Extracting prog: 8m42.05546099s Minimizing prog: 2h5m37.510483782s Simplifying prog options: 15m16.225212004s Extracting C: 1m9.568803915s Simplifying C: 0s extracting reproducer from 48 programs testing a last program of every proc single: executing 11 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$nilfs2-openat-truncate-mmap detailed listing: executing program 0: syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000080)='./file1\x00', 0x2, &(0x7f0000000000)=ANY=[], 0x1, 0xf3c, &(0x7f0000001e40)="$eJzs3U9sHNUZAPA3G/9LbOI1UDD/QgqtCBTskERqegsC9Yi4tGdQSGiEoaihByIgpgdEJUSREKeKAxUXSqWAVCRQpQr11PbUqreeUC9UqlIpqIcWKXEV+7317ssOux7bs2vv7yd9fn7zZuf7Zu1sZsazbwMwshqrX48dmy9CePvTtx556cni46vL7mytcXD1axF7zRDCeFu/yLb3eVxw+dKLJ7u1RTiy+jX1w6MXW4+dDiEsh4Phs9AMHywuffn+Ow8f+ujVqZveOPf0y9u0+y35fgAAwG504c9Lf7/3n3+6f+6rCwdOhMnW8nR83oz96XjcfzgeKKfj5Ubo7Bdt0W4iW29PjEa23p5svbEsz1hJvvFsO+Ml6030yLenbVm3/QQAAICdKJ3XNkPRWOjoNxoLC2vn/Vd9PjtRLDx7Zun02QEVCgAAAFT2n/OrN90KIYToHmu3HQ2+DiGEEEIIITYVK7ODvgIBAAAAjJp8vrBrLG/tTF2trTX7y3/xoUb3x8MWqPv3/+vzTw04fxcjnv+9V7ziAABQ3W49mkz7lY6j0zwG+TyCe7LHbfT4v5FtZ2yDdZbNK7hT5hssqzN/XodVWf0b/TkOSln9+XyYw6qs/nyezmFVVv9kzXVUVVZ/lys/Q6ms/r0111FVWf37aq6jqrL6p2uuo6qy+mdqrqOqsvqvq7mOqsrq33/1y4H9X/PIV7anoA0qq3+n3FZbVn+z5jqqKqt/ruY6qiqr//qa66iqrP4baq6jqrL6b6y5jkG5I7bpeThQst50l3O6nXKOBwAAAKPuf+b/E0IIIdpj7RaIwdchhBBCCLGlcX7QFyAAAACAgUvvC0jvel+J0vieHuNj7eNT6yuk8fEej5/oMT7ZYxwAAAAI4Xevnb7lzWJ9vrvNzoeX5o3aGz6+EirMY5TPR7jR/Jud92yz+XfKvGUAAACMluL7n12575F3n5/76sKBE21nv1fi+W6aB3QsXhv4JPbTfQEzWb9I59AnOvM0StbLrw9cV7a9xza5owAAADDC0vl7MxSNhbbz7mZoNBYW1s/H58N4cfrM0qnDsZ8+meWPs+OTV5c/WHPdAAAAQP/Wz/e7n/+nz/GdDxPFwrNnlk6fXevPtJaPN9qvC8yuLy/arws0s+VHSpYfjf30+Z0/mt27unzh5I+XntzqnQcAAIARcfaFc08/sbR06ie+8Y1vfNP6ZtCvTAAAwFb74ou3xn96dOb3a+//X5//7kr85mDsN+Pcfn+Jy9N9Aul9ANe8X//xzjyzZes917leM1tvT4zJrO6ptu2E1fkGOx83V5av2bmdiZJ801m+mSxfPk/BWLZ+0WUuwdBlfsK03my2PJ+HcSzLUWT57+qSCwAAAJLF5595bvHsC+ceOPPME0+deurUs0ePHP/e8eOHH/zug4ur9/Uvtt/dDwAAAOxE6zf9DroSAAAAAAAAAAAAAAAAAAAAGF3b9SlizRCCmQUAAABgOPz7fAhhWYiSSB8wOOg6xDDHyuTga9jdEYb03+FrH274MT8c1n0RQgghtjcmB/7/n/M+sRzCykr+SfMAAAAA2+vypRdPtrfXWC62NF9ra8215krMm9qZB/42dzXSahcf6rxesm9Lq2HU1f37L/+w5p/sOv7eK1ubfyqsv/aFvl7/Gp0bONHR29tv3nsWfz3fyh9CuHWsz/z5/j/Wb8ZOh7L894T+8q+8m+V/vKPX6Df/vVn+fX3mv2b/n+s3Y6f7Yv752D90d7/5O3cx/Zam/ej3F+A72f4/GfrNn+1/s8+EmftjfgAYRa3/zVfOD7aQTes8Xk5HCel4ejr20/7Gw82Q3/2w0eP/RradsYrV59J203HQzbE/1aqjM2+y0frT8zIT2+sq1pnbKXeVlNW/VT/H7VZW/3jNdVRVVv9EzXVUVVZ/97P34VNW/1TNdVRVVn/fFyIGreRyzk65rlz2/E/XXEdVZfXP1FxHVWX1b/T/8UEpq39/zXVUVVb/bM11VFVWf8XLarUrq3+u5jqqKqv/+prrqKqs/htqrqOqsvpvrLmOQbkttmXnw+n8czaOpX4z6092eS77/mMIAAAAsK3+NZTzQLRdORh4LUIIsaUx5bVNCCHEMMZ/V9YMug4hdlvcPgQ1pFhZGdy1BwZve9/NDMCw8vo/2vz8R5uf/2jz8+frpL/EF1k/2dNjfKzH+HiP8YlsPP99newxfkO23ZV0XTO6scf4N+IelI3v7/H4m3uMz/cYv6XH+K09xm/rMQ4AAMBouCm2q+eHSxOtE8TBVgUAAABspZd+88nrv73n8UtzX104cCJMXDPv/OHYn4x/W38t9vN575Px+Df/n8X+r2L7h9j+I1vf/ScAAACw/dLnxLg/HAAAAHav9Dmlzv8BAABg95qLrfN/AAAA2L2uj63zfwAAANjFiqnui2ObrgvcFdt+5/UDAIbf7bG9I7YHYntnbL8Z23QccHdsv1VTfQDA1vnlD35+/M1ifb7/o9n45bg8tddYXrtSUDQ6Z/LfG9t9sf12n/XknwfQb/5kf595tiv/7CbzAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7R2P167Fj80UIb3/61iO/mHj9r1eX3dla4+Dq1yL2miGE8dbj0uh6/8O44uVLL55sb6/EtghHQhGK1vLw6MVWpukQwnI4GD4LzfDB4tKX77/z8KGPXp266Y1zT7+8jU9Bx/4BAADAbvT/AAAA//8upR4e") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) truncate(0x0, 0x3000000) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-fspick-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) fspick(0xffffffffffffffff, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000001340)={0x2, &(0x7f0000000080)=[{0x0, 0xb, 0xfd}, {0x6, 0x0, 0x0, 0x7ffffdbd}]}) program crashed: general protection fault in rwsem_mark_wake single: successfully extracted reproducer found reproducer with 15 syscalls minimizing guilty program testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-fspick-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) fspick(0xffffffffffffffff, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-fspick-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) fspick(0xffffffffffffffff, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-fspick-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-recvmmsg detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) fspick(0xffffffffffffffff, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-fspick-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-sendmmsg$unix-recvmmsg detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) fspick(0xffffffffffffffff, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-fspick-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) fspick(0xffffffffffffffff, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-fspick-prlimit64-sched_setscheduler-getpid-sched_setscheduler-sendmmsg$unix-recvmmsg detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) fspick(0xffffffffffffffff, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-fspick-prlimit64-sched_setscheduler-getpid-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) fspick(0xffffffffffffffff, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-fspick-prlimit64-sched_setscheduler-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) fspick(0xffffffffffffffff, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-fspick-prlimit64-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) fspick(0xffffffffffffffff, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-fspick-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) fspick(0xffffffffffffffff, 0x0, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-syz_init_net_socket$bt_hci-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: bind$inet6(0xffffffffffffffff, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x3}, 0x1c) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) program crashed: general protection fault in rwsem_mark_wake testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) program crashed: general protection fault in rwsem_mark_wake extracting C reproducer testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg program did not crash simplifying guilty program options testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) program crashed: general protection fault in rwsem_mark_wake validation run: crashed=true testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) program did not crash validation run: crashed=false testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) program did not crash validation run: crashed=false testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) program crashed: general protection fault in rwsem_mark_wake validation run: crashed=true testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_init_net_socket$bt_hci-ioctl$TIOCSETD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-sendmmsg$unix-recvmmsg detailed listing: executing program 0: bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) program crashed: general protection fault in rwsem_mark_wake validation run: crashed=true reproducing took 3h1m5.143011838s repro crashed as (corrupted=false): Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 1 UID: 0 PID: 9673 Comm: syz.0.1459 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 RIP: 0010:rwsem_mark_wake+0xfa/0x7c0 kernel/locking/rwsem.c:445 Code: 01 00 74 08 4c 89 f7 e8 04 c4 8d 00 4c 89 74 24 10 4d 8b 26 4d 8d 74 24 18 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 75 06 00 00 41 83 3e 00 74 64 4c 89 ef be RSP: 0018:ffffc900063479a0 EFLAGS: 00010006 RAX: 0000000000000003 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 1ffff92000c68f40 RSI: ffffffff8e18595e RDI: ffffffff8c284780 RBP: ffffc90006347aa0 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffff52000c68f50 R12: 0000000000000000 R13: ffff88807c0ea850 R14: 0000000000000018 R15: ffffc90006347c20 FS: 0000555585610500(0000) GS:ffff888125536000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055555f28ea28 CR3: 000000007a828000 CR4: 00000000003526f0 Call Trace: rwsem_del_wake_waiter+0x25d/0x2e0 kernel/locking/rwsem.c:612 rwsem_down_write_slowpath+0xa6f/0x1080 kernel/locking/rwsem.c:1234 __down_write_common kernel/locking/rwsem.c:1347 [inline] __down_write_killable kernel/locking/rwsem.c:1361 [inline] down_write_killable+0x1eb/0x240 kernel/locking/rwsem.c:1639 mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline] vm_mmap_pgoff+0x234/0x4f0 mm/util.c:579 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fadedb9c502 Code: 4f 01 00 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 3b 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 6e 5b 5d c3 0f 1f 00 48 c7 c0 e8 ff ff ff 64 RSP: 002b:00007ffe3f8f17c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fadedb9c502 RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000 RBP: 0000000000020022 R08: 00000000ffffffff R09: 0000000000000000 R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffe3f8f1930 R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:rwsem_mark_wake+0xfa/0x7c0 kernel/locking/rwsem.c:445 Code: 01 00 74 08 4c 89 f7 e8 04 c4 8d 00 4c 89 74 24 10 4d 8b 26 4d 8d 74 24 18 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 75 06 00 00 41 83 3e 00 74 64 4c 89 ef be RSP: 0018:ffffc900063479a0 EFLAGS: 00010006 RAX: 0000000000000003 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 1ffff92000c68f40 RSI: ffffffff8e18595e RDI: ffffffff8c284780 RBP: ffffc90006347aa0 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffff52000c68f50 R12: 0000000000000000 R13: ffff88807c0ea850 R14: 0000000000000018 R15: ffffc90006347c20 FS: 0000555585610500(0000) GS:ffff888125536000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055555f28ea28 CR3: 000000007a828000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 01 00 add %eax,(%rax) 2: 74 08 je 0xc 4: 4c 89 f7 mov %r14,%rdi 7: e8 04 c4 8d 00 call 0x8dc410 c: 4c 89 74 24 10 mov %r14,0x10(%rsp) 11: 4d 8b 26 mov (%r14),%r12 14: 4d 8d 74 24 18 lea 0x18(%r12),%r14 19: 4c 89 f0 mov %r14,%rax 1c: 48 c1 e8 03 shr $0x3,%rax 20: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx 27: fc ff df * 2a: 0f b6 04 08 movzbl (%rax,%rcx,1),%eax <-- trapping instruction 2e: 84 c0 test %al,%al 30: 0f 85 75 06 00 00 jne 0x6ab 36: 41 83 3e 00 cmpl $0x0,(%r14) 3a: 74 64 je 0xa0 3c: 4c 89 ef mov %r13,%rdi 3f: be .byte 0xbe final repro crashed as (corrupted=false): Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 1 UID: 0 PID: 9673 Comm: syz.0.1459 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 RIP: 0010:rwsem_mark_wake+0xfa/0x7c0 kernel/locking/rwsem.c:445 Code: 01 00 74 08 4c 89 f7 e8 04 c4 8d 00 4c 89 74 24 10 4d 8b 26 4d 8d 74 24 18 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 75 06 00 00 41 83 3e 00 74 64 4c 89 ef be RSP: 0018:ffffc900063479a0 EFLAGS: 00010006 RAX: 0000000000000003 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 1ffff92000c68f40 RSI: ffffffff8e18595e RDI: ffffffff8c284780 RBP: ffffc90006347aa0 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffff52000c68f50 R12: 0000000000000000 R13: ffff88807c0ea850 R14: 0000000000000018 R15: ffffc90006347c20 FS: 0000555585610500(0000) GS:ffff888125536000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055555f28ea28 CR3: 000000007a828000 CR4: 00000000003526f0 Call Trace: rwsem_del_wake_waiter+0x25d/0x2e0 kernel/locking/rwsem.c:612 rwsem_down_write_slowpath+0xa6f/0x1080 kernel/locking/rwsem.c:1234 __down_write_common kernel/locking/rwsem.c:1347 [inline] __down_write_killable kernel/locking/rwsem.c:1361 [inline] down_write_killable+0x1eb/0x240 kernel/locking/rwsem.c:1639 mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline] vm_mmap_pgoff+0x234/0x4f0 mm/util.c:579 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fadedb9c502 Code: 4f 01 00 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 3b 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 6e 5b 5d c3 0f 1f 00 48 c7 c0 e8 ff ff ff 64 RSP: 002b:00007ffe3f8f17c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fadedb9c502 RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000 RBP: 0000000000020022 R08: 00000000ffffffff R09: 0000000000000000 R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffe3f8f1930 R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:rwsem_mark_wake+0xfa/0x7c0 kernel/locking/rwsem.c:445 Code: 01 00 74 08 4c 89 f7 e8 04 c4 8d 00 4c 89 74 24 10 4d 8b 26 4d 8d 74 24 18 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 75 06 00 00 41 83 3e 00 74 64 4c 89 ef be RSP: 0018:ffffc900063479a0 EFLAGS: 00010006 RAX: 0000000000000003 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 1ffff92000c68f40 RSI: ffffffff8e18595e RDI: ffffffff8c284780 RBP: ffffc90006347aa0 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffff52000c68f50 R12: 0000000000000000 R13: ffff88807c0ea850 R14: 0000000000000018 R15: ffffc90006347c20 FS: 0000555585610500(0000) GS:ffff888125536000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055555f28ea28 CR3: 000000007a828000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 01 00 add %eax,(%rax) 2: 74 08 je 0xc 4: 4c 89 f7 mov %r14,%rdi 7: e8 04 c4 8d 00 call 0x8dc410 c: 4c 89 74 24 10 mov %r14,0x10(%rsp) 11: 4d 8b 26 mov (%r14),%r12 14: 4d 8d 74 24 18 lea 0x18(%r12),%r14 19: 4c 89 f0 mov %r14,%rax 1c: 48 c1 e8 03 shr $0x3,%rax 20: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx 27: fc ff df * 2a: 0f b6 04 08 movzbl (%rax,%rcx,1),%eax <-- trapping instruction 2e: 84 c0 test %al,%al 30: 0f 85 75 06 00 00 jne 0x6ab 36: 41 83 3e 00 cmpl $0x0,(%r14) 3a: 74 64 je 0xa0 3c: 4c 89 ef mov %r13,%rdi 3f: be .byte 0xbe