32}, {@barrier}, {@resgid}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier}, {@delalloc}, {@bh}]}, 0x10, 0x4d3, &(0x7f0000000ec0)="$eJzs3c9rHG8ZAPBnNtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4g9SEGt9xqTTQjZZEN20zahSIp3BREVPHnyIvgHCNI/QYSC3qWKItrqwYO6srOzmqa73XzpZqcknw9M531ndvZ53rb77rwzLzsBHFkXI+JORIxExNWIGM+2F7Llbquy037dq5dP5ltLEs3m/b8mkWTbOu+VZOtT7UPieER8/W7Et5I349a3tlfmqtXKRlYvN1bXy/Wt7WvLq3NLlaXK2szM9M3ZW7M3ZqcG0s6JiLj9pT/+8Hs/+/LtX3320e8f/PnKt1tpjWX7d7djkNpNL6Z/Fx2jEbFxEMFyMJKtiz32f3dkiMkAANBX6xz/oxHxqfT8fzxG0rNTAAAA4DBpfmEs/pVENAEAAIBDq5DOgU0KpWwuwFgUCqVSew7vx+NkoVqrNz6zWNtcW2jPlZ2IYmFxuVqZyuYKT0QxadWnszm2nfr1PfWZiDgTET8YP5HWS/O16kLeFz8AAADgiDi1Z/z/j/F0/H8s77wAAACAAZvIOwEAAADgwBn/AwAAwOFn/A8AAACH2lfv3Wstzc7zrxcebm2u1B5eW6jUV0qrm/Ol+drGemmpVltKf7Nvtd/7VWu19c/F2ubjcqNSb5TrW9sPVmuba40Hy689AhsAAAAYojMXnv0uiYidz59Il5YP8k4KGIqkz/70ISEvssofhpAQMDQjeScA5GY07wSA3BTzTgDIXb/rAD0n7/x68LkAAAAHY/ITve//uzYAh1sh7wQAgKFz/x+OrqIZgHDkfaTP/ne//99sfqiEAACAgRtLl6RQyu4FjkWhUCpFnE4fC1BMFperlalsfPDb8eKxVn06PTLpO2cYAAAAAAAAAAAAAAAAAAAAAAAAAGhrNpNoAgAAAIdaROFPSfpr/hGT45fH9l4f+CD553i6johHP7n/o8dzjcbGdGv73/63vfHjbPv1PK5gAAAAAHt1xumdcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNKrl0/mO8sw4/7lixEx0TX+hePp6ngUI+Lk35MY3XVcEhEjA4i/8zQiznaLn7TSioloZ9Et/okc4xci4tQA4sNR9qzV/9zp9vkrxMV03f3zN5ot76p3/1eITv83sit+MTuu1f+c3meMc89/Ue4Z/2nEudHu/U8nftKj/7u0z/jf/Mb2dq99zZ9GTHb9/klei1VurK6X61vb15ZX55YqS5W1mZnpm7O3Zm/MTpUXl6uV7M+uMb7/yV/+523tP9kj/kSf9l/eZ/v//fzxy4+1i8Vu8a9c6v79e/bN+F95lPX9rf8Tn87Krf2TnfJOu7zb+Z//5vzb2r/Qo/39/v2v7LP9V7/2nRf7fCkAMAT1re2VuWq1svHeF2In4j1IQ+GgCsfejzQU2oW8eyYAAGDQ/n/Sn3cmAAAAAAAAAAAAAAAAAAAAcHQN4+fE9sbcyaepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv9d8AAAD//9u92ow=")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

program crashed: BUG: unable to handle kernel paging request in lock_sock_nested
extracting C reproducer
testing compiled C program (duration=45.440194045s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_mount_image$ext4-mmap-syz_clone3
program did not crash
testing program (duration=45.440194045s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_mount_image$ext4-mmap-syz_clone3
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
listen(r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000300)={[{@init_itable}, {@noquota}, {@nouid32}, {@barrier}, {@resgid}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier}, {@delalloc}, {@bh}]}, 0x10, 0x4d3, &(0x7f0000000ec0)="$eJzs3c9rHG8ZAPBnNtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4g9SEGt9xqTTQjZZEN20zahSIp3BREVPHnyIvgHCNI/QYSC3qWKItrqwYO6srOzmqa73XzpZqcknw9M531ndvZ53rb77rwzLzsBHFkXI+JORIxExNWIGM+2F7Llbquy037dq5dP5ltLEs3m/b8mkWTbOu+VZOtT7UPieER8/W7Et5I349a3tlfmqtXKRlYvN1bXy/Wt7WvLq3NLlaXK2szM9M3ZW7M3ZqcG0s6JiLj9pT/+8Hs/+/LtX3320e8f/PnKt1tpjWX7d7djkNpNL6Z/Fx2jEbFxEMFyMJKtiz32f3dkiMkAANBX6xz/oxHxqfT8fzxG0rNTAAAA4DBpfmEs/pVENAEAAIBDq5DOgU0KpWwuwFgUCqVSew7vx+NkoVqrNz6zWNtcW2jPlZ2IYmFxuVqZyuYKT0QxadWnszm2nfr1PfWZiDgTET8YP5HWS/O16kLeFz8AAADgiDi1Z/z/j/F0/H8s77wAAACAAZvIOwEAAADgwBn/AwAAwOFn/A8AAACH2lfv3Wstzc7zrxcebm2u1B5eW6jUV0qrm/Ol+drGemmpVltKf7Nvtd/7VWu19c/F2ubjcqNSb5TrW9sPVmuba40Hy689AhsAAAAYojMXnv0uiYidz59Il5YP8k4KGIqkz/70ISEvssofhpAQMDQjeScA5GY07wSA3BTzTgDIXb/rAD0n7/x68LkAAAAHY/ITve//uzYAh1sh7wQAgKFz/x+OrqIZgHDkfaTP/ne//99sfqiEAACAgRtLl6RQyu4FjkWhUCpFnE4fC1BMFperlalsfPDb8eKxVn06PTLpO2cYAAAAAAAAAAAAAAAAAAAAAAAAAGhrNpNoAgAAAIdaROFPSfpr/hGT45fH9l4f+CD553i6johHP7n/o8dzjcbGdGv73/63vfHjbPv1PK5gAAAAAHt1xumdcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNKrl0/mO8sw4/7lixEx0TX+hePp6ngUI+Lk35MY3XVcEhEjA4i/8zQiznaLn7TSioloZ9Et/okc4xci4tQA4sNR9qzV/9zp9vkrxMV03f3zN5ot76p3/1eITv83sit+MTuu1f+c3meMc89/Ue4Z/2nEudHu/U8nftKj/7u0z/jf/Mb2dq99zZ9GTHb9/klei1VurK6X61vb15ZX55YqS5W1mZnpm7O3Zm/MTpUXl6uV7M+uMb7/yV/+523tP9kj/kSf9l/eZ/v//fzxy4+1i8Vu8a9c6v79e/bN+F95lPX9rf8Tn87Krf2TnfJOu7zb+Z//5vzb2r/Qo/39/v2v7LP9V7/2nRf7fCkAMAT1re2VuWq1svHeF2In4j1IQ+GgCsfejzQU2oW8eyYAAGDQ/n/Sn3cmAAAAAAAAAAAAAAAAAAAAcHQN4+fE9sbcyaepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv9d8AAAD//9u92ow=")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

program did not crash
testing program (duration=45.440194045s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_mount_image$ext4-mmap-syz_clone3
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
listen(r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000300)={[{@init_itable}, {@noquota}, {@nouid32}, {@barrier}, {@resgid}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier}, {@delalloc}, {@bh}]}, 0x10, 0x4d3, &(0x7f0000000ec0)="$eJzs3c9rHG8ZAPBnNtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4g9SEGt9xqTTQjZZEN20zahSIp3BREVPHnyIvgHCNI/QYSC3qWKItrqwYO6srOzmqa73XzpZqcknw9M531ndvZ53rb77rwzLzsBHFkXI+JORIxExNWIGM+2F7Llbquy037dq5dP5ltLEs3m/b8mkWTbOu+VZOtT7UPieER8/W7Et5I349a3tlfmqtXKRlYvN1bXy/Wt7WvLq3NLlaXK2szM9M3ZW7M3ZqcG0s6JiLj9pT/+8Hs/+/LtX3320e8f/PnKt1tpjWX7d7djkNpNL6Z/Fx2jEbFxEMFyMJKtiz32f3dkiMkAANBX6xz/oxHxqfT8fzxG0rNTAAAA4DBpfmEs/pVENAEAAIBDq5DOgU0KpWwuwFgUCqVSew7vx+NkoVqrNz6zWNtcW2jPlZ2IYmFxuVqZyuYKT0QxadWnszm2nfr1PfWZiDgTET8YP5HWS/O16kLeFz8AAADgiDi1Z/z/j/F0/H8s77wAAACAAZvIOwEAAADgwBn/AwAAwOFn/A8AAACH2lfv3Wstzc7zrxcebm2u1B5eW6jUV0qrm/Ol+drGemmpVltKf7Nvtd/7VWu19c/F2ubjcqNSb5TrW9sPVmuba40Hy689AhsAAAAYojMXnv0uiYidz59Il5YP8k4KGIqkz/70ISEvssofhpAQMDQjeScA5GY07wSA3BTzTgDIXb/rAD0n7/x68LkAAAAHY/ITve//uzYAh1sh7wQAgKFz/x+OrqIZgHDkfaTP/ne//99sfqiEAACAgRtLl6RQyu4FjkWhUCpFnE4fC1BMFperlalsfPDb8eKxVn06PTLpO2cYAAAAAAAAAAAAAAAAAAAAAAAAAGhrNpNoAgAAAIdaROFPSfpr/hGT45fH9l4f+CD553i6johHP7n/o8dzjcbGdGv73/63vfHjbPv1PK5gAAAAAHt1xumdcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNKrl0/mO8sw4/7lixEx0TX+hePp6ngUI+Lk35MY3XVcEhEjA4i/8zQiznaLn7TSioloZ9Et/okc4xci4tQA4sNR9qzV/9zp9vkrxMV03f3zN5ot76p3/1eITv83sit+MTuu1f+c3meMc89/Ue4Z/2nEudHu/U8nftKj/7u0z/jf/Mb2dq99zZ9GTHb9/klei1VurK6X61vb15ZX55YqS5W1mZnpm7O3Zm/MTpUXl6uV7M+uMb7/yV/+523tP9kj/kSf9l/eZ/v//fzxy4+1i8Vu8a9c6v79e/bN+F95lPX9rf8Tn87Krf2TnfJOu7zb+Z//5vzb2r/Qo/39/v2v7LP9V7/2nRf7fCkAMAT1re2VuWq1svHeF2In4j1IQ+GgCsfejzQU2oW8eyYAAGDQ/n/Sn3cmAAAAAAAAAAAAAAAAAAAAcHQN4+fE9sbcyaepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv9d8AAAD//9u92ow=")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

program did not crash
testing program (duration=45.440194045s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_mount_image$ext4-mmap-syz_clone3
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
listen(r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000300)={[{@init_itable}, {@noquota}, {@nouid32}, {@barrier}, {@resgid}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier}, {@delalloc}, {@bh}]}, 0x10, 0x4d3, &(0x7f0000000ec0)="$eJzs3c9rHG8ZAPBnNtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4g9SEGt9xqTTQjZZEN20zahSIp3BREVPHnyIvgHCNI/QYSC3qWKItrqwYO6srOzmqa73XzpZqcknw9M531ndvZ53rb77rwzLzsBHFkXI+JORIxExNWIGM+2F7Llbquy037dq5dP5ltLEs3m/b8mkWTbOu+VZOtT7UPieER8/W7Et5I349a3tlfmqtXKRlYvN1bXy/Wt7WvLq3NLlaXK2szM9M3ZW7M3ZqcG0s6JiLj9pT/+8Hs/+/LtX3320e8f/PnKt1tpjWX7d7djkNpNL6Z/Fx2jEbFxEMFyMJKtiz32f3dkiMkAANBX6xz/oxHxqfT8fzxG0rNTAAAA4DBpfmEs/pVENAEAAIBDq5DOgU0KpWwuwFgUCqVSew7vx+NkoVqrNz6zWNtcW2jPlZ2IYmFxuVqZyuYKT0QxadWnszm2nfr1PfWZiDgTET8YP5HWS/O16kLeFz8AAADgiDi1Z/z/j/F0/H8s77wAAACAAZvIOwEAAADgwBn/AwAAwOFn/A8AAACH2lfv3Wstzc7zrxcebm2u1B5eW6jUV0qrm/Ol+drGemmpVltKf7Nvtd/7VWu19c/F2ubjcqNSb5TrW9sPVmuba40Hy689AhsAAAAYojMXnv0uiYidz59Il5YP8k4KGIqkz/70ISEvssofhpAQMDQjeScA5GY07wSA3BTzTgDIXb/rAD0n7/x68LkAAAAHY/ITve//uzYAh1sh7wQAgKFz/x+OrqIZgHDkfaTP/ne//99sfqiEAACAgRtLl6RQyu4FjkWhUCpFnE4fC1BMFperlalsfPDb8eKxVn06PTLpO2cYAAAAAAAAAAAAAAAAAAAAAAAAAGhrNpNoAgAAAIdaROFPSfpr/hGT45fH9l4f+CD553i6johHP7n/o8dzjcbGdGv73/63vfHjbPv1PK5gAAAAAHt1xumdcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNKrl0/mO8sw4/7lixEx0TX+hePp6ngUI+Lk35MY3XVcEhEjA4i/8zQiznaLn7TSioloZ9Et/okc4xci4tQA4sNR9qzV/9zp9vkrxMV03f3zN5ot76p3/1eITv83sit+MTuu1f+c3meMc89/Ue4Z/2nEudHu/U8nftKj/7u0z/jf/Mb2dq99zZ9GTHb9/klei1VurK6X61vb15ZX55YqS5W1mZnpm7O3Zm/MTpUXl6uV7M+uMb7/yV/+523tP9kj/kSf9l/eZ/v//fzxy4+1i8Vu8a9c6v79e/bN+F95lPX9rf8Tn87Krf2TnfJOu7zb+Z//5vzb2r/Qo/39/v2v7LP9V7/2nRf7fCkAMAT1re2VuWq1svHeF2In4j1IQ+GgCsfejzQU2oW8eyYAAGDQ/n/Sn3cmAAAAAAAAAAAAAAAAAAAAcHQN4+fE9sbcyaepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv9d8AAAD//9u92ow=")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

program crashed: BUG: unable to handle kernel paging request in lock_sock_nested
validation run: crashed=true
testing program (duration=45.440194045s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_mount_image$ext4-mmap-syz_clone3
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
listen(r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000300)={[{@init_itable}, {@noquota}, {@nouid32}, {@barrier}, {@resgid}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier}, {@delalloc}, {@bh}]}, 0x10, 0x4d3, &(0x7f0000000ec0)="$eJzs3c9rHG8ZAPBnNtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4g9SEGt9xqTTQjZZEN20zahSIp3BREVPHnyIvgHCNI/QYSC3qWKItrqwYO6srOzmqa73XzpZqcknw9M531ndvZ53rb77rwzLzsBHFkXI+JORIxExNWIGM+2F7Llbquy037dq5dP5ltLEs3m/b8mkWTbOu+VZOtT7UPieER8/W7Et5I349a3tlfmqtXKRlYvN1bXy/Wt7WvLq3NLlaXK2szM9M3ZW7M3ZqcG0s6JiLj9pT/+8Hs/+/LtX3320e8f/PnKt1tpjWX7d7djkNpNL6Z/Fx2jEbFxEMFyMJKtiz32f3dkiMkAANBX6xz/oxHxqfT8fzxG0rNTAAAA4DBpfmEs/pVENAEAAIBDq5DOgU0KpWwuwFgUCqVSew7vx+NkoVqrNz6zWNtcW2jPlZ2IYmFxuVqZyuYKT0QxadWnszm2nfr1PfWZiDgTET8YP5HWS/O16kLeFz8AAADgiDi1Z/z/j/F0/H8s77wAAACAAZvIOwEAAADgwBn/AwAAwOFn/A8AAACH2lfv3Wstzc7zrxcebm2u1B5eW6jUV0qrm/Ol+drGemmpVltKf7Nvtd/7VWu19c/F2ubjcqNSb5TrW9sPVmuba40Hy689AhsAAAAYojMXnv0uiYidz59Il5YP8k4KGIqkz/70ISEvssofhpAQMDQjeScA5GY07wSA3BTzTgDIXb/rAD0n7/x68LkAAAAHY/ITve//uzYAh1sh7wQAgKFz/x+OrqIZgHDkfaTP/ne//99sfqiEAACAgRtLl6RQyu4FjkWhUCpFnE4fC1BMFperlalsfPDb8eKxVn06PTLpO2cYAAAAAAAAAAAAAAAAAAAAAAAAAGhrNpNoAgAAAIdaROFPSfpr/hGT45fH9l4f+CD553i6johHP7n/o8dzjcbGdGv73/63vfHjbPv1PK5gAAAAAHt1xumdcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNKrl0/mO8sw4/7lixEx0TX+hePp6ngUI+Lk35MY3XVcEhEjA4i/8zQiznaLn7TSioloZ9Et/okc4xci4tQA4sNR9qzV/9zp9vkrxMV03f3zN5ot76p3/1eITv83sit+MTuu1f+c3meMc89/Ue4Z/2nEudHu/U8nftKj/7u0z/jf/Mb2dq99zZ9GTHb9/klei1VurK6X61vb15ZX55YqS5W1mZnpm7O3Zm/MTpUXl6uV7M+uMb7/yV/+523tP9kj/kSf9l/eZ/v//fzxy4+1i8Vu8a9c6v79e/bN+F95lPX9rf8Tn87Krf2TnfJOu7zb+Z//5vzb2r/Qo/39/v2v7LP9V7/2nRf7fCkAMAT1re2VuWq1svHeF2In4j1IQ+GgCsfejzQU2oW8eyYAAGDQ/n/Sn3cmAAAAAAAAAAAAAAAAAAAAcHQN4+fE9sbcyaepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv9d8AAAD//9u92ow=")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

program crashed: BUG: unable to handle kernel paging request in lock_sock_nested
validation run: crashed=true
testing program (duration=45.440194045s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_mount_image$ext4-mmap-syz_clone3
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe)
listen(r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000300)={[{@init_itable}, {@noquota}, {@nouid32}, {@barrier}, {@resgid}, {@journal_dev={'journal_dev', 0x3d, 0x1ff}}, {@barrier}, {@delalloc}, {@bh}]}, 0x10, 0x4d3, &(0x7f0000000ec0)="$eJzs3c9rHG8ZAPBnNtlvf6UmVQ+1YFtsJS3a3aSxbfBQK4g9SEGt9xqTTQjZZEN20zahSIp3BREVPHnyIvgHCNI/QYSC3qWKItrqwYO6srOzmqa73XzpZqcknw9M531ndvZ53rb77rwzLzsBHFkXI+JORIxExNWIGM+2F7Llbquy037dq5dP5ltLEs3m/b8mkWTbOu+VZOtT7UPieER8/W7Et5I349a3tlfmqtXKRlYvN1bXy/Wt7WvLq3NLlaXK2szM9M3ZW7M3ZqcG0s6JiLj9pT/+8Hs/+/LtX3320e8f/PnKt1tpjWX7d7djkNpNL6Z/Fx2jEbFxEMFyMJKtiz32f3dkiMkAANBX6xz/oxHxqfT8fzxG0rNTAAAA4DBpfmEs/pVENAEAAIBDq5DOgU0KpWwuwFgUCqVSew7vx+NkoVqrNz6zWNtcW2jPlZ2IYmFxuVqZyuYKT0QxadWnszm2nfr1PfWZiDgTET8YP5HWS/O16kLeFz8AAADgiDi1Z/z/j/F0/H8s77wAAACAAZvIOwEAAADgwBn/AwAAwOFn/A8AAACH2lfv3Wstzc7zrxcebm2u1B5eW6jUV0qrm/Ol+drGemmpVltKf7Nvtd/7VWu19c/F2ubjcqNSb5TrW9sPVmuba40Hy689AhsAAAAYojMXnv0uiYidz59Il5YP8k4KGIqkz/70ISEvssofhpAQMDQjeScA5GY07wSA3BTzTgDIXb/rAD0n7/x68LkAAAAHY/ITve//uzYAh1sh7wQAgKFz/x+OrqIZgHDkfaTP/ne//99sfqiEAACAgRtLl6RQyu4FjkWhUCpFnE4fC1BMFperlalsfPDb8eKxVn06PTLpO2cYAAAAAAAAAAAAAAAAAAAAAAAAAGhrNpNoAgAAAIdaROFPSfpr/hGT45fH9l4f+CD553i6johHP7n/o8dzjcbGdGv73/63vfHjbPv1PK5gAAAAAHt1xumdcTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNKrl0/mO8sw4/7lixEx0TX+hePp6ngUI+Lk35MY3XVcEhEjA4i/8zQiznaLn7TSioloZ9Et/okc4xci4tQA4sNR9qzV/9zp9vkrxMV03f3zN5ot76p3/1eITv83sit+MTuu1f+c3meMc89/Ue4Z/2nEudHu/U8nftKj/7u0z/jf/Mb2dq99zZ9GTHb9/klei1VurK6X61vb15ZX55YqS5W1mZnpm7O3Zm/MTpUXl6uV7M+uMb7/yV/+523tP9kj/kSf9l/eZ/v//fzxy4+1i8Vu8a9c6v79e/bN+F95lPX9rf8Tn87Krf2TnfJOu7zb+Z//5vzb2r/Qo/39/v2v7LP9V7/2nRf7fCkAMAT1re2VuWq1svHeF2In4j1IQ+GgCsfejzQU2oW8eyYAAGDQ/n/Sn3cmAAAAAAAAAAAAAAAAAAAAcHQN4+fE9sbcyaepAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv9d8AAAD//9u92ow=")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

program crashed: BUG: unable to handle kernel paging request in lock_sock_nested
validation run: crashed=true
reproducing took 22m51.769774841s
repro crashed as (corrupted=false):
Unable to handle kernel paging request at virtual address dfff800000000026
KASAN: null-ptr-deref in range [0x0000000000000130-0x0000000000000137]
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000026] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4384 Comm: kworker/1:8 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: events l2cap_info_timeout
pstate: 824000c5 (Nzcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __lock_acquire+0xe0/0x6544 kernel/locking/lockdep.c:4919
lr : lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
sp : ffff8000211375e0
x29: ffff8000211377f0 x28: dfff800000000000 x27: 0000000000000000
x26: ffff800010bb2958 x25: 1ffff00002a0a0b0 x24: 0000000000000000
x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000
x20: 0000000000000130 x19: 0000000000000000 x18: ffff800011a5bd40
x17: ffff800018184000 x16: ffff8000082d3a08 x15: ffff800017c65000
x14: ffff0000d4245dd8 x13: ffff0000d4245e78 x12: 0000000000ff0100
x11: ff0080000a895de0 x10: ffff700004226edc x9 : ffff800015050584
x8 : 0000000000000026 x7 : ffff800010bb2958 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000130
Call trace:
 __lock_acquire+0xe0/0x6544 kernel/locking/lockdep.c:4919
 lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
 lock_sock_nested+0x70/0x130 net/core/sock.c:3496
 lock_sock include/net/sock.h:1792 [inline]
 l2cap_sock_ready_cb+0x4c/0x130 net/bluetooth/l2cap_sock.c:1697
 l2cap_chan_ready net/bluetooth/l2cap_core.c:1411 [inline]
 l2cap_conn_start+0x594/0xb38 net/bluetooth/l2cap_core.c:1670
 l2cap_info_timeout+0x68/0xb8 net/bluetooth/l2cap_core.c:1837
 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
Code: 90067108 b94d0108 340001c8 d343fe88 (387c6908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	90067108 	adrp	x8, 0xce20000
   4:	b94d0108 	ldr	w8, [x8, #3328]
   8:	340001c8 	cbz	w8, 0x40
   c:	d343fe88 	lsr	x8, x20, #3
* 10:	387c6908 	ldrb	w8, [x8, x28] <-- trapping instruction

final repro crashed as (corrupted=false):
Unable to handle kernel paging request at virtual address dfff800000000026
KASAN: null-ptr-deref in range [0x0000000000000130-0x0000000000000137]
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000026] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4384 Comm: kworker/1:8 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Workqueue: events l2cap_info_timeout
pstate: 824000c5 (Nzcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : __lock_acquire+0xe0/0x6544 kernel/locking/lockdep.c:4919
lr : lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
sp : ffff8000211375e0
x29: ffff8000211377f0 x28: dfff800000000000 x27: 0000000000000000
x26: ffff800010bb2958 x25: 1ffff00002a0a0b0 x24: 0000000000000000
x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000
x20: 0000000000000130 x19: 0000000000000000 x18: ffff800011a5bd40
x17: ffff800018184000 x16: ffff8000082d3a08 x15: ffff800017c65000
x14: ffff0000d4245dd8 x13: ffff0000d4245e78 x12: 0000000000ff0100
x11: ff0080000a895de0 x10: ffff700004226edc x9 : ffff800015050584
x8 : 0000000000000026 x7 : ffff800010bb2958 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000130
Call trace:
 __lock_acquire+0xe0/0x6544 kernel/locking/lockdep.c:4919
 lock_acquire+0x20c/0x644 kernel/locking/lockdep.c:5662
 lock_sock_nested+0x70/0x130 net/core/sock.c:3496
 lock_sock include/net/sock.h:1792 [inline]
 l2cap_sock_ready_cb+0x4c/0x130 net/bluetooth/l2cap_sock.c:1697
 l2cap_chan_ready net/bluetooth/l2cap_core.c:1411 [inline]
 l2cap_conn_start+0x594/0xb38 net/bluetooth/l2cap_core.c:1670
 l2cap_info_timeout+0x68/0xb8 net/bluetooth/l2cap_core.c:1837
 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
Code: 90067108 b94d0108 340001c8 d343fe88 (387c6908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	90067108 	adrp	x8, 0xce20000
   4:	b94d0108 	ldr	w8, [x8, #3328]
   8:	340001c8 	cbz	w8, 0x40
   c:	d343fe88 	lsr	x8, x20, #3
* 10:	387c6908 	ldrb	w8, [x8, x28] <-- trapping instruction