Extracting prog: 4m24.983065838s
Minimizing prog: 1h30m6.844191294s
Simplifying prog options: 2m27.544655204s
Extracting C: 41.399830355s
Simplifying C: 30m14.766147554s


24 programs, timeouts [15s 1m40s 6m0s]
extracting reproducer from 24 programs
single: executing 4 programs separately with timeout 15s
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-openat-pwritev2-madvise-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-openat$snapshot-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(r7, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-syz_usb_connect-syz_usb_connect$cdc_ecm-ioctl$EXT4_IOC_GETSTATE-syz_usb_connect-writev-openat$vicodec0-sendmmsg$unix-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-socket$inet-connect$inet-listen-accept4-write$binfmt_elf64-setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO-sendto$inet-setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER-setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-ioctl$KVM_RUN-ioctl$VIDIOC_ENUM_FMT-sendmsg$NL80211_CMD_FRAME-socketpair$unix
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
syz_usb_connect(0x0, 0xdf0, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000bb9d3140a8171300a68e010203010902de0d040000000009044c080dd890490008240600014c352105240008000d240f01ed000000000009000706241a00001004240202152412ff03a317a88b045e4f01a607c0ffcb7e392a09050c101000040945ca23c564da1719759a29a61dbc150dee67401978c3d487fadb01e86bb960b9abdae885655d1f0a3987e8ab80844c898af48ae4a1dc734c6f1ac92197166706200f3f846794a14529d411aa643ebc2c178af7e658687ed74319c9ecd18b138716e2d5d315f539c0e02bc70a1c6c20f9cf086112931185ffbc9f694e80aa88e3b2cfb6fe7e74eec71f7499f504b45a4865a95033669c07087facaf8ac4f31b04b77f719c05b32879ae5d0d2345cd230249d2a81931d5b2cd4926d14e453f00930c1f6eab4a52d70a168db209050b08080006050509050e03200074077f6f012eb6f6fa6e8097158a29b2b59f66885d24de987395bcfe57c098f9f152403879d2184522b55a1ffa66c66472b9db75b365340b7ca77e19d136ee9b6d4f8582a50176d416ba0bc77e01f89eecdb032b7f918c7686d52a8a352bf3ee9327907d7bd508bd917fb205cf679b2040bf09050a1020000104080905010140008f038007250182080400090580080002f9800209050210ff030f09ff072501800205009f040c3a28fce72749ce8348f09ddc83df10d064eecdfb654f6cce460f6a1c8e713c4990e55522dc79b96fda18bd6d7f17308d8cbebc90a4fd42cb4e8de2db10b862752cd19c4ea184753c6aa3aeeec7758d029165e68f69773d599b8a34c4bb2a79469c5d08b9d77887278c4c82cdca59a07ad1cdc4abd75071e40ddaefc87f85ad235feb18b2c0e946135b774035d84e7f070ab6f04b1ae80bbfc9c8892c0905011020000c00050905031008000cff8107250100040900072501000805000905080108007f0703d207b78b979985980c55387603537e47dd2f2e8edf4a9531f79606d639345059e4a0f89675999bfa05df87ba75b38a137ddae0d9b69591af1eebd350b034c1374173942b3ba8df1ab6c67c637e2cb11ed25c53015099377406eff9019213367ef7a0f9c33b1e3a1ade2220d24498c1925c39630ed38db55a89d8a2f1778f399513d149866a2fc9ffdefc82dfbeaedd999a118e3064a96c39126ffe33da17e7573cb5e24c6d4aa6e976b8c75dbdc8d4b6e4b902d50016f603bee417b0e1b87c6a088ca806c8489ab97a4453b99789f580b51b9523a13e5f827e5fa667c39e956b4fb4371ceb844c15377d79294b1703d9bdeb28bc84cdc4e78f3c2751fcc9595bdd7e44148917ea122786a88e8dfb6d1245bd4b44516cb9ad6dc5d954fa5894ea1d5b0b9d344da7342d25037686dfbbef579b7c55785bbc96b59c5a9cb11b36069092bc5913cf38d77e90ba89643107bf87f0ea1ab4495fe37b1eed186bbe1dde0a73be96d44e2309050c031000720509ad31d27e74f77531a457026f62696f28251af2359bc3f51fd3e680aecc06edb18f6f7fc901651a38a3476348868b089518469bf194f19e7f9ca4261ed03062a2a2c37e6303e83ca09619c184fa4304b17100407ee3fb262ff391cc28efca2884bccb60027e00141eda5c4fff696a072d2b9bf81b4c218ab749604e6499801aa68b8bfd61c0cd27249458b23da4b2178ed44d856b0186f37807a0540ba0926d2059d1df13e5f6574dc33a48b692ff09b718b7742b28b2920454e0d4cc2e6231dbfe2d009fb7c8bb68893f2d352a7215fccb8c5794462391b89dde2a584e1ba64b08b310010ac56d0e8273c77190e6672f50ccb63b4a2f26558fedfc14de3d837ddb7b936403a3075a740050552266a9b09f544c5b1d7ed3e0952146f8764637ec5c2c94dad57aaf5f1a23308610798c3d8355528169831aca24ca27747ffeff677e54da257cc90f47c09b37b694c7e96d1706a075164464b8f1e14b0c12ceaf48a593690600cb5bcae110dbf980424eeb4bbb075114175c2733dce31054faf14c3881bb084566147b3996119318a6688815c1de0f9c05f63b3b0c0f8a68f866b61bc7cd323ff64a0014eb7fff09050908400008860009050501080001050909043f000657a707fa0a240102000502010209240302000306040808240802020002a9052405040607240502feaadc1124060404050600070007000100020081052406000005240005000d240f0103000000090003005908241cfffe06db0c072414d5f60b0009050202000410060450074efd4c41c53e61fa16b19fae792afc6bbfdc8217923fcb88fa6157d23257e68e05e2b4e89ccededb94d390e523c7dec3c011b8b8e36b57e883"], 0x0)
syz_usb_connect$cdc_ecm(0x1, 0x145, &(0x7f0000000e40)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x133, 0x1, 0x1, 0x6, 0x20, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x2, 0x6, 0x0, 0xf9, {{0xb, 0x24, 0x6, 0x0, 0x0, "a522de77de50"}, {0x5, 0x24, 0x0, 0xe47e}, {0xd, 0x24, 0xf, 0x1, 0xdd, 0x4, 0x4, 0x16}, [@call_mgmt={0x5, 0x24, 0x1, 0x0, 0x3}, @acm={0x4, 0x24, 0x2, 0x9}, @mdlm={0x15, 0x24, 0x12, 0x7}, @country_functional={0xc, 0x24, 0x7, 0xc1, 0x5, [0x1000, 0x64, 0xff]}, @mdlm_detail={0xbb, 0x24, 0x13, 0xf9, "d3b0ea68b477e3a96692126f57cef22674e41d4eeee54db697fd13d628627367d4197c366a400f443e042b931f0b64e8029fe317a232096b654a67e930c74f403975392c9ba79e19e652b7e1979560c3d3acd8b8a8563aa74679c98ba9b930d494e6c06a8594ca279257c5ff889e4e84802419b80a053c06f84ac5c1bb39d2d5794c48cf3df2425d55b178a4b70bed91d3adadc568272a17dc461a3b762b3c56fc793df24f3d5d239fbafdcaa1fdf9740fdccf3144fc7b"}, @acm={0x4}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x2, 0x5, 0x2}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x0, 0x9, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x6, 0x9, 0x2}}}}}]}}]}}, &(0x7f0000000d40)={0xa, &(0x7f0000000880)={0xa, 0x6, 0x300, 0x4, 0x9, 0x0, 0x8, 0xd}, 0xb0, &(0x7f00000008c0)={0x5, 0xf, 0xb0, 0x6, [@generic={0x3, 0x10, 0x2}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x2, 0xe, 0x2}, @ssp_cap={0xc, 0x10, 0xa, 0x7f, 0x0, 0x3, 0xf00, 0x3}, @generic={0x77, 0x10, 0xb, "bcd26de9cd33abdf3dcc5c6600999f69973df173516da390351abbb26ec07c32056a6f4fac39c3cedb2f34efbe3330127876c9616189ceba97878921b9eb3e84f0041f5f8cb0893cad7a2ace39aac30481ba30d35eeb4379f53eef82287e0f9553e0717a7a511f62edcd79daba38091449ace36e"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "42994e351a8caa2a91615ea95304f9fc"}, @ext_cap={0x7, 0x10, 0x2, 0x1c, 0x1, 0x6, 0x5}]}, 0x6, [{0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x4001}}, {0x4, &(0x7f0000000ac0)=@lang_id={0x4, 0x3, 0x814}}, {0x30, &(0x7f0000000b00)=@string={0x30, 0x3, "8de8266d69e52588d0a1426d17d118667bfb521135e186a115c3eaf553e1bf6d359e3755a2603369699a5af21340"}}, {0xfe, &(0x7f0000000b40)=@string={0xfe, 0x3, "22d917202931d45a55cd19eeb873a45129efe899738ead92637dd0f1980ac75d1b330c0e31d50ce67f2519e34f94184417cd035fe04f7368c5e3970aea038c3fa58cce292dcf4513097d4d0c54967e8e35cb0b32bdcf9dc59f7383b928ce116f173c41e1c7314957d7416be088c807352ae05b43e5cd62f7c1474ae3a0d09d107a3be67a3a2822f86d5e1ce763c946adfa96143af9a3aa650e4e0f867a0e1775edc795c2abf0d1825a8d1ddb6f605dda07665614304b88f3130590fba85e29e8cc6ae856f87d0233279930414210365b362fe4426f88461ef6610f461c5ea5bcf2d03ff12a08497932ac1f5e2c70e6f4efdbc7799af04f94b019ae8d"}}, {0x1c, &(0x7f0000000c40)=@string={0x1c, 0x3, "1c5eb14b1eb0bc315fb7b275efab88ac2aee2dad4667a0c33077"}}, {0x91, &(0x7f0000000c80)=ANY=[@ANYBLOB="91033a83d5ba4141ede8944b9f4f71d590bc4d0a35449ee283c9a5798cc35327a272723433c57d3105bb058bd9d2ea1273ee6688eca281ed90bb22110781aa333bd7da4842b2513aee4ba5526615f1e5a17e58e570edc105fea5bed8da0a4a1f05f9a97b4dffd41be81ea92f07c716a63b0d5f2660a949165757e82c924df9dc3f0f0e5b20e3f4902a3386c83a4d0a6b12"]}]})
ioctl$EXT4_IOC_GETSTATE(r0, 0x40046629, &(0x7f0000000dc0))
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000094c125eaa9081101c86d00000001090212000100000000090400000089263c00"], 0x0)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x5)
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r6, 0x8)
r7 = accept4(r6, 0x0, 0x0, 0x0)
write$binfmt_elf64(r7, &(0x7f0000000240)=ANY=[], 0x78)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f0000000100)={0x4}, 0x10)
sendto$inet(r7, &(0x7f0000000180)="05", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x3}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f00000000c0), 0x8)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000028000/0x18000)=nil, &(0x7f0000000480)=[@text64={0x40, &(0x7f0000000080)="0f81cf8fe978e11766b8f9008ed8c442d9ae819c3100000f094163be0000000066baf80cb87ce12584efc4a2b5bee1ed0f952af20f090f01ca", 0x39}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000001c0)={0x30, 0xa, 0x0, "b75c89e7a20c8eac82ad0416bb1844038d2cd97c945462f31638b5394c00"})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-openat-pwritev2-madvise-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-openat$snapshot-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-userfaultfd-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(r7, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
userfaultfd(0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-sendmsg$nl_route_sched-socket-prctl$PR_SET_TAGGED_ADDR_CTRL-socket$inet_dccp-openat$nullb-socket$inet-syz_usb_connect$cdc_ncm-syz_open_dev$char_usb-readv-syz_usb_disconnect-openat$adsp1-ioctl$SNDCTL_DSP_CHANNELS-syz_open_dev$loop-dup-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN-ioctl$ifreq_SIOCGIFINDEX_wireguard-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED
detailed listing:
executing program 0:
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f000000a280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newtaction={0x18, 0x4f, 0x301, 0x70bd2d, 0x0, {0x2}, [{0x4, 0x2}]}, 0x18}}, 0x4000)
socket(0x25, 0x1, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
socket$inet(0x2, 0x0, 0x0)
r2 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
readv(r3, &(0x7f00000007c0)=[{&(0x7f0000000240)=""/137, 0x89}, {0x0}], 0x2)
syz_usb_disconnect(r2)
r4 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x402, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000380), 0x0, 0x0)
r5 = dup(0xffffffffffffffff)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x541b, 0xfffffffffffffffe)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)

program did not crash
single: failed to extract reproducer
bisect: bisecting 24 programs with base timeout 15s
testing program (duration=21s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 30, 15, 5, 30, 27, 30, 30, 29, 30, 27, 30, 29, 29, 29, 29, 30, 20, 9, 17, 18, 28, 28, 27]
detailed listing:
executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[], 0x10132)
setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000100)=0xffff, 0x4)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_expedited', 0x101a02, 0x0)
write$tcp_congestion(r0, &(0x7f0000000140)='hybla\x00', 0x6)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000440)="f3cb174ae717957f8bf135edc89d604676cadd8c42accf3d4d381316639242984901e83c44d6952e09657d1c7bd62ee28f5ba872830d0113c8610a2d9662ae0ae7a99403cf32067a", 0x48}, {&(0x7f0000001500)="487989e53845aaa1b6a09400dab01d97eb2e46142262c2fc997570acaf231ad9ed70cd5e85316a9c22ae3f872b134550098f6cdf12548b4a276fd0bb5c9575caa945445087d886bbad3bad783b298164748e1a14ac1e85c3277cfb7cd039fb1ce06ccd88beda5e2e309528334cb4e1a0fc13b7f9c4f214bffd56bfcf71856994f510e9bf0afa8dce0d466af1e4d3bb296ea3e0d79ebe39ef0f432969a02fae93c6a4fd459e3cf60471285756464c81ac725e91075d7872ff739dece6663825d4246bd2bf976c822aaff2f585d8788b08456a5f19e9f355e56a750436e266e84a84e8fabbfc69a38668096c98baab8677d63ae005dd1e360fb160230f19859ab3b5e72b4b0db3d1560bf22f9cd1a434597eece820772c283f9007a41ae23689c8ba1279dfaf7b616f6de89e75fa3f5dff9b7e58aae17c2f8bfcec65b1da7aff3050dc7473abfa3a11db196e9955a57190914d5b095922bb871324444c11fcf90b1346b9cda730e1cf056888ea7d987420a8c5d2ec4a06e40ec8f03d5112a35267022c311613d028b5d9a9677dc6b8e7d486452e0aa83096f01e61abf550b4fe297de2568e57c908b7ee63c5a4531e6e24d5887ed0a08f88173b765daeab4436a5863a56515bc20300cfabf57422d6ee918ae4174b49453f103b95d83fd814d556251d5ef72d8a5973f44d292f776eedcf9ee49210b1a0e2e48bd78a38afeb5aa166dac3bf1a3816f7f30a16151f722324f79c2c733fd9cb1b3e2288af27c3da22221b4d2e97420ab5813dd7e1681a499f2b4d551228b1649db3447dcc7f60bc797b71ac3b3a3d24a10e09ed787a3b852cc7b38a7e5b558e3de00e20e81102bcba091a32934f04c37228a8251ffd2e94e53a595adb2f692d7b457615370d987162917624571eb5a307bd0778696558f35cf66e0c436b9f1b4f24a964c4133c82911acb95b6e22feb432bccd9e61ed21873b898f703acdc8c3033eadf95de4f3b4f90a2113dabffbdb9ad64aaa9628de532b83e331b446f8100578e7b67f98b6ae4a273a32145d7134d57a587bc13933e43fa06f4fdb6677968b71eb7c95e2601b3739c29304da7a5530ce22ed0853197cd00f7e220378c378a94dff07d4d44464890ca5bc4e0c1047b0e33a76127b2cc1f8c82343622ec28752b8573ba485164ce872608517ccc38cda720dc377705d793b35c768a5a704cd502321807fe14ef3b13f2ff98322dab993010aaf18c465b3aa7f23baac077435479ccc2075586f74ff8b3390a5791d89a63e3eb0f776a980de0e92006d34d409ff322b952e3648844386ae2b73da5b1f7699243b96985cd13de75d4efd89eb6ff687019eae318de2cb972659e338eac9298bcd45d2e5270e315628f5b448f0e86a9ebb6bc4db5f4e75ee95447eb6c245ba9bf0c421fe160f129d07e4b51dcc732ae029bd77111bdbb2651954cc6bf1e68cb7dc20be8cd4bd73bf26dcabfd5bfe0ca6a91d915bbd61e0757493de33a8d06368a5313543cd5d12ca715a5091fd23f11e6737f76fd09f23deb7a62c17b601dc254b5eb28352003b21937baf25eb0c3a431598b22d1a63d6e771b91c2716740e01948387a2239e6d740663e71fd48eabbb8bfd1b566687d55f420d3edcb2dc59150ae2b229f25239c4dc561bbbb2f8cdee0b06a7034e4137f8d255a43f8ee4fa9e19b348d689050f7c3e93e0ccbe39105897a55bc253fd72e100923f39b11dfa88d90161978fe1886144e95086009f208adf4e2f5a0b4015939b9ad11e897cb8d21541b144011eb566a2dc0e706bc49050e831f7ea2727bbcbf86617a3d1ff3ff88e8baa98a8476541d54422953ef5252ab13a05a231cdb794d3018ca7c8f6c457414f467faee8f5c3b728dad653be495b1f14d9fbf207845cfc85b7d1d6d29e498a28613b44103f932e930ca3be4173b7a1e131229e8949fdc49846297b2bda6d201dfbcba9ea7355098531dfafbfc20d196967dc06ac9b0330446007578561e631ae6848186f5008a2b43bf1540584b050af67c866ead49a59f422ef488d6adba17276f48c79870f6187fcb90cef082c1e999487ca3a443f75b1b6bb86514a2af7b079b1760e7c969bbca9b37ef8aab6a94e69c10c7f6ccbf1ea526e1fb6cd6f4bd6b4d8ead95eb7a3f8dfa52888aee477337809d844a5639216b6598fd25db48c8eda44cb650f091ae5eff313c88641873ccd287b63de8b9bc87d0d5e5880e270841f3ca07313d09a975a8d8023858fb3161a95be14c78b1825efad2c0e5a3a1f3102effb04a48c31b1a37444f1c2b806f1498d17068548e7eafefe8a3b094fe8507e15d0124870da7095a21787c2738ac169b93d9a6fe7f8d7b8eab01328673e4ead252929671c6d80e66d3b5893c91e390e48d74c3e17aecedbf203203ad00f0322c9d8a21c6805f91a0deb82d0707463af91686350f8c87dbf033d0ae0acafa63bc82627be4a936cd18b4a220cd6181316d0495b5dbe93da895c9fc80db5a96b685c23364439120da61556dda4c865f2e9f31a22c2310d58386e9a1316c8a7b01a010ee7c0d3f782d37492a03af569e8413e423e461fab5a2f91010e415f42e8c45d1a03c51374fc4e8d9c7ee360309fee1a8cc616bf7b6ba5d3fa4905aac1646a1bb4738b7a6716965b61bc5f426c172b3a07a6d09cf24965757384fa4143a199e1c47c485a8d0a703df3bf65ba89edf2afe387a72b7267186e98ebdf13b2c13118a2236e1710c3be1c99096e377c183a9f3cad7663a22552bd3fd9922df17f64425906df5caaab728a3386e7dcc13035c15312afd1004c128529c5e0009e703f598bdbb86a7dfa5d5ec2ff07fa0607723264c13aee9f03743910ac084e74806b2f4f99540072dfdbdd6214786e651123df36f7d0ae2d34ecfea2b1b9464aece7667c912223b90a01354da23f35524c47d44b53174695ae3e69d5dccb22a5d399c73cbec4e1cc551d9e99bbc4faadaca9d0dc76cfc70dc76a5e3459de2f46e578c8f3db7dbab85b00ce5ca93d8cee496e326069d72d912d70163dcf70ebc1466be69f06bfeb72d24c894df9c6718e10da1555a307e4230a07de9674a1d64e992aa313076841b2dcf4a8922e6b8229dd66ff3d69be764cf070da1af3338d788ef835a3d139a82545a9a7bef291991f4afc8b58de5fb747a9a9fcb53cd6c02d3f5605d39b937a51a5ee3a0cfc497ac208296ce3fbc3b13236e50d61eb664648b32cab5bdbdda87f7560bf81b475167772c9327b7db0f2df4ec1df0dacf4776187dafc71536fd6a73742d87173323db9fa7e5fc9cd99eaa1680d4e303e4eeedb8e046e0c09adaaa37739888be2a2d345cca3e3129a7d58bc45a1ad5697617e661608cd1710afe1c4b3dcb13be922441220e882ebb61c8b02e0c99ae16361d53cf85a7d1a313ddea074a212c668b4dac40274be14d5166b3592735d979f59195a526de4192ac67cd06197944d79d4d2662cb3a76929b6e3ad68a0eee197c93cf683e92b72b8e4259cd35bd2867a35afa4a3b8ffec747e2bf19acb2d2ca943e54ab92cc1079138dcb1b7d7adbc2af750be2fef399d8ab715d17a048715ec000c3c0310cb904202d474f0537e06d022d25e83526958d24f7fcdd232a08923d27695ebc512494ada5bae41d8f555e579c5b797592e1f11247022c9cc7cae5173c0ade9540a3b823807e4fec6d04d483844e64dc0692f36f83cae17a04a2494212763a0ebe38c769af038882313c1def5d69f89e54fc4e7cedd26b1a28f72f52f7d21099755241de9d5851416073d2098b41174dca5d02177d38ceede77ef818b6aae6dd9a17cd9c6e2b043310d196c99f6b604233a5ad8e1d4443acfdbfe2b992bc7def5a782e6e46f4ebe26fd981f14b78664c6598549e675431cf989920755f6e6109a47f6ac5ff10e4e140926f32ac1f614ce82640f855be6c9867e126df135f9d8c3023105cc79e2c61296a5816e39d9a3024e354ec84fd4e5ca6e614a6dab6146b9064a828a74c56779f1932accf1b182671df098f21205584e9e323ca5a6f50dad3cc9a29b861610f3d968e7cc45d8c75637f5ff337a4eca0c38cba38e710812f92c450cef67b21ec7220ea9baa89a2ce367613d696a4efa6720b0b656676e6a76669324ce6604699a13f2b522e967af595122bdf88b4d926246357c0f743225e2d8af7ddc1b4ab6675a5a9264d1275240ec3bea32832861e097a48adaf00cbed13a5b0abab69820fbfbb5207fbb4ca061e16d9f61f74008591860f9f451bfd0e1d08ac32896e9e52fbfe256d22a095acebf2d1d17958381ababa8700c75145408d7bd3a8c55cd8e6dd3e7f7306762ad703c3be7e979d283b5042e7ebe64bdc2de75072974552330c850e8a6fa125f2a36a57ab8be8c0f8084a6aae70007aaee537ebf2975b3c9dcf5fab9298d53d6e4473ab780b87cf01a9819b568e40848e992f68a08d3b86a92481318fe85ed046a7c41fe848cad39e4bf5045d11040846f4f2ca23b9917ac17ffcd163a7c0e0eb7988587c794e12fd0d648757685c0d2bba994e35ac5ed7a0462af9e7dc0f5c1f29f121f97ba7a32eb009bfe7bb9c8721345dd52c6ea6b0b5b85a266aa516a79f20e961219d7d1783aa07ee0e49d90b4d3f5960f4764e71b561f963909ae05d68c76b201f296a575c85d1f417dc17087d30c4b98f3ffd7d8c49eb5083276c289479e63a09f1ec0908d5a5c0f812308466844f31310573827f9814d23432634c9841c53ceed9eb7622cba6a584e9de032e9723d51daa9ccca1399aba9c5b8f62c6960c77e34856c8d505b1858aa5f773ca9e6783083faab4302a13d9b23a2cdbb4b27d8455258b8ae2500a95d86a9e723cd60b6d478f94214b3d6527b02d2d1d2fb8d3fc5a45d9e7feaa621f9bbd1711bbbe46238234dbb0223aa3f2041bc5e9838f3af9426c514a7763d3e432cfed908bb1ed41efeff6c990a1d0f45a91453e5557aa70acc312965728c3668bd11bfd4f06891cae08fec3b025e933403ce05301e351853f7d2a2797dac5512387de03bb955263fde1de16bed12a7a1a64ef8c2d8cf3835cb772849c95c433fe33283815a81f96e6b55a6f19c890f8c7f3c6fa8a849a292851797307111e24717a4e615ab54a716e77488ac91ecacc13a68a74b0198af5a69603d4e65cf322ba63add5a25412df20a9a52eaeb34331f9901c214acd612602a0dcd2ef816dfbc5998508089c03ef1b9a78bf97685f9405798f9016a62db7f82f508c2a96a71397b1a7db0266a3c694b58277b65e55f5b771fb85552e6abf2e0903dc5aa3d6fa8145a05382b2f8da867ef2fb6ef89562cc909f33384fd1d689b9c3951485a52e065f9a8b334821ce2a3e3dd41553f9260e4cb20777d75f0596fc1bfbd114ad419b9d4a0c0e9a3287329e54ca6ec2d4ac2d32e3fe2cacb64bdea5850cc6c8911236b6eb10c08a6120f10368273cf7bb2fd815dac758ff0a403464ccde1921b79f41a0fe1439e4e48f9f76c22fd40174aebf52d7b629c6d6699bd9cfa40f9a12e1a82aaf07a474d21934a3148f1ed2ad7749278b414f888f1bd00db2ae0454733b43291482a69aff922b75225c6b0453a22e29e51d49cdd8f1c907119a8a3d0ee37ee37dbe283a7b4b6294fbf1c5c550446e27136e720ede860feb7e577c68e4e09aafe4c524bdb273fed9bd34066e7d8934ad20550600374d001209d54c798e6dcc6b03db0944bc18661edb0fd379ad565b337cc94307447c1303253c7f777295e4255d6dc5bdfae13971ad3d367507b15c6086cd9b499375f383", 0x1000}, {&(0x7f0000000340)="41a6067b1bc36fb019eea63bd46e15ad97bceba37bf441686bfb0ee3049abf50ff5d4700f4122acee11bb8493327", 0x2e}, {&(0x7f0000000500)="54f8db", 0x3}], 0x4, &(0x7f0000001400)=[@cred={{0x18}}, @rights={{0x34, 0x1, 0x1, [r3, r3, r2, 0xffffffffffffffff, r2, r1, r1, 0xffffffffffffffff, 0xffffffffffffffff, r2]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r2, 0xffffffffffffffff, r3, 0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [r3, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x18, 0x1, 0x1, [r3, 0xffffffffffffffff, r1]}}, @cred={{0x18}}], 0x100, 0x40004}}], 0x1, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r2, 0x0, r4, 0x0, 0x39000, 0x0)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f00000000c0)=<r6=>0x0)
timer_gettime(r6, &(0x7f0000000180))
timer_settime(0x0, 0x0, 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = socket(0x10, 0x3, 0x0)
write(r7, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)={0x2c, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x10, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc}]}]}, 0x2c}}, 0x0)
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r7, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20660100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x40, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r11}, @val={0xc, 0x99, {0x1000, 0x34}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6e}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x3f}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4000081)
chdir(&(0x7f0000000240)='./file0\x00')
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r12, &(0x7f0000000380), 0x208e24b)
lsetxattr$trusted_overlay_upper(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f00000003c0)={0x0, 0xfb, 0x53, 0x2, 0x2, "8680d3189a4a20076b7bd3bbe3f25569", "008bc0eff6cbaf8914f888980a8fd33e37b6c96d8128713158268c653497577acdfe1af684c1b41624ff4432b4f9e2e96c2525ba3a68c5bd6d49bbb9e1d6"}, 0x53, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x13, r12, 0x0)
preadv(r12, &(0x7f0000000580)=[{&(0x7f0000004240)=""/4119, 0x1017}], 0x1, 0x0, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@gettaction={0x18, 0x32, 0x1, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x4}]}, 0x18}}, 0x0)
executing program 0:
ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084503, &(0x7f00000017c0)=""/76)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
r0 = io_uring_setup(0x136f, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000019c0)={&(0x7f0000001980)='cachefiles_ref\x00'}, 0x10)
semget$private(0x0, 0x6, 0x0)
semtimedop(0x0, &(0x7f0000000340)=[{0x0, 0x1}], 0x1, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{}], 0x1, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)=0x3, 0x4)
r1 = syz_io_uring_setup(0x3b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0}})
io_uring_enter(r1, 0x5e40, 0x0, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
executing program 3:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
mlockall(0x3)
mlockall(0x6)
executing program 2:
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x4, 0x5}, 0x48)
syz_emit_vhci(&(0x7f0000002380)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xe6}, "f592a1a34acf98b7523438f803c81c18331129f0b382c7dda9cff785a996215d6d7827337ccd785e30c1cb6be3ffac56d115d7a569142f9ddc3ec2ffcb0db02641329f1debd0ce8d2e87f14049688c90ac9140d8076fdd42239a32d58b0590ae7cef9e6b2e47fb9e8d7db365a8a85bf12210304aa9d99b3ad6dae6ab3fa7b5c8fd0d857bfb6697da9e1e4123a5ed7f8173bc88f6f14aa4f4f7410474812ded97e088fd9cf1a4cfd050e77c8ed8c0f71c2421fa6a52f360d0dba7ef267831fbe277058f0f5558b75db7a73abe875574653fc014fad169511eebe3bc758a0177e047cd103acfa2"}, 0xea)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000002480)={0x3000, 0xb000})
syz_emit_vhci(&(0x7f0000000440)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x2c}, @l2cap_cid_signaling={{0x28}, [@l2cap_conn_rsp={{0x3, 0x5e, 0x8}, {0x4, 0x0, 0x0, 0x6}}, @l2cap_conf_rsp={{0x5, 0xa7, 0x18}, {0x6, 0x8, 0x3, [@l2cap_conf_efs={0x6, 0x10, {0x0, 0x0, 0x0, 0x4, 0xdfd1, 0x7}}]}}]}}, 0x31)
syz_open_dev$usbmon(&(0x7f0000000280), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
eventfd(0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x4, 0x0, 0x0, 0x81})
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000200)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0xffffffd4, 0x0, 0x0, 0x20}}, &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$clear(0x11, 0xfffffffffffffffd)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r3, &(0x7f0000000340)={0x2020}, 0xd6e)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r4, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
syz_usb_connect(0x0, 0xdf0, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000bb9d3140a8171300a68e010203010902de0d040000000009044c080dd890490008240600014c352105240008000d240f01ed000000000009000706241a00001004240202152412ff03a317a88b045e4f01a607c0ffcb7e392a09050c101000040945ca23c564da1719759a29a61dbc150dee67401978c3d487fadb01e86bb960b9abdae885655d1f0a3987e8ab80844c898af48ae4a1dc734c6f1ac92197166706200f3f846794a14529d411aa643ebc2c178af7e658687ed74319c9ecd18b138716e2d5d315f539c0e02bc70a1c6c20f9cf086112931185ffbc9f694e80aa88e3b2cfb6fe7e74eec71f7499f504b45a4865a95033669c07087facaf8ac4f31b04b77f719c05b32879ae5d0d2345cd230249d2a81931d5b2cd4926d14e453f00930c1f6eab4a52d70a168db209050b08080006050509050e03200074077f6f012eb6f6fa6e8097158a29b2b59f66885d24de987395bcfe57c098f9f152403879d2184522b55a1ffa66c66472b9db75b365340b7ca77e19d136ee9b6d4f8582a50176d416ba0bc77e01f89eecdb032b7f918c7686d52a8a352bf3ee9327907d7bd508bd917fb205cf679b2040bf09050a1020000104080905010140008f038007250182080400090580080002f9800209050210ff030f09ff072501800205009f040c3a28fce72749ce8348f09ddc83df10d064eecdfb654f6cce460f6a1c8e713c4990e55522dc79b96fda18bd6d7f17308d8cbebc90a4fd42cb4e8de2db10b862752cd19c4ea184753c6aa3aeeec7758d029165e68f69773d599b8a34c4bb2a79469c5d08b9d77887278c4c82cdca59a07ad1cdc4abd75071e40ddaefc87f85ad235feb18b2c0e946135b774035d84e7f070ab6f04b1ae80bbfc9c8892c0905011020000c00050905031008000cff8107250100040900072501000805000905080108007f0703d207b78b979985980c55387603537e47dd2f2e8edf4a9531f79606d639345059e4a0f89675999bfa05df87ba75b38a137ddae0d9b69591af1eebd350b034c1374173942b3ba8df1ab6c67c637e2cb11ed25c53015099377406eff9019213367ef7a0f9c33b1e3a1ade2220d24498c1925c39630ed38db55a89d8a2f1778f399513d149866a2fc9ffdefc82dfbeaedd999a118e3064a96c39126ffe33da17e7573cb5e24c6d4aa6e976b8c75dbdc8d4b6e4b902d50016f603bee417b0e1b87c6a088ca806c8489ab97a4453b99789f580b51b9523a13e5f827e5fa667c39e956b4fb4371ceb844c15377d79294b1703d9bdeb28bc84cdc4e78f3c2751fcc9595bdd7e44148917ea122786a88e8dfb6d1245bd4b44516cb9ad6dc5d954fa5894ea1d5b0b9d344da7342d25037686dfbbef579b7c55785bbc96b59c5a9cb11b36069092bc5913cf38d77e90ba89643107bf87f0ea1ab4495fe37b1eed186bbe1dde0a73be96d44e2309050c031000720509ad31d27e74f77531a457026f62696f28251af2359bc3f51fd3e680aecc06edb18f6f7fc901651a38a3476348868b089518469bf194f19e7f9ca4261ed03062a2a2c37e6303e83ca09619c184fa4304b17100407ee3fb262ff391cc28efca2884bccb60027e00141eda5c4fff696a072d2b9bf81b4c218ab749604e6499801aa68b8bfd61c0cd27249458b23da4b2178ed44d856b0186f37807a0540ba0926d2059d1df13e5f6574dc33a48b692ff09b718b7742b28b2920454e0d4cc2e6231dbfe2d009fb7c8bb68893f2d352a7215fccb8c5794462391b89dde2a584e1ba64b08b310010ac56d0e8273c77190e6672f50ccb63b4a2f26558fedfc14de3d837ddb7b936403a3075a740050552266a9b09f544c5b1d7ed3e0952146f8764637ec5c2c94dad57aaf5f1a23308610798c3d8355528169831aca24ca27747ffeff677e54da257cc90f47c09b37b694c7e96d1706a075164464b8f1e14b0c12ceaf48a593690600cb5bcae110dbf980424eeb4bbb075114175c2733dce31054faf14c3881bb084566147b3996119318a6688815c1de0f9c05f63b3b0c0f8a68f866b61bc7cd323ff64a0014eb7fff09050908400008860009050501080001050909043f000657a707fa0a240102000502010209240302000306040808240802020002a9052405040607240502feaadc1124060404050600070007000100020081052406000005240005000d240f0103000000090003005908241cfffe06db0c072414d5f60b0009050202000410060450074efd4c41c53e61fa16b19fae792afc6bbfdc8217923fcb88fa6157d23257e68e05e2b4e89ccededb94d390e523c7dec3c011b8b8e36b57e883"], 0x0)
syz_usb_connect$cdc_ecm(0x1, 0x145, &(0x7f0000000e40)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x133, 0x1, 0x1, 0x6, 0x20, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x2, 0x6, 0x0, 0xf9, {{0xb, 0x24, 0x6, 0x0, 0x0, "a522de77de50"}, {0x5, 0x24, 0x0, 0xe47e}, {0xd, 0x24, 0xf, 0x1, 0xdd, 0x4, 0x4, 0x16}, [@call_mgmt={0x5, 0x24, 0x1, 0x0, 0x3}, @acm={0x4, 0x24, 0x2, 0x9}, @mdlm={0x15, 0x24, 0x12, 0x7}, @country_functional={0xc, 0x24, 0x7, 0xc1, 0x5, [0x1000, 0x64, 0xff]}, @mdlm_detail={0xbb, 0x24, 0x13, 0xf9, "d3b0ea68b477e3a96692126f57cef22674e41d4eeee54db697fd13d628627367d4197c366a400f443e042b931f0b64e8029fe317a232096b654a67e930c74f403975392c9ba79e19e652b7e1979560c3d3acd8b8a8563aa74679c98ba9b930d494e6c06a8594ca279257c5ff889e4e84802419b80a053c06f84ac5c1bb39d2d5794c48cf3df2425d55b178a4b70bed91d3adadc568272a17dc461a3b762b3c56fc793df24f3d5d239fbafdcaa1fdf9740fdccf3144fc7b"}, @acm={0x4}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x2, 0x5, 0x2}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x0, 0x9, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x6, 0x9, 0x2}}}}}]}}]}}, &(0x7f0000000d40)={0xa, &(0x7f0000000880)={0xa, 0x6, 0x300, 0x4, 0x9, 0x0, 0x8, 0xd}, 0x11d, &(0x7f00000008c0)={0x5, 0xf, 0x11d, 0x5, [@generic={0xe7, 0x10, 0x2, "6b15bf01a9d13400e32d17ea61ff3c908c7e131de15417a70ca95c169da7dd0403b370af88e4f989e8028357c8bb22c108bc9ac96bffe908c00aa0e5422c2bbf31634db3a657241fb4083cb5d343e0bfe15a611d6a304992282e559320d1774eca89f60213b2a5fdb60cee5273edb4c68b27c36f88cc8d09a52de18060be0f059cf51949da3b2bfc0554822fc9a14f6517d3cc62d50b058078d8f03f078c140a6bf99cc99298144e39d1c5235aab7daba5ae11c6bc5117b44621d66da3723b0509c3ec0814158c1c35cc68daaa508b03ceafe85ae6d2a8cd5e3b01e7227e7f3d85f4f0ee"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x2, 0xe, 0x2}, @ssp_cap={0xc, 0x10, 0xa, 0x7f, 0x0, 0x3, 0xf00, 0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "42994e351a8caa2a91615ea95304f9fc"}, @ext_cap={0x7, 0x10, 0x2, 0x1c, 0x1, 0x6, 0x5}]}, 0x6, [{0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x4001}}, {0x4, &(0x7f0000000ac0)=@lang_id={0x4, 0x3, 0x814}}, {0x30, &(0x7f0000000b00)=@string={0x30, 0x3, "8de8266d69e52588d0a1426d17d118667bfb521135e186a115c3eaf553e1bf6d359e3755a2603369699a5af21340"}}, {0xfe, &(0x7f0000000b40)=@string={0xfe, 0x3, "22d917202931d45a55cd19eeb873a45129efe899738ead92637dd0f1980ac75d1b330c0e31d50ce67f2519e34f94184417cd035fe04f7368c5e3970aea038c3fa58cce292dcf4513097d4d0c54967e8e35cb0b32bdcf9dc59f7383b928ce116f173c41e1c7314957d7416be088c807352ae05b43e5cd62f7c1474ae3a0d09d107a3be67a3a2822f86d5e1ce763c946adfa96143af9a3aa650e4e0f867a0e1775edc795c2abf0d1825a8d1ddb6f605dda07665614304b88f3130590fba85e29e8cc6ae856f87d0233279930414210365b362fe4426f88461ef6610f461c5ea5bcf2d03ff12a08497932ac1f5e2c70e6f4efdbc7799af04f94b019ae8d"}}, {0x1c, &(0x7f0000000c40)=@string={0x1c, 0x3, "1c5eb14b1eb0bc315fb7b275efab88ac2aee2dad4667a0c33077"}}, {0x91, &(0x7f0000000c80)=ANY=[@ANYBLOB="91033a83d5ba4141ede8944b9f4f71d590bc4d0a35449ee283c9a5798cc35327a272723433c57d3105bb058bd9d2ea1273ee6688eca281ed90bb22110781aa333bd7da4842b2513aee4ba5526615f1e5a17e58e570edc105fea5bed8da0a4a1f05f9a97b4dffd41be81ea92f07c716a63b0d5f2660a949165757e82c924df9dc3f0f0e5b20e3f4902a3386c83a4d0a6b12"]}]})
ioctl$EXT4_IOC_GETSTATE(r0, 0x40046629, &(0x7f0000000dc0))
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000094c125eaa9081101c86d00000001090212000100000000090400000089263c00"], 0x0)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x5)
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r5, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r5, 0x8)
r6 = accept4(r5, 0x0, 0x0, 0x0)
write$binfmt_elf64(r6, &(0x7f0000000240)=ANY=[], 0x78)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000100)={0x4}, 0x10)
sendto$inet(r6, &(0x7f0000000180)="05", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x3}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f00000000c0), 0x8)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000028000/0x18000)=nil, &(0x7f0000000480)=[@text64={0x40, &(0x7f0000000080)="0f81cf8fe978e11766b8f9008ed8c442d9ae819c3100000f094163be0000000066baf80cb87ce12584efc4a2b5bee1ed0f952af20f090f01ca", 0x39}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000001c0)={0x30, 0xa, 0x0, "b75c89e7a20c8eac82ad0416bb1844038d2cd97c945462f31638b5394c00"})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000001600)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000240)='mmap_lock_acquire_returned\x00', r3}, 0x10)
brk(0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000280)='2', 0x1}], 0x1)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r4)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0, 0x4})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000380)={0x0, 0x1fffe000000})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x1e, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={0x0, 0x0}, 0x20)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
ptrace$poke(0x5, r6, &(0x7f0000000080), 0x0)
connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
io_setup(0x6, &(0x7f0000000680))
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r4, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r5, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(r6, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000000c0)=0x1)
userfaultfd(0x1)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x84, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000010000000853a6e1d127e5d5292f3b9e67925d96d34b70244f25560e8a01161d39c2fd200ad0f9fe1a4903b6bdad0aca2777873287cad6c24404fe323db091f3913431ce0858a5ecc0bc481c4d31ac1cb548f19d5596e87dc3f3cec115a8c7d16540fbbfd3e5c2b33fe0a15100bb12af"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140))
executing program 3:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(r7, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
userfaultfd(0x1)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x84, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000010000000853a6e1d127e5d5292f3b9e67925d96d34b70244f25560e8a01161d39c2fd200ad0f9fe1a4903b6bdad0aca2777873287cad6c24404fe323db091f3913431ce0858a5ecc0bc481c4d31ac1cb548f19d5596e87dc3f3cec115a8c7d16540fbbfd3e5c2b33fe0a15100bb12af"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))
executing program 0:
r0 = socket(0x1d, 0x2, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0xc, &(0x7f0000000000), 0x4)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFBRDADDR(r3, 0x891a, &(0x7f000000b6c0)={'wg2\x00', {0x2, 0x4e23, @loopback}})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f000000a040)={'syztnl1\x00', &(0x7f0000009fc0)={'ip6_vti0\x00', <r5=>r4, 0x2f, 0x6, 0x8, 0x7f, 0x50, @mcast2, @remote, 0x40, 0x20, 0x4, 0x3}})
sendmsg$nl_route(r1, &(0x7f000000b680)={&(0x7f0000004cc0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f000000b640)={&(0x7f00000003c0)=ANY=[@ANYBLOB="340000001d00020028bd7000fddbdf250a000000", @ANYRES32=r5, @ANYBLOB="0200480205000c008000000008000900020000fb060006004e220000c1f85672c8e4a8a97a9ddd33968f4fbe1babb1c48fa9b677df8525b6a4c6232329fbf6e9b0512e7c3f1de5cf18aba39512eb927d3d24cf8338c091aee0a8f66cfa0c83c080db8f3265795513a7488c7edd6c30ea0662a7fcd2"], 0x34}, 0x1, 0x0, 0x0, 0x8080}, 0x400c0)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000001e00)={'bond0\x00', <r7=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000001e40)={r7, 0x3, 0x6}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000040)={r7, 0x1, 0x6, @broadcast}, 0x10)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100fd0000000080000000000000", @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(r9, &(0x7f0000000200), 0xf000)
nanosleep(0x0, 0x0)
syz_emit_vhci(0x0, 0x7)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'sit0\x00', &(0x7f0000000200)={'ip_vti0\x00', r7, 0x7, 0x10, 0x7, 0x3, {{0x8, 0x4, 0x2, 0x18, 0x20, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0xc}, @private=0xa010102, {[@ssrr={0x89, 0xb, 0xd5, [@remote, @private=0xa010102]}, @end]}}}}})
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0)
bind$can_j1939(r0, &(0x7f0000000040)={0x1d, 0x0, 0x1}, 0x18)
getsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000140)=""/76, &(0x7f00000001c0)=0x4c)
sendmmsg(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)=@un=@file={0x1, './file0\x00'}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000100)='w', 0x1}], 0x1}}, {{&(0x7f0000001800)=@un=@file={0x1, './file0\x00'}, 0x80, 0x0}}], 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
syz_usb_connect(0x0, 0xdf0, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000bb9d3140a8171300a68e010203010902de0d040000000009044c080dd890490008240600014c352105240008000d240f01ed000000000009000706241a00001004240202152412ff03a317a88b045e4f01a607c0ffcb7e392a09050c101000040945ca23c564da1719759a29a61dbc150dee67401978c3d487fadb01e86bb960b9abdae885655d1f0a3987e8ab80844c898af48ae4a1dc734c6f1ac92197166706200f3f846794a14529d411aa643ebc2c178af7e658687ed74319c9ecd18b138716e2d5d315f539c0e02bc70a1c6c20f9cf086112931185ffbc9f694e80aa88e3b2cfb6fe7e74eec71f7499f504b45a4865a95033669c07087facaf8ac4f31b04b77f719c05b32879ae5d0d2345cd230249d2a81931d5b2cd4926d14e453f00930c1f6eab4a52d70a168db209050b08080006050509050e03200074077f6f012eb6f6fa6e8097158a29b2b59f66885d24de987395bcfe57c098f9f152403879d2184522b55a1ffa66c66472b9db75b365340b7ca77e19d136ee9b6d4f8582a50176d416ba0bc77e01f89eecdb032b7f918c7686d52a8a352bf3ee9327907d7bd508bd917fb205cf679b2040bf09050a1020000104080905010140008f038007250182080400090580080002f9800209050210ff030f09ff072501800205009f040c3a28fce72749ce8348f09ddc83df10d064eecdfb654f6cce460f6a1c8e713c4990e55522dc79b96fda18bd6d7f17308d8cbebc90a4fd42cb4e8de2db10b862752cd19c4ea184753c6aa3aeeec7758d029165e68f69773d599b8a34c4bb2a79469c5d08b9d77887278c4c82cdca59a07ad1cdc4abd75071e40ddaefc87f85ad235feb18b2c0e946135b774035d84e7f070ab6f04b1ae80bbfc9c8892c0905011020000c00050905031008000cff8107250100040900072501000805000905080108007f0703d207b78b979985980c55387603537e47dd2f2e8edf4a9531f79606d639345059e4a0f89675999bfa05df87ba75b38a137ddae0d9b69591af1eebd350b034c1374173942b3ba8df1ab6c67c637e2cb11ed25c53015099377406eff9019213367ef7a0f9c33b1e3a1ade2220d24498c1925c39630ed38db55a89d8a2f1778f399513d149866a2fc9ffdefc82dfbeaedd999a118e3064a96c39126ffe33da17e7573cb5e24c6d4aa6e976b8c75dbdc8d4b6e4b902d50016f603bee417b0e1b87c6a088ca806c8489ab97a4453b99789f580b51b9523a13e5f827e5fa667c39e956b4fb4371ceb844c15377d79294b1703d9bdeb28bc84cdc4e78f3c2751fcc9595bdd7e44148917ea122786a88e8dfb6d1245bd4b44516cb9ad6dc5d954fa5894ea1d5b0b9d344da7342d25037686dfbbef579b7c55785bbc96b59c5a9cb11b36069092bc5913cf38d77e90ba89643107bf87f0ea1ab4495fe37b1eed186bbe1dde0a73be96d44e2309050c031000720509ad31d27e74f77531a457026f62696f28251af2359bc3f51fd3e680aecc06edb18f6f7fc901651a38a3476348868b089518469bf194f19e7f9ca4261ed03062a2a2c37e6303e83ca09619c184fa4304b17100407ee3fb262ff391cc28efca2884bccb60027e00141eda5c4fff696a072d2b9bf81b4c218ab749604e6499801aa68b8bfd61c0cd27249458b23da4b2178ed44d856b0186f37807a0540ba0926d2059d1df13e5f6574dc33a48b692ff09b718b7742b28b2920454e0d4cc2e6231dbfe2d009fb7c8bb68893f2d352a7215fccb8c5794462391b89dde2a584e1ba64b08b310010ac56d0e8273c77190e6672f50ccb63b4a2f26558fedfc14de3d837ddb7b936403a3075a740050552266a9b09f544c5b1d7ed3e0952146f8764637ec5c2c94dad57aaf5f1a23308610798c3d8355528169831aca24ca27747ffeff677e54da257cc90f47c09b37b694c7e96d1706a075164464b8f1e14b0c12ceaf48a593690600cb5bcae110dbf980424eeb4bbb075114175c2733dce31054faf14c3881bb084566147b3996119318a6688815c1de0f9c05f63b3b0c0f8a68f866b61bc7cd323ff64a0014eb7fff09050908400008860009050501080001050909043f000657a707fa0a240102000502010209240302000306040808240802020002a9052405040607240502feaadc1124060404050600070007000100020081052406000005240005000d240f0103000000090003005908241cfffe06db0c072414d5f60b0009050202000410060450074efd4c41c53e61fa16b19fae792afc6bbfdc8217923fcb88fa6157d23257e68e05e2b4e89ccededb94d390e523c7dec3c011b8b8e36b57e883"], 0x0)
syz_usb_connect$cdc_ecm(0x1, 0x145, &(0x7f0000000e40)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x133, 0x1, 0x1, 0x6, 0x20, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x2, 0x6, 0x0, 0xf9, {{0xb, 0x24, 0x6, 0x0, 0x0, "a522de77de50"}, {0x5, 0x24, 0x0, 0xe47e}, {0xd, 0x24, 0xf, 0x1, 0xdd, 0x4, 0x4, 0x16}, [@call_mgmt={0x5, 0x24, 0x1, 0x0, 0x3}, @acm={0x4, 0x24, 0x2, 0x9}, @mdlm={0x15, 0x24, 0x12, 0x7}, @country_functional={0xc, 0x24, 0x7, 0xc1, 0x5, [0x1000, 0x64, 0xff]}, @mdlm_detail={0xbb, 0x24, 0x13, 0xf9, "d3b0ea68b477e3a96692126f57cef22674e41d4eeee54db697fd13d628627367d4197c366a400f443e042b931f0b64e8029fe317a232096b654a67e930c74f403975392c9ba79e19e652b7e1979560c3d3acd8b8a8563aa74679c98ba9b930d494e6c06a8594ca279257c5ff889e4e84802419b80a053c06f84ac5c1bb39d2d5794c48cf3df2425d55b178a4b70bed91d3adadc568272a17dc461a3b762b3c56fc793df24f3d5d239fbafdcaa1fdf9740fdccf3144fc7b"}, @acm={0x4}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x2, 0x5, 0x2}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x0, 0x9, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x6, 0x9, 0x2}}}}}]}}]}}, &(0x7f0000000d40)={0xa, &(0x7f0000000880)={0xa, 0x6, 0x300, 0x4, 0x9, 0x0, 0x8, 0xd}, 0x120, &(0x7f00000008c0)={0x5, 0xf, 0x120, 0x6, [@generic={0xe7, 0x10, 0x2, "6b15bf01a9d13400e32d17ea61ff3c908c7e131de15417a70ca95c169da7dd0403b370af88e4f989e8028357c8bb22c108bc9ac96bffe908c00aa0e5422c2bbf31634db3a657241fb4083cb5d343e0bfe15a611d6a304992282e559320d1774eca89f60213b2a5fdb60cee5273edb4c68b27c36f88cc8d09a52de18060be0f059cf51949da3b2bfc0554822fc9a14f6517d3cc62d50b058078d8f03f078c140a6bf99cc99298144e39d1c5235aab7daba5ae11c6bc5117b44621d66da3723b0509c3ec0814158c1c35cc68daaa508b03ceafe85ae6d2a8cd5e3b01e7227e7f3d85f4f0ee"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x2, 0xe, 0x2}, @ssp_cap={0xc, 0x10, 0xa, 0x7f, 0x0, 0x3, 0xf00, 0x3}, @generic={0x3, 0x10, 0xb}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "42994e351a8caa2a91615ea95304f9fc"}, @ext_cap={0x7, 0x10, 0x2, 0x1c, 0x1, 0x6, 0x5}]}, 0x6, [{0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x4001}}, {0x4, &(0x7f0000000ac0)=@lang_id={0x4, 0x3, 0x814}}, {0x30, &(0x7f0000000b00)=@string={0x30, 0x3, "8de8266d69e52588d0a1426d17d118667bfb521135e186a115c3eaf553e1bf6d359e3755a2603369699a5af21340"}}, {0xfe, &(0x7f0000000b40)=@string={0xfe, 0x3, "22d917202931d45a55cd19eeb873a45129efe899738ead92637dd0f1980ac75d1b330c0e31d50ce67f2519e34f94184417cd035fe04f7368c5e3970aea038c3fa58cce292dcf4513097d4d0c54967e8e35cb0b32bdcf9dc59f7383b928ce116f173c41e1c7314957d7416be088c807352ae05b43e5cd62f7c1474ae3a0d09d107a3be67a3a2822f86d5e1ce763c946adfa96143af9a3aa650e4e0f867a0e1775edc795c2abf0d1825a8d1ddb6f605dda07665614304b88f3130590fba85e29e8cc6ae856f87d0233279930414210365b362fe4426f88461ef6610f461c5ea5bcf2d03ff12a08497932ac1f5e2c70e6f4efdbc7799af04f94b019ae8d"}}, {0x1c, &(0x7f0000000c40)=@string={0x1c, 0x3, "1c5eb14b1eb0bc315fb7b275efab88ac2aee2dad4667a0c33077"}}, {0x91, &(0x7f0000000c80)=ANY=[@ANYBLOB="91033a83d5ba4141ede8944b9f4f71d590bc4d0a35449ee283c9a5798cc35327a272723433c57d3105bb058bd9d2ea1273ee6688eca281ed90bb22110781aa333bd7da4842b2513aee4ba5526615f1e5a17e58e570edc105fea5bed8da0a4a1f05f9a97b4dffd41be81ea92f07c716a63b0d5f2660a949165757e82c924df9dc3f0f0e5b20e3f4902a3386c83a4d0a6b12"]}]})
ioctl$EXT4_IOC_GETSTATE(r0, 0x40046629, &(0x7f0000000dc0))
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000094c125eaa9081101c86d00000001090212000100000000090400000089263c00"], 0x0)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x5)
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r5, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r5, 0x8)
r6 = accept4(r5, 0x0, 0x0, 0x0)
write$binfmt_elf64(r6, &(0x7f0000000240)=ANY=[], 0x78)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000100)={0x4}, 0x10)
sendto$inet(r6, &(0x7f0000000180)="05", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x3}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f00000000c0), 0x8)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000028000/0x18000)=nil, &(0x7f0000000480)=[@text64={0x40, &(0x7f0000000080)="0f81cf8fe978e11766b8f9008ed8c442d9ae819c3100000f094163be0000000066baf80cb87ce12584efc4a2b5bee1ed0f952af20f090f01ca", 0x39}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000001c0)={0x30, 0xa, 0x0, "b75c89e7a20c8eac82ad0416bb1844038d2cd97c945462f31638b5394c00"})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
executing program 3:
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x4, 0x5}, 0x48)
syz_emit_vhci(&(0x7f0000002380)=@HCI_SCODATA_PKT={0x3, {0xc8, 0xe6}, "f592a1a34acf98b7523438f803c81c18331129f0b382c7dda9cff785a996215d6d7827337ccd785e30c1cb6be3ffac56d115d7a569142f9ddc3ec2ffcb0db02641329f1debd0ce8d2e87f14049688c90ac9140d8076fdd42239a32d58b0590ae7cef9e6b2e47fb9e8d7db365a8a85bf12210304aa9d99b3ad6dae6ab3fa7b5c8fd0d857bfb6697da9e1e4123a5ed7f8173bc88f6f14aa4f4f7410474812ded97e088fd9cf1a4cfd050e77c8ed8c0f71c2421fa6a52f360d0dba7ef267831fbe277058f0f5558b75db7a73abe875574653fc014fad169511eebe3bc758a0177e047cd103acfa2"}, 0xea)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000002480)={0x3000, 0xb000})
syz_emit_vhci(&(0x7f0000000440)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x2c}, @l2cap_cid_signaling={{0x28}, [@l2cap_conn_rsp={{0x3, 0x5e, 0x8}, {0x4, 0x0, 0x0, 0x6}}, @l2cap_conf_rsp={{0x5, 0xa7, 0x18}, {0x6, 0x8, 0x3, [@l2cap_conf_efs={0x6, 0x10, {0x0, 0x0, 0x0, 0x4, 0xdfd1, 0x7}}]}}]}}, 0x31)
syz_open_dev$usbmon(&(0x7f0000000280), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
eventfd(0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x4, 0x0, 0x0, 0x81})
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000200)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0xffffffd4, 0x0, 0x0, 0x20}}, &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$clear(0x11, 0xfffffffffffffffd)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r3, &(0x7f0000000340)={0x2020}, 0xd6e)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r4, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
executing program 2:
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f000000a280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newtaction={0x18, 0x4f, 0x301, 0x70bd2d, 0x0, {0x2}, [{0x4, 0x2}]}, 0x18}}, 0x4000)
socket(0x25, 0x1, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
socket$inet(0x2, 0x0, 0x0)
r2 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
readv(r3, &(0x7f00000007c0)=[{&(0x7f0000000240)=""/137, 0x89}, {0x0}], 0x2)
syz_usb_disconnect(r2)
r4 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x402, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000040))
r5 = syz_open_dev$loop(&(0x7f0000000380), 0x0, 0x0)
r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000080)={r6, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "4874ef0904271a78949178fd825b775b5e55210c4037a557f88c97b6097ea4e9fdd1d167064e969100ff97aa6b42687995845c8c3ce42e76d6db19d5f4f5f283", "eba9d749fdc2dedff9641c2773c54efce1fa87820dae06070446988b8770438b12e6b80c265fdce83841f0f230d1f4fe7b5ba021316c17fb5112d7d0f278e48a", "c41751ca16a23f839af552fb8500010000000000003203a6c188ec22bd7c4549"}})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = dup(r8)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000100)={0x10000})
syz_kvm_setup_cpu$x86(r8, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000340)=[@textreal={0x8, &(0x7f0000000300)="baf80c66b8b027b68566efbafc0cb00cee0f22960f320fae2f0f3805f2d28615d20f005f0066b90809000066b8ef00000066ba000000000f30660fc77155f36e", 0x40}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f00000001c0))
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$LOOP_GET_STATUS(r5, 0x4c07, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x541b, 0xfffffffffffffffe)
r10 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r10, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
executing program 3:
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f000000a280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newtaction={0x18, 0x4f, 0x301, 0x70bd2d, 0x0, {0x2}, [{0x4, 0x2}]}, 0x18}}, 0x4000)
socket(0x25, 0x1, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
socket$inet(0x2, 0x0, 0x0)
r2 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
readv(r3, &(0x7f00000007c0)=[{&(0x7f0000000240)=""/137, 0x89}, {0x0}], 0x2)
syz_usb_disconnect(r2)
r4 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x402, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000040))
r5 = syz_open_dev$loop(&(0x7f0000000380), 0x0, 0x0)
r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000080)={r6, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "4874ef0904271a78949178fd825b775b5e55210c4037a557f88c97b6097ea4e9fdd1d167064e969100ff97aa6b42687995845c8c3ce42e76d6db19d5f4f5f283", "eba9d749fdc2dedff9641c2773c54efce1fa87820dae06070446988b8770438b12e6b80c265fdce83841f0f230d1f4fe7b5ba021316c17fb5112d7d0f278e48a", "c41751ca16a23f839af552fb8500010000000000003203a6c188ec22bd7c4549"}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = dup(0xffffffffffffffff)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000100)={0x10000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000340)=[@textreal={0x8, &(0x7f0000000300)="baf80c66b8b027b68566efbafc0cb00cee0f22960f320fae2f0f3805f2d28615d20f005f0066b90809000066b8ef00000066ba000000000f30660fc77155f36e", 0x40}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f00000001c0))
ioctl$KVM_NMI(r8, 0xae9a)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$LOOP_GET_STATUS(r5, 0x4c07, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x541b, 0xfffffffffffffffe)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r9, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
executing program 1:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d667363616368"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(r7, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
userfaultfd(0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4400ae8f, &(0x7f0000000140))
executing program 1:
r0 = syz_clone(0x8002ca80, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0xffffffffffffffff, 0x8, &(0x7f0000000040)=0x200000000005)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="04221011aaaaaaaaaa10f50305a938a98000b1"], 0x13)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x1c9100, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x5)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x11)
socket$nl_rdma(0x10, 0x3, 0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x1a9a81)
ioctl$USBDEVFS_FREE_STREAMS(r3, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020d3"])
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="043e06000e86"], 0x9)
ioctl$USBDEVFS_CONTROL(r3, 0x4008550d, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$UI_SET_LEDBIT(r2, 0x40045569, 0x1)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000100)={{0x0, 0xffff, 0xd}, 'syz1\x00'})
ioctl$UI_DEV_CREATE(r2, 0x5501)
ioctl$UI_DEV_DESTROY(r2, 0x5502)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
userfaultfd(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
bind$rds(0xffffffffffffffff, 0x0, 0x0)
ptrace$setregset(0x4205, r0, 0x200, &(0x7f0000000100)={0x0})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[], 0x7c}}, 0x0)
executing program 1:
r0 = socket(0x1d, 0x2, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0xc, &(0x7f0000000000), 0x4)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFBRDADDR(r3, 0x891a, &(0x7f000000b6c0)={'wg2\x00', {0x2, 0x4e23, @loopback}})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f000000a040)={'syztnl1\x00', &(0x7f0000009fc0)={'ip6_vti0\x00', <r5=>r4, 0x2f, 0x6, 0x8, 0x7f, 0x50, @mcast2, @remote, 0x40, 0x20, 0x4, 0x3}})
sendmsg$nl_route(r1, &(0x7f000000b680)={&(0x7f0000004cc0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f000000b640)={&(0x7f00000003c0)=ANY=[@ANYBLOB="340000001d00020028bd7000fddbdf250a000000", @ANYRES32=r5, @ANYBLOB="0200480205000c008000000008000900020000fb060006004e220000c1f85672c8e4a8a97a9ddd33968f4fbe1babb1c48fa9b677df8525b6a4c6232329fbf6e9b0512e7c3f1de5cf18aba39512eb927d3d24cf8338c091aee0a8f66cfa0c83c080db8f3265795513a7488c7edd6c30ea0662a7fcd2"], 0x34}, 0x1, 0x0, 0x0, 0x8080}, 0x400c0)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000001e00)={'bond0\x00', <r7=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000001e40)={r7, 0x3, 0x6}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000040)={r7, 0x1, 0x6, @broadcast}, 0x10)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100fd0000000080000000000000", @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r10}, 0x4)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(r9, &(0x7f0000000200), 0xf000)
nanosleep(&(0x7f0000000000)={0x8000000000000000}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04f74120"], 0x7)
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f00000002c0)=@getqdisc={0x44, 0x26, 0x100, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r7, {0xfff2, 0xb}, {0x2, 0xa}, {0x1, 0xf}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x24008810}, 0xc040)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'sit0\x00', &(0x7f0000000200)={'ip_vti0\x00', r7, 0x7, 0x10, 0x7, 0x3, {{0xa, 0x4, 0x2, 0x18, 0x28, 0x64, 0x0, 0xe5, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0xc}, @private=0xa010102, {[@noop, @ssrr={0x89, 0xf, 0xd5, [@remote, @multicast1, @private=0xa010102]}, @end]}}}}})
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r11=>0x0})
bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r11, 0x1}, 0x18)
getsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000140)=""/76, &(0x7f00000001c0)=0x4c)
sendmmsg(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)=@un=@file={0x1, './file0\x00'}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000100)='w', 0x1}], 0x1}}, {{&(0x7f0000001800)=@un=@file={0x1, './file0\x00'}, 0x80, 0x0}}], 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
executing program 0:
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f000000a280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newtaction={0x18, 0x4f, 0x301, 0x70bd2d, 0x0, {0x2}, [{0x4, 0x2}]}, 0x18}}, 0x4000)
socket(0x25, 0x1, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
socket$inet(0x2, 0x0, 0x0)
r2 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
readv(r3, &(0x7f00000007c0)=[{&(0x7f0000000240)=""/137, 0x89}, {0x0}], 0x2)
syz_usb_disconnect(r2)
r4 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x402, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000380), 0x0, 0x0)
r5 = dup(0xffffffffffffffff)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x541b, 0xfffffffffffffffe)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
mkdir(&(0x7f0000000280)='./control\x00', 0x0)
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f0000000040)='./control\x00', 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
executing program 1:
socket(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3800007, 0x4008032, 0xffffffffffffffff, 0x0)
syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f00000003c0), 0x0, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
llistxattr(0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_io_uring_setup(0x1114, &(0x7f0000000300)={0x0, 0x20039dd}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r2, 0x47fa, 0x0, 0x0, 0x0, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4020aed2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003000/0x4000)=nil})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
mincore(&(0x7f000056a000/0x4000)=nil, 0x4000, &(0x7f0000000100)=""/45)
executing program 3:
socket(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3800007, 0x4008032, 0xffffffffffffffff, 0x0)
syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f00000003c0), 0x0, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
llistxattr(0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_io_uring_setup(0x1114, &(0x7f0000000300)={0x0, 0x20039dd}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x8, 0x0, 0x7, 0x0, 0x0})
io_uring_enter(r2, 0x47fa, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x18, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)=[0xffffffffffffffff]}, 0x1)
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4020aed2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003000/0x4000)=nil})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
mincore(&(0x7f000056a000/0x4000)=nil, 0x4000, &(0x7f0000000100)=""/45)
executing program 2:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(r7, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
userfaultfd(0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))
executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
syz_usb_connect(0x0, 0xdf0, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000bb9d3140a8171300a68e010203010902de0d040000000009044c080dd890490008240600014c352105240008000d240f01ed000000000009000706241a00001004240202152412ff03a317a88b045e4f01a607c0ffcb7e392a09050c101000040945ca23c564da1719759a29a61dbc150dee67401978c3d487fadb01e86bb960b9abdae885655d1f0a3987e8ab80844c898af48ae4a1dc734c6f1ac92197166706200f3f846794a14529d411aa643ebc2c178af7e658687ed74319c9ecd18b138716e2d5d315f539c0e02bc70a1c6c20f9cf086112931185ffbc9f694e80aa88e3b2cfb6fe7e74eec71f7499f504b45a4865a95033669c07087facaf8ac4f31b04b77f719c05b32879ae5d0d2345cd230249d2a81931d5b2cd4926d14e453f00930c1f6eab4a52d70a168db209050b08080006050509050e03200074077f6f012eb6f6fa6e8097158a29b2b59f66885d24de987395bcfe57c098f9f152403879d2184522b55a1ffa66c66472b9db75b365340b7ca77e19d136ee9b6d4f8582a50176d416ba0bc77e01f89eecdb032b7f918c7686d52a8a352bf3ee9327907d7bd508bd917fb205cf679b2040bf09050a1020000104080905010140008f038007250182080400090580080002f9800209050210ff030f09ff072501800205009f040c3a28fce72749ce8348f09ddc83df10d064eecdfb654f6cce460f6a1c8e713c4990e55522dc79b96fda18bd6d7f17308d8cbebc90a4fd42cb4e8de2db10b862752cd19c4ea184753c6aa3aeeec7758d029165e68f69773d599b8a34c4bb2a79469c5d08b9d77887278c4c82cdca59a07ad1cdc4abd75071e40ddaefc87f85ad235feb18b2c0e946135b774035d84e7f070ab6f04b1ae80bbfc9c8892c0905011020000c00050905031008000cff8107250100040900072501000805000905080108007f0703d207b78b979985980c55387603537e47dd2f2e8edf4a9531f79606d639345059e4a0f89675999bfa05df87ba75b38a137ddae0d9b69591af1eebd350b034c1374173942b3ba8df1ab6c67c637e2cb11ed25c53015099377406eff9019213367ef7a0f9c33b1e3a1ade2220d24498c1925c39630ed38db55a89d8a2f1778f399513d149866a2fc9ffdefc82dfbeaedd999a118e3064a96c39126ffe33da17e7573cb5e24c6d4aa6e976b8c75dbdc8d4b6e4b902d50016f603bee417b0e1b87c6a088ca806c8489ab97a4453b99789f580b51b9523a13e5f827e5fa667c39e956b4fb4371ceb844c15377d79294b1703d9bdeb28bc84cdc4e78f3c2751fcc9595bdd7e44148917ea122786a88e8dfb6d1245bd4b44516cb9ad6dc5d954fa5894ea1d5b0b9d344da7342d25037686dfbbef579b7c55785bbc96b59c5a9cb11b36069092bc5913cf38d77e90ba89643107bf87f0ea1ab4495fe37b1eed186bbe1dde0a73be96d44e2309050c031000720509ad31d27e74f77531a457026f62696f28251af2359bc3f51fd3e680aecc06edb18f6f7fc901651a38a3476348868b089518469bf194f19e7f9ca4261ed03062a2a2c37e6303e83ca09619c184fa4304b17100407ee3fb262ff391cc28efca2884bccb60027e00141eda5c4fff696a072d2b9bf81b4c218ab749604e6499801aa68b8bfd61c0cd27249458b23da4b2178ed44d856b0186f37807a0540ba0926d2059d1df13e5f6574dc33a48b692ff09b718b7742b28b2920454e0d4cc2e6231dbfe2d009fb7c8bb68893f2d352a7215fccb8c5794462391b89dde2a584e1ba64b08b310010ac56d0e8273c77190e6672f50ccb63b4a2f26558fedfc14de3d837ddb7b936403a3075a740050552266a9b09f544c5b1d7ed3e0952146f8764637ec5c2c94dad57aaf5f1a23308610798c3d8355528169831aca24ca27747ffeff677e54da257cc90f47c09b37b694c7e96d1706a075164464b8f1e14b0c12ceaf48a593690600cb5bcae110dbf980424eeb4bbb075114175c2733dce31054faf14c3881bb084566147b3996119318a6688815c1de0f9c05f63b3b0c0f8a68f866b61bc7cd323ff64a0014eb7fff09050908400008860009050501080001050909043f000657a707fa0a240102000502010209240302000306040808240802020002a9052405040607240502feaadc1124060404050600070007000100020081052406000005240005000d240f0103000000090003005908241cfffe06db0c072414d5f60b0009050202000410060450074efd4c41c53e61fa16b19fae792afc6bbfdc8217923fcb88fa6157d23257e68e05e2b4e89ccededb94d390e523c7dec3c011b8b8e36b57e883"], 0x0)
syz_usb_connect$cdc_ecm(0x1, 0x145, &(0x7f0000000e40)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x133, 0x1, 0x1, 0x6, 0x20, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x2, 0x6, 0x0, 0xf9, {{0xb, 0x24, 0x6, 0x0, 0x0, "a522de77de50"}, {0x5, 0x24, 0x0, 0xe47e}, {0xd, 0x24, 0xf, 0x1, 0xdd, 0x4, 0x4, 0x16}, [@call_mgmt={0x5, 0x24, 0x1, 0x0, 0x3}, @acm={0x4, 0x24, 0x2, 0x9}, @mdlm={0x15, 0x24, 0x12, 0x7}, @country_functional={0xc, 0x24, 0x7, 0xc1, 0x5, [0x1000, 0x64, 0xff]}, @mdlm_detail={0xbb, 0x24, 0x13, 0xf9, "d3b0ea68b477e3a96692126f57cef22674e41d4eeee54db697fd13d628627367d4197c366a400f443e042b931f0b64e8029fe317a232096b654a67e930c74f403975392c9ba79e19e652b7e1979560c3d3acd8b8a8563aa74679c98ba9b930d494e6c06a8594ca279257c5ff889e4e84802419b80a053c06f84ac5c1bb39d2d5794c48cf3df2425d55b178a4b70bed91d3adadc568272a17dc461a3b762b3c56fc793df24f3d5d239fbafdcaa1fdf9740fdccf3144fc7b"}, @acm={0x4}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x2, 0x5, 0x2}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x0, 0x9, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x6, 0x9, 0x2}}}}}]}}]}}, &(0x7f0000000d40)={0xa, &(0x7f0000000880)={0xa, 0x6, 0x300, 0x4, 0x9, 0x0, 0x8, 0xd}, 0xb0, &(0x7f00000008c0)={0x5, 0xf, 0xb0, 0x6, [@generic={0x3, 0x10, 0x2}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x2, 0xe, 0x2}, @ssp_cap={0xc, 0x10, 0xa, 0x7f, 0x0, 0x3, 0xf00, 0x3}, @generic={0x77, 0x10, 0xb, "bcd26de9cd33abdf3dcc5c6600999f69973df173516da390351abbb26ec07c32056a6f4fac39c3cedb2f34efbe3330127876c9616189ceba97878921b9eb3e84f0041f5f8cb0893cad7a2ace39aac30481ba30d35eeb4379f53eef82287e0f9553e0717a7a511f62edcd79daba38091449ace36e"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "42994e351a8caa2a91615ea95304f9fc"}, @ext_cap={0x7, 0x10, 0x2, 0x1c, 0x1, 0x6, 0x5}]}, 0x6, [{0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x4001}}, {0x4, &(0x7f0000000ac0)=@lang_id={0x4, 0x3, 0x814}}, {0x30, &(0x7f0000000b00)=@string={0x30, 0x3, "8de8266d69e52588d0a1426d17d118667bfb521135e186a115c3eaf553e1bf6d359e3755a2603369699a5af21340"}}, {0xfe, &(0x7f0000000b40)=@string={0xfe, 0x3, "22d917202931d45a55cd19eeb873a45129efe899738ead92637dd0f1980ac75d1b330c0e31d50ce67f2519e34f94184417cd035fe04f7368c5e3970aea038c3fa58cce292dcf4513097d4d0c54967e8e35cb0b32bdcf9dc59f7383b928ce116f173c41e1c7314957d7416be088c807352ae05b43e5cd62f7c1474ae3a0d09d107a3be67a3a2822f86d5e1ce763c946adfa96143af9a3aa650e4e0f867a0e1775edc795c2abf0d1825a8d1ddb6f605dda07665614304b88f3130590fba85e29e8cc6ae856f87d0233279930414210365b362fe4426f88461ef6610f461c5ea5bcf2d03ff12a08497932ac1f5e2c70e6f4efdbc7799af04f94b019ae8d"}}, {0x1c, &(0x7f0000000c40)=@string={0x1c, 0x3, "1c5eb14b1eb0bc315fb7b275efab88ac2aee2dad4667a0c33077"}}, {0x91, &(0x7f0000000c80)=ANY=[@ANYBLOB="91033a83d5ba4141ede8944b9f4f71d590bc4d0a35449ee283c9a5798cc35327a272723433c57d3105bb058bd9d2ea1273ee6688eca281ed90bb22110781aa333bd7da4842b2513aee4ba5526615f1e5a17e58e570edc105fea5bed8da0a4a1f05f9a97b4dffd41be81ea92f07c716a63b0d5f2660a949165757e82c924df9dc3f0f0e5b20e3f4902a3386c83a4d0a6b12"]}]})
ioctl$EXT4_IOC_GETSTATE(r0, 0x40046629, &(0x7f0000000dc0))
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000094c125eaa9081101c86d00000001090212000100000000090400000089263c00"], 0x0)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x5)
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r6, 0x8)
r7 = accept4(r6, 0x0, 0x0, 0x0)
write$binfmt_elf64(r7, &(0x7f0000000240)=ANY=[], 0x78)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f0000000100)={0x4}, 0x10)
sendto$inet(r7, &(0x7f0000000180)="05", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x3}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f00000000c0), 0x8)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000028000/0x18000)=nil, &(0x7f0000000480)=[@text64={0x40, &(0x7f0000000080)="0f81cf8fe978e11766b8f9008ed8c442d9ae819c3100000f094163be0000000066baf80cb87ce12584efc4a2b5bee1ed0f952af20f090f01ca", 0x39}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000001c0)={0x30, 0xa, 0x0, "b75c89e7a20c8eac82ad0416bb1844038d2cd97c945462f31638b5394c00"})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000e00))
executing program 3:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(r7, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 4 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-openat-pwritev2-madvise-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-openat$snapshot-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(r7, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: WARNING: refcount bug in p9_req_put
single: successfully extracted reproducer
found reproducer with 27 syscalls
minimizing guilty program
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-openat-pwritev2-madvise-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-openat$snapshot-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(r7, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-openat-pwritev2-madvise-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-openat$snapshot-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r4, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r5, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(r6, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-openat-pwritev2-madvise-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-openat$snapshot-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(r7, 0x3305)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-openat-pwritev2-madvise-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-openat$snapshot-syz_usb_connect$hid-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-openat-pwritev2-madvise-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-openat$snapshot-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
ioctl$SNAPSHOT_FREE(r7, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-openat-pwritev2-madvise-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: WARNING: refcount bug in p9_req_put
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-openat-pwritev2-madvise-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_MEM_TABLE-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140))
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-openat-pwritev2-madvise-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: kernel BUG in __jump_label_patch
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-openat-pwritev2-madvise-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: WARNING: refcount bug in p9_req_put
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-openat-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: WARNING: refcount bug in p9_req_put
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-openat-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-mmap-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r5, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: kernel BUG in __jump_label_patch
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-open-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: WARNING: refcount bug in p9_req_put
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-ioctl$VHOST_SET_OWNER-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: kernel BUG in __jump_label_patch
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-openat$vhost_vsock-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: WARNING: refcount bug in p9_req_put
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: WARNING: refcount bug in p9_req_put
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f00000007c0)={{0x10000, 0x2, 0xb, 0x2, 0x0, 0x81, 0x9b, 0x7, 0x4, 0x87, 0x8, 0x7}, {0x18f002, 0x4000, 0xa, 0x3, 0x8, 0xb, 0x92, 0x9, 0x8, 0x9, 0xa, 0x2}, {0x6000, 0x5000, 0xd, 0xec, 0xb3, 0xfb, 0x2, 0x4, 0xe3, 0x56, 0x39, 0xfe}, {0xd000, 0x4, 0xb, 0xd5, 0xf8, 0x3, 0x7f, 0x8, 0x5, 0x6, 0x4, 0xb4}, {0x4000, 0x100000, 0x0, 0x67, 0x1, 0x8, 0x6, 0x3, 0x5f, 0xbe, 0x3, 0x1}, {0x6000, 0x6000, 0xc, 0x2, 0x1, 0xfd, 0x0, 0x2, 0x10, 0xa7, 0x4, 0x7}, {0xb6ff58cdf5116350, 0x1, 0x8, 0x2, 0xf1, 0x0, 0x4, 0xf3, 0x5, 0x3, 0x8, 0x40}, {0x1000, 0x4000, 0x9, 0x10, 0xe, 0x4, 0xf9, 0x3, 0x1, 0x5, 0x8, 0xe}, {0x1000, 0x3}, {0x0, 0x1}, 0x0, 0x0, 0x2, 0x20100, 0x6, 0x4000, 0x7004, [0x8000000000000000, 0x8, 0x6cd2, 0x3]})
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: WARNING: refcount bug in p9_req_put
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-openat$kvm-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-mmap-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-openat$cgroup_ro-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: WARNING: refcount bug in p9_req_put
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-mount$9p_virtio-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mkdirat-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: kernel BUG in __jump_label_patch
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: WARNING: refcount bug in p9_req_put
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), 0x0, &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', 0x0, 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002580)=""/107})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, 0x0})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: WARNING: refcount bug in p9_req_put
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, 0x0})
syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: WARNING: refcount bug in p9_req_put
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, 0x0})
syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140))

program crashed: WARNING: refcount bug in p9_req_put
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, 0x0})
syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, 0x0)

program crashed: WARNING: refcount bug in p9_req_put
extracting C reproducer
testing compiled C program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program did not crash
simplifying guilty program options
testing program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
detailed listing:
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, 0x0})
syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0)
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, 0x0)

program crashed: WARNING: refcount bug in p9_req_put
extracting C reproducer
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program crashed: WARNING: refcount bug in p9_req_put
simplifying C reproducer
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program crashed: WARNING: refcount bug in p9_req_put
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program crashed: WARNING: refcount bug in p9_req_put
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program crashed: WARNING: refcount bug in p9_req_put
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program crashed: WARNING: refcount bug in p9_req_put
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program crashed: WARNING: refcount bug in p9_req_put
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program crashed: WARNING: refcount bug in p9_req_put
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat-mount$9p_virtio-chdir-mmap-openat$kvm-ioctl$KVM_CREATE_VCPU-ioctl$KVM_CREATE_VM-pwritev2-ioctl$VHOST_SET_VRING_ADDR-syz_usb_connect$hid-ioctl$SNAPSHOT_FREE-ioctl$VHOST_VSOCK_SET_RUNNING-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_SET_VCPU_EVENTS
program did not crash
reproducing took 2h9m54.798002139s
repro crashed as (corrupted=false):
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 3 PID: 5213 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Modules linked in:
CPU: 3 PID: 5213 Comm: syz-executor225 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Code: ff 89 de e8 08 59 08 fd 84 db 0f 85 66 ff ff ff e8 5b 5e 08 fd c6 05 e6 c9 4e 0b 01 90 48 c7 c7 80 3b 90 8b e8 a7 9b ca fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 38 5e 08 fd 0f b6 1d c1 c9 4e 0b 31
RSP: 0018:ffffc90000908d90 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814c9029
RDX: ffff888026a3a440 RSI: ffffffff814c9036 RDI: 0000000000000001
RBP: ffff88801e6b4ff8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff88801e6b4ff8 R14: ffff88801b0c5c00 R15: 0000000000000000
FS:  000055557f8c13c0(0000) GS:ffff88806b300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f95101d91b8 CR3: 00000000204fe000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __refcount_sub_and_test include/linux/refcount.h:275 [inline]
 __refcount_dec_and_test include/linux/refcount.h:307 [inline]
 refcount_dec_and_test include/linux/refcount.h:325 [inline]
 p9_req_put+0x1f4/0x250 net/9p/client.c:404
 req_done+0x1e7/0x2f0 net/9p/trans_virtio.c:147
 vring_interrupt drivers/virtio/virtio_ring.c:2595 [inline]
 vring_interrupt+0x31b/0x400 drivers/virtio/virtio_ring.c:2570
 __handle_irq_event_percpu+0x229/0x7c0 kernel/irq/handle.c:158
 handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
 handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210
 handle_edge_irq+0x263/0xd10 kernel/irq/chip.c:831
 generic_handle_irq_desc include/linux/irqdesc.h:173 [inline]
 handle_irq arch/x86/kernel/irq.c:247 [inline]
 call_irq_handler arch/x86/kernel/irq.c:259 [inline]
 __common_interrupt+0xdf/0x250 arch/x86/kernel/irq.c:285
 common_interrupt+0xab/0xd0 arch/x86/kernel/irq.c:278
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 kernel/locking/spinlock.c:194
Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 36 9d 75 f6 48 89 df e8 4e 1a 76 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 a5 90 67 f6 65 8b 05 e6 50 11 75 85 c0 74 16 5b
RSP: 0018:ffffc90003387c20 EFLAGS: 00000246
RAX: 0000000000000002 RBX: ffff88801e795280 RCX: 1ffffffff1fce401
RDX: 0000000000000000 RSI: ffffffff8b2cbac0 RDI: ffffffff8b909e40
RBP: 0000000000000246 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff8fe7645f R11: ffff88806b028a40 R12: 1ffff92000670f8c
R13: ffffffff92f07180 R14: ffff88801e794b30 R15: ffff88806b03fa18
 task_rq_unlock kernel/sched/sched.h:1689 [inline]
 wake_up_new_task+0x7b5/0xd30 kernel/sched/core.c:4703
 kernel_clone+0x5fd/0x980 kernel/fork.c:2811
 __do_sys_clone+0xba/0x100 kernel/fork.c:2923
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f95101586a3
Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
RSP: 002b:00007fff6f7d9978 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f95101586a3
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000001 R08: 0000000000000000 R09: 0079746972756365
R10: 000055557f8c1690 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f95101dab60 R14: 00007f95101dcd20 R15: 00007fff6f7d9ad0
 </TASK>
----------------
Code disassembly (best guess):
   0:	f5                   	cmc
   1:	53                   	push   %rbx
   2:	48 8b 74 24 10       	mov    0x10(%rsp),%rsi
   7:	48 89 fb             	mov    %rdi,%rbx
   a:	48 83 c7 18          	add    $0x18,%rdi
   e:	e8 36 9d 75 f6       	call   0xf6759d49
  13:	48 89 df             	mov    %rbx,%rdi
  16:	e8 4e 1a 76 f6       	call   0xf6761a69
  1b:	f7 c5 00 02 00 00    	test   $0x200,%ebp
  21:	75 23                	jne    0x46
  23:	9c                   	pushf
  24:	58                   	pop    %rax
  25:	f6 c4 02             	test   $0x2,%ah
  28:	75 37                	jne    0x61
* 2a:	bf 01 00 00 00       	mov    $0x1,%edi <-- trapping instruction
  2f:	e8 a5 90 67 f6       	call   0xf66790d9
  34:	65 8b 05 e6 50 11 75 	mov    %gs:0x751150e6(%rip),%eax        # 0x75115121
  3b:	85 c0                	test   %eax,%eax
  3d:	74 16                	je     0x55
  3f:	5b                   	pop    %rbx

final repro crashed as (corrupted=false):
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 3 PID: 5213 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Modules linked in:
CPU: 3 PID: 5213 Comm: syz-executor225 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Code: ff 89 de e8 08 59 08 fd 84 db 0f 85 66 ff ff ff e8 5b 5e 08 fd c6 05 e6 c9 4e 0b 01 90 48 c7 c7 80 3b 90 8b e8 a7 9b ca fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 38 5e 08 fd 0f b6 1d c1 c9 4e 0b 31
RSP: 0018:ffffc90000908d90 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814c9029
RDX: ffff888026a3a440 RSI: ffffffff814c9036 RDI: 0000000000000001
RBP: ffff88801e6b4ff8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff88801e6b4ff8 R14: ffff88801b0c5c00 R15: 0000000000000000
FS:  000055557f8c13c0(0000) GS:ffff88806b300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f95101d91b8 CR3: 00000000204fe000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __refcount_sub_and_test include/linux/refcount.h:275 [inline]
 __refcount_dec_and_test include/linux/refcount.h:307 [inline]
 refcount_dec_and_test include/linux/refcount.h:325 [inline]
 p9_req_put+0x1f4/0x250 net/9p/client.c:404
 req_done+0x1e7/0x2f0 net/9p/trans_virtio.c:147
 vring_interrupt drivers/virtio/virtio_ring.c:2595 [inline]
 vring_interrupt+0x31b/0x400 drivers/virtio/virtio_ring.c:2570
 __handle_irq_event_percpu+0x229/0x7c0 kernel/irq/handle.c:158
 handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
 handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210
 handle_edge_irq+0x263/0xd10 kernel/irq/chip.c:831
 generic_handle_irq_desc include/linux/irqdesc.h:173 [inline]
 handle_irq arch/x86/kernel/irq.c:247 [inline]
 call_irq_handler arch/x86/kernel/irq.c:259 [inline]
 __common_interrupt+0xdf/0x250 arch/x86/kernel/irq.c:285
 common_interrupt+0xab/0xd0 arch/x86/kernel/irq.c:278
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 kernel/locking/spinlock.c:194
Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 36 9d 75 f6 48 89 df e8 4e 1a 76 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 a5 90 67 f6 65 8b 05 e6 50 11 75 85 c0 74 16 5b
RSP: 0018:ffffc90003387c20 EFLAGS: 00000246
RAX: 0000000000000002 RBX: ffff88801e795280 RCX: 1ffffffff1fce401
RDX: 0000000000000000 RSI: ffffffff8b2cbac0 RDI: ffffffff8b909e40
RBP: 0000000000000246 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff8fe7645f R11: ffff88806b028a40 R12: 1ffff92000670f8c
R13: ffffffff92f07180 R14: ffff88801e794b30 R15: ffff88806b03fa18
 task_rq_unlock kernel/sched/sched.h:1689 [inline]
 wake_up_new_task+0x7b5/0xd30 kernel/sched/core.c:4703
 kernel_clone+0x5fd/0x980 kernel/fork.c:2811
 __do_sys_clone+0xba/0x100 kernel/fork.c:2923
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f95101586a3
Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
RSP: 002b:00007fff6f7d9978 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f95101586a3
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000001 R08: 0000000000000000 R09: 0079746972756365
R10: 000055557f8c1690 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f95101dab60 R14: 00007f95101dcd20 R15: 00007fff6f7d9ad0
 </TASK>
----------------
Code disassembly (best guess):
   0:	f5                   	cmc
   1:	53                   	push   %rbx
   2:	48 8b 74 24 10       	mov    0x10(%rsp),%rsi
   7:	48 89 fb             	mov    %rdi,%rbx
   a:	48 83 c7 18          	add    $0x18,%rdi
   e:	e8 36 9d 75 f6       	call   0xf6759d49
  13:	48 89 df             	mov    %rbx,%rdi
  16:	e8 4e 1a 76 f6       	call   0xf6761a69
  1b:	f7 c5 00 02 00 00    	test   $0x200,%ebp
  21:	75 23                	jne    0x46
  23:	9c                   	pushf
  24:	58                   	pop    %rax
  25:	f6 c4 02             	test   $0x2,%ah
  28:	75 37                	jne    0x61
* 2a:	bf 01 00 00 00       	mov    $0x1,%edi <-- trapping instruction
  2f:	e8 a5 90 67 f6       	call   0xf66790d9
  34:	65 8b 05 e6 50 11 75 	mov    %gs:0x751150e6(%rip),%eax        # 0x75115121
  3b:	85 c0                	test   %eax,%eax
  3d:	74 16                	je     0x55
  3f:	5b                   	pop    %rbx