Extracting prog: 1h13m41.789441676s Minimizing prog: 33m7.683060345s Simplifying prog options: 0s Extracting C: 2m54.488882049s Simplifying C: 56m30.24871898s 30 programs, timeouts [6m0s] extracting reproducer from 30 programs testing a last program of every proc single: executing 5 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm-socket$key-sendmsg$key detailed listing: executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@updpolicy={0xfc, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in=@dev, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}}, [@tmpl={0x44, 0x5, [{{@in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x0, 0x33}, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x2}]}]}, 0xfc}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}}, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-bpf$PROG_LOAD-syz_usb_control_io detailed listing: executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x247, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xa0}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_MSRS detailed listing: executing program 0: r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000000000073000040"]) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-mmap-madvise-munlock detailed listing: executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) munlock(&(0x7f00006a6000/0x4000)=nil, 0x4000) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-io_uring_enter-io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS-io_uring_enter detailed listing: executing program 0: r0 = syz_io_uring_setup(0x24f5, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)) io_uring_enter(r0, 0x0, 0x400000, 0x1, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, &(0x7f00000001c0)=[0x7fffffff, 0x53e56ed2], 0x2) io_uring_enter(r0, 0x52e, 0x0, 0x0, 0x0, 0x0) program did not crash single: failed to extract reproducer bisect: bisecting 30 programs with base timeout 6m0s testing program (duration=6m7s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4] detailed listing: executing program 1: socket$vsock_stream(0x28, 0x1, 0x0) r0 = syz_io_uring_setup(0x24f9, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0xa3d, 0x0, 0x0, 0x0, 0x0) executing program 1: munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}, 0x3}) executing program 1: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = dup(r0) syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0, 0x0) ioctl$PTP_EXTTS_REQUEST2(r1, 0x40603d10, &(0x7f0000000040)) executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$bind(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x370a0, 0x0) executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x1, 0xa, 0x101}, 0x14}}, 0x0) recvmmsg(r0, &(0x7f000000a080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) executing program 1: r0 = syz_io_uring_setup(0x24f5, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)) io_uring_enter(r0, 0x0, 0x400000, 0x1, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, &(0x7f00000001c0)=[0x7fffffff, 0x53e56ed2], 0x2) io_uring_enter(r0, 0x52e, 0x0, 0x0, 0x0, 0x0) executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$inet_sctp(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000002c0)="0cc4c53e52cd4f1e2787e1cd1e55684e749d3b21ae068680fadc5cc648c79186f3d98ccd3a5b1732936dcf74538ffc97a9f82112023f2567972515712c7ec4e0ed2220f5425ba6ed76928e28b07ec50b135954b94c32030210aa0e2f4645f46be81d746c6b", 0x65}, {&(0x7f0000000340)="9c89ca312f027074ae7d79f183f678fc695c50a34d0e4133881f084b6d440ab6868186a9eabf0b8e5760adbc5a349da9d1620af787745bee2d6d2e6a84ee1fe7132e692fed0e0fe948d775263f5b67a91c4bd74ceeb68e733b2389262377b79861ddf5d86ca1a6388ab7257d5f1271a35a8c79a96e3e28f094fdfa96736ef41516bd3fbec3fd955247007a18dd527d224592b6fc09a05d5628e73b", 0x7fffef9b}], 0x2}, 0x0) executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000200000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x38, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x38}}, 0x0) executing program 0: r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f00000003c0)='.\x00', r1, &(0x7f0000000140)='./file0\x00') executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$MON_IOCG_STATS(r2, 0x80089203, &(0x7f00000001c0)) executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) executing program 2: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) executing program 0: bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(gcm-aes-ce)\x00'}, 0x58) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x6, 'geneve1\x00'}) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x0, @dev, 0x0, 0x2, 'sed\x00'}, 0x2c) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x1c, 0x0, "3f114438efdaca16d374b49a365be44d5e860ea3ba676c0b5047b80e2c3535d5bd9db3c8572560f4d1be5cd41f7716082ee3589f099942e6f1c395ddb8160381baadf27900"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e21, 0x0, @remote}}, 0x0, 0x0, 0x1e, 0x0, "ddfdc6a1c172a987ae5ce3cafd64c9a736831a59b34fa9fce10159a481c4b3ac0e06891ef18bc5543ed57215a3c45f9154dfa319e52a15a2b9acf90c07fb1a854dad742eef6187f2304844c29600"}, 0xd8) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0xf5, @rand_addr, 0x1}, 0x1c) executing program 4: chdir(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xd5) executing program 4: r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000006000/0x2000)=nil, 0x930, 0x0, 0x4000013, r2, 0x600000) executing program 3: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000200)) executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)={0x38, 0x0, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0) executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000004c0), 0x208e24b) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000002480)=""/106) executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r0, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, &(0x7f00000000c0)=0x1, 0x4) executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) munlock(&(0x7f00006a6000/0x4000)=nil, 0x4000) executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000f3ff8f02"]) executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx2\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f0000006640)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000006680)="f165163afcc0b8296b279d1a62c2a318c9d88469e1c45ae81563f387f3de7659e90b688f0e08422d5621406426164a47387b51b531282886bf045dd9e69e3744977f1db2636305573c1886aa76b47c94e8e113e7863ac0ab542b76417d5bfa2142a6ccd29f591f9194079cc10a31deedb2dcb41d891be4bc35afd597dd72cf630ef45e92177270d4bea051583416b9c13895c8424dc5600c70d5b5ddb53d11fbb65cfbacbafbeb6e87871a5d277caac56222dd034bcf60f0", 0xb8}, {&(0x7f0000000340)="e74f541d24c4b951ef", 0x9}], 0x2}}], 0x1, 0x0) executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000080)={r1, r0}, 0xc) executing program 2: r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000000000073000040"]) executing program 3: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x10000, 0x2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pwritev(r0, 0x0, 0x0, 0x6, 0x17a8) executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x247, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xa0}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0) executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000180)) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000240)={0x60, 0x1, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x7, 0x0, 0x0, 0xfffffffffffffff8, 0x0, 0x5, 0x41, 0x2}) executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@updpolicy={0xfc, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in=@dev, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}}, [@tmpl={0x44, 0x5, [{{@in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x0, 0x33}, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x2}]}]}, 0xfc}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}}, 0x0) program crashed: INFO: rcu detected stall in worker_thread bisect: bisecting 30 programs bisect: split chunks (needed=false): <30> bisect: split chunk #0 of len 30 into 3 parts bisect: testing without sub-chunk 1/3 testing program (duration=6m5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4] detailed listing: executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$MON_IOCG_STATS(r2, 0x80089203, &(0x7f00000001c0)) executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) executing program 2: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) executing program 0: bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(gcm-aes-ce)\x00'}, 0x58) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x6, 'geneve1\x00'}) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x0, @dev, 0x0, 0x2, 'sed\x00'}, 0x2c) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x1c, 0x0, "3f114438efdaca16d374b49a365be44d5e860ea3ba676c0b5047b80e2c3535d5bd9db3c8572560f4d1be5cd41f7716082ee3589f099942e6f1c395ddb8160381baadf27900"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e21, 0x0, @remote}}, 0x0, 0x0, 0x1e, 0x0, "ddfdc6a1c172a987ae5ce3cafd64c9a736831a59b34fa9fce10159a481c4b3ac0e06891ef18bc5543ed57215a3c45f9154dfa319e52a15a2b9acf90c07fb1a854dad742eef6187f2304844c29600"}, 0xd8) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0xf5, @rand_addr, 0x1}, 0x1c) executing program 4: chdir(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xd5) executing program 4: r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000006000/0x2000)=nil, 0x930, 0x0, 0x4000013, r2, 0x600000) executing program 3: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000200)) executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)={0x38, 0x0, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0) executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000004c0), 0x208e24b) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000002480)=""/106) executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r0, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, &(0x7f00000000c0)=0x1, 0x4) executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) munlock(&(0x7f00006a6000/0x4000)=nil, 0x4000) executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000f3ff8f02"]) executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx2\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f0000006640)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000006680)="f165163afcc0b8296b279d1a62c2a318c9d88469e1c45ae81563f387f3de7659e90b688f0e08422d5621406426164a47387b51b531282886bf045dd9e69e3744977f1db2636305573c1886aa76b47c94e8e113e7863ac0ab542b76417d5bfa2142a6ccd29f591f9194079cc10a31deedb2dcb41d891be4bc35afd597dd72cf630ef45e92177270d4bea051583416b9c13895c8424dc5600c70d5b5ddb53d11fbb65cfbacbafbeb6e87871a5d277caac56222dd034bcf60f0", 0xb8}, {&(0x7f0000000340)="e74f541d24c4b951ef", 0x9}], 0x2}}], 0x1, 0x0) executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000080)={r1, r0}, 0xc) executing program 2: r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000000000073000040"]) executing program 3: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x10000, 0x2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pwritev(r0, 0x0, 0x0, 0x6, 0x17a8) executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x247, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xa0}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0) executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000180)) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000240)={0x60, 0x1, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x7, 0x0, 0x0, 0xfffffffffffffff8, 0x0, 0x5, 0x41, 0x2}) executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@updpolicy={0xfc, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in=@dev, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}}, [@tmpl={0x44, 0x5, [{{@in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x0, 0x33}, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x2}]}]}, 0xfc}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}}, 0x0) program crashed: INFO: task hung in rtnetlink_rcv_msg bisect: the chunk can be dropped bisect: testing without sub-chunk 2/3 testing program (duration=6m2s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4] detailed listing: executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r0, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, &(0x7f00000000c0)=0x1, 0x4) executing program 4: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) munlock(&(0x7f00006a6000/0x4000)=nil, 0x4000) executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000f3ff8f02"]) executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx2\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f0000006640)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000006680)="f165163afcc0b8296b279d1a62c2a318c9d88469e1c45ae81563f387f3de7659e90b688f0e08422d5621406426164a47387b51b531282886bf045dd9e69e3744977f1db2636305573c1886aa76b47c94e8e113e7863ac0ab542b76417d5bfa2142a6ccd29f591f9194079cc10a31deedb2dcb41d891be4bc35afd597dd72cf630ef45e92177270d4bea051583416b9c13895c8424dc5600c70d5b5ddb53d11fbb65cfbacbafbeb6e87871a5d277caac56222dd034bcf60f0", 0xb8}, {&(0x7f0000000340)="e74f541d24c4b951ef", 0x9}], 0x2}}], 0x1, 0x0) executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000080)={r1, r0}, 0xc) executing program 2: r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000000000073000040"]) executing program 3: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x10000, 0x2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pwritev(r0, 0x0, 0x0, 0x6, 0x17a8) executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x247, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xa0}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0) executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000180)) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000240)={0x60, 0x1, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x7, 0x0, 0x0, 0xfffffffffffffff8, 0x0, 0x5, 0x41, 0x2}) executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@updpolicy={0xfc, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in=@dev, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}}, [@tmpl={0x44, 0x5, [{{@in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x0, 0x33}, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x2}]}]}, 0xfc}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}}, 0x0) program did not crash bisect: testing without sub-chunk 3/3 testing program (duration=6m2s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4, 4, 4, 4, 4, 4] detailed listing: executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$MON_IOCG_STATS(r2, 0x80089203, &(0x7f00000001c0)) executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) executing program 2: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) executing program 0: bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(gcm-aes-ce)\x00'}, 0x58) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x6, 'geneve1\x00'}) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x0, @dev, 0x0, 0x2, 'sed\x00'}, 0x2c) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x1c, 0x0, "3f114438efdaca16d374b49a365be44d5e860ea3ba676c0b5047b80e2c3535d5bd9db3c8572560f4d1be5cd41f7716082ee3589f099942e6f1c395ddb8160381baadf27900"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e21, 0x0, @remote}}, 0x0, 0x0, 0x1e, 0x0, "ddfdc6a1c172a987ae5ce3cafd64c9a736831a59b34fa9fce10159a481c4b3ac0e06891ef18bc5543ed57215a3c45f9154dfa319e52a15a2b9acf90c07fb1a854dad742eef6187f2304844c29600"}, 0xd8) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0xf5, @rand_addr, 0x1}, 0x1c) executing program 4: chdir(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xd5) executing program 4: r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000006000/0x2000)=nil, 0x930, 0x0, 0x4000013, r2, 0x600000) executing program 3: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000200)) executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)={0x38, 0x0, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0) executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000004c0), 0x208e24b) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000002480)=""/106) program crashed: INFO: rcu detected stall in sys_symlink bisect: the chunk can be dropped bisect: split chunks (needed=true): <10> bisect: split chunk #0 of len 10 into 2 parts bisect: testing without sub-chunk 1/2 testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4] detailed listing: executing program 4: chdir(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xd5) executing program 4: r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000006000/0x2000)=nil, 0x930, 0x0, 0x4000013, r2, 0x600000) executing program 3: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000200)) executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)={0x38, 0x0, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0) executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000004c0), 0x208e24b) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000002480)=""/106) program did not crash bisect: testing without sub-chunk 2/2 testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4, 4, 4] detailed listing: executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$MON_IOCG_STATS(r2, 0x80089203, &(0x7f00000001c0)) executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) executing program 2: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) executing program 0: bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(gcm-aes-ce)\x00'}, 0x58) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x6, 'geneve1\x00'}) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x0, @dev, 0x0, 0x2, 'sed\x00'}, 0x2c) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x1c, 0x0, "3f114438efdaca16d374b49a365be44d5e860ea3ba676c0b5047b80e2c3535d5bd9db3c8572560f4d1be5cd41f7716082ee3589f099942e6f1c395ddb8160381baadf27900"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e21, 0x0, @remote}}, 0x0, 0x0, 0x1e, 0x0, "ddfdc6a1c172a987ae5ce3cafd64c9a736831a59b34fa9fce10159a481c4b3ac0e06891ef18bc5543ed57215a3c45f9154dfa319e52a15a2b9acf90c07fb1a854dad742eef6187f2304844c29600"}, 0xd8) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0xf5, @rand_addr, 0x1}, 0x1c) program crashed: INFO: task hung in corrupted bisect: the chunk can be dropped bisect: split chunks (needed=true): <5> bisect: split chunk #0 of len 5 into 2 parts bisect: testing without sub-chunk 1/2 testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4] detailed listing: executing program 0: bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(gcm-aes-ce)\x00'}, 0x58) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x6, 'geneve1\x00'}) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x0, @dev, 0x0, 0x2, 'sed\x00'}, 0x2c) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x1c, 0x0, "3f114438efdaca16d374b49a365be44d5e860ea3ba676c0b5047b80e2c3535d5bd9db3c8572560f4d1be5cd41f7716082ee3589f099942e6f1c395ddb8160381baadf27900"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e21, 0x0, @remote}}, 0x0, 0x0, 0x1e, 0x0, "ddfdc6a1c172a987ae5ce3cafd64c9a736831a59b34fa9fce10159a481c4b3ac0e06891ef18bc5543ed57215a3c45f9154dfa319e52a15a2b9acf90c07fb1a854dad742eef6187f2304844c29600"}, 0xd8) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0xf5, @rand_addr, 0x1}, 0x1c) program did not crash bisect: testing without sub-chunk 2/2 testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 4, 4] detailed listing: executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$MON_IOCG_STATS(r2, 0x80089203, &(0x7f00000001c0)) executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) executing program 2: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) program crashed: INFO: rcu detected stall in corrupted bisect: the chunk can be dropped bisect: split chunks (needed=true): <3> bisect: split chunk #0 of len 3 into 2 parts bisect: testing without sub-chunk 1/2 testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL-sendmsg$NFT_BATCH-mmap detailed listing: executing program 2: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) program crashed: INFO: rcu detected stall in corrupted bisect: the chunk can be dropped bisect: testing without sub-chunk 2/2 bisect: no need to test this chunk, it's definitely needed bisect: split chunks (needed=true): <1> bisect: split chunk #0 of len 1 into 2 parts bisect: no way to further split the chunk bisect: 1 programs left: executing program 2: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) bisect: trying to concatenate bisect: concatenate 1 entries testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL-sendmsg$NFT_BATCH-mmap detailed listing: executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) program crashed: INFO: rcu detected stall in corrupted bisect: concatenation succeeded found reproducer with 4 syscalls minimizing guilty program testing program (duration=5m15.924354536s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL-sendmsg$NFT_BATCH detailed listing: executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) program crashed: INFO: rcu detected stall in corrupted testing program (duration=5m15.924354536s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL detailed listing: executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}}) program crashed: INFO: rcu detected stall in corrupted testing program (duration=5m15.924354536s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix detailed listing: executing program 0: socket$unix(0x1, 0x5, 0x0) program did not crash testing program (duration=5m15.924354536s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$sock_SIOCETHTOOL detailed listing: executing program 0: ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x1c, "f42a97b96d025891dd3f75fdda624457ad3d5c36389c308570204262"}}) program did not crash testing program (duration=5m15.924354536s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL detailed listing: executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, 0x0) program did not crash testing program (duration=5m15.924354536s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL detailed listing: executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', 0x0}) program did not crash testing program (duration=5m15.924354536s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL detailed listing: executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs}) program did not crash extracting C reproducer testing compiled C program (duration=5m15.924354536s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: rcu detected stall in corrupted simplifying C reproducer testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: task hung in corrupted testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: rcu detected stall in worker_thread testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: rcu detected stall in sys_newfstatat a never seen crash title: INFO: rcu detected stall in sys_newfstatat, ignore testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: rcu detected stall in corrupted testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: rcu detected stall in corrupted testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: rcu detected stall in corrupted testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: rcu detected stall in corrupted testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: rcu detected stall in corrupted testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: rcu detected stall in corrupted testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: rcu detected stall in corrupted testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: rcu detected stall in corrupted reproducing took 2h46m14.210123977s repro crashed as (corrupted=true): ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu: (detected by 0, t=10502 jiffies, g=6209, q=1473 ncpus=2) rcu: All QSes seen, last rcu_preempt kthread activity 10494 (4294978054-4294967560), jiffies_till_next_fqs=1, root ->qsmask 0x0 rcu: rcu_preempt kthread starved for 10495 jiffies! g6209 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_preempt state:R running task stack:24912 pid:17 tgid:17 ppid:2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5322 [inline] __schedule+0x1843/0x4ae0 kernel/sched/core.c:6682 __schedule_loop kernel/sched/core.c:6759 [inline] schedule+0x14b/0x320 kernel/sched/core.c:6774 schedule_timeout+0x1be/0x310 kernel/time/timer.c:2615 rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2045 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2247 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 rcu: Stack dump where RCU GP kthread last ran: Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 UID: 0 PID: 46 Comm: kworker/1:1 Not tainted 6.12.0-rc2-syzkaller-00323-gcfea70e835b9 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: wg-crypt-wg0 wg_packet_tx_worker RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:87 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:161 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] RIP: 0010:kasan_check_range+0x86/0x290 mm/kasan/generic.c:189 Code: 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd 41 80 3b 00 <0f> 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00 00 45 89 dc RSP: 0018:ffffc90000a18000 EFLAGS: 00000046 RAX: 0000000000000001 RBX: 1ffffffff2852500 RCX: ffffffff81706b9c RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff94292800 RBP: ffffffffffffffff R08: ffffffff94292807 R09: 1ffffffff2852500 R10: dffffc0000000000 R11: fffffbfff2852500 R12: 0000000000000000 R13: ffff888020a8a8d8 R14: dffffc0000000001 R15: fffffbfff2852501 FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc6f8c8d514 CR3: 000000003183e000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: instrument_atomic_read include/linux/instrumented.h:68 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] hlock_class kernel/locking/lockdep.c:228 [inline] __lock_acquire+0xf3c/0x2050 kernel/locking/lockdep.c:5198 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __raw_read_lock_bh include/linux/rwlock_api_smp.h:176 [inline] _raw_read_lock_bh+0x3d/0x50 kernel/locking/spinlock.c:252 ebt_do_table+0xfd/0x2a40 net/bridge/netfilter/ebtables.c:211 ebt_broute+0x293/0x800 net/bridge/netfilter/ebtable_broute.c:61 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_bridge_pre net/bridge/br_input.c:277 [inline] br_handle_frame+0x9fd/0x1530 net/bridge/br_input.c:424 __netif_receive_skb_core+0x13e8/0x4570 net/core/dev.c:5560 __netif_receive_skb_one_core net/core/dev.c:5664 [inline] __netif_receive_skb+0x12f/0x650 net/core/dev.c:5779 process_backlog+0x662/0x15b0 net/core/dev.c:6111 __napi_poll+0xcb/0x490 net/core/dev.c:6775 napi_poll net/core/dev.c:6844 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:6966 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554 do_softirq+0x11b/0x1e0 kernel/softirq.c:455 __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline] keep_key_fresh drivers/net/wireguard/send.c:135 [inline] wg_packet_create_data_done drivers/net/wireguard/send.c:259 [inline] wg_packet_tx_worker+0x5ef/0x810 drivers/net/wireguard/send.c:276 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 2.163 msecs net_ratelimit: 28669 callbacks suppressed ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::1c on veth1_to_bridge! net_ratelimit: 31539 callbacks suppressed ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::1c on veth1_to_bridge! report is corrupted, running repro again testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: rcu detected stall in corrupted report is corrupted, running repro again testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: rcu detected stall in corrupted report is corrupted, running repro again testing compiled C program (duration=5m15.924354536s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$unix-ioctl$sock_SIOCETHTOOL program crashed: INFO: rcu detected stall in corrupted final repro crashed as (corrupted=true): ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu: (detected by 0, t=10502 jiffies, g=5413, q=1744 ncpus=2) rcu: All QSes seen, last rcu_preempt kthread activity 3954 (4294973155-4294969201), jiffies_till_next_fqs=1, root ->qsmask 0x0 rcu: rcu_preempt kthread starved for 3955 jiffies! g5413 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_preempt state:R running task stack:25136 pid:17 tgid:17 ppid:2 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:5322 [inline] __schedule+0x1843/0x4ae0 kernel/sched/core.c:6682 __schedule_loop kernel/sched/core.c:6759 [inline] schedule+0x14b/0x320 kernel/sched/core.c:6774 schedule_timeout+0x1be/0x310 kernel/time/timer.c:2615 rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2045 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2247 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 rcu: Stack dump where RCU GP kthread last ran: CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc2-syzkaller-00323-gcfea70e835b9 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:seqcount_lockdep_reader_access+0x1e0/0x220 include/linux/seqlock.h:75 Code: 00 4d 85 ed 75 16 e8 bf 58 12 00 eb 15 e8 b8 58 12 00 e8 43 99 3a 0a 4d 85 ed 74 ea e8 a9 58 12 00 fb 48 c7 04 24 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 66 43 c7 44 3c 09 00 00 43 c6 44 3c 0b 00 RSP: 0018:ffffc90000155de0 EFLAGS: 00000246 RAX: ffffffff81828e57 RBX: 0000000000000000 RCX: ffff88801beeda00 RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc90000155e98 R08: ffffffff81828e2d R09: 1ffffffff203796d R10: dffffc0000000000 R11: fffffbfff203796e R12: dffffc0000000000 R13: 0000000000000200 R14: 0000000000000046 R15: 1ffff9200002abbc FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055c35d005680 CR3: 0000000021336000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ktime_get_with_offset+0x83/0x150 kernel/time/timekeeping.c:891 ktime_get_real include/linux/timekeeping.h:82 [inline] netif_rx_internal+0x459/0x630 net/core/dev.c:5172 __netif_rx+0x78/0xc0 net/core/dev.c:5215 veth_forward_skb drivers/net/veth.c:322 [inline] veth_xmit+0x61d/0xae0 drivers/net/veth.c:375 __netdev_start_xmit include/linux/netdevice.h:4916 [inline] netdev_start_xmit include/linux/netdevice.h:4925 [inline] xmit_one net/core/dev.c:3588 [inline] dev_hard_start_xmit+0x27a/0x7e0 net/core/dev.c:3604 __dev_queue_xmit+0x1b11/0x3ed0 net/core/dev.c:4428 dev_queue_xmit include/linux/netdevice.h:3094 [inline] br_dev_queue_push_xmit+0x703/0x8d0 net/bridge/br_forward.c:53 NF_HOOK+0x700/0x7c0 include/linux/netfilter.h:314 br_nf_post_routing+0xa20/0xe80 net/bridge/br_netfilter_hooks.c:994 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK+0x2a7/0x460 include/linux/netfilter.h:312 br_forward_finish+0xd8/0x130 net/bridge/br_forward.c:66 br_nf_forward_finish+0xb49/0xfb0 net/bridge/br_netfilter_hooks.c:690 NF_HOOK+0x700/0x7c0 include/linux/netfilter.h:314 br_nf_forward_ip+0x61e/0x7b0 net/bridge/br_netfilter_hooks.c:744 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK+0x2a7/0x460 include/linux/netfilter.h:312 __br_forward+0x489/0x660 net/bridge/br_forward.c:115 deliver_clone net/bridge/br_forward.c:131 [inline] maybe_deliver+0xb3/0x150 net/bridge/br_forward.c:190 br_flood+0x2e4/0x660 net/bridge/br_forward.c:236 br_handle_frame_finish+0x18ba/0x1fe0 net/bridge/br_input.c:215 br_nf_hook_thresh+0x472/0x590 br_nf_pre_routing_finish_ipv6+0xaa0/0xdd0 NF_HOOK include/linux/netfilter.h:314 [inline] br_nf_pre_routing_ipv6+0x379/0x770 net/bridge/br_netfilter_ipv6.c:184 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_bridge_pre net/bridge/br_input.c:277 [inline] br_handle_frame+0x9fd/0x1530 net/bridge/br_input.c:424 __netif_receive_skb_core+0x13e8/0x4570 net/core/dev.c:5560 __netif_receive_skb_one_core net/core/dev.c:5664 [inline] __netif_receive_skb+0x12f/0x650 net/core/dev.c:5779 process_backlog+0x662/0x15b0 net/core/dev.c:6111 __napi_poll+0xcb/0x490 net/core/dev.c:6775 napi_poll net/core/dev.c:6844 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:6966 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:927 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge! ICMPv6: NA: aa:aa:aa:aa:aa:1c advertised our address fe80::a8aa:aaff:feaa:aa1c on veth1_to_bridge!