Extracting prog: 7m9.930478464s Minimizing prog: 40m39.05633582s Simplifying prog options: 7m49.924503148s Extracting C: 2m28.592015275s Simplifying C: 0s extracting reproducer from 33 programs first checking the prog from the crash report single: executing 1 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex-futex detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program did not crash single: failed to extract reproducer bisect: bisecting 33 programs with base timeout 30s testing program (duration=38s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 7, 6, 7, 6, 7, 7, 6, 7, 7, 7, 7, 7, 7, 7, 6, 29, 7, 7, 27, 7, 7, 7, 7, 7, 7, 26, 7, 7, 7, 7, 7, 27] detailed listing: executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000100)=0xac05, 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x1b3a, 0x4) sendto$inet(r0, &(0x7f0000000080)='m', 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000005440)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=""/69, 0xfffffee0}, 0x40}, {{0x0, 0x0, 0x0}, 0x7}], 0x21, 0x2101, 0x0) executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="070000000400000008000000a5"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r1}, 0x18) r2 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) executing program 2: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0xe, &(0x7f00000001c0)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) io_setup(0x2, &(0x7f0000000200)=0x0) io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x80000000}]) io_getevents(r1, 0x2, 0x2, &(0x7f0000001340)=[{}, {}], 0x0) io_submit(r1, 0x1, &(0x7f0000000140)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) move_mount(0xffffffffffffff9c, &(0x7f0000008080)='./file0\x00', r0, 0x0, 0x160) executing program 2: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x1) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x11, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x6a}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000009c0)={0x2c, &(0x7f0000000700)={0x0, 0xd, 0x4, "825cfe2d"}, 0x0, 0x0, 0x0, 0x0}) executing program 32: bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x11, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x6a}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000009c0)={0x2c, &(0x7f0000000700)={0x0, 0xd, 0x4, "825cfe2d"}, 0x0, 0x0, 0x0, 0x0}) executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000000)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000014d564b00000000af"]) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) executing program 4: r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000002c0)={0x2c, &(0x7f0000000180)={0x40, 0xc}, 0x0, 0x0, 0x0, 0x0}) executing program 1: r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_TRANSMIT(r0, 0xc0386105, 0x0) r1 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x4a, {0x2, 0x0, @dev}}) r2 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000000)={{0x2, 0x3, @local}, {0x1, @remote}, 0x4a, {0x2, 0x0, @remote}, 'veth1_to_bridge\x00'}) ioctl$sock_inet_SIOCSARP(r1, 0x8953, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x0, @local}, 0x4a, {0x2, 0x0, @multicast2}, 'syz_tun\x00'}) executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0100f3ff"}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4={0x3, 0x2, 0x8, "09007a15"}, @main=@item_4={0x3, 0x0, 0x9, "84e5821a"}]}}, 0x0}, 0x0) mount$bpf(0x0, 0x0, &(0x7f0000000080), 0x40, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) ioctl$VT_OPENQRY(r1, 0x4b4c, &(0x7f0000000080)) executing program 1: r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000b80)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002000905811765"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000040)=ANY=[], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_disconnect(r0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r1) executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000200)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCOUTQ(r1, 0x4bfb, &(0x7f0000000000)) executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0xfffffffe, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) recvmmsg(r0, &(0x7f0000002840)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=""/83, 0x53}, 0xcb7}], 0x1, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000000)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00') r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xa20) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) r5 = openat$kvm(0x0, 0x0, 0x2382, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) socket$rxrpc(0x21, 0x2, 0xa) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)=@generic={&(0x7f0000000340)='./file0\x00', 0x0, 0x18}, 0x18) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000240)={0x1, @pix_mp={0x0, 0x0, 0x50424752, 0x0, 0xd, [{}, {}, {}, {0xf, 0xd}, {}, {0x0, 0xfffffffe}, {0x7}], 0x0, 0x0, 0x0, 0x0, 0x6}}) syz_open_dev$rtc(&(0x7f00000004c0), 0x0, 0x0) syz_io_uring_setup(0x1e1e, &(0x7f00000003c0)={0x0, 0x3da2, 0x4, 0x3, 0xdd}, &(0x7f0000000440)=0x0, 0x0) syz_io_uring_submit(r7, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0xc040) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='nfsd\x00', 0x10, 0x0) chroot(&(0x7f0000000180)='./file0\x00') umount2(&(0x7f00000001c0)='./file0\x00', 0x0) sendmmsg$inet6(r0, &(0x7f0000000340), 0x0, 0x10000055) executing program 0: bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xa, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc8", 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)={0x1}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0xdddd1000, 0x0, 0x0, 0x8, 0x8, 0x0, 0x2, 0x0, 0x6, 0x9, 0x10}, {0x8080000, 0x0, 0xb, 0xd0, 0x0, 0x9, 0x0, 0x0, 0x7, 0xb, 0x0, 0x3}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0x6}, {0x100000, 0xd000, 0x0, 0x0, 0x0, 0x3, 0xff, 0x0, 0x0, 0x0, 0x4}, {0x1000, 0x3000, 0x9, 0x0, 0xff, 0x7, 0x9, 0xe, 0x73, 0x3c}, {0x0, 0x0, 0xd, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0x0, 0xa, 0x6, 0x5, 0x9, 0x3}, {0x5000, 0xdddd0000, 0xf, 0x0, 0x0, 0x5, 0x0, 0xa, 0x26, 0x0, 0x0, 0x47}, {0x80a0000, 0x6}, {0xeeef0000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0xf801, 0x0, [0x3, 0x0, 0x1, 0x3]}) executing program 1: socket$inet6(0xa, 0x1, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) executing program 4: socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[], 0x0, 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001640)={0x11, 0x19, &(0x7f0000001740)=ANY=[@ANYBLOB="180800000600000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1}, 0x94) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003340), 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000540)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0xffff, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7}]}, &(0x7f0000000240)=0xc) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x7a, &(0x7f0000000340)={r4, @in={{0x2, 0x4e22, @private=0xa010102}}}, &(0x7f0000000040)=0x84) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r5, 0x400448e6, &(0x7f0000000240)="7c773d39aeef000000006dcffe32d6e49f") ioctl$sock_bt_hci(r5, 0x400448e6, &(0x7f0000000500)="d7") ioctl$sock_bt_hci(r5, 0x400448e7, &(0x7f0000000080)) mount$9p_virtio(&(0x7f00000001c0), 0x0, &(0x7f00000004c0), 0x0, 0x0) executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000003c0)='io_uring_cqring_wait\x00', r0}, 0x18) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) io_setup(0x1, &(0x7f0000000b80)=0x0) io_submit(r2, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) r3 = syz_io_uring_setup(0x6148, &(0x7f0000000340)={0x0, 0x13ea, 0x2, 0x2, 0x3c6}, &(0x7f0000000040), &(0x7f0000000140)) io_uring_enter(r3, 0x2241, 0x1b86, 0x1, 0x0, 0x0) executing program 1: iopl(0x3) r0 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r1, 0xfffffffd) accept(r1, 0x0, 0x0) executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) chdir(&(0x7f00000000c0)='./bus\x00') r0 = creat(&(0x7f0000000440)='./file0\x00', 0x0) open_by_handle_at(r0, &(0x7f0000000140)=@OVL_FILEID_V1={0x13, 0x300f8, {'\x00', {0x0, 0xfb, 0x15, 0x7, 0x5, "e837282efe0868327a31a705ec978547"}}}, 0x830200) executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0) read$FUSE(r0, &(0x7f0000008180)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000180)={0x50, 0x0, r1, {0x7, 0x27}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000004140)="c98bb9a2a79e72fbca051478fe6e24cbeab04e730a86fef02db30a01d33d07efbac36f4e0e786aa540e01cc4ec64adbac57f750e7b0b749206bb7fc70de5cbcd7bf78bdb59c1095a03ef60a8d22a4e0dcea0aa96c523a2c7f666f1ac51acec733c589f2ab3ca2c8e129a652d7ec8ce120c530ca4fad46123b30cb061fb9998ff71ed9844b1f49f8b8e30e887ecd82a0f44450a325720e5b5065ae543bad2cef4486d5759515a29f048b21b3c78e9a95913a9df61bc854512fc21a6d0376742532ad21cf3b18c7f70b25345a81ede616baf89824f817fb808ea9ca55ac0ecdb91687f27177bbf1f1cdb2321efa1366e8287587ec7f39237537c625c813feae6cffdcb4c829e5ac0bda5c1b746edeb78bc7e1c198ae04f319f0fe41f24c7cbc7c0e3278a349bbf7c804dd729114792d4f81f19f49b2c018e49f43e72eaf5fd4c0ae32f73c0106c2b202152cdb28b21cf2132c6f9c7c583114d7790d397177165952670ccbfc0f4eff26391e8f4faca3536a070470e76d26625a6ec4df17b0fb0923fc31dfc1606f6a9cadaf4718d681d2351ddd138df20ff419c67f684d0d13792c78bfa348e5d76f00503124114034f41283e15ddbe79d5f4e200d5f28ada106334eca95a37fa843aa23236ef3d8aff07df194e8c4396561132379a60c449c5f1b400d2709d5c5f1ee1542790d5843e35f11be0ca4e7caa32c8329320069daea18ab51fad9ae4080d79671d73242278044391b9187eb0c05bbfef7d51bf64275f64ce780b25b509741c695f9e396234e3a67bc6988f05f6ad547371709e50b599179f7fc3def57115b58be578feb01612126bf5d1f08091743b76cd9cac032998adeb68a066387edb528b08d2063c3c504574e3d64ebee51da66e92bc3201baf0fa10bf5686e077a606c2b03a5529c97612b5d299078b99fc644aa101565836991bdcb92afae97b0330fc10c9af1edf05337221c05731246d57f7b063ee01778b99c768c8a8eb07e88f472d53bb59ec1db64191a32e981d384653943289d58970f4785d0081e321e5411bbe8738ee580a36be332a9082126579c797e162a37987a348743225786cf2e4e46f0c0ab0f7c14a6a16dc33e0f7042f203855db6776a3d760846ba5fd2173af04989b2f21cfd7e9e61df98adebef311c1c31f8b14f49c63ce924258af21d2d1766313a60dd23cf1966772551649ed78110d2462e47f14de5eed932bb03d3635f3bcbb8824bfa8b5c77649f097d78ec071b0d09dcdfc2078d0a97f96cb3e32f4cf80da4e07fad909eeabeb5715296ce578ada637a133ada68676e30632acba4f32fd2d23267a685f14a47fad0b36f2940494283a15b30576ff31e2b4472388fe3fecaa2e243818fce1d5de9a0e10aed4dc38a8636bec2ce0d43da7aa2541e8123bc4229ba6f9db4ec6b03c208125be4c389f8e587081209531f3c187077318698b08ace5b1e5a1c5b82633abfb6c4ef2bad7f9e61a142caef3c44dd6b81a9937650f75dfdb6f56bc26edc801fb0f53aa49655ce5f51283d8bb56ba56e9fc9f48395299a4ca4ae5b74398e1be02e2ea0565976ab155ae5df2114301565e23c25595853247dae9c2a598776c44ec0cfc26b3447c20b08424762dd29bfff90cf3f71f0fe933d1b1a29c3f6839858c7993a666401e2a03a1117988b28ae1c82adef8caf1ab564eb445199b57666397a7e7301ccfa9304dbf2854c8b50ab72ce6887e9cd69a647766f87a59d580a19964c9f691fb1eabe8143228bb375cbf12b5167085168ed22de2fee1b26d44324321a632b43d1b7bd13f15b807f1ab259b8456ba5d014fad3876b492b7f14af2ac75cb0f19eef7ad5c3d7f692d81ce1eb3e3fb96200d9253d338cb6d4097f3e6f4f061edcc98994b694b64ce1a266eac23e0506e68d09e4a3d0049420be6e73d684f7566e01bb43c1d51ed2e2c76be592bf4c6cf7471a21ba817f8c708ed76e14d6352e28deb6199bd7ec1232a041c6a655fbc01be4f749def876e0a94275c79bded1eb5bb3f9bfe286e14702e81c0e8a65f4b0a0a7ae62cfd4093a7e0fb07a02ab6a2f005ef538fd56392a3072f8317a1cedcdaecd857cef0f574efca11a6a28fbaa6fa2f6d74676197dec824d96b4ce0cc5999766b4926a6c21e21d4a78f71e87e9a8f1e2c4e3005da888457957377defd70d82fe26041f5399f295d869eb65c8e185a4f853c64603decb3c499a6921534730afbc41c1be57539603f0c1bdc2f61b8d7cfc971fe3fff189faae8411928dc039cb1ee33404544992a7f5646efd1e12d890ef7290ecc5e957a35cc6defb180b8006f8c016621bf17a6546022b9c579e781a66e57bc30d4c5ec8c56c42efce79bb8f203cb3c08133be710f2061879b90905671b346aaf735f2a614e7e46755d35570754e365490e2658090f40c2cb9164b0a1742b3bda5a32a4ebe25166c4ec0b387538362e7998092b1b737370239ef58f1f68f80753146ca2c166119fae83b2c60a19a1461903341d315d5ef8c57473bfd995964dc7b73ca7d35e88589cc7766480c9829ce44af423dcbef90b1ec62d8da8d812ad001e8e67df683dcb9de40db531e9eab3ca59b84689453b40f7df2b04051a6f052f179df5989bcb2e9245d23dee5d9b9ee03ee1ca0cef1b843acf0eb8dacd69047f5afda11b2a7ce274279c8b8a5da4618580f14d6c80bf1a647c90d2ef66395da4a0284427227ed59cc010088f39c12af4fb420683803db81f5ed467508b4e34886ce1550d7e9e29f9c92872d50566726af8b66b10498ce695ebc41573bc9100b6373c53cec7696bb79260d8214390d453d3223b9261c49fca17cf9923d7d1f3ac3abb332f37ddd9d0e09fb4df9305e88fc11f00ca1ddfce8dcc386e05a517c9b42d74629ff2460557107e7d39c0c1938e5b5f1da2dbffb30e3eb77c53d459580077eefb5260d59ad9fba11a66ffa703a3750d5979850acd8644de3c23a5514b4ba922dc20f5911b0d5078a1704f4016c84e39719c280db3ad2cd5f0693c8da07969c239608067fa82aba83d9a3a0f5f3e1f845a27bae1d8708d82eb10c7c205c07234b6e71312d54e878b960c821fd2dd01685143ffad375598dfd10038002a0d9aeceec499669523fb865683cb9379229761ac546e700a26523769ff1432d00073eb387e393d674eeb33a17422b3c0cedd91b3f0802ee59f1307467900c0a919bfaf92578fc18765cfc29cee13da07e821cc26354f5793d9e507cf13fdb55befeb814f4863552cc22440c3e80a61d7db867d72dfb41196bcc020f265fc9beec0004afff442c4a01a772db48a02d2f109a2096ec6d0f938cf8bc0835e07fa180f17cebf8a25b950380be955c4eb6a4f7fc6543a7eee578f800f5137069d08cd04f50cd02580aa7b249156baecd972eb6d8d9ff7598b85c0b0395016ade7107dcc8663c265857fbd7e42b3d4fb7a8c5f58b8befb22530ab47add8ca50611b23770d39a041c7291f30a92873d6c9f193f0bd8a7dc0949d435a3dbd554bf884bee76c3b28b2836e297a7b2dd940e6199b3c14ddf6bf7989eb9f721da9adbd2c754e91304b431c61deff5a7a24107a4f5bbeb1f422fcf10af1f5bcd204deb239c47e93d2f4ac55f4920bb4cbb0c358567ae115bfbcbdb2ff940f0d897fd54e9c198142e5445dc4a6ca4f794e26382394f6f11fc93acc4930cdb6fb39b04867eae0dad3cd2414ca0a1d9d8836a54894697bc3710e1ec9f58b28588a7108e6d8ea098c3e26646818345680dfd4812f89a2b632d2197e8d0d88fe932a1e52a1345d9e9d968e000ccf3658162ca9f50beb08b858a26ffe9cc320bc49cba66582647c5358234d9b38d3e605a2c1c4ddce61dd90070e26fc211d01fbec9fbfcc4cb0c1882014438284303cc80dee1760f631fc66a72d0eb6c6d01a7701a92c2a45613000ce87734f37ecce7774083b8e71dfba4a455516447b4dffe7288d578a37908ce0256d70d07c936a5d21ae223a3197f9cbede4ae983b9356a7073f2b6ba2068556721fd9379041897472c237a0c2007aa8f75a6e145c60a2f0cb7ffda5b6443e2682ec08eea3c851a72aa31508a186185962e79620791a3337abfdf527e513ea287a7b95f2a50f58575aac96af999ce667b1e415545fb931a02282eefad0e9489ec6478218b2a9478aa6060566f2ce636e28ce3d7a6d0c62c340c224efe58b8c99b9d59e6890e858244cf85102a44909645fcd66f57a1e4cde0697e53547aefeadef57db39543bc4b444f1fb5e99d3df8860fa13b91b3c9c47cba2ef823f7739d93f1d59251f2ecbe25b2cd67be1fe37359c5a673564688806154cd28bff8cf321578ef5580b945d208050f13e4429247dadbfeb417519d6b48aeef36e32c656d138191d612b99bcd11225187c41cba1b17b401698a12a3d28f6807be56dee75b93a27a5a120ce4fa25b45a41e2ff5affcd8771ef5efaeba4763fca7f3cadb4a96fd45dc42767dac4efc77aec8803b9edb4e2a3843a5a4936754d42c6bfe35a677aa972873190683712960a9172e75d039ae8f724e51f3770e85efb65dceedbf3e41f5e25244771a004b77777d745ef7401ab7f4586e2c10b0bece0137db9e5285a27621cf0dbe74ddbdeb2904beea55318ff8d65836dd2a57ee5354ac92e7727d2efefa10885184a2647597fb6d482f928baf0be5f83feb05be019268d05e419f58e9e590094a7e3ad7da2aa0fdcd2cfa2f7e7b26750d9049c0402d3def15b15491e1326f71a1d1e4a2a24ff9902f2d0e0e36cfd4314610be7a4e5f6ded81cc6048ee9f4e857f91a131220eedb51838cb1e406c20ef20a5783fb2cfdbaebce5d56a59579b994a0bebf58626e98bc4a7387b9bee07d5dd14a38e27d350cf159200fb2761d8953f1906298c74ee6c78deadd208bb84d3bc074ef127166f6b6c9c6315a76e2606a3aa91b19ae867e3e7372225d8266b6c87aec5fe40af5c816e7771cba0ba9957b6736b6d556daac4c1f60479c7ca81783f6e97509ce609ee07891b79020199018e67c05de3ba577af655ab3b5c79672cfb14c57499558d76f9e1e9681a07acde5064380e0f0446b1e9c2a15cbfdf5fae562884c2bd1f724fec6b0c520aa7df5239c1d54bcbaeb711be9e224eb5aa5dac0df99d8782248f70d9f86c1b576bef030d386beb50ca315c14b768baa013f3b70d85b6fe13bdfe7aa839804a139877c54c5135c920e11404d33a8385559acca5600e96cae8f459bfe295df4198fd19a192ae26c8a694151c70d70d5101b002f2c2580f969571d2cce22218d577b9ec43136e6284953546650b5974da34ad5dd4b0fb1e8e699eb3333e7e3477f21aacd908c69b4d9d092f881039c59c03f4503dfb1dc84f89c16be07b39a0aba23ad387fbb0980809b4147fce3127aaeb40638c889ceda0144189352a3497912daebdde46fb603cec06d9dc6e49fc916c7265c8ef0122f60f46dfd5047f75178e8eed1e2323e67ffbb1de6ca51dfb052862eebc8c81a038906831ae942bbd1148c632af20a06e032f7d91d7a07c740b174d641eee12e66d8db9aa9fadb4004290302d4e35485d9118b4abbb97a2690ec53a1d8555861185f66ec039c627dc74b7b51c7e7754a1391ae29488dce09416116d3e5fb2511865181471a6e8d11febe050358294738931a58326faf5ad405941a8a90cf88b9e155470e4034ad0c3de21c03697d09ce094b5532a77ea66f9c05609f079edac54b310fdd8452a2134ecfddc899f57014754b4783dd4cf190bb957271e9f9f4aa1bf1e792f711c2156cf09015707371a4e88987c25707c5c5a7fc7891b358d1ce9b0ec38983853d0059d5bf5da2c4c5a7e8863ba0b91cb18e94ce20ff72c7cba848355f5afd5e5c086fd16c1647d145cef93f2e7e337f43f67198abff32dc3e624f768ace48bb989e49e02b42bb4831610f561c47b84624f00c011ffee7376ca0b0aa09b048826a40463a6949c47473ac1d524bd808ec7e876822f15512a6814dc335daa536e7148fbfb8200603b882e4c693f5960965e419bb00fe41743084b619cefa3fddf2485e753f1b96de55e3e54cef66885c73dde661978fe65a6966767c9991f030d1dc9b882cd6fbb83181474fb57360a591c2782369d00df5be76697dcc697351006d7fe8363437a220df1cf36f464de3ada90fb8b6c56d607f245a8a8175bbf63fea0c45c8a6462140c285a86ca0bc0b872297c0981bc33c53a0499f849cf9a86db6bb48b87b597f2dd04b29e376a757e070d6b724d7a4ded0a01fd03e58c2d1d7c9bd084c8388e3a193423010e328952c5a62b4100788d1ac5b61c203c31997003d7669f4eff0e01a75d3a06cc7ef7b9a621a93cc6954118d8f7736245665c24ba84f9bf5851c481cac617fbb0ff71f3eaf5441348e61f5e4e7e8bca22d9e91e4a6e843bf02d324c8b55ec8a519b6f95818d84ac9e0f4ec36b7fb44b3db6924bef1a431dde856cecfb479072bc2d97efedb1dfd9fffbcf6dd430899d0fd8dcf33a2c137296d28373cf70984d6ffd823abd4721303c0c4072bd9c0723b7e868290b9e6f2d5b92feb6a4d2ea5dfb31c3a9cae8611a567ade5fc050eb7b74a240ead9a70679e61b4b8ac671695e70879459afd7151bb29655274d7ec3d10766eb919f5dcc648394717507588a95800b0c9969c70b981dd37e1b5702f50f49a67aed32db437746da94c965344e7fda47d36488fd24489f462b8abc2bd08ffc7c54dd7a2d1ebffe3b126565b89b764a289e505411ae846f5b8f9877ffcd70a8a57b3b7dcf8356d774aaa2746f63fd8e9e5e4b6d5b2ea62bdea0a90696608d156623863985f13b312a56960e3d5cd908ce456a2465ac72232fafd4f1c779b8e6707f3b34c5dc1356ae159bcf311d77e15dccb6c094ab12e999e1aea1026afd8c3dafa5f761a7e82bc139951e1cac736d0e3ed163837b3e8a120df674355c32a17efb6d126beda38ac57722f16e5e2ff5a5979b219e6a886f3cb853291cb5c835d591b6229ae938cb59ac73caaff0a1e13f6efb4a3e1385fc8fe77a33a189cf1b1a5eed06bee4d5237aafdede0f3c883f64ceaed04d88ac0e3738f89f7eba17fa71ea5bdad5af6c2a3c281c6762cc70f277361aec24a666ccfd95a8cc9af0dbb331f840e1990083cf648f7068808f903f281e6222d3ea6da539d047f6309d2d0c0d1fc9b7e2b2b7d082432f8d819f923f54e2ffff2e1504c3f7b17a9b19c32bed9ef376fe6d0d0647f9be85c617eacc82cf9ec9a9c901cc4088fa90e1abbb6f1340e34e4445313922286d5d1e655da8b42e799eb04a8f766d88ae24dcbe9f589104ee2c83335d6b3a498fd236fdd26c1b8e72258925de84861e3946a389bbce2d87e044d242ce9684afaf75ff20306db09dfead4481c844dbba005146a50dfbe3b4d939d3bb587a00daefb7db1f1cfe616c0528941d28cae06f057650475dad0fd3be6e85f5693b32636e8677634fb17ed60379b9a74a22f0abb12f74f2084c8bff00afd1e7ccc43a3b08ecabc1aa4a722e1f3b1c2510476e643df4b4a6f069e8029c975f471c89a3c0c49c63c6c0899950ea89f6d692a0f2e2e7a8e828f7e9cadda537119db284505380296a689a7bc168da713671c3d47af2ac32e53a05796ae11afc14d87f2daae13201275228d0d536d72cd43580726378be6b9a7b4e56670998adf46cbcb2a61d5daffc57acbc682d1e1716409527db61a11bf2d0b6b8ec8ac9a6fb553935329ba9f877b1019d1bea3ea0e98d65b830765e50786a2dc0600000061efc79e406155f2e6df3187b0a22864cbd5ee9d29c0ed153fd2751ce7d6cc9178481c0a3806791f6e4be674352a76eeffcf07dc867fac687933d2b7597008c2614a2e0157cad1f7bcf75a3e98bfafa4addf57db94421b54c8e3580c554c11b15e9f10a33c21e430bf3e13f3fcea6b17ce4d7f32ac0ecc9540b1deebb0b73bcb56f9632cced1b0f5f1ba4a9fa5100e8916bb7f47f71e5fc4cc46b344dadc9a9bc1a470583490a6304b374da44a179533dc00f3614678b292841b47f34dde4f08f0f86fd50f4a6984bed2a1d8dbb49f987dc196180aa6797f8b9cf739a5b6b940c841346ed2189f76733ddad49787b44737ffd2179ce2d3c9b94332014ee0f3882f62ab697d09dd37cb5d602e1fb24fef4309e72e76cb43a2bdcfd5ba97ff84f19801aba142c1be10851cf937d4cef92423d630646b1c9ae3580907c84db42ec4132cb9702781760c5a7d3aadc0395bdd0b7dce7bbdf8cfe6610dd7187ae6534cdf6267f8e9423e9805bab23e22169f9af3312cbea92d784a343419e4f038d1547625e13258e2f7330c75adf5d810efd666ca9b93368ae3a745113f125f961a0ca79287c3eba8ac2a81e7ea5b66bbd04b5e12a9e73f776ff17bbb3deb2473e10a284ec98e9e52c178cff024e1885b86ef7559227e033ec4f8074e513d85b50810b158e9dc1d42a810251443b44f325dcca8e47f7b1dfcdccdca14947083a9377694bef2acc5af03e63edcd03f54bb53c0cb8769d1a009f096de7f43c79eb83d2f360fd5118f4ca54367389b9b3c68e0f655a25328585cd27d3d908787ff816968da7769838e26bb215e6823d987f09f3d5cea873c788d667e92fd590463c579bcccd21b0edc12eab5c6939487baa24a1e22ceff90b9d6587d6b7bd69a15efa818e30f3b65c4234de7951ba94f0e6726d1237e0168b2044b7067de2c0766e1d3502094ccf35d0882a09e9f50d7d20e3ac8ecfe6e1c0606fc750dd9f340a7776d2eeb6eb5e50823a82f308eaf3ad5908baf58a780759d6ae8022aaddcd599c427dde8d986f14fb433b5b351edf64e943f1fcc31a0e1fb7c077557d9581d91e9ce1f71193db30cc42d280517b8de8818dc1477882039247841870285cf1e1da4c443b83b5c791b0a8eaf697f571e7c3d51baf0cd27dfb809cb31df5f714051f5a9a83773102641f7d345bb18641f0eb4c8a168ad8f056662ef7565906a71ba7a79ce9f0853054655c432dcf32b78b7b3b4bdc5b40092da20b5a8859b4d2b863f94e21fcd70425177e6dd9a64b2ab690e14ccee1374a7815f06a5f09de4f6043d2b39fddcef29e92910a6eea18ced41c1bedfcdee1089ec2deee3ad76b7cabd255b1a2a53f7575f459e0230c018165747126060172d5f13816edc644972a072a7e401d439dad958949ef477d8a2b5e5899a8ea8846cbc7b335b78c7f2644c8c69a1e6b254f58b8aa7a7885c4234bfd962352c311a007c2a7bb5a8e34202dd52692304624117be8ce6f110782767587aa4943a9ddbb960b7e00396fdbabcddd4854e0313daa94422601af0462314c173afc2528db6052e221dc59d594f89e7c9452b5c605b5955b469482d5135cfbf2d0d3b455508d9f40f37eca2b11fbac931f4e2ebcc9bc690de80641ce0213689946735ea8473f6c89e24f5246d22ebb22dd377ef43579702cd3d80650e14766ce7a37a8823841967b650a7a3a347a6f0b2ba7d8bb1e9fded9cd7e2b47742fd726d07447de92ae4b02db7c30a7e065b2d05ff5ff5709b7cf283606903f80e99810799780780d6a28cdda40505d3a4df0996b9d9bb237477cac4fdd3fa1717c9365ac7318de52070fc91861db4624f83dc374690209ae7ff09a0d2aae536937cd86ddd187bace3b7b42974e81cbe54fc011ca1817c1323cd0914ea96b6e7ebb10b7213a51a34b3bba4c129d571ca9f41a6aa41ce336bca6911f24f45cbb4122e1100a559a3e580957dcdf5f14bb32154ed64f250f480b282f5fe9ee65621093d370682afd2b8f37a7e9aaab1447c5162887f3d0f6c74959938c0716ab03dd242f967f574df9cd25cfd64bcb2e6f5788530e761711990778960bd7a828497cec05da36777433fb27bd80d517f6850c46d84b101ea644b596d352714945d6e31b2c43c1acb4e09e443fe51890559a0dd049dbe33d375e46f008bb5ee4af3a7609120cb5498a7aa33fd64f7b3e18170cfe1875cb6e25ce1dc78d04130894d757b66da2349a7f038c747138b0eaf0f2fa933ef7f51dfedb586bc0f49c76860f46009e28ab730290080e0483c70635da84b373e7413fa576e2a3e464c1d2432b3fe5e1a08e06e004d6c47948da8f8290db7ef807a23aabce4fc3e2164be066a721a7ace91f82ceecf3a1339d60134e410dee712bc5585c2ad61389ddeb49bf8679112d537418f9d2379c4bc56850fc400c6ba0b3f9252d43bf5271167adea041bc537b33d22a6c7226a6b9897aa1d34a35198f151865243de05435a58716e5f8a864e01ebe6ec6fd841210b5a1c39027f59e3df97b3090ea6a0e7113bd1ee146e174aec4139bbf6f9fdd7b6dc5d92ee3b4d5044db49e04a90a820993bda6858c36e414e8fa033cb86c58ca687043a0754d0a96cd9833f188cb5b9ca73f412a81dc92b3b88f8585fc357129ab44fcd3c04d46aa09b6373539e784aa546106b7a7472829206a5a1df78df26d0cc691d158136da9661990109e74d75e866388e2fbc8a905c5e939e56a09bb168954ddac4be6f1b9770137440129c4328246cb71bcfc2e95925616fba756806fac7b4256597a837bd170674fa678d8bb70c9c50c4d62ed7bab199363854d073f50758f89d2670b39ba58e16267aa45f69367e003e3ee1899f7400580b375984dd040ab6eab1ec0fcd3ffa536004727ae17dc4cd76d4c2534bd50b92a5e1039e4cceeeb7e48cf347314db3534c6e835d94315fe129bdfbaaf4ab528d20fc0c802eebba43b81d31f2f25079057e25f3fab4bb1b61a8380694e586a5d248fdd0b30a54794eb3852267ea6e5b6d3dcec4e3c889ff42759c96f535f5330b1d869bdc41592791dc4a56f9de48e90182bcf0af670155b79291e811fee0098a39d12f6001f71547bed9f07a10ad3d8054dc5cabfa30feadcf25c851a64fa03d75c0f2e57f9887c9606707005d6d1fb9dee4b4ae52637ae6d963f6c3409e8506c165ae21185f04c55e7bc5af51de5b561a3493f2d7b30ec26bb8a03e4493d27de6608ede356b6b62111c25f446f4fac3056c70f762919f021d7bc4c1470ece9776dac82ed0678c88cd3c8fcd92de28e0ce9a091405f9b8f2d3aac3a78553f47b75b6d91cf53e4e93857b55edfc7afe956b264067d9a0591acd3f6b32ddd93de8ddc046ff55d1f41de1021ce62c988fb378e9e4e1efdc428dbccacf0fa8232a52673aa67ac0251bed7ec2eddad07ed57d9cc6a735171cc180544a8ba5887f7cb588474897376c3b5d0b633a54ea821f2117ef8bf9d4f509bd6487042b0208069d44aceff75f49fe3ab2a39069ec0ac2f3dbee0b982b8f04013ed2e99907030eff31be0b847bbc818f68103e8c24d99f8fee0fdd968751ee3482e90c210ee47cb2f6b5e5fb87248ed281dad438af5808128f83a3b602a2238632d3067e19a764b4386e726bbe17b70499c5b381d94d83c9ff03667f3b6cb8505efc134a7e2c1460349f0efe1b5ef15519445d5f4c146a1af51a164353733f8dd16704f462fdd309cdc5aa1d6be35643cbb94e3872d82c9ded4f3a287d199e6bf2a35567bc382b34957b8730b0dd9400", 0x2000, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)={0x90, 0x0, 0x2, {0x4, 0x0, 0x0, 0x3, 0xfffffffb, 0x0, {0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x2, 0x2, 0x800, 0x8, 0x800000, 0x1, 0x1000}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000004c0)="0f064b0fc71ac441e012e9c4427d257c6402c423f978f50066baf80cb81c07da87ef66bafc0cecf342a60f00d6c7442400f5ff0000c744240203000000c7442406000000000f011424c4415f5c9297e5ffff", 0x52}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f000000a100)={{0x0, 0x0, 0xfffffffffffffcfd}}) executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000001080)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x40000005, 0x4) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f00000001c0)=0x7f, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x4000, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = openat$kvm(0x0, 0x0, 0x2382, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) socket$rxrpc(0x21, 0x2, 0xa) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000240)={0x1, @pix_mp={0x0, 0x0, 0x50424752, 0x0, 0xd, [{}, {}, {}, {0xf, 0xd}, {}, {0x0, 0xfffffffe}, {0x7}], 0x0, 0x0, 0x0, 0x0, 0x6}}) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$rtc(&(0x7f00000004c0), 0x0, 0x0) syz_io_uring_setup(0x1e1e, &(0x7f00000003c0)={0x0, 0x3da2, 0x4, 0x3, 0xdd}, &(0x7f0000000440)=0x0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='nfsd\x00', 0x10, 0x0) chroot(&(0x7f0000000180)='./file0\x00') umount2(0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000340), 0x0, 0x10000055) executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000180)={0x0, 0x0, {0x0, 0x1}}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01) write$sndseq(r2, &(0x7f0000000080)=[{0x1e, 0x0, 0x0, 0xfd, @time, {}, {}, @result}], 0x1c) executing program 4: r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x1, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0xffffffffffffff3f, &(0x7f00000000c0)={&(0x7f0000000680)=@newtfilter={0xa4, 0x2c, 0xd27, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r1, {0xe}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0x44, 0x2, [@TCA_BASIC_POLICE={0x40, 0x4, [@TCA_POLICE_TBF={0x3c, 0x1, {0x2, 0x20000000, 0x1, 0xfffffffe, 0xfff, {0x5, 0x0, 0x9c, 0xf9e, 0x4, 0x7}, {0xf8, 0x2, 0x0, 0x4, 0x6fb, 0xf}, 0x6, 0x3}}]}]}}, @filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_SRC_PORT={0x6}, @TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @multicast2}, @TCA_FLOWER_KEY_ARP_OP_MASK={0x5, 0x3e, 0x2}, @TCA_FLOWER_KEY_UDP_DST]}}]}, 0xa4}}, 0x4000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='xdp_exception\x00', r0}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fdffffee0000000000000000850000002c00000095"], &(0x7f0000000040)='GPL\x00', 0x5}, 0x94) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r2, r3}, 0x40) syz_emit_ethernet(0x1048, &(0x7f0000000bc0)=ANY=[], 0x0) executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x80c80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0xdddd1000, 0x0, 0x0, 0x8, 0x8, 0x0, 0x2, 0x0, 0x6, 0x9, 0x10}, {0x8080000, 0x0, 0xc, 0x8, 0x7c, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x2fff, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x100000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x3000, 0x9, 0x0, 0x0, 0x4, 0x20, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0xd, 0x7, 0x0, 0x0, 0x2, 0xfe, 0x0, 0x0, 0x80}, {0x8080000, 0x0, 0xf, 0x6, 0x5, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0xfe}, {0x80a0000, 0xdddd0000, 0x0, 0x1, 0x0, 0x1, 0x0, 0xa, 0x26, 0x0, 0xfc}, {0x80a0000}, {0xeeef0000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0xf801, 0x0, [0x0, 0x0, 0x1]}) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f00000000c0)={0x40000, 0xeeee0000, 0x0, 0xfc, 0x1}) executing program 1: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) executing program 4: socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[], 0x0, 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001640)={0x11, 0x19, &(0x7f0000001740)=ANY=[@ANYBLOB="180800000600000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1}, 0x94) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003340), 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000540)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0xffff, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7}]}, &(0x7f0000000240)=0xc) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x7a, &(0x7f0000000340)={r4, @in={{0x2, 0x4e22, @private=0xa010102}}}, &(0x7f0000000040)=0x84) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r5, 0x400448e6, &(0x7f0000000240)="7c773d39aeef000000006dcffe32d6e49f") ioctl$sock_bt_hci(r5, 0x400448e6, &(0x7f0000000500)="d7") ioctl$sock_bt_hci(r5, 0x400448e7, &(0x7f0000000080)) mount$9p_virtio(&(0x7f00000001c0), 0x0, &(0x7f00000004c0), 0x0, 0x0) program did not crash replaying the whole log did not cause a kernel crash single: executing 1 programs separately with timeout 1m40s testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex-futex detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program crashed: general protection fault in try_to_wake_up single: successfully extracted reproducer found reproducer with 7 syscalls minimizing guilty program testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) program did not crash testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program did not crash testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program crashed: general protection fault in try_to_wake_up testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-prctl$PR_SCHED_CORE-timer_create-futex-futex detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program did not crash testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-prctl$PR_SCHED_CORE-timer_settime-futex-futex detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program did not crash testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-timer_create-timer_settime-futex-futex detailed listing: executing program 0: syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program did not crash testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program crashed: general protection fault in try_to_wake_up testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, 0x0, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program did not crash testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program did not crash testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program did not crash testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program did not crash testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program did not crash testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program did not crash testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, 0x0, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex program did not crash simplifying guilty program options testing program (duration=2m9.256898509s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program did not crash testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program crashed: general protection fault in try_to_wake_up extracting C reproducer testing compiled C program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex program did not crash testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program crashed: general protection fault in try_to_wake_up validation run: crashed=true testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program crashed: general protection fault in try_to_wake_up validation run: crashed=true testing program (duration=2m9.256898509s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-timer_create-timer_settime-futex-futex detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) program crashed: general protection fault in try_to_wake_up validation run: crashed=true reproducing took 1h3m15.224020752s repro crashed as (corrupted=false): Oops: general protection fault, probably for non-canonical address 0xdffffc000000014b: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000a58-0x0000000000000a5f] CPU: 1 UID: 0 PID: 6329 Comm: syz.0.96 Not tainted syzkaller #0 PREEMPT_{RT,(full)} Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:kasan_byte_accessible+0x12/0x30 mm/kasan/generic.c:199 Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e RSP: 0018:ffffc90003b4f7e0 EFLAGS: 00010006 RAX: dffffc0000000000 RBX: ffffffff8afa4087 RCX: d55d721dfc9be300 RDX: 0000000000000000 RSI: ffffffff8afa4087 RDI: 000000000000014b RBP: ffffffff819084a7 R08: 0000000000000001 R09: 0000000000000000 R10: dffffc0000000000 R11: fffffbfff1e3ab87 R12: 0000000000000000 R13: 0000000000000a58 R14: 0000000000000a58 R15: 0000000000000001 FS: 00007ff3618b56c0(0000) GS:ffff8881269bf000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff3618b4f40 CR3: 0000000025e2e000 CR4: 00000000003526f0 Call Trace: __kasan_check_byte+0x12/0x40 mm/kasan/common.c:567 kasan_check_byte include/linux/kasan.h:399 [inline] lock_acquire+0x8d/0x360 kernel/locking/lockdep.c:5842 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:557 [inline] try_to_wake_up+0x67/0x12b0 kernel/sched/core.c:4216 requeue_pi_wake_futex+0x24b/0x2f0 kernel/futex/requeue.c:249 futex_proxy_trylock_atomic kernel/futex/requeue.c:340 [inline] futex_requeue+0x135f/0x1870 kernel/futex/requeue.c:498 do_futex+0x362/0x420 kernel/futex/syscalls.c:-1 __do_sys_futex kernel/futex/syscalls.c:179 [inline] __se_sys_futex+0x36f/0x400 kernel/futex/syscalls.c:160 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff36226eba9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff3618b5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00007ff3624b6090 RCX: 00007ff36226eba9 RDX: 0000000000000001 RSI: 000000000000000c RDI: 000020000000cffc RBP: 00007ff3622f1e19 R08: 0000200000048000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ff3624b6128 R14: 00007ff3624b6090 R15: 00007ffde77f1178 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:kasan_byte_accessible+0x12/0x30 mm/kasan/generic.c:199 Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e RSP: 0018:ffffc90003b4f7e0 EFLAGS: 00010006 RAX: dffffc0000000000 RBX: ffffffff8afa4087 RCX: d55d721dfc9be300 RDX: 0000000000000000 RSI: ffffffff8afa4087 RDI: 000000000000014b RBP: ffffffff819084a7 R08: 0000000000000001 R09: 0000000000000000 R10: dffffc0000000000 R11: fffffbfff1e3ab87 R12: 0000000000000000 R13: 0000000000000a58 R14: 0000000000000a58 R15: 0000000000000001 FS: 00007ff3618b56c0(0000) GS:ffff8881269bf000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff3618b4f40 CR3: 0000000025e2e000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 7: 00 8: 90 nop 9: 90 nop a: 90 nop b: 90 nop c: 90 nop d: 90 nop e: 90 nop f: 90 nop 10: 90 nop 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop 16: 90 nop 17: 90 nop 18: 66 0f 1f 00 nopw (%rax) 1c: 48 c1 ef 03 shr $0x3,%rdi 20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 27: fc ff df * 2a: 0f b6 04 07 movzbl (%rdi,%rax,1),%eax <-- trapping instruction 2e: 3c 08 cmp $0x8,%al 30: 0f 92 c0 setb %al 33: c3 ret 34: cc int3 35: cc int3 36: cc int3 37: cc int3 38: cc int3 39: 66 data16 3a: 66 data16 3b: 66 data16 3c: 66 data16 3d: 66 data16 3e: 66 data16 3f: 2e cs final repro crashed as (corrupted=false): Oops: general protection fault, probably for non-canonical address 0xdffffc000000014b: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000a58-0x0000000000000a5f] CPU: 1 UID: 0 PID: 6329 Comm: syz.0.96 Not tainted syzkaller #0 PREEMPT_{RT,(full)} Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:kasan_byte_accessible+0x12/0x30 mm/kasan/generic.c:199 Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e RSP: 0018:ffffc90003b4f7e0 EFLAGS: 00010006 RAX: dffffc0000000000 RBX: ffffffff8afa4087 RCX: d55d721dfc9be300 RDX: 0000000000000000 RSI: ffffffff8afa4087 RDI: 000000000000014b RBP: ffffffff819084a7 R08: 0000000000000001 R09: 0000000000000000 R10: dffffc0000000000 R11: fffffbfff1e3ab87 R12: 0000000000000000 R13: 0000000000000a58 R14: 0000000000000a58 R15: 0000000000000001 FS: 00007ff3618b56c0(0000) GS:ffff8881269bf000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff3618b4f40 CR3: 0000000025e2e000 CR4: 00000000003526f0 Call Trace: __kasan_check_byte+0x12/0x40 mm/kasan/common.c:567 kasan_check_byte include/linux/kasan.h:399 [inline] lock_acquire+0x8d/0x360 kernel/locking/lockdep.c:5842 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:557 [inline] try_to_wake_up+0x67/0x12b0 kernel/sched/core.c:4216 requeue_pi_wake_futex+0x24b/0x2f0 kernel/futex/requeue.c:249 futex_proxy_trylock_atomic kernel/futex/requeue.c:340 [inline] futex_requeue+0x135f/0x1870 kernel/futex/requeue.c:498 do_futex+0x362/0x420 kernel/futex/syscalls.c:-1 __do_sys_futex kernel/futex/syscalls.c:179 [inline] __se_sys_futex+0x36f/0x400 kernel/futex/syscalls.c:160 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff36226eba9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff3618b5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00007ff3624b6090 RCX: 00007ff36226eba9 RDX: 0000000000000001 RSI: 000000000000000c RDI: 000020000000cffc RBP: 00007ff3622f1e19 R08: 0000200000048000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ff3624b6128 R14: 00007ff3624b6090 R15: 00007ffde77f1178 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:kasan_byte_accessible+0x12/0x30 mm/kasan/generic.c:199 Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e RSP: 0018:ffffc90003b4f7e0 EFLAGS: 00010006 RAX: dffffc0000000000 RBX: ffffffff8afa4087 RCX: d55d721dfc9be300 RDX: 0000000000000000 RSI: ffffffff8afa4087 RDI: 000000000000014b RBP: ffffffff819084a7 R08: 0000000000000001 R09: 0000000000000000 R10: dffffc0000000000 R11: fffffbfff1e3ab87 R12: 0000000000000000 R13: 0000000000000a58 R14: 0000000000000a58 R15: 0000000000000001 FS: 00007ff3618b56c0(0000) GS:ffff8881269bf000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff3618b4f40 CR3: 0000000025e2e000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 7: 00 8: 90 nop 9: 90 nop a: 90 nop b: 90 nop c: 90 nop d: 90 nop e: 90 nop f: 90 nop 10: 90 nop 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop 16: 90 nop 17: 90 nop 18: 66 0f 1f 00 nopw (%rax) 1c: 48 c1 ef 03 shr $0x3,%rdi 20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 27: fc ff df * 2a: 0f b6 04 07 movzbl (%rdi,%rax,1),%eax <-- trapping instruction 2e: 3c 08 cmp $0x8,%al 30: 0f 92 c0 setb %al 33: c3 ret 34: cc int3 35: cc int3 36: cc int3 37: cc int3 38: cc int3 39: 66 data16 3a: 66 data16 3b: 66 data16 3c: 66 data16 3d: 66 data16 3e: 66 data16 3f: 2e cs