Extracting prog: 22m52.831612664s Minimizing prog: 15m30.045410645s Simplifying prog options: 0s Extracting C: 1m7.654857635s Simplifying C: 24m13.963195007s extracting reproducer from 52 programs testing a last program of every proc single: executing 12 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-socket$nl_netfilter-sendmsg$IPSET_CMD_CREATE-sendmsg$IPSET_CMD_DESTROY detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4) program did not crash program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_control_io$hid-syz_emit_vhci-syz_emit_vhci-socketpair$unix detailed listing: executing program 0: syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_usb_control_io$cdc_ncm-syz_usb_ep_write$ath9k_ep1 detailed listing: executing program 0: r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b000100001000090455070103490200090582030004"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io-syz_usb_control_io detailed listing: executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$video-sched_setscheduler-prctl$PR_SCHED_CORE-openat$sequencer-syz_open_dev$sndmidi-writev-syz_init_net_socket$802154_dgram-openat$snapshot-bind$802154_dgram-mkdirat-mount$fuse-socket$nl_netfilter-add_key-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-sendfile-mount-chdir-symlinkat-readlinkat-openat2$dir-creat-connect$802154_dgram-sendmmsg-socket$inet6_tcp-setsockopt$inet6_tcp_int detailed listing: executing program 0: syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000005c0), 0x8001, 0x0) bind$802154_dgram(r1, &(0x7f0000000040)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0102}}}, 0x14) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1e8) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) add_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000240)="000000000000002499b8f276dc7558ecf97a4449a2e3f8367d61f49e160ba48f614a54a8192c2876b7f843cd3a3c07288fa0f1e28983b5cdc2e29b6e", 0x3c, 0xffffffffffffffff) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a010200000000000000000200000009000200052000000000000008000440000000000900010073797a3000000000080003400000000a"], 0x64}}, 0x0) sendfile(r0, r2, &(0x7f00000001c0)=0x6, 0x8) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlinkat(&(0x7f0000000400)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00') readlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', &(0x7f0000001300)=""/4096, 0x1000) openat2$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', &(0x7f0000000480)={0x80000, 0x182, 0x5}, 0x18) creat(&(0x7f0000000140)='./file1\x00', 0x10b) connect$802154_dgram(r1, &(0x7f0000000240)={0x24, @none={0x0, 0x3}}, 0x14) sendmmsg(r1, &(0x7f00000196c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xd, 0x0}}], 0x4000050, 0x400c010) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$video-sched_setscheduler-prctl$PR_SCHED_CORE-openat$sequencer-syz_open_dev$sndmidi-writev-syz_init_net_socket$802154_dgram-openat$snapshot-bind$802154_dgram-mkdirat-mount$fuse-socket$nl_netfilter-add_key-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-sendfile-mount-chdir-symlinkat-readlinkat-openat2$dir-creat-connect$802154_dgram-sendmmsg-socket$inet6_tcp-setsockopt$inet6_tcp_int detailed listing: executing program 0: syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000005c0), 0x8001, 0x0) bind$802154_dgram(r1, &(0x7f0000000040)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0102}}}, 0x14) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1e8) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) add_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000240)="000000000000002499b8f276dc7558ecf97a4449a2e3f8367d61f49e160ba48f614a54a8192c2876b7f843cd3a3c07288fa0f1e28983b5cdc2e29b6e", 0x3c, 0xffffffffffffffff) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a010200000000000000000200000009000200052000000000000008000440000000000900010073797a3000000000080003400000000a"], 0x64}}, 0x0) sendfile(r0, r2, &(0x7f00000001c0)=0x6, 0x8) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlinkat(&(0x7f0000000400)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00') readlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', &(0x7f0000001300)=""/4096, 0x1000) openat2$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', &(0x7f0000000480)={0x80000, 0x182, 0x5}, 0x18) creat(&(0x7f0000000140)='./file1\x00', 0x10b) connect$802154_dgram(r1, &(0x7f0000000240)={0x24, @none={0x0, 0x3}}, 0x14) sendmmsg(r1, &(0x7f00000196c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xd, 0x0}}], 0x4000050, 0x400c010) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-sendmsg$IPSET_CMD_CREATE-write-socket-setsockopt$inet_int-sendmsg$NFT_BATCH-syz_open_procfs-setsockopt$sock_linger detailed listing: executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) write(0xffffffffffffffff, 0x0, 0x0) r4 = socket(0x1d, 0x2, 0x6) setsockopt$inet_int(r4, 0x6a, 0x16, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20044009}, 0x4000) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x6}, 0x8) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-sendmsg$IPSET_CMD_CREATE-write-socket-setsockopt$inet_int-sendmsg$NFT_BATCH-syz_open_procfs-setsockopt$sock_linger detailed listing: executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) write(0xffffffffffffffff, 0x0, 0x0) r4 = socket(0x1d, 0x2, 0x6) setsockopt$inet_int(r4, 0x6a, 0x16, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20044009}, 0x4000) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x6}, 0x8) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-fcntl$dupfd-poll-setsockopt$inet6_tcp_int detailed listing: executing program 0: r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) poll(&(0x7f0000000100)=[{r1, 0x2}], 0x1, 0x2) setsockopt$inet6_tcp_int(r1, 0x6, 0x6, &(0x7f0000000000)=0x2000, 0x4) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioprio_get$uid-syz_usb_connect$hid-syz_usb_control_io$hid-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_RES_GET-syz_usb_control_io$hid detailed listing: executing program 0: ioprio_get$uid(0x3, 0xee00) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x145f, 0x212, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x0, 0x90, 0x7c, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xa}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) (async) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_GET(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x10, 0x1409, 0x1, 0x70bd29, 0x25dfdbfd}, 0x10}, 0x1, 0x0, 0x0, 0x80}, 0x40040000) (async) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x8, {[@local=@item_4={0x3, 0x2, 0x7, "8c740a1b"}, @main=@item_012={0x2, 0x0, 0xa, "6810"}]}}, 0x0}, 0x0) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$sg-fcntl$dupfd-poll-setsockopt$inet6_tcp_int detailed listing: executing program 0: r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) poll(&(0x7f0000000100)=[{r1, 0x2}], 0x1, 0x2) setsockopt$inet6_tcp_int(r1, 0x6, 0x6, &(0x7f0000000000)=0x2000, 0x4) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioprio_get$uid-syz_usb_connect$hid-syz_usb_control_io$hid-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_RES_GET-syz_usb_control_io$hid detailed listing: executing program 0: ioprio_get$uid(0x3, 0xee00) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x145f, 0x212, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x0, 0x90, 0x7c, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xa}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) (async) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_GET(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x10, 0x1409, 0x1, 0x70bd29, 0x25dfdbfd}, 0x10}, 0x1, 0x0, 0x0, 0x80}, 0x40040000) (async) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x8, {[@local=@item_4={0x3, 0x2, 0x7, "8c740a1b"}, @main=@item_012={0x2, 0x0, 0xa, "6810"}]}}, 0x0}, 0x0) program did not crash single: failed to extract reproducer bisect: bisecting 52 programs with base timeout 30s testing program (duration=43s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 22, 14, 38, 16, 6, 12, 20, 10, 13, 9, 4, 6, 4, 2, 2, 10, 11, 3, 18, 18, 9, 3, 2, 8, 2, 26, 26, 24, 2, 3, 2, 2, 12, 1, 5, 2, 2, 10, 1, 4, 3, 4, 3, 9, 2, 2, 4, 28, 29, 4, 12] detailed listing: executing program 2: r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) r1 = socket$igmp(0x2, 0x3, 0x2) r2 = getpid() setpgid(0xffffffffffffffff, r2) ptrace(0x10, r2) setsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, 0x0, 0x0) dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x6, @private1, 0x3}, 0x1c) executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x202, 0x0) ioctl$F2FS_IOC_SET_COMPRESS_OPTION(r0, 0x4002f516, &(0x7f0000000180)={0xbe, 0x7}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) (async) r4 = socket$inet6(0xa, 0x3, 0x9) setsockopt$inet6_mreq(r4, 0x29, 0x24, &(0x7f00000008c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x14) (async, rerun: 64) r5 = socket$inet6(0xa, 0x3, 0x3c) (async, rerun: 64) r6 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r6, 0x10e, 0x8, &(0x7f0000000080)=0x6, 0x4) (async) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x41) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async) sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c) (async) writev(r5, &(0x7f0000000e40), 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 32) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000005b000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, 0x0}], 0x1, 0x21, 0x0, 0x0) (async, rerun: 32) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000000)="f00fc7484d36f08266060266b9800000c00f326635000400000f308bc1de780066b9aa0200000f3266b9ab0900000f32f2f031b3e759dc2c", 0x38}], 0x1, 0x9f6a364b3fac2a67, 0x0, 0x0) (async, rerun: 32) ioctl$KVM_RUN(r2, 0xae80, 0x0) (rerun: 32) executing program 2: madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) (async) r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000042c0)={0x0, 0x0, &(0x7f0000003fc0)=[{&(0x7f0000002480)={0x10, 0x30, 0x812, 0x70bd2a, 0x25dfdbfe}, 0x10}], 0x1, &(0x7f0000004200)=[@rights={{0x10}}], 0x10, 0x40}, 0x4) ioctl$SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x2272, &(0x7f0000000000)) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) prctl$PR_SET_IO_FLUSHER(0x39, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) executing program 2: r0 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) r1 = socket(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000780)=ANY=[@ANYBLOB="03000000000000000a004e2300000009ff010000000000000000000000000001080000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000be452c68"], 0x90) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f00000000c0)={0x41, 0x12}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x3}, 0x10) r5 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000100)={0x41}, 0x1be) bind$tipc(r4, 0x0, 0x0) sendmsg$tipc(r4, &(0x7f0000000240)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x18}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x101d0}, 0x0) r6 = socket$kcm(0xa, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000240)={&(0x7f0000000040)=@l2={0x1f, 0xfff, @any, 0x10}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000100)="eff77ce7ccea2e740f2e4c34c12a77bbbc54a870951d9fef50d2b79504ec5d0029e8f0f2247b509ba2be101d3266", 0x2e}, {&(0x7f0000000140)="735d959b40ac48b3928ddedf22fe00cda5dfa6f436411a63e7967790b2761aec5dd6eec61d68ed7860bfc08070ac973498963dce10d8df1f8f3166206674d425f392403883e5522de8f59c766611f664b034c7477e559b63e43614a64f35d8056d5d3a0a6a753b320860028784ce1edfa8b224b63d967cf3c37a9309c5e5ae1213b06d046fad1de86bedf402d79f08c39bdcdefa03692a79e2845e0d2477a8d2efead7a216c3ffa5c87a6e3bcf6a905cfddff2", 0xb3}], 0x2, &(0x7f0000000340)=[{0x18, 0x10b, 0x379, "a1746d8b3bef"}, {0xd8, 0x88, 0x9, "2dab2461a6e205784a45721ec43f3a442c8da233d4c1a17c31ce5667be973bb40efc0ddec7f2890bd22828d551de04c862b3b61c3f561686772bc253d7124d27c15b316fce4ed54b39421b6be0b3d2fc892219f3e03727e8937315baf95b64d3bc4382bc402891937865ed3ee5905c12d71172d8b9e6daf9d364d456555fe6db989cc8f09088f668cfbec9fea97644f74e08dd567c35f40311783c04c7e003b487033546b318b46dc7aa03aeeee65ea786cd0ce277c980bcb3ca4a4d648ec9b70037eede09ce"}, {0x40, 0x10a, 0x1, "99a615978a5fa8a41cfbe2975f8b4776b5876319af14cb8ada0917613de4201b281e1d607006314c311d"}, {0xd0, 0x88, 0x2, "d1614e5dbc16767a8a85c157fbde09c4b931972c7eacc5b2d32f4f48dedc6f59f70278cae69b26a10440064bd812c6df557284799e345162aa4208a334f14dc0663e2c9bebcfdf68356fcd356f8748c878e8f7adf7a5710b635c9a9ee6b89729222c6be8130b2fd10fa1ccfaf15c33d38ff8bd9580d6651627d683808d27ac1596ca040d600d0288c9b3f5821b45e57c831d67d68acdbf96a4891c392d8f22403e12ac85b5879329629dcecad1f0f0aea672d935dd7342384684242cb85f"}], 0x200}, 0x4000000) r7 = syz_open_dev$usbmon(&(0x7f0000000540), 0x8, 0x22000) ioctl$MON_IOCX_GETX(r7, 0x4018920a, &(0x7f00000006c0)={&(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f00000005c0)=""/212, 0xd4}) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000a00)=@generic={0xa, "8ab77fa26849ff26650042e2dacd00005efe0000000162e2adacd2737d00ad6f9fa9f3d7145e15dd9d6d2e19c211220940ad5def53b911ba5b9da13641f9826d7012a749f54b901ee80ea6132ca6e88c776553e1833052ca376304313c4b37780136a4b838570400"}, 0x80, 0x0}, 0x0) memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) (async) socket(0xa, 0x1, 0x0) (async) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000780)=ANY=[@ANYBLOB="03000000000000000a004e2300000009ff010000000000000000000000000001080000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000be452c68"], 0x90) (async) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) (async) socket$tipc(0x1e, 0x2, 0x0) (async) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f00000000c0)={0x41, 0x12}, 0x10) (async) socket$tipc(0x1e, 0x2, 0x0) (async) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) (async) socket$tipc(0x1e, 0x2, 0x0) (async) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x3}, 0x10) (async) socket$tipc(0x1e, 0x2, 0x0) (async) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000100)={0x41}, 0x1be) (async) bind$tipc(r4, 0x0, 0x0) (async) sendmsg$tipc(r4, &(0x7f0000000240)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x18}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x101d0}, 0x0) (async) socket$kcm(0xa, 0x2, 0x0) (async) sendmsg$kcm(r6, &(0x7f0000000240)={&(0x7f0000000040)=@l2={0x1f, 0xfff, @any, 0x10}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000100)="eff77ce7ccea2e740f2e4c34c12a77bbbc54a870951d9fef50d2b79504ec5d0029e8f0f2247b509ba2be101d3266", 0x2e}, {&(0x7f0000000140)="735d959b40ac48b3928ddedf22fe00cda5dfa6f436411a63e7967790b2761aec5dd6eec61d68ed7860bfc08070ac973498963dce10d8df1f8f3166206674d425f392403883e5522de8f59c766611f664b034c7477e559b63e43614a64f35d8056d5d3a0a6a753b320860028784ce1edfa8b224b63d967cf3c37a9309c5e5ae1213b06d046fad1de86bedf402d79f08c39bdcdefa03692a79e2845e0d2477a8d2efead7a216c3ffa5c87a6e3bcf6a905cfddff2", 0xb3}], 0x2, &(0x7f0000000340)=[{0x18, 0x10b, 0x379, "a1746d8b3bef"}, {0xd8, 0x88, 0x9, "2dab2461a6e205784a45721ec43f3a442c8da233d4c1a17c31ce5667be973bb40efc0ddec7f2890bd22828d551de04c862b3b61c3f561686772bc253d7124d27c15b316fce4ed54b39421b6be0b3d2fc892219f3e03727e8937315baf95b64d3bc4382bc402891937865ed3ee5905c12d71172d8b9e6daf9d364d456555fe6db989cc8f09088f668cfbec9fea97644f74e08dd567c35f40311783c04c7e003b487033546b318b46dc7aa03aeeee65ea786cd0ce277c980bcb3ca4a4d648ec9b70037eede09ce"}, {0x40, 0x10a, 0x1, "99a615978a5fa8a41cfbe2975f8b4776b5876319af14cb8ada0917613de4201b281e1d607006314c311d"}, {0xd0, 0x88, 0x2, "d1614e5dbc16767a8a85c157fbde09c4b931972c7eacc5b2d32f4f48dedc6f59f70278cae69b26a10440064bd812c6df557284799e345162aa4208a334f14dc0663e2c9bebcfdf68356fcd356f8748c878e8f7adf7a5710b635c9a9ee6b89729222c6be8130b2fd10fa1ccfaf15c33d38ff8bd9580d6651627d683808d27ac1596ca040d600d0288c9b3f5821b45e57c831d67d68acdbf96a4891c392d8f22403e12ac85b5879329629dcecad1f0f0aea672d935dd7342384684242cb85f"}], 0x200}, 0x4000000) (async) syz_open_dev$usbmon(&(0x7f0000000540), 0x8, 0x22000) (async) ioctl$MON_IOCX_GETX(r7, 0x4018920a, &(0x7f00000006c0)={&(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f00000005c0)=""/212, 0xd4}) (async) sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000a00)=@generic={0xa, "8ab77fa26849ff26650042e2dacd00005efe0000000162e2adacd2737d00ad6f9fa9f3d7145e15dd9d6d2e19c211220940ad5def53b911ba5b9da13641f9826d7012a749f54b901ee80ea6132ca6e88c776553e1833052ca376304313c4b37780136a4b838570400"}, 0x80, 0x0}, 0x0) (async) executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) (async) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000200)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, 0x4000, 0x1}) (async) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) r3 = accept$alg(r2, 0x0, 0x0) sendmsg$alg(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)='[', 0x1}], 0x1, 0x0, 0x0, 0x30008040}, 0x40080d1) (async) accept(r3, 0x0, 0x0) (async) r4 = accept4(r1, 0x0, 0x0, 0x80800) sendmsg$alg(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000480)="b716c769eb5f7fe9a9f9b1850e74cf5d61bf146a1af25e0fb4df6c22844bc1367f990b87b6e7f0aa68ed764110cd8061360d0b516a68ef5d113a2951e705d309ae24ef1a4eeaa9a7b2ac4a4d400b4961d54a82df59d6a29f39974b1189d2538e23cc37b2a29403602a83ce2e191145af7f2302eaaa5a4f517abcc674010c9233a4121d5b8552ef930cfc8cf07f335654273e3aa92ff7365d3b161b31a68dd7b48ad60c8b52", 0xa5}], 0x1, 0x0, 0x0, 0x400c1}, 0x85) (async) recvmsg(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000340)=""/83, 0x53}], 0x2, 0x0, 0x0, 0xf5000000}, 0x0) (async) syz_usb_connect(0x3, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000009a65d0860040800dee20102030109021b05000000000009040000f678eaf5000905", @ANYRES32], 0x0) executing program 2: ioprio_get$uid(0x3, 0xee00) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x145f, 0x212, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x0, 0x90, 0x7c, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xa}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) (async) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_GET(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x10, 0x1409, 0x1, 0x70bd29, 0x25dfdbfd}, 0x10}, 0x1, 0x0, 0x0, 0x80}, 0x40040000) (async) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x8, {[@local=@item_4={0x3, 0x2, 0x7, "8c740a1b"}, @main=@item_012={0x2, 0x0, 0xa, "6810"}]}}, 0x0}, 0x0) executing program 3: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_control_io$printer(r0, 0x0, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) (async) syz_usb_control_io$hid(r1, 0x0, 0x0) (async) syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x6, "2313"}, @main=@item_012={0x2, 0x0, 0x8, '{|'}, @global=@item_4={0x3, 0x1, 0x8, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @local=@item_4={0x3, 0x2, 0x9, "eb212189"}, @main=@item_4={0x3, 0x0, 0x8}, @main=@item_4={0x3, 0x0, 0x9, "cdd2f361"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) r2 = gettid() (async) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x2082) read(r3, &(0x7f0000000100)=""/140, 0xde) tkill(r2, 0x7) (async) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000440)={0x1c, &(0x7f00000007c0)=ANY=[@ANYBLOB="0003a200"], 0x0, 0x0}) executing program 3: unshare(0x2040600) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000000)=0x3, 0x2) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r1, 0x3b87, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x5}) connect$bt_sco(r0, &(0x7f0000000080)={0x1f, @fixed}, 0x8) r2 = socket$kcm(0x11, 0x200000000000002, 0x300) r3 = socket$nl_rdma(0x10, 0x3, 0x14) getsockopt$netlink(r3, 0x10e, 0x9, 0x0, &(0x7f0000000280)) sendmsg$kcm(r2, &(0x7f0000000280)={&(0x7f0000000300)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x9, 0x3}}, 0x80, 0x0, 0xc1f8f454f84f1f5b, &(0x7f0000000a00)=ANY=[@ANYBLOB="1400000000000000010000000c"], 0x14}, 0x48000) unshare(0x2040600) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000000)=0x3, 0x2) (async) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) (async) ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r1, 0x3b87, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x5}) (async) connect$bt_sco(r0, &(0x7f0000000080)={0x1f, @fixed}, 0x8) (async) socket$kcm(0x11, 0x200000000000002, 0x300) (async) socket$nl_rdma(0x10, 0x3, 0x14) (async) getsockopt$netlink(r3, 0x10e, 0x9, 0x0, &(0x7f0000000280)) (async) sendmsg$kcm(r2, &(0x7f0000000280)={&(0x7f0000000300)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x9, 0x3}}, 0x80, 0x0, 0xc1f8f454f84f1f5b, &(0x7f0000000a00)=ANY=[@ANYBLOB="1400000000000000010000000c"], 0x14}, 0x48000) (async) executing program 3: eventfd2(0x5, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) syz_usb_connect(0x5, 0x3f, &(0x7f0000005100)={{0x12, 0x1, 0x310, 0x81, 0xd7, 0xdf, 0x8, 0x5da, 0x94, 0x388a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0xb, 0xff, 0x50, 0x4d, [{{0x9, 0x4, 0xf2, 0xe1, 0x3, 0xde, 0xa3, 0x3f, 0x5, [], [{{0x9, 0x5, 0x4, 0x0, 0x8, 0x0, 0xac, 0x7}}, {{0x9, 0x5, 0x6, 0x2, 0xc58ee9a780c73d77, 0x85, 0x7, 0x7}}, {{0x9, 0x5, 0xe, 0x4, 0x200, 0x8, 0x2, 0x4a}}]}}]}}]}}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0}) executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendmmsg$inet6(r0, &(0x7f0000019680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20004855) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f00000001c0)=0x7f, 0x4) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x28a5291, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x1, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000008c0)={0x0, 0x15bd, 0xb6ca, 0x0, 0x0, [0x2]}) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f0000000000000000140002"], 0x54}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c0001800600060065580000971b0280540211"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000000)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r0, 0x4010641c, &(0x7f0000000080)={r2, &(0x7f0000000040)=""/63}) r3 = openat$cuse(0xffffff9c, &(0x7f0000005400), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_INODE(r3, &(0x7f0000005580)={0x28}, 0x28) executing program 3: r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) poll(&(0x7f0000000100)=[{r1, 0x2}], 0x1, 0x2) setsockopt$inet6_tcp_int(r1, 0x6, 0x6, &(0x7f0000000000)=0x2000, 0x4) executing program 32: ioprio_get$uid(0x3, 0xee00) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x145f, 0x212, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x0, 0x90, 0x7c, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xa}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) (async) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_GET(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x10, 0x1409, 0x1, 0x70bd29, 0x25dfdbfd}, 0x10}, 0x1, 0x0, 0x0, 0x80}, 0x40040000) (async) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x8, {[@local=@item_4={0x3, 0x2, 0x7, "8c740a1b"}, @main=@item_012={0x2, 0x0, 0xa, "6810"}]}}, 0x0}, 0x0) executing program 33: r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) poll(&(0x7f0000000100)=[{r1, 0x2}], 0x1, 0x2) setsockopt$inet6_tcp_int(r1, 0x6, 0x6, &(0x7f0000000000)=0x2000, 0x4) executing program 5: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000002800)={0x2020}, 0x2020) executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=@delsa={0x28, 0x12, 0x1, 0x0, 0x0, {@in=@multicast2, 0x4d5, 0x2}}, 0x28}}, 0x0) executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e22, 0xc, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x40000007, @empty}, 0x1c) r1 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x40, &(0x7f00000000c0)=0xd95, 0x4019e2060d4e3ac7) recvmmsg(r1, 0x0, 0x0, 0x20102, 0x0) r2 = fcntl$dupfd(r0, 0x406, r0) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[], 0x56c}, 0x1, 0x0, 0x0, 0x200440d1}, 0x800e885) syz_genetlink_get_family_id$devlink(&(0x7f00000012c0), r2) read$FUSE(r2, &(0x7f00000036c0)={0x2020}, 0x2020) executing program 5: sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) mount$tmpfs(0x0, &(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1000810, 0x0) executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x18, &(0x7f0000000300)=0x1, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x0, @multicast2}, 0x10) executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) write(0xffffffffffffffff, 0x0, 0x0) r4 = socket(0x1d, 0x2, 0x6) setsockopt$inet_int(r4, 0x6a, 0x16, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20044009}, 0x4000) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x6}, 0x8) executing program 34: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) write(0xffffffffffffffff, 0x0, 0x0) r4 = socket(0x1d, 0x2, 0x6) setsockopt$inet_int(r4, 0x6a, 0x16, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20044009}, 0x4000) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x6}, 0x8) executing program 0: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x5, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) r2 = dup(r0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='bond_slave_1\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty, 0x3}}, 0x1000000, 0x31, 0xffff1896, 0x3, 0x6, 0x8, 0x1b}, 0x9c) executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x70bd28, 0x0, {{@in=@multicast1, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x10, 0x20, 0x0, 0x0, 0xee01}, {}, {0x0, 0xe97b}, 0x400000, 0x0, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x44000}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0xb8}}, 0x40) executing program 0: r0 = socket(0x10, 0x80002, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f00000000c0), 0x0, 0x0, 0x1) executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) executing program 0: open(0x0, 0x109042, 0x108) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9c, 0x32, 0x3f, 0x8, 0x4a5, 0x3003, 0x3ab2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x2, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x28, 0xf0, 0xf6}}]}}]}}, 0x0) executing program 0: syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000005c0), 0x8001, 0x0) bind$802154_dgram(r1, &(0x7f0000000040)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0102}}}, 0x14) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1e8) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) add_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000240)="000000000000002499b8f276dc7558ecf97a4449a2e3f8367d61f49e160ba48f614a54a8192c2876b7f843cd3a3c07288fa0f1e28983b5cdc2e29b6e", 0x3c, 0xffffffffffffffff) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a010200000000000000000200000009000200052000000000000008000440000000000900010073797a3000000000080003400000000a"], 0x64}}, 0x0) sendfile(r0, r2, &(0x7f00000001c0)=0x6, 0x8) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlinkat(&(0x7f0000000400)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00') readlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', &(0x7f0000001300)=""/4096, 0x1000) openat2$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', &(0x7f0000000480)={0x80000, 0x182, 0x5}, 0x18) creat(&(0x7f0000000140)='./file1\x00', 0x10b) connect$802154_dgram(r1, &(0x7f0000000240)={0x24, @none={0x0, 0x3}}, 0x14) sendmmsg(r1, &(0x7f00000196c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xd, 0x0}}], 0x4000050, 0x400c010) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) executing program 35: syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000005c0), 0x8001, 0x0) bind$802154_dgram(r1, &(0x7f0000000040)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0102}}}, 0x14) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1e8) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) add_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000240)="000000000000002499b8f276dc7558ecf97a4449a2e3f8367d61f49e160ba48f614a54a8192c2876b7f843cd3a3c07288fa0f1e28983b5cdc2e29b6e", 0x3c, 0xffffffffffffffff) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a010200000000000000000200000009000200052000000000000008000440000000000900010073797a3000000000080003400000000a"], 0x64}}, 0x0) sendfile(r0, r2, &(0x7f00000001c0)=0x6, 0x8) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlinkat(&(0x7f0000000400)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00') readlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', &(0x7f0000001300)=""/4096, 0x1000) openat2$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', &(0x7f0000000480)={0x80000, 0x182, 0x5}, 0x18) creat(&(0x7f0000000140)='./file1\x00', 0x10b) connect$802154_dgram(r1, &(0x7f0000000240)={0x24, @none={0x0, 0x3}}, 0x14) sendmmsg(r1, &(0x7f00000196c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xd, 0x0}}], 0x4000050, 0x400c010) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) semctl$SETVAL(0x0, 0x3, 0x10, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000100)={'veth0_to_bond\x00', 0x200}) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r1, 0x40405514, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r2, 0x40405515, &(0x7f00000000c0)={0x9, 0x0, 0x1, 0x3, 'syz0\x00', 0xa}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x41, 0x0, 0x4}}, 0x10) r5 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r5, &(0x7f0000000240)={&(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x20001) close(r5) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000140)={0x0, 0x0}) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000001c0)={'nr0\x00', 0x600}) executing program 6: r0 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000000)) executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="280000005a000d0300000000000000001800008014"], 0x28}], 0x1}, 0x0) executing program 6: r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000300)={0xc000003, 0xf, &(0x7f0000000580)=[0x100d, 0x8004, 0x3, 0x9, 0x9, 0x1ed, 0x2, 0x4, 0xbb, 0x7, 0x2070, 0xfffff407, 0xfffffff7, 0x1ac, 0xfffffff8], 0x0, 0x4}) executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet_sctp(r0, &(0x7f0000008c80)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@authinfo={0x18, 0x84, 0x6, {0x101}}], 0x18, 0x20000081}], 0x1, 0x40000) executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0xc2a) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000001700090025bd7000fddbdf25060000000800010003"], 0x1c}, 0x1, 0x0, 0x0, 0x4000002}, 0x4000080) executing program 1: syz_usb_connect(0x5, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000300f3508da040d391a990102030109022d0001000000440904ef0003846a92000905021010000204070905640208000803080905010010"], 0x0) executing program 6: sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="11006c2763b786ab08e365666768696a6b00000010002d80"], 0x40}}, 0x0) executing program 4: r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f911, 0x8000, '\x00', @string=0x0}}) executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000040001901feffffff00000000017c0000040042800c000180060206"], 0x28}, 0x1, 0x0, 0x0, 0x48814}, 0xc000) executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0xdfffffff, 0x5e490420, 0x4, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x80, 0x88}}, 0x50) syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x0, 0x3731, {0x0, 0x7f69ff17f1e1ab77}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc5001, 0x104) umount2(&(0x7f00000002c0)='./file0\x00', 0xb) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) executing program 6: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x2, 0x7f, 0xfc, 0x3786}]}) executing program 7: socketpair$unix(0x1, 0x2, 0x0, 0x0) setreuid(0x0, 0xee00) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={0x0, 0xd4}, 0x1, 0x0, 0x0, 0x8011}, 0x4040000) executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xe) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000540)=0xd) executing program 6: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x86, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @loopback}, 0x1c) executing program 7: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000580)={0x2, 0x0, 0x6, 0xffffffff}, 0x10) sendto$inet6(r1, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000005c0)={0x0, 0x2, 0x47a}, 0x39) executing program 4: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xf) ioctl$SIOCAX25GETUID(r0, 0x89e0, &(0x7f00000001c0)={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}) executing program 7: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) executing program 4: r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b000100001000090455070103490200090582030004"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0) executing program 7: socket$packet(0x11, 0x2, 0x300) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r3, &(0x7f0000004c40)={@val={0x1c, 0xf5}, @val, @mpls={[{}], @ipv6=@gre_packet={0x4, 0x6, "ace260", 0x5f3, 0x2f, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00', {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x2}, {}, {0x0, 0x0, 0x1, 0x1}, {0x8, 0x88be, 0x2, {{0x0, 0x1, 0x23, 0x0, 0x0, 0x1, 0x0, 0x2}, 0x1, {0x3e}}}, {0x8, 0x22eb, 0x3, {{0x2, 0x2, 0x48, 0x1, 0x1, 0x0, 0x1, 0x61}, 0x2, {0xfffffffb, 0xf587, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2, "3b4caef13d37b5aec2969ee8dfb0c61838c8e2779da6255efacb0884e77c428f4d86b6e778ee3a1891fedfd7190ffbe3b2e015a550ab6e452b2902440d13bd03605e906d3831f80dd0206c111128aa48442d787c7567db85a59e4ad3cce683b4e10f311b00f815c9ca0df017e1f5fbea8114d1ba6de8010363528577c133ce558e5e5f5bdcb84de895a585525edc929cfa7fcc7c9680b3f037c0659eb1603ad18feb20ffbd689ddb32ebaf48b8003acd66c6bd27bcba284aef84220491b9f9f468dcd85a18625466ea89c06669619527749e024143c8b26e67ae99e7dfcfbce29319044ef1bb29eecac81a47aeaf8af6fb7b9e3f12cd2703a50566b86c041391e05bfe81d6b14d9fa7797e5dcfc41d19260c1a39d48c8d7a11a5645619e2c1bb78dfddb23b88129cfe5d27947881b21b1b4a05ef9940135a9aea70f6633c2d555a4117368ccecfe8b333a9a10a78a0d76549bedd7a1b08f76901369865ca7bdad40ab576acbc6ebe23a0e5636c2941b4f28d5088717bcd59febc6f0b4fb6c5b2e958ce5ce1d8bdc30acfc99b449f06be1a59eaba0d13a0855e387efc64bddb5655d7cd22d97529b8bb6229d822e4340b381c4f212a25bf9a7822dce79c622812837893afa7667128b4e7b40c9b7a54724cde9e8ef2800db8b9009210e092610bf075d3c55691ffef6b4e6a0c670f9a063d0de2fa93c386efc530896aa208cf679c296b26637531cbb2bd3f55a1422d7b08eb39e20b1e5214d1373a2c61c120f237ff5a03c0cf512492d040350e7068ad21bcc69032331a4c7e5902be63f488bc7982643bc1508560a7b528e41db61b9fa8a34c1f53f39461f7daae62dfc9aedc24133bfc142fc9cb8d08e916492be3b4a2b681521dd11a688a2c25cde0aeb88f3ba975c876ab935f58de93881a4b997892fefd1f07501ee8ed0d14d6af02a3661caac723ec062070a5cb498f250e062084ce534289b4facf570536f6bfa698161b6a37501a3fee8aa86839bedc974daa2754320098a96ad47a3a5e753f6acfe3d1ab3a7a464069a35d3f52f0ed722e5c8abcf26a450a8237b0d1ed1c6da1e02af15e0d9f63309eb9da7578426bdcd5362e595127e08bc0214fd5c2d10f9b379558e146524560853c9e929da48df6e894913a419dcb723eb8d32bb82004cb53fcc7260ab74c5b22e41598a1b16deeeb833817c27709e9542b660d6e95e93047fbfba72422d1a0923bda75387d26fce2d4e93e4d0f89a2aadb71f25e03f80ae75b938069bddb2f6d19c6b2c09e4f92c9d4d941980f0989052e49c9d4f7c548a0f4b9aa358aedd738d21b96ae1e4f4fd909b0db87413ef4fd8a71dc63af5aa0e8db2a3a44fffff7731e6f3d69a21f015a8ba46bf2a9cbe799ed4617748975a24a3702f5b113d9556c75a444d6a3154628ea3dbb66488ee7c5c7dbdc3cb6aec8c9843358dfcce06fc23e99daa91001a1ac1846417f37c423cb16dbb65d15a593ef58aec109f88e52b4740804e25e4b640e8474f66f39d252183f3d30a37d36ef02d80a65ff972fcb61a9073e381f2f9ed1910aa9219e7ad34be7159f0343b93d5587ada33d25ec3bb507e8a5630fd816ac50e7358a304024b4647315a1993f47ef1ad443420ddedac63cabb2276c7461b709185a119cf1f57cec72c9702393d74f43563e7d5a608eeaade372adf1ade1e7499705c9887d81382faccaf88de8fd2bfd1cecd89c7108c08b925bf2addb3d548b91ac8d61d11a60fe4a940b4a51d89096351a3368555f47f2ccdaa08ed40f1adc360014b963f73d5982b81b85a5b9ac449404de524eae576b92256b61c5b4e84e52879a6881db3e1a44d0d068b69ab8c8827e929976b3ad737f15753aadf23d16ade1c2a1a2f8262faf677a22c81a47df2fae71b6793bf6767e8f2190f0644b8d95fdcf45a1b203127af45ba6c00fc8c3ef174884cf198c255d8ee16f1f8f7384e1feca1eb1ac5c05ddab7672ab10ab04312e87cf91c56152f710ba2f9027dc805515e00d7f1c929a6863d22b37c85e7f2f23125df813da9285137add117e5b"}}}}}}, 0x62d) write$cgroup_int(r2, &(0x7f0000000000)=0x2b00, 0x12) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r5, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r6, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$inet(r6, &(0x7f0000000040)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10}}], 0x1, 0x4000800) executing program 1: syz_open_dev$video(0x0, 0x7, 0x80000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) getpriority(0x71861a0ac9efd66a, r0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_open_dev$sg(&(0x7f0000000200), 0x800003, 0x10000) ioctl$SG_BLKSECTGET(r2, 0x1267, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r1, 0x0, 0x27, &(0x7f00000008c0)="17000000020001000003d68c5ee17688a2003208030300ecff3fa84d447d93a64283810000080300000a0000000098fc5ad9485bbb6a880000d6c8db0800dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f0000000012cb3da400001fb700674f00c88ebbf9315033296dd2bdc2aa54e9fabf79ac2dff060115003901110000000000ea000000000000000002ffff02dfccebf6bae90554062a80e605007c71174aa951f3c63e5c83f1ba2112ce68bf", 0xbf) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r3, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="0213000002"], 0x10}}, 0x4004844) setsockopt$sock_int(r4, 0x1, 0x9, &(0x7f00000001c0), 0x4) sendmsg$key(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x14) close_range(r3, 0xffffffffffffffff, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000000080105acb94b32a3039d000900fffc0900010073797a300000000006000240e87e0000"], 0x28}}, 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0x3) r7 = syz_open_dev$vcsa(0x0, 0x6, 0x101800) epoll_wait(r7, &(0x7f0000000240)=[{}], 0x1, 0x6) executing program 1: syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)) executing program 7: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4) program did not crash replaying the whole log did not cause a kernel crash single: executing 12 programs separately with timeout 1m40s testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-socket$nl_netfilter-sendmsg$IPSET_CMD_CREATE-sendmsg$IPSET_CMD_DESTROY detailed listing: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_control_io$hid-syz_emit_vhci-syz_emit_vhci-socketpair$unix detailed listing: executing program 0: syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)) program crashed: KASAN: slab-use-after-free Write in hci_conn_drop single: successfully extracted reproducer found reproducer with 4 syscalls minimizing guilty program testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_control_io$hid-syz_emit_vhci-syz_emit_vhci detailed listing: executing program 0: syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_control_io$hid-syz_emit_vhci detailed listing: executing program 0: syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_control_io$hid-syz_emit_vhci detailed listing: executing program 0: syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci detailed listing: executing program 0: syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci detailed listing: executing program 0: syz_emit_vhci(0x0, 0x22) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci detailed listing: executing program 0: syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB], 0x22) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci detailed listing: executing program 0: syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(0x0, 0x7) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci detailed listing: executing program 0: syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB], 0x7) program did not crash extracting C reproducer testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop simplifying C reproducer testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program did not crash testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program did not crash testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci program crashed: KASAN: slab-use-after-free Write in hci_conn_drop testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci detailed listing: executing program 0: syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) program crashed: KASAN: slab-use-after-free Write in hci_conn_drop validation run: crashed=true testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci detailed listing: executing program 0: syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) program crashed: KASAN: slab-use-after-free Write in hci_conn_drop validation run: crashed=true testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci detailed listing: executing program 0: syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) program crashed: KASAN: slab-use-after-free Write in hci_conn_drop validation run: crashed=true reproducing took 1h9m59.305568875s repro crashed as (corrupted=false): ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG: KASAN: slab-use-after-free in atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:1383 [inline] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2b0 include/net/bluetooth/hci_core.h:1688 Write of size 4 at addr ffff888032b94010 by task kworker/u9:1/5146 CPU: 1 UID: 0 PID: 5146 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Workqueue: hci0 hci_cmd_sync_work Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_report+0x118/0x150 mm/kasan/report.c:595 check_region_inline mm/kasan/generic.c:-1 [inline] kasan_check_range+0x2b0/0x2c0 mm/kasan/generic.c:200 instrument_atomic_read_write include/linux/instrumented.h:96 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:1383 [inline] hci_conn_drop+0x34/0x2b0 include/net/bluetooth/hci_core.h:1688 hci_cmd_sync_work+0x262/0x400 net/bluetooth/hci_sync.c:334 process_one_work+0x93a/0x15a0 kernel/workqueue.c:3261 process_scheduled_works kernel/workqueue.c:3344 [inline] worker_thread+0x9b0/0xee0 kernel/workqueue.c:3425 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 Allocated by task 5843: kasan_save_stack mm/kasan/common.c:56 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:77 poison_kmalloc_redzone mm/kasan/common.c:397 [inline] __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:414 kasan_kmalloc include/linux/kasan.h:262 [inline] __kmalloc_cache_noprof+0x3e2/0x700 mm/slub.c:5771 kmalloc_noprof include/linux/slab.h:957 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] __hci_conn_add+0x3c5/0x1b30 net/bluetooth/hci_conn.c:963 le_conn_complete_evt+0x6f6/0x1420 net/bluetooth/hci_event.c:5714 hci_le_enh_conn_complete_evt+0x189/0x4a0 net/bluetooth/hci_event.c:5861 hci_event_func net/bluetooth/hci_event.c:7716 [inline] hci_event_packet+0x78f/0x1260 net/bluetooth/hci_event.c:7773 hci_rx_work+0x3ee/0x1060 net/bluetooth/hci_core.c:4076 process_one_work+0x93a/0x15a0 kernel/workqueue.c:3261 process_scheduled_works kernel/workqueue.c:3344 [inline] worker_thread+0x9b0/0xee0 kernel/workqueue.c:3425 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 Freed by task 5843: kasan_save_stack mm/kasan/common.c:56 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:77 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584 poison_slab_object mm/kasan/common.c:252 [inline] __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:284 kasan_slab_free include/linux/kasan.h:234 [inline] slab_free_hook mm/slub.c:2540 [inline] slab_free mm/slub.c:6663 [inline] kfree+0x1c0/0x660 mm/slub.c:6871 device_release+0x9e/0x1d0 drivers/base/core.c:-1 kobject_cleanup lib/kobject.c:689 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x228/0x570 lib/kobject.c:737 hci_conn_cleanup net/bluetooth/hci_conn.c:173 [inline] hci_conn_del+0xc36/0x1240 net/bluetooth/hci_conn.c:1234 hci_disconn_complete_evt+0x64e/0x950 net/bluetooth/hci_event.c:3451 hci_event_func net/bluetooth/hci_event.c:7719 [inline] hci_event_packet+0x7e3/0x1260 net/bluetooth/hci_event.c:7773 hci_rx_work+0x3ee/0x1060 net/bluetooth/hci_core.c:4076 process_one_work+0x93a/0x15a0 kernel/workqueue.c:3261 process_scheduled_works kernel/workqueue.c:3344 [inline] worker_thread+0x9b0/0xee0 kernel/workqueue.c:3425 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 The buggy address belongs to the object at ffff888032b94000 which belongs to the cache kmalloc-8k of size 8192 The buggy address is located 16 bytes inside of freed 8192-byte region [ffff888032b94000, ffff888032b96000) The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32b90 head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) page_type: f5(slab) raw: 00fff00000000040 ffff88813fe27280 ffffea0000c9d000 dead000000000002 raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 head: 00fff00000000040 ffff88813fe27280 ffffea0000c9d000 dead000000000002 head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 head: 00fff00000000003 ffffea0000cae401 00000000ffffffff 00000000ffffffff head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5474, tgid 5474 (S30dbus), ts 59907210413, free_ts 59885438738 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x234/0x290 mm/page_alloc.c:1846 prep_new_page mm/page_alloc.c:1854 [inline] get_page_from_freelist+0x2365/0x2440 mm/page_alloc.c:3915 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5210 alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2486 alloc_slab_page mm/slub.c:3075 [inline] allocate_slab+0x86/0x3b0 mm/slub.c:3248 new_slab mm/slub.c:3302 [inline] ___slab_alloc+0xf2b/0x1960 mm/slub.c:4651 __slab_alloc+0x65/0x100 mm/slub.c:4774 __slab_alloc_node mm/slub.c:4850 [inline] slab_alloc_node mm/slub.c:5246 [inline] __kmalloc_cache_noprof+0x41e/0x700 mm/slub.c:5766 kmalloc_noprof include/linux/slab.h:957 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] tomoyo_print_bprm security/tomoyo/audit.c:26 [inline] tomoyo_init_log+0x111f/0x1f70 security/tomoyo/audit.c:264 tomoyo_supervisor+0x340/0x1480 security/tomoyo/common.c:2198 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline] tomoyo_env_perm+0x149/0x1e0 security/tomoyo/environ.c:63 tomoyo_environ security/tomoyo/domain.c:672 [inline] tomoyo_find_next_domain+0x15ce/0x1aa0 security/tomoyo/domain.c:888 tomoyo_bprm_check_security+0x11c/0x180 security/tomoyo/tomoyo.c:102 security_bprm_check+0x89/0x270 security/security.c:794 search_binary_handler fs/exec.c:1659 [inline] exec_binprm fs/exec.c:1701 [inline] bprm_execve+0x887/0x1400 fs/exec.c:1753 do_execveat_common+0x510/0x6a0 fs/exec.c:1859 page last free pid 5473 tgid 5473 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1395 [inline] __free_frozen_pages+0xbc8/0xd30 mm/page_alloc.c:2943 discard_slab mm/slub.c:3346 [inline] __put_partials+0x146/0x170 mm/slub.c:3886 put_cpu_partial+0x1f2/0x2d0 mm/slub.c:3961 __slab_free+0x288/0x2a0 mm/slub.c:5947 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x97/0x100 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:349 kasan_slab_alloc include/linux/kasan.h:252 [inline] slab_post_alloc_hook mm/slub.c:4948 [inline] slab_alloc_node mm/slub.c:5258 [inline] __do_kmalloc_node mm/slub.c:5651 [inline] __kmalloc_node_track_caller_noprof+0x526/0x820 mm/slub.c:5759 __do_krealloc mm/slub.c:7007 [inline] krealloc_node_align_noprof+0x1ae/0x3a0 mm/slub.c:7066 ima_collect_measurement+0x4c5/0x8f0 security/integrity/ima/ima_api.c:300 process_measurement+0x111e/0x1a70 security/integrity/ima/ima_main.c:406 ima_file_check+0xd9/0x130 security/integrity/ima/ima_main.c:663 security_file_post_open+0xbb/0x290 security/security.c:2652 do_open fs/namei.c:4630 [inline] path_openat+0x3456/0x3dd0 fs/namei.c:4787 do_filp_open+0x1fa/0x410 fs/namei.c:4814 do_sys_openat2+0x121/0x200 fs/open.c:1430 Memory state around the buggy address: ffff888032b93f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888032b93f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff888032b94000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888032b94080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888032b94100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== final repro crashed as (corrupted=false): ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG: KASAN: slab-use-after-free in atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:1383 [inline] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2b0 include/net/bluetooth/hci_core.h:1688 Write of size 4 at addr ffff888032b94010 by task kworker/u9:1/5146 CPU: 1 UID: 0 PID: 5146 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Workqueue: hci0 hci_cmd_sync_work Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_report+0x118/0x150 mm/kasan/report.c:595 check_region_inline mm/kasan/generic.c:-1 [inline] kasan_check_range+0x2b0/0x2c0 mm/kasan/generic.c:200 instrument_atomic_read_write include/linux/instrumented.h:96 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:1383 [inline] hci_conn_drop+0x34/0x2b0 include/net/bluetooth/hci_core.h:1688 hci_cmd_sync_work+0x262/0x400 net/bluetooth/hci_sync.c:334 process_one_work+0x93a/0x15a0 kernel/workqueue.c:3261 process_scheduled_works kernel/workqueue.c:3344 [inline] worker_thread+0x9b0/0xee0 kernel/workqueue.c:3425 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 Allocated by task 5843: kasan_save_stack mm/kasan/common.c:56 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:77 poison_kmalloc_redzone mm/kasan/common.c:397 [inline] __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:414 kasan_kmalloc include/linux/kasan.h:262 [inline] __kmalloc_cache_noprof+0x3e2/0x700 mm/slub.c:5771 kmalloc_noprof include/linux/slab.h:957 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] __hci_conn_add+0x3c5/0x1b30 net/bluetooth/hci_conn.c:963 le_conn_complete_evt+0x6f6/0x1420 net/bluetooth/hci_event.c:5714 hci_le_enh_conn_complete_evt+0x189/0x4a0 net/bluetooth/hci_event.c:5861 hci_event_func net/bluetooth/hci_event.c:7716 [inline] hci_event_packet+0x78f/0x1260 net/bluetooth/hci_event.c:7773 hci_rx_work+0x3ee/0x1060 net/bluetooth/hci_core.c:4076 process_one_work+0x93a/0x15a0 kernel/workqueue.c:3261 process_scheduled_works kernel/workqueue.c:3344 [inline] worker_thread+0x9b0/0xee0 kernel/workqueue.c:3425 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 Freed by task 5843: kasan_save_stack mm/kasan/common.c:56 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:77 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584 poison_slab_object mm/kasan/common.c:252 [inline] __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:284 kasan_slab_free include/linux/kasan.h:234 [inline] slab_free_hook mm/slub.c:2540 [inline] slab_free mm/slub.c:6663 [inline] kfree+0x1c0/0x660 mm/slub.c:6871 device_release+0x9e/0x1d0 drivers/base/core.c:-1 kobject_cleanup lib/kobject.c:689 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x228/0x570 lib/kobject.c:737 hci_conn_cleanup net/bluetooth/hci_conn.c:173 [inline] hci_conn_del+0xc36/0x1240 net/bluetooth/hci_conn.c:1234 hci_disconn_complete_evt+0x64e/0x950 net/bluetooth/hci_event.c:3451 hci_event_func net/bluetooth/hci_event.c:7719 [inline] hci_event_packet+0x7e3/0x1260 net/bluetooth/hci_event.c:7773 hci_rx_work+0x3ee/0x1060 net/bluetooth/hci_core.c:4076 process_one_work+0x93a/0x15a0 kernel/workqueue.c:3261 process_scheduled_works kernel/workqueue.c:3344 [inline] worker_thread+0x9b0/0xee0 kernel/workqueue.c:3425 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 The buggy address belongs to the object at ffff888032b94000 which belongs to the cache kmalloc-8k of size 8192 The buggy address is located 16 bytes inside of freed 8192-byte region [ffff888032b94000, ffff888032b96000) The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32b90 head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) page_type: f5(slab) raw: 00fff00000000040 ffff88813fe27280 ffffea0000c9d000 dead000000000002 raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 head: 00fff00000000040 ffff88813fe27280 ffffea0000c9d000 dead000000000002 head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 head: 00fff00000000003 ffffea0000cae401 00000000ffffffff 00000000ffffffff head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5474, tgid 5474 (S30dbus), ts 59907210413, free_ts 59885438738 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x234/0x290 mm/page_alloc.c:1846 prep_new_page mm/page_alloc.c:1854 [inline] get_page_from_freelist+0x2365/0x2440 mm/page_alloc.c:3915 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5210 alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2486 alloc_slab_page mm/slub.c:3075 [inline] allocate_slab+0x86/0x3b0 mm/slub.c:3248 new_slab mm/slub.c:3302 [inline] ___slab_alloc+0xf2b/0x1960 mm/slub.c:4651 __slab_alloc+0x65/0x100 mm/slub.c:4774 __slab_alloc_node mm/slub.c:4850 [inline] slab_alloc_node mm/slub.c:5246 [inline] __kmalloc_cache_noprof+0x41e/0x700 mm/slub.c:5766 kmalloc_noprof include/linux/slab.h:957 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] tomoyo_print_bprm security/tomoyo/audit.c:26 [inline] tomoyo_init_log+0x111f/0x1f70 security/tomoyo/audit.c:264 tomoyo_supervisor+0x340/0x1480 security/tomoyo/common.c:2198 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline] tomoyo_env_perm+0x149/0x1e0 security/tomoyo/environ.c:63 tomoyo_environ security/tomoyo/domain.c:672 [inline] tomoyo_find_next_domain+0x15ce/0x1aa0 security/tomoyo/domain.c:888 tomoyo_bprm_check_security+0x11c/0x180 security/tomoyo/tomoyo.c:102 security_bprm_check+0x89/0x270 security/security.c:794 search_binary_handler fs/exec.c:1659 [inline] exec_binprm fs/exec.c:1701 [inline] bprm_execve+0x887/0x1400 fs/exec.c:1753 do_execveat_common+0x510/0x6a0 fs/exec.c:1859 page last free pid 5473 tgid 5473 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1395 [inline] __free_frozen_pages+0xbc8/0xd30 mm/page_alloc.c:2943 discard_slab mm/slub.c:3346 [inline] __put_partials+0x146/0x170 mm/slub.c:3886 put_cpu_partial+0x1f2/0x2d0 mm/slub.c:3961 __slab_free+0x288/0x2a0 mm/slub.c:5947 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x97/0x100 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:349 kasan_slab_alloc include/linux/kasan.h:252 [inline] slab_post_alloc_hook mm/slub.c:4948 [inline] slab_alloc_node mm/slub.c:5258 [inline] __do_kmalloc_node mm/slub.c:5651 [inline] __kmalloc_node_track_caller_noprof+0x526/0x820 mm/slub.c:5759 __do_krealloc mm/slub.c:7007 [inline] krealloc_node_align_noprof+0x1ae/0x3a0 mm/slub.c:7066 ima_collect_measurement+0x4c5/0x8f0 security/integrity/ima/ima_api.c:300 process_measurement+0x111e/0x1a70 security/integrity/ima/ima_main.c:406 ima_file_check+0xd9/0x130 security/integrity/ima/ima_main.c:663 security_file_post_open+0xbb/0x290 security/security.c:2652 do_open fs/namei.c:4630 [inline] path_openat+0x3456/0x3dd0 fs/namei.c:4787 do_filp_open+0x1fa/0x410 fs/namei.c:4814 do_sys_openat2+0x121/0x200 fs/open.c:1430 Memory state around the buggy address: ffff888032b93f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888032b93f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff888032b94000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888032b94080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888032b94100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================