Extracting prog: 48.816187078s Minimizing prog: 26m51.689799379s Simplifying prog options: 0s Extracting C: 21.698429584s Simplifying C: 8m18.866927907s extracting reproducer from 29 programs first checking the prog from the crash report single: executing 1 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-openat$sndtimer-ioctl$SNDRV_TIMER_IOCTL_CONTINUE-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-bpf$PROG_LOAD-socketpair$nbd-ioctl$SIOCSIFHWADDR-bpf$BPF_RAW_TRACEPOINT_OPEN-capget detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000300)) (async) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)) r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x4282) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r9, 0x54a2) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000240)) ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000001c0)) (async, rerun: 64) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000100)=0x6) (rerun: 64) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r11, 0x8970, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='mm_vmscan_write_folio\x00', r10, 0x0, 0x200}, 0x18) (async, rerun: 32) capget(&(0x7f0000000100)={0x20071026, r0}, &(0x7f0000000240)={0x3, 0x663, 0xbda, 0x7, 0x101, 0x4}) (rerun: 32) program crashed: general protection fault in bcsp_recv single: successfully extracted reproducer found reproducer with 30 syscalls minimizing guilty program testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-openat$sndtimer-ioctl$SNDRV_TIMER_IOCTL_CONTINUE-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-bpf$PROG_LOAD-socketpair$nbd-ioctl$SIOCSIFHWADDR-bpf$BPF_RAW_TRACEPOINT_OPEN detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000300)) (async) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)) r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x4282) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r9, 0x54a2) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000240)) ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000001c0)) (async, rerun: 64) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000100)=0x6) (rerun: 64) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r11, 0x8970, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='mm_vmscan_write_folio\x00', r10, 0x0, 0x200}, 0x18) (async, rerun: 32) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-openat$sndtimer-ioctl$SNDRV_TIMER_IOCTL_CONTINUE-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-bpf$PROG_LOAD-socketpair$nbd-ioctl$SIOCSIFHWADDR detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000300)) (async) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)) r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x4282) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r9, 0x54a2) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000240)) ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000001c0)) (async, rerun: 64) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000100)=0x6) (rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r10, 0x8970, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-openat$sndtimer-ioctl$SNDRV_TIMER_IOCTL_CONTINUE-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-bpf$PROG_LOAD-socketpair$nbd detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000300)) (async) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)) r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x4282) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r9, 0x54a2) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000240)) ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000001c0)) (async, rerun: 64) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000100)=0x6) (rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-openat$sndtimer-ioctl$SNDRV_TIMER_IOCTL_CONTINUE-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-bpf$PROG_LOAD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000300)) (async) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)) r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x4282) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r9, 0x54a2) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000240)) ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000001c0)) (async, rerun: 64) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000100)=0x6) (rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-openat$sndtimer-ioctl$SNDRV_TIMER_IOCTL_CONTINUE-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000300)) (async) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)) r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x4282) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r9, 0x54a2) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000240)) ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000001c0)) (async, rerun: 64) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000100)=0x6) (rerun: 64) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-openat$sndtimer-ioctl$SNDRV_TIMER_IOCTL_CONTINUE-ioctl$TIOCSTI-ioctl$TIOCSTI detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000300)) (async) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)) r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x4282) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r9, 0x54a2) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000240)) ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000001c0)) (async, rerun: 64) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-openat$sndtimer-ioctl$SNDRV_TIMER_IOCTL_CONTINUE-ioctl$TIOCSTI detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000300)) (async) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)) r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x4282) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r9, 0x54a2) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000240)) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-openat$sndtimer-ioctl$SNDRV_TIMER_IOCTL_CONTINUE detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000300)) (async) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)) r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x4282) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r9, 0x54a2) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-openat$sndtimer detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000300)) (async) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)) openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x4282) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000300)) (async) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000300)) (async) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TCFLSH detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) program did not crash testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYRES8=r8], 0x24}}, 0x0) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) program did not crash testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-bpf$PROG_LOAD-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYRES16=r1], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) r6 = fcntl$dupfd(r1, 0x0, r1) ioctl$TCFLSH(r6, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r6, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-ioctl$DRM_IOCTL_GEM_FLINK-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f00000000c0)={r5}) (async) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, &(0x7f0000000140)=0xffffffc0) program did not crash testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_GETFB2-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={r4, 0x0, 0x9, 0x0, 0x0, [], [0x9, 0x0, 0x0, 0x8], [0x3, 0x0, 0x100, 0xd], [0x1000000000000, 0x0, 0xfffffffffffffffd, 0x80000000]}) r5 = fcntl$dupfd(r1, 0x0, r1) ioctl$TCFLSH(r5, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r5, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000001480)={0x0, 0x0, r3}) r4 = fcntl$dupfd(r1, 0x0, r1) ioctl$TCFLSH(r4, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r4, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) r3 = fcntl$dupfd(r1, 0x0, r1) ioctl$TCFLSH(r3, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$dri-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) syz_open_dev$dri(&(0x7f0000000180), 0x8000004, 0x601) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$TCFLSH(r2, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$TCFLSH(r2, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-openat$ptmx-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$TCFLSH(r2, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000140)=0xffffffc0) program did not crash testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-ptrace$setregs-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x10000, &(0x7f0000000000)) (async, rerun: 32) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) (async) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0) program did not crash testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-ptrace-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) (async) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$TCFLSH(r2, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-syz_clone-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) (async) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): io_submit-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3}]) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) (async) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) (async) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x1) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0) program did not crash testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) (rerun: 32) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) (async) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0) program did not crash testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) (async) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) (async) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0) program did not crash testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0) program crashed: general protection fault in bcsp_recv testing program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD detailed listing: executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x1) (async) ioctl$TIOCSETD(r1, 0x5412, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program crashed: general protection fault in bcsp_recv simplifying C reproducer testing compiled C program (duration=50.18556931s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program did not crash testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program crashed: general protection fault in bcsp_recv testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program did not crash testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program did not crash testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program crashed: general protection fault in bcsp_recv testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program crashed: general protection fault in bcsp_recv testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program crashed: general protection fault in bcsp_recv testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program did not crash testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program crashed: general protection fault in bcsp_recv testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program did not crash testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program crashed: general protection fault in bcsp_recv testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program crashed: general protection fault in bcsp_recv testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program did not crash testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program did not crash testing compiled C program (duration=50.18556931s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD program did not crash reproducing took 36m21.071369832s repro crashed as (corrupted=false): Oops: general protection fault, probably for non-canonical address 0xdffffc0000000021: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f] CPU: 1 UID: 0 PID: 5945 Comm: syz-executor103 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:bcsp_recv+0x10a/0x17f0 drivers/bluetooth/hci_bcsp.c:590 Code: 18 48 c1 e8 03 48 01 e8 48 89 04 24 48 8d 83 78 01 00 00 48 89 44 24 28 48 c1 e8 03 48 89 44 24 08 e8 aa ca 5c f9 48 8b 04 24 <80> 38 00 0f 85 d1 12 00 00 4c 8b ab 08 01 00 00 31 ff 4c 89 ee e8 RSP: 0018:ffffc90003467bf0 EFLAGS: 00010293 RAX: dffffc0000000021 RBX: 0000000000000000 RCX: ffffffff885e756a RDX: ffff888024910000 RSI: ffffffff885e75b6 RDI: 0000000000000005 RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffffc90003467d88 R13: ffffc90003467d88 R14: 0000000000000001 R15: ffff88810735a800 FS: 00007ffb5ce256c0(0000) GS:ffff8880d6abb000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc59fa2f98 CR3: 0000000024ec0000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: hci_uart_tty_receive+0x251/0x7e0 drivers/bluetooth/hci_ldisc.c:627 tiocsti drivers/tty/tty_io.c:2299 [inline] tty_ioctl+0x57b/0x15f0 drivers/tty/tty_io.c:2716 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb5ce97899 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb5ce25168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ffb5cf1b418 RCX: 00007ffb5ce97899 RDX: 0000200000000140 RSI: 0000000000005412 RDI: 0000000000000004 RBP: 00007ffb5cf1b410 R08: 00007ffcd6d4fb07 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb5cf1b41c R13: 0000000000000010 R14: 00007ffcd6d4fa20 R15: 00007ffcd6d4fb08 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:bcsp_recv+0x10a/0x17f0 drivers/bluetooth/hci_bcsp.c:590 Code: 18 48 c1 e8 03 48 01 e8 48 89 04 24 48 8d 83 78 01 00 00 48 89 44 24 28 48 c1 e8 03 48 89 44 24 08 e8 aa ca 5c f9 48 8b 04 24 <80> 38 00 0f 85 d1 12 00 00 4c 8b ab 08 01 00 00 31 ff 4c 89 ee e8 RSP: 0018:ffffc90003467bf0 EFLAGS: 00010293 RAX: dffffc0000000021 RBX: 0000000000000000 RCX: ffffffff885e756a RDX: ffff888024910000 RSI: ffffffff885e75b6 RDI: 0000000000000005 RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffffc90003467d88 R13: ffffc90003467d88 R14: 0000000000000001 R15: ffff88810735a800 FS: 00007ffb5ce256c0(0000) GS:ffff8880d6abb000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc59fa2f98 CR3: 0000000024ec0000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 18 48 c1 sbb %cl,-0x3f(%rax) 3: e8 03 48 01 e8 call 0xe801480b 8: 48 89 04 24 mov %rax,(%rsp) c: 48 8d 83 78 01 00 00 lea 0x178(%rbx),%rax 13: 48 89 44 24 28 mov %rax,0x28(%rsp) 18: 48 c1 e8 03 shr $0x3,%rax 1c: 48 89 44 24 08 mov %rax,0x8(%rsp) 21: e8 aa ca 5c f9 call 0xf95ccad0 26: 48 8b 04 24 mov (%rsp),%rax * 2a: 80 38 00 cmpb $0x0,(%rax) <-- trapping instruction 2d: 0f 85 d1 12 00 00 jne 0x1304 33: 4c 8b ab 08 01 00 00 mov 0x108(%rbx),%r13 3a: 31 ff xor %edi,%edi 3c: 4c 89 ee mov %r13,%rsi 3f: e8 .byte 0xe8 final repro crashed as (corrupted=false): Oops: general protection fault, probably for non-canonical address 0xdffffc0000000021: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f] CPU: 1 UID: 0 PID: 5945 Comm: syz-executor103 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:bcsp_recv+0x10a/0x17f0 drivers/bluetooth/hci_bcsp.c:590 Code: 18 48 c1 e8 03 48 01 e8 48 89 04 24 48 8d 83 78 01 00 00 48 89 44 24 28 48 c1 e8 03 48 89 44 24 08 e8 aa ca 5c f9 48 8b 04 24 <80> 38 00 0f 85 d1 12 00 00 4c 8b ab 08 01 00 00 31 ff 4c 89 ee e8 RSP: 0018:ffffc90003467bf0 EFLAGS: 00010293 RAX: dffffc0000000021 RBX: 0000000000000000 RCX: ffffffff885e756a RDX: ffff888024910000 RSI: ffffffff885e75b6 RDI: 0000000000000005 RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffffc90003467d88 R13: ffffc90003467d88 R14: 0000000000000001 R15: ffff88810735a800 FS: 00007ffb5ce256c0(0000) GS:ffff8880d6abb000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc59fa2f98 CR3: 0000000024ec0000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: hci_uart_tty_receive+0x251/0x7e0 drivers/bluetooth/hci_ldisc.c:627 tiocsti drivers/tty/tty_io.c:2299 [inline] tty_ioctl+0x57b/0x15f0 drivers/tty/tty_io.c:2716 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffb5ce97899 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb5ce25168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ffb5cf1b418 RCX: 00007ffb5ce97899 RDX: 0000200000000140 RSI: 0000000000005412 RDI: 0000000000000004 RBP: 00007ffb5cf1b410 R08: 00007ffcd6d4fb07 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb5cf1b41c R13: 0000000000000010 R14: 00007ffcd6d4fa20 R15: 00007ffcd6d4fb08 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:bcsp_recv+0x10a/0x17f0 drivers/bluetooth/hci_bcsp.c:590 Code: 18 48 c1 e8 03 48 01 e8 48 89 04 24 48 8d 83 78 01 00 00 48 89 44 24 28 48 c1 e8 03 48 89 44 24 08 e8 aa ca 5c f9 48 8b 04 24 <80> 38 00 0f 85 d1 12 00 00 4c 8b ab 08 01 00 00 31 ff 4c 89 ee e8 RSP: 0018:ffffc90003467bf0 EFLAGS: 00010293 RAX: dffffc0000000021 RBX: 0000000000000000 RCX: ffffffff885e756a RDX: ffff888024910000 RSI: ffffffff885e75b6 RDI: 0000000000000005 RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffffc90003467d88 R13: ffffc90003467d88 R14: 0000000000000001 R15: ffff88810735a800 FS: 00007ffb5ce256c0(0000) GS:ffff8880d6abb000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc59fa2f98 CR3: 0000000024ec0000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 18 48 c1 sbb %cl,-0x3f(%rax) 3: e8 03 48 01 e8 call 0xe801480b 8: 48 89 04 24 mov %rax,(%rsp) c: 48 8d 83 78 01 00 00 lea 0x178(%rbx),%rax 13: 48 89 44 24 28 mov %rax,0x28(%rsp) 18: 48 c1 e8 03 shr $0x3,%rax 1c: 48 89 44 24 08 mov %rax,0x8(%rsp) 21: e8 aa ca 5c f9 call 0xf95ccad0 26: 48 8b 04 24 mov (%rsp),%rax * 2a: 80 38 00 cmpb $0x0,(%rax) <-- trapping instruction 2d: 0f 85 d1 12 00 00 jne 0x1304 33: 4c 8b ab 08 01 00 00 mov 0x108(%rbx),%r13 3a: 31 ff xor %edi,%edi 3c: 4c 89 ee mov %r13,%rsi 3f: e8 .byte 0xe8