Extracting prog: 33m54.406930964s
Minimizing prog: 53m37.759251593s
Simplifying prog options: 0s
Extracting C: 1m51.430194538s
Simplifying C: 15m59.10794532s


30 programs, timeouts [15s 1m40s 6m0s]
extracting reproducer from 30 programs
single: executing 5 programs separately with timeout 15s
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@newtaction={0x8c, 0x30, 0xb, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x74, 0x1, 0x0, 0x0, {{0x7}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_LABELS={0x14, 0x7, "4614c334e344ae53204373dc0ddeb17f"}, @TCA_CT_LABELS_MASK={0x14, 0x8, "eb6404074c369780d3df843c4e5e039f"}, @TCA_CT_ZONE={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): nanosleep
detailed listing:
executing program 0:
nanosleep(0x0, 0x0)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-openat$cuse-openat$kvm-bpf$MAP_CREATE_RINGBUF-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-openat$nullb-dup-creat-close-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-prctl$PR_SCHED_CORE-sched_setaffinity-syz_open_dev$MSR-read$msr-ioctl$VHOST_SET_MEM_TABLE-mmap-write$binfmt_script-ioctl$BLKRRPART-ioctl$KVM_SET_MSRS
detailed listing:
executing program 0:
socket$inet6(0xa, 0x0, 0x41008)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r3 = dup(r2)
r4 = creat(&(0x7f0000000300)='./file1\x00', 0x120)
close(r4)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000200)={0x1, 0x7b})
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f00000001c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/71, &(0x7f0000000500)=""/73})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000015640)=""/102400, 0x19000)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x12, r3, 0x52a35000)
write$binfmt_script(r3, &(0x7f0000000840)={'#! ', './file1/file0', [{0x20, '/\xf4'}, {0x20, 'Q\x84\xf6ui\xfa\xf5\x16i\x859o\xe5\x13\xd5gV\x04\x00\x98\xb0\bQ+\xe2G\xa1\x1e\x01\xa9\xd6w\xdf\xa6\x9d\xcc<\x86\xfd\x18\x99\x19\xed\xc2\xdc\xf4\xbdV\xfeF)T\xb6\xc6\v`\xbf\xec2\xf5\x12R\xa1\x18\x9a<\x8fx\xf4\xcc\x18\xfc\xdb\x0e\xe7\xde^\x88vN\xe0\xe4P\x1dj\xd6&7\x7f\xe82\x92w\x12\t\xff\x19$\x93\xd5\xa4\xe2}\x9aA9p\xffk0\x8c\xc3\xae[n1\xb4\xd7\xe6\xa4\xc2\x86M\x83\x1d\xd7\x84\xa4\x85n(\xd3\x95\x82\xe0\xff\x89=\xe6\xceM\x12'}, {0x20, '/dev/nullb0\x00'}, {0x20, '\x00\x00\x00\x00\x00'}, {0x20, '\t\x00\x00\x00\x00\x00\x00\x00\xb2%}\x88\xd0\xfd\xa3\xf7i\x00!\x00J\xd1\xa7\xb1\xb1\xae\x1b\xb4\xf2\x985\xe6M5Px\xbe\x00'/47}, {}, {0x20, '\xfe]\xe9a<$\x01)\xa3\x03D%\x06\xf9}iv\xfc\xe0\xc7s\xc1\xa5c\xa4\xfd\xb8\xea\xe5\x9a\x82w\xc6\\]\x8cB\xfb\xea\xbd\xe3\x8c@\x8aqX\xcd\xf5?\xe6\xa2z\xbdPF_\x01K5\xbf\xc0\x83=\xa9]S\xe2`\x02j;\xce\x8a\x9fY\xdc\x90L\x1f\x9cS\x83\xb4\xc3\xfb\xe9$\x80\xbd\x85\x8bu-a\x9a\xb3\xb0{\xed\xcc\xdd\xeeG\xeb\x98\xb2\xfa\xc8\xa1\x04\xd5N\x9f\xda\x95\xf8\x8c\x92v\xf3\xf6I\xeb6\xe9`\xcbt\x0f`\xb3dl\x0f\x8e\x93\x10\x97n@\xc4\xcb\xc6\x80\x17O\x8dM#x\xe2\xe9T\xda\x1d\xe6\xb1\x1b\x06\x89\x94Q\xcb\x8f\x92N\xade\xf9l\xca\x81\xd3\xd1\x84`6\xed\x98\x9a\x90:\x13\xdb\x8f\x87\xd6\xe8w\xfdb\x17}\x14*z\x98\xb3\x96\x9dW\xa7\x81\x0e\x11Q3\xc2\xbfx\x94\xbb\x13\x9b\xd2\xec/\xfac^\xa2\x8e8\xbeM\x11\xcb\x89P\xba\xd9E}\xe4\xa7M~?\xbdiMh\xce\xb2\b\x9d\xf0\xbd\xc5\xa7=A\xc9\xf6\x9c\\\x9c\xf0\xaa=\xb7\x83\x80\x10.%\t\xed\xb6\xacP\"\a\xc6\x8a\xf6GB\xd2a\x83\xa4\xa4\x1bRO\x1a\xe2N\xe6\xc8\xf2Cm\xb0\xe7\xeb\xcf\xc3\xba\xbd\xf4\xde\x8aZ@\xcd\xc9\xcbLJi8\x04q+\xf9x\xeas\xb2\xa1D\xd5\xc7\xfa\x919\x93_\xc7/:R2\xc5\xc0\xb4\"\x85\xe8THI$\xe5\xac\xb7\x13\xb2\xa5\x93\xbf\x83g5.\xb9\xd0\x89\xef\x8f\r\xa2\xfe\x90\x1b\xc8['}]}, 0x259)
ioctl$BLKRRPART(r3, 0x125f, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000580)=ANY=[])

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-openat$cuse-openat$kvm-bpf$MAP_CREATE_RINGBUF-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-openat$nullb-dup-creat-close-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-prctl$PR_SCHED_CORE-sched_setaffinity-syz_open_dev$MSR-read$msr-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-ioctl$BLKRRPART-ioctl$KVM_SET_MSRS
detailed listing:
executing program 0:
socket$inet6(0xa, 0x0, 0x41008)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r3 = dup(r2)
r4 = creat(&(0x7f0000000300)='./file1\x00', 0x120)
close(r4)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000200)={0x1, 0x7b})
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f00000001c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/71, &(0x7f0000000500)=""/73})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000015640)=""/102400, 0x19000)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r3, &(0x7f0000000840)={'#! ', './file1/file0', [{0x20, '/\xf4'}, {0x20, 'Q\x84\xf6ui\xfa\xf5\x16i\x859o\xe5\x13\xd5gV\x04\x00\x98\xb0\bQ+\xe2G\xa1\x1e\x01\xa9\xd6w\xdf\xa6\x9d\xcc<\x86\xfd\x18\x99\x19\xed\xc2\xdc\xf4\xbdV\xfeF)T\xb6\xc6\v`\xbf\xec2\xf5\x12R\xa1\x18\x9a<\x8fx\xf4\xcc\x18\xfc\xdb\x0e\xe7\xde^\x88vN\xe0\xe4P\x1dj\xd6&7\x7f\xe82\x92w\x12\t\xff\x19$\x93\xd5\xa4\xe2}\x9aA9p\xffk0\x8c\xc3\xae[n1\xb4\xd7\xe6\xa4\xc2\x86M\x83\x1d\xd7\x84\xa4\x85n(\xd3\x95\x82\xe0\xff\x89=\xe6\xceM\x12'}, {0x20, '/dev/nullb0\x00'}, {0x20, '\x00\x00\x00\x00\x00'}, {0x20, '\t\x00\x00\x00\x00\x00\x00\x00\xb2%}\x88\xd0\xfd\xa3\xf7i\x00!\x00J\xd1\xa7\xb1\xb1\xae\x1b\xb4\xf2\x985\xe6M5Px\xbe\x00'/47}, {}, {0x20, '\xfe]\xe9a<$\x01)\xa3\x03D%\x06\xf9}iv\xfc\xe0\xc7s\xc1\xa5c\xa4\xfd\xb8\xea\xe5\x9a\x82w\xc6\\]\x8cB\xfb\xea\xbd\xe3\x8c@\x8aqX\xcd\xf5?\xe6\xa2z\xbdPF_\x01K5\xbf\xc0\x83=\xa9]S\xe2`\x02j;\xce\x8a\x9fY\xdc\x90L\x1f\x9cS\x83\xb4\xc3\xfb\xe9$\x80\xbd\x85\x8bu-a\x9a\xb3\xb0{\xed\xcc\xdd\xeeG\xeb\x98\xb2\xfa\xc8\xa1\x04\xd5N\x9f\xda\x95\xf8\x8c\x92v\xf3\xf6I\xeb6\xe9`\xcbt\x0f`\xb3dl\x0f\x8e\x93\x10\x97n@\xc4\xcb\xc6\x80\x17O\x8dM#x\xe2\xe9T\xda\x1d\xe6\xb1\x1b\x06\x89\x94Q\xcb\x8f\x92N\xade\xf9l\xca\x81\xd3\xd1\x84`6\xed\x98\x9a\x90:\x13\xdb\x8f\x87\xd6\xe8w\xfdb\x17}\x14*z\x98\xb3\x96\x9dW\xa7\x81\x0e\x11Q3\xc2\xbfx\x94\xbb\x13\x9b\xd2\xec/\xfac^\xa2\x8e8\xbeM\x11\xcb\x89P\xba\xd9E}\xe4\xa7M~?\xbdiMh\xce\xb2\b\x9d\xf0\xbd\xc5\xa7=A\xc9\xf6\x9c\\\x9c\xf0\xaa=\xb7\x83\x80\x10.%\t\xed\xb6\xacP\"\a\xc6\x8a\xf6GB\xd2a\x83\xa4\xa4\x1bRO\x1a\xe2N\xe6\xc8\xf2Cm\xb0\xe7\xeb\xcf\xc3\xba\xbd\xf4\xde\x8aZ@\xcd\xc9\xcbLJi8\x04q+\xf9x\xeas\xb2\xa1D\xd5\xc7\xfa\x919\x93_\xc7/:R2\xc5\xc0\xb4\"\x85\xe8THI$\xe5\xac\xb7\x13\xb2\xa5\x93\xbf\x83g5.\xb9\xd0\x89\xef\x8f\r\xa2\xfe\x90\x1b\xc8['}]}, 0x259)
ioctl$BLKRRPART(r3, 0x125f, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000580)=ANY=[])

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$nl_route-openat$cgroup_ro-setsockopt$inet6_tcp_buf-close-symlink-mkdir-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-syz_open_dev$video4linux-ioctl$VIDIOC_SUBDEV_G_SELECTION-mount-socket$inet6_mptcp-bind$inet6-connect$inet6-sendmmsg$inet6-shutdown-inotify_init1-socketpair$tipc-ioctl$sock_inet_SIOCSIFFLAGS
detailed listing:
executing program 0:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB], 0x3}}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0)
setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000040)='\x00\x00\x00\x00', 0x4)
close(r0)
symlink(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='./file0/file0\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_open_dev$video4linux(&(0x7f0000001380), 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r4, 0xc008561b, &(0x7f0000000000))
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='debugfs\x00', 0x0, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f00000027c0)=';', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f0000000140)='W', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000180)="dcd47a81698aabcb7c00bd82ecf1834db3b005de6b83226625a9441ed445159f49b68d8d2097c52234357d4f61fb6414e9cfdd3ac5bfd09564aed8bcbb8109c7370059d14b973294d7084f1623bcf425e94f0303abd075ce7e0b5233e7c969098c35b05a1c000ccc62e264b990312580fcdb1eb7a7ea2cf3c2e97f3f56d2a1f9ff13e87ba69bee9784e32f143141f620d6a3313ce220f55843df03", 0x9b}, {&(0x7f0000000240)="ab56b03bd51ea142a4a42379e4d527be6bdef1d725c4d6403409da7b1932b071d637c75c444f48b683b0e14cf07febc565c39e2d53ce0f33070252ad53db8cba32ea9158dd68e8b8b32b7218780bf82cf0a51242259781059e9403fecbe60ef43677c98b32e60a354714a0c100c3fe24eea1101c24a7fb8c3129a45b5f2b5fdae7d50ce5a8f28d871606239106bd7a", 0x8f}, {&(0x7f0000000300)="3e8d8b7706d44a969e0fc22d1ffc3d6c4ffe47a637cff0377b8d18c3c6d83bb30effb3ac586cb69f7c3658ef89d9259ec7bc2d0cce3619ee41af409d4e53fc83f89a2938fc28719c9e02d7772dcff71d3abd0384454f31df7fb79e893871de73be4c5bbb768f136d27267c19b6c338c1a39e942d45c903", 0x77}, {&(0x7f0000000100)="3f3227c48628652c5b15d0507a7a6d063a6d31db340e9eafe2997f5f3eb1", 0x1e}, {0x0}], 0x5}}, {{0x0, 0x0, &(0x7f0000001a00)=[{0x0}, {&(0x7f0000000900)}], 0x2}}], 0x4, 0x0)
shutdown(r5, 0x2)
inotify_init1(0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8923, &(0x7f0000000040)={'wlan1\x00'})

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 15s
testing program (duration=22s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [13, 3, 27, 15, 5, 27, 4, 15, 5, 5, 15, 28, 9, 18, 23, 15, 1, 7, 5, 28, 3, 23, 4, 15, 27, 6, 7, 3, 1, 2]
detailed listing:
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000))
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private1}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000040)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}]})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000500)={[0x7], 0x10a000})
syz_open_dev$radio(&(0x7f0000000040), 0x3, 0x2)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f00000000c0)={0x3, 0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 4:
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000d40)=ANY=[@ANYBLOB="000000004c90020000000000030001000000000000000000ffff0000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00"/192])
executing program 4:
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x0, &(0x7f0000000600)=""/4, &(0x7f00000006c0)=0x4)
add_key(0x0, 0x0, &(0x7f0000000080), 0x0, 0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000080), &(0x7f0000000100)=0x4)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000008c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=r2], 0x18}, 0x44)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000900)=ANY=[@ANYBLOB="b8000000", @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="99003300800000000802110000010802110000005050505050500000000000020000000000001450000100000001000000000000000000055204ae00b1c63dd7b491c177437106ee993b2fea6481428d6527ca2e7de1304562418971140f333d67d150364234b3364c3f2cdfc554649b0a1b937587cb6010de5a210a89207e0c48d9eab32923619bbf252d25030000002a01003c040003a1040000009c404f215f56e5a5e6fbb5"], 0xb8}}, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r6, 0x8955, &(0x7f00000000c0)={{0x2, 0x4e23, @empty}, {0x1, @broadcast}, 0x8, {0x2, 0x4e21, @broadcast}, 'dummy0\x00'})
r7 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r7, 0x29, 0x1a, &(0x7f0000000040)=0x9, 0x4)
syz_emit_ethernet(0x4e, &(0x7f00000004c0)=ANY=[@ANYBLOB="0180c20000000180c200000086dd6000af0000183a00fe8100000000000000000000000000bbff02000000000000000000000000000188009078000000000000000000000000a353c1e0b652782a"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002680)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00'}, 0x90)
sync()
executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x0, 0x3, 0x5}, 0x48)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$lock(r2, 0x6, &(0x7f0000002000)={0x1})
fcntl$lock(r2, 0x26, &(0x7f00000031c0))
executing program 4:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000400)={[{@user_xattr}, {@nombcache}, {@dioread_lock}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x7e}}, {@lazytime}, {@init_itable_val={'init_itable', 0x3d, 0x5}}, {@usrquota}, {@nojournal_checksum}]}, 0xfe, 0x55d, &(0x7f0000000980)="$eJzs3d9rW1UcAPDvTX/sp66DMdQHKezByVy6tv6Y4MN8FB0O9H2G9q6Mpsto0rHWgduDe9mLDEHEgfgH+O7j8B/wrxjoYMgo+uBL5aY3XbYmbZZlSzSfD9ztnPuj55yce07OyUm4AQytyeyfQsSrEfFNEnGo6dho5AcnN89bf3htLtuS2Nj47M8kknxf4/wk//9AHnklIn79OuJEYXu61dW1xVK5nC7n8ana0uWp6urayYtLpYV0Ib00Mzt7+p3Zmfffe7dnZX3z3N/ff3r3o9O3jq1/9/P9w7eTOBMH82PN5XgG15sjkzGZvyZjceaJE6d7kNggSfqdAboykrfzscj6gEMxkrd64P/vq4jYAIZUov3DkGqMAxpz+x7Ng/8zHny4OQHaXv7Rzc9GYm99brR/PXlsZpTNdyd6kH6Wxi9/3LmdbdG7zyEAdnX9RkScGh3d3v8lef/XvVMdnPNkGvo/eHHuZuOft1qNfwpb459oMf450KLtdmP39l+43+KypFefUmfjvw9ajn+3Fq0mRvLYS/Ux31hy4WI5zfq2lyPieIztyeI7reecXr+30e5Y8/gv27L0G2PBPB/3R/c8fs18qVZ6ljI3e3Aj4rWW499kq/6TFvWfvR7nOkzjaHrn9XbHdi//87XxU8QbLev/0YpWsvP65FT9fphq3BXb/XXz6G/t0u93+bP6379z+SeS5vXa6tOn8ePef9J2x7q9/8eTz+vh8Xzf1VKttjwdMZ58sn3/zKNrG/HG+Vn5jx/buf9rdf/vi4gvOiz/zSM32546CPU//1T1//SBex9/+UO79Dur/7froeP5nk76v04z+CyvHQAAAAAAAAyaQkQcjKRQ3AoXCsXi5vc7jsT+QrlSrZ24UFm5NB/138pOxFihsdJ9qOn7ENP592Eb8Zkn4rMRcTgivh3ZV48X5yrl+X4XHgAAAAAAAAAAAAAAAAAAAAbEgTa//8/8PtLykvEXm0PgufLIbxheu7b/XjzpCRhI3v9heHXV/vf1Ph/Ai+f9H4bUWL8zAPST938YXto/DC/tH4aX9g8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9de7s2WzbWH94bS6Lz19ZXVmsXDk5n1YXi0src8W5yvLl4kKlslBOi3OVpd3+XrlSuTw9EytXp2pptTZVXV07v1RZuVQ7f3GptJCeTz1tCAAAAAAAAAAAAAAAAAAAALarrq4tlsrldFlAoKvA6GBkQ6ApcKsHrbvPHRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANPk3AAD//0unNek=")
r0 = creat(&(0x7f0000000240)='./bus\x00', 0x0)
pwritev2(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)="ec", 0x1}], 0x1, 0xfffff, 0x0, 0x0)
r1 = open(&(0x7f0000000200)='./bus\x00', 0x44000, 0x0)
dup3(r1, 0xffffffffffffffff, 0x0)
executing program 4:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB], 0x3}}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0)
setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000040)='\x00\x00\x00\x00', 0x4)
close(r0)
symlink(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='./file0/file0\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_open_dev$video4linux(&(0x7f0000001380), 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r4, 0xc008561b, &(0x7f0000000000))
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='debugfs\x00', 0x0, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f00000027c0)=';', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f0000000140)='W', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000180)="dcd47a81698aabcb7c00bd82ecf1834db3b005de6b83226625a9441ed445159f49b68d8d2097c52234357d4f61fb6414e9cfdd3ac5bfd09564aed8bcbb8109c7370059d14b973294d7084f1623bcf425e94f0303abd075ce7e0b5233e7c969098c35b05a1c000ccc62e264b990312580fcdb1eb7a7ea2cf3c2e97f3f56d2a1f9ff13e87ba69bee9784e32f143141f620d6a3313ce220f55843df03", 0x9b}, {&(0x7f0000000240)="ab56b03bd51ea142a4a42379e4d527be6bdef1d725c4d6403409da7b1932b071d637c75c444f48b683b0e14cf07febc565c39e2d53ce0f33070252ad53db8cba32ea9158dd68e8b8b32b7218780bf82cf0a51242259781059e9403fecbe60ef43677c98b32e60a354714a0c100c3fe24eea1101c24a7fb8c3129a45b5f2b5fdae7d50ce5a8f28d871606239106bd7a", 0x8f}, {&(0x7f0000000300)="3e8d8b7706d44a969e0fc22d1ffc3d6c4ffe47a637cff0377b8d18c3c6d83bb30effb3ac586cb69f7c3658ef89d9259ec7bc2d0cce3619ee41af409d4e53fc83f89a2938fc28719c9e02d7772dcff71d3abd0384454f31df7fb79e893871de73be4c5bbb768f136d27267c19b6c338c1a39e942d45c903", 0x77}, {&(0x7f0000000100)="3f3227c48628652c5b15d0507a7a6d063a6d31db340e9eafe2997f5f3eb1", 0x1e}, {0x0}], 0x5}}, {{0x0, 0x0, &(0x7f0000001a00)=[{0x0}, {&(0x7f0000000900)}], 0x2}}], 0x4, 0x0)
shutdown(r5, 0x2)
inotify_init1(0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8923, &(0x7f0000000040)={'wlan1\x00'})
executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
r2 = socket$xdp(0x2c, 0x3, 0x0)
bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r1}, 0x10)
executing program 2:
socket$inet6_tcp(0xa, 0x1, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x41}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000180)=@name={0x1e, 0x2, 0x2, {{0x41}, 0x3}}, 0x10)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = dup(r4)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000640)={0x24, &(0x7f00000004c0)={0x40, 0x9, 0x52, {0x52, 0x30, "b97e7d6d761a3545c31189aa5827224a48fd82f5db2daad3975c052cdcb0fcb021119b7feacbf147116eea098eb424a6c3a83050e34e073ddc0859b3ea1e33f025f9940db5cec5a4c3fa5642029b9128"}}, &(0x7f0000000580)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x404}}, &(0x7f00000005c0)={0x0, 0x22, 0xb, {[@local=@item_012={0x0, 0x2, 0x2}, @local=@item_4={0x3, 0x2, 0xdc3602119c00d12e, "585d9fdc"}, @local=@item_4={0x3, 0x2, 0x8, "8c374376"}]}}, &(0x7f0000000600)={0x0, 0x21, 0x9, {0x9, 0x21, 0xb, 0x2, 0x1, {0x22, 0xc3d}}}}, &(0x7f0000000780)={0x2c, &(0x7f0000000680)={0x0, 0x11, 0x28, "47d8b4d8cc562687be5547d93fb20db6c0d3cd0fae8502cf0c5b0a3f95e9b70009f9869c87e97dff"}, &(0x7f00000006c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000700)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000800)={0x20, 0x1, 0xc1, "0779b8184899b9263ca2a464e16178a9cb2dfc18d932e2d118931f30a8a5ab308b63bdd61ddd1eaa78631f15b00c8b32304649fec45e17141411cc9585350bfd456825c135715135250652d144579569ef47452f1c3d0f572a0ea62004f1c51744c9b34035b739f3b10a3d5e0510fcf32cc9b125f7a8173c3254bd4ca13cb511c3aee6d1ee15751a891cc858958b78e4b030198503af1519381b153aff21af8475de600b9601a4ef0dcf186adf80f708670f189aea00a933c5707021326602d3af"}, &(0x7f0000000740)={0x20, 0x3, 0x1, 0x81}})
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f00000007c0)=ANY=[@ANYBLOB="3b00000000000000410101c0"])
executing program 2:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='f2fs\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
mount(&(0x7f0000000540)=@loop={'/dev/loop', 0x0}, &(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)='f2fs\x00', 0x0, 0x0)
executing program 2:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, &(0x7f0000000280)=0x5)
setresuid(0x0, r2, 0x0)
ioctl$VT_RESIZE(r0, 0x4b40, 0xfffffffffffffffc)
executing program 2:
socket$inet6_tcp(0xa, 0x1, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x41}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000180)=@name={0x1e, 0x2, 0x2, {{0x41}, 0x3}}, 0x10)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = dup(r4)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000640)={0x24, &(0x7f00000004c0)={0x40, 0x9, 0x52, {0x52, 0x30, "b97e7d6d761a3545c31189aa5827224a48fd82f5db2daad3975c052cdcb0fcb021119b7feacbf147116eea098eb424a6c3a83050e34e073ddc0859b3ea1e33f025f9940db5cec5a4c3fa5642029b9128"}}, &(0x7f0000000580)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x404}}, &(0x7f00000005c0)={0x0, 0x22, 0xb, {[@local=@item_012={0x0, 0x2, 0x2}, @local=@item_4={0x3, 0x2, 0xdc3602119c00d12e, "585d9fdc"}, @local=@item_4={0x3, 0x2, 0x8, "8c374376"}]}}, &(0x7f0000000600)={0x0, 0x21, 0x9, {0x9, 0x21, 0xb, 0x2, 0x1, {0x22, 0xc3d}}}}, &(0x7f0000000780)={0x2c, &(0x7f0000000680)={0x0, 0x11, 0x28, "47d8b4d8cc562687be5547d93fb20db6c0d3cd0fae8502cf0c5b0a3f95e9b70009f9869c87e97dff"}, &(0x7f00000006c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000700)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000800)={0x20, 0x1, 0xc1, "0779b8184899b9263ca2a464e16178a9cb2dfc18d932e2d118931f30a8a5ab308b63bdd61ddd1eaa78631f15b00c8b32304649fec45e17141411cc9585350bfd456825c135715135250652d144579569ef47452f1c3d0f572a0ea62004f1c51744c9b34035b739f3b10a3d5e0510fcf32cc9b125f7a8173c3254bd4ca13cb511c3aee6d1ee15751a891cc858958b78e4b030198503af1519381b153aff21af8475de600b9601a4ef0dcf186adf80f708670f189aea00a933c5707021326602d3af"}, &(0x7f0000000740)={0x20, 0x3, 0x1, 0x81}})
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f00000007c0)=ANY=[@ANYBLOB="3b00000000000000410101c0"])
executing program 2:
socket$inet6(0xa, 0x0, 0x41008)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r3 = dup(r2)
r4 = creat(&(0x7f0000000300)='./file1\x00', 0x120)
close(r4)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000200)={0x1, 0x7b})
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f00000001c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/71, &(0x7f0000000500)=""/73})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000015640)=""/102400, 0x19000)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r3, &(0x7f0000000840)={'#! ', './file1/file0', [{0x20, '/\xf4'}, {0x20, 'Q\x84\xf6ui\xfa\xf5\x16i\x859o\xe5\x13\xd5gV\x04\x00\x98\xb0\bQ+\xe2G\xa1\x1e\x01\xa9\xd6w\xdf\xa6\x9d\xcc<\x86\xfd\x18\x99\x19\xed\xc2\xdc\xf4\xbdV\xfeF)T\xb6\xc6\v`\xbf\xec2\xf5\x12R\xa1\x18\x9a<\x8fx\xf4\xcc\x18\xfc\xdb\x0e\xe7\xde^\x88vN\xe0\xe4P\x1dj\xd6&7\x7f\xe82\x92w\x12\t\xff\x19$\x93\xd5\xa4\xe2}\x9aA9p\xffk0\x8c\xc3\xae[n1\xb4\xd7\xe6\xa4\xc2\x86M\x83\x1d\xd7\x84\xa4\x85n(\xd3\x95\x82\xe0\xff\x89=\xe6\xceM\x12'}, {0x20, '/dev/nullb0\x00'}, {0x20, '\x00\x00\x00\x00\x00'}, {0x20, '\t\x00\x00\x00\x00\x00\x00\x00\xb2%}\x88\xd0\xfd\xa3\xf7i\x00!\x00J\xd1\xa7\xb1\xb1\xae\x1b\xb4\xf2\x985\xe6M5Px\xbe\x00'/47}, {}, {0x20, '\xfe]\xe9a<$\x01)\xa3\x03D%\x06\xf9}iv\xfc\xe0\xc7s\xc1\xa5c\xa4\xfd\xb8\xea\xe5\x9a\x82w\xc6\\]\x8cB\xfb\xea\xbd\xe3\x8c@\x8aqX\xcd\xf5?\xe6\xa2z\xbdPF_\x01K5\xbf\xc0\x83=\xa9]S\xe2`\x02j;\xce\x8a\x9fY\xdc\x90L\x1f\x9cS\x83\xb4\xc3\xfb\xe9$\x80\xbd\x85\x8bu-a\x9a\xb3\xb0{\xed\xcc\xdd\xeeG\xeb\x98\xb2\xfa\xc8\xa1\x04\xd5N\x9f\xda\x95\xf8\x8c\x92v\xf3\xf6I\xeb6\xe9`\xcbt\x0f`\xb3dl\x0f\x8e\x93\x10\x97n@\xc4\xcb\xc6\x80\x17O\x8dM#x\xe2\xe9T\xda\x1d\xe6\xb1\x1b\x06\x89\x94Q\xcb\x8f\x92N\xade\xf9l\xca\x81\xd3\xd1\x84`6\xed\x98\x9a\x90:\x13\xdb\x8f\x87\xd6\xe8w\xfdb\x17}\x14*z\x98\xb3\x96\x9dW\xa7\x81\x0e\x11Q3\xc2\xbfx\x94\xbb\x13\x9b\xd2\xec/\xfac^\xa2\x8e8\xbeM\x11\xcb\x89P\xba\xd9E}\xe4\xa7M~?\xbdiMh\xce\xb2\b\x9d\xf0\xbd\xc5\xa7=A\xc9\xf6\x9c\\\x9c\xf0\xaa=\xb7\x83\x80\x10.%\t\xed\xb6\xacP\"\a\xc6\x8a\xf6GB\xd2a\x83\xa4\xa4\x1bRO\x1a\xe2N\xe6\xc8\xf2Cm\xb0\xe7\xeb\xcf\xc3\xba\xbd\xf4\xde\x8aZ@\xcd\xc9\xcbLJi8\x04q+\xf9x\xeas\xb2\xa1D\xd5\xc7\xfa\x919\x93_\xc7/:R2\xc5\xc0\xb4\"\x85\xe8THI$\xe5\xac\xb7\x13\xb2\xa5\x93\xbf\x83g5.\xb9\xd0\x89\xef\x8f\r\xa2\xfe\x90\x1b\xc8['}]}, 0x259)
ioctl$BLKRRPART(r3, 0x125f, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000580)=ANY=[])
executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00', r2}, 0x10)
write$cgroup_pid(r1, &(0x7f0000000380), 0x12)
executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x2}, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
r0 = timerfd_create(0x0, 0x0)
timerfd_gettime(r0, &(0x7f0000000000))
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000240)={{{@in=@empty, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0xc3c, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in, 0x0, 0x0, 0x0, 0x7}}, 0xe8)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0xff00)
executing program 1:
r0 = socket$inet6(0xa, 0x1, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000700)={@remote, 0x80000001, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000180)=@nat={'nat\x00', 0x1b, 0x5, 0x520, 0xf0, 0xf0, 0xffffffff, 0xf0, 0x240, 0x450, 0x450, 0xffffffff, 0x450, 0x450, 0x5, &(0x7f0000000100), {[{{@ipv6={@empty, @empty, [0xff000000, 0x0, 0xff], [0xffffffff, 0xff000000, 0xffffffff, 0xffffff00], 'caif0\x00', 'bond_slave_1\x00', {}, {0xff}, 0x2e, 0x8a, 0x0, 0x4d}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv6=@mcast1, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, @gre_key=0x3, @port=0x4e23}}}, {{@ipv6={@local, @rand_addr=' \x01\x00', [0xffffffff, 0x0, 0x0, 0xff], [0xffffffff, 0xff, 0x0, 0xff000000], 'erspan0\x00', 'dummy0\x00', {0xff}, {0xff}, 0x16, 0x7, 0x3, 0x1}, 0x0, 0x108, 0x150, 0x0, {}, [@common=@ah={{0x30}, {[0x4d2, 0x4d3], 0x1, 0x2, 0x2}}, @common=@srh={{0x30}, {0x44, 0x6, 0x8, 0x7, 0x4320, 0x800, 0x102d}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@remote, @ipv4=@private=0xa010102, @gre_key=0x3, @icmp_id=0x65}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x13, @ipv4=@broadcast, @ipv6=@empty, @port=0x4e23, @port=0x4e22}}}, {{@uncond, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@ah={{0x30}, {[0x4d5, 0x4d2], 0x2f2, 0x6a, 0x1}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x1, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @ipv4=@loopback, @icmp_id=0x66, @icmp_id=0x64}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x580)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@dev, 0x800, 0x0, 0xff, 0x2}, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = gettid()
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000001c0))
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ptrace$getenv(0x4201, 0x0, 0x3, &(0x7f0000000000))
r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
fcntl$setlease(r4, 0x8, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10)
connect$inet(r5, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
shutdown(r1, 0x1)
recvmmsg(r5, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000001d40)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x200, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x0, 0x3, 0x5}, 0x48)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$lock(r2, 0x6, &(0x7f0000002000)={0x1})
fcntl$lock(r2, 0x26, &(0x7f00000031c0))
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
executing program 1:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0)
llistxattr(&(0x7f0000000000)='./file1/file4/file7/file5\x00', 0x0, 0x0)
executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ab9fd540501d6f60d414000000010902120001000040"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="00010c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f00000005c0)=ANY=[@ANYBLOB="00002800000061752b496c088bfa3ab146172ea135d9eb2804e1c77d9a2afb"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\bV'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 1:
socket$inet6(0xa, 0x0, 0x41008)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r3 = dup(r2)
r4 = creat(&(0x7f0000000300)='./file1\x00', 0x120)
close(r4)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000200)={0x1, 0x7b})
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f00000001c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/71, &(0x7f0000000500)=""/73})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000015640)=""/102400, 0x19000)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x12, r3, 0x52a35000)
write$binfmt_script(r3, &(0x7f0000000840)={'#! ', './file1/file0', [{0x20, '/\xf4'}, {0x20, 'Q\x84\xf6ui\xfa\xf5\x16i\x859o\xe5\x13\xd5gV\x04\x00\x98\xb0\bQ+\xe2G\xa1\x1e\x01\xa9\xd6w\xdf\xa6\x9d\xcc<\x86\xfd\x18\x99\x19\xed\xc2\xdc\xf4\xbdV\xfeF)T\xb6\xc6\v`\xbf\xec2\xf5\x12R\xa1\x18\x9a<\x8fx\xf4\xcc\x18\xfc\xdb\x0e\xe7\xde^\x88vN\xe0\xe4P\x1dj\xd6&7\x7f\xe82\x92w\x12\t\xff\x19$\x93\xd5\xa4\xe2}\x9aA9p\xffk0\x8c\xc3\xae[n1\xb4\xd7\xe6\xa4\xc2\x86M\x83\x1d\xd7\x84\xa4\x85n(\xd3\x95\x82\xe0\xff\x89=\xe6\xceM\x12'}, {0x20, '/dev/nullb0\x00'}, {0x20, '\x00\x00\x00\x00\x00'}, {0x20, '\t\x00\x00\x00\x00\x00\x00\x00\xb2%}\x88\xd0\xfd\xa3\xf7i\x00!\x00J\xd1\xa7\xb1\xb1\xae\x1b\xb4\xf2\x985\xe6M5Px\xbe\x00'/47}, {}, {0x20, '\xfe]\xe9a<$\x01)\xa3\x03D%\x06\xf9}iv\xfc\xe0\xc7s\xc1\xa5c\xa4\xfd\xb8\xea\xe5\x9a\x82w\xc6\\]\x8cB\xfb\xea\xbd\xe3\x8c@\x8aqX\xcd\xf5?\xe6\xa2z\xbdPF_\x01K5\xbf\xc0\x83=\xa9]S\xe2`\x02j;\xce\x8a\x9fY\xdc\x90L\x1f\x9cS\x83\xb4\xc3\xfb\xe9$\x80\xbd\x85\x8bu-a\x9a\xb3\xb0{\xed\xcc\xdd\xeeG\xeb\x98\xb2\xfa\xc8\xa1\x04\xd5N\x9f\xda\x95\xf8\x8c\x92v\xf3\xf6I\xeb6\xe9`\xcbt\x0f`\xb3dl\x0f\x8e\x93\x10\x97n@\xc4\xcb\xc6\x80\x17O\x8dM#x\xe2\xe9T\xda\x1d\xe6\xb1\x1b\x06\x89\x94Q\xcb\x8f\x92N\xade\xf9l\xca\x81\xd3\xd1\x84`6\xed\x98\x9a\x90:\x13\xdb\x8f\x87\xd6\xe8w\xfdb\x17}\x14*z\x98\xb3\x96\x9dW\xa7\x81\x0e\x11Q3\xc2\xbfx\x94\xbb\x13\x9b\xd2\xec/\xfac^\xa2\x8e8\xbeM\x11\xcb\x89P\xba\xd9E}\xe4\xa7M~?\xbdiMh\xce\xb2\b\x9d\xf0\xbd\xc5\xa7=A\xc9\xf6\x9c\\\x9c\xf0\xaa=\xb7\x83\x80\x10.%\t\xed\xb6\xacP\"\a\xc6\x8a\xf6GB\xd2a\x83\xa4\xa4\x1bRO\x1a\xe2N\xe6\xc8\xf2Cm\xb0\xe7\xeb\xcf\xc3\xba\xbd\xf4\xde\x8aZ@\xcd\xc9\xcbLJi8\x04q+\xf9x\xeas\xb2\xa1D\xd5\xc7\xfa\x919\x93_\xc7/:R2\xc5\xc0\xb4\"\x85\xe8THI$\xe5\xac\xb7\x13\xb2\xa5\x93\xbf\x83g5.\xb9\xd0\x89\xef\x8f\r\xa2\xfe\x90\x1b\xc8['}]}, 0x259)
ioctl$BLKRRPART(r3, 0x125f, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000580)=ANY=[])
executing program 3:
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200002, &(0x7f0000000600), 0x0, 0x566, &(0x7f0000000a00)="$eJzs3U1rG0cfAPD/ynbenycOhND2UAI5NCWNHNt9SaGH9Fja0EB7T4W9McFSFCw5xG4gyaG59FJCoZQGSj9A7z2GfoF+ikAbCCWY9tCLysorR44l21EUW6l+P9hkZnek/45mZzyrkVAAQ+t49k8h4tWI+CaJONx2bDTyg8dXy608vjGTbUk0Gp/9mUSS72uVT/L/D+aZVyLi168iThU2xq0tLc+XyuV0Ic9P1CtXJ2pLy6cvV7KnSa9MTU+ffWd66v333u1bTd+88Pf3n97/6OzXJ1a++/nhkbtJnItD+dH2ejyHW+sjHs9fk7E491TByT4EGyTJbp8APRnJ+/lYZGPA4RjJez3w33czIhrAkEr0fxhSrXlA696+T/fBL41HH67eAG2s/+jqeyOxr3lvdGAlWXdnlN3vjvchfhbjlz/u3c226N/7EABbunU7Is6Mjm4c/5J8/OvdmW2UeTqG8Q92zv1s/vNWp/lPYW3+Ex3mPwc79N1ebN3/Cw/7EKarbP73Qcf579qi1fhInvtfc843lly6XE6zse3/EXEyxvZm+c3Wc86uPGh0O9Y+/8u2LH5rLpifx8PRvesfM1uql56nzu0e3Y54reP8N1lr/6RD+2evx4VtxjiW3nu927Gt6/9iNX6KeKNj+z9Z0UrWr0+W5tK59vXJieb1MNG6Kjb6686x37rF3+36Z+1/YPP6jyft67W1Z4/x475/0m7Her3+9ySfN9N78n3XS/X6wmTEnuSTjfunnjy2lW+Vz+p/8sTm41+n639/RHyxWaXbCt85eqdr0UFo/9lnav9nTzz4+MsfusVfq38rXMf2f7uZOpnv2c74t90T7PV1AwAAAAAAgEFUiIhDkRSKa+lCoVhc/XzH0ThQKFdr9VOXqotXZqP5XdnxGCu0VroPt30eYjL/PGwrP/VUfjoijkTEtyP7m/niTLU8u9uVBwAAAAAAAAAAAAAAAAAAgAFxsMv3/zO/j+z22QEvnJ/8huG1Zf/vxy89AQPJ338YXvo/DC/9H4aX/g/DS/+H4aX/w/DS/2F46f8AAAAAAAAAAAAAAAAAAAAAAAAAAADQVxfOn8+2xsrjGzNZfvba0uJ89drp2bQ2X6wszhRnqgtXi3PV6lw5Lc5UK1s9X7lavTo5FYvXJ+pprT5RW1q+WKkuXqlfvFwpzaUX07EdqRUAAAAAAAAAAAAAAAAAAAC8XGpLy/OlcjldkJDoKTG6s0EbjcbN7MIdiLoPSmJfRPT7mXd7ZAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJ/4NAAD//5PbL9A=")
setxattr$trusted_overlay_upper(&(0x7f0000000300)='./file1\x00', &(0x7f0000000240), &(0x7f0000000d40)=ANY=[], 0xff68, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0), 0x0, 0x0, 0x0)
executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000700)={@remote, 0x80000001, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000180)=@nat={'nat\x00', 0x1b, 0x5, 0x520, 0xf0, 0xf0, 0xffffffff, 0xf0, 0x240, 0x450, 0x450, 0xffffffff, 0x450, 0x450, 0x5, &(0x7f0000000100), {[{{@ipv6={@empty, @empty, [0xff000000, 0x0, 0xff], [0xffffffff, 0xff000000, 0xffffffff, 0xffffff00], 'caif0\x00', 'bond_slave_1\x00', {}, {0xff}, 0x2e, 0x8a, 0x0, 0x4d}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv6=@mcast1, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, @gre_key=0x3, @port=0x4e23}}}, {{@ipv6={@local, @rand_addr=' \x01\x00', [0xffffffff, 0x0, 0x0, 0xff], [0xffffffff, 0xff, 0x0, 0xff000000], 'erspan0\x00', 'dummy0\x00', {0xff}, {0xff}, 0x16, 0x7, 0x3, 0x1}, 0x0, 0x108, 0x150, 0x0, {}, [@common=@ah={{0x30}, {[0x4d2, 0x4d3], 0x1, 0x2, 0x2}}, @common=@srh={{0x30}, {0x44, 0x6, 0x8, 0x7, 0x4320, 0x800, 0x102d}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@remote, @ipv4=@private=0xa010102, @gre_key=0x3, @icmp_id=0x65}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x13, @ipv4=@broadcast, @ipv6=@empty, @port=0x4e23, @port=0x4e22}}}, {{@uncond, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@ah={{0x30}, {[0x4d5, 0x4d2], 0x2f2, 0x6a, 0x1}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x1, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @ipv4=@loopback, @icmp_id=0x66, @icmp_id=0x64}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x580)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@dev, 0x800, 0x0, 0xff, 0x2}, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = gettid()
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000001c0))
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ptrace$getenv(0x4201, 0x0, 0x3, &(0x7f0000000000))
r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
fcntl$setlease(r4, 0x8, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
connect$inet(r5, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
shutdown(r1, 0x1)
recvmmsg(r5, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000001d40)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
executing program 0:
r0 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x12, r0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r1, 0x107, 0x8, 0x0, &(0x7f0000000000))
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x200, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x0, 0x3, 0x5}, 0x48)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$lock(r2, 0x6, &(0x7f0000002000)={0x1})
fcntl$lock(r2, 0x26, &(0x7f00000031c0))
executing program 3:
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x2719, &(0x7f0000000600)=""/4, 0x0)
add_key(0x0, 0x0, &(0x7f0000000080), 0x0, 0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000080), &(0x7f0000000100)=0x4)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000008c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=r2], 0x18}, 0x44)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000900)=ANY=[@ANYBLOB="b8000000", @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="99003300800000000802110000010802110000005050505050500000000000020000000000001450000100000001000000000000000000055204ae00b1c63dd7b491c177437106ee993b2fea6481428d6527ca2e7de1304562418971140f333d67d150364234b3364c3f2cdfc554649b0a1b937587cb6010de5a210a89207e0c48d9eab32923619bbf252d25030000002a01003c040003a1040000009c404f215f56e5a5e6fbb5"], 0xb8}}, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r6, 0x8955, &(0x7f00000000c0)={{0x2, 0x4e23, @empty}, {0x1, @broadcast}, 0x8, {0x2, 0x4e21, @broadcast}, 'dummy0\x00'})
r7 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r7, 0x29, 0x1a, &(0x7f0000000040)=0x9, 0x4)
syz_emit_ethernet(0x4e, &(0x7f00000004c0)=ANY=[@ANYBLOB="0180c20000000180c200000086dd6000af0000183a00fe8100000000000000000000000000bbff02000000000000000000000000000188009078000000000000000000000000a353c1e0b652782a"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002680)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00'}, 0x90)
sync()
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x469, &(0x7f0000000ac0)="$eJzs3E1sVEUcAPD/e/3i01bEDxC0ikbiR0vLhxy8aDTxoImJHjCealsIUqihNRFCFD3g0ZB4Nx5NvJt40otRD8bEq94NCTFcQE9rZve9sl12S8tuWXB/v+RtZ96bZua/86Y7O7PbAHrWaHrIIrZExB8RMVzLLi8wWvtx7cq56X+unJvOolJ58++sWu7qlXPTZdHy9zbXMpVKxFBKDjWp98I7EVNzc7Oni/z44sn3xxfOnH3u+MmpY7PHZk9NHj58YP/uwUOTB9uKLy9+priu7vxofteOV9+++Pr0kYvv/vxNau+W4np9HLckRdtgtPbsNno0PTzZVmV3lF/Tw9a6E1l/68Jjt6FBrF5fRKTuGqiO/+Hoi41L14bjlU+72jhgXVUqlUqz1+fC+QrwP5ZFt1sAdEf5Qp/e/5bHbZp63BEuv1h7A5TivlYctSv9S2sHAw3vbztpNCKOnP/3y3REJ9YhAABu4vs0/3m22fwvjwfqyt1T7KGMRMS9EbEtIu6LiO0RcX9EteyDEfHQGutv3CG5cf6TX7qlwFYpzf9eKPa2ls//ytlfjPQVua3V+Aeyo8fnZvcVz8neGBhK+YkV6vjh5d8/L9MbGq7Vz//Skeov54JFOy71NyzQzUwtTrUbd+nyJxE7+5vFn0W5jZNFxI6I2HmLdRx/+utdra7dPP4VrLDPtFqVryKeqvX/+VgW//WuylruT048f2jy4PiGmJvdN17eFTf65bcLb7Sqv634OyD1/6am9//SLvBItiFi4czZE9X92oW113Hhz8/qxvSy3eUUf/5txJrv/8HsrWp6sDj34dTi4umJiMHstRvPT17/3TJflk/x793TfPxvq2vxwxGRbuLdEfFIsYmb+u6xiHg8IvasEP9PLz3xXqtrrft/hVX5Dkrxz9ys/6O+/9ee6Dvx43drj7+U+v9ANbW3OLOav3+rbWA7zx0AAADcLfLqZ+CzfGwpnedjY7XP8G+PTfnc/MLiM0fnPzg1U/us/EgM5OVK13DdeuhEsTZc5icb8vuLdeMv+jZW82PT83Mz3Q4eetzmFuM/+auv260D1l0H9tGAu5TxD73L+IfeZfxD7zL+oXc1G/8fd6EdwO3n9R96l/EPvcv4h95l/ENPavnd+Lytr/x3OVH+74Q7pT1dSmxczyoi736APZHoX+/beKjppS7/YQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQ/wIAAP//YKPiyQ==")
bpf$MAP_CREATE(0x0, 0x0, 0x0)
pipe(0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip6_tables_targets\x00')
r1 = dup(r0)
faccessat2(r1, &(0x7f0000000040)='\x00', 0x7, 0x1200)
executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0)
llistxattr(&(0x7f0000000000)='./file1/file4/file7/file5\x00', 0x0, 0x0)
executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8a10ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 0:
nanosleep(0x0, 0x0)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@newtaction={0x8c, 0x30, 0xb, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x74, 0x1, 0x0, 0x0, {{0x7}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_LABELS={0x14, 0x7, "4614c334e344ae53204373dc0ddeb17f"}, @TCA_CT_LABELS_MASK={0x14, 0x8, "eb6404074c369780d3df843c4e5e039f"}, @TCA_CT_ZONE={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 5 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@newtaction={0x8c, 0x30, 0xb, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x74, 0x1, 0x0, 0x0, {{0x7}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_LABELS={0x14, 0x7, "4614c334e344ae53204373dc0ddeb17f"}, @TCA_CT_LABELS_MASK={0x14, 0x8, "eb6404074c369780d3df843c4e5e039f"}, @TCA_CT_ZONE={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): nanosleep
detailed listing:
executing program 0:
nanosleep(0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-openat$cuse-openat$kvm-bpf$MAP_CREATE_RINGBUF-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-openat$nullb-dup-creat-close-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-prctl$PR_SCHED_CORE-sched_setaffinity-syz_open_dev$MSR-read$msr-ioctl$VHOST_SET_MEM_TABLE-mmap-write$binfmt_script-ioctl$BLKRRPART-ioctl$KVM_SET_MSRS
detailed listing:
executing program 0:
socket$inet6(0xa, 0x0, 0x41008)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r3 = dup(r2)
r4 = creat(&(0x7f0000000300)='./file1\x00', 0x120)
close(r4)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000200)={0x1, 0x7b})
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f00000001c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/71, &(0x7f0000000500)=""/73})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000015640)=""/102400, 0x19000)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x12, r3, 0x52a35000)
write$binfmt_script(r3, &(0x7f0000000840)={'#! ', './file1/file0', [{0x20, '/\xf4'}, {0x20, 'Q\x84\xf6ui\xfa\xf5\x16i\x859o\xe5\x13\xd5gV\x04\x00\x98\xb0\bQ+\xe2G\xa1\x1e\x01\xa9\xd6w\xdf\xa6\x9d\xcc<\x86\xfd\x18\x99\x19\xed\xc2\xdc\xf4\xbdV\xfeF)T\xb6\xc6\v`\xbf\xec2\xf5\x12R\xa1\x18\x9a<\x8fx\xf4\xcc\x18\xfc\xdb\x0e\xe7\xde^\x88vN\xe0\xe4P\x1dj\xd6&7\x7f\xe82\x92w\x12\t\xff\x19$\x93\xd5\xa4\xe2}\x9aA9p\xffk0\x8c\xc3\xae[n1\xb4\xd7\xe6\xa4\xc2\x86M\x83\x1d\xd7\x84\xa4\x85n(\xd3\x95\x82\xe0\xff\x89=\xe6\xceM\x12'}, {0x20, '/dev/nullb0\x00'}, {0x20, '\x00\x00\x00\x00\x00'}, {0x20, '\t\x00\x00\x00\x00\x00\x00\x00\xb2%}\x88\xd0\xfd\xa3\xf7i\x00!\x00J\xd1\xa7\xb1\xb1\xae\x1b\xb4\xf2\x985\xe6M5Px\xbe\x00'/47}, {}, {0x20, '\xfe]\xe9a<$\x01)\xa3\x03D%\x06\xf9}iv\xfc\xe0\xc7s\xc1\xa5c\xa4\xfd\xb8\xea\xe5\x9a\x82w\xc6\\]\x8cB\xfb\xea\xbd\xe3\x8c@\x8aqX\xcd\xf5?\xe6\xa2z\xbdPF_\x01K5\xbf\xc0\x83=\xa9]S\xe2`\x02j;\xce\x8a\x9fY\xdc\x90L\x1f\x9cS\x83\xb4\xc3\xfb\xe9$\x80\xbd\x85\x8bu-a\x9a\xb3\xb0{\xed\xcc\xdd\xeeG\xeb\x98\xb2\xfa\xc8\xa1\x04\xd5N\x9f\xda\x95\xf8\x8c\x92v\xf3\xf6I\xeb6\xe9`\xcbt\x0f`\xb3dl\x0f\x8e\x93\x10\x97n@\xc4\xcb\xc6\x80\x17O\x8dM#x\xe2\xe9T\xda\x1d\xe6\xb1\x1b\x06\x89\x94Q\xcb\x8f\x92N\xade\xf9l\xca\x81\xd3\xd1\x84`6\xed\x98\x9a\x90:\x13\xdb\x8f\x87\xd6\xe8w\xfdb\x17}\x14*z\x98\xb3\x96\x9dW\xa7\x81\x0e\x11Q3\xc2\xbfx\x94\xbb\x13\x9b\xd2\xec/\xfac^\xa2\x8e8\xbeM\x11\xcb\x89P\xba\xd9E}\xe4\xa7M~?\xbdiMh\xce\xb2\b\x9d\xf0\xbd\xc5\xa7=A\xc9\xf6\x9c\\\x9c\xf0\xaa=\xb7\x83\x80\x10.%\t\xed\xb6\xacP\"\a\xc6\x8a\xf6GB\xd2a\x83\xa4\xa4\x1bRO\x1a\xe2N\xe6\xc8\xf2Cm\xb0\xe7\xeb\xcf\xc3\xba\xbd\xf4\xde\x8aZ@\xcd\xc9\xcbLJi8\x04q+\xf9x\xeas\xb2\xa1D\xd5\xc7\xfa\x919\x93_\xc7/:R2\xc5\xc0\xb4\"\x85\xe8THI$\xe5\xac\xb7\x13\xb2\xa5\x93\xbf\x83g5.\xb9\xd0\x89\xef\x8f\r\xa2\xfe\x90\x1b\xc8['}]}, 0x259)
ioctl$BLKRRPART(r3, 0x125f, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000580)=ANY=[])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-openat$cuse-openat$kvm-bpf$MAP_CREATE_RINGBUF-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-openat$nullb-dup-creat-close-openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_SET_LOG_FD-ioctl$VHOST_SET_VRING_KICK-ioctl$VHOST_SET_VRING_ADDR-ioctl$VHOST_SET_VRING_ADDR-prctl$PR_SCHED_CORE-sched_setaffinity-syz_open_dev$MSR-read$msr-ioctl$VHOST_SET_MEM_TABLE-ioctl$VHOST_VSOCK_SET_RUNNING-write$binfmt_script-ioctl$BLKRRPART-ioctl$KVM_SET_MSRS
detailed listing:
executing program 0:
socket$inet6(0xa, 0x0, 0x41008)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r3 = dup(r2)
r4 = creat(&(0x7f0000000300)='./file1\x00', 0x120)
close(r4)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000200)={0x1, 0x7b})
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f00000001c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/71, &(0x7f0000000500)=""/73})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000015640)=""/102400, 0x19000)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r3, &(0x7f0000000840)={'#! ', './file1/file0', [{0x20, '/\xf4'}, {0x20, 'Q\x84\xf6ui\xfa\xf5\x16i\x859o\xe5\x13\xd5gV\x04\x00\x98\xb0\bQ+\xe2G\xa1\x1e\x01\xa9\xd6w\xdf\xa6\x9d\xcc<\x86\xfd\x18\x99\x19\xed\xc2\xdc\xf4\xbdV\xfeF)T\xb6\xc6\v`\xbf\xec2\xf5\x12R\xa1\x18\x9a<\x8fx\xf4\xcc\x18\xfc\xdb\x0e\xe7\xde^\x88vN\xe0\xe4P\x1dj\xd6&7\x7f\xe82\x92w\x12\t\xff\x19$\x93\xd5\xa4\xe2}\x9aA9p\xffk0\x8c\xc3\xae[n1\xb4\xd7\xe6\xa4\xc2\x86M\x83\x1d\xd7\x84\xa4\x85n(\xd3\x95\x82\xe0\xff\x89=\xe6\xceM\x12'}, {0x20, '/dev/nullb0\x00'}, {0x20, '\x00\x00\x00\x00\x00'}, {0x20, '\t\x00\x00\x00\x00\x00\x00\x00\xb2%}\x88\xd0\xfd\xa3\xf7i\x00!\x00J\xd1\xa7\xb1\xb1\xae\x1b\xb4\xf2\x985\xe6M5Px\xbe\x00'/47}, {}, {0x20, '\xfe]\xe9a<$\x01)\xa3\x03D%\x06\xf9}iv\xfc\xe0\xc7s\xc1\xa5c\xa4\xfd\xb8\xea\xe5\x9a\x82w\xc6\\]\x8cB\xfb\xea\xbd\xe3\x8c@\x8aqX\xcd\xf5?\xe6\xa2z\xbdPF_\x01K5\xbf\xc0\x83=\xa9]S\xe2`\x02j;\xce\x8a\x9fY\xdc\x90L\x1f\x9cS\x83\xb4\xc3\xfb\xe9$\x80\xbd\x85\x8bu-a\x9a\xb3\xb0{\xed\xcc\xdd\xeeG\xeb\x98\xb2\xfa\xc8\xa1\x04\xd5N\x9f\xda\x95\xf8\x8c\x92v\xf3\xf6I\xeb6\xe9`\xcbt\x0f`\xb3dl\x0f\x8e\x93\x10\x97n@\xc4\xcb\xc6\x80\x17O\x8dM#x\xe2\xe9T\xda\x1d\xe6\xb1\x1b\x06\x89\x94Q\xcb\x8f\x92N\xade\xf9l\xca\x81\xd3\xd1\x84`6\xed\x98\x9a\x90:\x13\xdb\x8f\x87\xd6\xe8w\xfdb\x17}\x14*z\x98\xb3\x96\x9dW\xa7\x81\x0e\x11Q3\xc2\xbfx\x94\xbb\x13\x9b\xd2\xec/\xfac^\xa2\x8e8\xbeM\x11\xcb\x89P\xba\xd9E}\xe4\xa7M~?\xbdiMh\xce\xb2\b\x9d\xf0\xbd\xc5\xa7=A\xc9\xf6\x9c\\\x9c\xf0\xaa=\xb7\x83\x80\x10.%\t\xed\xb6\xacP\"\a\xc6\x8a\xf6GB\xd2a\x83\xa4\xa4\x1bRO\x1a\xe2N\xe6\xc8\xf2Cm\xb0\xe7\xeb\xcf\xc3\xba\xbd\xf4\xde\x8aZ@\xcd\xc9\xcbLJi8\x04q+\xf9x\xeas\xb2\xa1D\xd5\xc7\xfa\x919\x93_\xc7/:R2\xc5\xc0\xb4\"\x85\xe8THI$\xe5\xac\xb7\x13\xb2\xa5\x93\xbf\x83g5.\xb9\xd0\x89\xef\x8f\r\xa2\xfe\x90\x1b\xc8['}]}, 0x259)
ioctl$BLKRRPART(r3, 0x125f, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000580)=ANY=[])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$nl_route-openat$cgroup_ro-setsockopt$inet6_tcp_buf-close-symlink-mkdir-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-syz_open_dev$video4linux-ioctl$VIDIOC_SUBDEV_G_SELECTION-mount-socket$inet6_mptcp-bind$inet6-connect$inet6-sendmmsg$inet6-shutdown-inotify_init1-socketpair$tipc-ioctl$sock_inet_SIOCSIFFLAGS
detailed listing:
executing program 0:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB], 0x3}}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0)
setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000040)='\x00\x00\x00\x00', 0x4)
close(r0)
symlink(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='./file0/file0\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_open_dev$video4linux(&(0x7f0000001380), 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r4, 0xc008561b, &(0x7f0000000000))
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='debugfs\x00', 0x0, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f00000027c0)=';', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f0000000140)='W', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000180)="dcd47a81698aabcb7c00bd82ecf1834db3b005de6b83226625a9441ed445159f49b68d8d2097c52234357d4f61fb6414e9cfdd3ac5bfd09564aed8bcbb8109c7370059d14b973294d7084f1623bcf425e94f0303abd075ce7e0b5233e7c969098c35b05a1c000ccc62e264b990312580fcdb1eb7a7ea2cf3c2e97f3f56d2a1f9ff13e87ba69bee9784e32f143141f620d6a3313ce220f55843df03", 0x9b}, {&(0x7f0000000240)="ab56b03bd51ea142a4a42379e4d527be6bdef1d725c4d6403409da7b1932b071d637c75c444f48b683b0e14cf07febc565c39e2d53ce0f33070252ad53db8cba32ea9158dd68e8b8b32b7218780bf82cf0a51242259781059e9403fecbe60ef43677c98b32e60a354714a0c100c3fe24eea1101c24a7fb8c3129a45b5f2b5fdae7d50ce5a8f28d871606239106bd7a", 0x8f}, {&(0x7f0000000300)="3e8d8b7706d44a969e0fc22d1ffc3d6c4ffe47a637cff0377b8d18c3c6d83bb30effb3ac586cb69f7c3658ef89d9259ec7bc2d0cce3619ee41af409d4e53fc83f89a2938fc28719c9e02d7772dcff71d3abd0384454f31df7fb79e893871de73be4c5bbb768f136d27267c19b6c338c1a39e942d45c903", 0x77}, {&(0x7f0000000100)="3f3227c48628652c5b15d0507a7a6d063a6d31db340e9eafe2997f5f3eb1", 0x1e}, {0x0}], 0x5}}, {{0x0, 0x0, &(0x7f0000001a00)=[{0x0}, {&(0x7f0000000900)}], 0x2}}], 0x4, 0x0)
shutdown(r5, 0x2)
inotify_init1(0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8923, &(0x7f0000000040)={'wlan1\x00'})

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 1m40s
testing program (duration=1m47s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [13, 3, 27, 15, 5, 27, 4, 15, 5, 5, 15, 28, 9, 18, 23, 15, 1, 7, 5, 28, 3, 23, 4, 15, 27, 6, 7, 3, 1, 2]
detailed listing:
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000))
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private1}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000040)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}]})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000500)={[0x7], 0x10a000})
syz_open_dev$radio(&(0x7f0000000040), 0x3, 0x2)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f00000000c0)={0x3, 0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 4:
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000d40)=ANY=[@ANYBLOB="000000004c90020000000000030001000000000000000000ffff0000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00"/192])
executing program 4:
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x0, &(0x7f0000000600)=""/4, &(0x7f00000006c0)=0x4)
add_key(0x0, 0x0, &(0x7f0000000080), 0x0, 0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000080), &(0x7f0000000100)=0x4)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000008c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=r2], 0x18}, 0x44)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000900)=ANY=[@ANYBLOB="b8000000", @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="99003300800000000802110000010802110000005050505050500000000000020000000000001450000100000001000000000000000000055204ae00b1c63dd7b491c177437106ee993b2fea6481428d6527ca2e7de1304562418971140f333d67d150364234b3364c3f2cdfc554649b0a1b937587cb6010de5a210a89207e0c48d9eab32923619bbf252d25030000002a01003c040003a1040000009c404f215f56e5a5e6fbb5"], 0xb8}}, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r6, 0x8955, &(0x7f00000000c0)={{0x2, 0x4e23, @empty}, {0x1, @broadcast}, 0x8, {0x2, 0x4e21, @broadcast}, 'dummy0\x00'})
r7 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r7, 0x29, 0x1a, &(0x7f0000000040)=0x9, 0x4)
syz_emit_ethernet(0x4e, &(0x7f00000004c0)=ANY=[@ANYBLOB="0180c20000000180c200000086dd6000af0000183a00fe8100000000000000000000000000bbff02000000000000000000000000000188009078000000000000000000000000a353c1e0b652782a"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002680)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00'}, 0x90)
sync()
executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x0, 0x3, 0x5}, 0x48)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$lock(r2, 0x6, &(0x7f0000002000)={0x1})
fcntl$lock(r2, 0x26, &(0x7f00000031c0))
executing program 4:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000400)={[{@user_xattr}, {@nombcache}, {@dioread_lock}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x7e}}, {@lazytime}, {@init_itable_val={'init_itable', 0x3d, 0x5}}, {@usrquota}, {@nojournal_checksum}]}, 0xfe, 0x55d, &(0x7f0000000980)="$eJzs3d9rW1UcAPDvTX/sp66DMdQHKezByVy6tv6Y4MN8FB0O9H2G9q6Mpsto0rHWgduDe9mLDEHEgfgH+O7j8B/wrxjoYMgo+uBL5aY3XbYmbZZlSzSfD9ztnPuj55yce07OyUm4AQytyeyfQsSrEfFNEnGo6dho5AcnN89bf3htLtuS2Nj47M8kknxf4/wk//9AHnklIn79OuJEYXu61dW1xVK5nC7n8ana0uWp6urayYtLpYV0Ib00Mzt7+p3Zmfffe7dnZX3z3N/ff3r3o9O3jq1/9/P9w7eTOBMH82PN5XgG15sjkzGZvyZjceaJE6d7kNggSfqdAboykrfzscj6gEMxkrd64P/vq4jYAIZUov3DkGqMAxpz+x7Ng/8zHny4OQHaXv7Rzc9GYm99brR/PXlsZpTNdyd6kH6Wxi9/3LmdbdG7zyEAdnX9RkScGh3d3v8lef/XvVMdnPNkGvo/eHHuZuOft1qNfwpb459oMf450KLtdmP39l+43+KypFefUmfjvw9ajn+3Fq0mRvLYS/Ux31hy4WI5zfq2lyPieIztyeI7reecXr+30e5Y8/gv27L0G2PBPB/3R/c8fs18qVZ6ljI3e3Aj4rWW499kq/6TFvWfvR7nOkzjaHrn9XbHdi//87XxU8QbLev/0YpWsvP65FT9fphq3BXb/XXz6G/t0u93+bP6379z+SeS5vXa6tOn8ePef9J2x7q9/8eTz+vh8Xzf1VKttjwdMZ58sn3/zKNrG/HG+Vn5jx/buf9rdf/vi4gvOiz/zSM32546CPU//1T1//SBex9/+UO79Dur/7froeP5nk76v04z+CyvHQAAAAAAAAyaQkQcjKRQ3AoXCsXi5vc7jsT+QrlSrZ24UFm5NB/138pOxFihsdJ9qOn7ENP592Eb8Zkn4rMRcTgivh3ZV48X5yrl+X4XHgAAAAAAAAAAAAAAAAAAAAbEgTa//8/8PtLykvEXm0PgufLIbxheu7b/XjzpCRhI3v9heHXV/vf1Ph/Ai+f9H4bUWL8zAPST938YXto/DC/tH4aX9g8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9de7s2WzbWH94bS6Lz19ZXVmsXDk5n1YXi0src8W5yvLl4kKlslBOi3OVpd3+XrlSuTw9EytXp2pptTZVXV07v1RZuVQ7f3GptJCeTz1tCAAAAAAAAAAAAAAAAAAAALarrq4tlsrldFlAoKvA6GBkQ6ApcKsHrbvPHRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANPk3AAD//0unNek=")
r0 = creat(&(0x7f0000000240)='./bus\x00', 0x0)
pwritev2(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)="ec", 0x1}], 0x1, 0xfffff, 0x0, 0x0)
r1 = open(&(0x7f0000000200)='./bus\x00', 0x44000, 0x0)
dup3(r1, 0xffffffffffffffff, 0x0)
executing program 4:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB], 0x3}}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0)
setsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000040)='\x00\x00\x00\x00', 0x4)
close(r0)
symlink(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='./file0/file0\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_open_dev$video4linux(&(0x7f0000001380), 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r4, 0xc008561b, &(0x7f0000000000))
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='debugfs\x00', 0x0, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f00000027c0)=';', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f0000000140)='W', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000180)="dcd47a81698aabcb7c00bd82ecf1834db3b005de6b83226625a9441ed445159f49b68d8d2097c52234357d4f61fb6414e9cfdd3ac5bfd09564aed8bcbb8109c7370059d14b973294d7084f1623bcf425e94f0303abd075ce7e0b5233e7c969098c35b05a1c000ccc62e264b990312580fcdb1eb7a7ea2cf3c2e97f3f56d2a1f9ff13e87ba69bee9784e32f143141f620d6a3313ce220f55843df03", 0x9b}, {&(0x7f0000000240)="ab56b03bd51ea142a4a42379e4d527be6bdef1d725c4d6403409da7b1932b071d637c75c444f48b683b0e14cf07febc565c39e2d53ce0f33070252ad53db8cba32ea9158dd68e8b8b32b7218780bf82cf0a51242259781059e9403fecbe60ef43677c98b32e60a354714a0c100c3fe24eea1101c24a7fb8c3129a45b5f2b5fdae7d50ce5a8f28d871606239106bd7a", 0x8f}, {&(0x7f0000000300)="3e8d8b7706d44a969e0fc22d1ffc3d6c4ffe47a637cff0377b8d18c3c6d83bb30effb3ac586cb69f7c3658ef89d9259ec7bc2d0cce3619ee41af409d4e53fc83f89a2938fc28719c9e02d7772dcff71d3abd0384454f31df7fb79e893871de73be4c5bbb768f136d27267c19b6c338c1a39e942d45c903", 0x77}, {&(0x7f0000000100)="3f3227c48628652c5b15d0507a7a6d063a6d31db340e9eafe2997f5f3eb1", 0x1e}, {0x0}], 0x5}}, {{0x0, 0x0, &(0x7f0000001a00)=[{0x0}, {&(0x7f0000000900)}], 0x2}}], 0x4, 0x0)
shutdown(r5, 0x2)
inotify_init1(0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8923, &(0x7f0000000040)={'wlan1\x00'})
executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
r2 = socket$xdp(0x2c, 0x3, 0x0)
bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r1}, 0x10)
executing program 2:
socket$inet6_tcp(0xa, 0x1, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x41}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000180)=@name={0x1e, 0x2, 0x2, {{0x41}, 0x3}}, 0x10)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = dup(r4)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000640)={0x24, &(0x7f00000004c0)={0x40, 0x9, 0x52, {0x52, 0x30, "b97e7d6d761a3545c31189aa5827224a48fd82f5db2daad3975c052cdcb0fcb021119b7feacbf147116eea098eb424a6c3a83050e34e073ddc0859b3ea1e33f025f9940db5cec5a4c3fa5642029b9128"}}, &(0x7f0000000580)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x404}}, &(0x7f00000005c0)={0x0, 0x22, 0xb, {[@local=@item_012={0x0, 0x2, 0x2}, @local=@item_4={0x3, 0x2, 0xdc3602119c00d12e, "585d9fdc"}, @local=@item_4={0x3, 0x2, 0x8, "8c374376"}]}}, &(0x7f0000000600)={0x0, 0x21, 0x9, {0x9, 0x21, 0xb, 0x2, 0x1, {0x22, 0xc3d}}}}, &(0x7f0000000780)={0x2c, &(0x7f0000000680)={0x0, 0x11, 0x28, "47d8b4d8cc562687be5547d93fb20db6c0d3cd0fae8502cf0c5b0a3f95e9b70009f9869c87e97dff"}, &(0x7f00000006c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000700)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000800)={0x20, 0x1, 0xc1, "0779b8184899b9263ca2a464e16178a9cb2dfc18d932e2d118931f30a8a5ab308b63bdd61ddd1eaa78631f15b00c8b32304649fec45e17141411cc9585350bfd456825c135715135250652d144579569ef47452f1c3d0f572a0ea62004f1c51744c9b34035b739f3b10a3d5e0510fcf32cc9b125f7a8173c3254bd4ca13cb511c3aee6d1ee15751a891cc858958b78e4b030198503af1519381b153aff21af8475de600b9601a4ef0dcf186adf80f708670f189aea00a933c5707021326602d3af"}, &(0x7f0000000740)={0x20, 0x3, 0x1, 0x81}})
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f00000007c0)=ANY=[@ANYBLOB="3b00000000000000410101c0"])
executing program 2:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='f2fs\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
mount(&(0x7f0000000540)=@loop={'/dev/loop', 0x0}, &(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)='f2fs\x00', 0x0, 0x0)
executing program 2:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, &(0x7f0000000280)=0x5)
setresuid(0x0, r2, 0x0)
ioctl$VT_RESIZE(r0, 0x4b40, 0xfffffffffffffffc)
executing program 2:
socket$inet6_tcp(0xa, 0x1, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x41}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000180)=@name={0x1e, 0x2, 0x2, {{0x41}, 0x3}}, 0x10)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = dup(r4)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000640)={0x24, &(0x7f00000004c0)={0x40, 0x9, 0x52, {0x52, 0x30, "b97e7d6d761a3545c31189aa5827224a48fd82f5db2daad3975c052cdcb0fcb021119b7feacbf147116eea098eb424a6c3a83050e34e073ddc0859b3ea1e33f025f9940db5cec5a4c3fa5642029b9128"}}, &(0x7f0000000580)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x404}}, &(0x7f00000005c0)={0x0, 0x22, 0xb, {[@local=@item_012={0x0, 0x2, 0x2}, @local=@item_4={0x3, 0x2, 0xdc3602119c00d12e, "585d9fdc"}, @local=@item_4={0x3, 0x2, 0x8, "8c374376"}]}}, &(0x7f0000000600)={0x0, 0x21, 0x9, {0x9, 0x21, 0xb, 0x2, 0x1, {0x22, 0xc3d}}}}, &(0x7f0000000780)={0x2c, &(0x7f0000000680)={0x0, 0x11, 0x28, "47d8b4d8cc562687be5547d93fb20db6c0d3cd0fae8502cf0c5b0a3f95e9b70009f9869c87e97dff"}, &(0x7f00000006c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000700)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000800)={0x20, 0x1, 0xc1, "0779b8184899b9263ca2a464e16178a9cb2dfc18d932e2d118931f30a8a5ab308b63bdd61ddd1eaa78631f15b00c8b32304649fec45e17141411cc9585350bfd456825c135715135250652d144579569ef47452f1c3d0f572a0ea62004f1c51744c9b34035b739f3b10a3d5e0510fcf32cc9b125f7a8173c3254bd4ca13cb511c3aee6d1ee15751a891cc858958b78e4b030198503af1519381b153aff21af8475de600b9601a4ef0dcf186adf80f708670f189aea00a933c5707021326602d3af"}, &(0x7f0000000740)={0x20, 0x3, 0x1, 0x81}})
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f00000007c0)=ANY=[@ANYBLOB="3b00000000000000410101c0"])
executing program 2:
socket$inet6(0xa, 0x0, 0x41008)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r3 = dup(r2)
r4 = creat(&(0x7f0000000300)='./file1\x00', 0x120)
close(r4)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000200)={0x1, 0x7b})
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f00000001c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/71, &(0x7f0000000500)=""/73})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000015640)=""/102400, 0x19000)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r3, &(0x7f0000000840)={'#! ', './file1/file0', [{0x20, '/\xf4'}, {0x20, 'Q\x84\xf6ui\xfa\xf5\x16i\x859o\xe5\x13\xd5gV\x04\x00\x98\xb0\bQ+\xe2G\xa1\x1e\x01\xa9\xd6w\xdf\xa6\x9d\xcc<\x86\xfd\x18\x99\x19\xed\xc2\xdc\xf4\xbdV\xfeF)T\xb6\xc6\v`\xbf\xec2\xf5\x12R\xa1\x18\x9a<\x8fx\xf4\xcc\x18\xfc\xdb\x0e\xe7\xde^\x88vN\xe0\xe4P\x1dj\xd6&7\x7f\xe82\x92w\x12\t\xff\x19$\x93\xd5\xa4\xe2}\x9aA9p\xffk0\x8c\xc3\xae[n1\xb4\xd7\xe6\xa4\xc2\x86M\x83\x1d\xd7\x84\xa4\x85n(\xd3\x95\x82\xe0\xff\x89=\xe6\xceM\x12'}, {0x20, '/dev/nullb0\x00'}, {0x20, '\x00\x00\x00\x00\x00'}, {0x20, '\t\x00\x00\x00\x00\x00\x00\x00\xb2%}\x88\xd0\xfd\xa3\xf7i\x00!\x00J\xd1\xa7\xb1\xb1\xae\x1b\xb4\xf2\x985\xe6M5Px\xbe\x00'/47}, {}, {0x20, '\xfe]\xe9a<$\x01)\xa3\x03D%\x06\xf9}iv\xfc\xe0\xc7s\xc1\xa5c\xa4\xfd\xb8\xea\xe5\x9a\x82w\xc6\\]\x8cB\xfb\xea\xbd\xe3\x8c@\x8aqX\xcd\xf5?\xe6\xa2z\xbdPF_\x01K5\xbf\xc0\x83=\xa9]S\xe2`\x02j;\xce\x8a\x9fY\xdc\x90L\x1f\x9cS\x83\xb4\xc3\xfb\xe9$\x80\xbd\x85\x8bu-a\x9a\xb3\xb0{\xed\xcc\xdd\xeeG\xeb\x98\xb2\xfa\xc8\xa1\x04\xd5N\x9f\xda\x95\xf8\x8c\x92v\xf3\xf6I\xeb6\xe9`\xcbt\x0f`\xb3dl\x0f\x8e\x93\x10\x97n@\xc4\xcb\xc6\x80\x17O\x8dM#x\xe2\xe9T\xda\x1d\xe6\xb1\x1b\x06\x89\x94Q\xcb\x8f\x92N\xade\xf9l\xca\x81\xd3\xd1\x84`6\xed\x98\x9a\x90:\x13\xdb\x8f\x87\xd6\xe8w\xfdb\x17}\x14*z\x98\xb3\x96\x9dW\xa7\x81\x0e\x11Q3\xc2\xbfx\x94\xbb\x13\x9b\xd2\xec/\xfac^\xa2\x8e8\xbeM\x11\xcb\x89P\xba\xd9E}\xe4\xa7M~?\xbdiMh\xce\xb2\b\x9d\xf0\xbd\xc5\xa7=A\xc9\xf6\x9c\\\x9c\xf0\xaa=\xb7\x83\x80\x10.%\t\xed\xb6\xacP\"\a\xc6\x8a\xf6GB\xd2a\x83\xa4\xa4\x1bRO\x1a\xe2N\xe6\xc8\xf2Cm\xb0\xe7\xeb\xcf\xc3\xba\xbd\xf4\xde\x8aZ@\xcd\xc9\xcbLJi8\x04q+\xf9x\xeas\xb2\xa1D\xd5\xc7\xfa\x919\x93_\xc7/:R2\xc5\xc0\xb4\"\x85\xe8THI$\xe5\xac\xb7\x13\xb2\xa5\x93\xbf\x83g5.\xb9\xd0\x89\xef\x8f\r\xa2\xfe\x90\x1b\xc8['}]}, 0x259)
ioctl$BLKRRPART(r3, 0x125f, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000580)=ANY=[])
executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00', r2}, 0x10)
write$cgroup_pid(r1, &(0x7f0000000380), 0x12)
executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x2}, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
r0 = timerfd_create(0x0, 0x0)
timerfd_gettime(r0, &(0x7f0000000000))
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000240)={{{@in=@empty, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0xc3c, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in, 0x0, 0x0, 0x0, 0x7}}, 0xe8)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0xff00)
executing program 1:
r0 = socket$inet6(0xa, 0x1, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000700)={@remote, 0x80000001, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000180)=@nat={'nat\x00', 0x1b, 0x5, 0x520, 0xf0, 0xf0, 0xffffffff, 0xf0, 0x240, 0x450, 0x450, 0xffffffff, 0x450, 0x450, 0x5, &(0x7f0000000100), {[{{@ipv6={@empty, @empty, [0xff000000, 0x0, 0xff], [0xffffffff, 0xff000000, 0xffffffff, 0xffffff00], 'caif0\x00', 'bond_slave_1\x00', {}, {0xff}, 0x2e, 0x8a, 0x0, 0x4d}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv6=@mcast1, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, @gre_key=0x3, @port=0x4e23}}}, {{@ipv6={@local, @rand_addr=' \x01\x00', [0xffffffff, 0x0, 0x0, 0xff], [0xffffffff, 0xff, 0x0, 0xff000000], 'erspan0\x00', 'dummy0\x00', {0xff}, {0xff}, 0x16, 0x7, 0x3, 0x1}, 0x0, 0x108, 0x150, 0x0, {}, [@common=@ah={{0x30}, {[0x4d2, 0x4d3], 0x1, 0x2, 0x2}}, @common=@srh={{0x30}, {0x44, 0x6, 0x8, 0x7, 0x4320, 0x800, 0x102d}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@remote, @ipv4=@private=0xa010102, @gre_key=0x3, @icmp_id=0x65}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x13, @ipv4=@broadcast, @ipv6=@empty, @port=0x4e23, @port=0x4e22}}}, {{@uncond, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@ah={{0x30}, {[0x4d5, 0x4d2], 0x2f2, 0x6a, 0x1}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x1, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @ipv4=@loopback, @icmp_id=0x66, @icmp_id=0x64}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x580)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@dev, 0x800, 0x0, 0xff, 0x2}, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = gettid()
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000001c0))
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ptrace$getenv(0x4201, 0x0, 0x3, &(0x7f0000000000))
r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
fcntl$setlease(r4, 0x8, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10)
connect$inet(r5, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
shutdown(r1, 0x1)
recvmmsg(r5, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000001d40)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x200, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x0, 0x3, 0x5}, 0x48)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$lock(r2, 0x6, &(0x7f0000002000)={0x1})
fcntl$lock(r2, 0x26, &(0x7f00000031c0))
executing program 0:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
executing program 1:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0)
llistxattr(&(0x7f0000000000)='./file1/file4/file7/file5\x00', 0x0, 0x0)
executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ab9fd540501d6f60d414000000010902120001000040"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="00010c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f00000005c0)=ANY=[@ANYBLOB="00002800000061752b496c088bfa3ab146172ea135d9eb2804e1c77d9a2afb"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\bV'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 1:
socket$inet6(0xa, 0x0, 0x41008)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r3 = dup(r2)
r4 = creat(&(0x7f0000000300)='./file1\x00', 0x120)
close(r4)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, &(0x7f0000000200)={0x1, 0x7b})
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f00000001c0)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/71, &(0x7f0000000500)=""/73})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000015640)=""/102400, 0x19000)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x12, r3, 0x52a35000)
write$binfmt_script(r3, &(0x7f0000000840)={'#! ', './file1/file0', [{0x20, '/\xf4'}, {0x20, 'Q\x84\xf6ui\xfa\xf5\x16i\x859o\xe5\x13\xd5gV\x04\x00\x98\xb0\bQ+\xe2G\xa1\x1e\x01\xa9\xd6w\xdf\xa6\x9d\xcc<\x86\xfd\x18\x99\x19\xed\xc2\xdc\xf4\xbdV\xfeF)T\xb6\xc6\v`\xbf\xec2\xf5\x12R\xa1\x18\x9a<\x8fx\xf4\xcc\x18\xfc\xdb\x0e\xe7\xde^\x88vN\xe0\xe4P\x1dj\xd6&7\x7f\xe82\x92w\x12\t\xff\x19$\x93\xd5\xa4\xe2}\x9aA9p\xffk0\x8c\xc3\xae[n1\xb4\xd7\xe6\xa4\xc2\x86M\x83\x1d\xd7\x84\xa4\x85n(\xd3\x95\x82\xe0\xff\x89=\xe6\xceM\x12'}, {0x20, '/dev/nullb0\x00'}, {0x20, '\x00\x00\x00\x00\x00'}, {0x20, '\t\x00\x00\x00\x00\x00\x00\x00\xb2%}\x88\xd0\xfd\xa3\xf7i\x00!\x00J\xd1\xa7\xb1\xb1\xae\x1b\xb4\xf2\x985\xe6M5Px\xbe\x00'/47}, {}, {0x20, '\xfe]\xe9a<$\x01)\xa3\x03D%\x06\xf9}iv\xfc\xe0\xc7s\xc1\xa5c\xa4\xfd\xb8\xea\xe5\x9a\x82w\xc6\\]\x8cB\xfb\xea\xbd\xe3\x8c@\x8aqX\xcd\xf5?\xe6\xa2z\xbdPF_\x01K5\xbf\xc0\x83=\xa9]S\xe2`\x02j;\xce\x8a\x9fY\xdc\x90L\x1f\x9cS\x83\xb4\xc3\xfb\xe9$\x80\xbd\x85\x8bu-a\x9a\xb3\xb0{\xed\xcc\xdd\xeeG\xeb\x98\xb2\xfa\xc8\xa1\x04\xd5N\x9f\xda\x95\xf8\x8c\x92v\xf3\xf6I\xeb6\xe9`\xcbt\x0f`\xb3dl\x0f\x8e\x93\x10\x97n@\xc4\xcb\xc6\x80\x17O\x8dM#x\xe2\xe9T\xda\x1d\xe6\xb1\x1b\x06\x89\x94Q\xcb\x8f\x92N\xade\xf9l\xca\x81\xd3\xd1\x84`6\xed\x98\x9a\x90:\x13\xdb\x8f\x87\xd6\xe8w\xfdb\x17}\x14*z\x98\xb3\x96\x9dW\xa7\x81\x0e\x11Q3\xc2\xbfx\x94\xbb\x13\x9b\xd2\xec/\xfac^\xa2\x8e8\xbeM\x11\xcb\x89P\xba\xd9E}\xe4\xa7M~?\xbdiMh\xce\xb2\b\x9d\xf0\xbd\xc5\xa7=A\xc9\xf6\x9c\\\x9c\xf0\xaa=\xb7\x83\x80\x10.%\t\xed\xb6\xacP\"\a\xc6\x8a\xf6GB\xd2a\x83\xa4\xa4\x1bRO\x1a\xe2N\xe6\xc8\xf2Cm\xb0\xe7\xeb\xcf\xc3\xba\xbd\xf4\xde\x8aZ@\xcd\xc9\xcbLJi8\x04q+\xf9x\xeas\xb2\xa1D\xd5\xc7\xfa\x919\x93_\xc7/:R2\xc5\xc0\xb4\"\x85\xe8THI$\xe5\xac\xb7\x13\xb2\xa5\x93\xbf\x83g5.\xb9\xd0\x89\xef\x8f\r\xa2\xfe\x90\x1b\xc8['}]}, 0x259)
ioctl$BLKRRPART(r3, 0x125f, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000580)=ANY=[])
executing program 3:
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200002, &(0x7f0000000600), 0x0, 0x566, &(0x7f0000000a00)="$eJzs3U1rG0cfAPD/ynbenycOhND2UAI5NCWNHNt9SaGH9Fja0EB7T4W9McFSFCw5xG4gyaG59FJCoZQGSj9A7z2GfoF+ikAbCCWY9tCLysorR44l21EUW6l+P9hkZnek/45mZzyrkVAAQ+t49k8h4tWI+CaJONx2bDTyg8dXy608vjGTbUk0Gp/9mUSS72uVT/L/D+aZVyLi168iThU2xq0tLc+XyuV0Ic9P1CtXJ2pLy6cvV7KnSa9MTU+ffWd66v333u1bTd+88Pf3n97/6OzXJ1a++/nhkbtJnItD+dH2ejyHW+sjHs9fk7E491TByT4EGyTJbp8APRnJ+/lYZGPA4RjJez3w33czIhrAkEr0fxhSrXlA696+T/fBL41HH67eAG2s/+jqeyOxr3lvdGAlWXdnlN3vjvchfhbjlz/u3c226N/7EABbunU7Is6Mjm4c/5J8/OvdmW2UeTqG8Q92zv1s/vNWp/lPYW3+Ex3mPwc79N1ebN3/Cw/7EKarbP73Qcf579qi1fhInvtfc843lly6XE6zse3/EXEyxvZm+c3Wc86uPGh0O9Y+/8u2LH5rLpifx8PRvesfM1uql56nzu0e3Y54reP8N1lr/6RD+2evx4VtxjiW3nu927Gt6/9iNX6KeKNj+z9Z0UrWr0+W5tK59vXJieb1MNG6Kjb6686x37rF3+36Z+1/YPP6jyft67W1Z4/x475/0m7Her3+9ySfN9N78n3XS/X6wmTEnuSTjfunnjy2lW+Vz+p/8sTm41+n639/RHyxWaXbCt85eqdr0UFo/9lnav9nTzz4+MsfusVfq38rXMf2f7uZOpnv2c74t90T7PV1AwAAAAAAgEFUiIhDkRSKa+lCoVhc/XzH0ThQKFdr9VOXqotXZqP5XdnxGCu0VroPt30eYjL/PGwrP/VUfjoijkTEtyP7m/niTLU8u9uVBwAAAAAAAAAAAAAAAAAAgAFxsMv3/zO/j+z22QEvnJ/8huG1Zf/vxy89AQPJ338YXvo/DC/9H4aX/g/DS/+H4aX/w/DS/2F46f8AAAAAAAAAAAAAAAAAAAAAAAAAAADQVxfOn8+2xsrjGzNZfvba0uJ89drp2bQ2X6wszhRnqgtXi3PV6lw5Lc5UK1s9X7lavTo5FYvXJ+pprT5RW1q+WKkuXqlfvFwpzaUX07EdqRUAAAAAAAAAAAAAAAAAAAC8XGpLy/OlcjldkJDoKTG6s0EbjcbN7MIdiLoPSmJfRPT7mXd7ZAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJ/4NAAD//5PbL9A=")
setxattr$trusted_overlay_upper(&(0x7f0000000300)='./file1\x00', &(0x7f0000000240), &(0x7f0000000d40)=ANY=[], 0xff68, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0), 0x0, 0x0, 0x0)
executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000700)={@remote, 0x80000001, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000180)=@nat={'nat\x00', 0x1b, 0x5, 0x520, 0xf0, 0xf0, 0xffffffff, 0xf0, 0x240, 0x450, 0x450, 0xffffffff, 0x450, 0x450, 0x5, &(0x7f0000000100), {[{{@ipv6={@empty, @empty, [0xff000000, 0x0, 0xff], [0xffffffff, 0xff000000, 0xffffffff, 0xffffff00], 'caif0\x00', 'bond_slave_1\x00', {}, {0xff}, 0x2e, 0x8a, 0x0, 0x4d}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv6=@mcast1, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, @gre_key=0x3, @port=0x4e23}}}, {{@ipv6={@local, @rand_addr=' \x01\x00', [0xffffffff, 0x0, 0x0, 0xff], [0xffffffff, 0xff, 0x0, 0xff000000], 'erspan0\x00', 'dummy0\x00', {0xff}, {0xff}, 0x16, 0x7, 0x3, 0x1}, 0x0, 0x108, 0x150, 0x0, {}, [@common=@ah={{0x30}, {[0x4d2, 0x4d3], 0x1, 0x2, 0x2}}, @common=@srh={{0x30}, {0x44, 0x6, 0x8, 0x7, 0x4320, 0x800, 0x102d}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@remote, @ipv4=@private=0xa010102, @gre_key=0x3, @icmp_id=0x65}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x13, @ipv4=@broadcast, @ipv6=@empty, @port=0x4e23, @port=0x4e22}}}, {{@uncond, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@ah={{0x30}, {[0x4d5, 0x4d2], 0x2f2, 0x6a, 0x1}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x1, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @ipv4=@loopback, @icmp_id=0x66, @icmp_id=0x64}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x580)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@dev, 0x800, 0x0, 0xff, 0x2}, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = gettid()
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000001c0))
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ptrace$getenv(0x4201, 0x0, 0x3, &(0x7f0000000000))
r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
fcntl$setlease(r4, 0x8, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
connect$inet(r5, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
shutdown(r1, 0x1)
recvmmsg(r5, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000001d40)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
executing program 0:
r0 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x12, r0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r1, 0x107, 0x8, 0x0, &(0x7f0000000000))
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x200, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x0, 0x3, 0x5}, 0x48)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$lock(r2, 0x6, &(0x7f0000002000)={0x1})
fcntl$lock(r2, 0x26, &(0x7f00000031c0))
executing program 3:
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x2719, &(0x7f0000000600)=""/4, 0x0)
add_key(0x0, 0x0, &(0x7f0000000080), 0x0, 0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000080), &(0x7f0000000100)=0x4)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000008c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=r2], 0x18}, 0x44)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000900)=ANY=[@ANYBLOB="b8000000", @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="99003300800000000802110000010802110000005050505050500000000000020000000000001450000100000001000000000000000000055204ae00b1c63dd7b491c177437106ee993b2fea6481428d6527ca2e7de1304562418971140f333d67d150364234b3364c3f2cdfc554649b0a1b937587cb6010de5a210a89207e0c48d9eab32923619bbf252d25030000002a01003c040003a1040000009c404f215f56e5a5e6fbb5"], 0xb8}}, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r6, 0x8955, &(0x7f00000000c0)={{0x2, 0x4e23, @empty}, {0x1, @broadcast}, 0x8, {0x2, 0x4e21, @broadcast}, 'dummy0\x00'})
r7 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r7, 0x29, 0x1a, &(0x7f0000000040)=0x9, 0x4)
syz_emit_ethernet(0x4e, &(0x7f00000004c0)=ANY=[@ANYBLOB="0180c20000000180c200000086dd6000af0000183a00fe8100000000000000000000000000bbff02000000000000000000000000000188009078000000000000000000000000a353c1e0b652782a"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002680)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00'}, 0x90)
sync()
executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x469, &(0x7f0000000ac0)="$eJzs3E1sVEUcAPD/e/3i01bEDxC0ikbiR0vLhxy8aDTxoImJHjCealsIUqihNRFCFD3g0ZB4Nx5NvJt40otRD8bEq94NCTFcQE9rZve9sl12S8tuWXB/v+RtZ96bZua/86Y7O7PbAHrWaHrIIrZExB8RMVzLLi8wWvtx7cq56X+unJvOolJ58++sWu7qlXPTZdHy9zbXMpVKxFBKDjWp98I7EVNzc7Oni/z44sn3xxfOnH3u+MmpY7PHZk9NHj58YP/uwUOTB9uKLy9+priu7vxofteOV9+++Pr0kYvv/vxNau+W4np9HLckRdtgtPbsNno0PTzZVmV3lF/Tw9a6E1l/68Jjt6FBrF5fRKTuGqiO/+Hoi41L14bjlU+72jhgXVUqlUqz1+fC+QrwP5ZFt1sAdEf5Qp/e/5bHbZp63BEuv1h7A5TivlYctSv9S2sHAw3vbztpNCKOnP/3y3REJ9YhAABu4vs0/3m22fwvjwfqyt1T7KGMRMS9EbEtIu6LiO0RcX9EteyDEfHQGutv3CG5cf6TX7qlwFYpzf9eKPa2ls//ytlfjPQVua3V+Aeyo8fnZvcVz8neGBhK+YkV6vjh5d8/L9MbGq7Vz//Skeov54JFOy71NyzQzUwtTrUbd+nyJxE7+5vFn0W5jZNFxI6I2HmLdRx/+utdra7dPP4VrLDPtFqVryKeqvX/+VgW//WuylruT048f2jy4PiGmJvdN17eFTf65bcLb7Sqv634OyD1/6am9//SLvBItiFi4czZE9X92oW113Hhz8/qxvSy3eUUf/5txJrv/8HsrWp6sDj34dTi4umJiMHstRvPT17/3TJflk/x793TfPxvq2vxwxGRbuLdEfFIsYmb+u6xiHg8IvasEP9PLz3xXqtrrft/hVX5Dkrxz9ys/6O+/9ee6Dvx43drj7+U+v9ANbW3OLOav3+rbWA7zx0AAADcLfLqZ+CzfGwpnedjY7XP8G+PTfnc/MLiM0fnPzg1U/us/EgM5OVK13DdeuhEsTZc5icb8vuLdeMv+jZW82PT83Mz3Q4eetzmFuM/+auv260D1l0H9tGAu5TxD73L+IfeZfxD7zL+oXc1G/8fd6EdwO3n9R96l/EPvcv4h95l/ENPavnd+Lytr/x3OVH+74Q7pT1dSmxczyoi736APZHoX+/beKjppS7/YQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQ/wIAAP//YKPiyQ==")
bpf$MAP_CREATE(0x0, 0x0, 0x0)
pipe(0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip6_tables_targets\x00')
r1 = dup(r0)
faccessat2(r1, &(0x7f0000000040)='\x00', 0x7, 0x1200)
executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0)
llistxattr(&(0x7f0000000000)='./file1/file4/file7/file5\x00', 0x0, 0x0)
executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8a10ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 0:
nanosleep(0x0, 0x0)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@newtaction={0x8c, 0x30, 0xb, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x74, 0x1, 0x0, 0x0, {{0x7}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_LABELS={0x14, 0x7, "4614c334e344ae53204373dc0ddeb17f"}, @TCA_CT_LABELS_MASK={0x14, 0x8, "eb6404074c369780d3df843c4e5e039f"}, @TCA_CT_ZONE={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 5 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@newtaction={0x8c, 0x30, 0xb, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x74, 0x1, 0x0, 0x0, {{0x7}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_LABELS={0x14, 0x7, "4614c334e344ae53204373dc0ddeb17f"}, @TCA_CT_LABELS_MASK={0x14, 0x8, "eb6404074c369780d3df843c4e5e039f"}, @TCA_CT_ZONE={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

program crashed: KMSAN: uninit-value in tcf_ct_flow_table_get
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route
detailed listing:
executing program 0:
socket$nl_route(0x10, 0x3, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$nl_route_sched
detailed listing:
executing program 0:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@newtaction={0x8c, 0x30, 0xb, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x74, 0x1, 0x0, 0x0, {{0x7}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_LABELS={0x14, 0x7, "4614c334e344ae53204373dc0ddeb17f"}, @TCA_CT_LABELS_MASK={0x14, 0x8, "eb6404074c369780d3df843c4e5e039f"}, @TCA_CT_ZONE={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: KMSAN: uninit-value in tcf_ct_flow_table_get
simplifying C reproducer
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: KMSAN: uninit-value in tcf_ct_flow_table_get
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: KMSAN: uninit-value in tcf_ct_flow_table_get
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: KMSAN: uninit-value in tcf_ct_flow_table_get
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: KMSAN: uninit-value in tcf_ct_flow_table_get
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: KMSAN: uninit-value in tcf_ct_flow_table_get
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: KMSAN: uninit-value in tcf_ct_flow_table_get
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: KMSAN: uninit-value in tcf_ct_flow_table_get
reproducing took 1h45m22.704342912s
repro crashed as (corrupted=false):
=====================================================
BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329
 rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
 __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
 rhashtable_lookup include/linux/rhashtable.h:646 [inline]
 rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
 tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329
 tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408
 tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425
 tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488
 tcf_action_add net/sched/act_api.c:2061 [inline]
 tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118
 rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647
 netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550
 rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665
 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
 netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357
 netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x30f/0x380 net/socket.c:745
 ____sys_sendmsg+0x877/0xb60 net/socket.c:2597
 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651
 __sys_sendmsg net/socket.c:2680 [inline]
 __do_sys_sendmsg net/socket.c:2689 [inline]
 __se_sys_sendmsg net/socket.c:2687 [inline]
 __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687
 x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable key created at:
 tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324
 tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408

CPU: 0 PID: 5045 Comm: syz-executor196 Not tainted 6.10.0-syzkaller-11185-g2c9b3512402e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
=====================================================

final repro crashed as (corrupted=false):
=====================================================
BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]
BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329
 rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
 __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
 rhashtable_lookup include/linux/rhashtable.h:646 [inline]
 rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
 tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329
 tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408
 tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425
 tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488
 tcf_action_add net/sched/act_api.c:2061 [inline]
 tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118
 rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647
 netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550
 rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665
 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
 netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357
 netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x30f/0x380 net/socket.c:745
 ____sys_sendmsg+0x877/0xb60 net/socket.c:2597
 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651
 __sys_sendmsg net/socket.c:2680 [inline]
 __do_sys_sendmsg net/socket.c:2689 [inline]
 __se_sys_sendmsg net/socket.c:2687 [inline]
 __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687
 x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable key created at:
 tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324
 tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408

CPU: 0 PID: 5045 Comm: syz-executor196 Not tainted 6.10.0-syzkaller-11185-g2c9b3512402e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
=====================================================