Extracting prog: 12m22.841782079s
Minimizing prog: 31m1.378876571s
Simplifying prog options: 7m28.427339916s
Extracting C: 3m20.561348186s
Simplifying C: 38m41.645081338s


extracting reproducer from 31 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@allocspi={0x110, 0x16, 0x1, 0x70bd27, 0x25dfdbfb, {{{@in=@multicast2, @in6=@private2, 0x4e21, 0x0, 0x4e24, 0xb, 0xa, 0x30, 0x80, 0x2f}, {@in=@broadcast, 0x4d5, 0x32}, @in6=@private2, {0x4, 0x1, 0x6, 0x51, 0x5, 0x9, 0x1de, 0xfffffffffffffffb}, {0x3a, 0x1, 0x4, 0x5}, {0x31e, 0x2, 0xc}, 0x70bd2a, 0x3504, 0xa, 0x4, 0x4, 0x1}, 0x0, 0x3}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0x10}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x49}}]}, 0x110}, 0x1, 0x0, 0x0, 0x4000100}, 0x48040)

program did not crash
single: failed to extract reproducer
bisect: bisecting 31 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, 0x0, 0x0)
executing program 1:
r0 = fanotify_init(0xf00, 0x1)
fanotify_mark(r0, 0x2, 0x40009975, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
executing program 1:
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800002, &(0x7f0000000000)={[{@noblock_validity}, {@dioread_nolock}, {@errors_remount}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x22}, 0x84, 0x464, &(0x7f0000000ac0)="$eJzs3EtvG0UcAPD/bpq+S0Ipjz6AQEFEPJImLdADFxBIvSAhwaEcQ5pWpWmDmiDRKqIpQuWI+gmAIxKfgBNcEHACcYU7QqpQLgQOaNHau6lx7GAncZ3g30/aeGZ31jt/7449O2MngJ41lP9JIvZGxM8RMRARffUFhqoPS4vzk38uzk8mkWWv/57ku8Ufi/OTZdGkeNxTZIbTiPTDJA43OO7slasXJqanpy4X+dG5i++Mzl65+sz5ixPnps5NXRo/efLE8bHnnxt/dkPi3JfX9dD7M0cOnnrz5quTp2++9d0XeX33Fttr46gaXPcxh2Jo+TWp9/i6n31z2VeTTrZ1sSK0JW/r+enqr7T/geiL2ydvIF75oKuVAzoqy7Jsx4q1yz2AhQz4H0ui2zUAuqP8oM/vf8vlDnY/uu7Wi9UboDzupWKpbtkWaVGmv+7+diMNRcTphb8+yZdoOA4BALCxvsr7P0836v+lcV9NubuKuaHBiLg7IvZHxD0RcSAi7o2olL0/Ih5o8/hDdfmV/Z8fd60psBbl/b8Xirmtf/f/yt5fDPYVuX2V+PuTs+enp44Vr8lw9O/I82OrHOPrl3/6uNm22v5fviz1x2TZFyzq8du2ugG6MxNzE+uJudat65UxwGsr40+WZwKSiDgYEYfW8Pw7I+L8k58fabZ9RfyL83Xxr2ID5pmyzyKeqJ7/haiLv5SsPj85ujOmp46NllfFSt//cOO1ZsdfV/wbID//uxte/8vxDya187Wz7R/jxi8fNb2n+e/4G1//25M3Kuntxbr3JubmLo9FbE8WVq4fv71vmS/L5/EPH23c/vdH/P1psd/hiMgv4gcj4qGIeLio+yMR8WhEHF0l/m9feuzttcffWXn8Z9o6/+0n+i5882Wz47d2/k9UUsPFmlbe/1qt4HpeOwAAANgq0sp34JN0ZDmdpiMj1e/wH4jd6fTM7NxTZ2fevXSm+l35wehPy5GugZrx0LFibLjMj9flj1fGjbMsy3ZV8iOTM9OdmlMHWrOnSfvP/drX7doBHdfWPFqzX7QBW5Lfa0Lv0v6hd2n/0Lu0f+hdjdr/tYilVXe63rHqAHeQz3/oXdo/9C7tH3qX9g89aT2/618tsf9Ua4XLf0DYoWpsgUTf5qhG24lIN0U11pZIN0c1qokdEdFq4Wt3rKV0+Y0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/wTAAD//7YA6Ok=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
executing program 1:
madvise(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xf)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@setneightbl={0x14, 0x43, 0x1, 0xffff7ffe, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x44091}, 0x0)
executing program 32:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@setneightbl={0x14, 0x43, 0x1, 0xffff7ffe, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x44091}, 0x0)
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB="b702000008000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749da00000097f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff472558014391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d74e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00000000000000000000000000c8b8b5b137dcb7a7949e12307d1fce56fe5b76d2f3f5a7692379542e3fd9a5a7dc57e1dec0bdce65b5db59a0733c9b9da612adb91948ecbfaff8fc206b8350fe268b98aaa2e288be77aedddcc7fb7d631e69b176e2e6678fe1237cb2"], &(0x7f0000000340)='syzkaller\x00'}, 0x4a)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001300)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000000)="b9ff03076844268cb8be14f08847", 0x0, 0x20000005, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 4:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0})
write(r0, &(0x7f0000000000)="fa", 0xfffffdef)
executing program 3:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x40080, 0x0)
ioctl$SNDCTL_SEQ_GETINCOUNT(r0, 0x80045105, &(0x7f00000001c0))
executing program 2:
r0 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0)
ioctl$CEC_TRANSMIT(r0, 0xc0386105, &(0x7f0000000480)={0x9, 0x0, 0x9, 0x0, 0x0, 0x0, "0ff8000000000000c5c6ff0717c3a86d", 0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0xff})
executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2c, 0x2, 0x3, 0x101, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x1f}}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x14}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x10}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000)
executing program 2:
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0xd, 0x2)
ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000040)={0x0, 0x0, 0xffffffff, 0x80800})
executing program 3:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x19, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000008b000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014001000b7030000000000008500000086000000bf0900000000000055090100000000009500000000000000bd0a0600000000002500f4ff010000001801000020646c2500000000002020207b04000000000000bfa100000000000007010000f8ffffffb702000008000000b7030000030001008500000006000000bf91000000000000b702000003000000850000002a000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x9, 0x1001, &(0x7f0000001cc0)=""/4097, 0x41100, 0x24}, 0x94)
executing program 0:
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xf0)
ioctl$sock_ax25_SIOCADDRT(r0, 0x890b, &(0x7f0000003840)={@default, @default, 0xb, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]})
executing program 2:
syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000d40)='./file4\x00', 0xa18c14, &(0x7f0000000d80)={[{@shortname_lower}, {@rodir}, {@shortname_winnt}, {@fat=@gid}, {@shortname_winnt}, {@fat=@check_strict}, {@shortname_win95}, {@uni_xlate}, {@shortname_mixed}, {@uni_xlate}, {@uni_xlateno}, {@fat=@dmask={'dmask', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'cp874'}}]}, 0x89, 0x29b, &(0x7f0000000580)="$eJzs3c9qK1UYAPBv0iRNVEgWrkRwQBeuwr33CW6QChezUrLQjV5sC5KEQgMB/2Dsyr3gynfwHXwAN76BC5eCO7sQR5KZSdI0bY3EVOrvt5kvc74v509OWyjMyUevjgbHZ+PTiy9+jkYjicrTeBqXSbSjEqWvAgB4SC6zLH7LcnflVqMeEVmreFXZw/AAgH/BNn//AYCH4b33P3in2+sdvZumjYjR15N+Evk1b++exicxjJN4FK34IyJbyOOXnvWOopqm5T8DJs3oR4w+/LF43f01Yl7/OFrRXq+vF1npXLwxmk76s55n11q8kER0syRPeRKteDkiq0XxJvnl7We9oyfp9fro1+PN178rxv/nSXSiFT99HGcxjOP5Wyzrv3ycpm9l3/7+eT6DfkQynfQP53lL2cFePhAAAAAAAAAAAAAAAAAAAAAAAP4XOulCe/X8nPI0wE5nc/uN5wMVJ/xMV87XeZSmaXmMz6Rfi7y+Gq9Uo3p/MwcAAAAAAAAAAAAAAAAAAID/jvGnnw2eD4cn51eCH7JZ0Lw1Zz2ortwpH+u/u2pzMPg+YvuqvxPEQTG0YXKti6Rs2kFfh9skNzd1GpWb1rA6jHzw32w/sNd2NcFbg3J3DZ4ncUdyY/MmWdl15TY8HydbbMhsw9Id3FhV39Hc6y/+0/LmxoWazbi2WMyrVY3ZJ7lyp7bjn5Q1yc5/9wAAAAAAAAAAAAAAAAAAAFctH/qNX641XtzLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg75bf/78Ior1+Zz2YFsXzO5Xbkw/Pxxu6be95mgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxwfwUAAP//5OlVhQ==")
syz_mount_image$exfat(0x0, &(0x7f00000004c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x200010, 0x0, 0x24, 0x0, &(0x7f0000000000))
executing program 4:
r0 = socket$phonet(0x23, 0x2, 0x1)
ioctl$sock_ifreq(r0, 0x8932, &(0x7f0000000040)={'dummy0\x00', @ifru_data=0x0})
executing program 3:
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r0, 0x10d, 0x99, &(0x7f0000000000), &(0x7f0000000080)=0x4)
executing program 0:
r0 = socket$inet6_dccp(0xa, 0x6, 0x0)
setsockopt$inet6_int(r0, 0x10d, 0xb, &(0x7f0000000080)=0xa, 0x4)
executing program 2:
r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000080)={'fscrypt:', @desc1}, &(0x7f0000000140)={0x0, "c6146f97f6c131a79a6bad741b394dc00c300d21dd1247eaf94cc97f924285d0ad63244e813ace0f78a2230539449c56fdc8bd19fd31a7359a756576c9342001"}, 0x48, 0xfffffffffffffffb)
keyctl$chown(0x4, r0, 0x0, 0xffffffffffffffff)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@ipv6_getnexthop={0x20, 0x6a, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NHA_ID={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0xba01, 0x0, 0x400c002}, 0x0)
executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x10080, &(0x7f0000000440)={[{@mpol={'mpol', 0x3d, {'prefer', '=static', @void}}}]})
executing program 3:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xbd, 0x16, 0xf, 0x40, 0x8086, 0x110, 0xbfad, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x12, 0x24}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000cc0)={0x84, &(0x7f0000000840)={0x0, 0x37}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 2:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_netdev_private(r0, 0x8949, &(0x7f0000000380)="4249c2368bb8dd2c7f0a323cf53a")
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newtaction={0x60, 0x30, 0x10b, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x3, 0x800000, 0x20000000, 0x1}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x0)
executing program 4:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFCONF(r0, 0x8912, 0x0)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x6}]}}}]}, @NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc0}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xa, 0x4a, 0xc, 0xa, 0x0, 0x1, 0x1ff}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000600)={r0, &(0x7f0000000840), &(0x7f0000000200)=@tcp, 0x2}, 0x20)
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@allocspi={0x110, 0x16, 0x1, 0x70bd27, 0x25dfdbfb, {{{@in=@multicast2, @in6=@private2, 0x4e21, 0x0, 0x4e24, 0xb, 0xa, 0x30, 0x80, 0x2f}, {@in=@broadcast, 0x4d5, 0x32}, @in6=@private2, {0x4, 0x1, 0x6, 0x51, 0x5, 0x9, 0x1de, 0xfffffffffffffffb}, {0x3a, 0x1, 0x4, 0x5}, {0x31e, 0x2, 0xc}, 0x70bd2a, 0x3504, 0xa, 0x4, 0x4, 0x1}, 0x0, 0x3}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0x10}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x49}}]}, 0x110}, 0x1, 0x0, 0x0, 0x4000100}, 0x48040)
executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)={0x2c, 0x17, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x240480d0}, 0x4000)
executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newsa={0x150, 0x1a, 0x413, 0x0, 0x0, {{@in=@multicast1, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x0, 0x32}, @in=@loopback, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x20000000008}, {0x0, 0x8, 0xcc}, {0xf6}, 0x0, 0x0, 0xa, 0x1, 0x1}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x80, "25cac5216d1c8af0a976902918bf448c5d9f5459"}}]}, 0x150}}, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@allocspi={0x110, 0x16, 0x1, 0x70bd27, 0x25dfdbfb, {{{@in=@multicast2, @in6=@private2, 0x4e21, 0x0, 0x4e24, 0xb, 0xa, 0x30, 0x80, 0x2f}, {@in=@broadcast, 0x4d5, 0x32}, @in6=@private2, {0x4, 0x1, 0x6, 0x51, 0x5, 0x9, 0x1de, 0xfffffffffffffffb}, {0x3a, 0x1, 0x4, 0x5}, {0x31e, 0x2, 0xc}, 0x70bd2a, 0x3504, 0xa, 0x4, 0x4, 0x1}, 0x0, 0x3}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0x10}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x49}}]}, 0x110}, 0x1, 0x0, 0x0, 0x4000100}, 0x48040)

program did not crash
single: failed to extract reproducer
bisect: bisecting 31 programs with base timeout 1m40s
testing program (duration=1m47s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 1:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, 0x0, 0x0)
executing program 1:
r0 = fanotify_init(0xf00, 0x1)
fanotify_mark(r0, 0x2, 0x40009975, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
executing program 1:
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800002, &(0x7f0000000000)={[{@noblock_validity}, {@dioread_nolock}, {@errors_remount}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x22}, 0x84, 0x464, &(0x7f0000000ac0)="$eJzs3EtvG0UcAPD/bpq+S0Ipjz6AQEFEPJImLdADFxBIvSAhwaEcQ5pWpWmDmiDRKqIpQuWI+gmAIxKfgBNcEHACcYU7QqpQLgQOaNHau6lx7GAncZ3g30/aeGZ31jt/7449O2MngJ41lP9JIvZGxM8RMRARffUFhqoPS4vzk38uzk8mkWWv/57ku8Ufi/OTZdGkeNxTZIbTiPTDJA43OO7slasXJqanpy4X+dG5i++Mzl65+sz5ixPnps5NXRo/efLE8bHnnxt/dkPi3JfX9dD7M0cOnnrz5quTp2++9d0XeX33Fttr46gaXPcxh2Jo+TWp9/i6n31z2VeTTrZ1sSK0JW/r+enqr7T/geiL2ydvIF75oKuVAzoqy7Jsx4q1yz2AhQz4H0ui2zUAuqP8oM/vf8vlDnY/uu7Wi9UboDzupWKpbtkWaVGmv+7+diMNRcTphb8+yZdoOA4BALCxvsr7P0836v+lcV9NubuKuaHBiLg7IvZHxD0RcSAi7o2olL0/Ih5o8/hDdfmV/Z8fd60psBbl/b8Xirmtf/f/yt5fDPYVuX2V+PuTs+enp44Vr8lw9O/I82OrHOPrl3/6uNm22v5fviz1x2TZFyzq8du2ugG6MxNzE+uJudat65UxwGsr40+WZwKSiDgYEYfW8Pw7I+L8k58fabZ9RfyL83Xxr2ID5pmyzyKeqJ7/haiLv5SsPj85ujOmp46NllfFSt//cOO1ZsdfV/wbID//uxte/8vxDya187Wz7R/jxi8fNb2n+e/4G1//25M3Kuntxbr3JubmLo9FbE8WVq4fv71vmS/L5/EPH23c/vdH/P1psd/hiMgv4gcj4qGIeLio+yMR8WhEHF0l/m9feuzttcffWXn8Z9o6/+0n+i5882Wz47d2/k9UUsPFmlbe/1qt4HpeOwAAANgq0sp34JN0ZDmdpiMj1e/wH4jd6fTM7NxTZ2fevXSm+l35wehPy5GugZrx0LFibLjMj9flj1fGjbMsy3ZV8iOTM9OdmlMHWrOnSfvP/drX7doBHdfWPFqzX7QBW5Lfa0Lv0v6hd2n/0Lu0f+hdjdr/tYilVXe63rHqAHeQz3/oXdo/9C7tH3qX9g89aT2/618tsf9Ua4XLf0DYoWpsgUTf5qhG24lIN0U11pZIN0c1qokdEdFq4Wt3rKV0+Y0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/wTAAD//7YA6Ok=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
executing program 1:
madvise(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xf)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@setneightbl={0x14, 0x43, 0x1, 0xffff7ffe, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x44091}, 0x0)
executing program 32:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@setneightbl={0x14, 0x43, 0x1, 0xffff7ffe, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x44091}, 0x0)
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB="b702000008000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749da00000097f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff472558014391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d74e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00000000000000000000000000c8b8b5b137dcb7a7949e12307d1fce56fe5b76d2f3f5a7692379542e3fd9a5a7dc57e1dec0bdce65b5db59a0733c9b9da612adb91948ecbfaff8fc206b8350fe268b98aaa2e288be77aedddcc7fb7d631e69b176e2e6678fe1237cb2"], &(0x7f0000000340)='syzkaller\x00'}, 0x4a)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001300)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000000)="b9ff03076844268cb8be14f08847", 0x0, 0x20000005, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 4:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0})
write(r0, &(0x7f0000000000)="fa", 0xfffffdef)
executing program 3:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x40080, 0x0)
ioctl$SNDCTL_SEQ_GETINCOUNT(r0, 0x80045105, &(0x7f00000001c0))
executing program 2:
r0 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0)
ioctl$CEC_TRANSMIT(r0, 0xc0386105, &(0x7f0000000480)={0x9, 0x0, 0x9, 0x0, 0x0, 0x0, "0ff8000000000000c5c6ff0717c3a86d", 0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0xff})
executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2c, 0x2, 0x3, 0x101, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x1f}}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x14}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x10}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000)
executing program 2:
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0xd, 0x2)
ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000040)={0x0, 0x0, 0xffffffff, 0x80800})
executing program 3:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x19, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000008b000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014001000b7030000000000008500000086000000bf0900000000000055090100000000009500000000000000bd0a0600000000002500f4ff010000001801000020646c2500000000002020207b04000000000000bfa100000000000007010000f8ffffffb702000008000000b7030000030001008500000006000000bf91000000000000b702000003000000850000002a000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x9, 0x1001, &(0x7f0000001cc0)=""/4097, 0x41100, 0x24}, 0x94)
executing program 0:
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xf0)
ioctl$sock_ax25_SIOCADDRT(r0, 0x890b, &(0x7f0000003840)={@default, @default, 0xb, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]})
executing program 2:
syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000d40)='./file4\x00', 0xa18c14, &(0x7f0000000d80)={[{@shortname_lower}, {@rodir}, {@shortname_winnt}, {@fat=@gid}, {@shortname_winnt}, {@fat=@check_strict}, {@shortname_win95}, {@uni_xlate}, {@shortname_mixed}, {@uni_xlate}, {@uni_xlateno}, {@fat=@dmask={'dmask', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'cp874'}}]}, 0x89, 0x29b, &(0x7f0000000580)="$eJzs3c9qK1UYAPBv0iRNVEgWrkRwQBeuwr33CW6QChezUrLQjV5sC5KEQgMB/2Dsyr3gynfwHXwAN76BC5eCO7sQR5KZSdI0bY3EVOrvt5kvc74v509OWyjMyUevjgbHZ+PTiy9+jkYjicrTeBqXSbSjEqWvAgB4SC6zLH7LcnflVqMeEVmreFXZw/AAgH/BNn//AYCH4b33P3in2+sdvZumjYjR15N+Evk1b++exicxjJN4FK34IyJbyOOXnvWOopqm5T8DJs3oR4w+/LF43f01Yl7/OFrRXq+vF1npXLwxmk76s55n11q8kER0syRPeRKteDkiq0XxJvnl7We9oyfp9fro1+PN178rxv/nSXSiFT99HGcxjOP5Wyzrv3ycpm9l3/7+eT6DfkQynfQP53lL2cFePhAAAAAAAAAAAAAAAAAAAAAAAP4XOulCe/X8nPI0wE5nc/uN5wMVJ/xMV87XeZSmaXmMz6Rfi7y+Gq9Uo3p/MwcAAAAAAAAAAAAAAAAAAID/jvGnnw2eD4cn51eCH7JZ0Lw1Zz2ortwpH+u/u2pzMPg+YvuqvxPEQTG0YXKti6Rs2kFfh9skNzd1GpWb1rA6jHzw32w/sNd2NcFbg3J3DZ4ncUdyY/MmWdl15TY8HydbbMhsw9Id3FhV39Hc6y/+0/LmxoWazbi2WMyrVY3ZJ7lyp7bjn5Q1yc5/9wAAAAAAAAAAAAAAAAAAAFctH/qNX641XtzLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg75bf/78Ior1+Zz2YFsXzO5Xbkw/Pxxu6be95mgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxwfwUAAP//5OlVhQ==")
syz_mount_image$exfat(0x0, &(0x7f00000004c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x200010, 0x0, 0x24, 0x0, &(0x7f0000000000))
executing program 4:
r0 = socket$phonet(0x23, 0x2, 0x1)
ioctl$sock_ifreq(r0, 0x8932, &(0x7f0000000040)={'dummy0\x00', @ifru_data=0x0})
executing program 3:
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r0, 0x10d, 0x99, &(0x7f0000000000), &(0x7f0000000080)=0x4)
executing program 0:
r0 = socket$inet6_dccp(0xa, 0x6, 0x0)
setsockopt$inet6_int(r0, 0x10d, 0xb, &(0x7f0000000080)=0xa, 0x4)
executing program 2:
r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000080)={'fscrypt:', @desc1}, &(0x7f0000000140)={0x0, "c6146f97f6c131a79a6bad741b394dc00c300d21dd1247eaf94cc97f924285d0ad63244e813ace0f78a2230539449c56fdc8bd19fd31a7359a756576c9342001"}, 0x48, 0xfffffffffffffffb)
keyctl$chown(0x4, r0, 0x0, 0xffffffffffffffff)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@ipv6_getnexthop={0x20, 0x6a, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NHA_ID={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0xba01, 0x0, 0x400c002}, 0x0)
executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x10080, &(0x7f0000000440)={[{@mpol={'mpol', 0x3d, {'prefer', '=static', @void}}}]})
executing program 3:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xbd, 0x16, 0xf, 0x40, 0x8086, 0x110, 0xbfad, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x12, 0x24}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000cc0)={0x84, &(0x7f0000000840)={0x0, 0x37}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 2:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_netdev_private(r0, 0x8949, &(0x7f0000000380)="4249c2368bb8dd2c7f0a323cf53a")
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newtaction={0x60, 0x30, 0x10b, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x3, 0x800000, 0x20000000, 0x1}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x0)
executing program 4:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFCONF(r0, 0x8912, 0x0)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x6}]}}}]}, @NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc0}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xa, 0x4a, 0xc, 0xa, 0x0, 0x1, 0x1ff}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000600)={r0, &(0x7f0000000840), &(0x7f0000000200)=@tcp, 0x2}, 0x20)
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@allocspi={0x110, 0x16, 0x1, 0x70bd27, 0x25dfdbfb, {{{@in=@multicast2, @in6=@private2, 0x4e21, 0x0, 0x4e24, 0xb, 0xa, 0x30, 0x80, 0x2f}, {@in=@broadcast, 0x4d5, 0x32}, @in6=@private2, {0x4, 0x1, 0x6, 0x51, 0x5, 0x9, 0x1de, 0xfffffffffffffffb}, {0x3a, 0x1, 0x4, 0x5}, {0x31e, 0x2, 0xc}, 0x70bd2a, 0x3504, 0xa, 0x4, 0x4, 0x1}, 0x0, 0x3}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0x10}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x49}}]}, 0x110}, 0x1, 0x0, 0x0, 0x4000100}, 0x48040)
executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)={0x2c, 0x17, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x240480d0}, 0x4000)
executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newsa={0x150, 0x1a, 0x413, 0x0, 0x0, {{@in=@multicast1, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x0, 0x32}, @in=@loopback, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x20000000008}, {0x0, 0x8, 0xcc}, {0xf6}, 0x0, 0x0, 0xa, 0x1, 0x1}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x80, "25cac5216d1c8af0a976902918bf448c5d9f5459"}}]}, 0x150}}, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@allocspi={0x110, 0x16, 0x1, 0x70bd27, 0x25dfdbfb, {{{@in=@multicast2, @in6=@private2, 0x4e21, 0x0, 0x4e24, 0xb, 0xa, 0x30, 0x80, 0x2f}, {@in=@broadcast, 0x4d5, 0x32}, @in6=@private2, {0x4, 0x1, 0x6, 0x51, 0x5, 0x9, 0x1de, 0xfffffffffffffffb}, {0x3a, 0x1, 0x4, 0x5}, {0x31e, 0x2, 0xc}, 0x70bd2a, 0x3504, 0xa, 0x4, 0x4, 0x1}, 0x0, 0x3}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0x10}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x49}}]}, 0x110}, 0x1, 0x0, 0x0, 0x4000100}, 0x48040)

program crashed: INFO: rcu detected stall in corrupted
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm
detailed listing:
executing program 0:
socket$nl_xfrm(0x10, 0x3, 0x6)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$nl_xfrm
detailed listing:
executing program 0:
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@allocspi={0x110, 0x16, 0x1, 0x70bd27, 0x25dfdbfb, {{{@in=@multicast2, @in6=@private2, 0x4e21, 0x0, 0x4e24, 0xb, 0xa, 0x30, 0x80, 0x2f}, {@in=@broadcast, 0x4d5, 0x32}, @in6=@private2, {0x4, 0x1, 0x6, 0x51, 0x5, 0x9, 0x1de, 0xfffffffffffffffb}, {0x3a, 0x1, 0x4, 0x5}, {0x31e, 0x2, 0xc}, 0x70bd2a, 0x3504, 0xa, 0x4, 0x4, 0x1}, 0x0, 0x3}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0x10}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x49}}]}, 0x110}, 0x1, 0x0, 0x0, 0x4000100}, 0x48040)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x48040)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000100}, 0x48040)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0}, 0x1, 0x0, 0x0, 0x4000100}, 0x48040)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in do_idle
a never seen crash title: INFO: rcu detected stall in do_idle, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@allocspi={0x110, 0x16, 0x1, 0x70bd27, 0x25dfdbfb, {{{@in=@multicast2, @in6=@private2, 0x4e21, 0x0, 0x4e24, 0xb, 0xa, 0x30, 0x80, 0x2f}, {@in=@broadcast, 0x4d5, 0x32}, @in6=@private2, {0x4, 0x1, 0x6, 0x51, 0x5, 0x9, 0x1de, 0xfffffffffffffffb}, {0x3a, 0x1, 0x4, 0x5}, {0x31e, 0x2, 0xc}, 0x70bd2a, 0x3504, 0xa, 0x4, 0x4, 0x1}, 0x0, 0x3}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0x10}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x49}}]}, 0x110}, 0x1, 0x0, 0x0, 0x4000100}, 0x48040)

program crashed: INFO: rcu detected stall in corrupted
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in corrupted
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in do_idle
a never seen crash title: INFO: rcu detected stall in do_idle, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in do_idle
a never seen crash title: INFO: rcu detected stall in do_idle, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in corrupted
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in corrupted
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in corrupted
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in corrupted
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in corrupted
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in sys_newfstatat
a never seen crash title: INFO: rcu detected stall in sys_newfstatat, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in corrupted
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in corrupted
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in corrupted
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in do_idle
a never seen crash title: INFO: rcu detected stall in do_idle, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in corrupted
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in corrupted
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in corrupted
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@allocspi={0x110, 0x16, 0x1, 0x70bd27, 0x25dfdbfb, {{{@in=@multicast2, @in6=@private2, 0x4e21, 0x0, 0x4e24, 0xb, 0xa, 0x30, 0x80, 0x2f}, {@in=@broadcast, 0x4d5, 0x32}, @in6=@private2, {0x4, 0x1, 0x6, 0x51, 0x5, 0x9, 0x1de, 0xfffffffffffffffb}, {0x3a, 0x1, 0x4, 0x5}, {0x31e, 0x2, 0xc}, 0x70bd2a, 0x3504, 0xa, 0x4, 0x4, 0x1}, 0x0, 0x3}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0x10}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x49}}]}, 0x110}, 0x1, 0x0, 0x0, 0x4000100}, 0x48040)

program crashed: INFO: rcu detected stall in worker_thread
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@allocspi={0x110, 0x16, 0x1, 0x70bd27, 0x25dfdbfb, {{{@in=@multicast2, @in6=@private2, 0x4e21, 0x0, 0x4e24, 0xb, 0xa, 0x30, 0x80, 0x2f}, {@in=@broadcast, 0x4d5, 0x32}, @in6=@private2, {0x4, 0x1, 0x6, 0x51, 0x5, 0x9, 0x1de, 0xfffffffffffffffb}, {0x3a, 0x1, 0x4, 0x5}, {0x31e, 0x2, 0xc}, 0x70bd2a, 0x3504, 0xa, 0x4, 0x4, 0x1}, 0x0, 0x3}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0x10}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x49}}]}, 0x110}, 0x1, 0x0, 0x0, 0x4000100}, 0x48040)

program crashed: INFO: rcu detected stall in corrupted
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@allocspi={0x110, 0x16, 0x1, 0x70bd27, 0x25dfdbfb, {{{@in=@multicast2, @in6=@private2, 0x4e21, 0x0, 0x4e24, 0xb, 0xa, 0x30, 0x80, 0x2f}, {@in=@broadcast, 0x4d5, 0x32}, @in6=@private2, {0x4, 0x1, 0x6, 0x51, 0x5, 0x9, 0x1de, 0xfffffffffffffffb}, {0x3a, 0x1, 0x4, 0x5}, {0x31e, 0x2, 0xc}, 0x70bd2a, 0x3504, 0xa, 0x4, 0x4, 0x1}, 0x0, 0x3}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0x10}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x49}}]}, 0x110}, 0x1, 0x0, 0x0, 0x4000100}, 0x48040)

program crashed: INFO: rcu detected stall in corrupted
validation run: crashed=true
reproducing took 1h39m26.039986005s
repro crashed as (corrupted=true):
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 	1-...!: (10501 ticks this GP) idle=28f4/1/0x4000000000000000 softirq=12868/12868 fqs=0
rcu: 	(t=10502 jiffies g=12005 q=1114 ncpus=2)
rcu: rcu_preempt kthread timer wakeup didn't happen for 10502 jiffies! g12005 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: 	Possible timer handling issue on cpu=1 timer-softirq=3106
rcu: rcu_preempt kthread starved for 10505 jiffies! g12005 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:I stack:27528 pid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 schedule+0xbd/0x170 kernel/sched/core.c:6773
 schedule_timeout+0x160/0x280 kernel/time/timer.c:2167
 rcu_gp_fqs_loop+0x302/0x1560 kernel/rcu/tree.c:1667
 rcu_gp_kthread+0x99/0x380 kernel/rcu/tree.c:1866
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 PID: 6012 Comm: syz.0.24 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:212
Code: 00 0f 0b 0f 1f 80 00 00 00 00 f3 0f 1e fa 53 48 89 fb e8 13 00 00 00 48 8b 3d 5c 04 c5 0c 48 89 de 5b e9 73 7a 56 00 cc cc cc <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0d f0 29 7e 7e 65 8b 15 f1 29 7e
RSP: 0018:ffffc90003697198 EFLAGS: 00000287
RAX: ffffffff891e4487 RBX: 0000000003000000 RCX: 0000000000000000
RDX: ffff88801af75a00 RSI: 0000000003000000 RDI: 0000000001000000
RBP: ffffc900036972f0 R08: dffffc0000000000 R09: 1ffffffff21b4aa0
R10: dffffc0000000000 R11: fffffbfff21b4aa1 R12: 0000000001000000
R13: 0000000000000000 R14: ffff88805f9cc800 R15: dffffc0000000000
FS:  0000555574986500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002000000006c0 CR3: 000000007d707000 CR4: 00000000003506e0
Call Trace:
 <TASK>
 xfrm_state_lookup_spi_proto net/xfrm/xfrm_state.c:1477 [inline]
 xfrm_alloc_spi+0x4d0/0x11f0 net/xfrm/xfrm_state.c:2302
 xfrm_alloc_userspi+0x5d1/0xa90 net/xfrm/xfrm_user.c:1623
 xfrm_user_rcv_msg+0x596/0x870 net/xfrm/xfrm_user.c:3169
 netlink_rcv_skb+0x216/0x480 net/netlink/af_netlink.c:2545
 xfrm_netlink_rcv+0x79/0x90 net/xfrm/xfrm_user.c:3191
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x751/0x8d0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x8c1/0xbe0 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x5bf/0x950 net/socket.c:2595
 ___sys_sendmsg+0x220/0x290 net/socket.c:2649
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2687 [inline]
 __se_sys_sendmsg+0x1a5/0x270 net/socket.c:2685
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f2e81b8eba9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe3062b1c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f2e81dd5fa0 RCX: 00007f2e81b8eba9
RDX: 0000000000048040 RSI: 00002000000006c0 RDI: 0000000000000003
RBP: 00007f2e81c11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2e81dd5fa0 R14: 00007f2e81dd5fa0 R15: 0000000000000003
 </TASK>
CPU: 1 PID: 6012 Comm: syz.0.24 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 kernel/kcov.c:212
Code: 00 0f 0b 0f 1f 80 00 00 00 00 f3 0f 1e fa 53 48 89 fb e8 13 00 00 00 48 8b 3d 5c 04 c5 0c 48 89 de 5b e9 73 7a 56 00 cc cc cc <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0d f0 29 7e 7e 65 8b 15 f1 29 7e
RSP: 0018:ffffc90003697198 EFLAGS: 00000287
RAX: ffffffff891e4487 RBX: 0000000003000000 RCX: 0000000000000000
RDX: ffff88801af75a00 RSI: 0000000003000000 RDI: 0000000001000000
RBP: ffffc900036972f0 R08: dffffc0000000000 R09: 1ffffffff21b4aa0
R10: dffffc0000000000 R11: fffffbfff21b4aa1 R12: 0000000001000000
R13: 0000000000000000 R14: ffff88805f9cc800 R15: dffffc0000000000
FS:  0000555574986500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002000000006c0 CR3: 000000007d707000 CR4: 00000000003506e0
Call Trace:
 <TASK>
 xfrm_state_lookup_spi_proto net/xfrm/xfrm_state.c:1477 [inline]
 xfrm_alloc_spi+0x4d0/0x11f0 net/xfrm/xfrm_state.c:2302
 xfrm_alloc_userspi+0x5d1/0xa90 net/xfrm/xfrm_user.c:1623
 xfrm_user_rcv_msg+0x596/0x870 net/xfrm/xfrm_user.c:3169
 netlink_rcv_skb+0x216/0x480 net/netlink/af_netlink.c:2545
 xfrm_netlink_rcv+0x79/0x90 net/xfrm/xfrm_user.c:3191
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x751/0x8d0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x8c1/0xbe0 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x5bf/0x950 net/socket.c:2595
 ___sys_sendmsg+0x220/0x290 net/socket.c:2649
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2687 [inline]
 __se_sys_sendmsg+0x1a5/0x270 net/socket.c:2685
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f2e81b8eba9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe3062b1c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f2e81dd5fa0 RCX: 00007f2e81b8eba9
RDX: 0000000000048040 RSI: 00002000000006c0 RDI: 0000000000000003
RBP: 00007f2e81c11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2e81dd5fa0 R14: 00007f2e81dd5fa0 R15: 0000000000000003
 </TASK>

report is corrupted, running repro again
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in corrupted
report is corrupted, running repro again
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
program crashed: INFO: rcu detected stall in sys_openat
final repro crashed as (corrupted=false):
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 	0-...!: (1 GPs behind) idle=63ac/1/0x4000000000000000 softirq=9338/9339 fqs=1493
rcu: 	(t=10502 jiffies g=6973 q=100468 ncpus=2)
rcu: rcu_preempt kthread timer wakeup didn't happen for 7508 jiffies! g6973 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: 	Possible timer handling issue on cpu=1 timer-softirq=3873
rcu: rcu_preempt kthread starved for 7511 jiffies! g6973 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:I stack:27088 pid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 schedule+0xbd/0x170 kernel/sched/core.c:6773
 schedule_timeout+0x160/0x280 kernel/time/timer.c:2167
 rcu_gp_fqs_loop+0x302/0x1560 kernel/rcu/tree.c:1667
 rcu_gp_kthread+0x99/0x380 kernel/rcu/tree.c:1866
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 9844 Comm: syz-executor269 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:148
Code: cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d a3 16 3a 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 66 0f 1f 00 55 41 57 41 56
RSP: 0018:ffffc900001f0818 EFLAGS: 00000246
RAX: ffffffff813a13aa RBX: 0000000000000003 RCX: ffff888076b29e00
RDX: 0000000000000100 RSI: ffffffff8aaabaa0 RDI: ffffffff8afc70c0
RBP: ffffc900001f08f0 R08: ffffffff90da55cf R09: 1ffffffff21b4ab9
R10: dffffc0000000000 R11: fffffbfff21b4aba R12: dffffc0000000000
R13: 0000000000000200 R14: 0000000000000003 R15: 1ffff9200003e108
FS:  000055555798b380(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7b6858000f CR3: 000000007a344000 CR4: 00000000003506e0
Call Trace:
 <IRQ>
 arch_safe_halt arch/x86/include/asm/paravirt.h:108 [inline]
 kvm_wait+0x22f/0x290 arch/x86/kernel/kvm.c:1058
 pv_wait arch/x86/include/asm/paravirt.h:598 [inline]
 pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:470 [inline]
 __pv_queued_spin_lock_slowpath+0x61a/0x9d0 kernel/locking/qspinlock.c:511
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:586 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock+0x24e/0x2c0 kernel/locking/spinlock_debug.c:115
 spin_lock include/linux/spinlock.h:351 [inline]
 __xfrm_state_delete+0xba/0x800 net/xfrm/xfrm_state.c:746
 xfrm_timer_handler+0x1c3/0x9e0 net/xfrm/xfrm_state.c:644
 __run_hrtimer kernel/time/hrtimer.c:1755 [inline]
 __hrtimer_run_queues+0x51e/0xc40 kernel/time/hrtimer.c:1819
 hrtimer_run_softirq+0x187/0x2b0 kernel/time/hrtimer.c:1836
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:unwind_next_frame+0x14d/0x2970 arch/x86/kernel/unwind_orc.c:494
Code: ec 4a 00 e9 26 21 00 00 e8 10 ec 4a 00 eb 05 e8 09 ec 4a 00 4c 89 7c 24 78 4d 8d 74 24 35 4c 89 f0 48 c1 e8 03 48 89 44 24 38 <42> 0f b6 04 28 84 c0 48 8b 5c 24 20 0f 85 64 21 00 00 45 0f b6 3e
RSP: 0018:ffffc90004aaf298 EFLAGS: 00000a03
RAX: 1ffff92000955e73 RBX: 1ffff92000955e6d RCX: ffff888076b29e00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff813aa37e
RBP: ffffc90004aaf3b8 R08: ffffc90004aaf430 R09: 0000000000000002
R10: 0000000000000004 R11: 0000000000000000 R12: ffffc90004aaf368
R13: dffffc0000000000 R14: ffffc90004aaf39d R15: ffffffff81dc1bfe
 arch_stack_walk+0x144/0x190 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4e/0x70 mm/kasan/common.c:52
 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:328
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook+0x6e/0x4d0 mm/slab.h:767
 slab_alloc_node mm/slub.c:3495 [inline]
 slab_alloc mm/slub.c:3503 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3510 [inline]
 kmem_cache_alloc+0x11e/0x2e0 mm/slub.c:3519
 kmem_cache_zalloc include/linux/slab.h:711 [inline]
 lsm_inode_alloc security/security.c:633 [inline]
 security_inode_alloc+0x34/0x110 security/security.c:1494
 inode_init_always+0x8fc/0xc90 fs/inode.c:232
 alloc_inode fs/inode.c:268 [inline]
 new_inode_pseudo+0x95/0x1d0 fs/inode.c:1049
 new_inode+0x22/0x1b0 fs/inode.c:1075
 proc_pid_make_inode+0x24/0x190 fs/proc/base.c:1956
 proc_pident_instantiate+0x6d/0x2b0 fs/proc/base.c:2703
 proc_pident_lookup+0x1b3/0x290 fs/proc/base.c:2739
 lookup_open fs/namei.c:3466 [inline]
 open_last_lookups fs/namei.c:3556 [inline]
 path_openat+0x10b8/0x3190 fs/namei.c:3786
 do_filp_open+0x1c5/0x3d0 fs/namei.c:3816
 do_sys_openat2+0x12c/0x1c0 fs/open.c:1419
 do_sys_open fs/open.c:1434 [inline]
 __do_sys_openat fs/open.c:1450 [inline]
 __se_sys_openat fs/open.c:1445 [inline]
 __x64_sys_openat+0x139/0x160 fs/open.c:1445
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f7b6853d311
Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d 5a 2d 07 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
RSP: 002b:00007fff14c1e610 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000080001 RCX: 00007f7b6853d311
RDX: 0000000000080001 RSI: 00007f7b68580014 RDI: 00000000ffffff9c
RBP: 00007f7b68580014 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff14c1e6b0
R13: 00007fff14c1ebd0 R14: 00007fff14c1ebb0 R15: 0000000000000522
 </TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.873 msecs
CPU: 0 PID: 5809 Comm: syz-executor269 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:xfrm_state_lookup_spi_proto net/xfrm/xfrm_state.c:1477 [inline]
RIP: 0010:xfrm_alloc_spi+0x3ae/0x11f0 net/xfrm/xfrm_state.c:2302
Code: 38 00 74 08 4c 89 f7 e8 e0 96 be f8 4d 8b 36 4d 85 f6 0f 94 c0 49 83 c6 d8 0f 94 c1 08 c1 74 0a e8 a7 4b 67 f8 e9 2d 02 00 00 <4d> 8d a6 a0 00 00 00 4c 89 e0 48 c1 e8 03 42 0f b6 04 38 84 c0 0f
RSP: 0018:ffffc9000467f1a0 EFLAGS: 00000293
RAX: ffffffff891e460a RBX: 0000000002000000 RCX: ffff8880799c3c00
RDX: 0000000000000000 RSI: 0000000002000000 RDI: 0000000001000000
RBP: ffffc9000467f2f0 R08: dffffc0000000000 R09: 1ffffffff21b4aa0
R10: dffffc0000000000 R11: fffffbfff21b4aa1 R12: 0000000001000000
R13: 0000000000000000 R14: ffff888025e14400 R15: dffffc0000000000
FS:  000055555798b380(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002000000006c8 CR3: 000000002bea9000 CR4: 00000000003506f0
Call Trace:
 <TASK>
 xfrm_alloc_userspi+0x5d1/0xa90 net/xfrm/xfrm_user.c:1623
 xfrm_user_rcv_msg+0x596/0x870 net/xfrm/xfrm_user.c:3169
 netlink_rcv_skb+0x216/0x480 net/netlink/af_netlink.c:2545
 xfrm_netlink_rcv+0x79/0x90 net/xfrm/xfrm_user.c:3191
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x751/0x8d0 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x8c1/0xbe0 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x5bf/0x950 net/socket.c:2595
 ___sys_sendmsg+0x220/0x290 net/socket.c:2649
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2687 [inline]
 __se_sys_sendmsg+0x1a5/0x270 net/socket.c:2685
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f7b6853e449
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff14c1eb78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7b6853e449
RDX: 0000000000048040 RSI: 00002000000006c0 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff14c1eb9c
R13: 00007f7b68580100 R14: 00007fff14c1ebb0 R15: 0000000000000003
 </TASK>